Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > E-Book Readers > More E-Book Readers > iRex > iRex Developer's Corner

Notices

Reply
 
Thread Tools Search this Thread
Old 07-25-2006, 09:39 AM   #1
TadW
Uebermensch
TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.
 
TadW's Avatar
 
Posts: 2,580
Karma: 1094606
Join Date: Jul 2003
Location: Italy
Device: Kindle
Thoughts on 2.5 and root password

I was just thinking what should we do if we cannot crack the root password using conventional mentions like John The Ripper, at least not in a suitable time? Possibilities:

- start a distributed brute-force attack
- stick to 2.4 (I know, bad idea )
- sniff the traffic to catch the 2.5 flash update. Save it to a file, hex it on a PC to change password, then manually put it back on the iRex and run the flash upgrade routines.

Any more ideas or possible solutions?
TadW is offline   Reply With Quote
Old 07-25-2006, 09:59 AM   #2
tribble
iLiad Maniac
tribble knows what time it istribble knows what time it istribble knows what time it istribble knows what time it istribble knows what time it istribble knows what time it istribble knows what time it istribble knows what time it istribble knows what time it istribble knows what time it istribble knows what time it is
 
tribble's Avatar
 
Posts: 1,382
Karma: 2369
Join Date: Apr 2006
Location: Germany
Device: Bookeen Opus (i love that thing) and iPad (what an irony)
we could easily replace it with a password of our choice. But i would like to have it cracked rather, so we dont have to fiddle with the passwd file.
tribble is offline   Reply With Quote
 
Enthusiast
Old 07-25-2006, 10:00 AM   #3
DHer
Addict
DHer doesn't litterDHer doesn't litter
 
Posts: 261
Karma: 156
Join Date: Jul 2006
Device: iliad
we don't need to crack the root password, i think.

with netcat we spawned a root shell, i think. so we can just create a new password hash for the passwd file and insert it there. it only works till the next update, so cracking the password is only useful for the future.

Or we just add a new user with superuser privilegues

Did i say we? I meant you. I'm just watching :P
DHer is offline   Reply With Quote
Old 07-25-2006, 10:12 AM   #4
TadW
Uebermensch
TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.
 
TadW's Avatar
 
Posts: 2,580
Karma: 1094606
Join Date: Jul 2003
Location: Italy
Device: Kindle
I see where you guys are getting... love the netcat idea... trust me Dher, I am quite upset myself about your misfortune. Let's hope you can get your iLiad fixed asap.

If we had the real password, couldn't iRex just replace it again with another one during the next update? I think it doesn't really matter whether we have the real password or just replace it with our own.
TadW is offline   Reply With Quote
Old 07-25-2006, 10:18 AM   #5
dive1770
Junior Member
dive1770 began at the beginning.
 
Posts: 1
Karma: 10
Join Date: Jul 2006
why don't you just overwrite the current (new) passwd file with the old one?
doing this will result in a root account without password.

then create client certificates on your computer and store the public key of the certificate in the file ~/.ssh/authorized_keys (on the iliad)
if you do this and iRex does not fiddle with the userhomes you will always have root access with ssh.
dive1770 is offline   Reply With Quote
Old 07-25-2006, 10:52 AM   #6
DHer
Addict
DHer doesn't litterDHer doesn't litter
 
Posts: 261
Karma: 156
Join Date: Jul 2006
Device: iliad
is there still a ssh daemon in 2.5 or did they remove it completely?

If it's still there, the idea with the user certificate is really great.
DHer is offline   Reply With Quote
Old 07-25-2006, 11:11 AM   #7
Tscherno
iLiad Geek
Tscherno began at the beginning.
 
Tscherno's Avatar
 
Posts: 110
Karma: 10
Join Date: Jul 2006
Location: Regensburg / Germany
Device: iLiad #505; Sony T1, Amazon Paperwhite first Gen & sec is coming!
Quote:
Originally Posted by DHer
is there still a ssh daemon in 2.5 or did they remove it completely?

If it's still there, the idea with the user certificate is really great.
Even if they remove the ssh deamon, we can put our own on the device...
Tscherno is offline   Reply With Quote
Old 07-25-2006, 11:11 AM   #8
arivero
Guru
arivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it is
 
arivero's Avatar
 
Posts: 607
Karma: 2157
Join Date: Oct 2005
Device: NCR3125, Nokia 770,...
Quote:
Originally Posted by DHer
with netcat we spawned a root shell, i think. so we can just create a new password hash for the passwd file and insert it there. it only works till the next update, so cracking the password is only useful for the future.

Or we just add a new user with superuser privilegues
I like this approach, netcat plus a different user. Plus "sudo gainroot" to go from this user to the root one.

BTW, I have found that a funny system to execute things is to use cntrl-P in the first page of a pdf file, and then selecting the "print command".
arivero is offline   Reply With Quote
Old 07-25-2006, 11:18 AM   #9
Kristoffer
Member
Kristoffer is on a distinguished road
 
Posts: 20
Karma: 56
Join Date: Jul 2006
Location: Hamburg, Germany
Device: IRex Iliad
Quote:
Originally Posted by Tscherno
Even if they remove the ssh deamon, we can put our own on the device...
As far as I could see, they have removed the ssh daemon namely 'dropbear' completely, so we will need a new one
Kristoffer is offline   Reply With Quote
Old 07-25-2006, 11:21 AM   #10
Kristoffer
Member
Kristoffer is on a distinguished road
 
Posts: 20
Karma: 56
Join Date: Jul 2006
Location: Hamburg, Germany
Device: IRex Iliad
Quote:
Originally Posted by dive1770
...
if you do this and iRex does not fiddle with the userhomes you will always have root access with ssh.
I had some Data stored in the root's home directory, the update to 2.5 deleted all of it, but maybe that isn't true for other users' homes....
Kristoffer is offline   Reply With Quote
Old 07-25-2006, 11:24 AM   #11
arivero
Guru
arivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it is
 
arivero's Avatar
 
Posts: 607
Karma: 2157
Join Date: Oct 2005
Device: NCR3125, Nokia 770,...
Quote:
Originally Posted by Kristoffer
As far as I could see, they have removed the ssh daemon namely 'dropbear' completely, so we will need a new one
Kristoffer, have you upgraded to the whole 2.5, ie the three upgrading steps? Just to be sure I can still pdf-exec.

Secondly, if the ssh is removed... are you using netcat or similar tricks, or just navegating across the html? Or does it the xrvt work?
arivero is offline   Reply With Quote
Old 07-25-2006, 11:35 AM   #12
Tscherno
iLiad Geek
Tscherno began at the beginning.
 
Tscherno's Avatar
 
Posts: 110
Karma: 10
Join Date: Jul 2006
Location: Regensburg / Germany
Device: iLiad #505; Sony T1, Amazon Paperwhite first Gen & sec is coming!
We could simply use the tar.gz from the 2.4 version to restore the sshd
Tscherno is offline   Reply With Quote
Old 07-25-2006, 11:37 AM   #13
Kristoffer
Member
Kristoffer is on a distinguished road
 
Posts: 20
Karma: 56
Join Date: Jul 2006
Location: Hamburg, Germany
Device: IRex Iliad
Yes I took the 3 steps completely...

I used the new hacking pdf from Dher in conjunction with netcat for windows to gain console access... the pdf-execution is still working
Kristoffer is offline   Reply With Quote
Old 07-25-2006, 11:51 AM   #14
arivero
Guru
arivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it is
 
arivero's Avatar
 
Posts: 607
Karma: 2157
Join Date: Oct 2005
Device: NCR3125, Nokia 770,...
Quote:
Originally Posted by Kristoffer
Yes I took the 3 steps completely...

I used the new hacking pdf from Dher in conjunction with netcat for windows to gain console access... the pdf-execution is still working
Ok I assume you refer to
http://www.mobileread.com/forums/sho...1&postcount=28

Well I will try to upgrade and to provide a non-network hacking method, assuming the pdf execution still works. I hope your 2.5 is 2.5b and not 2.5a (there is some comment about a earlier corrected on the flight)
arivero is offline   Reply With Quote
Old 07-25-2006, 10:53 PM   #15
astfgl
Member
astfgl began at the beginning.
 
Posts: 24
Karma: 10
Join Date: Jun 2006
Location: Townsville, AU
Device: Iliad & REB1100
Quote:
Originally Posted by arivero
BTW, I have found that a funny system to execute things is to use cntrl-P in the first page of a pdf file, and then selecting the "print command".
Is DHer's user interface still working? If so, he can use this to run a "ps -e > {content_path}/ps.txt" to put the process listing in a file which can be displayed on the screen, then run "kill -9 {PID}" to kill the netcat process and un-block the networking.

EDIT: Oops, CTRL-p implies a keyboard and PC, not the Illiad. My bad. However, if he can still access the UI, loading a pdf/script/etc on CF/USB and killing the process that way might still be possible. My Illiad is still a long way from delivery, so this is just speculation on my part.

Last edited by astfgl; 07-25-2006 at 10:58 PM.
astfgl is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to root the Alex eReader Bluebrain Spring Design Alex 22 08-10-2013 06:43 PM
Classic Soft Root for 1003 SN? bruenorz Nook Developer's Corner 7 09-07-2010 02:16 PM
Classic Few questions regarding root shrktank Nook Developer's Corner 4 02-15-2010 12:50 PM
Getting a root shell guylhem Sony Reader Dev Corner 4 02-27-2009 05:24 AM
iLiad dropbear ssh: how to change root password? daudi iRex Developer's Corner 2 01-10-2008 04:49 PM


All times are GMT -4. The time now is 09:19 PM.


MobileRead.com is a privately owned, operated and funded community.