Thread: Unbrickable iLiad
View Single Post
Old 05-03-2007, 06:06 PM   #13
scotty1024
Banned
scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.
 
Posts: 1,300
Karma: 1479
Join Date: Jul 2006
Location: Peoples Republic of Washington
Device: Reader / iPhone / Librie / Kindle
Quote:
Originally Posted by hudson
To that end, attached is a tar file that you can unpack in the root directory that will enable the ethernet with a static IP (10.0.0.200) and start sshd so that you can login as root over the network.
A nice packaging of the work Design256 described here last year after the Arrivero hack broke the iLiad wide open.

Yes, it does increase power draw if left up. I personally have a .sh script to do the ifdown you describe (mine also kills the dropbear as well.)

One caution for anyone planning to use this package. Design256's method didn't leave your iLiad vulnerable to attack, this package does.

If you bring up wireless your dropbear is reachable from the internet. Someone scanning the public access points (and boy do people spend alot of time doing that, its amazing!) could enter root/rootme and you're pwned.

To protect yourself you should leave out the /etc/passwd from the TAR and just use the passwd command to set your own private root password. To enhance your security one more notch generate your own keys for these files:

Code:
-rwxr-xr-x root/root       427 2007-04-01 08:36:55 ./etc/dropbear/dropbear_dsa_host_key
-rwxr-xr-x root/root       460 2007-04-01 08:36:55 ./etc/dropbear/dropbear_dss_host_key
And then setup this file with a pass phrase on the key itself:

Code:
-rwx------    1 root     root          899 Apr 27 09:09 /home/root/.ssh/authorized_keys
That will keep silly accidents from happening. Here in Seattle we have free Wifi on some of the buses. It would really suck to forget about the open dropbear and go wireless for a little dillo/CNN action after hearing some incredible rumor from another passenger.

Other unbrickable iLiad possibilities proposed in the past.

The iLiad has a getty running on the PXA-255's built in UART. This may in fact be how iRex fixes some of the bricked iLiad's returned to them. I've asked them several times to make a cable available for developers. Heck I' offered to setup an account with one of the short run production outfits to make them easily available in the US if they'd send me a PDF of the cable. Maybe your voice will be the straw that breaks the camel's back.

The iLiad also implements the JTAG built into the PXA-255. I described to iRex how an inexpensive USB cable could be produced that would enable un-bricking even a totally zapped FLASH (no root fs, no kernel). I was willing to design the cable and have it setup for short run production at one of the places mentioned above, all that was needed was cooperation from iRex. Not only did I get a no, I got a HELL NO.
scotty1024 is offline   Reply With Quote