Slashdot Mirror
3COM's Ergo Audrey Hacked
It looks like the 3COM Ergo Audrey hacking scene is finally taking off. A guy named Sowbug has hacked the 3COM Ergo Audrey to shell. He has pictures of it here(1) and here(2). Another site has opened to cover this hack, here(3). And of course the Linux Hacker messageboards are covering it quite a bit.
So are you the guy who provided the hackable image or the guy who came up with the webpage idea?
And basically this is what it is all about...If you purchase a device like an Audrey you don't purchase a general purpose computer. Instead you purchase a device that has a certain functionality as determined by 3COM.
Putting the device to other uses is stealing from 3COM because 3COM might have otherwise sold another device just for that purpose.
There really should be a law against this and I am certain there will be one soon.
Okay. Mod me down to zero. Shouldn't the description mention what the fuck 3Com's Ergo Audrey is or does? This may be off-topic but it's accurate. I submit that Joe Blow's Mother Mary has been hacked. I think that's just as important
It's not that hard, if you have a copy of the flashdisk. Soon, they will find a way to extract the OS (OK, this seems to be hard), and then everything will be easy. Maybe I should order myself one of these.
I'm a loser baby, so why don't you kill me.
Remember back in the days when we could freely modify systems on the completely undubious grounds that we owned them? Chips could be slipped into playstations, Ms. Pac Man tables could be overclocked, and freaks could weld together Wonderswans and GBA's to the amusement of the world.
From what I've seen of this trick NONE of it falls under the DMCA: no encryption/decryption involved. It can be argued, probably successfully, that getting an image of the software that runs the system is copyright violation. However, estimating the value of the code per copy at less than 100 dollars, a single copy under the non-profit copyright laws would be insufficient for jailtime. Of course, I could be remembering the statute incorrectly: it has been several months since I last looked at the law.
As for a licence... that's a civil matter. Thank goodness that so far no company has managed to convince congress that violation of a click-through or shrink-wrap agreement should result in incarceration.
Someday these companies will realize that what we want is to pay a fair price for a box that works on our terms. In the mean time, let's pay an absurdly undervalued price and hack away.
The ______ Agenda
I was on a search to figure out what an Audrey even was and found a discontinued notice on 3Com's site dated March 31. They say they discontinued all of their internet appliance line due to a lack of market.
Here is their End of Life Statement.
Here is their product page
Here is their Q and A page regarding the discontinuation.
After looking at the specs I doubt I would have bought one anyhow.
http://www.tigerdirect.com/applications/SearchTool s/item-details.asp?sku=m975-9000&SRCCODE=WEBE10809
I have a very small mind and must live with it.
-- E. Dijkstra
I'd like to use the Audrey as a home automation controller, and have my home web server serve up channels for "lights", "HVAC", "Audio", etc. It would seem such a waste not to be able to use the channel knob.
bp
You lazy dweebs, check the links before you distribute your ignorance to the world. I swear, /. is a colossal stupidity amplifier.
As was widely reported (including here on Slashdot) Audrey ran QNX. So no, you wouldn't see any Linux in there. I was on the dev team for Audrey at 3Com, I've read the procedure described, and it would in fact work, he obtained a shell in a Photon pterm.
I'm pleased to see that people will get some use out of the hardware. We put a lot of work into the thing, it was highly depressing that 3Com was/is in such financial trouble that it was terminated before we got a chance to rev software and address many of the complaints people had about the product. (I personally would like to buy all of the available inventory on Ebay and shove them one by one sideways up 3Com's inept CEO Bruce Claflin's ass, a sentiment shared by many of the company's long-suffering shareholders - but I digress).
What is not widely known even within the product team was that there was an internal under-the-table project to run Linux on the Audrey almost from go. The big hang-up was getting X to run, and fit in the 16MB of flash in the Audrey. The main advantage to QNX was the availability of the Photon environment, which was a great deal lighter-weight than X with a toolkit.
i worked at razorfish while they were developing this thing (designed by razorfish, produced by 3com), and yes it is qnx.
Pay attention! Haven't you been reading this thread before posting? Audreys are more in demand now than they were when 3com was selling them at full retail price.
First of all, the spare parts are worth more than the 50-60 bucks they're going for. Ever priced color LCD touchscreens? And, these are usable out of the box without hacking (for email, calendar, addresses, web browsing, etc). And they show great hacking promise.
You just run a Javascript scriplet and harvest the email address from the browser object properties.
...
Plus, you can track which http requests came for the images, and build a list of TCP/IP addresses and then probe the networks.
C'mon, it ain't rocket science
--- Will in Seattle - What are you doing to fight the War?
In general, modern problems have medieval solutions...
Since this product line has been discontinued by 3COM many months ago, it would be nice if they would just allow the community locked in to one to freely distribute the ROM images without fear of legal backlash. Just a thought though.
And for people who actually read several replies to the article: get a life.
Cheap PCs are big and ugly. Audreys are small and cute. Besides, how else are you gonna get an affordable flat panel display?
As to hacking them, well, some of us refuse to own computers that aren't under our control.
I'm a loser baby, so why don't you kill me.
Nice troll.
Sorry, but All Your Bots Are Belong To Us!!
are you the guy that brought him the Progresso beans?
Are you stupid enough to think that they get your email address from a browser? And you want to hack an Audrey?
Please explain how you are supposed to harvest an email address from a browser?
Moderate : -1 Braindead
---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"
Imagine a Beowolf Cluster of THESE!!!
You seem to be sidestepping the fact that this is QNX, not Linux. They may look similar, but QNX is a whole different ballgame for a whole different crowd of fans. It's not faked, this is very normal in QNX.
-Billco, Fnarg.com
Progresso Black Beans, eh? Yeah, someone's gonna get owned unless he takes some Pepto.
Got Rhinos?
That's a fake screenshot (photo). Seems like he has taken the picture from a shot of ItermPPC (yeah only PPC -- ) and posted it here. Slashdot should research the authencity of their articles before they post.
Maybe it's just that the name isn't that familiar, but the idea of "hacking Audrey" has a certain creepy resonance to it... thinking of the people that I know named Audrey... hmmm...
I looked into the abyss, and the abyss looked into me--and we both winked.
Ok, let's see...
-Bread, check.
-Milk, check.
-As many 3Com Audreys as I can possibly afford to put on Ebay (at triple the price) once 3Com renders them unflashable, check!
Ya, but what's an Audrey?
Sounds like 3Com has learned the lesson of the I-Opener. Nothing is impossible to hack, but at least this one is hard.
Those screenshots are faked. He just created some nice looking screens and fed them into Audrey. Slashdot needs to be a little more careful before boasting about hacks. This loser's gonna have wood for the next three weeks because he made Slashdot.
Got Rhinos?
what's with the dec '99 dates for /bin and /tmp?
he says that he purchased it on july 23rd. i think his directory creation dates look a little funny. maybe these *are* faked.
The really funny part is, whether JeffSketch@hotmail.com is your e-mail address or not, that person's about to get the spamming of a lifetime!
If there's one thing appliance manufacturers want, its control of their boxes. Every time one of these gets hacked, it makes it a bit less likely the next system will use Linux.
Of course, since every appliance thus far has been a failure, that's not a big deal... for now...
Three words buddy: BRING-IT-ON
Things you think are in the Constitution, but are not.
The first thing I noticed was the beans also.
I feel the beans cast an air of suspicion over this whole thing.
Its like this guy is working on his computer but instead of drinking a Coke, he just eats a can of beans? That aint right.
The fact that the black edges of the monitor don't match up (yes I know, they are different angles, but take a closer look) should be enough alone to prove the fakeness.
If in fact these are faked screens, which we visited, one wonders how much his sites harvested from our browsers that's sitting in his logs now?
...
Just send me more of that tasty spam, it goes well with the can o' beans next to the Audrey
--- Will in Seattle - What are you doing to fight the War?
All the people pointing out the tiny little pixel-sized inconsistencies in the pictures are going to be disappointed to know that the the screenshots are real. The guy didn't do any graphical manipulation to make these; they're actual legitimate photo images of what was being displayed on the monitor at the time.
What's faked is the shell prompt itself. Look at the top of the screen. See the little menu bar? That ain't Linux, that's Audrey. All the guy did was display a bunch of text on the screen that looks like a shell prompt, or take a screenshot of a real shell prompt and display it on the Audrey's screen.
That is all. You may now return to writing conspiracy theories.
Gives all the details.
Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.
here is how he said he did it... Before we complain about borders not lining up, someone who understands this should give us a fair evaluation of his methodology
This is quite possibly breaking the law. Unauthorized access to a computer system is highly illegal and since this product is not meant for this type of application anyone who attempts this "hack" may indeed be a criminal. You need to read your license agreements carefully to see if this is allowable. If there is no license then there is an implied license which only allows you to use a product for what the manufacturer intended. If there is no license or the license doesn't specifically say you can hack it then DO NOT DO IT! You could wind up in prison if you continue without authorization. Just ask Dmitry Sklyarov if he liked prison or not (he'll be returning for an extended stay shortly).
Slashdot REALLY needs to learn something: EXPLAIN what the fuck you're talking about. I have no idea what an Audrey is, and I bet thousands of people don't either ... it would take ten words to describe it.
Didn't *anybody* follow the first link? This page describes how he actually did it. The reason that it looks like it's running in an Audrey window is because IT IS. He got a shell, all right, NOT by porting Linux to Audrey, but by updating Audrey's flash so to add a QNX shell application on the flash card. He then booted the Audrey and ran the shell. That's what the screenshot is of.
Once again, not a fake.
Beans beans the magical fruit the more you eat the more you 'pute.
Perhaps I'm just ornery, but to this whole thing I say, "blah."
I've never understood the fascination with Internet Appliances. Couldn't you just use a cheap PC? It would do all the functions of an Internet Appliance, plus so much more.
"INFAMOUS HACKER SOWBUG ARRESTED BY FBI"
Tuesday, August 7 - Newswire
Today the FBI arrested the infamous hacker
"sowbug" on a criminal complaint from 3com.
The FBI alleges that "sowbug" violated the DMCA
by reverse engineering 3com's "Audrey"
device.
A company spokesperson explained : "sowbug
violated the DMCA by bypassing our elaborate
security mechanisms to prevent unauthorized
access to the operating system. ingenuity
will not be tolerated. We intend to send a message
to the dangerous hacker community that using our
products in ways 3com never considered is totally
unacceptable."
Supporters of the DMCA are calling for the death
penalty, arguing "a mere 5 years imprisonment
is not a strong enough deterrent to free thinking
and research."
Ergo Audry? Sounds like a model you'd find at Real Doll.
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
I hate to break it to you, but this thing isn't running Linux. It's running QNX RTP which is a helluvalot better than that slow bloated dung pile Linux. So please don't add insult to injury by calling it that!
Some quick notes I made from a few links and about 2 minutes of reading:
- The fact that Audrey is 'hackable' is probably 3Com's (Audrey's makers) fault and not QSSL's (QNX's makers) fault. 3Com designed and packaged the system.
- If they used BeIA, Windows CE (or whatever) using the same design, it would be equally as easy to 'hack.'
- Doing this hack requires an Audrey flash ROM image. Something that is not widely available. So, unless you have connections like this guy did, it's probably not very easy to do.
Oh my god! It doesn't look like Linux! It doesn't behave like Linux! Linux is the only OS in existance so these shots must be a fake!!!!
No entry for here in section 1 of the manual
$ man 2 here
No entry for here in section 2 of the manual
$ man 3 here
No entry for here in section 3 of the manual
What's up with enumerating your links?
A search for the audrey on the 3com site reveals that the product has been discontinued, and will no longer be supported see http://support.3com.com/infodeli/tools/consumer/au drey/finalfaq.pdf so pickem up cheap now well you can
I just have a few questions. What exactly is meant by a hack here? Are those screen shots supposed to be coming from some other Audrey that someone has hacked into? If they are taken from the console of the "hacked" system, I'm not sure what they prove. I have root access on my Dell desktop computer running Red Hat Linux 7.1, and I didn't need to do any hacking at all!
Can someone provide some links to some background material so I can understand what the Audrey is, and what this hack allows someone to do?
OK-
I was one of the clueless ones who didn't know what the hell Audrey was. So I didn't really feel like visiting the links. But apparently it is some sort of internet appliance that 3COM made, but then discontinued. Fun Times!
Audrey is an Internet Appliance discontinued by 3Com
u drey/finalfaq.pdf
...
See the link:
http://support.3com.com/infodeli/tools/consumer/a
Discontinuance of Audrey Q&A
Q Why has 3Com decided to discontinue its Audrey product line?
A While we continue to believe in the potential of Audrey, there are
But some people still think it is important.
A QNX software development team called Nexware Corp "worked extensively on the Browser component of the product" (Aubrey).
See their news release page which claims their involvement.
You can tell from the 'ls -l' command. He is in the root directory and one of the files listed is "nto". The name of the microkernel of QNX6 (also called QNX Realtime Platform) is Neutrino. The "nto" file is the resource manager frontend for the microkernel.
And is it really a hack to install Linux over a cool free realtime microkernel OS like QNX? Or is it just stupidity? ;-)
What are you guys talking about? who would really want to use one of those things in that situation ?? D'ho what is an Ergo???
Ohh my spleen
I bought my 3COM audrey on Ebay for $150 shipped, brand new in a box. These retail for over $500 normally, but they were discountinued do to lack of demand. They areally are neat little units.
well what do you do with them?
-Tar Ciryatan, Angry Hermit-