Slashdot Mirror
Archos 605 WiFi Hacked
Nathan Ramella writes "The ARCwelder project has released a technique dubbed 'Go Fighting Tabby!' which exploits an unquoted system() call through the Archos UI, providing the ability to execute arbitrary code with root access on the Archos 605 WiFi. In doing so, opening the platform up for further hacking. The Archos 605 WiFi runs embedded Linux on an ARM processor, but employs a variety of anti-hack techniques to keep users from modifying its firmware and operating system. Included is a cross-compiled sshd with configuration files to allow for passwordless ssh access to the Archos when it is connected to a WiFi connection. Bricks ahoy!"
Not trying to be flippant here, but I've never heard of this Archos gadget and don't, after a cursory examination, understand why I'd prefer this thing to, say, a Nokia Maemo-based doodad like the N800 or N810? Same screen resolution, wifi, etc - ok, no internal hard drive - and I don't have to jailbreak it to load custom apps.
Why wouldn't I want to support the company not going out of its way to make my life difficult if custom apps were what I were after?
-Isaac
I am not a lawyer, and this is not legal advice. For Entertainment Purposes Only.
I hadn't seen the specs for this device until now, but it sports a 800x480 screen - the same as the EeePc.
Some one mod off topic please , minicity troll again
This package Does Not Contain a Winner
I hear that model is shiftless.
What the parent said, but doubly so because, IIRC, the original Archos' were basically saved by the homebrew community, who came up with new, better, firmware for their products. It was a win-win... so why is the new stuff so anti-modder?
"Sometimes a woman is a kind of religion, she can save your soul & set you free from all your sins" - Bad Examples
I personally own one and use it quite often for searching the web. Considering the price different between this and the N810, its no contest. It does support 3rd party widgets but I'm not sure how many of those are out yet. The web browser itself is quite useable and supports flash which is the only reason I bought it. That and I don't want to be just another ipod user.
This is terrible! Literally dozens of users are now at risk!
Whoops, modded wrong and posting to reverse it.
I drink to make other people interesting!
idiot, you must recognize the minicity troll by now and ignore it, do you really answer every troll?
That wasn't about the story but that's really cute how do i get a city like that plz?
> a vain attempt at slashdoting the minicities which encourages them even more
I would think that it would be possible to try to DDoS the servers themselves by accessing URLs which seem OK but actually don't exist (e.g., take a link to a real myminicity and change the name of the city to a different random string each time). Of course, if the company running the servers is unscrupulous, it could always return ads for what should be 404's. But at the very least, attacking in this way doesn't encourage link spamming from people running the cities. And eventually one could hope that the people paying them for serving the ads would rebel.
This is of course just academic speculation, actually making such an application, or even encouraging people to access such URLs, might be against the law in the jurisdiction where you live, and I am not recommending that anyone break the law..... of course!
I'd ask that someone should work up an application like that (anonymously, of course) and post a link to it here, but then a clever myminicity geek could just spoof us with an application that actually accesses his real myminicity. Actually I'd guess it could be worked up in a few lines in Python which most knowledgeable Slashdot users could verify for themselves...
A totally different way to try to combat would be to choose a random city, access it to obtain the ads, and then click on each ad to find out who is paying for this c**p and then send them email explaining that they are financing link spammers and you are adding them to a list of companies to boycott for financing link spamming by advertising at myminicity.com. To be effective, the list should actually exist and be as widely published as possible.
Is this the first antimyminicity myminicity troll?
Cogito, ergo sig.
What in the name of baby Jesus in a blender is an Archos 605 WiFi?
One reason could be windows media DRM: http://en.wikipedia.org/wiki/Janus_(DRM)
AFAIK, if a device supports "protected windows media", they must comply to some drm security specs from microsoft. One requirement for example, is secure time (user should not be able to reset the device time or change to an earlier time), or that the rng/random seed used to generate keys is "good enough".
The sad thing is that this device uses linux, but archos is trying to "close" the system, because of a microsoft requirement.
I don't understand why companies _need_ to support drm'ed media. The Nokia N800 series is very, very open. I suppose it doesn't play drm'ed media, but who wants protected media, anyway? It can play all my mp3's, videos fine.
The story posted as 2008 was ushered in?
The guy that thought he was clever saying happy new year on the first post of 2008?
Or myself, writing about the guy that commented on the story that was the first of 2008?
I think it's all pretty obvious! *hic*
I'm sick of following my dreams. I'm just going to ask where they're goin' and hook up with 'em later.
IIRC, they have previously announced plans to sell added codec support (for instance, I have one of their earlier models and I can play almost any divx/xvid file I download off the internet -- provided they have mp3 audio -- those with AAC audio give me no sound) and that sort of thing. If people start implementing new codecs and making this thing compatabile with more types of media files than it already is, that's one less revenue stream for archos.
While I don't like this approach, it is understandable and I love my archos quite a bit so I'm willing to overlook it. Heck, if they'd give me the option of playing AAC on *my* model I'd shell out the extra cash for it.
I am so glad this happened - Archos should be happy too! I bought an Archos 605 during the boxing week specials since I heard that it runs linux under the hood. I was EXTREMELY disappointed when I found out that I could not run any third party apps, especially my own and I was about to return the device ASAP (no returns allowed during boxing week). However, now that the device has been opened up, I am definitely NOT returning it! I am suddenly thrilled with my purchase and I am thinking about BUYING ONE MORE UNIT if I can find another good deal on it! Thats right! I want another one - one as a media player, and another as a linux PDA! What a great little toy it will be! So Archos ... if you want more people like me to support you - don't close the unit up. Open it up and allow for modding. You will loose nothing but gain a wider customer base.
(As a side note, a compromise could have easily have been accomplished by Archos by giving an unsupported firmware that opens up the unit but wipes out all the DRM support so no loss there for anyone who wants an open device and does not want to use it for buying/renting media. But honestly, when it comes to DRM, as we all know it doesn't deter the pirates but hurts legitimate users.)
Decisions, decisions.
Yeah, I'm gonna have to go Nokia on this one. $299.00 n800
OSGGFG - Open Source Gamers Guide to Free Games
How many closed-source routers and similar devices have similar vulnerabilities?
How many of these vulnerabilities are known only to black-hats?
The nice thing about open source is that both black- and white-hats will find the bugs sooner, and the time interval that the bug is exploitable and unpatched is likely to be shorter.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Go to http://tinyurl.com/preview.php and (with cookies enabled for this site) click "Click here to enable previews". Et voilà - the next time you click the tinyurl, you'll be able to check were you're actually heading. It's not that difficult, is it? It also protects you from shock sites, at least in the case of a notorious full address of the site.
(Maybe a checker could be integrated into Slashdot itself - it takes but a single HTTP connection to tinyurl.com to fetch the full address and you could cache it locally and instead of [tinyurl.com] display something like [myminicity.com @ tinyurl.com] next to the link. But you can check it yourself right now, no excuses!)
Ezekiel 23:20
It has.....evolved......
What's wrong, Spamboy? Someone ruining your scam?
It's a pity myminicity doesn't provide "leave town" links. Counter-population spam might be amusing. In the meantime, you could help sink minicities by providing population to their competitors. For example, the city below "holdenville" in the rankings is "dino-ville". Go there. Give them some population. Knock "holdenville" down a peg. Then find the next city to boost and knock them down again.
Frankly, in agreement with the post I replied to, I think any kind of activity within the framework of that game would in the end be counterproductive. What we need to develop is ways to "persuade" the game architects to prevent link-spamming from being profitable for the players of the game, or make games which encourage link-spamming not profitable.
Bruce Schneier often comments on the problem of these kinds of externalities.
you should have returned it as "defective" (specifically defective by design), and gotten the nokia model everyone's been talking about in this discussion.
If you can, do it now. They'll probably brick your phone anyway like apple did.
VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!
Archos have made some very nice PMPs, but all their PMPs from the AV500 & AV700 onwards have been locked in regards to replacing the harddrive, if you try to replace the harddrive with a different or identical size (even model/make) it refuses to use it.
They are a bunch of wankers. The harddrive in my AV500 has developed a few errors, the only way I can use the unit is to leave 'dead' files covering the bad blocks and never delete or read them, I've contacted Archos about getting a new drive but they don't want to seem to know - they're too busy peddling their newer units with the same harddrive locking shit.
I'm glad someone managed to hack the 605, please can someone write an app that can allow anyone to upgrade/replace the harddrive so people can give the middle finger to Archos (and save themselves a fortune for an over-priced harddrive).
To do something right, you often have to roll up your sleeves and get busy.
Can someone explain me how system() function is used here to execute arbitrary code?
The price is actually 219.00 for the N800 right now!
Certainly agree with you on this one. Why support some FOSS using anti-FOSS company when you can get a nice N series for less money.
Archos is based on a TI DualCore DaVinci http://focus.ti.com/docs/prod/folders/print/tms320dm6446.html , the mobile version. The DSP side contains codecs that are proprietary to TI. The ARM side contains Linux and a bunch of supporting software to read media files and software for AV Sync. More info regarding the DSP side architecture here http://wiki.davincidsp.com/index.php?title=Codec_Engine_Roles. The codecs are combined into a single DSP image, TI provides Eval codecs that can be used to hack to get more functionality. One can register on TI's website and get the concerning tools from their webiste to compile the DSP side components.
will this be able to eventually trickle down to gen 4 devices, and non wifi?
i've got a 504 with an 80 gig drive, and i'd love to be able to drop a 160 gig (or bigger) drive in, and unlock the dvd/podcasting codecs that are a $30 extra you have to pay to archos.
archos wrote firmware that will not allow you to install a larger drive, and wrote the firmware so you couldn't roll back after a certain version (that did allow a hard drive swap)
the ability to attach cameras or other devices and record to the archos was the main selling feature for me. a larger hard drive would mean longer recordings.
The Cowon has a laundry list of features, and I don't think there is any problem with the WiFi being difficult. The COWON ships with most of the codec support that the Archos wants to sell you. That is just ridiculous.
I personally would spend alot more time at libraries except for the fact that I tend to check out too many books, lose a few, not return them on time, and then have hefty fines. After a few huge bills, I decided to just remove the temptation to be irresponsible. That, and the fact that all the libraries in my area probably have shoot to kill orders upon my appearance.
woar!
I've experiments to run, there is research to be done on the people who are still alive.
Ditto.
... September 3rd. In November, I bought one at the local store because I was fed up with the whole thing. Funny thing, the first replacement and the one I got from the store had dead pixels. Luckily, its replacement and the exchange I did in store were dead pixel free.
I have an AV420, which I bought after work bought the AV300. That was a really nice unit.
I bought a 704Wifi, which is nice because of its large screen, but I had to take it back twice because the LCD screen had dead pixels on it. Irritating ones, at that. Good thing I bought the damn thing on sale - when they were at their original price, a defect like that would be inexcusable. Spend half a grand, get a screen with dots all over it. And Archos RMA won't touch it because you need at least *4* pixels. 2 sub-pixels don't count, they have to be 4 discrete pixels. Granted, it's an 800x480 screen, but still.
I bought a 605, and that thing has been a disaster. The first unit was Dead on Arrival, and because local stores didn't have it, I bought it online. It took a month to arrive! (Dead). It took two more months to get it exchanged. And the replacement unit died after two days (I sorta expected it - the replacement unit's hard drive buzzed ever so horribly). I did the RMA and its replacement arrived just before Christmas, when I placed the order
Awful, just awful quality. And it looks like you have to "baby" the unit just to avoid breaking the hard disk. And the LCD isn't as vibrant or rich as even the iPod. Or Zune. The touchscreen doesn't help but as we see from the iPod Touch, iPhone, Samsung's touchscreen ones, it's possible to have a nice display with a touchscreen. And yes, you still need 4 pixels nonfunctional to get an RMA based on the screen.
Archos also managed to put in a bunch of ads in the 605. First time you plug in USB, if you click "Charge only", it prompts you to buy the DVR Dock where it can charge faster. If you access the Web icon, it says you need to buy the Web plug-in. Ditto with videos or audio encoded with MPEG2, H.264 (MPEG-4 AVC), AAC, or AC-3. It'll bug you to buy another plug in. (Total cost for plugins - $70). Click "Recorder", and you get another ad for either the DVR dock, or portable dock (with necessary "buy" links). To their credit, they include a "Never bug me about this again". But still... rather than disable the functionality, they just use to to eke a few more dollars from you.
And yes, I have two of those things. The one I bought retail, and the RMA'd one. Only thing I can say, is the RMA was a brand new unit. Maybe I'll have some fun with this hack.
Also, the hard drive is locked by the bootloader - unless you can JTAG it, there's no way to fix it.
Recommendations - buy it retail - not online. Or you'll regret it as there's a very good chance your expensive purchase has defects that you can't exchange or RMA. Also, buy the extended warranty - if you so much as move it when it's spinning, it may start clicking and die spontaneously. Treating it like an iPod, you won't - jerk it around and your hard disk will die from bad sectors. (Unlike
I thought that is they base their product on Linux (gpl) that they had to disclose the source code of their device. Microsoft can close the software comprising their protected video path bec ause Windows is their's. But I thought that was basically why we didn't have HD players based on Linux...
Jobs has consistently said that iTunes only supports DRM because it was required to by the content creators. He said that when the iTunes store opened, he said that when he asked content creators to back down on DRM this year, he said that when EMI went DRM-free.
The timeline doesn't fit, either.
The iTunes Music Store opened at the end of 1Q 2003.
Windows Media DRM shipped in 1999.
By the time iTMS opened, Windows Media Player 9 had already been augmented by kernel components to prevent even driver-level access to the media stream. That's stronger protection than Apple ever implemented in iTunes, *before* Apple shipped a version of iTunes with DRM.