Slashdot Mirror

← Back to Stories (view on slashdot.org)

Archos 605 WiFi Hacked

Posted by timothy on from the open-access dept.

Nathan Ramella writes "The ARCwelder project has released a technique dubbed 'Go Fighting Tabby!' which exploits an unquoted system() call through the Archos UI, providing the ability to execute arbitrary code with root access on the Archos 605 WiFi. In doing so, opening the platform up for further hacking. The Archos 605 WiFi runs embedded Linux on an ARM processor, but employs a variety of anti-hack techniques to keep users from modifying its firmware and operating system. Included is a cross-compiled sshd with configuration files to allow for passwordless ssh access to the Archos when it is connected to a WiFi connection. Bricks ahoy!"

5 of 102 comments (clear)

  1. Ditto, and more by mbourgon · · Score: 3, Informative

    What the parent said, but doubly so because, IIRC, the original Archos' were basically saved by the homebrew community, who came up with new, better, firmware for their products. It was a win-win... so why is the new stuff so anti-modder?

    --
    "Sometimes a woman is a kind of religion, she can save your soul & set you free from all your sins" - Bad Examples
    1. Re:Ditto, and more by mboverload · · Score: 3, Informative

      I WISH TO RETRACT THE ABOVE POST
      IN RELATION TO THIS STORY

      Reason: Unbeknownst to me, Archos has a content portal where you can rent movies and other content. This changes the environment of my post since I was under the assumption they just made MP3 players and did nothing else. With this licensed content they are probably under contract to protect it.

      However, I still believe my post stands on its own when talking about other consumer devices. If anyone has any comments please post

  2. Windows media DRM by garagumu · · Score: 4, Informative

    One reason could be windows media DRM: http://en.wikipedia.org/wiki/Janus_(DRM)

    AFAIK, if a device supports "protected windows media", they must comply to some drm security specs from microsoft. One requirement for example, is secure time (user should not be able to reset the device time or change to an earlier time), or that the rng/random seed used to generate keys is "good enough".

    The sad thing is that this device uses linux, but archos is trying to "close" the system, because of a microsoft requirement.

    I don't understand why companies _need_ to support drm'ed media. The Nokia N800 series is very, very open. I suppose it doesn't play drm'ed media, but who wants protected media, anyway? It can play all my mp3's, videos fine.

  3. Vs the N810 by MrCopilot · · Score: 2, Informative
    Hmm, fork over my cash to a company doing all they can to stifle open source contributions to their device OR Support the open company to community atmosphere of the Maemo project with my $300.

    Decisions, decisions.

    Yeah, I'm gonna have to go Nokia on this one. $299.00 n800

    --
    OSGGFG - Open Source Gamers Guide to Free Games
  4. Active your TinyUrl preview! by K.+S.+Kyosuke · · Score: 3, Informative

    Go to http://tinyurl.com/preview.php and (with cookies enabled for this site) click "Click here to enable previews". Et voilà - the next time you click the tinyurl, you'll be able to check were you're actually heading. It's not that difficult, is it? It also protects you from shock sites, at least in the case of a notorious full address of the site.

    (Maybe a checker could be integrated into Slashdot itself - it takes but a single HTTP connection to tinyurl.com to fetch the full address and you could cache it locally and instead of [tinyurl.com] display something like [myminicity.com @ tinyurl.com] next to the link. But you can check it yourself right now, no excuses!)

    --
    Ezekiel 23:20