Slashdot Mirror

← Back to Stories (view on slashdot.org)

Archos 605 WiFi Hacked

Posted by timothy on from the open-access dept.

Nathan Ramella writes "The ARCwelder project has released a technique dubbed 'Go Fighting Tabby!' which exploits an unquoted system() call through the Archos UI, providing the ability to execute arbitrary code with root access on the Archos 605 WiFi. In doing so, opening the platform up for further hacking. The Archos 605 WiFi runs embedded Linux on an ARM processor, but employs a variety of anti-hack techniques to keep users from modifying its firmware and operating system. Included is a cross-compiled sshd with configuration files to allow for passwordless ssh access to the Archos when it is connected to a WiFi connection. Bricks ahoy!"

9 of 102 comments (clear)

  1. Why not Nokia N800/810? by isaac · · Score: 5, Interesting

    Not trying to be flippant here, but I've never heard of this Archos gadget and don't, after a cursory examination, understand why I'd prefer this thing to, say, a Nokia Maemo-based doodad like the N800 or N810? Same screen resolution, wifi, etc - ok, no internal hard drive - and I don't have to jailbreak it to load custom apps.

    Why wouldn't I want to support the company not going out of its way to make my life difficult if custom apps were what I were after?

    -Isaac

    --
    I am not a lawyer, and this is not legal advice. For Entertainment Purposes Only.
    1. Re:Why not Nokia N800/810? by itsme1234 · · Score: 4, Interesting

      If you are after custom apps you just don't buy this device. The prices for N800-N810 are about the same as for Archos 605 30GB-160GB. A605 is mainly a video player. If you don't care about the massive storage and you want the 256M or so you can choose the Nokia tablet - sure (or one of the other many linux/wince/palmos devices). Heck, if you don't care about size you can go for the same price with a full blown desktop PC and have a better CPU, run more apps, better screen, input devices and so on.

      Speaking about "why don't you buy" I am quite disappointed by the current offerings for this market (high end PDA/video player). High-end PDA market mid-2004 (!) specs (I think there are at least 5 devices that match more or less the specs below):

      - WinCE/windows mobile (yes, it's M$ but if you need GPS maps for dodgy places this might be your only option - and nobody can complain about lack of apps, need to jailbreak anything, lack of SDK and so on - Hello Apple, are you listening?)
      - wifi (with WPA from day 0)
      - bluetooth
      - usb host (yes you can use your usb stick or external drive)
      - extremely sharp 640x480 display (the devices are much smaller compared to N800)
      - dual expansion slot (CF and SD with CFIO and SDIO, you can add odd peripherals like TV tuner, ethernet card). And of course you can use the existing under-100$ 16GB CF card or the announced 32GB or 64GB CF cards
      - 500-600+ MHz Intel CPU (non-x86). Twice as fast as what you get in most current devices. Forget youtube, that's peanuts-you can play 99% of the divxes and xvids you get DIRECTLY on the PDA without any conversion.

      Again, the above specs are for mid-2004! Of course nobody cared at the time but it seems that the market is slowly picking up. However the dream device seems to be one of the new Intel ultra-small CPUs (x86 compatible) combined with one of these 30-80-160+GB hdds. And it will eventually come (or at least I hope so).

  2. Ditto, and more by mbourgon · · Score: 3, Informative

    What the parent said, but doubly so because, IIRC, the original Archos' were basically saved by the homebrew community, who came up with new, better, firmware for their products. It was a win-win... so why is the new stuff so anti-modder?

    --
    "Sometimes a woman is a kind of religion, she can save your soul & set you free from all your sins" - Bad Examples
    1. Re:Ditto, and more by mboverload · · Score: 3, Informative

      I WISH TO RETRACT THE ABOVE POST
      IN RELATION TO THIS STORY

      Reason: Unbeknownst to me, Archos has a content portal where you can rent movies and other content. This changes the environment of my post since I was under the assumption they just made MP3 players and did nothing else. With this licensed content they are probably under contract to protect it.

      However, I still believe my post stands on its own when talking about other consumer devices. If anyone has any comments please post

    2. Re:Ditto, and more by Pandamonium · · Score: 3, Funny

      If anyone has any comments please post

      No no, wouldn't dream to interrupt your flow as you seem to be doing just fine all by yourself :-)

      --
      Time...line? Time isn't made of lines! It is made of circles. That is why clocks are round.
      -- Caboose
  3. Oh no! by Anonymous Coward · · Score: 5, Funny

    This is terrible! Literally dozens of users are now at risk!

  4. Windows media DRM by garagumu · · Score: 4, Informative

    One reason could be windows media DRM: http://en.wikipedia.org/wiki/Janus_(DRM)

    AFAIK, if a device supports "protected windows media", they must comply to some drm security specs from microsoft. One requirement for example, is secure time (user should not be able to reset the device time or change to an earlier time), or that the rng/random seed used to generate keys is "good enough".

    The sad thing is that this device uses linux, but archos is trying to "close" the system, because of a microsoft requirement.

    I don't understand why companies _need_ to support drm'ed media. The Nokia N800 series is very, very open. I suppose it doesn't play drm'ed media, but who wants protected media, anyway? It can play all my mp3's, videos fine.

  5. The only reason for keeping my Archos 605 by pawstar · · Score: 3, Insightful

    I am so glad this happened - Archos should be happy too! I bought an Archos 605 during the boxing week specials since I heard that it runs linux under the hood. I was EXTREMELY disappointed when I found out that I could not run any third party apps, especially my own and I was about to return the device ASAP (no returns allowed during boxing week). However, now that the device has been opened up, I am definitely NOT returning it! I am suddenly thrilled with my purchase and I am thinking about BUYING ONE MORE UNIT if I can find another good deal on it! Thats right! I want another one - one as a media player, and another as a linux PDA! What a great little toy it will be! So Archos ... if you want more people like me to support you - don't close the unit up. Open it up and allow for modding. You will loose nothing but gain a wider customer base. (As a side note, a compromise could have easily have been accomplished by Archos by giving an unsupported firmware that opens up the unit but wipes out all the DRM support so no loss there for anyone who wants an open device and does not want to use it for buying/renting media. But honestly, when it comes to DRM, as we all know it doesn't deter the pirates but hurts legitimate users.)

  6. Active your TinyUrl preview! by K.+S.+Kyosuke · · Score: 3, Informative

    Go to http://tinyurl.com/preview.php and (with cookies enabled for this site) click "Click here to enable previews". Et voilà - the next time you click the tinyurl, you'll be able to check were you're actually heading. It's not that difficult, is it? It also protects you from shock sites, at least in the case of a notorious full address of the site.

    (Maybe a checker could be integrated into Slashdot itself - it takes but a single HTTP connection to tinyurl.com to fetch the full address and you could cache it locally and instead of [tinyurl.com] display something like [myminicity.com @ tinyurl.com] next to the link. But you can check it yourself right now, no excuses!)

    --
    Ezekiel 23:20