Well, that's not really a bad thing though, right? People will be able to extend it in ways Amazon might not have considered, and it may make it even more popular, right?
Well, that's not really a bad thing though, right? People will be able to extend it in ways Amazon might not have considered, and it may make it even more popular, right?
Well, that's not really a bad thing though, right? People will be able to extend it in ways Amazon might not have considered, and it may make it even more popular, right?
See, that's part of why I wanted this to happen. (Not that I did anything to make it easy or anything... I'm a bit shocked that the lab126 people failed to do some pretty basic things, like, oh, removing the debug port, locking down the bootloader...) Anyway, I'm definitely pleased by this development (and even more pleased that people are starting to notice the specific part I was responsible for).
zetawoof: I have no idea where the name 'Fiona' came from but that was the internal name, yes. I also wonder why the hell the password was available in any sort of human-readable form (although in the later part of development that wasn't the actual password).
One thing I find particularly funny is that the hacked-up cable the guy made looks like it's actually a lot simpler and easier to deal with than the official development hardware.
zetawoof: I have no idea where the name 'Fiona' came from but that was the internal name, yes. I also wonder why the hell the password was available in any sort of human-readable form (although in the later part of development that wasn't the actual password).
From the 3rd article: I quickly ran the /etc/shadow file though John the Ripper. John the Ripper's a pretty common hack program that'll go its dictionary and then brute force passwords until it finds one that matches the hash. It's definitely got any name like fiona that you'd find in a baby names book in it's dictionary, so it probably took less than 3 minutes to crack. When I was setting up the Network Vulnerability Lab at NMSU, we used that a lot to break into systems and show students just how bad most of their passwords were.
The shipping systems didn't have Fiona as their root password. Also, you left off the important bit of that quote,
Alas, it didn't work when I tried entering into console. [...] Unsurprisingly, it had a different password hash. Apparently the root password is changed somewhere before shipping to the end user.
What he had run Jack The Ripper on was the /etc/shadow file of the firmware image.
I had previously misunderstood a different article to say that someone had found the password in plaintext in an init script or something, and had overlooked the bit where he had cracked the password.
That said, at least on the development units, the keyspace for the root password was pretty limited and if you know how the passwords are generated (or even the basic format of them), cracking it would be trivial. But since there's already a technique to trivially replace the root password that's pretty much unnecessary anyway.
Heh, in the meantime, it looks like my old dev unit was still associated with my Amazon account. Fortunately it looks like nobody's turned it on since I left Amazon.
Yeah, I already posted to Twitter about that. It's not really further ownage, more they've managed to kill the additional DRM wrapper on the PC reader app. Topaz is still unaffected, as is the Kindle device itself.
Comments
Hey, it worked for the PSP.
zetawoof: I have no idea where the name 'Fiona' came from but that was the internal name, yes. I also wonder why the hell the password was available in any sort of human-readable form (although in the later part of development that wasn't the actual password).
One thing I find particularly funny is that the hacked-up cable the guy made looks like it's actually a lot simpler and easier to deal with than the official development hardware.
From the 3rd article: I quickly ran the /etc/shadow file though John the Ripper. John the Ripper's a pretty common hack program that'll go its dictionary and then brute force passwords until it finds one that matches the hash. It's definitely got any name like fiona that you'd find in a baby names book in it's dictionary, so it probably took less than 3 minutes to crack. When I was setting up the Network Vulnerability Lab at NMSU, we used that a lot to break into systems and show students just how bad most of their passwords were.
What he had run Jack The Ripper on was the /etc/shadow file of the firmware image.
I had previously misunderstood a different article to say that someone had found the password in plaintext in an init script or something, and had overlooked the bit where he had cracked the password.
That said, at least on the development units, the keyspace for the root password was pretty limited and if you know how the passwords are generated (or even the basic format of them), cracking it would be trivial. But since there's already a technique to trivially replace the root password that's pretty much unnecessary anyway.