Forum.ArchosFans.com

Unofficial Archos Support Forum
It is currently Sun Jun 07, 2020 10:58 am

All times are UTC+01:00




Post new topic  Reply to topic  [ 849 posts ]  Go to page 1 2 3 4 543 Next
Author Message
PostPosted: Sun Dec 30, 2007 6:20 am 
Offline
Archos User
Archos User

Joined: Sat Dec 29, 2007 9:41 am
Posts: 65
Just a note to whet your appetites, I've successfully gotten arbitrary code execution working on my Archos 605wifi with firmware 1.7.13.

And for bonus points, you don't need to open your Archos up or a access to a docking station -- you can do it all with a stock model.

I'm supposed to be heading out in a bit, but I'll be posting example code in the next day or so..


Top
   
 Post subject:
PostPosted: Sun Dec 30, 2007 6:28 am 
Offline
Archos Guru
Archos Guru

Joined: Tue Dec 25, 2007 4:33 pm
Posts: 440
Get a piece of useful code working, and I'll send you $20.

(reqs: able to see wifi and use touch screen at the native resolution)


Top
   
 Post subject:
PostPosted: Sun Dec 30, 2007 6:29 am 
Offline
Archos Novice
Archos Novice

Joined: Sun Oct 07, 2007 1:51 am
Posts: 42
get free browser plug-ins, and the guy above me will send you $50


Top
   
 Post subject:
PostPosted: Sun Dec 30, 2007 6:31 am 
Offline
Archos User
Archos User

Joined: Sat Dec 29, 2007 9:41 am
Posts: 65
I'm not hacking it to steal plug-ins, I'm more interested in expanding what the Archos can do, like have an ssh server running on it, or see if smbd can be run in the background, stuff like that.

What you guys do with this solution is your own choice. It's by no means a done-deal, but, it seems like a good first step for hackers who want to get at the Archos guts and poke it.

Right now I've got a non-interactive shell, (you can only fire commands into it).. but, if I can get python or telnetd or sshd cross-compiled, then you could have interactive sessions, after that it's just a matter of time until the gates are wide open. However, once I publish my technique, it'll be really easy to fix it on Archos' part.


Top
   
 Post subject:
PostPosted: Sun Dec 30, 2007 7:02 am 
Offline
Archos Guru
Archos Guru

Joined: Tue Dec 25, 2007 4:33 pm
Posts: 440
Well, good thing they can't make us upgrade. If you can hack the content portal to go right to google.com rather than some archos site, that would be nice (How far off are your skills from making a custom firmware, to disable the mandatory updating when using the content portal?)

I hate to underplay your abilities, but is it just you on this? Almost every major crack and resulting first code is not by 1 person. A true linux enviroment means an NES/SNES emulator as well as a real browser.


Top
   
 Post subject:
PostPosted: Sun Dec 30, 2007 8:15 am 
Offline
Archos User
Archos User

Joined: Sat Dec 29, 2007 9:41 am
Posts: 65
I got sshd working I think. Haven't actually tested it by sshing in, need to fiddle with the config a bit more and find an access point.

But I've gotta go, I should have been on the road 2 hours ago! :p

I'll update tomorrow afternoon, once I get sshd working I'll post instructions and a tar file with my work in it.


Top
   
 Post subject:
PostPosted: Sun Dec 30, 2007 8:17 am 
Offline
Site Admin
Site Admin

Joined: Sun Nov 27, 2005 2:40 am
Posts: 7052
Location: Copenhagen
Sounds cool if true..

Just make sure you don't brick it..

Perhaps a hack would push Archos to release an SDK that lets third party app developpers tap well into the multimedia chip, just as iPhone hacking has forced Apple to soon release an SDK for the iPhone and iPod Touch.

Archos has like a dozen different types of IPs, DRMs and other security mechanisms to protect, so I guess they'd prefer to close an eventual hole with a firmware update and provide with some kinds of APIs to tap into the machine while keeping third party applications safe from bricking (perhaps through digitally signing apps by testing them officially before they can be installed) and separate from the core multimedia security, rights and feature encryption features. Although I don't know if Archos has the ressources available to provide an SDK like Apple does.


Top
   
 Post subject:
PostPosted: Sun Dec 30, 2007 8:20 am 
Offline
Archos User
Archos User

Joined: Sat Dec 29, 2007 9:41 am
Posts: 65
fischju wrote:
Well, good thing they can't make us upgrade. If you can hack the content portal to go right to google.com rather than some archos site, that would be nice (How far off are your skills from making a custom firmware, to disable the mandatory updating when using the content portal?)

I hate to underplay your abilities, but is it just you on this? Almost every major crack and resulting first code is not by 1 person. A true linux enviroment means an NES/SNES emulator as well as a real browser.


*shrug* I'm not offering a true linux environment, or a distro for the Archos. Just the ability to run arbitrary programs on the existing Archos environment. If someone can flex that into a full distro.. more power to them. So far I've put 8 hours into this, I'll probably get bored around 16 and move on to something else, once I can ssh in from remote, I'll be basically happy, however industrious people will be able to pick up where I left off.

The benefit of being able to interact with a live system should be pretty obvious for any reverse engineering efforts, or to understand how things 'really' work, it's pretty simple to see it when you can dump memory, run programs, copy things off, make snapshots of the filesystem, etc.

So, no offense taken at all, I don't offer much, but I ask for nothing in return. :D


Top
   
 Post subject:
PostPosted: Sun Dec 30, 2007 8:22 am 
Offline
Archos User
Archos User

Joined: Sat Dec 29, 2007 9:41 am
Posts: 65
Charbax wrote:
Sounds cool if true..

Just make sure you don't brick it..

Perhaps a hack would push Archos to release an SDK that lets third party app developpers tap well into the multimedia chip, just as iPhone hacking has forced Apple to soon release an SDK for the iPhone and iPod Touch.

Archos has like a dozen different types of IPs, DRMs and other security mechanisms to protect, so I guess they'd prefer to close an eventual hole with a firmware update and provide with some kinds of APIs to tap into the machine while keeping third party applications safe from bricking (perhaps through digitally signing apps by testing them officially before they can be installed) and separate from the core multimedia security, rights and feature encryption features. Although I don't know if Archos has the ressources available to provide an SDK like Apple does.


Honestly, you guys give Linux way more credit than it deserves.. heh. The only thing Archos was able to do was obscure their running environment, a little bit. They've done some crafty things, but Linux is Linux is Linux.

You guys will laugh your asses off when you see how I did it.

I did.


Top
   
 Post subject:
PostPosted: Sun Dec 30, 2007 11:19 am 
Offline
Archos User
Archos User

Joined: Fri Oct 12, 2007 1:47 pm
Posts: 69
Thats pretty cool! Btw, I have found various weak spots, the only problem is which adress(es) to use when doing your stuff (like ret2libc) as the archos is totally blackbox. How did you solve that?


Top
   
 Post subject:
PostPosted: Sun Dec 30, 2007 12:54 pm 
Offline
Archos User
Archos User

Joined: Thu Nov 01, 2007 1:38 am
Posts: 78
Location: Melbourne , AU
if you can get in via ssh , that'll give us an entry .. but IMO
remote ssh (as root) will probably be disabled ? if not, there'll be a pwd for root ... ?

kudos if you get "us" in via ssh
I can see more hacks coming in 2008 !!

_________________
605 4GB
2.1.04


Top
   
 Post subject:
PostPosted: Sun Dec 30, 2007 2:01 pm 
Offline
Archos Novice
Archos Novice

Joined: Sat Dec 15, 2007 9:45 pm
Posts: 48
Location: East Coast Canada
Hello guys.

Fiat what you are working on sounds really cool.

The only problem for a dummy like me is that I don't understand much about what you guys are talking about.

Can someone help me understand what hacking is and terms like ssh?

Thanks

The dummy.


Top
   
 Post subject:
PostPosted: Sun Dec 30, 2007 3:30 pm 
Offline
Archos Guru
Archos Guru

Joined: Sat Dec 16, 2006 2:28 pm
Posts: 957
kdx wrote:
Hello guys.

Fiat what you are working on sounds really cool.

The only problem for a dummy like me is that I don't understand much about what you guys are talking about.

Can someone help me understand what hacking is and terms like ssh?

Thanks

The dummy.


Google is your friend... lots of available information on the web.


Top
   
 Post subject:
PostPosted: Sun Dec 30, 2007 6:13 pm 
Offline
Archos User
Archos User

Joined: Sat Dec 29, 2007 9:03 pm
Posts: 53
sounds goood, let us know asap when u can!


Top
   
 Post subject:
PostPosted: Sun Dec 30, 2007 7:09 pm 
Offline
Archos User
Archos User

Joined: Wed Oct 17, 2007 7:21 pm
Posts: 70
Location: Canuckistan
Congrat's on finding a way in. Was it through the buffer overflow you found with pdf?


Top
   
 Post subject:
PostPosted: Sun Dec 30, 2007 8:36 pm 
Offline
Archos Guru
Archos Guru

Joined: Tue Dec 25, 2007 4:33 pm
Posts: 440
Archos needs to get a clue. They have a very powerful linux based device, and it would be HUGE if it was more open, instead of everybody asking "Is that like an iPod?".

Hopefully somebody can find the encryption keys, make a custom firmware. The smallest hole is where it starts.


Top
   
 Post subject:
PostPosted: Sun Dec 30, 2007 8:46 pm 
Offline
Archos Novice
Archos Novice

Joined: Sun Oct 07, 2007 1:51 am
Posts: 42
definitely cool what you're doing. didn't mention that in my last post. best of luck to you and keep doing what you're doing :D


Top
   
 Post subject:
PostPosted: Sun Dec 30, 2007 9:05 pm 
Offline
Archos Novice
Archos Novice

Joined: Sat Nov 24, 2007 3:47 am
Posts: 10
Location: Ottawa, Canada
probably a little early for this, but if you manage to run mplayer on it, you will be my hero :)

(too many mkvs that I have to watch on pc)

good luck :)

_________________
605 wifi 160gb


Top
   
 Post subject:
PostPosted: Sun Dec 30, 2007 9:22 pm 
Offline
Archos User
Archos User

Joined: Sat Dec 15, 2007 5:41 am
Posts: 74
Sounds great! I'd love for a hacking community to get running to allow for some apps and customization that lacks right now.


Top
   
PostPosted: Mon Dec 31, 2007 4:10 am 
The 605 has a lot of potential now imagine when it becomes unlock it will be freaking amazing. So keep up the good work and I wish the best. You be making history in the archos family!!


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 849 posts ]  Go to page 1 2 3 4 543 Next

All times are UTC+01:00


Who is online

Users browsing this forum: No registered users and 21 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Limited