Just a note to whet your appetites, I've successfully gotten arbitrary code execution working on my Archos 605wifi with firmware 1.7.13.

And for bonus points, you don't need to open your Archos up or a access to a docking station -- you can do it all with a stock model.

I'm supposed to be heading out in a bit, but I'll be posting example code in the next day or so..

Get a piece of useful code working, and I'll send you $20.

(reqs: able to see wifi and use touch screen at the native resolution)

get free browser plug-ins, and the guy above me will send you $50

I'm not hacking it to steal plug-ins, I'm more interested in expanding what the Archos can do, like have an ssh server running on it, or see if smbd can be run in the background, stuff like that.

What you guys do with this solution is your own choice. It's by no means a done-deal, but, it seems like a good first step for hackers who want to get at the Archos guts and poke it.

Right now I've got a non-interactive shell, (you can only fire commands into it).. but, if I can get python or telnetd or sshd cross-compiled, then you could have interactive sessions, after that it's just a matter of time until the gates are wide open. However, once I publish my technique, it'll be really easy to fix it on Archos' part.

Well, good thing they can't make us upgrade. If you can hack the content portal to go right to google.com rather than some archos site, that would be nice (How far off are your skills from making a custom firmware, to disable the mandatory updating when using the content portal?)

I hate to underplay your abilities, but is it just you on this? Almost every major crack and resulting first code is not by 1 person. A true linux enviroment means an NES/SNES emulator as well as a real browser.

I got sshd working I think. Haven't actually tested it by sshing in, need to fiddle with the config a bit more and find an access point.

But I've gotta go, I should have been on the road 2 hours ago! :p

I'll update tomorrow afternoon, once I get sshd working I'll post instructions and a tar file with my work in it.

Sounds cool if true..

Just make sure you don't brick it..

Perhaps a hack would push Archos to release an SDK that lets third party app developpers tap well into the multimedia chip, just as iPhone hacking has forced Apple to soon release an SDK for the iPhone and iPod Touch.

Archos has like a dozen different types of IPs, DRMs and other security mechanisms to protect, so I guess they'd prefer to close an eventual hole with a firmware update and provide with some kinds of APIs to tap into the machine while keeping third party applications safe from bricking (perhaps through digitally signing apps by testing them officially before they can be installed) and separate from the core multimedia security, rights and feature encryption features. Although I don't know if Archos has the ressources available to provide an SDK like Apple does.

*shrug* I'm not offering a true linux environment, or a distro for the Archos. Just the ability to run arbitrary programs on the existing Archos environment. If someone can flex that into a full distro.. more power to them. So far I've put 8 hours into this, I'll probably get bored around 16 and move on to something else, once I can ssh in from remote, I'll be basically happy, however industrious people will be able to pick up where I left off.

The benefit of being able to interact with a live system should be pretty obvious for any reverse engineering efforts, or to understand how things 'really' work, it's pretty simple to see it when you can dump memory, run programs, copy things off, make snapshots of the filesystem, etc.

So, no offense taken at all, I don't offer much, but I ask for nothing in return. :D

Honestly, you guys give Linux way more credit than it deserves.. heh. The only thing Archos was able to do was obscure their running environment, a little bit. They've done some crafty things, but Linux is Linux is Linux.

You guys will laugh your asses off when you see how I did it.

I did.

Thats pretty cool! Btw, I have found various weak spots, the only problem is which adress(es) to use when doing your stuff (like ret2libc) as the archos is totally blackbox. How did you solve that?

if you can get in via ssh , that'll give us an entry .. but IMO
remote ssh (as root) will probably be disabled ? if not, there'll be a pwd for root ... ?

kudos if you get "us" in via ssh
I can see more hacks coming in 2008 !!

Hello guys.

Fiat what you are working on sounds really cool.

The only problem for a dummy like me is that I don't understand much about what you guys are talking about.

Can someone help me understand what hacking is and terms like ssh?

Thanks

The dummy.

Google is your friend... lots of available information on the web.

sounds goood, let us know asap when u can!

Congrat's on finding a way in. Was it through the buffer overflow you found with pdf?

Archos needs to get a clue. They have a very powerful linux based device, and it would be HUGE if it was more open, instead of everybody asking "Is that like an iPod?".

Hopefully somebody can find the encryption keys, make a custom firmware. The smallest hole is where it starts.

definitely cool what you're doing. didn't mention that in my last post. best of luck to you and keep doing what you're doing :D

probably a little early for this, but if you manage to run mplayer on it, you will be my hero :)

(too many mkvs that I have to watch on pc)

good luck :)

Sounds great! I'd love for a hacking community to get running to allow for some apps and customization that lacks right now.

The 605 has a lot of potential now imagine when it becomes unlock it will be freaking amazing. So keep up the good work and I wish the best. You be making history in the archos family!!