Archos 605 supposedly "Dead" (EOL), Exploit(s) now?

[cyclonezephyrxz7]

According to more than one person, we should be getting exploits for the archos now.

According to Chebuzz

True, but now it seems that Archos has declared gen5 EOL (end of life) and it doesn't like any more firmware upgrades will be forthcoming. Now would be the perfect time for an exploit to be released

That was at this link : http://forum.archosfans.com/viewtopic.p ... &start=820


Then According to ecsw

they completely took out 605/705 from Archos.com.

That was at this link: http://forum.archosfans.com/viewtopic.php?f=50&t=24097

(I also did my own little searching of Archos's site, and there really doesn't seem to be any traces of any devices from Gen 5 and earlier, they are only selling accessories for them...)

So it seems that Archos has officially dropped the Archos 605 (Project) along with other related ones (604, etc...).

According to what Grond said to me in a PM

This thread was started as a kind of proof that a total hack of the 605 was possible. However, we will not release such a hack as it enables people to unlock the plugins without paying for them. We do not intend to cause any economical damage to Archos which appear to be in trouble anyway. We use this hack in order to have good testing devices where we can modify everything. E.g. we now have custom images based on the most recent Archos firmware (2.1.04) including gdb. This comes very handy when looking for exploitable bugs in 2.1.04. So if there every will be a further release, it will most probably be based on a new exploit that yet has to be discovered. However, if you still have a 1.7.13-device, I would keep it at this firmware version as you can do a lot of investigations yourself. Theoretically you could do the same hack that we did, however, you will have to do it all by yourself as we won't help you...

So now that Archos doesn't even care for the 605, shouldn't "you guys" (as reffered to by Grond as "we" being the original hackers and devs), atleast release any data that you kno, so others can get started. I mean, I asked Grond originally

Hey Grond,

I was reading a thread where it seemed to be a hack. I know the thread was quite old, but nothing ever happened with it. (This thread being uname: viewtopic.php?f=34&t=17200)

I was wondering if this was given up entirely, or if there is any build of the 'hack' referred to in this thread. (The hack being related to the image provided)


I have already installed Q-Topia, as I have been following the hacking scene, but wanted to know if anything was going on with this other 'hack'.

I would be more than happy to do testing if needed, or to help in any way possible.


Thank you (for taking your time to read this message, and for being probably one of the only Archos 605 hackers left).


Sincerely,

-----
Cyclonezephyrxz7

and I already posted his response above, so can I get 'help' from the existing Devs NOW?

[kb]

...and I already posted his response above, so can I get 'help' from the existing Devs NOW?

I've always been happy to help -- if by help people mean answering questions about the 605 firmware, or the ARM build tools, or Qtopia internals. Would I've not been willing to do, and still am not, is to maintain a custom Linux distribution single-handed. I just don't have time. Lots of people have expressed interested in working with my Qtopia build for the 605, but generally they don't have the Linux and C++ skills necessary -- and that's not something I can teach people in my spare time. Sadly, more and more businesses are turning to simpler (that's not the right word, but I can't think of a better one) development techniques, using Java and Python, and what-not. As a result, the only people left who know about using C++ on embedded Linux systems are old farts like me. The present generation of programmers seem to look on C/C++ as something from the age of dinosaurs.

I don't think that Archos are going to open up their software, just because some units have become obsolete. They have contractual obligations to keep the insides of these units locked up. And, in any event, Archos are probably terrified of their code being reverse-engineered by business in parts of the world that have no respect for intellectual property agreements.

[cyclonezephyrxz7]

All i'm saying is that there was a big buzz about a possible new image of a hack for the Archos, which never happened. I've been visiting this forum since i got my Archos (1-2 years ago), and since the possibility of a hack came about, I've come to this forum hoping to find something, and now all this development seems to just be a joke! There were great proof-of-concepts, and great discoveries, but when someone decides to make a fake thread that says "NEW QTOPIA RELEASED! FINALLY", I can tell that a project is beyond dead, to the point where people can laugh at it.

There was development, and a preliminary build (that wouldnt necesarily work on the archos fully (or at all) that bubu announced and asked for help with) that I dont know if any more devs came to help out, and since that calling I have studied coding for Linux and ARM, but gave up on it when i realized that it was really dead...Then now, when I PM one of the original hackers (at least I think Grond is), he cheers me on, but gives me no help. Maybe i asked the wrong guy, or whatnot, but I know that i dont, never did, nor never will i have the skill to start a project like this from scratch.

There is a source code for this project out there somewhere, and now that this model of the archos is EOL, it should be released so everyone can pitch in what they can do, because starting a project like this from point 0 is very unmotivating...

[CheBuzz]

I am actually actively looking for exploits in the latest 605 (2.1.04) code but I could use some help if anybody has any experience doing penetration testing or exploit finding. PM me if you are willing to help out and have some experience (sorry, don't have time to take somebody through the basics).

[kb]

Then now, when I PM one of the original hackers (at least I think Grond is), he cheers me on, but gives me no help. Maybe i asked the wrong guy, or whatnot, but I know that i dont, never did, nor never will i have the skill to start a project like this from scratch.

There is a source code for this project out there somewhere, and now that this model of the archos is EOL, it should be released so everyone can pitch in what they can do, because starting a project like this from point 0 is very unmotivating...

I have source code, but unless you can set up a cross-compiler build environment on your computer, it's of no use to you. Of course people will cheer you on; but we're all family men with day-jobs, and we don't have the time to train people in embedded Linux development. I suspect that would-be hackers underestimate how difficult this stuff is, and how much you need to know to be able to do it.

As I said before, I think you'd need at least a half dozen skilled developers with time on their hands to build a decent Qtopia (or anything else) and port decent apps for the 605. It may even be that Qtopia is not the way to go -- a better bet might be to run `regular' Linux apps using a very lightweight Xserver like TinyX. PDAXRom is also a possibility.

But even to _investigate_ these possibilities requires skilled Linux/C developers -- something that is in very short supply among Archos owners.

I someone found a way into the Archos 5 or later 605s that could _not_ be closed up by a new firmware from Archos, then I might be persuaded to take an interest in this project again. But, otherwise, it's not worth the time and effort.

[niasork]

I managed to patch & compile TinyX, I could then run xclock on my A605 (whoahhhh! how useful!). But I don't know how to get mouse/keyboard support. I don't know any small window manager that could run on it. And it's too difficult for me to compile libs/apps that are not supported by their croos-compilation chain.

@kb : why don't you publish the code, even with some disclaimer explaining that you won't give any help ?

[kb]

I managed to patch & compile TinyX, I could then run xclock on my A605 (whoahhhh! how useful!). But I don't know how to get mouse/keyboard support. I don't know any small window manager that could run on it. And it's too difficult for me to compile libs/apps that are not supported by their croos-compilation chain.

I think you can compile TinyX to get input direct from /dev/tty, no? The 605 does provide a working /dev/tty but, unless you find a way to shut AVOS down, your Xserver will be fighting with AVOS for keystrokes. How are you launching the Xserver? If you launch it as a replacement for the PDF viewer -- which is what we did for Qtopia -- you can get keyboard input from the dummy keyboard socket in /tmp (I can't remember the name -- something like /tmp/keyboard_filtered). There is also a /tmp/mouse_filtered (or something like that) which provides mock mouse code from the touchscreen. Using a _real_ mouse is a bit of a bear, because there are no drivers in the 605 kernel.

I suspect that there are some very lightweight window managers that can be made to work with TinyX. The problem is that these days they all use X extensions that TinyX won't provide. So a certain amount of hacking will be required. I've used IceWM on embedded systems before but, I confess, not linked against the TinyX libraries. Matchbox might also be a possibility.

Personally, I think Qtopia is a better bet on the 605 than X. Even if you can get X, and a basic WM, running, you've still got the problem of porting applications. Anything that depends on anything more complex than Xlib is going to need a _lot_ of work to port. There's a tendency to think that if you can run X, you can automatically run stuff like firefox and thunderbird. But these apps, and most modern Linux apps, have vast numbers of dependencies. You'd almost have to build a complete custom Linux distribution.

@kb : why don't you publish the code, even with some disclaimer explaining that you won't give any help ?

The problem is that I've been around the open source world long enough to know what happens. You get an inbox full of messages like ``I typed `make' and I got 50,000 error messages, and here they all are...'' The problem is compounded by the fact that I only thought I was working on a proof-of-concept. It's all thrown together haphazardly, and probably wouldn't make sense to anybody except me.

[cyclonezephyrxz7]

It's all thrown together haphazardly, and probably wouldn't make sense to anybody except me.

So why not enlighten us and maybe type up a couple of general pointers to help people understand... Still, it is all useless unless you decide to release it.

I was referring more to the other image of an Archos Hack based on PDAXROM, the one that we actually got an image of from Bubu, without ANY release....why isnt that open for us to see the code....

I'm all for uploading the source, leave the rest to those who want to attempt to compile/create a working hack...

Also, I think that there should be a bit more description on how to make those basic C programs for the archos (like with the Scribble App)...

[kb]

Also, I think that there should be a bit more description on how to make those basic C programs for the archos (like with the Scribble App)...

Um... you need a C cross-compiler, and then you write the code. Sorry to sound glib, but I'm not sure what you need to know. Are you asking how to program in C in general? How to set up a cross-compiler tool-chain? How to put code onto the A605? How to run it? How the A605 framebuffer is addressed? How to read touchscreen data?

I can answer any of those questions (well, I can't teach C programming through this forum), but I have to know what the questions actually are.

[niasork]

The problem is, TinyX must be started as root. And the pdf viewer is started as user nobody. I think chmoding +s the binary should help, but I haven't tried it yet (in fact, my binary is in /mnt/data/usr/X11R6/bin which is FAT32 and cannot be chmoded; I'll try with a ext3 loop fs later to see if it works)

I agree when you say it's not worth porting X, I just could not manage to get xterm compiled!!

[cyclonezephyrxz7]

@KB

I am asking how am I supposed to code FOR THE ARCHOS.... meaning, how do I 'interact' with the frame buffer, and how would i create the files necesary to execute my code. I know my C, just don't know how to apply it to the Archos 605

[kb]

The problem is, TinyX must be started as root. And the pdf viewer is started as user nobody. I think chmoding +s the binary should help, but I haven't tried it yet (in fact, my binary is in /mnt/data/usr/X11R6/bin which is FAT32 and cannot be chmoded; I'll try with a ext3 loop fs later to see if it works)

I agree when you say it's not worth porting X, I just could not manage to get xterm compiled!!

You might be better off putting your TinyX stuff somewhere under /mnt/system if there is room -- at least it's a proper filesystem. All the same, I'm not clear why you need to run the X server is root -- it might be worth checking what files/devices it needs to open and how. A simple change to TinyX might fix this. My recollection is that the framebuffer is world-writeable. It's conventional to run an X server as root, but it shouldn't really be necessary. I didn't have to run Qtopia as root.

[kb]

@KB

I am asking how am I supposed to code FOR THE ARCHOS.... meaning, how do I 'interact' with the frame buffer, and how would i create the files necesary to execute my code. I know my C, just don't know how to apply it to the Archos 605

Get the C cross-compiler for ARM from the Archos open-source bundle. You will need to build it from source, but that's just a case of unpacking the bundle and running `make' on it. You don't need to build the whole bundle, but the cross-compiler gets done first. There are other ARM cross-compilers based on gcc floating about, but some of the other ones (e.g., for the Zaurus) don't produce working code.

For development purposes, the easiest way to run code on the 605 is to do so at the command prompt, using ssh or telnet to the unit. For ssh, search this forum for `arcwelder'. For telnet, I can supply a minimal telnet server that you can copy onto the Archos USB drive and run from the file server settings page (the same way we ran arcwelder). You can put your test code anyway if you want to run it that way.. onto the USB drive is fine. In the longer term, the easiest way to run code _without_ a terminal session is to replace the script `pdf' in /opt/usr/bin (I think) with a script that runs your app. This is how we ran Qtopia. Because /opt/usr/bin is read-only, you need to copy the whole of the bin directory, modify the pdf script, and then mount the copied directory back on top using `mount -o bind'.

The framebuffer is very complex but, for learning purposes, you can just write to the device at /dev/fb0 which is essentially a standard Linux framebuffer. That is, you just do open("/dev/fb0") and then write data where you want it. The `linux framebuffer howto' is still a good starting point for programming information, even though it's ten years old. Or look at sideways' `scribble' app which you should be able to find on this forum.

However you run code, you're going to find that AVOS, the archos firmware, races against you for access to the framebuffer and touchscreen (and everything else). If you can get basic stuff working, I can explain how to fix that.