Actionscript Null pointer Exploit

Special Developer Edition Firmwares and Hacking on Archos 5 IT, 5/7 IMT, 605/705, with Android, ├àngstr├Âm and other Linux
pt1989
Archos User
Archos User
Posts: 60
Joined: Sat Feb 09, 2008 12:23 pm

Post by pt1989 »

thethirdmoose wrote:Fiat,
Could you please send me the info for one of the exploits? My computer science teacher wants us to do a final project, and this would be fun and useful.
thanks
dude the exploits confidentiality is more important than your CS project...
else the Archos Villains will patch it up... like it won't even matter cause I won't update and if I do it will only be to be compatible with any newer h4xs


fiat rocks.... offering a new ray of hope to those who've been foolish to update to 1.8.x

@fiat plz don't make the bugs public...
hope these bugs will either :
a.) Allow an alternative OS to be installed permanently
b.) Provide an alternate way to start up Qtopia... coz not everybody has WiFi access everywhere


again fiat u rock...
thethirdmoose
Archos Guru
Archos Guru
Posts: 397
Joined: Thu Sep 06, 2007 4:12 am

Post by thethirdmoose »

...i think it's pretty obvious that I'm not an archos employee...
pt1989
Archos User
Archos User
Posts: 60
Joined: Sat Feb 09, 2008 12:23 pm

Post by pt1989 »

of course not Archos Employees use iPods and Windows Vista... :D
fiat
Archos User
Archos User
Posts: 65
Joined: Sat Dec 29, 2007 9:41 am

Post by fiat »

If anybody is an Archos mole it's the OpenPMA guys.. The 'hai we cracked the firmware' with no release is a pretty good indicator. If they had a firmware hack, Archos couldn't stop them, so why all the secrecy?
arcwelder
dpvu
Archos User
Archos User
Posts: 74
Joined: Sat Dec 15, 2007 5:41 am

Post by dpvu »

I'd appreciate a new exploit. I had to RMA my Archos 605 and it came back with 1.8.13 on it. Since that's impossible to downgrade, I went ahead and upgraded to 2.1.
Karl Yeurl
Archos Novice
Archos Novice
Posts: 18
Joined: Sat Apr 19, 2008 1:10 pm

Post by Karl Yeurl »

fiat wrote:The 'hai we cracked the firmware' with no release is a pretty good indicator. If they had a firmware hack, Archos couldn't stop them, so why all the secrecy?
You're not wrong =/.

Anyway, a new hack vould be appreciable : Archos's gonna release up-to-date firmwares with their new devices, that's obvious. And it would be better for the ones who didn't upgrade too : in that way, it is more likely to get new stuff for Qtopia.

Anyhow, fiat, I'm definitely lookin' after the news you'll give about these new hacks, even if I'm sure I won't get my Archos back for two months (and that I might get a firmware 1.7.x), it's always enjoyable to hear news from Archos being hacked :) .

See ya !
(eh, if I made a huge grammatical mistake or anything, just tell it, I'm french (not from France, eh) and I've gotta improve my English :P)
Zavior
Archos Novice
Archos Novice
Posts: 5
Joined: Thu May 15, 2008 9:57 pm

Is anyone still there?

Post by Zavior »

So I bought an refurbished Archos 604 WiFi and it came with the newest firmware (1.6.53). After reading around the forum it seems that things have really slowed down in the last month or two. Is anyone still out there looking into new exploits? If anyone wants something tested on the newer firmware I will be happy to do it for them. Just looking to see if there is still hope!
pt1989
Archos User
Archos User
Posts: 60
Joined: Sat Feb 09, 2008 12:23 pm

Post by pt1989 »

patience...
DRINU
Archos User
Archos User
Posts: 133
Joined: Wed Mar 26, 2008 8:37 pm
Location: America

Post by DRINU »

pt1989 wrote:patience...
why?
pt1989
Archos User
Archos User
Posts: 60
Joined: Sat Feb 09, 2008 12:23 pm

Post by pt1989 »

because the people behind this simply do not have a lot of time for doing these projects... they have families and REAL jobs too...
daithi81
Archos User
Archos User
Posts: 50
Joined: Sat Sep 29, 2007 9:11 pm

Post by daithi81 »

pt1989 wrote:because the people behind this simply do not have a lot of time for doing these projects... they have families and REAL jobs too...
I think this is far more important than mere families.

:roll:
Zavior
Archos Novice
Archos Novice
Posts: 5
Joined: Thu May 15, 2008 9:57 pm

Post by Zavior »

I am certainly not trying to pressure anyone into getting things done sooner. I realize that it will take time. I was just wondering if anyone was still working on it, whether something was going to be released soon or not.
daedlus
Archos Novice
Archos Novice
Posts: 16
Joined: Sat May 10, 2008 5:37 pm

So more stuff

Post by daedlus »

Here is a link to a new exploit which might lend itself to what we need:

http://www.securityfocus.com/bid/29386/discuss

Also, the previously described exploit, from what I could grok, should be just fine in doing remote code execution on a per-unit basis without the need of an internet connection. The caveat is that it would have to be re-executed at each reboot (as we currently do) and also it would not allow us to replace the original firmware, just keep doing what we are doing now except with the updated firmware.

Crafting the document to do this would be a royal pain in the rear end but is entirely possible.
layzee
Archos User
Archos User
Posts: 69
Joined: Fri Oct 12, 2007 1:47 pm

Post by layzee »

What do you want to run with an exploit - the current public OpenPMA is more of a proof of concept. Maybe someone will help us out when the new OpenPMA arrives...
Last edited by layzee on Wed May 28, 2008 5:50 pm, edited 1 time in total.
daedlus
Archos Novice
Archos Novice
Posts: 16
Joined: Sat May 10, 2008 5:37 pm

Post by daedlus »

layzee wrote:What do you want to run with an exploit - the current public OpenPMA is more of a proof of concept. Maybe someone will help us out when the new version arrives...
The reason an exploit is needed is that the new firmwares for the archos gen 5 series have plugged the current exploit up, meaning people cannot install OpenPMA to begin with. Using the various holes in the flash player architecture we might be able to get remote code execution, thus replicating the GFT exploit except without the need for an internet connection.

Or something to that effect. :)
Zavior
Archos Novice
Archos Novice
Posts: 5
Joined: Thu May 15, 2008 9:57 pm

Flash exploit

Post by Zavior »

The reason an exploit is needed is that the new firmwares for the archos gen 5 series have plugged the current exploit up, meaning people cannot install OpenPMA to begin with. Using the various holes in the flash player architecture we might be able to get remote code execution, thus replicating the GFT exploit except without the need for an internet connection.
The only problem with the flash exploit is that it would only be available to those with an x05 and the opera plug-in. Granted that this is most people; some are stuck without flash support. Also it sounds like fiat has some "easier ways" in mind. Let's hope he can come up with something or get some time to maybe pass on a little information.
pt1989
Archos User
Archos User
Posts: 60
Joined: Sat Feb 09, 2008 12:23 pm

Post by pt1989 »

daithi81 wrote:
pt1989 wrote:because the people behind this simply do not have a lot of time for doing these projects... they have families and REAL jobs too...
I think this is far more important than mere families.

:roll:
it is??? i don't know i don't work with OpenPMA or anything... i'm just sayin they are humans... not coffee-code/hack-converting-machines
daedlus
Archos Novice
Archos Novice
Posts: 16
Joined: Sat May 10, 2008 5:37 pm

Post by daedlus »

pt1989 wrote:
daithi81 wrote:
pt1989 wrote:because the people behind this simply do not have a lot of time for doing these projects... they have families and REAL jobs too...
I think this is far more important than mere families.

:roll: <-----NOTICE THIS
it is??? i don't know i don't work with OpenPMA or anything... i'm just sayin they are humans... not coffee-code/hack-converting-machines
He was being sarcastic.
generic_username
Archos Expert
Archos Expert
Posts: 194
Joined: Mon Jan 14, 2008 9:18 pm

Post by generic_username »

just for the record, you can operate some flash objects (.swf and .flv) from the file browser on the archos even without the opera plugin, you cannot as far as i know use the widgets tho.
Post Reply

Return to “Open Development”