Archos 605wifi hacked (604wifi too probably)

Special Developer Edition Firmwares and Hacking on Archos 5 IT, 5/7 IMT, 605/705, with Android, ├àngstr├Âm and other Linux
Post Reply
fiat
Archos User
Archos User
Posts: 65
Joined: Sat Dec 29, 2007 9:41 am

Archos 605wifi hacked (604wifi too probably)

Post by fiat »

Just a note to whet your appetites, I've successfully gotten arbitrary code execution working on my Archos 605wifi with firmware 1.7.13.

And for bonus points, you don't need to open your Archos up or a access to a docking station -- you can do it all with a stock model.

I'm supposed to be heading out in a bit, but I'll be posting example code in the next day or so..
fischju
Archos Guru
Archos Guru
Posts: 440
Joined: Tue Dec 25, 2007 4:33 pm

Post by fischju »

Get a piece of useful code working, and I'll send you $20.

(reqs: able to see wifi and use touch screen at the native resolution)
RockinAmigo14
Archos Novice
Archos Novice
Posts: 42
Joined: Sun Oct 07, 2007 1:51 am
Contact:

Post by RockinAmigo14 »

get free browser plug-ins, and the guy above me will send you $50
fiat
Archos User
Archos User
Posts: 65
Joined: Sat Dec 29, 2007 9:41 am

Post by fiat »

I'm not hacking it to steal plug-ins, I'm more interested in expanding what the Archos can do, like have an ssh server running on it, or see if smbd can be run in the background, stuff like that.

What you guys do with this solution is your own choice. It's by no means a done-deal, but, it seems like a good first step for hackers who want to get at the Archos guts and poke it.

Right now I've got a non-interactive shell, (you can only fire commands into it).. but, if I can get python or telnetd or sshd cross-compiled, then you could have interactive sessions, after that it's just a matter of time until the gates are wide open. However, once I publish my technique, it'll be really easy to fix it on Archos' part.
fischju
Archos Guru
Archos Guru
Posts: 440
Joined: Tue Dec 25, 2007 4:33 pm

Post by fischju »

Well, good thing they can't make us upgrade. If you can hack the content portal to go right to google.com rather than some archos site, that would be nice (How far off are your skills from making a custom firmware, to disable the mandatory updating when using the content portal?)

I hate to underplay your abilities, but is it just you on this? Almost every major crack and resulting first code is not by 1 person. A true linux enviroment means an NES/SNES emulator as well as a real browser.
fiat
Archos User
Archos User
Posts: 65
Joined: Sat Dec 29, 2007 9:41 am

Post by fiat »

I got sshd working I think. Haven't actually tested it by sshing in, need to fiddle with the config a bit more and find an access point.

But I've gotta go, I should have been on the road 2 hours ago! :p

I'll update tomorrow afternoon, once I get sshd working I'll post instructions and a tar file with my work in it.
Charbax
Site Admin
Site Admin
Posts: 7055
Joined: Sun Nov 27, 2005 2:40 am
Location: Copenhagen
Contact:

Post by Charbax »

Sounds cool if true..

Just make sure you don't brick it..

Perhaps a hack would push Archos to release an SDK that lets third party app developpers tap well into the multimedia chip, just as iPhone hacking has forced Apple to soon release an SDK for the iPhone and iPod Touch.

Archos has like a dozen different types of IPs, DRMs and other security mechanisms to protect, so I guess they'd prefer to close an eventual hole with a firmware update and provide with some kinds of APIs to tap into the machine while keeping third party applications safe from bricking (perhaps through digitally signing apps by testing them officially before they can be installed) and separate from the core multimedia security, rights and feature encryption features. Although I don't know if Archos has the ressources available to provide an SDK like Apple does.
fiat
Archos User
Archos User
Posts: 65
Joined: Sat Dec 29, 2007 9:41 am

Post by fiat »

fischju wrote:Well, good thing they can't make us upgrade. If you can hack the content portal to go right to google.com rather than some archos site, that would be nice (How far off are your skills from making a custom firmware, to disable the mandatory updating when using the content portal?)

I hate to underplay your abilities, but is it just you on this? Almost every major crack and resulting first code is not by 1 person. A true linux enviroment means an NES/SNES emulator as well as a real browser.


*shrug* I'm not offering a true linux environment, or a distro for the Archos. Just the ability to run arbitrary programs on the existing Archos environment. If someone can flex that into a full distro.. more power to them. So far I've put 8 hours into this, I'll probably get bored around 16 and move on to something else, once I can ssh in from remote, I'll be basically happy, however industrious people will be able to pick up where I left off.

The benefit of being able to interact with a live system should be pretty obvious for any reverse engineering efforts, or to understand how things 'really' work, it's pretty simple to see it when you can dump memory, run programs, copy things off, make snapshots of the filesystem, etc.

So, no offense taken at all, I don't offer much, but I ask for nothing in return. :D
fiat
Archos User
Archos User
Posts: 65
Joined: Sat Dec 29, 2007 9:41 am

Post by fiat »

Charbax wrote:Sounds cool if true..

Just make sure you don't brick it..

Perhaps a hack would push Archos to release an SDK that lets third party app developpers tap well into the multimedia chip, just as iPhone hacking has forced Apple to soon release an SDK for the iPhone and iPod Touch.

Archos has like a dozen different types of IPs, DRMs and other security mechanisms to protect, so I guess they'd prefer to close an eventual hole with a firmware update and provide with some kinds of APIs to tap into the machine while keeping third party applications safe from bricking (perhaps through digitally signing apps by testing them officially before they can be installed) and separate from the core multimedia security, rights and feature encryption features. Although I don't know if Archos has the ressources available to provide an SDK like Apple does.


Honestly, you guys give Linux way more credit than it deserves.. heh. The only thing Archos was able to do was obscure their running environment, a little bit. They've done some crafty things, but Linux is Linux is Linux.

You guys will laugh your asses off when you see how I did it.

I did.
layzee
Archos User
Archos User
Posts: 69
Joined: Fri Oct 12, 2007 1:47 pm

Post by layzee »

Thats pretty cool! Btw, I have found various weak spots, the only problem is which adress(es) to use when doing your stuff (like ret2libc) as the archos is totally blackbox. How did you solve that?
auzieblogger
Archos User
Archos User
Posts: 78
Joined: Thu Nov 01, 2007 1:38 am
Location: Melbourne , AU

Post by auzieblogger »

if you can get in via ssh , that'll give us an entry .. but IMO
remote ssh (as root) will probably be disabled ? if not, there'll be a pwd for root ... ?

kudos if you get "us" in via ssh
I can see more hacks coming in 2008 !!
605 4GB
2.1.04
kdx
Archos Novice
Archos Novice
Posts: 48
Joined: Sat Dec 15, 2007 9:45 pm
Location: East Coast Canada

Post by kdx »

Hello guys.

Fiat what you are working on sounds really cool.

The only problem for a dummy like me is that I don't understand much about what you guys are talking about.

Can someone help me understand what hacking is and terms like ssh?

Thanks

The dummy.
kawiultraman
Archos Guru
Archos Guru
Posts: 957
Joined: Sat Dec 16, 2006 2:28 pm

Post by kawiultraman »

kdx wrote:Hello guys.

Fiat what you are working on sounds really cool.

The only problem for a dummy like me is that I don't understand much about what you guys are talking about.

Can someone help me understand what hacking is and terms like ssh?

Thanks

The dummy.


Google is your friend... lots of available information on the web.
kev2480
Archos User
Archos User
Posts: 53
Joined: Sat Dec 29, 2007 9:03 pm

Post by kev2480 »

sounds goood, let us know asap when u can!
serag
Archos User
Archos User
Posts: 70
Joined: Wed Oct 17, 2007 7:21 pm
Location: Canuckistan

Post by serag »

Congrat's on finding a way in. Was it through the buffer overflow you found with pdf?
fischju
Archos Guru
Archos Guru
Posts: 440
Joined: Tue Dec 25, 2007 4:33 pm

Post by fischju »

Archos needs to get a clue. They have a very powerful linux based device, and it would be HUGE if it was more open, instead of everybody asking "Is that like an iPod?".

Hopefully somebody can find the encryption keys, make a custom firmware. The smallest hole is where it starts.
RockinAmigo14
Archos Novice
Archos Novice
Posts: 42
Joined: Sun Oct 07, 2007 1:51 am
Contact:

Post by RockinAmigo14 »

definitely cool what you're doing. didn't mention that in my last post. best of luck to you and keep doing what you're doing :D
supersonicdarky
Archos Novice
Archos Novice
Posts: 10
Joined: Sat Nov 24, 2007 3:47 am
Location: Ottawa, Canada
Contact:

Post by supersonicdarky »

probably a little early for this, but if you manage to run mplayer on it, you will be my hero :)

(too many mkvs that I have to watch on pc)

good luck :)
605 wifi 160gb
dpvu
Archos User
Archos User
Posts: 74
Joined: Sat Dec 15, 2007 5:41 am

Post by dpvu »

Sounds great! I'd love for a hacking community to get running to allow for some apps and customization that lacks right now.
samurai512

Re: Archos 605wifi hacked (604wifi too probably)

Post by samurai512 »

The 605 has a lot of potential now imagine when it becomes unlock it will be freaking amazing. So keep up the good work and I wish the best. You be making history in the archos family!!
Post Reply

Return to “Open Development”