Re: Re: [iopener] QNX Password Cracker

New Message	Reply	Date view	Thread view	Subject view	Author view

From: John Adams (jna@retina.net)
Date: 04/13/00-01:44:12 AM Z

Next message: J. Jentink: "Fw: Majordomo results reply address hosed"
Previous message: Matt Morgensen: "RE: [iopener] Goo Removal and Bios Flash ??PROBLEMS??"
In reply to: dropping science like galileo dropped the orange: "Re: [iopener] QNX Password Cracker"
Next in thread: boris: "Re: Re: [iopener] QNX Password Cracker"
Reply: boris: "Re: Re: [iopener] QNX Password Cracker"

You know what this means? Any monkey who knows someone is running an
iopener (i.e. modify nmap to do a TCP stack fingerprint for QNX) can now
nuke people's sandisk's.

dd if=/dev/null of=/dev/hdb

*Sigh*

-john

On Wed, 12 Apr 2000, dropping science like galileo dropped the orange
wrote:

> > sean_k from #i-opener-linux has devolped a program to decrypt ANY qnx
> > password
>
> what incredible lameness -- the mind reels. I was just starting to
> fall in love with QNX and its beautiful file/message passing/driver
> architecture. but huge props to sean_k! how did you guys know that
> QNX used a braindead crypt(), anyway? I suppose the passwords *are*
> shadowed, but still.. if they're not encrypted, they should be stored
> in plaintext to avoid giving the impression of security, are you with
> me?
>
> It's worth noting that while the root password (osiw$6.4) is a
> variable pulled from the nvram partition on startup, the service
> password (the one that decrypts to one2go) is a constant hard-coded in
> /rc/startup. which is not to say they couldn't send an update to the
> startup script.
>
> i might as well add what everyone who's poked around with dsmod knows
> already -- that for the initial network connection (from whence
> updates and local phone numbers are downloaded, I assume) your IO
> tries to open a PPP session to:
>
> 1-800-871-9306
>
> with
>
> username: smackee@netpliance
> password: x3i0pen [note the zero for 'o']
>
> note that 'smack' is a made-up technical term in one of their custom
> protocols (I forget which at the moment.) and that they like the
> '-ee' suffix for 'the object of something'; ie the pokee daemon
> listens to events sent by the poke server.
>
> g
> --
> To unsubscribe:
> E-mail majordomo@fastolfe.net with the text "unsubscribe ihack".
> Useful sites:
> http://iopener.home.fastolfe.net/ihack/ (List Archive)
> http://fastolfe.net/misc/ihack-resources.html (IHack Resources)
>

--
To unsubscribe:
  E-mail majordomo@fastolfe.net with the text "unsubscribe ihack".
Useful sites:
  http://iopener.home.fastolfe.net/ihack/ (List Archive)
  http://fastolfe.net/misc/ihack-resources.html (IHack Resources)

Next message: J. Jentink: "Fw: Majordomo results reply address hosed"
Previous message: Matt Morgensen: "RE: [iopener] Goo Removal and Bios Flash ??PROBLEMS??"
In reply to: dropping science like galileo dropped the orange: "Re: [iopener] QNX Password Cracker"
Next in thread: boris: "Re: Re: [iopener] QNX Password Cracker"
Reply: boris: "Re: Re: [iopener] QNX Password Cracker"

New Message	Reply	Date view	Thread view	Subject view	Author view

This archive was generated by hypermail 2b29.