Archos 605 WiFi Hacked

Nathan Ramella writes "The ARCwelder project has released a technique dubbed 'Go Fighting Tabby!' which exploits an unquoted system() call through the Archos UI, providing the ability to execute arbitrary code with root access on the Archos 605 WiFi. In doing so, opening the platform up for further hacking. The Archos 605 WiFi runs embedded Linux on an ARM processor, but employs a variety of anti-hack techniques to keep users from modifying its firmware and operating system. Included is a cross-compiled sshd with configuration files to allow for passwordless ssh access to the Archos when it is connected to a WiFi connection. Bricks ahoy!"

Re:

[milsoRgen]

Score 0 Offtopic

So what is lamer?
The story posted as 2008 was ushered in?
The guy that thought he was clever saying happy new year on the first post of 2008?
Or myself, writing about the guy that commented on the story that was the first of 2008?

I think it's all pretty obvious! *hic* /cheers

Why not Nokia N800/810?

[isaac]

Not trying to be flippant here, but I've never heard of this Archos gadget and don't, after a cursory examination, understand why I'd prefer this thing to, say, a Nokia Maemo-based doodad like the N800 or N810? Same screen resolution, wifi, etc - ok, no internal hard drive - and I don't have to jailbreak it to load custom apps.

Why wouldn't I want to support the company not going out of its way to make my life difficult if custom apps were what I were after?

-Isaac

Re:

[debatem1]

I have one and I adore it- this is just icing on the cake! Can't wait to get SSH up!

Re:

[Curtman]

I hope this exploit will help me unlock my AV700. I have regretted buying this thing for 2 years. Maybe some day I'll be able to do what I want with it I just hope it isn't (even more) obsolete by that time.

Re:

[vuffi_raa]

I have a 604wifi- I want that to be hacked too...

Re:

[debatem1]

might work, and a lot of the time if a programmer writes one vulnerability like this they're going to write others. check the tarball for the 604, theres a lot of a details on how the hack is performed on tfa.

Re:

[vuffi_raa]

oh, that's awesome, says it works on the 604wifi too- and the source is on gpl

Re:

[debatem1]

confirmed working on the 604wifi and 700

Re:

[MobileTatsu-NJG]

Not trying to be flippant here, but I've never heard of this Archos gadget and don't, after a cursory examination, understand why I'd prefer this thing to, say, a Nokia Maemo-based doodad like the N800 or N810? Same screen resolution, wifi, etc - ok, no internal hard drive - and I don't have to jailbreak it to load custom apps.

Why wouldn't I want to support the company not going out of its way to make my life difficult if custom apps were what I were after?

-Isaac

That depends on how you view the device. If you're looking for an internet tablet, the Archos is NOT for you. If you're looking for something you could store a huge library of stuff ready to play on your TV, the Archos would wipe the floor with the Nokia device. If the library of videos isn't interesting to you, then it's a non-choice.

Re:

[DJCacophony]

The Archos 605 WiFi is 160 GB. [amazon.com] Moreover, it can also access files shared from a PC over the network.

Re:

[RailRide]

There are four models:
--4GB Flash with a SD slot (accepts SDHC cards)
--30GB HDD
--80GB HDD
--160GB HDD

I got the 4GB version. My collection of music files--at least the ones I'd want to carry around--isn't large enough to tax it (my last device was a 2GB+MiniSD Avayon MP85) and I was only halfway to filling its onboard memory). I'm also not carrying full DVD movies around, so my video storage needs are extremely light. All that and I didn't want a HDD device in the event it gets dropped.

---PCJ

Re:

[DJCacophony]

The Archos 605 is 160 gigabytes, not 30, and it supports USB host mode just like your Nokia.

Re:

[MobileTatsu-NJG]

Excuse me, the link in the story pointed to the 30GB model. Note that the 160GB model seems to be more expensive. Note that 250GB USB powered hard drives are going for around $150 dollars now. The only thing I can see that the the Archos can do that the Nokia can't is act as a Digital Video Recorder. So, if that's what you want the Device for, then I guess Archos is your choice. If you want an open platform that does play videos, play audio files, browse the internet, do GPS mapping, do spreadsheets, word processing, plotting, book reading, ssh server, ssh client, Internet telephony, games, ect, the Nokia 770 is currently the best choice in the smallest package. Again, if I drop my external hard drive, I can always get another one. Drop your Archos hard drive player 5 times and see how well in operates. I have dropped my Nokia 770 at least 5 times with no ill effects.

Your Nokia device cannot hook up to a TV and an external drive will require more power. (Not to mention the added bulk of the whole shebang.) The Archos device is a movie player, the Nokia device gets you part of the way (and for a lot of people, that's probably enough.) there.

Re:Why not Nokia N800/810?

[itsme1234]

If you are after custom apps you just don't buy this device. The prices for N800-N810 are about the same as for Archos 605 30GB-160GB. A605 is mainly a video player. If you don't care about the massive storage and you want the 256M or so you can choose the Nokia tablet - sure (or one of the other many linux/wince/palmos devices). Heck, if you don't care about size you can go for the same price with a full blown desktop PC and have a better CPU, run more apps, better screen, input devices and so on.

Speaking about "why don't you buy" I am quite disappointed by the current offerings for this market (high end PDA/video player). High-end PDA market mid-2004 (!) specs (I think there are at least 5 devices that match more or less the specs below):

- WinCE/windows mobile (yes, it's M$ but if you need GPS maps for dodgy places this might be your only option - and nobody can complain about lack of apps, need to jailbreak anything, lack of SDK and so on - Hello Apple, are you listening?)
- wifi (with WPA from day 0)
- bluetooth
- usb host (yes you can use your usb stick or external drive)
- extremely sharp 640x480 display (the devices are much smaller compared to N800)
- dual expansion slot (CF and SD with CFIO and SDIO, you can add odd peripherals like TV tuner, ethernet card). And of course you can use the existing under-100$ 16GB CF card or the announced 32GB or 64GB CF cards
- 500-600+ MHz Intel CPU (non-x86). Twice as fast as what you get in most current devices. Forget youtube, that's peanuts-you can play 99% of the divxes and xvids you get DIRECTLY on the PDA without any conversion.

Again, the above specs are for mid-2004! Of course nobody cared at the time but it seems that the market is slowly picking up. However the dream device seems to be one of the new Intel ultra-small CPUs (x86 compatible) combined with one of these 30-80-160+GB hdds. And it will eventually come (or at least I hope so).

Re:

[Eddi3]

The Archos 605 is mainly a video player. Videos are big, and require a good screen for viewing pleasure. The Nokia N800/10 has neither: a 16 bit (65k colors) screen, with 128MB-2GB of disk space. The Archos, however, has a 16 million color display, and 30 GB of disk space.

Re:

[bipbop]

I have 32GB of space (2x 16GB cards) in my n800, but when the 32GB cards hit the market in a few days you'll be able to have 64GB. (The n800 has supported SDHC for quite a while, though before they released the official support you needed a kernel patch.) It's still a tradeoff: it's still less space than a hard drive player could have, for example. But you're not limited to 2GB. Note that the n810 only has one SDHC slot, so you can only expand that to 16GB (or 32GB when the cards come out).

Re:

[Rakishi]

And once you add in the cost of those sd cards (16gb ones seems amazingly expensive) you are paying a lot more than you would for the archos.

Re:

[DJCacophony]

The Archos 605 is 160 gigabytes. [amazon.com]

Re:

[Rakishi]

There are 4 models: 4gb (+sd slot), 30gb, 80gb and 160gb. They go up in price (and slightly in physical size) as the capacity goes up and the 30gb is the closest in price to the nokia.

display size

[Lord Byron II]

I hadn't seen the specs for this device until now, but it sports a 800x480 screen - the same as the EeePc.

Re:

[BosstonesOwn]

Some one mod off topic please , minicity troll again

Re:

[Lingerance]

Some one mod off topic please , minicity troll again

Does anyone have a better solution than the two I've seen? First being a minicity in itself. Second a vain attempt at slashdoting the minicities which encourages them even more (they want traffic).

Possible counter-attacks to myminicity link-spam

[Mathinker]

> a vain attempt at slashdoting the minicities which encourages them even more

I would think that it would be possible to try to DDoS the servers themselves by accessing URLs which seem OK but actually don't exist (e.g., take a link to a real myminicity and change the name of the city to a different random string each time). Of course, if the company running the servers is unscrupulous, it could always return ads for what should be 404's. But at the very least, attacking in this way doesn't encourage link

Re:

[Mathinker]

Frankly, in agreement with the post I replied to, I think any kind of activity within the framework of that game would in the end be counterproductive. What we need to develop is ways to "persuade" the game architects to prevent link-spamming from being profitable for the players of the game, or make games which encourage link-spamming not profitable.

Bruce Schneier often comments on the problem of these kinds of externalities. [schneier.com]

Active your TinyUrl preview!

[K. S. Kyosuke]

Go to http://tinyurl.com/preview.php [tinyurl.com] and (with cookies enabled for this site) click "Click here to enable previews". Et voilà - the next time you click the tinyurl, you'll be able to check were you're actually heading. It's not that difficult, is it? It also protects you from shock sites, at least in the case of a notorious full address of the site.

(Maybe a checker could be integrated into Slashdot itself - it takes but a single HTTP connection to tinyurl.com to fetch the full address and you could cac

Re:

[thegrassyknowl]

Whoops, modded wrong and posting to reverse it.

Re:

[cammoblammo]

Is this the first antimyminicity myminicity troll?

Re:

[snl2587]

It has.....evolved......

Ditto, and more

[mbourgon]

What the parent said, but doubly so because, IIRC, the original Archos' were basically saved by the homebrew community, who came up with new, better, firmware for their products. It was a win-win... so why is the new stuff so anti-modder?

Re:

[Anonymous Coward]

Pure speculation here: that could be a requirement from some other company which makes drivers for some of its parts. They could want hackers kept out of the device in order to minimize the risk of having their drivers reverse engineered through sniffing or other methods.
Unfortunately, in the embedded market there's a still enormous load of companies that can't make money if they can't be the only one entity on this planet to be able to sell a driver for some piece of hardware.

Re:

[mboverload]

I never understood why companies wanted to make their gadgets unhackable until I read your theory. For some reason it makes me pretty irritated.

These devices are mini COMPUTERS! If your MP3 player has screen or WiFi then it's obvious it can do more. It's more common that embedded devices just use a processing chip to do all their functions - no more paying for an MP3 decoder chip, MPEG decoder chip, etc. This makes it "easy" to do so much more with them. SO LET US DAMN IT.

Example: The DS. It shoul

Re:

[mboverload]

Sorry, this was not the final draft - I was playing with the HTML tags and hit submit instead.

Re:Ditto, and more

[mboverload]

I WISH TO RETRACT THE ABOVE POST
IN RELATION TO THIS STORY

Reason: Unbeknownst to me, Archos has a content portal where you can rent movies and other content. This changes the environment of my post since I was under the assumption they just made MP3 players and did nothing else. With this licensed content they are probably under contract to protect it.

However, I still believe my post stands on its own when talking about other consumer devices. If anyone has any comments please post

Re:

[Pandamonium]

If anyone has any comments please post

No no, wouldn't dream to interrupt your flow as you seem to be doing just fine all by yourself :-)

Re:

[afd8856]

I think the idea is that they make up for the cheapness of the device by selling the plugins (posting from a future hacked archos)

Re:

[wrook]

As near as I can figure out, this is the thinking that the average business guy has:

Making money is less about creating a good product and building good customer
relationships. It's about good timing. Have the right product at the
right time and at the right price point and you strike it rich. If your
timing is wrong, no amount of good product or service will save you.

But timing is ridiculously hard to predict. So instead of concentrating
of creating a good product that customers want, and supporting it
so t

Re:

[Raidedguy]

Because they sell the ability to play certain codecs for extra, allowing you to run any application, would allow you to bypass this.

Re:

[internic]

...IIRC, the original Archos' were basically saved by the homebrew community, who came up with new, better, firmware for their products. It was a win-win... so why is the new stuff so anti-modder?

Yeah, I can certainly say that years ago when I bought an Archos Ondio mp3 player I quickly got fed up with the crappy interface. I'd largely stopped using the thing until I downloaded the open source Rockbox [rockbox.org] firmware. I was really shocked by how incredibly superior the functionality of Rockbox was to the fac

Great device

[sma11s101]

I personally own one and use it quite often for searching the web. Considering the price different between this and the N810, its no contest. It does support 3rd party widgets but I'm not sure how many of those are out yet. The web browser itself is quite useable and supports flash which is the only reason I bought it. That and I don't want to be just another ipod user.

Re:

[Nerdfest]

I have the older 604 Wifi, and like it as well. I still can`t understand why they don`t open it up. In the case of the 604, you can only buy about 30$ worth of software for the thing anyway. Charge the extra money and open the damn thing up. The open source community can probably improve on what you`ve done anyway. Make your money on the hardware and let people use the device the way they want.

Re:

[cdrguru]

I have a 604 WiFi...

The reason this (and most other consumer devices) do not allow for modifications is real simple. Anyone working with consumer electronics support knows exactly why. What do you do with someone that (a) denies modifying anything and (b) has some unexplicable problem. Do you hang up on them?

Do you have someone sit on the phone for an hour trying to figure out what the problem might be? After all, they are saying it wasn't modified so it might be some obscure bug that needs to be fixed.

Oh no!

[Anonymous Coward]

This is terrible! Literally dozens of users are now at risk!

Windows media DRM

[garagumu]

One reason could be windows media DRM: http://en.wikipedia.org/wiki/Janus_(DRM) [wikipedia.org]

AFAIK, if a device supports "protected windows media", they must comply to some drm security specs from microsoft. One requirement for example, is secure time (user should not be able to reset the device time or change to an earlier time), or that the rng/random seed used to generate keys is "good enough".

The sad thing is that this device uses linux, but archos is trying to "close" the system, because of a microsoft requirement.

I don't understand why companies _need_ to support drm'ed media. The Nokia N800 series is very, very open. I suppose it doesn't play drm'ed media, but who wants protected media, anyway? It can play all my mp3's, videos fine.

Re:

[arivanov]

I don't understand why companies _need_ to support drm'ed media.

Answer is Apple. The marketing droids have looked at the iTunes/AppleStore and decided that its complete featureset is an essential combination to have in any music device. What they are missing is that it is the iTunes superb ability to manage music collections which is the reason for Apple dominance, not the complete feature set and the iTunes store. Less than 0.1% of the music on iPods is from the iTunes Store. Unfortunately as quite often

Re:

[Keeper Of Keys]

I have the 160GB version of the Archos 605 (the large storage capacity, and my aversion to Apple, was the main reason for getting it) and managing files couldn't be simpler - it can either mount as a hard drive to be managed with the tool of your choice, or as an MTP device to be managed with WMP, MediaMonkey, etc. Or you can avoid mounting it at all and pull files off your network onto the device over Wifi (or just stream them).

Got nothing to do with Apple

[argent]

Jobs has consistently said that iTunes only supports DRM because it was required to by the content creators. He said that when the iTunes store opened, he said that when he asked content creators to back down on DRM this year, he said that when EMI went DRM-free.

The timeline doesn't fit, either.

The iTunes Music Store opened at the end of 1Q 2003.

Windows Media DRM shipped in 1999.

By the time iTMS opened, Windows Media Player 9 had already been augmented by kernel components to prevent even driver-level acces

Re:Are they allowed to use Linux and close the sw?

[Douglas Goodall]

I thought that is they base their product on Linux (gpl) that they had to disclose the source code of their device. Microsoft can close the software comprising their protected video path bec ause Windows is their's. But I thought that was basically why we didn't have HD players based on Linux...

Why they are so anti-modder . . .

[Cyberllama]

IIRC, they have previously announced plans to sell added codec support (for instance, I have one of their earlier models and I can play almost any divx/xvid file I download off the internet -- provided they have mp3 audio -- those with AAC audio give me no sound) and that sort of thing. If people start implementing new codecs and making this thing compatabile with more types of media files than it already is, that's one less revenue stream for archos.

While I don't like this approach, it is understandable and I love my archos quite a bit so I'm willing to overlook it. Heck, if they'd give me the option of playing AAC on *my* model I'd shell out the extra cash for it.

Re:

[zlogic]

Actually everything, including the codecs and the browser are already installed. Unlocking is acheived by installing a 1.5 Kb license file which is unique for every serial number.

The only reason for keeping my Archos 605

[pawstar]

I am so glad this happened - Archos should be happy too! I bought an Archos 605 during the boxing week specials since I heard that it runs linux under the hood. I was EXTREMELY disappointed when I found out that I could not run any third party apps, especially my own and I was about to return the device ASAP (no returns allowed during boxing week). However, now that the device has been opened up, I am definitely NOT returning it! I am suddenly thrilled with my purchase and I am thinking about BUYING ONE MORE UNIT if I can find another good deal on it! Thats right! I want another one - one as a media player, and another as a linux PDA! What a great little toy it will be! So Archos ... if you want more people like me to support you - don't close the unit up. Open it up and allow for modding. You will loose nothing but gain a wider customer base. (As a side note, a compromise could have easily have been accomplished by Archos by giving an unsupported firmware that opens up the unit but wipes out all the DRM support so no loss there for anyone who wants an open device and does not want to use it for buying/renting media. But honestly, when it comes to DRM, as we all know it doesn't deter the pirates but hurts legitimate users.)

Re:

[corsec67]

Sometimes companies have a key they sign the firmware with, and will not update to an un-signed key. That is valid with the GPL v2, and I think one of the biggest changes with the GPL v3.

Re:

[Cervantes]

I'm sorry, I just want to clarify. You bought the unit. It was software locked. This made you mad and you wanted to return it. Then someone hacked it, unauthorized by the manufacturer. Now you're happy, and going to buy a second unit.

And then you say to the manufacturer, if you want more people like me to support you, open it up.

But people like you just bought 2 units. So why should the manufacturer bother opening it up?

Now, if people like you bought 0 units, but would buy 2 units if they were unlocked, tha

Vs the N810

[MrCopilot]

Hmm, fork over my cash to a company doing all they can to stifle open source contributions to their device OR Support the open company to community atmosphere of the Maemo [maemo.org] project with my $300.

Decisions, decisions.

Yeah, I'm gonna have to go Nokia on this one. $299.00 n800 [tigerdirect.com]

Re:

[kabz]

Actually, the link is showing at $219.99, which would be irrestible if it was GSM, instead of just WiFi. Why must Nokia cripple this really cool device without the GSM? Why? Why?

As it stands, my iPhone actually is a phone, plus a great web browser. I'll pass.

Re:

[MrCopilot]

Why must Nokia cripple this really cool device without the GSM? Why? Why?

From http://www.allaboutsymbian.com/features/item/Semi-Convergence_Can_you_have_your_cake_and_eat_it_with_the_Nokia_N800.php [allaboutsymbian.com]

The N800 can access the Internet through (in theory) any Bluetooth mobile phone, which makes life a lot easier when you're trying to buy a new phone.

Except for a few compatibility issues with particular models, you can pretty much get whichever phone you want. Because the N800 can handle all the expensive an

Re:

[Bert64]

You can connect it via a bluetooth phone which never has to leave your pocket...
The N800 is large by necessity of having a fairly big screen, it would make a poor phone at that size.
You don't even need a Nokia phone, any bluetooth phone with 3g/gprs modem capability will work.

Security through obscurity isn't secure

[davidwr]

How many closed-source routers and similar devices have similar vulnerabilities?

How many of these vulnerabilities are known only to black-hats?

The nice thing about open source is that both black- and white-hats will find the bugs sooner, and the time interval that the bug is exploitable and unpatched is likely to be shorter.

Remove the harddrive lock protection!

[hack slash]

Archos have made some very nice PMPs, but all their PMPs from the AV500 & AV700 onwards have been locked in regards to replacing the harddrive, if you try to replace the harddrive with a different or identical size (even model/make) it refuses to use it.

They are a bunch of wankers. The harddrive in my AV500 has developed a few errors, the only way I can use the unit is to leave 'dead' files covering the bad blocks and never delete or read them, I've contacted Archos about getting a new drive but they

Archos HW == Low Quality, Software Equally So

[tlhIngan]

Archos have made some very nice PMPs, but all their PMPs from the AV500 & AV700 onwards have been locked in regards to replacing the harddrive, if you try to replace the harddrive with a different or identical size (even model/make) it refuses to use it.

They are a bunch of wankers. The harddrive in my AV500 has developed a few errors, the only way I can use the unit is to leave 'dead' files covering the bad blocks and never delete or read them, I've contacted Archos about getting a new drive but they do

Re:

[Tiny Elvis]

I've got an AV500 and a 605 and I love both. Both are great but since getting the 605 I haven't used the 500 much. I never had any hard drive problems with either (I have had the 500 for several years) and I have never baby'd them either. I think both have beautiful screens, especially the 605 because of the much higher resolution. No, the 605 is not perfect but its a damn good unit. The hard drive does not 'spin all the time', it comes on periodically while watching. Battery life is about 4-5 hours.

unquoted system() call

[cyberst()rm]

Can someone explain me how system() function is used here to execute arbitrary code?

Re:

[Hal_Porter]

http://xkcd.com/327/ [xkcd.com]

Re:

[bubulubugoth]

That is a sql injection, not a system injection...

Re:

[DJCacophony]

Hard drive space. Cowon has 30GB, Archos has over 5 times that. If Cowon put a 160+ gig drive in their hardware, I would be all over that shit, but they never seem to get around to it.

An Entirely Different Reason

[Karja]

I personally would spend alot more time at libraries except for the fact that I tend to check out too many books, lose a few, not return them on time, and then have hefty fines. After a few huge bills, I decided to just remove the temptation to be irresponsible. That, and the fact that all the libraries in my area probably have shoot to kill orders upon my appearance.

Re:

[Ohreally_factor]

I'd go so far as to say that this is a radically different reason, unless perhaps you posted your comment to the wrong story. Doh! =)

'Go Fighting Tabby!'

[tabby]

woar!