Archos 605 WiFi Hacked

Nathan Ramella writes "The ARCwelder project has released a technique dubbed 'Go Fighting Tabby!' which exploits an unquoted system() call through the Archos UI, providing the ability to execute arbitrary code with root access on the Archos 605 WiFi. In doing so, opening the platform up for further hacking. The Archos 605 WiFi runs embedded Linux on an ARM processor, but employs a variety of anti-hack techniques to keep users from modifying its firmware and operating system. Included is a cross-compiled sshd with configuration files to allow for passwordless ssh access to the Archos when it is connected to a WiFi connection. Bricks ahoy!"

Why not Nokia N800/810?

Not trying to be flippant here, but I've never heard of this Archos gadget and don't, after a cursory examination, understand why I'd prefer this thing to, say, a Nokia Maemo-based doodad like the N800 or N810? Same screen resolution, wifi, etc - ok, no internal hard drive - and I don't have to jailbreak it to load custom apps.

Why wouldn't I want to support the company not going out of its way to make my life difficult if custom apps were what I were after?

-Isaac

Re:

Not trying to be flippant here, but I've never heard of this Archos gadget and don't, after a cursory examination, understand why I'd prefer this thing to, say, a Nokia Maemo-based doodad like the N800 or N810? Same screen resolution, wifi, etc - ok, no internal hard drive - and I don't have to jailbreak it to load custom apps.

Why wouldn't I want to support the company not going out of its way to make my life difficult if custom apps were what I were after?

-Isaac

That depends on how you view the device. If you're looking for an internet tablet, the Archos is NOT for you. If you're looking for something you could store a huge library of stuff ready to play on your TV, the Archos would wipe the floor with the Noki

Re:Why not Nokia N800/810?

If you are after custom apps you just don't buy this device. The prices for N800-N810 are about the same as for Archos 605 30GB-160GB. A605 is mainly a video player. If you don't care about the massive storage and you want the 256M or so you can choose the Nokia tablet - sure (or one of the other many linux/wince/palmos devices). Heck, if you don't care about size you can go for the same price with a full blown desktop PC and have a better CPU, run more apps, better screen, input devices and so on.

Speaking about "why don't you buy" I am quite disappointed by the current offerings for this market (high end PDA/video player). High-end PDA market mid-2004 (!) specs (I think there are at least 5 devices that match more or less the specs below):

- WinCE/windows mobile (yes, it's M$ but if you need GPS maps for dodgy places this might be your only option - and nobody can complain about lack of apps, need to jailbreak anything, lack of SDK and so on - Hello Apple, are you listening?)
- wifi (with WPA from day 0)
- bluetooth
- usb host (yes you can use your usb stick or external drive)
- extremely sharp 640x480 display (the devices are much smaller compared to N800)
- dual expansion slot (CF and SD with CFIO and SDIO, you can add odd peripherals like TV tuner, ethernet card). And of course you can use the existing under-100$ 16GB CF card or the announced 32GB or 64GB CF cards
- 500-600+ MHz Intel CPU (non-x86). Twice as fast as what you get in most current devices. Forget youtube, that's peanuts-you can play 99% of the divxes and xvids you get DIRECTLY on the PDA without any conversion.

Again, the above specs are for mid-2004! Of course nobody cared at the time but it seems that the market is slowly picking up. However the dream device seems to be one of the new Intel ultra-small CPUs (x86 compatible) combined with one of these 30-80-160+GB hdds. And it will eventually come (or at least I hope so).

display size

I hadn't seen the specs for this device until now, but it sports a 800x480 screen - the same as the EeePc.

Ditto, and more

What the parent said, but doubly so because, IIRC, the original Archos' were basically saved by the homebrew community, who came up with new, better, firmware for their products. It was a win-win... so why is the new stuff so anti-modder?

Re:

Pure speculation here: that could be a requirement from some other company which makes drivers for some of its parts. They could want hackers kept out of the device in order to minimize the risk of having their drivers reverse engineered through sniffing o

Re:

I never understood why companies wanted to make their gadgets unhackable until I read your theory. For some reason it makes me pretty irritated.

These devices are mini COMPUTERS! If your MP3 player has screen or WiFi then it's obvious it can do more. I

Re:

Sorry, this was not the final draft - I was playing with the HTML tags and hit submit instead.

Re:Ditto, and more

I WISH TO RETRACT THE ABOVE POST
IN RELATION TO THIS STORY

Reason: Unbeknownst to me, Archos has a content portal where you can rent movies and other content. This changes the environment of my post since I was under the assumption they just made MP3 players and did nothing else. With this licensed content they are probably under contract to protect it.

However, I still believe my post stands on its own when talking about other consumer devices. If anyone has any comments please post

Re:

If anyone has any comments please post

No no, wouldn't dream to interrupt your flow as you seem to be doing just fine all by yourself :-)

Re:

I think the idea is that they make up for the cheapness of the device by selling the plugins (posting from a future hacked archos)

Re:

As near as I can figure out, this is the thinking that the average business guy has:

Making money is less about creating a good product and building good customer
relationships. It's about good timing. Have the right product at the
right time and at the rig

Oh no!

This is terrible! Literally dozens of users are now at risk!

Windows media DRM

One reason could be windows media DRM: http://en.wikipedia.org/wiki/Janus_(DRM) [wikipedia.org]

AFAIK, if a device supports "protected windows media", they must comply to some drm security specs from microsoft. One requirement for example, is secure time (user should not be able to reset the device time or change to an earlier time), or that the rng/random seed used to generate keys is "good enough".

The sad thing is that this device uses linux, but archos is trying to "close" the system, because of a microsoft requirement.

I don't understand why companies _need_ to support drm'ed media. The Nokia N800 series is very, very open. I suppose it doesn't play drm'ed media, but who wants protected media, anyway? It can play all my mp3's, videos fine.

Why they are so anti-modder . . .

IIRC, they have previously announced plans to sell added codec support (for instance, I have one of their earlier models and I can play almost any divx/xvid file I download off the internet -- provided they have mp3 audio -- those with AAC audio give me no sound) and that sort of thing. If people start implementing new codecs and making this thing compatabile with more types of media files than it already is, that's one less revenue stream for archos.

While I don't like this approach, it is understandable and I love my archos quite a bit so I'm willing to overlook it. Heck, if they'd give me the option of playing AAC on *my* model I'd shell out the extra cash for it.

The only reason for keeping my Archos 605

I am so glad this happened - Archos should be happy too! I bought an Archos 605 during the boxing week specials since I heard that it runs linux under the hood. I was EXTREMELY disappointed when I found out that I could not run any third party apps, especially my own and I was about to return the device ASAP (no returns allowed during boxing week). However, now that the device has been opened up, I am definitely NOT returning it! I am suddenly thrilled with my purchase and I am thinking about BUYING ONE MORE UNIT if I can find another good deal on it! Thats right! I want another one - one as a media player, and another as a linux PDA! What a great little toy it will be! So Archos ... if you want more people like me to support you - don't close the unit up. Open it up and allow for modding. You will loose nothing but gain a wider customer base. (As a side note, a compromise could have easily have been accomplished by Archos by giving an unsupported firmware that opens up the unit but wipes out all the DRM support so no loss there for anyone who wants an open device and does not want to use it for buying/renting media. But honestly, when it comes to DRM, as we all know it doesn't deter the pirates but hurts legitimate users.)

Re:

Sometimes companies have a key they sign the firmware with, and will not update to an un-signed key. That is valid with the GPL v2, and I think one of the biggest changes with the GPL v3.

Vs the N810

Hmm, fork over my cash to a company doing all they can to stifle open source contributions to their device OR Support the open company to community atmosphere of the Maemo [maemo.org] project with my $300.

Decisions, decisions.

Yeah, I'm gonna have to go Nokia on this one. $299.00 n800 [tigerdirect.com]

Re:

Some one mod off topic please , minicity troll again

Re:

Whoops, modded wrong and posting to reverse it.

Possible counter-attacks to myminicity link-spam

> a vain attempt at slashdoting the minicities which encourages them even more

I would think that it would be possible to try to DDoS the servers themselves by accessing URLs which seem OK but actually don't exist (e.g., take a link to a real myminicity

Active your TinyUrl preview!

Go to http://tinyurl.com/preview.php [tinyurl.com] and (with cookies enabled for this site) click "Click here to enable previews". Et voilà - the next time you click the tinyurl, you'll be able to check were you're actually heading. It's not that difficult, is it?

Re:

Is this the first antimyminicity myminicity troll?

Re:

I have the older 604 Wifi, and like it as well. I still can`t understand why they don`t open it up. In the case of the 604, you can only buy about 30$ worth of software for the thing anyway. Charge the extra money and open the damn thing up. The open sour

Archos HW == Low Quality, Software Equally So

Archos have made some very nice PMPs, but all their PMPs from the AV500 & AV700 onwards have been locked in regards to replacing the harddrive, if you try to replace the harddrive with a different or identical size (even model/make) it refuses to use i