3COM's Ergo Audrey Hacked 134
It looks like the 3COM Ergo Audrey hacking scene is finally taking off. A guy named Sowbug has hacked the 3COM Ergo Audrey to shell. He has pictures of it here(1) and here(2). Another site has opened to cover this hack, here(3). And of course the Linux Hacker messageboards are covering it quite a bit.
Audrey Discontinued (Score:3, Informative)
I was on a search to figure out what an Audrey even was and found a discontinued notice on 3Com's site dated March 31. They say they discontinued all of their internet appliance line due to a lack of market.
Here [3com.com] is their End of Life Statement [3com.com].
Here [3com.com] is their product page [3com.com]
Here [3com.com] is their Q and A page [3com.com] regarding the discontinuation.
After looking at the specs I doubt I would have bought one anyhow.
Audrey's for $90 at tigerdirect.com (Score:1)
Not a fake (Score:4, Interesting)
Re:Not a fake (Score:1)
I'd like to use the Audrey as a home automation controller, and have my home web server serve up channels for "lights", "HVAC", "Audio", etc. It would seem such a waste not to be able to use the channel knob.
Progresso Black Beans (Score:4, Redundant)
Re:Progresso Black Beans (Score:1)
Moderate parent up. (Score:5, Funny)
I feel the beans cast an air of suspicion over this whole thing.
Its like this guy is working on his computer but instead of drinking a Coke, he just eats a can of beans? That aint right.
Re:Moderate parent up. (Score:1)
Re:Progresso Black Beans (Score:1)
Re:Progresso Black Beans (Score:1)
Often there is a meaning even if the author had none!
Re:Hey (Score:5, Informative)
He did not install linux on his machine. He is using QNX.
He has got a shell running in QNX. It is natural for an OS with a GUI to put a title bar on its windows, is it not?
He got the shell running by adding a new web-page to the CF card which holds the Audrey OS, which had a link when clicked on bought up the shell.
For the people discussing "smudges" and 0-pixel misalignments: get a life. For the people that did not read the article: get a life.
That didn't take long... (Score:2, Funny)
Maybe it's just that the name isn't that familiar, but the idea of "hacking Audrey" has a certain creepy resonance to it... thinking of the people that I know named Audrey... hmmm...
Re:My shopping list (Score:2)
-Beans
Um (Score:3, Informative)
Sounds like 3Com has learned the lesson of the I-Opener. Nothing is impossible to hack, but at least this one is hard.
Re:Um (Score:1)
Re:Faked Screenshots (Score:1)
Re:Faked Screenshots (Score:2)
Re:Faked Screenshots (Score:4, Insightful)
He doesn't say anything about even trying to run linux on it. He's managed to get QNX to give him a regular shell prompt on it, and considers that useful. QNX aint a bad OS, so, sure, that's useful.
It's too fuzzy to make out what's on that title bar, but it would be perfectly normal for the QNX gui to put a title bar on a window, wouldn't it?
Re:Faked Screenshots (Score:5, Informative)
The dirlist looks good too.
not to mention the fact that when he did some digging he came with QNX employees on the names of some binaries...which I know for a fact work there, since I'm also a QNX employee (and work with some of the names mentioned). The rest of the info he's put together looks pretty good as well (as in accurate).
Maybe you should check out the QNX RTP before claiming that these are faked up shots...
Re:Faked Screenshots (Score:1)
Re:Faked Screenshots (Score:1, Flamebait)
Re:Faked Screenshots (Score:2, Informative)
Re:Faked Screenshots (Score:1)
hmmmm... (Score:2, Insightful)
Re:hmmmm... (Score:1)
dr-xr-xr-x 2 0 0 8994816 Aug 06 01:25 proc
Since when did
As to the cd / chroot or just replace cd or perhaps he just edited a typescript output then cated it back, could be all in the
Since when do . files appear in an ls -l ? ls -al
would list them...
I vote fake till more evidence is shown
James
Re:hmmmm... (Score:1)
Re:hmmmm... (Score:3, Informative)
Re:hmmmm... (Score:2, Informative)
A somewhat off-topic note, the proc filesystem drivers under QNX 6.0 are awkward--You can't chdir to a directory in /proc, and then ls. You must do
'ls /proc/dirname'.
Re:hmmmm... (Score:1)
, open( "/proc/self/as", O_RDWR ),
to get access to information on yourself.
Re: (Score:2)
Re:hmmmm... (Score:1)
Re:Well this will discourage manufacturers... (Score:2)
It ain't Linux (Score:1, Informative)
Some quick notes I made from a few links and about 2 minutes of reading:
- The fact that Audrey is 'hackable' is probably 3Com's (Audrey's makers) fault and not QSSL's (QNX's makers) fault. 3Com designed and packaged the system.
- If they used BeIA, Windows CE (or whatever) using the same design, it would be equally as easy to 'hack.'
- Doing this hack requires an Audrey flash ROM image. Something that is not widely available. So, unless you have connections like this guy did, it's probably not very easy to do.
Re:It ain't Linux (Score:1)
You are quite correct, except it wasn't really a "design fault" but a code leak. I have seen several "attempts" to hack Audrey and none were successful until this guy got a hold of an internal version that had a shell. I am not going to say that it would be impossible to do without it, but I doubt many (if any) would have the fortitude and knowledge to accomplish it (outside of 3Com and QNX).
I will say, looking at what he did, he accomplished quite a bit. Probably a hundred or more people had a flash card with this code on it, and he is the first one I have seen to figure out how to dissassemble it and do something with it. He did some great social and reverse engineering.
How much did sowbug harvest from the slash? (Score:1, Troll)
Just send me more of that tasty spam, it goes well with the can o' beans next to the Audrey
Re:How much did sowbug harvest from the slash? (Score:1)
Re:How much did sowbug harvest from the slash? (Score:1)
Please explain how you are supposed to harvest an email address from a browser?
Moderate : -1 Braindead
Re:How much did sowbug harvest from the slash? (Score:1)
Plus, you can track which http requests came for the images, and build a list of TCP/IP addresses and then probe the networks.
C'mon, it ain't rocket science
Re:How much did sowbug harvest from the slash? (Score:1, Insightful)
WHAT?
Re:Faked Screenshots (Score:2)
check the site, he didn't install linux on it, he got a prompt on the native OS, which is QNX
Re:Faked Screenshots (Score:1)
Please practice the following before posting again:
breathe
read
think
Now I think the cheap Audreys on ebay look pretty appealing. It could be a nice substitute for the i-opener that I never got.
Proof? (Score:4, Informative)
Re:Proof? (Score:1, Funny)
In two words: laughably fake
- Black Parrot
Re:Be careful folks. (Score:2, Interesting)
From what I've seen of this trick NONE of it falls under the DMCA: no encryption/decryption involved. It can be argued, probably successfully, that getting an image of the software that runs the system is copyright violation. However, estimating the value of the code per copy at less than 100 dollars, a single copy under the non-profit copyright laws would be insufficient for jailtime. Of course, I could be remembering the statute incorrectly: it has been several months since I last looked at the law.
As for a licence... that's a civil matter. Thank goodness that so far no company has managed to convince congress that violation of a click-through or shrink-wrap agreement should result in incarceration.
Someday these companies will realize that what we want is to pay a fair price for a box that works on our terms. In the mean time, let's pay an absurdly undervalued price and hack away.
Audrey is an obsolete system discontinued by 3Com (Score:1, Insightful)
See the link:
http://support.3com.com/infodeli/tools/consumer/a
Discontinuance of Audrey Q&A
Q Why has 3Com decided to discontinue its Audrey product line?
A While we continue to believe in the potential of Audrey, there are
But some people still think it is important.
Comment removed (Score:5, Informative)
Internet Appliances? (Score:1)
Re:Internet Appliances? (Score:1)
As to hacking them, well, some of us refuse to own computers that aren't under our control.
Re:Internet Appliances? (Score:1)
Yeah, last one I dated was, but she had a mean streak in her too.
Re:Internet Appliances? (Score:2)
I've never understood the fascination with climbing mountains. Couldn't you just do some other activities? They would have all the excietment of watching a movie about mountian climbing, plus be so much safer.
(because it's there)
There'll be no more talking to whos who are not.
Tomorrow's headlines... (Score:5, Funny)
Tuesday, August 7 - Newswire
Today the FBI arrested the infamous hacker
"sowbug" on a criminal complaint from 3com.
The FBI alleges that "sowbug" violated the DMCA
by reverse engineering 3com's "Audrey"
device.
A company spokesperson explained : "sowbug
violated the DMCA by bypassing our elaborate
security mechanisms to prevent unauthorized
access to the operating system. ingenuity
will not be tolerated. We intend to send a message
to the dangerous hacker community that using our
products in ways 3com never considered is totally
unacceptable."
Supporters of the DMCA are calling for the death
penalty, arguing "a mere 5 years imprisonment
is not a strong enough deterrent to free thinking
and research."
Re:Tomorrow's headlines... (Score:1)
ObPr0nReference (Score:3, Funny)
Linux Rulez! (Score:2, Offtopic)
I don't get it. (Score:3, Funny)
No entry for here in section 1 of the manual
$ man 2 here
No entry for here in section 2 of the manual
$ man 3 here
No entry for here in section 3 of the manual
What's up with enumerating your links?
disco'd (Score:2, Informative)
I'm confused. (Score:1)
I just have a few questions. What exactly is meant by a hack here? Are those screen shots supposed to be coming from some other Audrey that someone has hacked into? If they are taken from the console of the "hacked" system, I'm not sure what they prove. I have root access on my Dell desktop computer running Red Hat Linux 7.1, and I didn't need to do any hacking at all!
Can someone provide some links to some background material so I can understand what the Audrey is, and what this hack allows someone to do?
Re:I'm confused. (Score:1)
While the general media uses "hacked" to mean "broken into, the technically 'correct' definition of a "hack" (especially among the /. crowd) is, well... A modification. Thus, saying that he "hacked" the Audrey doesn't mean that he broke into it; it means that he modified it extensively, to the point of getting to the shell.
Re:I'm confused. (Score:1)
Audrey (Score:1)
I was one of the clueless ones who didn't know what the hell Audrey was. So I didn't really feel like visiting the links. But apparently it is some sort of internet appliance that 3COM made, but then discontinued. Fun Times!
Duh! Hoax! Look at the output of ls! (Score:1)
You can tell from the 'ls -l' command. He is in the root directory and one of the files listed is "nto". The name of the microkernel of QNX6 [qnx.com] (also called QNX Realtime Platform) is Neutrino. The "nto" file is the resource manager frontend for the microkernel.
And is it really a hack to install Linux over a cool free [qnx.com] realtime microkernel OS like QNX? Or is it just stupidity? ;-)
Re:Duh! Hoax! Look at the output of ls! (Score:1)
Main Entry: 2hoax
Function: noun
Date: 1808
1 : an act intended to trick or dupe : IMPOSTURE [m-w.com]
2 : something accepted or established by fraud or fabrication
Where do you get the idea that Linux is involved in any of this? Do you see the guy claiming to be running anything other than QNX?
what is the Ergo (Score:1)
Buy Audrey on Ebay cheap (Score:1)
Re:mirror (Score:1)
Re:Manipulated Screenshots (Score:1)
Gives all the details.