iPhone Root Password Hacked in Three Days 311
unPlugged-2.0 writes "An Australian developer blog writes that the iPhone root password has already been cracked. The story outlines the procedure but doesn't give the actual password. According to the story: 'The information came from an an official Apple iPhone restore image. The archive contains two .dmg disk images: a password encrypted system image and an unencrypted user image. By delving into the unencrypted image inquisitive hackers were able to discover that all iPhones ship with predefined passwords to the accounts 'mobile' and 'root', the last of which being the name of the privileged administration account on UNIX based systems.' Though interesting, it doesn't seem as though the password is good for anything. The article theorizes it may be left over from development work, or could have been included to create a 'false trail' for hackers."
Prediction... (Score:4, Insightful)
Also, from TFA and the summary:
"Having the passwords will not do anybody any good for the moment. The iPhone has no console or terminal access, so there is no way to log in as either account. In fact, nobody even seems certain that the accounts access the machine at all, some Internet commentators suggesting that the password file was left over from early development work, or was intentionally included to throw hackers off the scent."
These kind of idiotic replies to the blog post are telling:
Poetic Justice - 04/07/07
So much for Apple being the most secure OS in the world. Welcome to Microsoft's world, Jobs.
Wow, cracking a local password on a file that belongs to a device to which you have physical access?
Stop the presses!
Since iPhones don't have any kind of access that makes this "discovery" meaningful, I'm sure that people will just misunderstand the implications of this, and because of the iPhones popularity - and a lot of peoples' desire to tear it down or create any FUD they can to dissuade interested people from possibly buying an iPhone - I'm sure this and related stories will be big news.
Re: (Score:3, Interesting)
What? This wouldn't have that effect at all. It would have the -opposite- effect. Those who had not planned to purchase may think they could mod it like a ps2 and poof, instant super-phone.
Yes, we aren't quite there... But I have little doubt we'll get there pretty quickly.
Now if they manage to unlock it -and- provide access to run any app I compile, I would be very interested.
Re:Prediction... (Score:5, Insightful)
In the mainstream, this can easily get spun as the iPhone is extremely insecure, and has been "broken into", causing normal people to steer very clear.
Re:Prediction... (Score:5, Funny)
In the mainstream, this can easily get spun as the iPhone is extremely insecure, and has been "broken into", causing normal people to steer very clear.
Doesn't the price tag already do that?
Re: (Score:2)
Re:Prediction... (Score:5, Funny)
Ummmm..... (Score:4, Insightful)
Re: (Score:3, Funny)
Re: (Score:3, Insightful)
The cool thing is, they're pretty good pieces of equipment, and now that they're not 'hip and cool' you can get them for pennies on the (original) dollar on Ebay. And you can do a lot of cool stuff with a 68K dragonball processor in that form factor. They're one hell of a deal at the current market value of $5-15 each.
We can have similar hopes for the iPhone. Who knows what cool stuff we'll be doing with them five years from now. Hopefully when we crack
Re: (Score:3, Insightful)
Its common knowledge Windows is extremely insecure, yet I don't see people steering clear of it.
Re: (Score:2)
Re: (Score:3, Interesting)
Re: (Score:2, Informative)
# User Database
# Note that this file is consulted when the system is running in single-user
# mode. At other times this information is handled by lookupd. By default,
# lookupd gets information from NetInfo, so this file will not be consulted
# unless you have changed lookupd's configuration.
nobody:*:-2:-2::0:0:Unprivileged User:/var/empty:/usr/bin/false
root:XUU7aqfpey51o:0:0::0:0:System Administrator
Re: (Score:2)
Loaded 2 password hashes with 2 different salts (Traditional DES [64/64 BS MMX])
alpine (mobile)
dottie (root)
guesses: 2 time: 0:00:00:31 (3) c/s: 685650 trying: dewMso - dotty1
mobile password was gotten instantly (in first second)
30secs using john the ripper with no special word files or anything.
http://www.openwall.com/john/ [openwall.com]
I'm still amazed that (Score:2, Insightful)
Re:Prediction... (Score:5, Funny)
That pretty much sums up how useless this article was.
By the way, if anyone wants it, you can have the combination to my luggage.
Re:Prediction... (Score:5, Funny)
123 000 999 666
Those four will open 99% of all luggage in the world that doesn't contain a laptop, cash or a gun.
Re: (Score:2, Funny)
Re: (Score:3, Funny)
And 23% of those that do? And 69% of those that contain two of the three? And what percent of statistics are complete bullshit again?
Re: (Score:3, Insightful)
100% would be my guess, provided we're dealing with the specific subset of 'statistics used during discussions on online forums'.
Re:Prediction... (Score:5, Funny)
I don't get it. What world doesn't contain a laptop, cash, or a gun, and yet has luggage?
Re: (Score:3, Funny)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
May the schwartz be with you.
Re: (Score:2)
From what I've seen, it's less about dissuading people to buy phones and more about illustrating the hypocrisy. Take any fanboy debate (Sony vs. Nintendo, Star Wars vs. Star Trek, Garbage Pail Kids vs. Baseball cards) and you'll generally find that the behaviour is the same on BOTH sides. You'll praise things that one side does that you'll chastise the other for. Do this
Re:Prediction... (Score:4, Insightful)
I have a very high regard, on the other hand, for remote exploits that have occurred or are shown to be possible.
You're making a string of assumptions - that the password is even usable (which it may not be), that a remote exploit via the browser is possible, and that even if both happen, that this enables some higher level of access.
Are all of those things possible? Perhaps. But all of those have to be provably true before it justifies knee jerks that the iPhone is somehow "insecure", which are already happening around the blogs.
Also, I didn't say it was nothing. I said this story will probably get mangled to imply that - right now - it's somehow possible or very likely possible to "break into" iPhones remotely. And that's patently incorrect.
Re:Prediction... (Score:5, Insightful)
Unbiased does not mean stating both sides equally, because both sides are not always equal. An unbiased opinion on Iraq does not spend half the time saying the war is going well if it's not.
An unbiased opinion on the iPhone does not hesitate to points out its limitations, but doesn't have to spend "equal" time on being negative about it, if its flaws do not warrant it.
The iPhone is quite obviously a good product, with some limitations that might not work out for some people. It is not a 50/50 or middle of the road product, and compared to competitive landscape, it is very impressive on a number of levels.
Also, FYI: Calling anyone a "fanboy" immediately identifies you an ignorant troll and ensures that nothing you have to say is worth hearing.
Re:Prediction... (Score:5, Insightful)
Also, FYI: If you want to claim the moral high ground on name-calling, then you might want to reconsider labeling people who disagree with you trolls.
Re:Prediction... (Score:4, Insightful)
You don't have to call someone a "fanboy" to disagree with them. People who throw around the word "fanboy" left and right in an empty attempt to devalue sound comments are just Ballmeresque, foaming-at-the-mouth trolls.
You can happily criticize Apple and their supporters and engage in disagreements with them without having to resort to "you're a fanboy so your whole thought process is invalid" attacks.
Parent did not label people who disagreed with him "trolls." That title was reserved to a specific, hostile subset of those who disagree.
Re: (Score:3, Interesting)
The iPhone is also quite obviously very expensive. Price is a key factor in deciding whether or not a product a worthwhile purchase. It may have superior features, but it's pretty close to a middle-of-the-road product in terms of value. It's not so unreasonable to say that it might be pretty good, but in order to be a good value for its price, it needs to be even better (or cheaper).
At $499/$599 it should really be more of a PDA than a phone (though the line is blurred these days and will continue to blur). I'd consider $499 for a 2007 Apple Newton, but not a phone.
By the way do we know yet why they don't let developers run their own apps on the iPhone? It seems that this would make it into something PDA-like very easily. Is it a choice by Apple or was it forced on them?
Re: (Score:3, Informative)
My personal conspiracy theory is that AT&T is scared that someone would release a VoIP over WiFi application, cutting down on billable minutes. Others have pointed out that the iPhone doesn't have user privilege levels, so there ma
Re:Prediction... (Score:5, Funny)
Exactly, because the proper term is "fanboi".
Whoo-hoo (Score:5, Funny)
Re:Whoo-hoo (Score:5, Funny)
Re:Whoo-hoo (Score:5, Funny)
You don't call your girlfriend, you download her videos from Pirate Bay.
Re:Whoo-hoo (Score:5, Funny)
[It's only been 18 seconds since I hit reply, and, in order to give everyone a chance to post, slashdot requires me to slow down, cowboy!]
Re: (Score:2)
Re:Whoo-hoo (Score:5, Funny)
Sudo wrestling.
Thanks, I'll be here all night.
Re: (Score:2)
Scheduling algorithm? (Score:2)
Why root on OSX (Score:2)
So I wonder why they enabled root? perhaps when connecting from another computer to run a command via ssh it's a lot fewer steps to type. (don't have to enter the password twice). So I but the idea this is left over from
Not that big a deal (Score:5, Insightful)
Whereas this *is* news (hell, I'd submit it!), I think a lot of people criticising the iPhone at the moment still haven't made the leap from "this is a phone. It does X,Y,Z" to "this is a fully-fledged computer, masquerading as a phone" - with all that that implies.
Apple have said they intend to provide updates, changes, additions, etc. to the iPhone over time. They have a policy of supporting older computers with new OS releases, and I don't see why they wouldn't migrate this approach to their new market. It only *benefits* them if there are more used phones in circulation running OSX - even if it was a hand-me-down from the big-brother/sister who went and bought the new one...
If this truly is the "third leg" of Apple's business, someone will get yelled at internally, and the next update will fix it. End of story.
Simon.
Re: (Score:2)
Now that we have that out of the way, if you have a unix system or device, and you have physical access to the system, don't know the root password, and we'll pretend for the moment that you can't drop it to single user mode, how do you get in?
Usually? If it's a filesystem you can read, mount said filesystem on another box, change the passwd file, and update any shadow files/database files. Now, I would HOPE that apple didn't go porting the entire net
Re: (Score:3, Insightful)
If so, that's going to take a while to break [grin]. On Leopard (and I'm guessing Apple engineers will be using Leopard
Re:Not that big a deal (Score:4, Interesting)
see how the original xbox hacker (whose name I forget) captured it's encryption key by "simply" (yeah, not that simple) monitoring the bus.
Re: (Score:2)
Re: (Score:2)
you don't go after breaking the password, you go after finding where apple stored it. If it's encrypted, the iphone has to be able to decrypt it, therefore has to have the password available.
It doesn't usually work that way. Usually passwords are one-way encrypted (or hashed), meaning there is no way to decrypt them. What the OS does it take the password you supplied, encrypt it using the same method, then compare the encrypted string to the stored encryption string of the actual password. That way even the OS itself never needs to know what the actual password is, and it is never available anywhere as clear-text.
Re:Not that big a deal (Score:5, Funny)
Is this like the geek equivalent of the frat-boy phrase, "I'd hit it!"?
Re:Not that big a deal (Score:5, Interesting)
Then you understand nothing. The iPhone critics are thinking "this is a fully-fledged handheld computer, running the same operating system as my laptop, that has been intentionally crippled to protect the artificial market segmentation desired by AT&T and Apple."
they've never done it for iPods... (Score:4, Interesting)
Apple have said they intend to provide updates, changes, additions, etc. to the iPhone over time. They have a policy of supporting older computers with new OS releases, and I don't see why they wouldn't migrate this approach to their new market.
Except they don't do it for iPods. Each new "generation" of the iPod has run a different firmware *and* had different capabilities, like being able to search. The older iPods never got the functionality of the newer ones, ever. Clickwheel iPods can't "search", nor do they get the newer iPod games, etc. This is just like digital camera manufacturers, home network gear makers, etc. Very, very, very rarely do they take advantage of the firmware updates to increase functionality in any way. Why should they, when they can make you but version N+1?
Most of the time they update the iPod firmware only to give it compatibility with the latest iTunes, and these days, the only updates to iTunes are security fixes and bloat (the glorified pedometer, Apple TV, the iPhone, etc. Anyone else remember when you could sync contacts and appointments onto your iPod through iSync?) My second-gen nano (or Mini, or whatever the hell it's called these days) still crashes 50% of the time when I go to play a podcast after syncing it with my mac. I'm not holding my breath waiting for them to fix it.
Re:they've never done it for iPods... (Score:5, Insightful)
Except they don't do it for iPods. Each new "generation" of the iPod has run a different firmware *and* had different capabilities, like being able to search. The older iPods never got the functionality of the newer ones, ever. Clickwheel iPods can't "search", nor do they get the newer iPod games, etc. This is just like digital camera manufacturers, home network gear makers, etc. Very, very, very rarely do they take advantage of the firmware updates to increase functionality in any way. Why should they, when they can make you but version N+1?
Apple stated on their last quarter conference call they're changing the way they book AppleTV and iPhone revenues to spread it out over 8 quarters, so they don't have that problem. Even though they get $600 today for an iPhone sold, they don't actually put the whole thing in the books right away as recognized revenue, they apply it over the next two years to ongoing engineering for existing units. Exactly what they'll do with that ability remains to be seen, but they've at least publicly stated their intent to improve the platform for early adopters.
Re: (Score:2)
No, too many people did. Like the valet that brought my car up when I was checking out from a hotel on Sunday. "Hey, you got the iPhone! Do you really think it will make laptops go away?"
The iPhone is not the first convergence device, nor is it unique in any aspect. I don't know why people wou
Passwords (Score:3, Informative)
The "mobile" user accounts password is "dottie"
Re:Passwords (Score:5, Funny)
Re:Passwords (Score:5, Funny)
Re:Passwords (Score:5, Funny)
Re:Passwords (Score:5, Informative)
Re:Passwords (Score:5, Funny)
The password for alpine is root, the dottie user account password is mobile.
Re:Passwords (Score:5, Funny)
The root password is au!dle
The mobile password is a!++op
Re: (Score:2)
Created for... (Score:5, Funny)
Or it was created to generate topics on Slashdot when it's discovered...
Root user... (Score:4, Insightful)
user enabled in OS X to begin with.
Netinfo? (Score:5, Informative)
This isn't the password for the running account - you'd have to boot the phone into single-user mode. The running passwords would be stored in Netinfo.
This is going to turn into a lot of FUD....
Re: (Score:2, Informative)
http://www.dribin.org/dave/blog/archives/2006/04/2 8/os_x_passwords_2/ [dribin.org]
Mmmmm, honey..... (Score:3, Funny)
Re:Mmmmm, honey.....(Oops, should be Nabors) (Score:3, Funny)
phew (Score:5, Funny)
Re: (Score:2)
Or
netscapeengineers (mobile)
areweenies (root)
Is someone really trying... (Score:2)
Re: (Score:2)
Why this won't do any good (Score:4, Funny)
Re: (Score:2)
Wait, so I only get three chances to input a password I already know?
DAMMIT ALL TO HELL!!! THAT'S COMPLETELY IMPOSSIBLE!!!
Re: (Score:3, Informative)
Re:Why this won't do any good (Score:4, Insightful)
Passwords on my device (Score:4, Interesting)
Re:Passwords on my device (Score:4, Insightful)
Re: (Score:2, Insightful)
Ill probably get the European model. Unlocked from any carrier, and supports better protocols.
Law-abiding guarantee or wishful thinking? (Score:2)
Re: (Score:3, Informative)
Re: (Score:2)
Re:Passwords on my device (Score:4, Insightful)
The software that comes with the phone (of which these hidden passwords are a part of) is not yours. You are licensed to use it, post activation.
Custom software (Score:3, Interesting)
But you should consider: a) the phone doesn't support custom software b) thousands of geeks who bought the phone want to write apps for it.
Maybe knowing the root login is a tiny step in that direction, if you get what I mean. I have the feeling we'll be seeing AT&T disabling remotely phones that have been hacked with custom apps. Same as MS did with modded XBOX360.
as there is a root (Score:2, Insightful)
Theories (Score:3, Funny)
Even better, I suspect this is the major reason Leopard was delayed. iPhone's software was completed all along: all those OSX developers were assigned to create numerous false trails for hackers, on the iPhone.
I'm wondering if it's intentional (Score:5, Interesting)
Jobs could play the innocent claiming that hackers did it all the while happy that yet another iPhone went out the door.
I truly would like to see this phone on other nets (Score:2)
from full-disclosure (Score:3, Informative)
From: Erik Tews (e_tewscdc.informatik.tu-darmstadt.de)
Date: Sun Jul 01 2007 - 17:20:37 CDT
* Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Am Montag, den 02.07.2007, 00:07 +0200 schrieb Fabio Pietrosanti (naif):
> There are a couple of user with their password:
>
> root:XUU7aqfpey51o:0:0::0:0:System Administrator:/var/root:/bin/sh
> mobile:/smx7MYTQIi2M:501:0::0:0:Mobile User:/var/mobile:/bin/sh
>
> Does someone have some time to arrange a quick john session (should be
> quick)?
Loaded 2 passwords with 2 different salts (Standard DES [64/64 BS])
alpine (mobile)
dottie (root)
guesses: 2 time: 0:00:00:16 (3) c/s: 551883 trying: royour - b1o2w8
Yes, it was quick
Like MacOS X? (Score:3, Insightful)
Emulation/Virtualization (Score:5, Interesting)
Re:Emulation/Virtualization (Score:4, Insightful)
I think there's a company that managed to develop a software emulator for TI omap chips...I never had a chance to try it and see if it works.
"dottie" & "alpine" (Score:3, Informative)
ah,http://launchr.blogspot.com/2007/07/iphones-pa
So... (Score:3, Insightful)
Re: (Score:2)
Re:root disabled? (Score:5, Interesting)
In my opinion, the biggest news here is not as how it was reported, but rather that people now can easily modify the default image and try booting it on the iPhone...
Re: (Score:2)
Hmmm... drop in an init script or two to kick off a terminal window? is there a terminal.app anywhere, or X11 hooks? I should download the image and play around a bit...
Re: (Score:2, Offtopic)
As it has been delayed until October [linuxdevices.com] at the earliest, I guess we'll just have to wait to see...
Re: (Score:2)
Paris Hilton (Score:5, Funny)
Re:hmm... GPL? (Score:5, Informative)
For the record, here's the source. [google.com]