Posts: 458 | Thanked: 783 times | Joined on Jan 2010 @ France
#371
Hi all,

I have finally packaged properly 'John The Ripper' for our device ...

Download packages from extra-devel :

Activate all repositories following this tutorial : http://thenokiablog.com/2009/10/27/m...-applications/

Then, as usual, as root, install with :

Code:
-bash-2.05b# apt-get install john && john
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Suggested packages:
  wordlist
The following NEW packages will be installed:
  john
0 upgraded, 1 newly installed, 0 to remove and 23 not upgraded.
Need to get 0B/811kB of archives.
After this operation, 1430kB of additional disk space will be used.
Selecting previously deselected package john.
(Reading database ... 39392 files and directories currently installed.)
Unpacking john (from .../john_1.7.8-1maemo6_armel.deb) ...
Setting up john (1.7.8-1maemo6) ...
John the Ripper password cracker, version 1.7.8
Copyright (c) 1996-2011 by Solar Designer
Homepage: http://www.openwall.com/john/

Usage: john [OPTIONS] [PASSWORD-FILES]
--single                   "single crack" mode
--wordlist=FILE --stdin    wordlist mode, read words from FILE or stdin
--rules                    enable word mangling rules for wordlist mode
--incremental[=MODE]       "incremental" mode [using section MODE]
--external=MODE            external mode or word filter
--stdout[=LENGTH]          just output candidate passwords [cut at LENGTH]
--restore[=NAME]           restore an interrupted session [called NAME]
--session=NAME             give a new session the NAME
--status[=NAME]            print status of a session [called NAME]
--make-charset=FILE        make a charset, FILE will be overwritten
--show                     show cracked passwords
--test[=TIME]              run tests and benchmarks for TIME seconds each
--users=[-]LOGIN|UID[,..]  [do not] load this (these) user(s) only
--groups=[-]GID[,..]       load users [not] of this (these) group(s) only
--shells=[-]SHELL[,..]     load users with[out] this (these) shell(s) only
--salts=[-]COUNT           load salts with[out] at least COUNT passwords only
--format=NAME              force hash type NAME: DES/BSDI/MD5/BF/AFS/LM
--save-memory=LEVEL        enable memory saving, at LEVEL 1..3
-bash-2.05b#
Ok, now we have 'John The Ripper' properly installed then it's time to crack the Security Code of the device.

To ease the cracking process I have made a shell script you can launch :

Code:
-bash-2.05b# wget "http://bigbob.fun.free.fr/maemo/Nokia-N900-Security-Code-Recover"
--05:54:09--  http://bigbob.fun.free.fr/maemo/Nokia-N900-Security-Code-Recover
           => `Nokia-N900-Security-Code-Recover'
Résolution de bigbob.fun.free.fr... 212.27.63.102
Connexion vers bigbob.fun.free.fr|212.27.63.102|:80...connecté.
requête HTTP transmise, en attente de la réponse...200 OK
Longueur: 2 220 (2.2K) [text/plain]

100%[=================================================================================================================>] 2 220         --.--K/s             

05:54:09 (1.51 MB/s) - « Nokia-N900-Security-Code-Recover » sauvegardé [2220/2220]

-bash-2.05b# chmod +x Nokia-N900-Security-Code-Recover 
-bash-2.05b# ./Nokia-N900-Security-Code-Recover
Hope it help ...

A++
 

The Following User Says Thank You to colin.stephane For This Useful Post:
Posts: 502 | Thanked: 366 times | Joined on Jun 2010 @ /dev/null
#372
Maybe at last we might be able to see the end of these people requesting to have their password cracked. I am finding it hard to believe these days if people are just too forgetful to remember simple things like carrying their own wallets or what.

I guess only time will tell for now. Thanks for porting john tool despite the fact that there's a password changer tool by qwerty12 at the beginning of the thread.
__________________
 
shazosbourne's Avatar
Posts: 257 | Thanked: 205 times | Joined on Jan 2010 @ Sydney, Australia
#373
Originally Posted by tuxsavvy View Post
Maybe at last we might be able to see the end of these people requesting to have their password cracked.
So if someone like that last bloke stole a phone forgot his password, how exactly does he/she install that JTR on a locked device?
__________________
Everybody wants to go to heaven..............but nobody wants to go now.
 
Posts: 502 | Thanked: 366 times | Joined on Jun 2010 @ /dev/null
#374
Originally Posted by shazosbourne View Post
So if someone like that last bloke stole a phone forgot his password, how exactly does he/she install that JTR on a locked device?
There is a way to temporarily bypass a locked device. Though what if the device was stolen when it was in use or if the device autolock was set for very long duration? There has already been two threads that I have noticed where the owner (fake or not) of that N900 has been requesting for help despite the fact that he/she has been directed to go to nokia care.
__________________
 
Posts: 458 | Thanked: 783 times | Joined on Jan 2010 @ France
#375
Originally Posted by qwerty12 View Post
Well, I was uber stupid and forgot my lock code. >.< Reflashed and I was at least able to get back into the device. But I could not get my code back (the mtd1 hack was of no use here: the code is now encrypted...).

But the libraries in charge of device locking have an interesting trait: write **** to the lock code area of where it is stored and it will be reset to 12345.

Attached is a program that will do just that. Warning: It is writing to a very critical part of the N900. I will take no responsibility whatsoever if it messes up your N900. It worked for me (i.e. I was able to reboot fine and change the code fine. Multiple times, actually. I tested quite a few times.) but I cannot ensure it will do the same for you. Use at your own risk.

It disables the autolock upon bootup, writes **** to the lock code area, brings up the control panel applet from which you MUST change it from 12345.

Run as root, prefixing it with run-standalone.sh.
Hi,

is there a way you provide the source code ?

A++
 
Posts: 502 | Thanked: 366 times | Joined on Jun 2010 @ /dev/null
#376
I don't think qwerty12 would provide source code, he hasn't done for several reverse-engineering work. Also he rage quit maemo community. His reasonings can be found here (take note of the obscene language used to mock various entities). His rant was also hardcoded into the install of that program (extended locked media player control).
__________________
 
Posts: 30 | Thanked: 1 time | Joined on Oct 2011
#377
Hi, could someone crack this for me?

root:rQ1cK3Ddx58ZA:
 
Posts: 6 | Thanked: 1 time | Joined on Nov 2011 @ Italy
#378
Hi..i'm sorry for my english, but i have a prob.

"root: :"

What can I do?
 
joerg_rw's Avatar
Posts: 2,222 | Thanked: 12,651 times | Joined on Mar 2010 @ SOL 3
#379
Originally Posted by bak89 View Post
Hi..i'm sorry for my english, but i have a prob.

"root: :"

What can I do?
I think since PR1.3 there's little you can do, Nokia changed the way lockcode gets stored. Full reflash is your only chance to reset it

/j

EDIT: scrap that. Incorrect info
__________________
Maemo Community Council member [2012-10, 2013-05, 2013-11, 2014-06 terms]
Hildon Foundation Council inaugural member.
MCe.V. foundation member

EX Hildon Foundation approved
Maemo Administration Coordinator (stepped down due to bullying 2014-04-05)
aka "techstaff" - the guys who keep your infra running - Devotion to Duty http://xkcd.com/705/

IRC(freenode): DocScrutinizer*
First USB hostmode fanatic, father of H-E-N

Last edited by joerg_rw; 2013-10-21 at 13:04.
 
Posts: 6 | Thanked: 1 time | Joined on Nov 2011 @ Italy
#380
Originally Posted by joerg_rw View Post
I think since PR1.3 there's little you can do, Nokia changed the way lockcode gets stored. Full reflash is your only chance to reset it

/j
I think the flash is not work for reset the lock code..
 
Reply

Tags
devicelock, nokia n900

Thread Tools

 
Forum Jump


All times are GMT. The time now is 18:42.