maemo.org - Talk

maemo.org - Talk (https://talk.maemo.org/index.php)
-   Maemo 5 / Fremantle (https://talk.maemo.org/forumdisplay.php?f=40)
-   -   Resetting lock code (https://talk.maemo.org/showthread.php?t=37808)

qwerty12 2009-12-20 00:35

Resetting lock code
 
1 Attachment(s)
Well, I was uber stupid and forgot my lock code. >.< Reflashed and I was at least able to get back into the device. But I could not get my code back (the mtd1 hack was of no use here: the code is now encrypted...).

But the libraries in charge of device locking have an interesting trait: write **** to the lock code area of where it is stored and it will be reset to 12345.

Attached is a program that will do just that. Warning: It is writing to a very critical part of the N900. I will take no responsibility whatsoever if it messes up your N900. It worked for me (i.e. I was able to reboot fine and change the code fine. Multiple times, actually. I tested quite a few times.) but I cannot ensure it will do the same for you. Use at your own risk.

It disables the autolock upon bootup, writes **** to the lock code area, brings up the control panel applet from which you MUST change it from 12345.

Run as root, prefixing it with run-standalone.sh.

qwerty12 2009-12-20 16:18

Re: Resetting lock code
 
Updated. Now uses a safer method.

noobmonkey 2009-12-20 16:42

Re: Resetting lock code
 
Quote:

Originally Posted by qwerty12 (Post 435378)
Updated. Now uses a safer method.

Cheers qwerty - useful post - would be a shame to have it lost in the forums :) - almost needs to be in a tecky FAQ page under "I have forgotten my PIN, what do i do?" :)

Well figured out :)

R-R 2009-12-20 16:49

Re: Resetting lock code
 
So you can actually bypass the code by typing actual asterisk ?

The old grep -A 13 lock_code /dev/mtd1 still gives 12345 but a 2nd result show up and looks as you said encrypted...
it's 13 char long so my guess is that it's simple DES.
It's also preceded by 7 bytes ... not sure what they are.

Though it must have been padded with some value as i can't seem to crack it fast for a 5 char code... Any idea what is used ? :-)

EDIT: uhm, interestingly, changing the code back to 12345 and then back to mine i get different hash.
Would the previous 7 bytes (actually it varied in size, but i'm just judging from visual chars on my terminal) just be the salt?

R-R 2009-12-20 17:03

Re: Resetting lock code
 
Uhm, never mind, actually running the hash through john the ripper gave me my password after 7 minutes (Single core at 2.4Ghz).

So to get your password back, don't risk editing the mtd1 directly, just do this:

Code:

echo root:$(grep -A 13 lock_code /dev/mtd1|tail -1):
then put this in a file and crack it with any DES cracker... wait and enjoy :-)

As a side note (reference), this works with 1.2009.42-11.002 ... we'll see how it changes with time.

arpwatch 2009-12-22 04:55

Re: Resetting lock code
 
Quote:

Originally Posted by R-R (Post 435433)
Uhm, never mind, actually running the hash through john the ripper gave me my password after 7 minutes (Single core at 2.4Ghz).

So to get your password back, don't risk editing the mtd1 directly, just do this:

Code:

echo root:$(grep -A 13 lock_code /dev/mtd1|tail -1):
then put this in a file and crack it with any DES cracker... wait and enjoy :-)

As a side note (reference), this works with 1.2009.42-11.002 ... we'll see how it changes with time.

Thank you!

I thought I was going to spend the rest of my time with the n900 dreading the day I or a friend accidentally hit the secure device button.

john ripped through that in no time!

fatalsaint 2009-12-22 05:49

Re: Resetting lock code
 
This thread...........

Is soooo not comforting.

arpwatch 2009-12-22 06:00

Re: Resetting lock code
 
Quote:

Originally Posted by fatalsaint (Post 437177)
This thread...........

Is soooo not comforting.

How so? Not comforting in the sense that so many people have already managed to lock themselves out of their phones or that it is reasonably easy to retrieve the device password? :D

If your worried about the latter, let me remind you that I had to reflash the phone and blasted all of the files I had on here along with all my settings and applications. So yes, someone could pinch a n900, reflash, retrieve pw, and use it... but the data would have been safely nuked into the ether.

fatalsaint 2009-12-22 06:01

Re: Resetting lock code
 
The fact that the encryption is so bad it takes mere minutes to crack it...

Don't get me wrong.. locking yourself out of a device sucks......... the ability to hack the device this easily... not comforting.

arpwatch 2009-12-22 14:50

Re: Resetting lock code
 
Well it is DES apparently. I think that has been kind of trivial to crack for a few years. Would you rather we all ship our n900s to the Authorized Nokia Repair Center and take it in the rear in shipping and "repair" charges? Because despite being under warranty and what that sweet old lady told me on the phone I'm pretty certain they were going to end up charging me if I sent it in. I don't believe this would be covered under the warranty.

If someone has physical access to a computer the information stored on it is no longer safe, short of being in a truecrypt vault. The thief could just reformat the whole thing and sell it, start using it, or pop the hard drive in a ide/usb adapter and sift through all the precious data. At least the phone makes you jump through some slightly more challenging hoops.


All times are GMT. The time now is 23:35.

vBulletin® Version 3.8.8