Resetting lock code
 

Well, I was uber stupid and forgot my lock code. >.< Reflashed and I was at least able to get back into the device. But I could not get my code back (the mtd1 hack was of no use here: the code is now encrypted...).

But the libraries in charge of device locking have an interesting trait: write **** to the lock code area of where it is stored and it will be reset to 12345.

Attached is a program that will do just that. Warning: It is writing to a very critical part of the N900. I will take no responsibility whatsoever if it messes up your N900. It worked for me (i.e. I was able to reboot fine and change the code fine. Multiple times, actually. I tested quite a few times.) but I cannot ensure it will do the same for you. Use at your own risk.

It disables the autolock upon bootup, writes **** to the lock code area, brings up the control panel applet from which you MUST change it from 12345.

Run as root, prefixing it with run-standalone.sh.

Re: Resetting lock code
 

Updated. Now uses a safer method.

Re: Resetting lock code
 

Cheers qwerty - useful post - would be a shame to have it lost in the forums :) - almost needs to be in a tecky FAQ page under "I have forgotten my PIN, what do i do?" :)

Well figured out :)

Re: Resetting lock code
 

So you can actually bypass the code by typing actual asterisk ?

The old grep -A 13 lock_code /dev/mtd1 still gives 12345 but a 2nd result show up and looks as you said encrypted...
it's 13 char long so my guess is that it's simple DES.
It's also preceded by 7 bytes ... not sure what they are.

Though it must have been padded with some value as i can't seem to crack it fast for a 5 char code... Any idea what is used ? :-)

EDIT: uhm, interestingly, changing the code back to 12345 and then back to mine i get different hash.
Would the previous 7 bytes (actually it varied in size, but i'm just judging from visual chars on my terminal) just be the salt?

Re: Resetting lock code
 

Uhm, never mind, actually running the hash through john the ripper gave me my password after 7 minutes (Single core at 2.4Ghz).

So to get your password back, don't risk editing the mtd1 directly, just do this:

then put this in a file and crack it with any DES cracker... wait and enjoy :-)

As a side note (reference), this works with 1.2009.42-11.002 ... we'll see how it changes with time.

Re: Resetting lock code
 

Thank you!

I thought I was going to spend the rest of my time with the n900 dreading the day I or a friend accidentally hit the secure device button.

john ripped through that in no time!

Re: Resetting lock code
 

This thread...........

Is soooo not comforting.

Re: Resetting lock code
 

How so? Not comforting in the sense that so many people have already managed to lock themselves out of their phones or that it is reasonably easy to retrieve the device password? :D

If your worried about the latter, let me remind you that I had to reflash the phone and blasted all of the files I had on here along with all my settings and applications. So yes, someone could pinch a n900, reflash, retrieve pw, and use it... but the data would have been safely nuked into the ether.

Re: Resetting lock code
 

The fact that the encryption is so bad it takes mere minutes to crack it...

Don't get me wrong.. locking yourself out of a device sucks......... the ability to hack the device this easily... not comforting.

Re: Resetting lock code
 

Well it is DES apparently. I think that has been kind of trivial to crack for a few years. Would you rather we all ship our n900s to the Authorized Nokia Repair Center and take it in the rear in shipping and "repair" charges? Because despite being under warranty and what that sweet old lady told me on the phone I'm pretty certain they were going to end up charging me if I sent it in. I don't believe this would be covered under the warranty.

If someone has physical access to a computer the information stored on it is no longer safe, short of being in a truecrypt vault. The thief could just reformat the whole thing and sell it, start using it, or pop the hard drive in a ide/usb adapter and sift through all the precious data. At least the phone makes you jump through some slightly more challenging hoops.

Re: Resetting lock code
 

Reformat is one thing.. and I think if you lock yourself out of the device then you pretty much should be forced to wipe (as a reflash or wipe should actually reset the lock code).. thus losing data.

Take my laptop for example, I keep the hard drive encrypted. If someone steals or I lose my laptop - I don't care if they sell it off after wiping my drive so much as I don't want them getting access to my emails, phone numbers, addresses, names of all my friends, software I'm working on (since I should have backups of this anyway), etc.

If they can just plop in a Linux Live-CD and mount my drive and see everything... totally defeats the purpose of the encryption anyway.. and the option may as well not even exist. From what I'm seeing - the "security" code is nothing more than security through obscurity. You're just "hoping" they don't know they can just "crack" it like that.

This is why setting passwords for Outlook PST's or Word files are pointless... even microsoft themselves release "tools" that either remove or crack the password for PST's and word docs because so many people "Forget" their password.

..... So... what was the point again in setting one?

Re: Resetting lock code
 

Is the /dev/mtd1 drive accessible when the device is locked over mass storage or any other mode?

Also, it's not so much that DES is weak... it's that the password is only numerical and probably 5 digits. If it was alphanum and 8+ chars it would take eternity to crack for any practical purpose
(Unless you're against the NSA, in which case you shouldn't be trusting only this level of security ... well, and just hide under a rock :P)

Re: Resetting lock code
 

That Live-CD thing was meant for the laptop reference... not the N900.

I'm saying if I "encrypted" my drive and yet someone could just pull up the drive anyway.. it's futile.

Maybe considering these devices do have a keyboard... Nokia should implement a "pass phrase" instead of a PIN. Cuz you are correct.. in any algorithm of encryption a brute force of 5-number password will be easy - unless they move to some form of PKI solution.

But again.. all this just means that to me.. "securing" the device is really just to prevent my childish co-workers from setting my background to being a picture of a naked Rick Astley or sending random love texts to my contacts....

It doesn't actually make the device "secure".

Re: Resetting lock code
 

Agreed, but it's just like a login or screensaver password, it doesn't encrypt anything and is meant (or at least should be seen only as) to repel annoying behaviors from unscrupulous people.

Actually, even if the password was stronger i doubt it would secure more of the device as it's probably possible to enable some R&D mode... But like any computer, physical access is hard to secure if you don't have full encryption on.

Of course, if it had full root encryption with only a 1% battery drain hit and with the help of a specific co-processor, i'd be much more happy i guess, but that won't happen anytime soon.

And I'd rather be able to recover my password through ssh (which does ask a password too!) than have to send the device back for some security by obscurity proprietary solution from them. :-)

Re: Resetting lock code
 

maybe I'm just too dumb, but after installing rootsh, going to xterm, doing sudo gainroot and then executing run-standalone.sh.a.out gets me nothing. I have to say, that auto-lock is not on, but I do not have the lock code (warehouse deal from amazon, someone set it already).
anyone can help?

Re: Resetting lock code
 

It should be "run-standalone.sh a.out" (without quotes). If it still doesn't work, make sure you're in the right dir and post the exact error message here.

Re: Resetting lock code
 

looks like I misinterpreted prefix here :D

error message is:
/usr/bin/run-standalone.sh: line 11: a.out: Permission denied

so I thought about: chmod +x a.out, but I cannot change rights...

edit: it's been a long time since I used a shell on linux... just made a copy with root and done ;) works great!

Re: Resetting lock code
 

GUys.... i have lost my lock code. please since im not a pro in technologhy, tell me how to get back in my device, i dont want to know my pasword, just want to get in. how do i flash it?

Re: Resetting lock code
 

zikmir, you were directed to this thread from this other thread http://talk.maemo.org/showthread.php?t=35998 so you could know how to recover your lock code without having to reflash your device. Then, why are you still asking how to reflash it?

So if you are still interested in recovering your lock code without reflashing, and only if you had installed an openssh server in your N900 so you can remotely access it from your PC, then please read comment #5 of this thread, get your encoded code, transfer it to your PC (scp) and feed it to a DES decoder. A Google search will show you a plenty of linux/windows/mac DES decoders.

Otherwise, if you insist reflasing your device read here or you don't have openssh installed in your N900, presumably then look at this:

http://wiki.maemo.org/Updating_the_tablet_firmware (though you should have been able to find this info by yourself searching the forums, as this has been posted several times)

Good luck.

Re: Resetting lock code
 

is there any way you can put these instruction in a dummy format. for some reason the default code does not work on my n900. i sent it to nokia =( they reflashed it but the code still does not work please help out a fellow noob n900 owner thank you

Re: Resetting lock code
 

How does one lose their lock code? I mean... umm... no, still don't get it. I have auto-lock set to 1hr, and use the lock code quite a few times a day so it is fresh on my memory. When talking about lost lock code, does this mean it is forgotten? I know this might be stupid question, but if the case is so, why not talk about forgetting the lock code.

And, yeah, I agree that the lock code is not securing anything, it's like the screensaver passwd. But that is enough for me. Not intending to lose the device :)

Re: Resetting lock code
 

I had this problem as well, that the N900 default code did not work.
Guess its due to the fact I bought it second hand.

Anyway, this is what I did and you should do in five steps!

1: First of all, we need to get into the device. Lets ssh into it!
Install the ssh's client and server. Now ssh into it with a ssh client for your OS. The user to use is: root

2: Now you should be inside your N900 device, once there we want to get the so called DES hash of the password.

Now you get a output something like this:
root:63NCRYqE75Us0:

3: Copy the output and put it in a file on your computer, named: old_maemo_lock_code

4: Make a search for John the ripper and install it.

5: Open up a terminal and write:
There, now just wait 5-10 minutes :)
Thanks to however wrote the post with grep part above! :cool:

Re: Resetting lock code
 

Try adding -i:digits to speed it up:

Since the code is just numbers, there's no need to go through all alphanumerics. Took 1 second to crack the code with my 1.6 GHz Atom 330.

Re: Resetting lock code
 

I got this:
Can someone decrypt it for me please? I'm getting an access denied on john the ripper. Thanks.

Re: Resetting lock code
 

Never mind, I got it. I uninstalled my stupid antivirus.

Re: Resetting lock code
 

Hi,
I REALLY need some help here! Try to follow your recomended steps but getting stuck at the very first one. I downloaded putty and winscp and tried to SSH but what the hell is hostname and how do I get the hostname of my N900?
any help will be appreciated.

Re: Resetting lock code
 

You don't necessarily have to use those, you could just save it to a file in MyDocs first:

Then use the usb cable and copy the file old_lockcode from the device and invoke john the ripper on it as instructed. You could also simply copy&paste the code to pastebin.com or such with the n900 and then copy&paste it again to a file on a computer to avoid messing with the cable.

Re: Resetting lock code
 

Hi All, Sorry for asking, but.....
My N900 had the USB HW failure. I got a new phone from Nokia, and after restoring the backup, I forgot the lock code. When I tried danielpublic's solution above, I had multiple problems: The SCP ssh client is loaded only on my computer. It asks for a Host name before attempting to connect. What is the host name to use?

I decided maybe I need to flash the FW, to get a SSH client on the phone first... The flasher-3.5 asks for permossion to continu when I run it from teh cmd prompt, but ten after a brief fleah of another cmd screen,does nothing.....

I then tried the Nokia SW updater (even though since the phone just came from Nokia and likely has the latest FW) but it could not even connect, even though the computer sees the phone as a USB device and even opens up the phone in explorer.

My questions:
1. Is there a way to get the lock code from the phone backup?
2. Do you need to have the ssh client on the phone to use the above method?
3. What could cause the flasher to not run the flash? I was expecting some indcation that the flash was proceeding.

Re: Resetting lock code
 

The lock code isn't backed up/restored (but the setting to use it is, leading to confusion). On a new device the default lock code ("12345") should work.

Re: Resetting lock code
 

The default lock code also did not work (tried that as soon as the lock code showed up after restoring data). Maybe the phone was a return or refurb an has another lock code?

Re: Resetting lock code
 

I suppose, but that would be very sloppy of Nokia :-( It sounds like the only way out is to reflash in order to disable the device lock settings, and not enable it or restore a backup until you've found out what the lock code is and/or changed it.

See http://wiki.maemo.org/Updating_the_firmware for flashing instructions, and make sure you hold down the U key while powering up the N900 to set it to flashing mode.

Re: Resetting lock code
 

On the topic of John the ripper... I have tried recovering passwords and i cant seem to make the program actually find the password... It was a Win NT Hash like this... 8C4F19105CE0F33EB958470418905193 Lol does anyone know how to crack it? :P

Re: Resetting lock code
 

Gave up. Phone off to Nokia again. thanks for the input.

Re: Resetting lock code
 

Hey right nw my mobile is passcode locked and therefore I am not able to access d Device also ! So where do I write the above commands ? As I am unable to access it frm ssh also bcz I don't have host name ! Moreovr I don't rrembr installing the ssh in my 900. So please( if thee ssh doesn't wrk) is there anyother way to reset d passwrd widt losing d data !

Re: Resetting lock code
 

How do i write " | " in n900 cant seem to find the symbol

Re: Resetting lock code
 

Press Fn (the blue arrow key) + Ctrl together to bring up the extra characters palette, or use the virtual keyboard.

Re: Resetting lock code
 

ok guys , after not getting any response from here (and other forums) i gave my n900 to Nokia care (India, chrgd me arnd $7,INR 333), and surprisingly they unlocked my mobile widt losing my data (contat, notes call records,txts, pics vids,music) but my apps are gone !so its kinda soft reset !
But anyway , this means that there is definately a soln to unlock ur mobile without actually hard resetting it and losing all your precious data !
SO, The purpose of this post is to avoid ppl (who hace mistakenly locked/ secured their device and dont know the password and are about to hard reset it ! ) hard resetting the phone and losing their data BCAUSE THERE IS METHOD TO SOFT RESET YOUR PHONE AND RESET THE LOCK CODE OR JUST MAKE UR PHONE WRK AND AVOID LOSING YOUR DATA
! unfortunately i dont know the method, So please let us share wat can be the possible soln (if any1 have any idea or had experienced the same ! )
Though m still not able to change my lock code , but m gonna try the method stated here, which i suppose will let me reset the code.
Cheers
Vish

Re: Resetting lock code
 

Sounds like a rootfs reflash (and you probably still have old app leftovers under /opt).

There almost certainly is some way to write to the config partition, but it would involve software and possibly cables that mere mortals don't have access to.

Re: Resetting lock code
 

cables we already have and software we can easily get , as i remeber that nokia person was telling me to wait as he was downloading a flasher for it !

Re: Resetting lock code
 

hi qwerty i was wondering if you could tell me how i run this program you have posted on my device step by step. i tried to run the "run-standalone.sh a.out" but i get the error not found. i assume im not saving the file in the right place could you please advise
thank you :D