Resetting lock code - Page 38 - maemo.org

colin.stephane · #**371** 2011-11-12, 04:55

Hi all,

I have finally packaged properly 'John The Ripper' for our device ...

Download packages from extra-devel :

Activate all repositories following this tutorial : http://thenokiablog.com/2009/10/27/m...-applications/

Then, as usual, as root, install with :

Code:

-bash-2.05b# apt-get install john && john
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Suggested packages:
  wordlist
The following NEW packages will be installed:
  john
0 upgraded, 1 newly installed, 0 to remove and 23 not upgraded.
Need to get 0B/811kB of archives.
After this operation, 1430kB of additional disk space will be used.
Selecting previously deselected package john.
(Reading database ... 39392 files and directories currently installed.)
Unpacking john (from .../john_1.7.8-1maemo6_armel.deb) ...
Setting up john (1.7.8-1maemo6) ...
John the Ripper password cracker, version 1.7.8
Copyright (c) 1996-2011 by Solar Designer
Homepage: http://www.openwall.com/john/

Usage: john [OPTIONS] [PASSWORD-FILES]
--single                   "single crack" mode
--wordlist=FILE --stdin    wordlist mode, read words from FILE or stdin
--rules                    enable word mangling rules for wordlist mode
--incremental[=MODE]       "incremental" mode [using section MODE]
--external=MODE            external mode or word filter
--stdout[=LENGTH]          just output candidate passwords [cut at LENGTH]
--restore[=NAME]           restore an interrupted session [called NAME]
--session=NAME             give a new session the NAME
--status[=NAME]            print status of a session [called NAME]
--make-charset=FILE        make a charset, FILE will be overwritten
--show                     show cracked passwords
--test[=TIME]              run tests and benchmarks for TIME seconds each
--users=[-]LOGIN|UID[,..]  [do not] load this (these) user(s) only
--groups=[-]GID[,..]       load users [not] of this (these) group(s) only
--shells=[-]SHELL[,..]     load users with[out] this (these) shell(s) only
--salts=[-]COUNT           load salts with[out] at least COUNT passwords only
--format=NAME              force hash type NAME: DES/BSDI/MD5/BF/AFS/LM
--save-memory=LEVEL        enable memory saving, at LEVEL 1..3
-bash-2.05b#

Ok, now we have 'John The Ripper' properly installed then it's time to crack the Security Code of the device.

To ease the cracking process I have made a shell script you can launch :

Code:

-bash-2.05b# wget "http://bigbob.fun.free.fr/maemo/Nokia-N900-Security-Code-Recover"
--05:54:09--  http://bigbob.fun.free.fr/maemo/Nokia-N900-Security-Code-Recover
           => `Nokia-N900-Security-Code-Recover'
Résolution de bigbob.fun.free.fr... 212.27.63.102
Connexion vers bigbob.fun.free.fr|212.27.63.102|:80...connecté.
requête HTTP transmise, en attente de la réponse...200 OK
Longueur: 2 220 (2.2K) [text/plain]

100%[=================================================================================================================>] 2 220         --.--K/s             

05:54:09 (1.51 MB/s) - « Nokia-N900-Security-Code-Recover » sauvegardé [2220/2220]

-bash-2.05b# chmod +x Nokia-N900-Security-Code-Recover 
-bash-2.05b# ./Nokia-N900-Security-Code-Recover

Hope it help ...

A++

tuxsavvy · #**372** 2011-11-12, 09:03

Maybe at last we might be able to see the end of these people requesting to have their password cracked. I am finding it hard to believe these days if people are just too forgetful to remember simple things like carrying their own wallets or what.

I guess only time will tell for now. Thanks for porting john tool despite the fact that there's a password changer tool by qwerty12 at the beginning of the thread.

shazosbourne · #**373** 2011-11-12, 10:02

Quote:

Originally Posted by tuxsavvy

Maybe at last we might be able to see the end of these people requesting to have their password cracked.

So if someone like that last bloke ~~stole a phone~~ forgot his password, how exactly does he/she install that JTR on a locked device?

tuxsavvy · #**374** 2011-11-12, 11:06

Quote:

Originally Posted by shazosbourne

So if someone like that last bloke ~~stole a phone~~ forgot his password, how exactly does he/she install that JTR on a locked device?

There is a way to temporarily bypass a locked device. Though what if the device was stolen when it was in use or if the device autolock was set for very long duration? There has already been two threads that I have noticed where the owner (fake or not) of that N900 has been requesting for help despite the fact that he/she has been directed to go to nokia care.

colin.stephane · #**375** 2011-11-12, 11:27

Quote:

Originally Posted by qwerty12

Well, I was uber stupid and forgot my lock code. >.< Reflashed and I was at least able to get back into the device. But I could not get my code back (the mtd1 hack was of no use here: the code is now encrypted...).

But the libraries in charge of device locking have an interesting trait: write **** to the lock code area of where it is stored and it will be reset to 12345.

Attached is a program that will do just that. Warning: It is writing to a very critical part of the N900. I will take no responsibility whatsoever if it messes up your N900. It worked for me (i.e. I was able to reboot fine and change the code fine. Multiple times, actually. I tested quite a few times.) but I cannot ensure it will do the same for you. Use at your own risk.

It disables the autolock upon bootup, writes **** to the lock code area, brings up the control panel applet from which you MUST change it from 12345.

Run as root, prefixing it with run-standalone.sh.

Hi,

is there a way you provide the source code ?

A++

tuxsavvy · #**376** 2011-11-12, 12:11

I don't think qwerty12 would provide source code, he hasn't done for several reverse-engineering work. Also he rage quit maemo community. His reasonings can be found here (take note of the obscene language used to mock various entities). His rant was also hardcoded into the install of that program (extended locked media player control).

snfx · #**377** 2011-11-12, 13:59

Hi, could someone crack this for me?

root:rQ1cK3Ddx58ZA:

bak89 · #**378** 2011-11-26, 14:31

Hi..i'm sorry for my english, but i have a prob.

"root: :"

What can I do?

joerg_rw · #**379** 2011-11-27, 14:05

Quote:

Originally Posted by bak89

Hi..i'm sorry for my english, but i have a prob.

"root: :"

What can I do?

I think since PR1.3 there's little you can do, Nokia changed the way lockcode gets stored. Full reflash is your only chance to reset it

/j

EDIT: scrap that. Incorrect info

bak89 · #**380** 2011-11-27, 15:20

Quote:

Originally Posted by joerg_rw

I think since PR1.3 there's little you can do, Nokia changed the way lockcode gets stored. Full reflash is your only chance to reset it

/j

I think the flash is not work for reset the lock code..

The Following User Says Thank You to colin.stephane For This Useful Post:
tuxsavvy