06-13-2014, 07:08 PM | #1 |
Member
Posts: 22
Karma: 10
Join Date: Jun 2014
Device: Onyx BOOX M92 (broken), Kobo Aura HD (stolen), Kobo Aura H2O 2nd ed.
|
Dropbear SSH preinstalled: new way to access? (false alarm)
Hi,
I've seen (using nmap) that on my new Kobo Aura HD there's Dropbear SSH running on 2222 by default, without doing any kind of hack. Why is it running? It is something related with the Windows/MacOS client? Is there any key allowed? Could it be a security issue? This could also be another way to get a remote console: just a simple fake Kobo upgrade tgz containing a public key appended to /.ssh/allowed_keys (or maybe /root/.ssh/...). What do you think about it? Update: no sign of Dropbear preinstalled; it was just an error caused from Kobo way to manage your default wifi network connection Last edited by frafra; 06-14-2014 at 12:04 PM. |
06-14-2014, 10:29 AM | #2 |
Member
Posts: 22
Karma: 10
Join Date: Jun 2014
Device: Onyx BOOX M92 (broken), Kobo Aura HD (stolen), Kobo Aura H2O 2nd ed.
|
No one interested in?
I will leave a couple of tips for who wants to play with it. I've installed dropbear and created a new key. I've tried to add my new public key to /.ssh/authorized_keys and /root/.ssh/authorized_keys but it doesn't work (dbclient still asks for root password, pubkey login doesn't work). Maybe dropbear is configured to work just as a client? Why does it runs in background listening for open connections? It looks like a backdoor. |
Advert | |
|
06-14-2014, 11:17 AM | #3 |
Grand Sorcerer
Posts: 12,659
Karma: 74532212
Join Date: Nov 2007
Location: Toronto
Device: Libra H2O, Libra Colour
|
What f/w is your Aura HD running? I've seen NO sign of dropbear on any of my devices....
Also I don't see any sign of port 2222 being open Last edited by PeterT; 06-14-2014 at 11:20 AM. |
06-14-2014, 11:58 AM | #4 |
Member
Posts: 22
Karma: 10
Join Date: Jun 2014
Device: Onyx BOOX M92 (broken), Kobo Aura HD (stolen), Kobo Aura H2O 2nd ed.
|
Sorry PeterT, you're right, I was scanning another device
I was betrayed from the way Kobo manages wifi connections: you can have wifi on, but you're not connected to your default network until you open your browser. So, fortunately, no ssh backdoor, and I learnt something new about my 1-day old Kobo By the way, this raises another question: do you know which command or script Kobo uses to bring up the default wifi network? |
06-14-2014, 12:26 PM | #5 |
Grand Sorcerer
Posts: 12,659
Karma: 74532212
Join Date: Nov 2007
Location: Toronto
Device: Libra H2O, Libra Colour
|
A great technique for learning more about the f/w on the devices is to download one of them to your PC. Look in the Direct Links to Kobo Firmware thread and download one of the zip files (in your case probably http://download.kobobooks.com/firmwa...date-3.3.1.zip ).
Then on your PC, open the zip file and expand the tgz file; this is the majority of the code for the device. |
Advert | |
|
06-14-2014, 03:07 PM | #6 |
Member
Posts: 22
Karma: 10
Join Date: Jun 2014
Device: Onyx BOOX M92 (broken), Kobo Aura HD (stolen), Kobo Aura H2O 2nd ed.
|
Thank you PeterT
I figured out how to dump the whole internal microsd without using another one (see thread) because I understood a bit more regarding how networking works on Kobo and how the system boots |
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Ssh/telnet access over 3G? | lolcat | Kindle Developer's Corner | 12 | 02-21-2011 11:56 AM |
SSH keys with dropbear? | enn | Kindle Developer's Corner | 2 | 10-07-2010 12:54 AM |
iLiad PC and iliad together: ssh? dropbear? | daudi | iRex Developer's Corner | 10 | 01-13-2008 09:47 AM |
iLiad dropbear ssh: how to change root password? | daudi | iRex Developer's Corner | 2 | 01-10-2008 04:49 PM |
iLiad How do I get ssh access to my 2.7.1 iLiad? | narve | iRex Developer's Corner | 3 | 11-28-2006 05:59 PM |