|
|
@@ -364,4 +364,33 @@ The graphic interface library is `libxui.so`.
|
|
|
By finding a vulnerability in a Merchant App, in `libosal.so` or in one in the kernel drivers a remote attack via a payment vector is theoretically possible. Unfortunately, due to the lack of second hand production PoS in the used market, I'm unable to get a test device with a working Merchant App unless I open a contract with a bank (which I don't want to). If anyone has contacts or is willing to provide one, or need assistance for futher research drop me an email or a tweet.
|
|
|
|
|
|
## Reporting
|
|
|
-I tried contacting several times PAX Global via email and never got a reply related to anything: neither about the security vulneabilities, neither on inquiries about the source code fot the GPL licensed software (Linux/U-Boot).
|
|
|
+I tried contacting several times PAX Global via email and never got a reply related to anything: neither about the security vulneabilities, neither on inquiries about the source code fot the GPL licensed software (Linux/U-Boot).
|
|
|
+
|
|
|
+## Fun fact
|
|
|
+I had issues understanding the `shadow` password format:
|
|
|
+```
|
|
|
+root:vCTc/8H/1/QoEXNamPGzhVGar/:0:0:99999:7:::
|
|
|
+system:!/hEAV1:0:0:99999:7:::
|
|
|
+hwdev:!.:0:0:99999:7:::
|
|
|
+ped:!/:0:0:99999:7:::
|
|
|
+SUBAPP:!:0:0:99999:7:::
|
|
|
+MAINAPP:.olBn7f02Wgf.:0:0:99999:7:::
|
|
|
+```
|
|
|
+
|
|
|
+Until I found how that file is being generated (`/startup/data-skeleton.sh`):
|
|
|
+
|
|
|
+```
|
|
|
+[..]
|
|
|
+/bin/cat << EOD > /data/etc/shadow
|
|
|
+root:$1$9vCTc/8H$lRt/1/QoEXNamPGzhVGar/:0:0:99999:7:::
|
|
|
+system:!$1$phzwtsL4$Qso0Z3H5eqoSUXwQ/hEAV1:0:0:99999:7:::
|
|
|
+hwdev:!$1$jDG2WeUj$uM3mIyvZ1rkd11J7izXt6.:0:0:99999:7:::
|
|
|
+ped:!$1$ZMsJtrjO$ibuMCiJvuyxQnrpkdptup/:0:0:99999:7:::
|
|
|
+SUBAPP:!$1$gJUpez2c$U0Qv9IyoUAgD5cTSumbKB0:0:0:99999:7:::
|
|
|
+MAINAPP:$1$wsdZqcgf$zD5mTBbZs.olBn7f02Wgf.:0:0:99999:7:::
|
|
|
+EOD
|
|
|
+/bin/chmod 0640 /data/etc/shadow
|
|
|
+[..]
|
|
|
+```
|
|
|
+
|
|
|
+...
|
