Fun fact
This commit is contained in:
parent
da0fa3fd73
commit
2769a127f1
29
Readme.md
29
Readme.md
@ -365,3 +365,32 @@ By finding a vulnerability in a Merchant App, in `libosal.so` or in one in the k
|
|||||||
|
|
||||||
## Reporting
|
## Reporting
|
||||||
I tried contacting several times PAX Global via email and never got a reply related to anything: neither about the security vulneabilities, neither on inquiries about the source code fot the GPL licensed software (Linux/U-Boot).
|
I tried contacting several times PAX Global via email and never got a reply related to anything: neither about the security vulneabilities, neither on inquiries about the source code fot the GPL licensed software (Linux/U-Boot).
|
||||||
|
|
||||||
|
## Fun fact
|
||||||
|
I had issues understanding the `shadow` password format:
|
||||||
|
```
|
||||||
|
root:vCTc/8H/1/QoEXNamPGzhVGar/:0:0:99999:7:::
|
||||||
|
system:!/hEAV1:0:0:99999:7:::
|
||||||
|
hwdev:!.:0:0:99999:7:::
|
||||||
|
ped:!/:0:0:99999:7:::
|
||||||
|
SUBAPP:!:0:0:99999:7:::
|
||||||
|
MAINAPP:.olBn7f02Wgf.:0:0:99999:7:::
|
||||||
|
```
|
||||||
|
|
||||||
|
Until I found how that file is being generated (`/startup/data-skeleton.sh`):
|
||||||
|
|
||||||
|
```
|
||||||
|
[..]
|
||||||
|
/bin/cat << EOD > /data/etc/shadow
|
||||||
|
root:$1$9vCTc/8H$lRt/1/QoEXNamPGzhVGar/:0:0:99999:7:::
|
||||||
|
system:!$1$phzwtsL4$Qso0Z3H5eqoSUXwQ/hEAV1:0:0:99999:7:::
|
||||||
|
hwdev:!$1$jDG2WeUj$uM3mIyvZ1rkd11J7izXt6.:0:0:99999:7:::
|
||||||
|
ped:!$1$ZMsJtrjO$ibuMCiJvuyxQnrpkdptup/:0:0:99999:7:::
|
||||||
|
SUBAPP:!$1$gJUpez2c$U0Qv9IyoUAgD5cTSumbKB0:0:0:99999:7:::
|
||||||
|
MAINAPP:$1$wsdZqcgf$zD5mTBbZs.olBn7f02Wgf.:0:0:99999:7:::
|
||||||
|
EOD
|
||||||
|
/bin/chmod 0640 /data/etc/shadow
|
||||||
|
[..]
|
||||||
|
```
|
||||||
|
|
||||||
|
...
|
Loading…
Reference in New Issue
Block a user