HOWTO: Change 'alpine' (root's password for 1.1.3 and 1.1.4)

Discussion in 'iPod touch' started by ketanitem, Mar 7, 2008.

Thread Status:
Not open for further replies.
  1. ketanitem

    ketanitem New Member

    Joined:
    Jan 30, 2008
    Messages:
    50
    Likes Received:
    0
    Device:
    2G iPod touch
    HOWTO: Change 'alpine' (root's password for 1.1.3/1.1.4) -Now with Installer (repo)

    CHANGE YOUR ROOT PASSWORD!

    I thought I'd share this with everybody here, since I stil do not see any update on how to do it after having a broken password program ever since we install the BSD Subsystem 2.x, well I've been using this method since the first time I got my 16GB iPhone (1.1.3 OOTB). It works with iPod as well.

    If you don't want to be bothered by all the technical details, there is a very easy solution in part C and D for the easiest solution.


    So, here we go:

    A. Prologue

    Basically password structure in iPhone/iPod is a UNIX password with the crypt or DES algorithm. Crypt requires you to supply salt key (2 characters) and text password (8 characters), which will then yield 11 characters password.

    If you like to take a look at what alpine is represented in your iPhone or iPod, check the content of your /etc/mater.passwd:

    # grep "^root" /etc/master.passwd

    and we'll see:
    root:/smx7MYTQIi2M:0:0::0:0:System Administrator:/var/root:/bin/sh
    You'll see the bold characters, and that's the encrypted root's password with /s as the salt key.

    Now, it's a matter of finding the right tools to change this, lucky for Mac and Unix users, since crypt is a already present there.

    So, this is an example of how Mac can benefit from this, use the command bellow to generate the exact same code for alpine (for the purpose of testing):

    Code:
    openssl passwd -crypt -salt /s alpine

    and this will result the same encrypted 'alpine' (
    /smx7MYTQIi2M)

    BTW, the /usr/bin/passwd that comes with BSD is broken in the way that it tries to update the /etc/passwd instead of /etc/master.passwd, while actually /etc/passwd itsef is just a list of user and needed to be there for the compatibility with BSD 4.3.

    I just don't understand why BSD Subsystem comes with this broken passwd program.

    B. Time to change the password (the not so easy way)!

    As mentioned in part A, there are two files that need to be put under attention (etc/passwd dan /etc/master.passwd)

    File /etc/passwd (owner root:wheel, mode 0644) contains list of user and it's home directory as well as the default shell, here's the standard content:

    Code:
    ##
    # User Database
    #
    # Note that this file is consulted when the system is running in single-user
    # mode.  At other times this information is handled by one or more of:
    # lookupd DirectoryServices
    # By default, lookupd gets information from NetInfo, so this file will
    # not be consulted unless you have changed lookupd's configuration.
    # This file is used while in single user mode.
    #
    # To use this file for normal authentication, you may enable it with
    # /Applications/Utilities/Directory Access.
    ##
    nobody:*:-2:-2:Unprivileged User:/:/usr/bin/false
    root:*:0:0:System Administrator:/var/root:/bin/sh
    mobile:*:501:501:Mobile User:/var/mobile:/bin/sh
    daemon:*:1:1:System Services:/var/root:/usr/bin/false
    unknown:*:99:99:Unknown User:/var/empty:/usr/bin/false
    _securityd:*:64:64::0:0:securityd:/var/empty:/usr/bin/false
    
    While /etc/master.passwd (owner root:wheel, mode 0600) contains user and it's password

    Code:
    ##
    # User Database
    #
    # Note that this file is consulted when the system is running in single-user
    # mode.  At other times this information is handled by lookupd.  By default,
    # lookupd gets information from NetInfo, so this file will not be consulted
    # unless you have changed lookupd's configuration.
    ##
    nobody:*:-2:-2::0:0:Unprivileged User:/var/empty:/usr/bin/false
    root:/smx7MYTQIi2M:0:0::0:0:System Administrator:/var/root:/bin/sh
    mobile:/smx7MYTQIi2M:501:501::0:0:Mobile User:/var/mobile:/bin/sh
    daemon:*:1:1::0:0:System Services:/var/root:/usr/bin/false
    unknown:*:99:99::0:0:Unknown User:/var/empty:/usr/bin/false
    _securityd:*:64:64::0:0:securityd:/var/empty:/usr/bin/false
    
    Notice that root and mobile has the same password, don't worry we just need to change the root's password.

    Just for example we need to change the password into goldsand, so the password (assuming we are still using the same saltkey which is /s):

    then issue this:

    Code:
    openssl passwd -crypt -salt "/s" goldsand
    and result will be /sFmD69oBR.io
    Now you need to replace this line (in /etc/master.passwd)
    from
    Code:
    root:/smx7MYTQIi2M:0:0::0:0:System Administrator:/var/root:/bin/sh
    
    into
    Code:
    root:/sFmD69oBR.io:0:0::0:0:System Administrator:/var/root:/bin/sh
    
    If you know how to use vi then it's an easy update through SSH, but if you're not, then I'd suggest to copy /etc/master.passwd into your local pc/mac using sftp or winscp, edit the line above and copy back to /etc/master.passwd in your iPhone/iPod

    Check the password by logging in through vt100, and see that your old password is changed!

    DONE!

    ** WARNING: Use this carefully, do not miss the steps, or you' ll be faced with the famous ring of death that will require you to restore your iPod or iPhone (you've been warned!)

    C. Time to change the password (the easy way)!

    The updated passwd program here is extracted from Cydia Packager (from Saurik, check http://www.saurik.com/id/1), while I don't use Cydia itself since I still find default Installer more useful... at least until now.

    Let me know Saurik! If you don't want me to post this, I'll have this removed. Just want to share with the community.

    I put the passwd program here: http://[PIRACY.rs].com/files/97775371/kpasswd.zip

    Code:
    password: ketanitem
    Detail instruction can be found there.

    But for you the impatience, I'll copy it here:

    To copy, you can either use winscp (windows) or sftp (Mac), I will only address sftp here, but winscp users will get the idea.

    # sftp root@[ip_address_of_iphone_ipod]
    sftp> cd /usr/bin
    sftp> put passwd

    Login through vt100 app in your iPhone/iPod or do ssh/putty to the ip address of you iPhone/iPod and go into the /usr/bin/ directory
    # cd /usr/bin
    # ls -al passwd

    Make sure the ownership is root and group is wheel, if it's not that, issue this command:
    # chown root:wheel passwd

    Also make sure the file mode is -rwx-r-x-r-x, if it's not there just issue this:
    # chmod 755 passwd

    To change password, just execute this through your vt100 or ssh session:
    # passwd root

    D. Use Installer source (easiest way!!)
    Just add to your installer source: http://ketanitem2000.googlepages.com/repo.xml


    ENJOY!!
  2. Kimcha

    Kimcha New Member

    Joined:
    Nov 4, 2007
    Messages:
    16
    Likes Received:
    0
    Lol just add apptapp.saurik.com to your sources and install Cydia Packager and Fake BSD SUbsystem. This will install a BSD Subsystem replacement and a REAL package manager (Debian APT). A working passwd included.
  3. ketanitem

    ketanitem New Member

    Joined:
    Jan 30, 2008
    Messages:
    50
    Likes Received:
    0
    Device:
    2G iPod touch
    Of course you have the choice, but this came before cydia is there. And besides cydia is not for me or for some. I have mentioned before that old Imstaller works best for me.
  4. starkruzr

    starkruzr New Member

    Joined:
    Oct 14, 2007
    Messages:
    12
    Likes Received:
    0
    For me, Cydia broke several things related to permissions. Installer.app would fail when it tried to install applications -- any applications -- with a "script failed" error. I had to launch it from the commandline as root.
  5. ketanitem

    ketanitem New Member

    Joined:
    Jan 30, 2008
    Messages:
    50
    Likes Received:
    0
    Device:
    2G iPod touch
  6. ketanitem

    ketanitem New Member

    Joined:
    Jan 30, 2008
    Messages:
    50
    Likes Received:
    0
    Device:
    2G iPod touch
  7. kerio

    kerio New Member

    Joined:
    Jun 19, 2008
    Messages:
    4
    Likes Received:
    0
    the repository isn't working, but the zip file worked flawlessly

    thank you!
  8. P0150N0U5 F15)-(

    P0150N0U5 F15)-( Banned

    Joined:
    Dec 21, 2007
    Messages:
    852
    Likes Received:
    7
    Well done with the guide, but is the password change really needed?
  9. kerio

    kerio New Member

    Joined:
    Jun 19, 2008
    Messages:
    4
    Likes Received:
    0
    well, if you don't change the password and/or you don't disable the ssh server, anytime you connect to a network someone could get root access trying alpine or dottie (for different versions of the firmware)
  10. BroadStBullies

    BroadStBullies Well-Known Member

    Joined:
    Dec 15, 2007
    Messages:
    2,007
    Likes Received:
    26
    Device:
    2G iPod touch
    Awesome. Now no one knows my password. HAHAHHA
Thread Status:
Not open for further replies.

Share This Page