|
|
|
|
|
|
by thisismyaccoun7
2626 days ago
|
|
|
I was surprised to see him give up at having to bruteforce the password for root on ssh. That's how the community got into Mazdas, at least the 2015 I had anyway. The password was simple, jci, presumably because it was designed by Johnson Control Istruments. You think a company is going to heavily lock down an embedded system they don't expect anyone to try to access, or are they going to make the password easy so that all the techs and engineers can remember it? |
|
|
1. I believe Harman had a previous device hacked back around 2014 due to a weak shadow hash. My guess was that they learned their lesson and made the password more complex. An easy way to test would be to diff the latest shadow file in the updated Subaru images (assuming they exist) -- if it changed, you may be right, if not, I'd still wager it is strong enough.
I don't like the idea of a backdoor like that available, but it is what it is.
2. The QNX6 hashing mechanism, to the best of my knowledge, isn't fully understood. Upstream changes to JTR seem to indicate that it has some form of bug in it or isn't fully reverse-engineered. That, along with having to spend presumably a large amount of time learning about contributing to hashcat & gpu programming, made this seem like a potential dead end without massive time investment.
So, is it possible it is crackable? Almost certainly, but I'm one guy doing this and you have to spend your time carefully in these ventures.