ArcadeProjects Posted July 4, 2021 Share Posted July 4, 2021 (edited) Please enjoy this simple way to maintain persistent root on an Atari VCS 800. https://github.com/ArcadeHustle/AtariVCSroot https://github.com/ArcadeHustle/AtariVCSroot/raw/main/atarivcs.sh Edited July 4, 2021 by ArcadeProjects 1 3 Quote Link to comment Share on other sites More sharing options...
ArcadeProjects Posted July 5, 2021 Author Share Posted July 5, 2021 On 6/1/2021 at 5:29 PM, 0_obeWAN said: For what I see (structure system), maybe hope come from https://www.apertis.org/ community (I don't know it) where AtariOS seems to com from This will allow you to have a persistent root shell on the running Apertis system. It exploits the OverlayFS features to set a root and user password, and launch a backdoor root shell on port 4444. https://github.com/ArcadeHustle/AtariVCSroot https://github.com/ArcadeHustle/AtariVCSroot/blob/main/atarivcs.sh 1 2 Quote Link to comment Share on other sites More sharing options...
0_obeWAN Posted July 5, 2021 Share Posted July 5, 2021 19 hours ago, ArcadeProjects said: This will allow you to have a persistent root shell on the running Apertis system. It exploits the OverlayFS features to set a root and user password, and launch a backdoor root shell on port 4444. https://github.com/ArcadeHustle/AtariVCSroot https://github.com/ArcadeHustle/AtariVCSroot/blob/main/atarivcs.sh Many thanks for these links and hats off to @ArcadeHustle. Bravo, even if I didn't really understand everything. It still seems to smell pretty good ^^ for whoever wants to go digging into the guts of the beast. I don't know the Apertis system, I don't know much about Linux either, but from what I've seen Apertis 2021 is a sort of "media-center" or on-board browser but it seems to handle audio and video? I think it will speak to some people (or not) but now I'm dreaming of an equivalent of multiMAN (PS3) or even better XBMC (Xbox). So many good memories for the ones I have left. 1 1 Quote Link to comment Share on other sites More sharing options...
0_obeWAN Posted July 5, 2021 Share Posted July 5, 2021 Bravo Thank you for your work and for sharing Even if I don't understand all of it, I hope that this new possibility will inspire people to go and search in this system, and who knows... 1 Quote Link to comment Share on other sites More sharing options...
rayik Posted July 6, 2021 Share Posted July 6, 2021 @ArcadeProjects Script run and verified folders / files exist on mmcblk0p4. Cannot connect Not sure if should connect in Apertis boot screen or Atari OS. In Apertis screen (CTR +C) device is not connecting to network. In Atari OS I get connect refused, but able to ping ok. Picture shows nc output when trying to connect in Atari OS mode. Not sure what to do. Quote Link to comment Share on other sites More sharing options...
ArcadeProjects Posted July 6, 2021 Author Share Posted July 6, 2021 see if you can login as root on the Apertis terminal on tty2. Quote Link to comment Share on other sites More sharing options...
ArcadeProjects Posted July 6, 2021 Author Share Posted July 6, 2021 59 minutes ago, rayik said: @ArcadeProjects Script run and verified folders / files exist on mmcblk0p4. Cannot connect Not sure if should connect in Apertis boot screen or Atari OS. In Apertis screen (CTR +C) device is not connecting to network. In Atari OS I get connect refused, but able to ping ok. Picture shows nc output when trying to connect in Atari OS mode. Not sure what to do. Wireless, or wired? I've seen some inconsistencies between both. I use wired exclusively for now. Quote Link to comment Share on other sites More sharing options...
rayik Posted July 7, 2021 Share Posted July 7, 2021 @ArcadeProjects Wired connection. Won't be able to do anything else until at least Sunday. On vacation in pretty remote location. Quote Link to comment Share on other sites More sharing options...
ArcadeProjects Posted July 8, 2021 Author Share Posted July 8, 2021 On 7/6/2021 at 10:40 PM, rayik said: @ArcadeProjects Wired connection. Won't be able to do anything else until at least Sunday. On vacation in pretty remote location. I noticed what may be the cause of your issue. Pull the most recent copy of the script down. I added a "chmod" command. https://github.com/ArcadeHustle/AtariVCSroot/blob/main/atarivcs.sh#L41 1 Quote Link to comment Share on other sites More sharing options...
0_obeWAN Posted July 8, 2021 Share Posted July 8, 2021 Hello @ArcadeProjects Have you seen any codename, or name for/inside this specific Linux Atari distibution pls ? Quote Link to comment Share on other sites More sharing options...
justclaws Posted July 8, 2021 Share Posted July 8, 2021 56 minutes ago, 0_obeWAN said: Hello @ArcadeProjects Have you seen any codename, or name for/inside this specific Linux Atari distibution pls ? Apertis Linux is here - https://www.apertis.org Quote Link to comment Share on other sites More sharing options...
0_obeWAN Posted July 8, 2021 Share Posted July 8, 2021 27 minutes ago, justclaws said: Apertis Linux is here - https://www.apertis.org Thanks, I know for Apertis, but like for Ubuntu 20 is named "groovy gorilla" or Kodi 18 named "Leia" Is there a name other than Apertis for this specific distibution ? Quote Link to comment Share on other sites More sharing options...
ArcadeProjects Posted July 9, 2021 Author Share Posted July 9, 2021 (edited) On 7/8/2021 at 4:47 PM, 0_obeWAN said: Thanks, I know for Apertis, but like for Ubuntu 20 is named "groovy gorilla" or Kodi 18 named "Leia" Is there a name other than Apertis for this specific distibution ? V2020 Release which is based on Debian Buster. https://www.apertis.org/release/v2020.0/releasenotes/ Edited July 9, 2021 by ArcadeProjects 1 Quote Link to comment Share on other sites More sharing options...
rayik Posted July 14, 2021 Share Posted July 14, 2021 (edited) On 7/7/2021 at 10:11 PM, ArcadeProjects said: I noticed what may be the cause of your issue. Pull the most recent copy of the script down. I added a "chmod" command. https://github.com/ArcadeHustle/AtariVCSroot/blob/main/atarivcs.sh#L41 @ArcadeProjects Making the file executable did the trick. Able to connect to VCS. Thank you! Edited July 14, 2021 by rayik added @ 2 Quote Link to comment Share on other sites More sharing options...
ArcadeProjects Posted July 16, 2021 Author Share Posted July 16, 2021 On 7/13/2021 at 8:48 PM, rayik said: @ArcadeProjects Making the file executable did the trick. Able to connect to VCS. Thank you! Excellent! Thanks for getting back to me. Have fun! Quote Link to comment Share on other sites More sharing options...
+x=usr(1536) Posted July 16, 2021 Share Posted July 16, 2021 Read through the method you used on Github. Nicely done ? Two things stand out from the version of BusyBox that the Apertis distro is running: depending on how you're counting, V.1.30.1 is either over two or close to two-and-a-half years old. First release was on 14th February 2019, last release was on 10th June 2019, minor release 1.31.1 took place on 10th October 2019 (look here and search in page for "1.30.1" for release history). The second item that stands out is the string identifying the kernel version (Apertis 1:1.30.1-4co1bv2020preb1). That "preb1" at the end of the string has me wondering if this isn't a prerelease version of beta 1 of that build. This would effectively make it an alpha release. Granted, there are a number of things that this could signify. I could even be totally wrong in my supposition. But given the timing and Atari SA's development woes around the middle of 2019, this suggests to me that whatever the updates are that people have downloaded don't seem to be concentrating on the core OS. I'm seriously on the fence right now about buying a VCS and bringing it out to the pentest village (or its equivalent) at Defcon this year. That would be a very interesting live-fire exercise; I'm just not certain that I can budget it between now and August 5th. 2 Quote Link to comment Share on other sites More sharing options...
leech Posted July 17, 2021 Share Posted July 17, 2021 This is awesome, but the weird thing is, I don't have the desire to 'root' mine. Weird, as in I've rooted all my other devices, though I guess in the last few years I've just given up and would rather just buy things that are open enough, and the VCS allowed me to install Debian, so that made me happy enough I still wonder if Apertis is what the Teslas use on their tablets, and if so, if you can install AtariOS on them! On 7/15/2021 at 8:19 PM, x=usr(1536) said: I'm seriously on the fence right now about buying a VCS and bringing it out to the pentest village (or its equivalent) at Defcon this year. That would be a very interesting live-fire exercise; I'm just not certain that I can budget it between now and August 5th. Do it!! That'd be awesome. It does sort of look like they really had the OS 'done' (at least the OS bits, not the interface) by 2019, and then we've gotten a few updates from it. Quote Link to comment Share on other sites More sharing options...
+x=usr(1536) Posted July 17, 2021 Share Posted July 17, 2021 8 hours ago, leech said: Do it!! That'd be awesome. It does sort of look like they really had the OS 'done' (at least the OS bits, not the interface) by 2019, and then we've gotten a few updates from it. If I can swing it, I will. Just had to replace a seriously broken windscreen and that kinda blew the fun budget for a bit. With three weeks to go until Defcon, it's hard to say if it's doable or not. What I would like to see is a diff of the directory tree for an out-of-the-box unit and one that has gone through all of the post-purchase patching. Just knowing which files have been touched (or not) would be an interesting exercise in and of itself. Quote Link to comment Share on other sites More sharing options...
Cebus Capucinis Posted July 17, 2021 Share Posted July 17, 2021 Defcon will annihilate that thing..... .....WHICH I WANT TO SEE! 1 Quote Link to comment Share on other sites More sharing options...
+x=usr(1536) Posted July 17, 2021 Share Posted July 17, 2021 41 minutes ago, Cebus Capucinis said: Defcon will annihilate that thing..... .....WHICH I WANT TO SEE! It struck me as being a nicely-timed possibility This year's going to be a little weird. Some of the traditional villages (lockpicking, pentest, etc.) may or may not be taking place due to COVID concerns. Even if I do manage to get it out there, there's no guarantee that there'll be anyone I can reliably leave it with for four or five days who can hammer on it and document their findings, with documentation being the key part. I'd really like to get as close to a proper audit & assessment as possible with this. My plan was to make it totally sacrificial: the person or team who racked up the most vulnerabilities in the VCS gets to keep it. I'd understand if they declined the honour, however. Quote Link to comment Share on other sites More sharing options...
Cebus Capucinis Posted July 17, 2021 Share Posted July 17, 2021 5 minutes ago, x=usr(1536) said: I'd understand if they declined the honour, however. Why would they decline to keep the greatest video game console and/or computer, depending upon whose opinions you need to defend it against? I mean those guys are already in the market for a Switch, I'm sure, so they probably struggled between this and it anyway. But joking aside, evidence thus far has shown this thing is Swiss cheese. I'd not be shocked if anyone security minded would outright refuse to have one. 2 1 Quote Link to comment Share on other sites More sharing options...
0_obeWAN Posted July 19, 2021 Share Posted July 19, 2021 @ArcadeProjects Hello, On Github.com you write "The root of the Dashboard appears to use some sort of encrypted file names." Does it mean that there is no way (due to encryption or atypical files) to expect find and modify files like .xml to modify Dashboard appearance ? Thanks again for Debian Buster code name Spoiler Quote Link to comment Share on other sites More sharing options...
0_obeWAN Posted July 31, 2021 Share Posted July 31, 2021 It talks about : https://hackaday.com/2021/07/27/rooting-the-atari-vcs-800/ 1 Quote Link to comment Share on other sites More sharing options...
ArcadeProjects Posted August 8, 2021 Author Share Posted August 8, 2021 On 7/19/2021 at 1:19 PM, 0_obeWAN said: @ArcadeProjects Hello, On Github.com you write "The root of the Dashboard appears to use some sort of encrypted file names." Does it mean that there is no way (due to encryption or atypical files) to expect find and modify files like .xml to modify Dashboard appearance ? Thanks again for Debian Buster code name Reveal hidden contents it is unclear. I doubt the obfuscation is strong. Someone needs to research. 1 Quote Link to comment Share on other sites More sharing options...
ArcadeProjects Posted August 8, 2021 Author Share Posted August 8, 2021 On 7/15/2021 at 10:19 PM, x=usr(1536) said: I'm seriously on the fence right now about buying a VCS and bringing it out to the pentest village (or its equivalent) at Defcon this year. That would be a very interesting live-fire exercise; I'm just not certain that I can budget it between now and August 5th. Hopefully you made this happen. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.