Jump to content
IGNORED

persistent root via OverlayFS


Recommended Posts

On 6/1/2021 at 5:29 PM, 0_obeWAN said:

For what I see (structure system), maybe hope come from https://www.apertis.org/ community (I don't know it) where AtariOS seems to com from 

This will allow you to have a persistent root shell on the running Apertis system. It exploits the OverlayFS features to set a root and user password, and launch a backdoor root shell on port 4444. 

 

https://github.com/ArcadeHustle/AtariVCSroot

https://github.com/ArcadeHustle/AtariVCSroot/blob/main/atarivcs.sh

 

E5egiBGXwAYlGlm.jpeg

  • Like 1
  • Thanks 2
Link to comment
Share on other sites

19 hours ago, ArcadeProjects said:

This will allow you to have a persistent root shell on the running Apertis system. It exploits the OverlayFS features to set a root and user password, and launch a backdoor root shell on port 4444. 

 

https://github.com/ArcadeHustle/AtariVCSroot

https://github.com/ArcadeHustle/AtariVCSroot/blob/main/atarivcs.sh

 

E5egiBGXwAYlGlm.jpeg

Many thanks for these links and hats off to @ArcadeHustle. Bravo, even if I didn't really understand everything. 
It still seems to smell pretty good ^^ for whoever wants to go digging into the guts of the beast. 
I don't know the Apertis system, I don't know much about Linux either, but from what I've seen Apertis 2021 is a sort of "media-center" or on-board browser but it seems to handle audio and video?

I think it will speak to some people (or not) but now I'm dreaming of an equivalent of multiMAN (PS3) or even better XBMC (Xbox). So many good memories for the ones I have left.

 

  • Like 1
  • Thanks 1
Link to comment
Share on other sites

@ArcadeProjects

 

Script run and verified folders / files exist on mmcblk0p4.  Cannot connect

 

Not sure if should connect in Apertis boot screen or Atari OS.  In Apertis screen (CTR +C) device is not connecting to network.  In Atari OS I get connect refused, but able to ping ok.  Picture shows nc output when trying to connect in Atari OS mode. 

 

Not sure what to do.

 

 

vcs snip.PNG

Link to comment
Share on other sites

59 minutes ago, rayik said:

@ArcadeProjects

 

Script run and verified folders / files exist on mmcblk0p4.  Cannot connect

 

Not sure if should connect in Apertis boot screen or Atari OS.  In Apertis screen (CTR +C) device is not connecting to network.  In Atari OS I get connect refused, but able to ping ok.  Picture shows nc output when trying to connect in Atari OS mode. 

 

Not sure what to do.

 

 

vcs snip.PNG

Wireless, or wired? I've seen some inconsistencies between both. I use wired exclusively for now. 

Link to comment
Share on other sites

On 7/6/2021 at 10:40 PM, rayik said:

@ArcadeProjects

 

Wired connection.  Won't be able to do anything else until at least Sunday.  On vacation in pretty remote location.

I noticed what may be the cause of your issue. Pull the most recent copy of the script down. I added a "chmod" command. 

https://github.com/ArcadeHustle/AtariVCSroot/blob/main/atarivcs.sh#L41

 

  • Thanks 1
Link to comment
Share on other sites

On 7/8/2021 at 4:47 PM, 0_obeWAN said:

Thanks, I know for Apertis, but like for Ubuntu 20 is named "groovy gorilla" or Kodi 18 named "Leia"

Is there a name other than Apertis for this specific distibution ?

 

V2020 Release which is based on Debian Buster. https://www.apertis.org/release/v2020.0/releasenotes/

299746036_ScreenShot2021-07-09at5_11_14PM.thumb.jpg.fbc6d1816dc4355d9e6c36ba26c70e7c.jpg

Edited by ArcadeProjects
  • Thanks 1
Link to comment
Share on other sites

On 7/7/2021 at 10:11 PM, ArcadeProjects said:

I noticed what may be the cause of your issue. Pull the most recent copy of the script down. I added a "chmod" command. 

https://github.com/ArcadeHustle/AtariVCSroot/blob/main/atarivcs.sh#L41

 

@ArcadeProjects

 

Making the file executable did the trick.  Able to connect to VCS.  Thank you!

Edited by rayik
added @
  • Like 2
Link to comment
Share on other sites

Read through the method you used on Github.  Nicely done ?

 

Two things stand out from the version of BusyBox that the Apertis distro is running: depending on how you're counting, V.1.30.1 is either over two or close to two-and-a-half years old.  First release was on 14th February 2019, last release was on 10th June 2019, minor release 1.31.1 took place on 10th October 2019 (look here and search in page for "1.30.1" for release history).

 

The second item that stands out is the string identifying the kernel version (Apertis 1:1.30.1-4co1bv2020preb1).  That "preb1" at the end of the string has me wondering if this isn't a prerelease version of beta 1 of that build.  This would effectively make it an alpha release.

 

Granted, there are a number of things that this could signify.  I could even be totally wrong in my supposition.  But given the timing and Atari SA's development woes around the middle of 2019, this suggests to me that whatever the updates are that people have downloaded don't seem to be concentrating on the core OS.

 

I'm seriously on the fence right now about buying a VCS and bringing it out to the pentest village (or its equivalent) at Defcon this year.  That would be a very interesting live-fire exercise; I'm just not certain that I can budget it between now and August 5th.

  • Like 2
Link to comment
Share on other sites

This is awesome, but the weird thing is, I don't have the desire to 'root' mine.  Weird, as in I've rooted all my other devices, though I guess in the last few years I've just given up and would rather just buy things that are open enough, and the VCS allowed me to install Debian, so that made me happy enough :P 

 

I still wonder if Apertis is what the Teslas use on their tablets, and if so, if you can install AtariOS on them! 

On 7/15/2021 at 8:19 PM, x=usr(1536) said:

I'm seriously on the fence right now about buying a VCS and bringing it out to the pentest village (or its equivalent) at Defcon this year.  That would be a very interesting live-fire exercise; I'm just not certain that I can budget it between now and August 5th.

Do it!!  That'd be awesome.  It does sort of look like they really had the OS 'done' (at least the OS bits, not the interface) by 2019, and then we've gotten a few updates from it. 

Link to comment
Share on other sites

8 hours ago, leech said:

Do it!!  That'd be awesome.  It does sort of look like they really had the OS 'done' (at least the OS bits, not the interface) by 2019, and then we've gotten a few updates from it. 

If I can swing it, I will.  Just had to replace a seriously broken windscreen and that kinda blew the fun budget for a bit.  With three weeks to go until Defcon, it's hard to say if it's doable or not.

 

What I would like to see is a diff of the directory tree for an out-of-the-box unit and one that has gone through all of the post-purchase patching.  Just knowing which files have been touched (or not) would be an interesting exercise in and of itself.

Link to comment
Share on other sites

41 minutes ago, Cebus Capucinis said:

Defcon will annihilate that thing.....

 

 

.....WHICH I WANT TO SEE! :D

It struck me as being a nicely-timed possibility :grin:

 

This year's going to be a little weird.  Some of the traditional villages (lockpicking, pentest, etc.) may or may not be taking place due to COVID concerns.  Even if I do manage to get it out there, there's no guarantee that there'll be anyone I can reliably leave it with for four or five days who can hammer on it and document their findings, with documentation being the key part.  I'd really like to get as close to a proper audit & assessment as possible with this.

 

My plan was to make it totally sacrificial: the person or team who racked up the most vulnerabilities in the VCS gets to keep it.  I'd understand if they declined the honour, however.

Link to comment
Share on other sites

5 minutes ago, x=usr(1536) said:

I'd understand if they declined the honour, however.

Why would they decline to keep the greatest video game console and/or computer, depending upon whose opinions you need to defend it against? I mean those guys are already in the market for a Switch, I'm sure, so they probably struggled between this and it anyway.

 

But joking aside, evidence thus far has shown this thing is Swiss cheese. I'd not be shocked if anyone security minded would outright refuse to have one.

  • Like 2
  • Haha 1
Link to comment
Share on other sites

@ArcadeProjects

Hello,

On Github.com you write "The root of the Dashboard appears to use some sort of encrypted file names." 

Does it mean that there is no way (due to encryption or atypical files) to expect find and modify files like .xml to modify Dashboard appearance ?

 

Thanks again for Debian Buster code name :) 

 

Spoiler

104933379_DebianBusterforVCS.thumb.png.b720a53f8112add496ff0f8e21a24fcf.png

 

Link to comment
Share on other sites

  • 2 weeks later...
  • 2 weeks later...
On 7/19/2021 at 1:19 PM, 0_obeWAN said:

@ArcadeProjects

Hello,

On Github.com you write "The root of the Dashboard appears to use some sort of encrypted file names." 

Does it mean that there is no way (due to encryption or atypical files) to expect find and modify files like .xml to modify Dashboard appearance ?

 

Thanks again for Debian Buster code name :) 

 

  Reveal hidden contents

imageproxy.php?img=&key=f4dcc336a70d5c68104933379_DebianBusterforVCS.thumb.png.b720a53f8112add496ff0f8e21a24fcf.png

 

it is unclear. I doubt the obfuscation is strong. Someone needs to research. 

 

  • Like 1
Link to comment
Share on other sites

On 7/15/2021 at 10:19 PM, x=usr(1536) said:

I'm seriously on the fence right now about buying a VCS and bringing it out to the pentest village (or its equivalent) at Defcon this year.  That would be a very interesting live-fire exercise; I'm just not certain that I can budget it between now and August 5th.

Hopefully you made this happen. 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...