Sep 9, 2010
There is a login password on AR1688 web interface. We did not pay much attention on the security of AR1688 devices,
and the password was either set as 12345678 or simply left it completely blank. And it is also very easy to hack it in case user forgot, just following the steps below:
- Download an AR1688 software API.
- Extract the compressed file to c:\sdcc.
- Enter command line c:\sdcc\bin.
- Run cmd: "getopt xxx.xxx.xxx.xxx".
- Modify "admin_pin" field (where password is stored) in the options.txt file.
- Run cmd: "setopt xxx.xxx.xxx.xxx".
Both getopt.bat and setopt.bat use tftp.exe, make sure your Windows system had it installed.
There are 2 passwords used on PA1688 web interface.
Settings on service provider information is not available if entered with normal password, users need use "super" password to access all web settings.
However, both password can be hacked by PalmTool.exe:
- Set the "IP Address in Chip" and use PalmTool "Phone Settings" to access the device directly. If it can connect, users can simply change those password in the settings dialog.
- When "debug" option is disabled. PalmTool can not be used to access the device. Users will get error information like "Can not connect to Palm1".
- However, debug is always enabled in safe mode. Users can enter safe mode by press and hold * key and power on twice,
then the device will have default IP address 192.168.1.100 (with default MAC as 00-09-45-00-00-00). PalmTool can be used to change both passwords now.
What happens if our web site login password is forgotten? Just visit password reminder page,
a new password will be generated and sent to the registered email address.
Why generate a new password instead of send the old password back? Because we do not have the password in the database.
What we actually store in database password field is a string encrypted by MD5 based on the password. In theory MD5 cannot be decrypted, this means we can not get original password from the encrypted one.
Finally I have to admit that although this blog is partly enlightened by an AR1688 user who wish to hack the password,
the major purpose is to suggest people to try my newly written PHP software: register account on our web site and publish blog comments.
This is why it is put in Palmmicro category.