Jump to content

Pineapple 2.4.1 (Stock from HakShop) root pass change.


Recommended Posts

After playing around with this, I may have found a way for people to get into their pineapples without sending it back or needing a UART.

  • If you are using the stock firmware of the pineapple (2.4.1) that you purchased from the HakShop
  • Used the GUI to change your password
  • If your password contains special characters (specifically $)


echo YOUR_ELITE_PASS > my_real_password
cat my_real_password

Try using the string returned to you from

[CODE]cat my_real_password[/CODE]

to login as root.


protocol@protocol-desktop:~$ echo super$elite > test
protocol@protocol-desktop:~$ cat test

So if my new password was "super$elite" when put into the 2.4.1 web GUI, the password to login would be "super"

If you get errors when trying to echo the string into a file, chances are the password didn't change. You will have to figure it out depending on the errors you get back of what may have happened. Or buy http://hakshop.myshopify.com/products/serial-ttl-cable

I advise if this works to upgrade to the latest firmware, also read the change logs on the web GUI URL change to

Hopefully this will work and make it easier for the Hakshop and users to get back up and running.



Link to comment
Share on other sites

Basically it has taken whatever is after the $ and assumed that it is a shell variable, by doing this you are reproducing what the shell script would have seen and so hopefully the password that was set.

You can't just assume that everything after the $ was truncated because certain characters aren't allowed in variable names so would have terminated the variable and let the normal characters back in.

If you want to see what is happening try this in a sh/bash shell

echo $PATH[/CODE]

shows the current path

[CODE]echo xxx$PATH[/CODE]

shows the path with xxx at the start

[CODE]echo xxx$PATHyyy[/CODE]

shows just xxx as $PATHyyy doesn't exist

[CODE]echo xxx$PATH+yyy[/CODE]

shows xxx+yyy as the + terminates the variable name

Link to comment
Share on other sites

I've not looked at the code but if it is just passing the entry to a script without using quotes around the variable then it would be something like

changepassword.sh newpassword thatwasaspace

so it would take "newpassword" as the password and ignore the "thatwasaspace" as an unused second parameter

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...