Mr-Protocol Posted December 7, 2012 Posted December 7, 2012 After playing around with this, I may have found a way for people to get into their pineapples without sending it back or needing a UART. If you are using the stock firmware of the pineapple (2.4.1) that you purchased from the HakShop Used the GUI to change your password If your password contains special characters (specifically $) Try: echo YOUR_ELITE_PASS > my_real_passwordcat my_real_password[/CODE]Try using the string returned to you from [CODE]cat my_real_password[/CODE] to login as root.Example:[CODE]protocol@protocol-desktop:~$ echo super$elite > testprotocol@protocol-desktop:~$ cat testsuper[/CODE]So if my new password was "super$elite" when put into the 2.4.1 web GUI, the password to login would be "super"If you get errors when trying to echo the string into a file, chances are the password didn't change. You will have to figure it out depending on the errors you get back of what may have happened. Or buy http://hakshop.myshopify.com/products/serial-ttl-cableI advise if this works to upgrade to the latest firmware, also read the change logs on the web GUI URL change to http://172.16.42.1:1471Hopefully this will work and make it easier for the Hakshop and users to get back up and running.Cheers,Mr-Protocol Quote
digininja Posted December 7, 2012 Posted December 7, 2012 Basically it has taken whatever is after the $ and assumed that it is a shell variable, by doing this you are reproducing what the shell script would have seen and so hopefully the password that was set. You can't just assume that everything after the $ was truncated because certain characters aren't allowed in variable names so would have terminated the variable and let the normal characters back in. If you want to see what is happening try this in a sh/bash shell echo $PATH[/CODE]shows the current path[CODE]echo xxx$PATH[/CODE]shows the path with xxx at the start[CODE]echo xxx$PATHyyy[/CODE]shows just xxx as $PATHyyy doesn't exist[CODE]echo xxx$PATH+yyy[/CODE]shows xxx+yyy as the + terminates the variable name Quote
Mr-Protocol Posted December 7, 2012 Author Posted December 7, 2012 Well put. It was too early in the morning for me to keep poking around at it. Quote
vidkun Posted December 7, 2012 Posted December 7, 2012 digininja's explanation makes sense for why $ doesn't work, but what about spaces? Changing your password through the GUI with a space in your password truncates your new password at the first space as well. Quote
digininja Posted December 7, 2012 Posted December 7, 2012 I've not looked at the code but if it is just passing the entry to a script without using quotes around the variable then it would be something like changepassword.sh newpassword thatwasaspace so it would take "newpassword" as the password and ignore the "thatwasaspace" as an unused second parameter Quote
.thumb.jpg.8466dba81c3be3c53cf996158dd4cec2.jpg)
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.