[18256] in bugtraq
R: @stake Advisory: PalmOS Password Retrieval and Decoding
daemon@ATHENA.MIT.EDU (Raistlin)
Thu Dec 21 00:22:49 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <02dc01c06ac2$f90f40e0$0200a8c0@raistlin>
Date: Wed, 20 Dec 2000 21:14:20 +0100
Reply-To: Raistlin <raistlin@EDISONS.IT>
From: Raistlin <raistlin@EDISONS.IT>
To: BUGTRAQ@SECURITYFOCUS.COM
> It is possible to obtain an encoded form of the password, determine
> the actual password due to a weak, reversable encoding scheme, and access
> a users private data. In order for this attack to be successful, the
> attacker must have physical access to the target Palm device.
If you do have access to a Palm Pilot and a HotSynch craddle, as you need
for this "exploit" to work, there is no need whatsoever to retrieve the
user's password to see his data. What you need to do is explained in big
bold letters on the Palm user's manual:
1) HotSynch
2) Hard Reset ( press and hold power button while hitting reset button,
until the palm logo pops up, and then hit "down" key )
3) switch the HotSynch setting to "Desktop Overwrites Handheld"
4) HotSynch
Et voila', you got rid of the password, and you have full access to the
hidden records.
Your advisory is completely true where you say that handheld PCs lack
security. But there is no need to "exploit" them. They come exploited by
defaulted.
Stefano "Raistlin" Zanero
System Administrator Gioco.Net
public PGP key block at http://gioco.net/pgpkeys
