Results 1 to 9 of 9
Discuss [2.1] Changing root password for safety at the General - Hackint0sh.org; I feel unsafe connecting to wifi with the default root password. Are most of you ...
  1. #1
    Respected Professional Array TwistyValhalla's Avatar

    Join Date
    Sep 2007
    Posts
    645
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    41

    Default [2.1] Changing root password for safety

    I feel unsafe connecting to wifi with the default root password. Are most of you guys changing the default root password? And what'd be the easiest way to change the default password? Can one just manually edit the master.passwd file? Also I remember there was a bug in the password command in BSD. Is that working in Cydia?

    Thanks.

    iPhone (OTB 1.1.1 / Currently 3.1)
    Unlock, activation, jailbreak: PwnageTool 3.1
    City Fido, Vancouver



  2. #2
    Speedy Administrator Array n350z's Avatar

    Join Date
    Nov 2007
    Location
    United Kingdom
    Posts
    3,021
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    10

    Default

    I've had no problems changing root passwd on 2.1 doing this from the mac

    Last login: Wed Oct 1 11:25:13 on ttys000
    Unknown-00-1r-c3-b5-cs-b5:~ n350z$ ssh root@192.168.x.xx
    root@192.168.x.xx's password: alpine
    tester:~ root# passwd
    Changing password for root.
    New password:xxxx
    -
    Read the stickies and search the forum before posting!
    Did we solve your problem? +1 us above
    If you want to become a Hackint0sh supporter click here
    ----------
    Follow Hackint0sh Follow Me

  3. #3
    Professional Array

    Join Date
    Mar 2008
    Posts
    83
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    12

    Default

    Quote Originally Posted by TwistyValhalla View Post
    I feel unsafe connecting to wifi with the default root password. Are most of you guys changing the default root password? And what'd be the easiest way to change the default password? Can one just manually edit the master.passwd file? Also I remember there was a bug in the password command in BSD. Is that working in Cydia?

    Thanks.
    You dont need to edit the master.passwd file anymore. That bug has been addressed by Cydia's BSD implementation. Just use the passwd command. I have both the root and mobile user passwords changed. I am on 2.1

  4. #4
    Board Hero Array

    Join Date
    Dec 2007
    Posts
    1,044
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    74

    Default

    Don't forget that changing the password for mobile is just as important! It is also alpine by default, like the root password. If someone can get into your mobile account, they have access to all your personal data -- so everything you'd want to keep private!

    For these reasons and more, it's wise to turn OpenSSH off when you're not using it. Use BossPrefs or Toggle SSH.
    iPhone 3GS / 3.1.2 JB (PwnageTool) / 04.26.08 carrier-locked, Carrier Logo Fixer / Cydia / 1000 posts on Hackint0sh

    Installing Cydia programs on a phone that has no internet connection: read this.

    Editing binary .plist, .strings, .nib and .xib files:
    * on your computer: Windows tool / conversion website.
    * on your iPhone: convert those files in a terminal with plutil (installed with Erica Utilities) or edit them with iFile (Cydia links).

  5. #5
    Respected Professional Array TwistyValhalla's Avatar

    Join Date
    Sep 2007
    Posts
    645
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    41

    Default

    I've now changed both root and mobile passwords (manual edit) and feel much safer.

    iPhone (OTB 1.1.1 / Currently 3.1)
    Unlock, activation, jailbreak: PwnageTool 3.1
    City Fido, Vancouver


  6. #6
    Newbie Array

    Join Date
    Jan 2009
    Posts
    3
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    I'm not so concerned with changing the default passwords as I disable wi-fi while I'm moving from place to place_

    I am finding it's slower in most places than 3G is and besides after the first day it got very annoying driving down a main road and every coupld of minutes having the phone alert me - only to find out it's not a call or message but the phone wanting to connect to some random wi-fi network it found_

    My question is more to the effect that if I do change the passwords - will this in any fashion cause a problem connecting up to or interfering with my cell phone services_

    I have jailbroken my phone and installed Cydia_ But I only mess with basic stuff like themes minor system tweaks here and there that are already built into the OS - just not user accessible without the jailbreak_

    I just don't want to change the passwords - then go make a phone call and at&t won't let me onto their network - ya know_

    ----
    Eat at Fishy Joe's -- Ride the Walrus !

    -uberFu
    Last edited by uberfu; 01-13-2009 at 02:04 AM.

  7. #7
    Board Hero Array

    Join Date
    Dec 2007
    Posts
    1,044
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    74

    Default

    Quote Originally Posted by uberfu View Post
    I'm not so concerned with changing the default passwords as I disable wi-fi while I'm moving from place to place_ I am finding it's slower in most places than 3G is

    My question is more to the effect that if I do change the passwords - will this in any fashion cause a problem connecting up to or interfering with my cell phone services_
    I'd be surprised if changing your passwords interfered -- we'd have been told about that by now, and there's no reason why it would.

    I think you should change the passwords. I'm not sure about your provider, but some providers give 3G users public IP addresses. That means that a hacker can attack their phone over the internet. If you have SSH installed (and not completely turned off) and haven't changed the passwords, it is extremely easy for a hacker to get in and steal all your personal information. This is not fantasy; according to this blog comment it has already happened:
    right now ph0n3.h4ck3r@gmail.com is exploiting the default password alpine on iPhones with SSH enabled in The Netherlands. The entire publicly accessible IP-range of the iPhone devices of T-Mobile was scanned to exploit vulnerable iPhones.
    If you want to know whether your 3G IP address is a public address (as opposed to one that exists only within your provider's "router"), compare what you see at whatsmyip.org with the IP address your phone knows internally (seen in SBSettings, BossPrefs or other applications). If they're equal, change the passwords.
    iPhone 3GS / 3.1.2 JB (PwnageTool) / 04.26.08 carrier-locked, Carrier Logo Fixer / Cydia / 1000 posts on Hackint0sh

    Installing Cydia programs on a phone that has no internet connection: read this.

    Editing binary .plist, .strings, .nib and .xib files:
    * on your computer: Windows tool / conversion website.
    * on your iPhone: convert those files in a terminal with plutil (installed with Erica Utilities) or edit them with iFile (Cydia links).

  8. #8
    Newbie Array

    Join Date
    Jan 2009
    Posts
    3
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    I checked against the site you mentioned and the 2 IP Addresses do not match up_

    I think you also inadvertently answered my question without realizing it_ Again - not too concerned about folks bumming around scanning for the hopes of an open iPhone here and there_

    BUT - the act of enabling SSH on the iPhone itself opens up the phone to being hacked without altering the default password_

    If SSH is disabled then those folks do not have to worry about our friend in the Netherlands_

    Which makes sense_ But again as I mentioned in my previous post - just making certain that it doesn't conflict with connecting to my carrier_ As I have no problem jailbreaking my phone to add some non-default customizing - but doing it to the exent that I end up with a $200+ paper-weight - not so much_

    The point of this part of the conversation for those listening in - is simply change the password if you enable SSH and don't worry about it if you don't_

    Thanks Jim_


    ----
    Eat at Fishy Joe's -- Ride the Walrus !

    -uberFu
    Last edited by uberfu; 01-13-2009 at 02:06 AM.

  9. #9
    Newbie Array

    Join Date
    Mar 2012
    Posts
    2
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Here's a great video on why you need to change the root password.


 

 

Similar Threads

  1. Changing root/mobile password 1.1.1
    By blah_york in forum iPhone "2G" (Rev. 1)
    Replies: 1
    Last Post: 10-12-2007, 07:59 AM
  2. Replies: 1
    Last Post: 10-09-2007, 01:15 AM
  3. Changing Root Password ? ...
    By ExOMaNiaC in forum General
    Replies: 12
    Last Post: 10-01-2007, 01:26 PM
  4. Why changing the root password?
    By Don_Ron in forum Tools
    Replies: 3
    Last Post: 08-30-2007, 03:03 PM
  5. Changing SSH Password
    By eddy123 in forum Free Toolchain Software (Cydia App's)
    Replies: 1
    Last Post: 08-07-2007, 11:21 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Powered by vBulletin®
Copyright © 2014 vBulletin Solutions, Inc. All rights reserved.
Search Engine Friendly URLs by vBSEO
(c) 2006-2012 Hackint0sh.org
All times are GMT +2. The time now is 08:42 PM.
twitter, follow us!