Dear iPhone Users:
Change your iPhone root password. If you have jailbroken your iPhone, your default root password is “alpine.” This puts you at a distinct security disadvantage when connected to open networks as it allows the nefarious to browse your entire iPhone with impunity.
To change your password, first runt his perl command:
openssl passwd -crypt -salt /s [password]
Where [password] is your new password. The script will return a number of random characters followed by “.io” The characters before “.io” is your encrypted password. Here is a full How-To.
The edit the file /etc/master.passwd line that gives the information for root on the iPhone. This means you need to ssh into your iPhone and run vi. If you don’t know how to do this, restore your iPhone immediately and leave it unjailbroken until you figure out the command line.
root:[encrypted password]:0:0::0:0:System Administrator:/var/root:/bin/sh
Where [encrypted password] is the password returned above. Failure to do this will result in someone looking at your stuff.
Is this something un-jailbroken iPhones should worry about?
not specifically, no.
Does anyone know of some REALLY good 3rd party apps that makes jailbreaking worth it and sacrificing your warranty on the phone? Let me know…
I honestly haven’t noticed any on the 3G but the set of applications for the first generation was great. Most of them were cool little games and there were a few fun utilities. It’s also nice to be able to SSH into your iPhone but, as I now know, it’s not so fun to get hacked.
well, backgrounder definitely is a good reason to jailbreak. It allows your IM apps (like Fring and others), and Last.fm to run in background. Qik and other video recording apps are also very good reasons. dTunes allows you to download songs via torrents or from Seeqpod.com
Where do you download them?
any reason why a simple ‘passwd’ command shouldn’t be used?
the passwd command doesn’t really control /etc/master.passwd correctly. There’s a program on jailbroken iPhone that adds proper password management. Look for it in Cydia or installer.
i used the passwd command..and it works
at least i have to enter the new password when i ssh and scp to my iphone
Hehehe…you sneaky son of a gun.
I love doing this kind of stuff all the time on my network. It’s a honeypot, for my amusement.
let’s just say this guy really likes cars.
I done this on my 1.1.4 first gen and ended up in a re-spring loop. Thankfully I could still SSH in and backup my data before restore
True. Happened to me also. After changing password, the Springboard went into a loop. An easier method is to install bossprefs from cydia and disable SSH when not in use. only enable SSH when you need it and you are on your own secure network.
That’s your best bet, I think, Harsh. People have had different problems with changing the password and that would probably be your safest bet.
There are also instructions on the newest version of Cydia for using MobileTerminal to run the passwd and passwd mobile commands to change the passwd under version 2.1 of the iPhone software.
You guys crack me up. I just find funny as hell how much effort people put into this thing in order to make it work well, and how much effort the manufacturer puts into not allowing the buyer to have what they want.
It’s like some kind of horrible co-dependent metal aberation. I mean really, if you step back from the iPhone and look at it with some objectivity, doesn’t it just all seem kinda silly. Seriously, voiding your warranty, loading hacked software, opening yourself to security problems, digging around at the command line level. Would you do this with your TV, or would you just buy a TV that does what you want?
Oh, it’s all silly, sure, but it’s fun.
I wish, Clip2mobile is available for jail broken phones
Thanks for the heads up, but I think you’re partially wrong. If you jailbreak your iphone using Pwnage, SSH server does _not_ get installed by default. This warning stands for older/other jailbreak methods. ‘ps aux |grep ssh’ shows no trace of an ssh server on my iphone 2G, and it’s not possible to ssh to port 22.
Thx
Everytime i see a broken iphone glass, i feel sad lol.
‘Toggle SSH’ helps to switch at least SSH on your jailbroken iPhone on/off whenever you want!
Get it with the Cydia installer.
Cheers,
Philip
I’m having trouble with my terminal password.i cant enter either “alpine” or “dottie” is there any way to solve this?ive jailbroken my 2.0.1 iphone to 1.1.4 just to get the grey wifi fixed.thanks so much!!