B10B Factory Reset: Difference between revisions
Content deleted Content added
Explain the issues regarding the supervisor password. |
m SHA-512 not 256 |
||
| Line 45: | Line 45: | ||
The supervisor account uses a password which is automatically generated by the device, and unique to each device. Its format is 9 hexadecimal digits (each digit is 0-9 or a-f), and is believed to use the device's serial number as a starting point. AAISP do not know this password. |
The supervisor account uses a password which is automatically generated by the device, and unique to each device. Its format is 9 hexadecimal digits (each digit is 0-9 or a-f), and is believed to use the device's serial number as a starting point. AAISP do not know this password. |
||
The usual way to obtain the supervisor password is to use software (e.g. hashcat) to crack the hashed version of the password which is held in the file /etc/passwd (before firmware version AAVF.10) or /etc/shadow (version AAVF.10 and later). The earlier firmware versions used an MD5 hash, and hashcat (on a fast machine) could crack the password in around 8 minutes. AAVF.10 switched to |
The usual way to obtain the supervisor password is to use software (e.g. hashcat) to crack the hashed version of the password which is held in the file /etc/passwd (before firmware version AAVF.10) or /etc/shadow (version AAVF.10 and later). The earlier firmware versions used an MD5 hash, and hashcat (on a fast machine) could crack the password in around 8 minutes. AAVF.10 switched to SHA-512 and hashcat takes longer to crack the password. |
||
Unfortunately as of firmware version AAVF.10 the admin user can't read the files /etc/passwd or /etc/shadow. This means you can't get the hashed version of the password to feed to cracking software. |
Unfortunately as of firmware version AAVF.10 the admin user can't read the files /etc/passwd or /etc/shadow. This means you can't get the hashed version of the password to feed to cracking software. |
||