Login Required 1.1.3

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Follow the steps outlined in "[1.1.3] Jailbreak HOW-TO w/ everything
working (AT&T)" (http://hackint0sh.org/forum/showthread.php?t=25577)
2. Installed BSD, OpenSSH, and Term-vt100
3. Open Term-vt100

What is the expected output? What do you see instead?
I expected to see a shell prompt, but instead I see a prompt for a
"Password:".  If you try "ditto" or "alpine", you get a "Login incorrect",
and then you get a prompt for a "login:", followed by a prompt for a
password.  I don't know any of the passwords! (except for the default root
passwords)

What version of the product are you using? On what operating system?
"Version svn198", on iPhone 1.1.3 (4A93), Modem Firmware "4.03.13_G"

Please provide any additional information below.
The baseband is v1.1.3, but the lockdownd is v1.1.2.  I've been trying to
upgrade the lockdownd, but OpenSSH doesn't work.  So I thought I might find
a solution by using the mobileterminal.

Original issue reported on code.google.com by jerroydm...@gmail.com on 28 Jan 2008 at 8:30

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

Hello,
Just to confirm I have exactly the same issue since my new migration based on 
same
1.1.3 jailbreak method.

Regards
Gilles

Original comment by gtoub...@gmail.com on 28 Jan 2008 at 6:07

[GoogleCodeExporter]

I have the same issue here. The problem is that Terminal runs as user 'mobile' 
and tries to execute 'login -f 
root', which does not work as that user (I get the same effect when I ssh in as 
root, su to mobile and then run 
login -f root.

How does Terminal know what command to run when it starts up? (I might look 
through the source in a mo...)

regards,
-- David

Original comment by david299...@googlemail.com on 28 Jan 2008 at 10:04

[GoogleCodeExporter]

I just had a quick look at the source and noticed there's a fallback to execute 
/bin/sh if login isn't found. I moved 
/usr/bin/login aside, and it correctly executed /bin/sh giving me a shell! 
Hurrah! 

This isn't a satisfactory solution, but at least if I modify the source and 
recompile I can get a shell.

Next problem: I couldn't su to root for some reason. Not the end of the world 
though, and there's probably a 
simple solution.

Original comment by david299...@googlemail.com on 28 Jan 2008 at 11:15

[GoogleCodeExporter]

Thanks for posting the fix, David!

Not running /bin/login will cause you some other problems, but they are 
obviously
much less important than not being able to login at all (see old bugs and 
changes for
more details).

Please keep us updated about the solution for sudo, while not really related to
MobileTerminal.

Original comment by allen.po...@gmail.com on 29 Jan 2008 at 4:17

[GoogleCodeExporter]

Same problem here. For some reason the mobile user is not allowed to login (not 
even over ssh). Can't figure out 
why. Setting the SUID bit on term-vt100's code doesn't work either, it then 
refuses to launch.

Original comment by ernst.mu...@gmail.com on 29 Jan 2008 at 1:57

[GoogleCodeExporter]

I tried making it setuid too and got the same result. It won't even launch from 
the shell (via ssh). I can launch 
it from the shell when logged in as root or 'mobile' (when it's not SUID). 

Once you can log in as 'mobile', by either changing the startup code or moving 
the login program aside, you 
can get a root login by ssh into localhost. It's a cumbersome solution, but it 
would work. Then a couple of 
things occured to me:-
1. If I'm going to do that to get a root login I'd much rather not have to type 
in the password and hence use 
keys to login
2. I really don't want it to be possible to ssh into my iphone as root using 
the default password. Very bad.

This is when things started to go badly. When I tried setting up 
authorized_keys I found that I can't ssh in as 
'mobile' even with keys. I can't ssh in as root because /var/root has the wrong 
permissions - it's world 
writable(!) and sshd won't like that. I could change that, but I worried that 
might break other things.

So then I decided I had to change the root password. I remember reading 
somewhere that passwd shouldn't 
be used in 1.1.3, but I couldn't find it, and I had to do something. 

After that something went wrong and the home screen kept reloading every few 
seconds. I could still ssh in, 
but I couldn't find any way to fix it. In the end I dfu-d and restored from 
iTunes. I'm now back to un-
jailbroken 1.1.3 with no Terminal :(

So I suppose with Terminal modified not to run login, that would be ok for 
SSHing into other systems etc. But 
it's not good to have the sshd allowing root login via a default password, so 
that's not viable. It's a shame, 
because having it continue running in the background was a major improvement.

Original comment by david299...@googlemail.com on 29 Jan 2008 at 2:34

[GoogleCodeExporter]

The crashing home screen is a documented problem after using passwd in 1.1.3. 
To fix that you should have 
replaced /etc/passwd and /etc/master.passwd with the originals from the 1.1.3 
firmware disk image.

Original comment by ernst.mu...@gmail.com on 29 Jan 2008 at 2:51

[GoogleCodeExporter]

I know, I'm just trying stuff here, but I figured, could the problem be that 
login isn't SUID root? It is on Mac OS X. 
But when I try to SUID root login, I get the following trace trap exception 
trying to execute it:

dyld: Library not loaded: /usr/local/arm-apple-darwin/lib/libgcc_s.1.dylib
  Referenced from: /usr/bin/login
  Reason: image not found

I'm beginning to think it isn't term-vt100 that has a problem but the BSD 
Subsystem 2.0.

Original comment by ernst.mu...@gmail.com on 30 Jan 2008 at 6:24

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

Found the solution! The dylib error above was in fact the hint needed to solve 
this.

Perform the following (log in using ssh of course):

cd /Applications/Term-vt100.app
chmod +s Term-vt100
mkdir -p /usr/local/arm-apple-darwin/lib
ln -s /usr/lib/libgcc_s.1.dylib /usr/local/arm-apple-darwin/lib/libgcc_s.1.dylib

After that Term-vt100 will still ask for a password, but the root password will 
get you the root shell!

I have no idea why this works though, should there have been a filled 
/usr/local/arm-apple-darwin/lib that 
got erased by the 1.1.3 soft update? Is it the BSD Subsystem? Any idea anyone?

But pfew, now I can finally use my iPhone again ;-)

Original comment by ernst.mu...@gmail.com on 30 Jan 2008 at 8:51

[GoogleCodeExporter]

I've seen this solution offered and tried it under 2 different jailbreaks, but 
no joy!  Apparently there are some 
problems even under 1.1.2 with the BSD Subsystem 2.0, but nothing so severe.  
Any other suggestions from you 
geniuses?

Original comment by barrsm...@gmail.com on 31 Jan 2008 at 12:46

[GoogleCodeExporter]

Thanks ernst. It's taken me ages to get back to a jailbroken 1.1.3 state, but 
I've finally done it and then tried 
your fix with the linking and SUID, and I can confirm that it works!

The annoyance of having to type in the password is considerably mitigated by 
the fact that the latest 
Terminal.app downloaded from here continues running in the background. That's 
really really useful.

I've also rigged up a couple of simple scripts to enable/disable password login 
in ssh until I find a better 
solution to that huge security problem.

Not a perfect solution, but I can work with it.

Original comment by david299...@googlemail.com on 31 Jan 2008 at 5:36

[GoogleCodeExporter]

FYI, i tried the above and still could not get in regardless of what i did, but 
when
i did the following, i was IN, baby IN...

chmod +s /usr/bin/login
chmod +s /bin/sh

then reboot

then worked!

Original comment by techy...@gmail.com on 31 Jan 2008 at 8:59

[GoogleCodeExporter]

Thanks techyogi!  That did the trick for me too.  I still have to enter the 
password, but MUCH better than not 
getting in at all.

Original comment by barrsm...@gmail.com on 31 Jan 2008 at 10:29

[GoogleCodeExporter]

tried ernst.mulder fix but term is not even starting now. Im on 1.1.3 
jailbroken and
have term206 copied to the apps folder. I dont like the idea of seting +s to 
login
and sh, so i think i'll wait till a better fix comes out

Original comment by nbazzeghin on 31 Jan 2008 at 11:44

[GoogleCodeExporter]

Nice that worked for me too.

I'm with nbazzeghin though on setting the +s.

But at least I've got Terminal!!!!  I was so lost without it.

Original comment by gwola...@gmail.com on 1 Feb 2008 at 11:22

[GoogleCodeExporter]

http://code.google.com/p/mobileterminal/issues/detail?id=71#c12 lennart gives a 
fix that can solve both 
issues 71 and 72.

SubProcess.m:
    char* login_args[] = { "login", "-f", "root", (char*)0, };
to this:
    char* login_args[] = { "login", "-fp", "mobile", (char*)0, };

That change will fix the backspace and password issues without any +s binaries. 
However, you will be the 
mobile user.

To login as root you need to chmod +s login (or the Terminal executable) and 
enter a password. (you don't 
need to +s sh)

I can't get su to work as the mobile user, but I can run login as mobile and 
login as root from there.

(I also needed to ln -s /usr/lib/libgcc_s.1.dylib 
/usr/local/arm-apple-darwin/lib/libgcc_s.1.dylib like 
comment 11 suggests)

Original comment by jeb...@gmail.com on 3 Feb 2008 at 12:27

[GoogleCodeExporter]

Any chance someone could upload a binary with this last fix in it.  I'm not set 
up to compile this myself. TIA!

Original comment by barrsm...@gmail.com on 3 Feb 2008 at 6:00

[GoogleCodeExporter]

Fixed in r207 as described in Comment 18 above.  That is, you will now be 
logged in
as user mobile when running Terminal. To become root, please use the su(1) 
command.*

Also uploaded a copy of Terminal-207.zip to the Downloads area.

Enjoy!

*) Once it gets fixed -- it has been compiled with incorrect library references 
in
the current "BSD Subsystem 2.0"

Original comment by lenn...@gmail.com on 6 Feb 2008 at 3:10

• Changed state: Fixed