kroger476
08-17-2005, 07:51 AM
Hello, I work for The Kroger Co., yes the grocery store. I had the chance to talk to one of the corperate IT guys about our new hand held scanners(guns as we call them). But he wanted to see all the security risks I could breatch with this gun, it is running Windows Mobile 2003. The gun is running 3 layers of software, the actual OS, and system overlay with very limited options, and then a Telnet session.
I am able to have the gun not load the Telnet session by repeadedly warm booting it so I am able to get into the system overlay, but my problem is that I want to get into the actual OS. I right now have two options; my first is to somehow crack the admin password(can't load any programs on the gun, will get to this later), or cause the OS to not load the system overlay. In am able to access an admin password prompt from the system overlay.
How the gun works is that when it is cold booted it loads the OS from an EPROM into system RAM, then the OS boots, so I am unable to load any programs from this first standpoint as I am unable to make changes to the actual OS, the only was to change the OS in the EPROM is from the server, but that is a different matter compleatly.
When the gun loads it will load the OS and then the system overlay, there is only a second or two where I have access to the OS before the overlay loads. The problem is that the overlay is coded that if there is any program that is not given special permission to be running will be shut down. So as a test I was able to get Outlook opened in a split second, but that program was then shut down. The only program that has permisson to be loaded is a specific sync program.
If I remember correcly, they coded the load sequence so that the system overlay has already been executed to load before I have access to the OS, so it seems that I am unable to prevent the overlay from being loaded. I just need to see if I am able to stop the overlay cold in it's tracks before it takes over the system, and this is the second way to get into the OS.
So to recap, I either need to bypass the admin password in the system overlay, or stop the overlay from completing it's loading proccess.
If anyone at all has any ideas, they would be greatly appreceated. Not only about what I have stated, but if there are any known ways to have root access for Windows Mobile 2003. I am going back tomorrow to talk to him again about the same matter.
Thanks
I am able to have the gun not load the Telnet session by repeadedly warm booting it so I am able to get into the system overlay, but my problem is that I want to get into the actual OS. I right now have two options; my first is to somehow crack the admin password(can't load any programs on the gun, will get to this later), or cause the OS to not load the system overlay. In am able to access an admin password prompt from the system overlay.
How the gun works is that when it is cold booted it loads the OS from an EPROM into system RAM, then the OS boots, so I am unable to load any programs from this first standpoint as I am unable to make changes to the actual OS, the only was to change the OS in the EPROM is from the server, but that is a different matter compleatly.
When the gun loads it will load the OS and then the system overlay, there is only a second or two where I have access to the OS before the overlay loads. The problem is that the overlay is coded that if there is any program that is not given special permission to be running will be shut down. So as a test I was able to get Outlook opened in a split second, but that program was then shut down. The only program that has permisson to be loaded is a specific sync program.
If I remember correcly, they coded the load sequence so that the system overlay has already been executed to load before I have access to the OS, so it seems that I am unable to prevent the overlay from being loaded. I just need to see if I am able to stop the overlay cold in it's tracks before it takes over the system, and this is the second way to get into the OS.
So to recap, I either need to bypass the admin password in the system overlay, or stop the overlay from completing it's loading proccess.
If anyone at all has any ideas, they would be greatly appreceated. Not only about what I have stated, but if there are any known ways to have root access for Windows Mobile 2003. I am going back tomorrow to talk to him again about the same matter.
Thanks