“Man if we had the original source code, it’d be so much easier than reverse engineering this binary in Ghidra”

The source code in question:

This one is funny because it 100% still exists somewhere, but I haven’t had the chance to verify it again.

Okay so basically its a data recorder box (ex: brainbox) that connects to a bunch of industrial sensors and sends the data over the network with your preferred method.

Builtin firmware gives you an HTTP webui to login and configure the device, with a user # and password.

I think the user itself had a builtin default admin which was #0, which everyone uses since there wasn’t really much use for other users.

Anyway, I was looking at the small JS code for the webui and noticed it had an MD5 hashing code that was very detailed with comments. It carefully laid out each operation, and explained each step to generate a hash, and then even why hashes should be used for passwords.

Here’s the kicker: It was all client side JS, so the login page would take your password, hash it, and then send the hash over plaintext HTTP POST to the server, where it would be authenticated.

Meaning you could just mitm the connection to grab the hash, and then login with the hash.

I sat there for like 10 minutes looking at the request over and over again. Like someone was smart enough to think “hey let’s use password hashing to keep this secure” and then proceeded to use it in the compleltly wrong way. And not even part of like a challenge/handshake where the server gives you a token to hash with. Just straight up MD5(password).

It was so funny because there were like a hundred of these on a network, so getting a valid hash was laughably easy.

I never got to check if this was fixed in a newer firmware version.

Yeah except I have never seen anyone actually suggest Zorin OS for this purpose due to its controversial pro edition.

There are other distros that achieve the same thing. My point is that Zorin is making money off of something I could do with zero effort, which implies its not even worth making a pay to use distro when one of the inherent benefits of linux is that its free.

I could understand if Zorin provided some groundbreaking software like Crossover, which for a long time had some serious advantages over wine and proton (yes I know irony that all are based on wine). But as other people have pointed out, most of this OS is just a reskin + preinstalled app combo. Might as well just use Nobara, which GE made in his spare time with some lazy scripts for Fedora.

Bruh ain’t no way people are choosing Zorin OS over all the available options.

If this is a result of people searching “best windows like distro”, they’re profiting off of a windows theme for GNOME, not even a full DE.

You can achieve the same thing with zero effort on any distro because DEs and themes aren’t tied to a distro.

Wayland is responsible for kneecapping linux desktop in so many ways its infuriating, especially since linux basically figured out the golden standard of UX design back in the 2000s with stuff like GNOME 2 and Compiz.

It’s such an unnecessary burden with progress as slow as ripoff projects like star citizen.

I hope valve picks up the slack with frog protocols or at least gets PRs merged, because it would be stupid to ship steam machine and then explain to the user that the clipboard doesn’t work yet, even though it used to work perfectly fine in X11.