Difference between revisions of "Digital Decoder Mod"

From Hackerspace ACKspace
Jump to: navigation, search
Line 23: Line 23:
  
 
By sniffing the communication between the decoder and the Tele2 modem while it was updating we extracted a copy of the samsung.img firmware file.
 
By sniffing the communication between the decoder and the Tele2 modem while it was updating we extracted a copy of the samsung.img firmware file.
 +
 +
We were able to extract the root password from this firmware image by brute forcing the shadow file.
 +
 +
The credentials are:
 +
Username: root
 +
password: t1days
  
 
[[File:SMT-6010E.jpg]]
 
[[File:SMT-6010E.jpg]]

Revision as of 01:07, 15 September 2012

Project: Digital Decoder Mod
Featured:
State Active
Members Prodigity, Da Syntax
GitHub No GitHub project defined. Add your project here.
Description Gaining access to the console of the DD and perhaps install doom on it
Picture
No project picture! Fill in form Picture or Upload a jpeg here

The SMT-6010E

ftp server geval:

172.16.113.27

user: fttc

pass: cassis

firmware: download/samsung.img


WE HAZ A SOURCE CODE! link Source code

Versatek sniffed.jpg

By sniffing the communication between the decoder and the Tele2 modem while it was updating we extracted a copy of the samsung.img firmware file.

We were able to extract the root password from this firmware image by brute forcing the shadow file.

The credentials are: Username: root password: t1days

SMT-6010E.jpg

Specifications:

CPU 300 MHz DSP
Memory 128 MB SDRAM, 32MB DOC for OS Image, 2MB Flash for Boot loads
RTOS Linux
Browser Html 4.0, http 1.1, DHTML, Frame Support, JavaScript 1.3, SSL 3.0, CSS Level3, Open SSH, Cookie
Decoding MPEC-1: 5 Kbps ~ 1.5 Mbps MPEC-2: 1.5 Mbps ~ 6 Mbps, D1 Resolution, MP@LL MP@ML WMV-9
DRM Verimatrix DRM
Copy Protection Macrovision Copy Protection
WAN Interface RJ-45 for 10/100 Base-T
I/O Interface USB 1.1 2Ports, Composite Video Output, 2 Scarts, S-Video Output, RCA Stereo Audio (L/R) Output, S/PDIF Audio Output
Maintenance Network Configuration Screen Remote Software / OS Update through the Network Self-diagnostic Function

Description

The SMT-6010E is a Digital Decoder ... blabla bla

Gaining Access

...

I've currently connected the digital decoder to the ft232rl chip on my arduino (usb <-> rs232 conversion).

Pinout:

+------+ TX

| heat | RX

| sink | GND

+------+ VCC(3.3v)

After pressing 'Enter', the console asks me for a username and a password. Unfortunately, the password isn't easy to guess

Link to the source code: [1]