Difference between revisions of "Digital Decoder Mod"

From Hackerspace ACKspace
Jump to: navigation, search
m (set project picture)
 
(12 intermediate revisions by 3 users not shown)
Line 1: Line 1:
 
{{Project
 
{{Project
|State=Stalled
+
|State=Completed
|Members=Prodigity
+
|Members=Prodigity, Da Syntax
 
|Description=Gaining access to the console of the DD and perhaps install doom on it
 
|Description=Gaining access to the console of the DD and perhaps install doom on it
 +
|Picture=Versatek_sniffed.jpg
 
}}
 
}}
 
==The SMT-6010E==
 
==The SMT-6010E==
 +
 +
ftp server geval:
 +
 +
172.16.113.27
 +
 +
user: fttc
 +
 +
pass: cassis
 +
 +
firmware: download/samsung.img
 +
  
 
WE HAZ A SOURCE CODE!
 
WE HAZ A SOURCE CODE!
 
[http://www.samsung.com/global/business/telecomm/opensource/SMT-6010E_OpenSource.zip link Source code]
 
[http://www.samsung.com/global/business/telecomm/opensource/SMT-6010E_OpenSource.zip link Source code]
  
 +
 +
By sniffing the communication between the decoder and the Tele2 modem while it was updating we extracted a copy of the samsung.img firmware file.
 +
 +
We were able to extract the root password from this firmware image by bruteforcing the shadow file.
 +
 +
The credentials are:
 +
 +
Username: root
 +
 +
password: t1days
  
 
[[File:SMT-6010E.jpg]]
 
[[File:SMT-6010E.jpg]]
Line 43: Line 65:
  
 
I've currently connected the digital decoder to the ft232rl chip on my arduino (usb <-> rs232 conversion).
 
I've currently connected the digital decoder to the ft232rl chip on my arduino (usb <-> rs232 conversion).
When booting up the device
+
 
 +
Pinout:
 +
 
 +
+------+ TX
 +
 
 +
| heat | RX
 +
 
 +
| sink | GND
 +
 
 +
+------+ VCC(3.3v)
  
 
{| class="wikitable collapsible collapsed"
 
{| class="wikitable collapsible collapsed"

Latest revision as of 21:49, 3 November 2015

Project: Digital Decoder Mod
Featured:
State Completed
Members Prodigity, Da Syntax
GitHub No GitHub project defined. Add your project here.
Description Gaining access to the console of the DD and perhaps install doom on it
Picture
Versatek sniffed.jpg

The SMT-6010E

ftp server geval:

172.16.113.27

user: fttc

pass: cassis

firmware: download/samsung.img


WE HAZ A SOURCE CODE! link Source code


By sniffing the communication between the decoder and the Tele2 modem while it was updating we extracted a copy of the samsung.img firmware file.

We were able to extract the root password from this firmware image by bruteforcing the shadow file.

The credentials are:

Username: root

password: t1days

SMT-6010E.jpg

Specifications:

CPU 300 MHz DSP
Memory 128 MB SDRAM, 32MB DOC for OS Image, 2MB Flash for Boot loads
RTOS Linux
Browser Html 4.0, http 1.1, DHTML, Frame Support, JavaScript 1.3, SSL 3.0, CSS Level3, Open SSH, Cookie
Decoding MPEC-1: 5 Kbps ~ 1.5 Mbps MPEC-2: 1.5 Mbps ~ 6 Mbps, D1 Resolution, MP@LL MP@ML WMV-9
DRM Verimatrix DRM
Copy Protection Macrovision Copy Protection
WAN Interface RJ-45 for 10/100 Base-T
I/O Interface USB 1.1 2Ports, Composite Video Output, 2 Scarts, S-Video Output, RCA Stereo Audio (L/R) Output, S/PDIF Audio Output
Maintenance Network Configuration Screen Remote Software / OS Update through the Network Self-diagnostic Function

Description

The SMT-6010E is a Digital Decoder ... blabla bla

Gaining Access

...

I've currently connected the digital decoder to the ft232rl chip on my arduino (usb <-> rs232 conversion).

Pinout:

+------+ TX

| heat | RX

| sink | GND

+------+ VCC(3.3v)

After pressing 'Enter', the console asks me for a username and a password. Unfortunately, the password isn't easy to guess

Link to the source code: [1]