Security Basics mailing list archives
Re: Yes, trying to hack a remote control
From: gjgowey () tmo blackberry net
Date: Thu, 8 Feb 2007 20:07:42 +0000
I've done some embedded programing in the past and I can guess that the ftp server is for firmware updates. However, when I worked with a digi Connectme the way I had the ftp server setup you only could upload files not read or download anything. The firmware would flash after the upload completed. That said you might not get anything out of the remote even if you do crack the password for the ftp portion. It might be different in your case though. I just don't know. Geoff Sent from my BlackBerry wireless handheld. -----Original Message----- From: "Brian Kerley" <kidgenius () gmail com> Date: Wed, 7 Feb 2007 15:28:56 To:security-basics () lists securityfocus com Subject: Yes, trying to hack a remote control Ok, you guys are going to probably think I'm the biggest loser, but here's what's up. I've got a new Harmony 1000 remote from logitech. It's a new touchscreen remote that has just came out. Of course, I can't leave well enough alone and would like to take a look at the inner workings of this thing. That's where it gets difficult and I'm hoping someone might be able to help. The remote connects via usb using a Belcarra USB Lan Link. The remote gets assigned an IP address of 169.254.1.2 I've scanned it and it shows that it is running both telnet and ftp (as well as another service called "discard" according to nmap). So I've tried to telnet/ftp into it using a various combination of passwords and usernames. I've also tried to do a dictionary attack, but the remote shuts the service down after so many attempts. I've also tried using both Cain and Wireshark to analyze the packets being sent to the remote during an update that is performed by the included software. I got a lot of data, but I can't seem to find any plaintext passwords or usernames in the packets. The software running on the computer is java, and the remote's software might be java as well. Do you guys have any ideas on how I might be able to get into this thing? There are also a lot of guys running linux that have other logitech remotes, and of course are high-and-dry right now about how to update without running a virtual environment. If I can figure how to get in over one of these services, then maybe it can be of some help to those guys. Thanks, Brian
Current thread:
- Yes, trying to hack a remote control Brian Kerley (Feb 08)
- RE: Yes, trying to hack a remote control email23m (Feb 08)
- Re: Yes, trying to hack a remote control gjgowey (Feb 08)
- Message not available
- Re: Yes, trying to hack a remote control Brian Kerley (Feb 08)
- Re: Yes, trying to hack a remote control gjgowey (Feb 09)
- Re: Yes, trying to hack a remote control Allan Wind (Feb 09)
- Re: Yes, trying to hack a remote control Brian Kerley (Feb 08)