Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Some magic secrets.

From: T Biehn <tbiehn () gmail com>
Date: Mon, 23 May 2011 09:39:38 -0400
Yeah these are Yahoo TV Widget url signing keys for Samsung & LG devices,
they are used together with a timestamp to prevent you from grabbing other
people's widgets/spoofing devices. If you fire up wireshark while you're
poking at these TV's you'll see some calls to Yahoo services ending in
&sign=

url = http://....yahoo....?1=a&2=b&3=c
url = url+"&sign="md5(url+Secret)

Update the ts (timestamp in msecs) parameter, resign, post & play.
Interesting to look at the various widgets & sources, none of them have any
form of obfuscation applied to the javascript, could be useful in finding
and exploring unknown APIs :)

-Travis

On Thu, Mar 10, 2011 at 3:18 PM, Ryan Sears <rdsears () mtu edu> wrote:


Hrm....

Could this have something to do with this => http://pastebin.com/rD8hwpxT? :-P

As far as 'magic secrets' go, either disclose something or don't. Then move
on, personally I think posting cryptic messages to a public forum like this
is a bit dumb. If you're trying to say something, just say it.

Ryan

----- Original Message -----
From: "T Biehn" <tbiehn () gmail com>
To: "full-disclosure" <Full-Disclosure () lists grok org uk>
Sent: Thursday, March 10, 2011 1:22:50 PM GMT -05:00 US/Canada Eastern
Subject: [Full-disclosure] Some magic secrets.

SA: R8P6PtAlwn2bQobnedI2g7TxgqL4n091Fcq44nRh6CY-
L: qCb_hz5hQVQezObhN.VP8HYkBdubli1el0xDUxDpvrU-
SO:?
V:?

Do the replace live: <value key="gallery.gallery-url">localhost</value>


Also,
First!

-Travis
--
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/





-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: