Any custom firmware?


One of the things I always liked about my HDR FOX T2 was the customised software from this forum and the ability to treat it as just another linux pc, logging in and making modifications.

how open are the FVP models? Are you able to log in to the box? Are the "bright young things" working on customised software for the new boxes?
The HDR-FOX and FOXSAT customising started with spotting a way in, and was spotted by people with a vested interest in exploiting it. You need A. a chink of hope; and B. an enthusiast to pick at it.
Each "improvement" in the Humax range seems to clamp down on what you can do. Customised Firmware hasn't been developed for the HDR-2000T (and 1800T). Developing CF is beyond me. I have no idea how the developers cracked the firmware. I think I read somewhere that the firmware for the 2000T can't be cracked in the same way as for the FOX. Some additional functionality can be created for the 2000T/1800T. But this is limited to what can be achieved by ftp-ing into the box and using DLNA - ie. tidying up the filestore, uploading/downloading files, "Foxy" style enabling of HiDef decryption on download. My understanding of what other people have said suggests that decrypted download of HiDef isn't possible on the FVP models. I'm not sure it is even possible to manipulate all of the filestore either. (By "all", I mean the parts where recordings are stored and where external videos maybe uploaded to).
To use BH's terms, the 2000T had A and not B. I suspect the FVP range has not A and not B. :(
I have no idea how the developers cracked the firmware.
If Humax had intended it to be secure, they didn't do a very good job - probably not realising that enthusiasts would look for a way around their simple attempt at security. The firmware update files are only secured by a "signature" which authenticates the file before the firmware updater permits it to be installed - the actual data is a plain binary of the execution code, which can be reverse-engineered with knowledge of the processor that executes it. As Humax used open-source components in their firmware, they were obliged to publish some details of the inner workings to honour the terms on which they used the open-source components, so that provided some intelligence, and there was some physical inspection and educated guesswork (and the Internet is a wonderful source of technical information).

The understanding of the code was one thing, but it also needed a spoofed signature to make our own code loadable as a firmware update. Some knowledge of typical cryptographic signature algorithms and a bit of trial and error cracked that, so that af123 could then both create a custom firmware image and give it a valid signature. There was little need, at that stage, to understand how very much of the code worked - all (!) that was necessary was to enable access to the Linux command line (open source) and therefore be able to inject our own commands to run alongside the Humax proprietary code (the benefits of a multi-processing computing environment).

Humax have a responsibility to prevent users altering the product - an altered product cannot have any warranty, but more particularly may not conform to the legal requirements for putting a product on the market as was proven in laboratory tests on the product (eg CE comformity). By locking down successive products much harder, all Humax are doing is learning from their mistakes and upholding their responsibilities.

I don't think I'm giving away any secrets here, and I'm certainly not belittling the efforts of the likes of af123, Raydon, xyz321, et al. It was straightforward (relatively!) to add our own functionality - it is much tougher to hack into the publicly-undocumented Humax proprietary code (which handles virtually all the interaction with the tuner and video hardware as if a "black box") to tweak the way native functions work. That is what is needed, for example, to turn off recording encryption. I assume the FOXSAT was much simpler in that respect (hence Nowster's patch).
Last edited:
By locking down successive products much harder, all Humax are doing is learning from their mistakes and upholding their responsibilities.
They are also making their newer products less attractive for people who want to backup their disks. With the possible migration of all terrestrial TV to DVB-T2 at some point, and possibly the StdDef versions of BBC/ITV/C4/C5 being turned off (ie. "ENC" appearing on more programmes), this may have an impact on all users of newer machines. Time to buy a HiDef dongle?
If the manufacturers thought they could get away with providing easy access to recordings, don't you think they would? Why do you think there isn't any marketing campaign publicising the "new HD PVR from BlackHole Inc, puts you in control"? Why wouldn't Humax capitalise our market, if they could?

If it weren't for what "we've" done with the HDR-FOX, I'm sure we would all be discussing home theatre open-source PVR solutions by now. T2 dongles were practically non-existent when I got into Humax ownership, otherwise I might have gone that way in 2010. It would have been expensive then, I'm not sure that's the case now.
I'm just hoping I can keep my 2000T serviceable for a long time (and that the rest of you can keep your FOXes working :D ). Without access to the newer FVP range, I'm not sure there is even...
a chink of hope
... for saving HiDef. I have a few ideas, but can't test them. (Would involve transferring files to USB drive, then to computer, renaming files, mixing and matching the .ts and .hjm from various sources, put back on USB, reloading - if possible - to Humax, and then saving again. Probably wouldn't work, takes longer to do than watch the programme, and could make a right mess :sleep: )