FOX T2 Hacking?
- Thread starter ChrisDaniels
- Start date
So, finally got to the bottom of the 32 byte trailer blocks. They contain a checksum of the preceding file generated by a faulty SHA256 algorithm (perhaps deliberately broken for obfuscation?) which has then been encrypted with a block cipher.
I've finished the HDF tool so that it handles these signature blocks automatically and generates the correct checksums on the fly. When I get back home later this week I'll try and update the software on my box using it.
I've finished the HDF tool so that it handles these signature blocks automatically and generates the correct checksums on the fly. When I get back home later this week I'll try and update the software on my box using it.
I haven't had any luck getting my Humax to take an updated filesystem via USB and I'm confident that I'm now creating valid images with correct checksum blocks (if I unpack and re-pack any of the versions from the Humax site I get back to the same file).
The box sees the update file and says it's programming it, then says download success, but after the reboot there is no difference and the last update date in system information still says January. There's no indication as to why the update wasn't accepted.
The box sees the update file and says it's programming it, then says download success, but after the reboot there is no difference and the last update date in system information still says January. There's no indication as to why the update wasn't accepted.
Spoke too soon:
Code:
$ telnet humax
Trying 172.29.0.252...
Connected to humax
Escape character is '^]'.
#
# df -h
Filesystem Size Used Available Use% Mounted on
rootfs 15.1M 15.1M 0 100% /
/dev/root 15.1M 15.1M 0 100% /
tmpfs 61.0M 4.0k 61.0M 0% /tmp
tmpfs 61.0M 0 61.0M 0% /media
/dev/mtdblock1 2.0M 456.0k 1.6M 22% /var/lib/humaxtv
/dev/mtdblock2 2.0M 388.0k 1.6M 19% /var/lib/humaxtv_backup
/dev/sda1 1011.4M 36.2M 923.8M 4% /mnt/hd1
/dev/sda2 906.1G 224.6G 635.5G 26% /mnt/hd2
/dev/sda3 9.8G 268.1M 9.1G 3% /mnt/hd3
OP
ChrisDaniels
Well-Known Member
Nice one 
I'm off to Portugal in the morning so I'll check back in a week !
I'm off to Portugal in the morning so I'll check back in a week !
Kyrt,
As far as I understand reverse engineering is allowed (otherwise Wine project would be illegal). However, you're now allowed reverse-engineering by looking at the code.
However, would table structures constitute "code" - I don't think so but might be a grey area.
The problem with updating tables is that I'd guess you'd need to signal to the program that the tables need to be re-read.
Hopefully a reboot won't be necessary ?
As far as I understand reverse engineering is allowed (otherwise Wine project would be illegal). However, you're now allowed reverse-engineering by looking at the code.
However, would table structures constitute "code" - I don't think so but might be a grey area.
The problem with updating tables is that I'd guess you'd need to signal to the program that the tables need to be re-read.
Hopefully a reboot won't be necessary ?
The legalities of the situation are going to be different in what ever country you are based in. Observing a situation and then writing your OWN code to do the same thing is not illegal (in UK or US) - this is a prime example of how Samba designed their software by observing what windows NT server did if you sent certain packets to it, and then writing code that did the same thing (but in a different way) - Obviously copying the code is illegal.
The reason I raise this is that if somebody with a HD-FOX T2 is thinking of downloading the HDR-FOX T2 code and copying the TV portal code from this box's firmware and 'adding' it to the HD-FOX T2's fireware this would seem to be a violation of Humax's copyright on the code - However I doubt they would try and defend their copyright on this code if you tried to do this in their current situation. - This also depends what the license is that Humax have granted users of the firmware
Second point that could be considered is regarding the database. As the database is already editable via the remote control (for recording schedule etc) all you are going to be doing is writing code that makes the same changes to the DATA stored in the table - you are not going to be making changes to the table structure are you
Either way unless you go and publish your work for all to see I doubt anybody will ever find out - and if anybody does, tell them to go away and get a warrent to search you house, and then wipe the flash before they get back - or just simple toss it out your window into the street and let it smash.....
The reason I raise this is that if somebody with a HD-FOX T2 is thinking of downloading the HDR-FOX T2 code and copying the TV portal code from this box's firmware and 'adding' it to the HD-FOX T2's fireware this would seem to be a violation of Humax's copyright on the code - However I doubt they would try and defend their copyright on this code if you tried to do this in their current situation. - This also depends what the license is that Humax have granted users of the firmware
Second point that could be considered is regarding the database. As the database is already editable via the remote control (for recording schedule etc) all you are going to be doing is writing code that makes the same changes to the DATA stored in the table - you are not going to be making changes to the table structure are you
Either way unless you go and publish your work for all to see I doubt anybody will ever find out - and if anybody does, tell them to go away and get a warrent to search you house, and then wipe the flash before they get back - or just simple toss it out your window into the street and let it smash.....
Second point that could be considered is regarding the database. As the database is already editable via the remote control (for recording schedule etc) all you are going to be doing is writing code that makes the same changes to the DATA stored in the table - you are not going to be making changes to the table structure are you
You're not editing the data stored in the tables with the remote control. The remote control interacts with the humax program that's running. The question is "when does the humax program read the database ?". Obviously it does this on boot up. Its possible it never reads its again, since when you add/delete a recording it knows what you're doing. However, if the humax is actually a few programs (or threads) - 1 to control the interface and 1 to do the recording then once the data is changed in the db then it would need to signal to the recording program/thread to re-read the database.
Will be interesting finding out....
I've almost got an HDF file ready that I'll be happy to share, but I need to find more time to finish it and tidy up. I've also got a very lightweight TCL interpreter with SQLite3 support running on my box that has no problems reading the Humax databases.
Code:
humax# jimsh
Welcome to Jim version 0.71, Copyright (c) 2005-8 Salvatore Sanfilippo
. package require sqlite3
. set db [sqlite3.open /var/lib/humaxtv/rsv.db]
. set res [$db query {select * from tbl_reservations}]
. foreach r $res {puts "$r(szevtname) $r(nduration) $r(szCRID)"}
i7NCIS 3600 WWW.FIVE.TV/RARH
i7Octonauts 600 FP.BBC.CO.UK/KQX9Q1
i7Octonauts: Creature Reports 300 FP.BBC.CO.UK/KS658O
i7Dennis & Gnasher 900 FP.BBC.CO.UK/KR9GHW
i7CSI: New York 3600 WWW.FIVE.TV/RAQN
i7CSI: Crime Scene Investigation 3600 WWW.FIVE.TV/RAUE
i7Chuggington 600 FP.BBC.CO.UK/KPM3QK
i7The Scooby-Doo Show 1800 FP.BBC.CO.UK/KSN12C
Wonders of the Universe 3600 FP.BBC.CO.UK/KT948D
i7The Mentalist 3600 WWW.FIVE.TV/RAQQ
i7The Mentalist 3600 WWW.FIVE.TV/RAQQ
i7Waking the Dead 3600 FP.BBC.CO.UK/KTCWHC
Comic Relief Highlights 2011 3600 FP.BBC.CO.UK/KTCX9K
Formula 1: The Chinese Grand Prix 9000 FP.BBC.CO.UK/KTGN3M
i7Formula 1: The Chinese Grand Prix 3600 FP.BBC.CO.UK/KTLO9J
SuperScrimpers: Waste Not Want Not 1800 WWW.CHANNEL4.COM/C4ED0110330162111551
i7The Fall Guy 3900 WWW.ITV.COM/27759895
i7The Fall Guy 3600 WWW.ITV.COM/27759897
.I've not got the time to help out with this at the moment but I'd like to say well done and thanks to everyone for getting this far. Great work. Being able to mod the firmware provides many opportunities to enhance the product. Android springs to mind as a great example of this.
Although there are only a few contributors on this topic, I'm sure there are many others who take an interest but do not have the time and/or skills to help out.
Although there are only a few contributors on this topic, I'm sure there are many others who take an interest but do not have the time and/or skills to help out.
I agree I'm from the .Net world so apart from and Android Phone and electrical aroudn the house I don't really use Linux.
However I have been watching this thread avidly, and hoping for the break through.
For me the important thing is that if humax cut us adrift we can still add to the product; from Humax's lack of intrest in it's customers this could be likely too.
Is there any chance of using the box to connect directly to the iplayer site, rather than going through the slow portal?
Or are there issues with the speed and abilty of architecture?
Again top marks guys.
However I have been watching this thread avidly, and hoping for the break through.
For me the important thing is that if humax cut us adrift we can still add to the product; from Humax's lack of intrest in it's customers this could be likely too.
Is there any chance of using the box to connect directly to the iplayer site, rather than going through the slow portal?
Or are there issues with the speed and abilty of architecture?
Again top marks guys.
Does this mean you are not going to release your HDF Tool so that anyone can just make their own ?
Does this mean you are not going to release your HDF Tool so that anyone can just make their own ?
I plan to release that in the next couple of weeks. I just need to make some time to finish it off!
It might even be useful to streamline the creation of your FOXSAT files
Thanks af123, any tool which can make things easier has got to be good. Looking forward to the official release.It might even be useful to streamline the creation of your FOXSAT files
I've released a custom HDF file - new thread here.
I've started working on a little tool to extract information from .hmt files and allow some useful tweaks. Not ready for release yet but I just wanted to share a little triumph..
I have a lot of folders of kids' programmes, like these
and there are a lot of duplicates and they all show up in the Media List as just 'Chuggington'.
I wrote a small script which uses my new 'hmt' utility:
and now I have a folder like:
No more duplicates and the media list shows titles like 'Koko on Call" now.
Edit: the dedup package is now availabe in the repository.
I have a lot of folders of kids' programmes, like these
Code:
humax# ls
Chuggington_20110107_0748.hmt Chuggington_20110305_0720.nts
Chuggington_20110107_0748.nts Chuggington_20110305_0720.thm
Chuggington_20110107_0748.thm Chuggington_20110305_0720.ts
Chuggington_20110107_0748.ts Chuggington_20110306_0720.hmt
Chuggington_20110108_0720.hmt Chuggington_20110306_0720.nts
Chuggington_20110108_0720.nts Chuggington_20110306_0720.thm
Chuggington_20110108_0720.thm Chuggington_20110306_0720.ts
Chuggington_20110108_0720.ts Chuggington_20110307_0719.hmt
Chuggington_20110109_0720.hmt Chuggington_20110307_0719.nts
... (you get the picture)and there are a lot of duplicates and they all show up in the Media List as just 'Chuggington'.
I wrote a small script which uses my new 'hmt' utility:
Code:
#!/bin/sh
[ ! -d dup ] && mkdir dup
for hmt in *.hmt; do
fbase=`basename $hmt .hmt`
epg=`hmt $hmt | grep '^EPG:' | cut -d: -f2`
newfbase="`echo $epg | tr '[/ ]' '[._]'`"
[ "$fbase" = "$newfbase" ] && continue
echo "$fbase -> $newfbase"
if [ -f "$newfbase.ts" ]; then
echo " Duplicate"
mv "$fbase."* dup
continue
fi
for f in "$fbase."*; do
[ ! -f "$f" ] && continue
ext=`echo "$f" | sed 's/.*\.//'`
echo " Moving $f [$ext]"
mv "$f" "$newfbase.$ext"
done
hmt +patchtitle="$epg" "$newfbase.hmt"
doneand now I have a folder like:
Code:
A_Pat_On_The_Paintwork.hmt Koko_on_Call.hmt
A_Pat_On_The_Paintwork.nts Koko_on_Call.nts
A_Pat_On_The_Paintwork.thm Koko_on_Call.thm
A_Pat_On_The_Paintwork.ts Koko_on_Call.ts
Action_Brewster.hmt Late_Again_Eddie.hmt
Action_Brewster.nts Late_Again_Eddie.nts
Action_Brewster.thm Late_Again_Eddie.thm
Action_Brewster.ts Late_Again_Eddie.tsNo more duplicates and the media list shows titles like 'Koko on Call" now.
Edit: the dedup package is now availabe in the repository.