FOX T2 Hacking?

I've begun to write a tool to work with HDF files. I know there are some around available for download, but they're quite old and I also wanted to understand the file format and the way it's put together myself. If I get it working it will be available for Solaris, MacOSX, Linux, Windows... The plan is to make it functional at extracting and creating HDF files. At the moment it can extract the four sections of the file in their raw format and decompress most of the compressed blocks. I'm having trouble decompressing the last block of the first file (the squashfs part) at the moment but it's getting there!
 
telnett2.jpg

Screenshot of first root access tothe HDR Fox T2. Access was gained by using a custom firmware I created, based on my earlier mods to the Foxsat HDR.
 
Last edited:
Code: 
%  ./hdftool ../hdr_fox_t2_upgrade.hdf

Opening ../hdr_fox_t2_upgrade.hdf, 17598758 bytes.
        Model:  4 (0x4)
        System: 0x80bc7e00
Found new file at position 0x14 (Compressed)
      Filename: 1.hdfbin-1-000000.raw
      Wrote 15736832 bytes.
Found new file at position 0xef5a8c (NOT Compressed)
      Filename: 2.hdfbin-128-000000.raw
      Wrote 32 bytes.
Found new file at position 0xef5ab8 (Compressed)
      Filename: 3.hdfbin-1-1e00000.raw
      Wrote 1914272 bytes.
Found new file at position 0x10c88fa (NOT Compressed)
      Filename: 4.hdfbin-128-000000.raw
      Wrote 32 bytes.
Processed in: 0.18s

% ls -l *.raw
-rw-------   1 af123       other    15736832 Feb 24 00:08 1.hdfbin-1-000000.raw
-rw-------   1 af123       other         32 Feb 24 00:08 2.hdfbin-128-000000.raw
-rw-------   1 af123       other    1914272 Feb 24 00:08 3.hdfbin-1-1e00000.raw
-rw-------   1 af123       other         32 Feb 24 00:08 4.hdfbin-128-000000.raw

It doesn't do anything that the Windows HDF tool can't do but at least makes extraction and compression a quicker process for me on linux.
 
I have the entire evening to myself to test anything if needed raydon, otherwise i wont be free until next week again.. i feel like i'm hardly ever at home lately :(
 
Hi guys - sorry i have been away for a while - but well done for getting so far.

I have just lifeted the lid on the box, and noted that there is in fact a com port (labeld UART 0) on the main board next to what appears to be a Zilog UART controller. I wonder if this has a getty running on it? As this would make it a lot easier to get into as you could then just add extra software to the HD.

On this subject I think we should consider only adding minimal extra code to the image, and concentrate on using a partition on the HD/ using an external HD for staorage of program code for three reasons

1) The flash is small (32Mbytes)
2) It will allow us to add in new updates from Humax without having to recreate everything again
3) We can add things on the fly instead of needing to flash the box every time we make a change.

Would it help if we had a mailing list between developers/moved this off a public forum?

james
 
@framedtoo - The reason i suggest going private for a while is mainly because there are major DRM issues at play here - i suspect the reason there is a key preventing us from falshing the box is because the BBC/SKY/ITV etc will not want a bunch of hackers taking their HD recordings off the box etc and the uploading them to tvtorrents.com etc.........

If we publicise out work like this then I suppect we will find a OTA update to the loader come out while were not looking which makes it 10x more difficut do what we are trying!

The other issue is that reverse enginearing the hdf and moding the software is illegal in the UK without expressed authorisation from whoever wrote it (i.e. HUMAX)
 
No-one is talking about removing drm or encryption here. That is a separate issue that should not be disccussed here.
 
James said:
@framedtoo - The reason i suggest going private for a while is mainly because there are major DRM issues at play here - i suspect the reason there is a key preventing us from falshing the box is because the BBC/SKY/ITV etc will not want a bunch of hackers taking their HD recordings off the box etc and the uploading them to tvtorrents.com etc.........

If we publicise out work like this then I suppect we will find a OTA update to the loader come out while were not looking which makes it 10x more difficut do what we are trying!

The other issue is that reverse enginearing the hdf and moding the software is illegal in the UK without expressed authorisation from whoever wrote it (i.e. HUMAX)
Click to expand...


the thread has been about the open source software as far as i'm aware

if you, or anyone else choose to do anything that would infringe copyright, then thats up to you

as everything is legal at the moment, please keep the posts coming
 
The only illegal thing is using the Windows HDF tool to remove the encryption of the hdf file. From that point on its fine.

My main concern is that Humax may end up being forced by other companies to increase the encryption of the file system in the HDF file to prevent us from doing this if they consider it to be a risk to files you record onto the hard drive from HD channels which are encrypted.
 
James said:
The only illegal thing is using the Windows HDF tool to remove the encryption of the hdf file. From that point on its fine.

My main concern is that Humax may end up being forced by other companies to increase the encryption of the file system in the HDF file to prevent us from doing this if they consider it to be a risk to files you record onto the hard drive from HD channels which are encrypted.
Click to expand...
I think you're missing the point a bit here. You can already transfer encrypted HD video off the box via FTP, so where is the increased risk ? There are no 'in the clear' recordings stored anywhere on the hard disk, unless you put your own content on there. Every 'native' recording is encrypted with a key which is unique to that particular box, so you couldn't even play it on another T2.
And it's not a question of how to reflash the box to get root access, I've already done that. It's more about what you are going to do when you get in there. Since ALL content is encrypted as it's recorded, there is absolutely nothing more you can do with it ! Unless of course, you intend to try and reverse engineer encryption. Humax are already going to provide a DLNA server on the T2 (which will decrypt its own content on the fly, as it streams it off the box) so exactly what more can you hope to achieve (by legal means) in using modded firmware ? I keep asking this and have yet to be given a definitive answer.
 
im just curious, i've been reading this thread, and trying to get to the HDF file just to see if i can. i would have no idea what to do with it when/if i manage it,

it passes some time till summer though, by the way summer this year 8th july to the 11 july dont miss it
 
I for one would like the same abilities and possibilities as has been achieved in the foxsat as I have stated previously.
Sure the content is encrypted, fair enough, so the main point of opening the box up is not possible (with this firmware), so what else can we do?

Well, we don't know until we can tinker with it!

What about fixing those annoying strings for starters such as "sort by date" instead of "sort by time"
Little things like that annoy me because its a basic mistake that should have been corrected in v1.01

Maybe we can start pooling ideas about what's possible, do-able etc.

What about a new portal selection page? More places to stream from? There's quite a few possibilities with the portal, but until developers can actually have a look and test, we won't know.
 
You must log in or register to reply here.
Back
Top