RE: Yes, trying to hack a remote control

Hi Brain,
Did you tried the command follow TCP stream in wireshark, by right clicking
on one of the telnet session packets, is should show you the username and
password sent to the device!!!

CU
tripM

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On
Behalf Of Brian Kerley
Sent: Thursday, February 08, 2007 1:29 AM
To: security-basics@xxxxxxxxxxxxxxxxxxxxxxx
Subject: Yes, trying to hack a remote control

Ok, you guys are going to probably think I'm the biggest loser, but here's
what's up.

I've got a new Harmony 1000 remote from logitech. It's a new touchscreen
remote that has just came out. Of course, I can't leave well enough alone
and would like to take a look at the inner workings of this thing. That's
where it gets difficult and I'm hoping someone might be able to help.

The remote connects via usb using a Belcarra USB Lan Link. The remote gets
assigned an IP address of 169.254.1.2 I've scanned it and it shows that it
is running both telnet and ftp (as well as another service called "discard"
according to nmap). So I've tried to telnet/ftp into it using a various
combination of passwords and usernames. I've also tried to do a dictionary
attack, but the remote shuts the service down after so many attempts. I've
also tried using both Cain and Wireshark to analyze the packets being sent
to the remote during an update that is performed by the included software.
I got a lot of data, but I can't seem to find any plaintext passwords or
usernames in the packets. The software running on the computer is java, and
the remote's software might be java as well.

Do you guys have any ideas on how I might be able to get into this thing?
There are also a lot of guys running linux that have other logitech remotes,
and of course are high-and-dry right now about how to update without running
a virtual environment. If I can figure how to get in over one of these
services, then maybe it can be of some help to those guys.

Thanks,
Brian

Relevant Pages

  • Trying to hack/crack a remote control
    ... I've got a new Harmony 1000 remote from logitech. ... usernames in the packets. ... java, and the remote's software might be java as well. ... Any exploits on the telnet or FTP service that can be run? ...
    (comp.security.misc)
  • Re: Yes, trying to hack a remote control
    ... I've got a new Harmony 1000 remote from logitech. ... combination of passwords and usernames. ... usernames in the packets. ... the remote's software might be java as well. ...
    (Security-Basics)
  • Re: Telnet seesions dropping
    ... The remote problem occurs whether signned-on or not. ... dials and connect to a 2nd US Robotic 33.6 attached to our Iseries. ... We use a dialup analog router to connect to the internet, ... After 15 minutes of non-telnet usage the Telnet sessions die. ...
    (comp.sys.ibm.as400.misc)
  • Re: What is going on with my Dialup?
    ... also forward it to an unused port, and have that port provide the ... verses the RST or ICMP 3,3. ... The lack of response causes the remote computer to make ... Others think that by not responding to unwanted packets, ...
    (comp.os.linux.networking)
  • Re: What is going on with my Dialup?
    ... also forward it to an unused port, and have that port provide the ... There is a huge debate of whether it's better to provide no response ... The lack of response causes the remote computer to make ... Others think that by not responding to unwanted packets, ...
    (comp.os.linux.networking)