Monthly Archives: May 2012

IPv6 is Here!

Facebook turned on IPv6 on the main domain:

samm@samm-dell:~$ dig +short -t aaaa facebook.com
2a03:2880:2110:3f01:face:b00c::
2a03:2880:10:1f02:face:b00c:0:25
2a03:2880:10:8f01:face:b00c:0:25

Tagged ,

Philips MCI730 hacking – preparation

I am owner of the Philips MCI730 device. It runs Linux inside and has WIFI and Ethernet ports. It supports MP3 and Internet Radio. Also device supports UPNP/DLNA, so i am able to listen music directly from my NAS. Device is working mostly fine, but there are some very annoying problems.

  • WIFI works VERY unstable. I tried with 2 different routers. Sometime it just loosing AP. As workaround i am using Ethernet-connected access point in the “Client” mode.
  • No compressed lossless formats are supported. For me it sounds very stupid – there is MP3/WMA support, but no FLAC, wavepack or ape. As workaround my NAS converts lossless files to the LPCM on the fly.
  • No gap-less playback from UPNP device. I think it is limitations of the Firware.
  • Control point is implemented with a lot of bugs.

Despite all this problems i like the device, because it works good with my favorite radio-stations and FM tuner is also very good, i had much more expensive receiver before, but quality of radio was poor (bad reception zone). I think that WIFI problem should be easy-to-fix. Probably software is one-big-blob, so it would not be possible to add more formats. For control point interface probably some telnet-based workaround could be found. Problem is lack of  root access. I tried several options to get root on the device, but no luck so far. Some findings:

  1. There is no web interface. NMAP shows that ports 111/tcp, 1024/tcp and 8888/tcp are open. On 8888 Mediabolic UPNP/DLNA server is running. It is unclear what is on 1024 ports, tcp connection could be established, but it is closed in a short time.
  2. According to NMAP system is running Linux 2.6.X.
  3. I used tcpdump on my router to capture protocol between device and Philips servers. Protocol is HTTP (no TLS) with all data sent in the message body. Data is encrypted somehow.
  4. On USB only FAT formatted drives are detected.
  5. There is no GPL code or firmware sources/binaries on the vendor web site.

So i assume that only way to hack this device is to physically open it.What could be done then:

  • There should be somewhere serial interface, soldered or not.
  • JTAG (likely) or removable flash (unlikely).
  • If CPU is not hidden there will be more chances to find what is running on this box.

I am going to open the box in the nearest time. I found no stickers on the case, so warranty should not be affected. If you have positive experience with hacking this type of the devices – please drop me a comment.

Tagged , , , , ,

Exploring Servis24 certificate card from the Česká spořitelna bank

Česká spořitelna is one of the the largest banks in Czech Republic. I am client of this bank for a long time and satisfied with their services. One of the services I am using is an internet-bank (Servis24).

It is web-based and works from Firefox without problem. Only issue for me was SMS confirmation for every transaction – i found that SMS delivery in roaming is not always reliable. Also i dislike password-based authentication. So I decided to order card for certificate.

Image

Continue reading

Tagged , , , , , , ,