Tmphack: Difference between revisions

From Lundman Wiki
No edit summary
No edit summary
Line 8: Line 8:




  host <<=>> minidevice
  host <<=>> minidevice Run 1
  ======================
  ======================
  >> port 1441 Syn?
  >> port 1441 Syn?
  << Syn!
  << Syn!
   
   
  >> 04 "0900" 05    # 04 = new request for 0900 ? The response seems to be, 01 stuff, 02 stuff, 03 stuff, 04 end
  >> 04 "0900" 05    # 04 = new request ? The response seems to be, 01 stuff, 02 stuff, 03 stuff, 04 end
  << 01 "0001" 02 "09000021800000000080000000" 03 09
  << 01 "0001" 02 "09000021800000000080000000" 03 09
  >> 10 30            # something
  >> 10 30            # something
  << 04              # 04 = ok?
  << 04              # 04 = ok?
   
   
  >> 04 "0700" 05    # new request for 0700 ?
  >> 04 "0700" 05    # new request ?
  << "0700" 04        # empty?
  << "0700" 04        # empty?
  >> 04 "0600" 05    # gimme from 0600 ?
  >> 04 "0600" 05    #   ?
  << 01 "0001" 02 "longstringofdata" 03 0d    # lots of data
  << 01 "0001" 02 "longstringofdata" 03 0d    # lots of data
  >> 10 30            # something? (clear?)
  >> 10 30            # something? (clear?)
Line 31: Line 31:
  >> 04              # ok
  >> 04              # ok
   
   
  >> 04 "0600" 05    # again, give me 0600
  >> 04 "0600" 05    # again, give me 0600 again?
  << "0600" 04        # now its empty
  << "0600" 04        # now its empty
  >> Fin
  >> Fin
Line 54: Line 54:
  # end
  # end
  03 0d
  03 0d
host <<=>> minidevice  Run 2
======================
>> 04 "0900" 05
<< 01 "0001" 02 "09000021800000000240000000              " 03 07
>> 10 30
<< 04
>> 04 "0700" 05
<< "0700" 04
>> 04 "0600" 05
<< 01 "0001"
<< 02 "longstringdata" 03 0e
>> 10 30
<< 01 "0001"
<< 02 "more long data" 03 0e
>> 10 30
<< 01 "0001"
<< 02 "more long data" 03 04
>> 10 30
<< 04
>> 04 "1901" 05
<< 10 30
>> 01 "0002" 02 "1911            " 03 0b
<< 10 31
>> 04
>> 04 "0600" 05
<< "0600" 04
>> Fin
<< Fin

Revision as of 02:23, 3 October 2008

Hacking the HDX-1000 media player.

Firmware analysis

The HDX-1000 minidevice player seems to communicate on port 1441.

The bytes captured are: 


host <<=>> minidevice  Run 1
======================
>> port 1441 Syn?
<< Syn!

>> 04 "0900" 05     # 04 = new request ? The response seems to be, 01 stuff, 02 stuff, 03 stuff, 04 end
<< 01 "0001" 02 "09000021800000000080000000" 03 09
>> 10 30            # something
<< 04               # 04 = ok?

>> 04 "0700" 05     # new request  ?
<< "0700" 04        # empty?
>> 04 "0600" 05     #    ?
<< 01 "0001" 02 "longstringofdata" 03 0d     # lots of data
>> 10 30            # something? (clear?)
<< 04               # ok

>> 04 "1901" 05     # request for 1901?
<< 10 30            
>> 01 "0002" 02 "1911            " 03 0b   # spaces, normal 01,02,03 reply, but what is it
<< 10 31            # 10 31 now
>> 04               # ok

>> 04 "0600" 05     # again, give me 0600 again?
<< "0600" 04        # now its empty
>> Fin
<< Fin


The longstring of data, appears to contain: 

01
30 3030 31                    "0001"
02 
#Start of record, total of 8 records this time
3331                          "31"
3230 3038 3130 3033 3038 3436 "200810030846"   # known
3030 3031                     "0001"
3030 3030 3030 3132 3232      "0000001222"     # known
3030 3031                     "0001" 
#Start of next record
3331                          "31"
... etc ..
3030 3031                     "0001" 
# end
03 0d




host <<=>> minidevice  Run 2
======================

>> 04 "0900" 05
<< 01 "0001" 02 "09000021800000000240000000              " 03 07
>> 10 30
<< 04

>> 04 "0700" 05
<< "0700" 04

>> 04 "0600" 05
<< 01 "0001"
<< 02 "longstringdata" 03 0e
>> 10 30
<< 01 "0001" 
<< 02 "more long data" 03 0e
>> 10 30
<< 01 "0001" 
<< 02 "more long data" 03 04
>> 10 30
<< 04

>> 04 "1901" 05
<< 10 30

>> 01 "0002" 02 "1911            " 03 0b
<< 10 31
>> 04

>> 04 "0600" 05
<< "0600" 04

>> Fin
<< Fin
Retrieved from "http://lundman.net/wiki/index.php?title=Tmphack&oldid=2894"