Jump to content

U-Verse VIP1200


HeadlessZeke

Recommended Posts

Since this is my first post, I suppose a brief introduction is in order: HeadlessZeke. OSCP, GPEN. Austin, TX.

So, I got AT&T U-Verse installed at my house recently with three set top boxes (Motorola VIP1200). I've never been one to sit idly by while a piece of electronics equipment cranks away on my network, so I'm looking for ways to tinker. The first thing I notice about these STBs is that they all run WinCE 5.0 with Microsoft Mediaroom on top. I obviously can't do anything to these boxes that can't be undone, as (1) I won't be able to watch my precious U-Verse shows on them anymore, and (2) these are still technically the property of AT&T. That being said, what I am interested in is seeing if there is a way to get an ARM-port of Linux running on one of them, and turning it into a homebrew HD receiver of sorts. They have the potential of being a really cheap option (going for $20-$30 on ebay right now), assuming you can get AT&T out of the picture.

Potential ways in:

1. There is an old GIF/JPG handler vulnerability for WinCE 5.0 that I can't even find a PoC for. The Mediaroom software has the option to view images in a Flikr account. If I can create an exploited gif or jpg, upload it to a Flikr account, and point the STB at it...I could possibly get a shell, and then we're in business. But as I said, I can't even find a PoC, and I don't have the time or the means to debug the vulnerability myself. So I may be out of luck as far as that goes.

2. Is there a way to "activesync" a windows mobile device over TCP/IP? These are WinCE devices after all. It would make sense that activesync would allow you to browse/modify the files if only you could connect to it.

3. There are two USB ports on each box. All the info I've found says that the ports are disabled right now, but I'm not so sure. I'm wondering if anyone has looked into creating a version of the Switchblade that's ARM/WinCE compatible. This may just be a pipe dream, but still something to consider.

Anyways, just something I've been thinking on for a couple days. Any help/suggestions would be greatly appreciated.

HeadlessZeke

Link to comment
Share on other sites

  • 10 months later...
Since this is my first post, I suppose a brief introduction is in order: HeadlessZeke. OSCP, GPEN. Austin, TX.

So, I got AT&T U-Verse installed at my house recently with three set top boxes (Motorola VIP1200). I've never been one to sit idly by while a piece of electronics equipment cranks away on my network, so I'm looking for ways to tinker. The first thing I notice about these STBs is that they all run WinCE 5.0 with Microsoft Mediaroom on top. I obviously can't do anything to these boxes that can't be undone, as (1) I won't be able to watch my precious U-Verse shows on them anymore, and (2) these are still technically the property of AT&T. That being said, what I am interested in is seeing if there is a way to get an ARM-port of Linux running on one of them, and turning it into a homebrew HD receiver of sorts. They have the potential of being a really cheap option (going for $20-$30 on ebay right now), assuming you can get AT&T out of the picture.

Potential ways in:

1. There is an old GIF/JPG handler vulnerability for WinCE 5.0 that I can't even find a PoC for. The Mediaroom software has the option to view images in a Flikr account. If I can create an exploited gif or jpg, upload it to a Flikr account, and point the STB at it...I could possibly get a shell, and then we're in business. But as I said, I can't even find a PoC, and I don't have the time or the means to debug the vulnerability myself. So I may be out of luck as far as that goes.

2. Is there a way to "activesync" a windows mobile device over TCP/IP? These are WinCE devices after all. It would make sense that activesync would allow you to browse/modify the files if only you could connect to it.

3. There are two USB ports on each box. All the info I've found says that the ports are disabled right now, but I'm not so sure. I'm wondering if anyone has looked into creating a version of the Switchblade that's ARM/WinCE compatible. This may just be a pipe dream, but still something to consider.

Anyways, just something I've been thinking on for a couple days. Any help/suggestions would be greatly appreciated.

HeadlessZeke

I'm working on trying to do the same thing as you over here, http://www.facepunch.com/showthread.php?t=875375

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...