HeadlessZeke Posted February 27, 2009 Share Posted February 27, 2009 Since this is my first post, I suppose a brief introduction is in order: HeadlessZeke. OSCP, GPEN. Austin, TX. So, I got AT&T U-Verse installed at my house recently with three set top boxes (Motorola VIP1200). I've never been one to sit idly by while a piece of electronics equipment cranks away on my network, so I'm looking for ways to tinker. The first thing I notice about these STBs is that they all run WinCE 5.0 with Microsoft Mediaroom on top. I obviously can't do anything to these boxes that can't be undone, as (1) I won't be able to watch my precious U-Verse shows on them anymore, and (2) these are still technically the property of AT&T. That being said, what I am interested in is seeing if there is a way to get an ARM-port of Linux running on one of them, and turning it into a homebrew HD receiver of sorts. They have the potential of being a really cheap option (going for $20-$30 on ebay right now), assuming you can get AT&T out of the picture. Potential ways in: 1. There is an old GIF/JPG handler vulnerability for WinCE 5.0 that I can't even find a PoC for. The Mediaroom software has the option to view images in a Flikr account. If I can create an exploited gif or jpg, upload it to a Flikr account, and point the STB at it...I could possibly get a shell, and then we're in business. But as I said, I can't even find a PoC, and I don't have the time or the means to debug the vulnerability myself. So I may be out of luck as far as that goes. 2. Is there a way to "activesync" a windows mobile device over TCP/IP? These are WinCE devices after all. It would make sense that activesync would allow you to browse/modify the files if only you could connect to it. 3. There are two USB ports on each box. All the info I've found says that the ports are disabled right now, but I'm not so sure. I'm wondering if anyone has looked into creating a version of the Switchblade that's ARM/WinCE compatible. This may just be a pipe dream, but still something to consider. Anyways, just something I've been thinking on for a couple days. Any help/suggestions would be greatly appreciated. HeadlessZeke Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.