prophet Posted October 11, 2017 Share Posted October 11, 2017 Hi I googled a bit and tried to see if anyone would have tried to hack this older model of SanDisk Connect. Anyways the search turned out empty so here is what I did to gain root access. Device has telnet on even the latest firmware. You can connect to it and login with you admin account and password. After that I had access to the shadow file and then I just brute forced the password. Anyways after that I can login to the telnet session with root and used this password: "sqn1351" That password also allows root access to FTP. This site seemed to popup when I googled so if anyone else wants to have a go on this device let me save you some time and there should be the password. I'd be interested to hear from others if they too have this hardcoded password for root. I assume for at least this device the password is the same. TBH I would also try on the newer stick models. Quickly about the device: It's 32GB or 64GB wifi storage device with full size SD card slot. It runs Linux and has 128mb of ram. It's Armv7 device. I bought new for 15€ so they are really neat devices now since they are so cheap. Ps. I don't know if this is the right place to post this so sorry about if I posted to wrong place. 1 Quote Link to comment Share on other sites More sharing options...
Forkish Posted October 11, 2017 Share Posted October 11, 2017 I believe I have one these but the drive needs reformatting before it will work as intended. I like the idea of it. Can you post an amazon link to the one you have or one similar? Quote Link to comment Share on other sites More sharing options...
prophet Posted October 12, 2017 Author Share Posted October 12, 2017 So it seems to be out of stock everywhere in states=high price. But here it is https://www.amazon.com/SanDisk-Connect-Wireless-Smartphones-Tablets/dp/B00DR8LAE2 The device has all the script ready for dropbear but the binary is missing. So if someone wants ssh. Compile dropbear and ftp it to the device with root access and it should work. Quote Link to comment Share on other sites More sharing options...
Forgiven Posted November 2, 2017 Share Posted November 2, 2017 Yes I wrote the original post on trying to hack the Sandisk Connect to make an Evil AP or for other giggles. Nice job. The post has long since fallen off search. I found it like on page 5 or 6. Quote Link to comment Share on other sites More sharing options...
Forgiven Posted November 2, 2017 Share Posted November 2, 2017 https://forums.hak5.org/topic/30273-hack-a-sandisk-32g-wifi-enabled-flash-drive/ Quote Link to comment Share on other sites More sharing options...
dzmanto Posted January 28, 2018 Share Posted January 28, 2018 Hi there: The manual update file wfd2050e.df3 for the 64 GB version can be opened using 7z and contains at least two files AppManifest.xaml SilverlightMediaElement.dll The .dll file is an indication that the USB stick may be running some sort of embedded Windows. Also Bilgus' post of 26 July 2017 indicates that the device runs AutoIT scripts, so there is yet another pointer toward an embedded windows. The device uses jquery version 1.11.0 | (c) 2005, 2014. As of 2018, I expect that version 1.11.0 of jquery will have known security issues with CVE numbers. Hope this helps. Cheers, Dani Quote Link to comment Share on other sites More sharing options...
dzmanto Posted January 28, 2018 Share Posted January 28, 2018 Hi again: Below is the content of static/js/settings.js: /* This file includes portions of CryptoJS: Copyright 2009–2012 by Jeff Mott. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the above copyright notice, this list of conditions, and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions, and the following disclaimer in the documentation or other materials provided with the distribution. Neither the name CryptoJS nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS," AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /* CryptoJS v3.0.2 code.google.com/p/crypto-js (c) 2009-2012 by Jeff Mott. All rights reserved. code.google.com/p/crypto-js/wiki/License */ var CryptoJS=CryptoJS||function(g,i){var f={},b=f.lib={},m=b.Base=function(){function a(){}return{extend:function(e){a.prototype=this;var c=new a;e&&c.mixIn(e);c.$super=this;return c},create:function(){var a=this.extend();a.init.apply(a,arguments);return a},init:function(){},mixIn:function(a){for(var c in a)a.hasOwnProperty(c)&&(this[c]=a[c]);a.hasOwnProperty("toString")&&(this.toString=a.toString)},clone:function(){return this.$super.extend(this)}}}(),l=b.WordArray=m.extend({init:function(a,e){a= this.words=a||[];this.sigBytes=e!=i?e:4*a.length},toString:function(a){return(a||d).stringify(this)},concat:function(a){var e=this.words,c=a.words,o=this.sigBytes,a=a.sigBytes;this.clamp();if(o%4)for(var b=0;b<a;b++)e[o+b>>>2]|=(c[b>>>2]>>>24-8*(b%4)&255)<<24-8*((o+b)%4);else if(65535<c.length)for(b=0;b<a;b+=4)e[o+b>>>2]=c[b>>>2];else e.push.apply(e,c);this.sigBytes+=a;return this},clamp:function(){var a=this.words,e=this.sigBytes;a[e>>>2]&=4294967295<<32-8*(e%4);a.length=g.ceil(e/4)},clone:function(){var a= m.clone.call(this);a.words=this.words.slice(0);return a},random:function(a){for(var e=[],c=0;c<a;c+=4)e.push(4294967296*g.random()|0);return l.create(e,a)}}),n=f.enc={},d=n.Hex={stringify:function(a){for(var e=a.words,a=a.sigBytes,c=[],b=0;b<a;b++){var d=e[b>>>2]>>>24-8*(b%4)&255;c.push((d>>>4).toString(16));c.push((d&15).toString(16))}return c.join("")},parse:function(a){for(var e=a.length,c=[],b=0;b<e;b+=2)c[b>>>3]|=parseInt(a.substr(b,2),16)<<24-4*(b%8);return l.create(c,e/2)}},j=n.Latin1={stringify:function(a){for(var e= a.words,a=a.sigBytes,b=[],d=0;d<a;d++)b.push(String.fromCharCode(e[d>>>2]>>>24-8*(d%4)&255));return b.join("")},parse:function(a){for(var b=a.length,c=[],d=0;d<b;d++)c[d>>>2]|=(a.charCodeAt(d)&255)<<24-8*(d%4);return l.create(c,b)}},k=n.Utf8={stringify:function(a){try{return decodeURIComponent(escape(j.stringify(a)))}catch(b){throw Error("Malformed UTF-8 data");}},parse:function(a){return j.parse(unescape(encodeURIComponent(a)))}},h=b.BufferedBlockAlgorithm=m.extend({reset:function(){this._data=l.create(); this._nDataBytes=0},_append:function(a){"string"==typeof a&&(a=k.parse(a));this._data.concat(a);this._nDataBytes+=a.sigBytes},_process:function(a){var b=this._data,c=b.words,d=b.sigBytes,j=this.blockSize,h=d/(4*j),h=a?g.ceil(h):g.max((h|0)-this._minBufferSize,0),a=h*j,d=g.min(4*a,d);if(a){for(var f=0;f<a;f+=j)this._doProcessBlock(c,f);f=c.splice(0,a);b.sigBytes-=d}return l.create(f,d)},clone:function(){var a=m.clone.call(this);a._data=this._data.clone();return a},_minBufferSize:0});b.Hasher=h.extend({init:function(){this.reset()}, reset:function(){h.reset.call(this);this._doReset()},update:function(a){this._append(a);this._process();return this},finalize:function(a){a&&this._append(a);this._doFinalize();return this._hash},clone:function(){var a=h.clone.call(this);a._hash=this._hash.clone();return a},blockSize:16,_createHelper:function(a){return function(b,c){return a.create(c).finalize(b)}},_createHmacHelper:function(a){return function(b,c){return u.HMAC.create(a,c).finalize(b)}}});var u=f.algo={};return f}(Math); (function(){var g=CryptoJS,i=g.lib,f=i.WordArray,i=i.Hasher,b=[],m=g.algo.SHA1=i.extend({_doReset:function(){this._hash=f.create([1732584193,4023233417,2562383102,271733878,3285377520])},_doProcessBlock:function(f,n){for(var d=this._hash.words,j=d[0],k=d[1],h=d[2],g=d[3],a=d[4],e=0;80>e;e++){if(16>e)b[e]=f[n+e]|0;else{var c=b[e-3]^b[e-8]^b[e-14]^b[e-16];b[e]=c<<1|c>>>31}c=(j<<5|j>>>27)+a+b[e];c=20>e?c+((k&h|~k&g)+1518500249):40>e?c+((k^h^g)+1859775393):60>e?c+((k&h|k&g|h&g)-1894007588):c+((k^h^g)- 899497514);a=g;g=h;h=k<<30|k>>>2;k=j;j=c}d[0]=d[0]+j|0;d[1]=d[1]+k|0;d[2]=d[2]+h|0;d[3]=d[3]+g|0;d[4]=d[4]+a|0},_doFinalize:function(){var b=this._data,f=b.words,d=8*this._nDataBytes,j=8*b.sigBytes;f[j>>>5]|=128<<24-j%32;f[(j+64>>>9<<4)+15]=d;b.sigBytes=4*f.length;this._process()}});g.SHA1=i._createHelper(m);g.HmacSHA1=i._createHmacHelper(m)})(); (function(){var g=CryptoJS,i=g.enc.Utf8;g.algo.HMAC=g.lib.Base.extend({init:function(f,b){f=this._hasher=f.create();"string"==typeof b&&(b=i.parse(b));var g=f.blockSize,l=4*g;b.sigBytes>l&&(b=f.finalize(b));for(var n=this._oKey=b.clone(),d=this._iKey=b.clone(),j=n.words,k=d.words,h=0;h<g;h++)j[h]^=1549556828,k[h]^=909522486;n.sigBytes=d.sigBytes=l;this.reset()},reset:function(){var f=this._hasher;f.reset();f.update(this._iKey)},update:function(f){this._hasher.update(f);return this},finalize:function(f){var b= this._hasher,f=b.finalize(f);b.reset();return b.finalize(this._oKey.clone().concat(f))}})})(); (function(){var g=CryptoJS,i=g.lib,f=i.Base,b=i.WordArray,i=g.algo,m=i.HMAC,l=i.PBKDF2=f.extend({cfg:f.extend({keySize:4,hasher:i.SHA1,iterations:1}),init:function(b){this.cfg=this.cfg.extend(b)},compute:function(f,d){for(var g=this.cfg,k=m.create(g.hasher,f),h=b.create(),i=b.create([1]),a=h.words,e=i.words,c=g.keySize,g=g.iterations;a.length<c;){var l=k.update(d).finalize(i);k.reset();for(var q=l.words,t=q.length,r=l,s=1;s<g;s++){r=k.finalize(r);k.reset();for(var v=r.words,p=0;p<t;p++)q[p]^=v[p]}h.concat(l); e[0]++}h.sigBytes=4*c;return h}});g.PBKDF2=function(b,d,f){return l.create(f).compute(b,d)}})(); (function(o){function q(b,f,a,e,c,d,g){b=b+(f&a|~f&e)+c+g;return(b<<d|b>>>32-d)+f}function l(b,f,a,e,c,d,g){b=b+(f&e|a&~e)+c+g;return(b<<d|b>>>32-d)+f}function m(b,f,a,e,c,d,g){b=b+(f^a^e)+c+g;return(b<<d|b>>>32-d)+f}function n(b,f,a,e,c,d,g){b=b+(a^(f|~e))+c+g;return(b<<d|b>>>32-d)+f}var j=CryptoJS,k=j.lib,r=k.WordArray,k=k.Hasher,p=j.algo,h=[];(function(){for(var b=0;64>b;b++)h[b]=4294967296*o.abs(o.sin(b+1))|0})();p=p.MD5=k.extend({_doReset:function(){this._hash=r.create([1732584193,4023233417, 2562383102,271733878])},_doProcessBlock:function(b,f){for(var a=0;16>a;a++){var e=f+a,c=b[e];b[e]=(c<<8|c>>>24)&16711935|(c<<24|c>>>8)&4278255360}for(var e=this._hash.words,c=e[0],d=e[1],g=e[2],i=e[3],a=0;64>a;a+=4)16>a?(c=q(c,d,g,i,b[f+a],7,h[a]),i=q(i,c,d,g,b[f+a+1],12,h[a+1]),g=q(g,i,c,d,b[f+a+2],17,h[a+2]),d=q(d,g,i,c,b[f+a+3],22,h[a+3])):32>a?(c=l(c,d,g,i,b[f+(a+1)%16],5,h[a]),i=l(i,c,d,g,b[f+(a+6)%16],9,h[a+1]),g=l(g,i,c,d,b[f+(a+11)%16],14,h[a+2]),d=l(d,g,i,c,b[f+a%16],20,h[a+3])):48>a?(c= m(c,d,g,i,b[f+(3*a+5)%16],4,h[a]),i=m(i,c,d,g,b[f+(3*a+8)%16],11,h[a+1]),g=m(g,i,c,d,b[f+(3*a+11)%16],16,h[a+2]),d=m(d,g,i,c,b[f+(3*a+14)%16],23,h[a+3])):(c=n(c,d,g,i,b[f+3*a%16],6,h[a]),i=n(i,c,d,g,b[f+(3*a+7)%16],10,h[a+1]),g=n(g,i,c,d,b[f+(3*a+14)%16],15,h[a+2]),d=n(d,g,i,c,b[f+(3*a+5)%16],21,h[a+3]));e[0]=e[0]+c|0;e[1]=e[1]+d|0;e[2]=e[2]+g|0;e[3]=e[3]+i|0},_doFinalize:function(){var b=this._data,f=b.words,a=8*this._nDataBytes,e=8*b.sigBytes;f[e>>>5]|=128<<24-e%32;f[(e+64>>>9<<4)+14]=(a<<8|a>>> 24)&16711935|(a<<24|a>>>8)&4278255360;b.sigBytes=4*(f.length+1);this._process();b=this._hash.words;for(f=0;4>f;f++)a=b[f],b[f]=(a<<8|a>>>24)&16711935|(a<<24|a>>>8)&4278255360}});j.MD5=k._createHelper(p);j.HmacMD5=k._createHmacHelper(p)})(Math); function postHttpRequest(url,params_array, callback) { // var url = "settings.xml"; // var params = array of the values subscripted by the corresponding // key: {'name': "John Smith", 'addr': "", ...} // We will use encodeURIComponent() to encode values in params //"lorem=ipsum&name=binny"; try { var params = ""; var prefix=''; for (var i in params_array) { var key = encodeURIComponent(i); var value = encodeURIComponent(params_array[i]); if (i == 'password' && params_array[i].toString().length == 64) { value = params_array[i].toString().replace(/(..)/g, "%$1"); } params += prefix + key + '=' + value; prefix = '&'; } var request = new XMLHttpRequest(); var timeoutID = null; var aborting = false; var timeout_handler = function() { if (request != null) { aborting = true; request.abort(); } timeoutID = null; callback(null); }; // The timeout time probably should be a setting. timeoutID = window.setTimeout( timeout_handler, 5 * 1000 ); request.open("POST", url, true); //Send the proper header information along with the request request.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); // Safari complains about the next two headers. //request.setRequestHeader("Content-length", params.length); //request.setRequestHeader("Connection", "close"); request.onreadystatechange = function() { if (aborting) return; if (request.readyState == 4) { if (timeoutID) { window.clearTimeout(timeoutID); timeoutID = null; } if (request.status == 200) { //alert('Post was successful, returned: '+request.responseText); if (callback != null) { callback(request.responseXML.documentElement); request.onreadystatechange = null; //request = null; } } else { var msg="Error ("+request.status+"): "+request.statusText; alert(msg); if (callback != null) { callback(null); } } } } request.send(params); } catch (e) { alert('postHttpRequest: '+ e); } } //document.getElementById("hidebox").style.display = ""; function get_DOM_child(root, tag) { if (root==null || root==undefined) return undefined; try { for (var child = root.firstChild; child; child = child.nextSibling) { var name = child.localName || child.baseName; if (name == tag) { return child; } } } catch (e) { alert('get_DOM_child: ERROR: '+ e); } return undefined; } function get_DOM_child_text(root,tag) { var child = get_DOM_child(root,tag); if (child) { return child.textContent || child.text; } //alert("problem trying to get tag: "+tag+" - not found in root: " + root.localName); return ""; } function get_XML_info(path, callback, silent) { var request = new XMLHttpRequest(); var timeoutID = null; var aborting = false; var timeout_handler = function() { if (request != null) { aborting = true; request.abort(); } timeoutID = null; callback(null); }; // The timeout time probably should be a setting. timeoutID = window.setTimeout( timeout_handler, 5 * 1000 ); //request.setRequestHeader("Connection", "close"); request.onreadystatechange = function () { if (request.readyState == 4) { // We now have everything the server is going to send to us. if (timeoutID) { window.clearTimeout(timeoutID); timeoutID = null; } if (request.status == 200) { // Success //gXMLi_response_text = request.responseText; callback(request.responseXML.documentElement); request = null; } else if (aborting) { // Nothing to do. } else { if (! silent) { if (request.status == 404) { alert("Unable to fetch " + path); } else { // All other http error codes. var msg="Error retrieving XML data (code: "+request.status+"): "+request.statusText; alert(msg); } } callback(null); } } }; request.open('GET', path, true); request.send(null); } function security_type_changed() { /* if (document.getElementById("wep_security").selected) { document.getElementById("password_entry").style.display = ""; document.getElementById("password_1").maxLength = 13; document.getElementById("password_2").maxLength = 13; alert("We recommend using WPA2 for improved security. The WEP option will be removed in a future firmware update."); } else */ if (document.getElementById("wpa_security").selected) { document.getElementById("password_entry").style.display = ""; document.getElementById("password_1").maxLength = 63; document.getElementById("password_2").maxLength = 63; } else { document.getElementById("password_entry").style.display = "none"; } } function channel_changed() { if (document.getElementById("channel_12").selected || document.getElementById("channel_13").selected) { if (!confirm("The channel you have selected is not available in all regions. To use this channel, please confirm that you are not located within the US or Canada.")) { document.getElementById("channel_0").selected = true; } } } var oldSecurityType = null; var oldSSID = null; var oldChannel = null; var oldTimer = null; function get_settings_values() { var callback = function(value) { var ssid = get_DOM_child_text(value, "ssid"); oldSSID = ssid; document.getElementById("ssid").value = ssid; document.getElementById("ssid").removeAttribute("disabled"); var security = get_DOM_child_text(value, "security"); if (security == "none") { document.getElementById("open_security").selected = true; oldSecurityType = null; } else /*if (security == "wep") { document.getElementById("wep_security").selected = true; oldSecurityType = "wep"; } else */ if (security == "wpa") { document.getElementById("wpa_security").selected = true; oldSecurityType = "wpa"; } document.getElementById("password_1").value = ""; document.getElementById("password_2").value = ""; document.getElementById("security").removeAttribute("disabled"); security_type_changed(); var elem = "channel_" + get_DOM_child_text(value, "channel").replace(/^\s+|\s+$/g,""); if (document.getElementById(elem)) { document.getElementById(elem).selected = true; } document.getElementById("channel").removeAttribute("disabled"); var elem = "timeout_" + get_DOM_child_text(value, "timeout").replace(/^\s+|\s+$/g,""); if (document.getElementById(elem)) { document.getElementById(elem).selected = true; } oldChannel = document.getElementById("channel").value; oldTimer = document.getElementById("timeout").value; document.getElementById("timeout").removeAttribute("disabled"); var version = get_DOM_child_text(value, "version") + " (" + get_DOM_child_text(value, "buildmodel") + " " + get_DOM_child_text(value, "numericversion") + ")"; document.getElementById("version").firstChild.data = version; var serial = get_DOM_child_text(value, "serial"); document.getElementById("serial").firstChild.data = serial; }; get_XML_info("/settings.xml", callback, true); } function settings_restart() { if(document.getElementById("ssid").value != oldSSID) { return true; } if(document.getElementById("open_security").selected) { if(oldSecurityType != null) { return true; } } if(document.getElementById("wpa_security").selected) { if(oldSecurityType != "wpa") { return true; } } if(document.getElementById("password_1").value != "") { return true; } if(document.getElementById("password_2").value = "") { return true; } if(document.getElementById("channel").value != oldChannel) { return true; } return false; } function settings_cb(xml) { if (xml) { var status = xml.textContent || xml.text; if (status == 'ok') { if(settings_restart()) { alert('Please turn off, then turn on your SanDisk Wireless Stick for the new settings to take effect.'); } else { alert('The new settings were saved.'); } window.location.assign("/files/"); return; } else { alert('There was a problem saving the settings.'); } } } function save_settings() { var settings = new Array(0); var new_ssid = document.getElementById("ssid").value; if (new_ssid.length < 1 || new_ssid.length > 32) { alert("SSID must be between 1 and 32 characters"); return; } settings["ssid"] = new_ssid; if (document.getElementById("open_security").selected) { settings["security"] = "none"; settings["auth"] = "none"; } else /* if (document.getElementById("wep_security").selected) { settings["security"] = "wep"; if (document.getElementById("password_1").value != document.getElementById("password_2").value) { alert("WEP passwords do not match."); return; } if (document.getElementById("password_1").value.length > 0) { if (document.getElementById("password_1").value.length != 13) { alert("WEP password must be exactly 13 characters long."); return; } settings["password"] = document.getElementById("password_1").value; } else if (oldSecurityType != "wep") { alert("You must enter a WEP password."); return; } } else */ if (document.getElementById("wpa_security").selected) { settings["security"] = "wpa"; if (document.getElementById("password_1").value != document.getElementById("password_2").value) { alert("WPA passwords do not match."); return; } var new_password = document.getElementById("password_1").value; if (new_password.length > 0) { if (new_password.length < 8 || new_password.length > 63) { alert("WPA password must be between 8 and 63 characters long."); return; } settings["password"] = CryptoJS.PBKDF2(new_password, new_ssid, { keySize: 8, iterations: 4096 }); settings["auth"] = "all"; settings["authowner"] = "owner"; settings["authhash"] = CryptoJS.MD5("owner:" + new_ssid + ":" + new_password); } else if (oldSecurityType != "wpa" || new_ssid != oldSSID) { alert("You must enter a WPA password."); return; } } settings["channel"] = document.getElementById("channel").value; settings["timeout"] = document.getElementById("timeout").value; postHttpRequest('/settings.xml', settings, settings_cb); } function coex_on() { var settings = new Array(0); settings["group"] = "coex"; settings["action"] = "save"; settings["name"] = "test device"; postHttpRequest('/settings.xml', settings, settings_cb); } function coex_off() { var settings = new Array(0); settings["group"] = "coex"; settings["action"] = "delete"; postHttpRequest('/settings.xml', settings, settings_cb); } function about_toggle(which) { if (which) { document.getElementById("settings").style.display = "none"; document.getElementById("about").style.display = ""; } else { document.getElementById("settings").style.display = ""; document.getElementById("about").style.display = "none"; } } get_settings_values(); A manual call of coex_on(); or of coex_off(); in the web console of firefox did not yield any observable effect. Also, I tried to traverse the file system using window.location.assign("/"); with no success. Further suggestions, in particular suggestions about javascript injection via postHttpRequest(url,params_array, callback) are more than welcome. Cheers, Daniela Quote Link to comment Share on other sites More sharing options...
prophet Posted January 29, 2018 Author Share Posted January 29, 2018 13 hours ago, dzmanto said: SilverlightMediaElement.dll The .dll file is an indication that the USB stick may be running some sort of embedded Windows. Also Bilgus' post of 26 July 2017 indicates that the device runs AutoIT scripts, so there is yet another pointer toward an embedded windows. I seriously doubt it's running Windows. That DLL name contains Silverlight which can be used for media playback. Most likely it's for Windows client to use for playing media files through the web interface. Quote Link to comment Share on other sites More sharing options...
dzmanto Posted January 29, 2018 Share Posted January 29, 2018 Dear Prophet: Here is how we're going to find out. The device according to static/mejs/mediaelement-and-player.min.js has flash player 9 0 124 installed. A flash file is thus needed with an exploit for flash version 9 0 124. Ideally, the flash file opens a root shell on some port while the USB device streams its content. Cheers, Daniela Quote Link to comment Share on other sites More sharing options...
mrdindon Posted January 24, 2019 Share Posted January 24, 2019 Hi ! I was curious to know if anyone were finally able to do something with that device... I was hoping to use it in my car in order for my music to sync whenever I would be in the radius of a wifi client at my house but the thing is I couldn't figure how to force the wifi to be always on on it to avoid having to press the power button everything I park my car :) if anyone have an idea that would be nice ! Quote Link to comment Share on other sites More sharing options...
dzmanto Posted January 25, 2019 Share Posted January 25, 2019 Currently I don't have time. Cheers, Daniela Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.