Jump to content

SanDisk Connect 32GB Wireless Media Drive root


prophet

Recommended Posts

Hi

I googled a bit and tried to see if anyone would have tried to hack this older model of SanDisk Connect. Anyways the search turned out empty so here is what I did to gain root access.

Device has telnet on even the latest firmware. You can connect to it and login with you admin account and password. After that I had access to the shadow file and then I just brute forced the password. Anyways after that I can login to the telnet session with root and used this password: "sqn1351" That password also allows root access to FTP. 

This site seemed to popup when I googled so if anyone else wants to have a go on this device let me save you some time and there should be the password. 

I'd be interested to hear from others if they too have this hardcoded password for root. I assume for at least this device the password is the same. TBH I would also try on the newer stick models. 

Quickly about the device: It's 32GB or 64GB wifi storage device with full size SD card slot. It runs Linux and has 128mb of ram. It's Armv7 device. I bought new for 15€ so they are really neat devices now since they are so cheap. 

Ps. I don't know if this is the right place to post this so sorry about if I posted to wrong place.

 

  • Like 1
Link to comment
Share on other sites

I believe I have one these but the drive needs reformatting before it will work as intended. I like the idea of it. Can you post an amazon link to the one you have or one similar?

Link to comment
Share on other sites

  • 3 weeks later...
  • 2 months later...

Hi there:

The manual update file wfd2050e.df3 for the 64 GB version can be opened using 7z and contains at least two files

  • AppManifest.xaml
  • SilverlightMediaElement.dll

The .dll file is an indication that the USB stick may be running some sort of embedded Windows. Also Bilgus' post of 26 July 2017 indicates that the device runs AutoIT scripts, so there is yet another pointer toward an embedded windows.

The device uses jquery version 1.11.0 | (c) 2005, 2014. As of 2018, I expect that version 1.11.0 of jquery will have known security issues with CVE numbers.

Hope this helps.

Cheers,

Dani

 

 

 

 

Link to comment
Share on other sites

Hi again:

Below is the content of static/js/settings.js:

/* This file includes portions of CryptoJS: Copyright 2009–2012 by Jeff Mott. All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

    Redistributions of source code must retain the above copyright notice, this list of conditions, and the following disclaimer.
    Redistributions in binary form must reproduce the above copyright notice, this list of conditions, and the following disclaimer in the documentation or other materials provided with the distribution.
    Neither the name CryptoJS nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. 

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS," AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/

/*
CryptoJS v3.0.2
code.google.com/p/crypto-js
(c) 2009-2012 by Jeff Mott. All rights reserved.
code.google.com/p/crypto-js/wiki/License
*/
var CryptoJS=CryptoJS||function(g,i){var f={},b=f.lib={},m=b.Base=function(){function a(){}return{extend:function(e){a.prototype=this;var c=new a;e&&c.mixIn(e);c.$super=this;return c},create:function(){var a=this.extend();a.init.apply(a,arguments);return a},init:function(){},mixIn:function(a){for(var c in a)a.hasOwnProperty(c)&&(this[c]=a[c]);a.hasOwnProperty("toString")&&(this.toString=a.toString)},clone:function(){return this.$super.extend(this)}}}(),l=b.WordArray=m.extend({init:function(a,e){a=
this.words=a||[];this.sigBytes=e!=i?e:4*a.length},toString:function(a){return(a||d).stringify(this)},concat:function(a){var e=this.words,c=a.words,o=this.sigBytes,a=a.sigBytes;this.clamp();if(o%4)for(var b=0;b<a;b++)e[o+b>>>2]|=(c[b>>>2]>>>24-8*(b%4)&255)<<24-8*((o+b)%4);else if(65535<c.length)for(b=0;b<a;b+=4)e[o+b>>>2]=c[b>>>2];else e.push.apply(e,c);this.sigBytes+=a;return this},clamp:function(){var a=this.words,e=this.sigBytes;a[e>>>2]&=4294967295<<32-8*(e%4);a.length=g.ceil(e/4)},clone:function(){var a=
m.clone.call(this);a.words=this.words.slice(0);return a},random:function(a){for(var e=[],c=0;c<a;c+=4)e.push(4294967296*g.random()|0);return l.create(e,a)}}),n=f.enc={},d=n.Hex={stringify:function(a){for(var e=a.words,a=a.sigBytes,c=[],b=0;b<a;b++){var d=e[b>>>2]>>>24-8*(b%4)&255;c.push((d>>>4).toString(16));c.push((d&15).toString(16))}return c.join("")},parse:function(a){for(var e=a.length,c=[],b=0;b<e;b+=2)c[b>>>3]|=parseInt(a.substr(b,2),16)<<24-4*(b%8);return l.create(c,e/2)}},j=n.Latin1={stringify:function(a){for(var e=
a.words,a=a.sigBytes,b=[],d=0;d<a;d++)b.push(String.fromCharCode(e[d>>>2]>>>24-8*(d%4)&255));return b.join("")},parse:function(a){for(var b=a.length,c=[],d=0;d<b;d++)c[d>>>2]|=(a.charCodeAt(d)&255)<<24-8*(d%4);return l.create(c,b)}},k=n.Utf8={stringify:function(a){try{return decodeURIComponent(escape(j.stringify(a)))}catch(b){throw Error("Malformed UTF-8 data");}},parse:function(a){return j.parse(unescape(encodeURIComponent(a)))}},h=b.BufferedBlockAlgorithm=m.extend({reset:function(){this._data=l.create();
this._nDataBytes=0},_append:function(a){"string"==typeof a&&(a=k.parse(a));this._data.concat(a);this._nDataBytes+=a.sigBytes},_process:function(a){var b=this._data,c=b.words,d=b.sigBytes,j=this.blockSize,h=d/(4*j),h=a?g.ceil(h):g.max((h|0)-this._minBufferSize,0),a=h*j,d=g.min(4*a,d);if(a){for(var f=0;f<a;f+=j)this._doProcessBlock(c,f);f=c.splice(0,a);b.sigBytes-=d}return l.create(f,d)},clone:function(){var a=m.clone.call(this);a._data=this._data.clone();return a},_minBufferSize:0});b.Hasher=h.extend({init:function(){this.reset()},
reset:function(){h.reset.call(this);this._doReset()},update:function(a){this._append(a);this._process();return this},finalize:function(a){a&&this._append(a);this._doFinalize();return this._hash},clone:function(){var a=h.clone.call(this);a._hash=this._hash.clone();return a},blockSize:16,_createHelper:function(a){return function(b,c){return a.create(c).finalize(b)}},_createHmacHelper:function(a){return function(b,c){return u.HMAC.create(a,c).finalize(b)}}});var u=f.algo={};return f}(Math);
(function(){var g=CryptoJS,i=g.lib,f=i.WordArray,i=i.Hasher,b=[],m=g.algo.SHA1=i.extend({_doReset:function(){this._hash=f.create([1732584193,4023233417,2562383102,271733878,3285377520])},_doProcessBlock:function(f,n){for(var d=this._hash.words,j=d[0],k=d[1],h=d[2],g=d[3],a=d[4],e=0;80>e;e++){if(16>e)b[e]=f[n+e]|0;else{var c=b[e-3]^b[e-8]^b[e-14]^b[e-16];b[e]=c<<1|c>>>31}c=(j<<5|j>>>27)+a+b[e];c=20>e?c+((k&h|~k&g)+1518500249):40>e?c+((k^h^g)+1859775393):60>e?c+((k&h|k&g|h&g)-1894007588):c+((k^h^g)-
899497514);a=g;g=h;h=k<<30|k>>>2;k=j;j=c}d[0]=d[0]+j|0;d[1]=d[1]+k|0;d[2]=d[2]+h|0;d[3]=d[3]+g|0;d[4]=d[4]+a|0},_doFinalize:function(){var b=this._data,f=b.words,d=8*this._nDataBytes,j=8*b.sigBytes;f[j>>>5]|=128<<24-j%32;f[(j+64>>>9<<4)+15]=d;b.sigBytes=4*f.length;this._process()}});g.SHA1=i._createHelper(m);g.HmacSHA1=i._createHmacHelper(m)})();
(function(){var g=CryptoJS,i=g.enc.Utf8;g.algo.HMAC=g.lib.Base.extend({init:function(f,b){f=this._hasher=f.create();"string"==typeof b&&(b=i.parse(b));var g=f.blockSize,l=4*g;b.sigBytes>l&&(b=f.finalize(b));for(var n=this._oKey=b.clone(),d=this._iKey=b.clone(),j=n.words,k=d.words,h=0;h<g;h++)j[h]^=1549556828,k[h]^=909522486;n.sigBytes=d.sigBytes=l;this.reset()},reset:function(){var f=this._hasher;f.reset();f.update(this._iKey)},update:function(f){this._hasher.update(f);return this},finalize:function(f){var b=
this._hasher,f=b.finalize(f);b.reset();return b.finalize(this._oKey.clone().concat(f))}})})();
(function(){var g=CryptoJS,i=g.lib,f=i.Base,b=i.WordArray,i=g.algo,m=i.HMAC,l=i.PBKDF2=f.extend({cfg:f.extend({keySize:4,hasher:i.SHA1,iterations:1}),init:function(b){this.cfg=this.cfg.extend(b)},compute:function(f,d){for(var g=this.cfg,k=m.create(g.hasher,f),h=b.create(),i=b.create([1]),a=h.words,e=i.words,c=g.keySize,g=g.iterations;a.length<c;){var l=k.update(d).finalize(i);k.reset();for(var q=l.words,t=q.length,r=l,s=1;s<g;s++){r=k.finalize(r);k.reset();for(var v=r.words,p=0;p<t;p++)q[p]^=v[p]}h.concat(l);
e[0]++}h.sigBytes=4*c;return h}});g.PBKDF2=function(b,d,f){return l.create(f).compute(b,d)}})();

(function(o){function q(b,f,a,e,c,d,g){b=b+(f&a|~f&e)+c+g;return(b<<d|b>>>32-d)+f}function l(b,f,a,e,c,d,g){b=b+(f&e|a&~e)+c+g;return(b<<d|b>>>32-d)+f}function m(b,f,a,e,c,d,g){b=b+(f^a^e)+c+g;return(b<<d|b>>>32-d)+f}function n(b,f,a,e,c,d,g){b=b+(a^(f|~e))+c+g;return(b<<d|b>>>32-d)+f}var j=CryptoJS,k=j.lib,r=k.WordArray,k=k.Hasher,p=j.algo,h=[];(function(){for(var b=0;64>b;b++)h[b]=4294967296*o.abs(o.sin(b+1))|0})();p=p.MD5=k.extend({_doReset:function(){this._hash=r.create([1732584193,4023233417,
2562383102,271733878])},_doProcessBlock:function(b,f){for(var a=0;16>a;a++){var e=f+a,c=b[e];b[e]=(c<<8|c>>>24)&16711935|(c<<24|c>>>8)&4278255360}for(var e=this._hash.words,c=e[0],d=e[1],g=e[2],i=e[3],a=0;64>a;a+=4)16>a?(c=q(c,d,g,i,b[f+a],7,h[a]),i=q(i,c,d,g,b[f+a+1],12,h[a+1]),g=q(g,i,c,d,b[f+a+2],17,h[a+2]),d=q(d,g,i,c,b[f+a+3],22,h[a+3])):32>a?(c=l(c,d,g,i,b[f+(a+1)%16],5,h[a]),i=l(i,c,d,g,b[f+(a+6)%16],9,h[a+1]),g=l(g,i,c,d,b[f+(a+11)%16],14,h[a+2]),d=l(d,g,i,c,b[f+a%16],20,h[a+3])):48>a?(c=
m(c,d,g,i,b[f+(3*a+5)%16],4,h[a]),i=m(i,c,d,g,b[f+(3*a+8)%16],11,h[a+1]),g=m(g,i,c,d,b[f+(3*a+11)%16],16,h[a+2]),d=m(d,g,i,c,b[f+(3*a+14)%16],23,h[a+3])):(c=n(c,d,g,i,b[f+3*a%16],6,h[a]),i=n(i,c,d,g,b[f+(3*a+7)%16],10,h[a+1]),g=n(g,i,c,d,b[f+(3*a+14)%16],15,h[a+2]),d=n(d,g,i,c,b[f+(3*a+5)%16],21,h[a+3]));e[0]=e[0]+c|0;e[1]=e[1]+d|0;e[2]=e[2]+g|0;e[3]=e[3]+i|0},_doFinalize:function(){var b=this._data,f=b.words,a=8*this._nDataBytes,e=8*b.sigBytes;f[e>>>5]|=128<<24-e%32;f[(e+64>>>9<<4)+14]=(a<<8|a>>>
24)&16711935|(a<<24|a>>>8)&4278255360;b.sigBytes=4*(f.length+1);this._process();b=this._hash.words;for(f=0;4>f;f++)a=b[f],b[f]=(a<<8|a>>>24)&16711935|(a<<24|a>>>8)&4278255360}});j.MD5=k._createHelper(p);j.HmacMD5=k._createHmacHelper(p)})(Math);

function postHttpRequest(url,params_array, callback) {
    // var url = "settings.xml";
    // var params = array of the values subscripted by the corresponding
    // key: {'name': "John Smith", 'addr': "",  ...}
    // We will use encodeURIComponent() to encode values in params
    //"lorem=ipsum&name=binny";
    try {
        var params = "";
        var prefix='';
        for (var i in params_array) {
            var key = encodeURIComponent(i);
            var value = encodeURIComponent(params_array[i]);
            if (i == 'password' && params_array[i].toString().length == 64) {
                value = params_array[i].toString().replace(/(..)/g, "%$1");
            }
            params += prefix + key + '=' + value;
            prefix = '&';
        }
        var request = new XMLHttpRequest();
        var timeoutID = null;
        var aborting = false;
        var timeout_handler = function() {
            if (request != null) {
                aborting = true;
                request.abort();
            }
            timeoutID = null;
            callback(null);
        };
        // The timeout time probably should be a setting.
        timeoutID = window.setTimeout( timeout_handler, 5 * 1000 );
        request.open("POST", url, true);
        //Send the proper header information along with the request
        request.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
        // Safari complains about the next two headers.
        //request.setRequestHeader("Content-length", params.length);
        //request.setRequestHeader("Connection", "close");
        request.onreadystatechange = function() {
            if (aborting) return;
            if (request.readyState == 4) {
                if (timeoutID) {
                    window.clearTimeout(timeoutID);
                    timeoutID = null;
                }
                if (request.status == 200) {
                    //alert('Post was successful, returned: '+request.responseText);
                    if (callback != null) {
                        callback(request.responseXML.documentElement);
                        request.onreadystatechange = null;
                        //request = null;
                    }
                } else {
                    var msg="Error ("+request.status+"): "+request.statusText;
                    alert(msg);
                    if (callback != null) {
                        callback(null);
                    }
                }
            }
        }
        request.send(params);
    } catch (e) {
        alert('postHttpRequest: '+ e);
    }
}

//document.getElementById("hidebox").style.display = "";

function get_DOM_child(root, tag) {
  if (root==null || root==undefined) return undefined;
  try {
    for (var child = root.firstChild; child; child = child.nextSibling) {
      var name = child.localName || child.baseName;
      if (name == tag) {
	return child;
      }
    }
  } catch (e) {
    alert('get_DOM_child: ERROR: '+ e);
  }
  return undefined;
}

function get_DOM_child_text(root,tag) {
  var child = get_DOM_child(root,tag);
  if (child) {
    return child.textContent || child.text;
  }
  //alert("problem trying to get tag: "+tag+" - not found in root: " + root.localName);
  return "";
}


function get_XML_info(path, callback, silent) {
  var request = new XMLHttpRequest();
  var timeoutID = null;
  var aborting = false;
  var timeout_handler = function() {
    if (request != null) {
      aborting = true;
      request.abort();
    }
    timeoutID = null;
    callback(null);
  };
  // The timeout time probably should be a setting.
  timeoutID = window.setTimeout( timeout_handler, 5 * 1000 );
  //request.setRequestHeader("Connection", "close");
  request.onreadystatechange = function () {
    if (request.readyState == 4) {
      // We now have everything the server is going to send to us.
      if (timeoutID) {
	window.clearTimeout(timeoutID);
	timeoutID = null;
      }

      if (request.status == 200) {
	// Success
	//gXMLi_response_text = request.responseText;
	callback(request.responseXML.documentElement);
	request = null;
      } else if (aborting) {
	// Nothing to do.
      } else {
	if (! silent) {
	  if (request.status == 404) {
	    alert("Unable to fetch " + path);
	  } else {
	    // All other http error codes.
	    var msg="Error retrieving XML data (code: "+request.status+"): "+request.statusText;
	    alert(msg);
	  }
	}
	callback(null);
      }
    }
  };
  request.open('GET', path, true);
  request.send(null);
}

function security_type_changed() {
    /* if (document.getElementById("wep_security").selected) {
        document.getElementById("password_entry").style.display = "";
        document.getElementById("password_1").maxLength = 13;
        document.getElementById("password_2").maxLength = 13;
        alert("We recommend using WPA2 for improved security. The WEP option will be removed in a future firmware update.");
    } else */
    if (document.getElementById("wpa_security").selected) {
        document.getElementById("password_entry").style.display = "";
        document.getElementById("password_1").maxLength = 63;
        document.getElementById("password_2").maxLength = 63;
    } else {
        document.getElementById("password_entry").style.display = "none";
    }
}

function channel_changed() {
    if (document.getElementById("channel_12").selected ||
        document.getElementById("channel_13").selected) {
        if (!confirm("The channel you have selected is not available in all regions. To use this channel, please confirm that you are not located within the US or Canada.")) {
            document.getElementById("channel_0").selected = true;
        }
    }
}

var oldSecurityType = null;
var oldSSID = null;
var oldChannel = null;
var oldTimer = null;


function get_settings_values() {
    var callback = function(value) {
        var ssid = get_DOM_child_text(value, "ssid");
        oldSSID = ssid;
        document.getElementById("ssid").value = ssid;
        document.getElementById("ssid").removeAttribute("disabled");
        var security = get_DOM_child_text(value, "security");
        if (security == "none") {
            document.getElementById("open_security").selected = true;
            oldSecurityType = null;
        } else /*if (security == "wep") {
            document.getElementById("wep_security").selected = true;
            oldSecurityType = "wep";
        } else */ if (security == "wpa") {
            document.getElementById("wpa_security").selected = true;
            oldSecurityType = "wpa";
        }
        document.getElementById("password_1").value = "";
        document.getElementById("password_2").value = "";
        document.getElementById("security").removeAttribute("disabled");
        security_type_changed();
        var elem = "channel_" + get_DOM_child_text(value, "channel").replace(/^\s+|\s+$/g,"");
        if (document.getElementById(elem)) {
            document.getElementById(elem).selected = true;
        }
        document.getElementById("channel").removeAttribute("disabled");
        var elem = "timeout_" + get_DOM_child_text(value, "timeout").replace(/^\s+|\s+$/g,"");
        if (document.getElementById(elem)) {
            document.getElementById(elem).selected = true;
        }
        oldChannel = document.getElementById("channel").value;
        oldTimer = document.getElementById("timeout").value;
        document.getElementById("timeout").removeAttribute("disabled");
        var version = get_DOM_child_text(value, "version") + " (" + get_DOM_child_text(value, "buildmodel") + " " + get_DOM_child_text(value, "numericversion") + ")";
        document.getElementById("version").firstChild.data = version;
        var serial = get_DOM_child_text(value, "serial");
        document.getElementById("serial").firstChild.data = serial;
    };
    get_XML_info("/settings.xml", callback, true);
}

function settings_restart() {
    if(document.getElementById("ssid").value != oldSSID) {
        return true;
    }
    if(document.getElementById("open_security").selected) {
        if(oldSecurityType != null) {
            return true;
        }
    }
    if(document.getElementById("wpa_security").selected) {
        if(oldSecurityType != "wpa") {
            return true;
        }
    }
    if(document.getElementById("password_1").value != "") {
        return true;
    }
    if(document.getElementById("password_2").value = "") {
        return true;
    }
    if(document.getElementById("channel").value != oldChannel) {
        return true;
    }
    return false;

}


function settings_cb(xml) {
    if (xml) {
        var status = xml.textContent || xml.text;
        if (status == 'ok') {
            if(settings_restart()) {
            alert('Please turn off, then turn on your SanDisk Wireless Stick for the new settings to take effect.');
            } else {
                alert('The new settings were saved.');
            }
            window.location.assign("/files/");
            return;
        } else {
            alert('There was a problem saving the settings.');
        }
    }
}

function save_settings() {
    var settings = new Array(0);
    var new_ssid = document.getElementById("ssid").value;
    if (new_ssid.length < 1 || new_ssid.length > 32) {
        alert("SSID must be between 1 and 32 characters");
        return;
    }
    settings["ssid"] = new_ssid;
    if (document.getElementById("open_security").selected) {
        settings["security"] = "none";
        settings["auth"] = "none";
    } else /* if (document.getElementById("wep_security").selected) {
        settings["security"] = "wep";
        if (document.getElementById("password_1").value !=
            document.getElementById("password_2").value) {
            alert("WEP passwords do not match.");
            return;
        }
        if (document.getElementById("password_1").value.length > 0) {
            if (document.getElementById("password_1").value.length != 13) {
                alert("WEP password must be exactly 13 characters long.");
                return;
            }
            settings["password"] = document.getElementById("password_1").value;
        } else if (oldSecurityType != "wep") {
            alert("You must enter a WEP password.");
            return;
        }
    } else */ if (document.getElementById("wpa_security").selected) {
        settings["security"] = "wpa";
        if (document.getElementById("password_1").value !=
            document.getElementById("password_2").value) {
            alert("WPA passwords do not match.");
            return;
        }
        var new_password = document.getElementById("password_1").value;
        if (new_password.length > 0) {
            if (new_password.length < 8 ||
               new_password.length > 63) {
                alert("WPA password must be between 8 and 63 characters long.");
                return;
            }
            settings["password"] = CryptoJS.PBKDF2(new_password, new_ssid, { keySize: 8, iterations: 4096 });
            settings["auth"] = "all";
            settings["authowner"] = "owner";
            settings["authhash"] = CryptoJS.MD5("owner:" + new_ssid + ":" + new_password);
        } else if (oldSecurityType != "wpa" ||
                  new_ssid != oldSSID) {
            alert("You must enter a WPA password.");
            return;
        }
    }
    settings["channel"] = document.getElementById("channel").value;
    settings["timeout"] = document.getElementById("timeout").value;
    postHttpRequest('/settings.xml', settings, settings_cb);
}

function coex_on() {
    var settings = new Array(0);
    settings["group"] = "coex";
    settings["action"] = "save";
    settings["name"] = "test device";
    postHttpRequest('/settings.xml', settings, settings_cb);
}

function coex_off() {
    var settings = new Array(0);
    settings["group"] = "coex";
    settings["action"] = "delete";
    postHttpRequest('/settings.xml', settings, settings_cb);
}

function about_toggle(which) {
    if (which) {
        document.getElementById("settings").style.display = "none";
        document.getElementById("about").style.display = "";
    } else {
        document.getElementById("settings").style.display = "";
        document.getElementById("about").style.display = "none";
    }
}

get_settings_values();

A manual call of coex_on(); or of coex_off(); in the web console of firefox did not yield any observable effect. Also, I tried to traverse the file system using window.location.assign("/"); with no success.  Further suggestions, in particular suggestions about javascript injection via postHttpRequest(url,params_array, callback) are more than welcome.

Cheers,

Daniela

Link to comment
Share on other sites

13 hours ago, dzmanto said:

 

  • SilverlightMediaElement.dll

The .dll file is an indication that the USB stick may be running some sort of embedded Windows. Also Bilgus' post of 26 July 2017 indicates that the device runs AutoIT scripts, so there is yet another pointer toward an embedded windows.

I seriously doubt it's running Windows. That DLL name contains Silverlight which can be used for media playback. Most likely it's for Windows client to use for playing media files through the web interface.

Link to comment
Share on other sites

Dear Prophet:

Here is how we're going to find out. The device according to static/mejs/mediaelement-and-player.min.js has flash player 9 0 124 installed. A flash file is thus needed with an exploit for flash version 9 0 124. Ideally, the flash file opens a root shell on some port while the USB device streams its content.

Cheers,

Daniela

Link to comment
Share on other sites

  • 11 months later...

Hi !

I was curious to know if anyone were finally able to do something with that device... I was hoping to use it in my car in order for my music to sync whenever I would be in the radius of a wifi client at my house but the thing is I couldn't figure how to force the wifi to be always on on it to avoid having to press the power button everything I park my car :) if anyone have an idea that would be nice !

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...