PDA

View Full Version : HR20 appears to be running Linux



RYSmith315
01-07-2007, 02:48 AM
DirecTV opened up the ethernet port and look what it spit out :)

Sniffer Trace:
0000 00 15 f2 9a 3f a8 00 50 94 c4 ea 1c 08 00 45 00 ....?..P......E.
0010 01 18 c9 3b 40 00 40 06 ea ca c0 a8 02 25 c0 a8 ...;@.@......%..
0020 02 64 9d 68 e2 e0 e9 f0 3c 84 4a de d0 ea 80 18 .d.h....<.J.....
0030 16 d0 9a b7 00 00 01 01 08 0a 00 a5 f5 ba 00 00 ................
0040 00 00 47 45 54 20 2f 75 70 6e 70 5f 64 65 73 63 ..GET /upnp_desc
0050 72 69 70 74 6f 72 5f 30 20 48 54 54 50 2f 31 2e riptor_0 HTTP/1.
0060 31 0d 0a 48 4f 53 54 3a 20 31 39 32 2e 31 36 38 1..HOST: 192.168
0070 2e 32 2e 31 30 30 3a 35 38 30 38 30 0d 0a 44 41 .2.100:58080..DA
0080 54 45 3a 20 53 75 6e 2c 20 30 37 20 4a 61 6e 20 TE: Sun, 07 Jan
0090 32 30 30 37 20 30 36 3a 34 32 3a 33 31 20 47 4d 2007 06:42:31 GM
00a0 54 0d 0a 43 4f 4e 4e 45 43 54 49 4f 4e 3a 20 63 T..CONNECTION: c
00b0 6c 6f 73 65 0d 0a 55 53 45 52 2d 41 47 45 4e 54 lose..USER-AGENT
00c0 3a 20 4c 69 6e 75 78 2f 32 2e 34 2e 32 39 2d 75 : Linux/2.4.29-u
00d0 63 6c 69 62 63 2d 62 72 63 6d 2c 20 55 50 6e 50 clibc-brcm, UPnP
00e0 2f 31 2e 30 20 4a 65 74 48 65 61 64 20 53 44 4b /1.0 JetHead SDK
00f0 20 66 6f 72 20 55 50 6e 50 20 64 65 76 69 63 65 for UPnP device
0100 73 20 2f 31 2e 30 20 44 4c 4e 41 44 4f 43 2f 31 s /1.0 DLNADOC/1
0110 2e 30 30 20 49 4e 54 45 4c 5f 4e 4d 50 52 2f 32 .00 INTEL_NMPR/2
0120 2e 31 0d 0a 0d 0a .1....


Also port 25 and 110 are open but do not complete the 3-way handshake if you try to connect to them.

Maybe this box has some hope after all......

AlphaWolf
01-07-2007, 03:15 AM
Well that begs the question: where is the kernel source code?

One of the biggest things keeping me from switching to the HR20 is the lack of the ability to do our own third party modifications. If that turns out to be false, and if we can get two tuner buffers, I would switch to the HR20 as soon as I had the money for it.

konfoo
03-15-2007, 07:41 PM
It doesn't appear to be running Linux - it *is* running linux.

mateom199
03-16-2007, 09:44 PM
AW, I would recommend waiting for the HR20 bugs to be ironed out...maybe wait for a new hardware revision. HR20's right now are just in a pathetic state - sporadic reboots, lockups, failure to record shows, shows being recorded but being unwatchable, etc etc. It really is a disgraceful product - BUT its a product that, had it been given a long enough dev cycle, could have been stable and reliable. WHEN it works, its works great.

DTV swallowed more than they could chew with dumping Tivo, and were forced to release a lemon of a product.

My most recent call to DTV revealed just how bad the situation is. My unit had crashed once again, and I finally decided to call DTV and get some type of credit. The CSR told me that, right in front of her in red text, it said "No repairs or replacements or returns of any kind are to be done on HR20 units. Report to customer that DirecTV engineers are working the issues out and a fix will be available shortly." DirecTV knows its a shoddy product, and somehow are getting away with refusing to service/replace or allow returns of a $300 box.

As far as it running Linux, what kind of grace period does a company have
before they have to release kernel sources? I mean, should we start sending letters to DTV outlining the GPL requirements?

Jamie
03-16-2007, 11:22 PM
As far as it running Linux, what kind of grace period does a company have
before they have to release kernel sources? I mean, should we start sending letters to DTV outlining the GPL requirements?There is no grace period. Did everyone with an hr20 receive a written offer for source code? This (http://www.gnu.org/licenses/gpl-violation.html) tells you how to deal with a GPL violation, if you think there is one.

mateom199
03-16-2007, 11:32 PM
There is no grace period. Did everyone with an hr20 receive a written offer for source code? This (http://www.gnu.org/licenses/gpl-violation.html) tells you how to deal with a GPL violation, if you think there is one.


I'll have to re-check the documents that came with my HR20, but I don't recall seeing anything pertaining to the GPL. THen again, I don't think I read every bit of fine print.

stevel
03-17-2007, 08:32 AM
There's no requirement to release source just because a product is running Linux. If they make edits to the Linux source (revising drivers, etc.), those they have to release. It seems a lot of people believe that using Linux means you get access to every line of code in the product.

Jamie
03-17-2007, 10:40 AM
There's no requirement to release source just because a product is running Linux. If they make edits to the Linux source (revising drivers, etc.), those they have to release. It seems a lot of people believe that using Linux means you get access to every line of code in the product.You can read the GPL (http://www.gnu.org/licenses/gpl.txt) to see what the actual requirements are. In summary, if they distribute a binary compiled from GPL sources, they are required to provide source, or a written offer for source code for that binary. It doesn't matter if the source is modified or not, and they have to provide all the source to the GPL'd program, not just their changes. In this example, if the HR20 runs a linux kernel, there must be a written offer for the source for that kernel.

Here's the relevant section of the GPL:

...
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:

a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,

b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,

c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
...

mateom199
03-17-2007, 01:31 PM
There's no requirement to release source just because a product is running Linux. If they make edits to the Linux source (revising drivers, etc.), those they have to release. It seems a lot of people believe that using Linux means you get access to every line of code in the product.

We're discussing the release of the linux kernel sources of the HR20, not any of DTV's custom/proprietary code. Its a situation similar to Tivo - Tivo was required to release the kernel sources, but nothing else (like tivoapp, etc)

stevel
03-17-2007, 05:06 PM
You're mistaken. TiVo released the sources to the kernel modules it changed, plus some other stuff it didn't strictly have to release. There is no obligation to release the entire source tree for the Linux build used. Do you know for a fact that DirecTV uses modified Linux source code?

I was not referring to proprietary code.

Jamie
03-17-2007, 05:39 PM
You're mistaken. TiVo released the sources to the kernel modules it changed, plus some other stuff it didn't strictly have to release. There is no obligation to release the entire source tree for the Linux build used. Do you know for a fact that DirecTV uses modified Linux source code?Nope. TiVo releases the full tivo kernel sources, as required by the GPL. Go checkout www.tivo.com/linux if you doubt this. I have built kernels from the tivo sources. I know exactly what is included in their downloads.

Have you read the GPL? Can you quote the section that supports your claim that only the changes need to be provided?

If you want to verify that there is linux GPL code on the HR20, you'll probably need to pull the prom and dump the code out and disassemble it. Just a grep for strings might give you sufficient clues.

If you google "konfoo" and "nds", it might give you some clues why s/he is able to state with some confidence that it is the case.

mateom199
03-17-2007, 08:53 PM
Just an update:

Apparently in the HR20 user's manual, there is a little blurb about finding further license information at www.gnu.org.

This still doesn't satisfy the requirement of including a copy of the GPL with their distribution, nor does it lead to any type of source code being available.
All it does provide further proof that the HR20 is indeed using GPL'd code.

A helpful member of DBSTalk.com has formally written to DirecTV, requesting compliance to the GPL. So we shall see...

alldeadhomiez
03-18-2007, 11:37 PM
If you want to verify that there is linux GPL code on the HR20, you'll probably need to pull the prom and dump the code out and disassemble it.

A while back somebody wrote a TSReader plugin that could pull (Echostar) firmware updates off the satellite. This sort of approach may be less costly than surgery.

The DBStalk thread is here: http://www.dbstalk.com/showthread.php?t=82621

DocTauri
03-25-2007, 10:00 AM
Incidentally... My HR20 is spitting this out, but if you try to connect to it on the advertised port (58080 in the above example), it won't syn-ack. I'm assuming it's iptables is letting outbound traffic flow free, but no inbound.

It seems to seek out upnp devices on my network (my wrt-54g is advertising itself as one), then badgers the living shit out of it like a drunk girl at a frat party. It hits it on the upnp port, obtaining all of the xml data, then does it again the next minute, and the next, etc, every freakin minute of every freakin day. It's like watching a binary version of 50 First Dates.

DocTauri
03-25-2007, 11:12 AM
FYI: The packet above is actually the HR20 obtaining upnp info from another device. Here's a capture of my HR20 (0.140) advertising himself as a upnp to the network.



00:00:30.629497 IP 192.168.0.140.1900 > 239.255.255.140.1900: UDP, length 309
0x0000: 4500 0151 0000 4000 0411 c4db c0a8 008c E..Q..@.........
0x0010: efff ff8c 076c 076c 013d 08b5 4e4f 5449 .....l.l.=..NOTI
0x0020: 4659 202a 2048 5454 502f 312e 310d 0a4c FY.*.HTTP/1.1..L
0x0030: 4f43 4154 494f 4e3a 2068 7474 703a 2f2f OCATION:.http://
0x0040: 3139 322e 3136 382e 302e 3134 303a 3534 192.168.0.140:54
0x0050: 3035 352f 0d0a 484f 5354 3a20 3233 392e 055/..HOST:.239.
0x0060: 3235 352e 3235 352e 3134 303a 3139 3030 255.255.140:1900
0x0070: 0d0a 5345 5256 4552 3a20 504f 5349 582c ..SERVER:.POSIX,
0x0080: 2055 506e 502f 312e 302c 2055 6365 6e74 .UPnP/1.0,.Ucent
0x0090: 7269 6320 5654 432f 312e 300d 0a4e 5453 ric.VTC/1.0..NTS
0x00a0: 3a20 7373 6470 3a61 6c69 7665 0d0a 5553 :.ssdp:alive..US
0x00b0: 4e3a 2075 7569 643a 7575 6964 3a75 726e N:.uuid:uuid:urn
0x00c0: 3a64 6972 6563 7476 2e63 6f6d 3a64 6576 :directv.com:dev
0x00d0: 6963 653a 5354 423a 315b 3030 3a35 303a ice:STB:1[xx:xx:
0x00e0: 3934 3a45 363a 3438 3a46 415d 5b30 5d0d xx:xx:xx:xx][0].
0x00f0: 0a43 4143 4845 2d43 4f4e 5452 4f4c 3a20 .CACHE-CONTROL:.
0x0100: 6d61 782d 6167 653d 3132 300d 0a4e 543a max-age=120..NT:
0x0110: 2075 7569 643a 7575 6964 3a75 726e 3a64 .uuid:uuid:urn:d
0x0120: 6972 6563 7476 2e63 6f6d 3a64 6576 6963 irectv.com:devic
0x0130: 653a 5354 423a 315b 3030 3a35 303a 3934 e:STB:1[xx:xx:x
0x0140: 3a45 363a 3438 3a46 415d 5b30 5d0d 0a0d :xx:xx:xx][0]...


Note that the two xx:xx:xx:xx:xx:xx near the end is the [stripped] device's MAC address.

DocTauri
03-25-2007, 01:02 PM
I've had a capture going against my HR20 for about a week, I was just filtering out all of the upnp crap and came across this:



xx:xx:xx.xxxxxx IP 192.168.0.140.32950 > 8.3.161.3.8080: S 148140966:148140966(0) win 5840 <mss 1460,sackOK,timestamp 37168725 0,nop,wscale 0>
0x0000: 4500 003c 55f3 4000 4006 7a8e c0a8 008c E..<U.@.@.z.....
0x0010: 0803 a103 80b6 1f90 08d4 73a6 0000 0000 ..........s.....
0x0020: a002 16d0 81af 0000 0204 05b4 0402 080a ................
0x0030: 0237 2655 0000 0000 0103 0300 .7&U........
xx:xx:xx.xxxxxx IP 8.3.161.3.8080 > 192.168.0.140.32950: S 2501784927:2501784927(0) ack 148140967 win 5792 <mss 1380,sackOK,timestamp 3389684953 37168725,nop,wscale 2>
0x0000: 4500 003c 0000 4000 3306 dd81 0803 a103 E..<..@.3.......
0x0010: c0a8 008c 1f90 80b6 951e 355f 08d4 73a7 ..........5_..s.
0x0020: a012 16a0 70ba 0000 0204 0564 0402 080a ....p......d....
0x0030: ca0a 7cd9 0237 2655 0103 0302 ..|..7&U....
xx:xx:xx.xxxxxx IP 192.168.0.140.32950 > 8.3.161.3.8080: . ack 1 win 5840 <nop,nop,timestamp 37168735 3389684953>
0x0000: 4500 0034 55f4 4000 4006 7a95 c0a8 008c E..4U.@.@.z.....
0x0010: 0803 a103 80b6 1f90 08d4 73a7 951e 3560 ..........s...5`
0x0020: 8010 16d0 9ef7 0000 0101 080a 0237 265f .............7&_
0x0030: ca0a 7cd9 ..|.
xx:xx:xx.xxxxxx IP 192.168.0.140.32950 > 8.3.161.3.8080: P 1:235(234) ack 1 win 5840 <nop,nop,timestamp 37168735 3389684953>
0x0000: 4500 011e 55f5 4000 4006 79aa c0a8 008c E...U.@.@.y.....
0x0010: 0803 a103 80b6 1f90 08d4 73a7 951e 3560 ..........s...5`
0x0020: 8018 16d0 9be1 0000 0101 080a 0237 265f .............7&_
0x0030: ca0a 7cd9 504f 5354 202f 444d 532f 444d ..|.POST./DMS/DM
0x0040: 5353 6572 7665 7220 4854 5450 2f31 2e31 SServer.HTTP/1.1
0x0050: 0d0a 486f 7374 3a20 6262 7664 6d73 2e64 ..Host:.bbvdms.d
0x0060: 7476 6262 2e74 763a 3830 3830 0d0a 436f tvbb.tv:8080..Co
0x0070: 6e74 656e 742d 4c65 6e67 7468 3a20 3531 ntent-Length:.51
0x0080: 390d 0a41 6363 6570 743a 202a 2f2a 0d0a 9..Accept:.*/*..
0x0090: 4163 6365 7074 2d4c 616e 6775 6167 653a Accept-Language:
0x00a0: 2065 6e2d 7573 0d0a 5573 6572 2d41 6765 .en-us..User-Age
0x00b0: 6e74 3a20 4454 565f 444d 535f 302e 3031 nt:.DTV_DMS_0.01
0x00c0: 0d0a 436f 6e6e 6563 7469 6f6e 3a20 4b65 ..Connection:.Ke
0x00d0: 6570 2d41 6c69 7665 0d0a 436f 6e74 656e ep-Alive..Conten
0x00e0: 742d 5479 7065 3a20 7465 7874 2f78 6d6c t-Type:.text/xml
0x00f0: 0d0a 582d 4861 7368 3a20 xxxx xxxx xxxx ..X-Hash:.xxxxxx
0x0100: xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxxxxxxxxxxxxxx
0x0110: xxxx xxxx xxxx xxxx xxxx 0d0a 0d0a xxxxxxxxxx....
xx:xx:xx.xxxxxx IP 8.3.161.3.8080 > 192.168.0.140.32950: . ack 235 win 1716 <nop,nop,timestamp 3389686083 37168825>
0x0000: 4500 0034 6678 4000 3306 7711 0803 a103 E..4fx@.3.w.....
0x0010: c0a8 008c 1f90 80b6 951e 3560 08d4 7491 ..........5`..t.
0x0020: 8010 06b4 a965 0000 0101 080a ca0a 8143 .....e.........C
0x0030: 0237 26b9 .7&.
xx:xx:xx.xxxxxx IP 192.168.0.140.32950 > 8.3.161.3.8080: P 235:754(519) ack 1 win 5840 <nop,nop,timestamp 37168853 3389686083>
0x0000: 4500 023b 55f8 4000 4006 788a c0a8 008c E..;U.@.@.x.....
0x0010: 0803 a103 80b6 1f90 08d4 7491 951e 3560 ..........t...5`
0x0020: 8018 16d0 3f3f 0000 0101 080a 0237 26d5 ....??.......7&.
0x0030: ca0a 8143 3c3f 786d 6c20 7665 7273 696f ...C<?xml.versio
0x0040: 6e3d 2231 2e30 2220 656e 636f 6469 6e67 n="1.0".encoding
0x0050: 3d22 5554 462d 3822 3f3e 0a3c 6d65 7373 ="UTF-8"?>.<mess
0x0060: 6167 6520 786d 6c6e 733d 2268 7474 703a age.xmlns="http:
0x0070: 2f2f 646d 732e 6469 7265 6374 762e 636f //dms.directv.co
0x0080: 6d2f 6d65 7373 6167 6522 2076 6572 7369 m/message".versi
0x0090: 6f6e 3d22 3122 3e0a 3c6d 6573 7361 6765 on="1">.<message
0x00a0: 4865 6164 6572 3e0a 3c63 616d 4944 3e31 Header>.<camID>x
0x00b0: xxxx xxxx xxxx xxxx xx3c 2f63 616d 4944 xxxxxxxxx</camID
0x00c0: 3e0a 3c72 6964 3exx xxxx xxxx xxxx xxxx >.<rid>xxxxxxxxx
0x00d0: xxxx 3c2f 7269 643e 0a3c 736f 6674 7761 xx</rid>.<softwa
0x00e0: 7265 5665 7273 696f 6e3e 3133 653c 2f73 reVersion>13e</s
0x00f0: 6f66 7477 6172 6556 6572 7369 6f6e 3e0a oftwareVersion>.
0x0100: 3c6d 6f64 656c 4e75 6d62 6572 3e48 5232 <modelNumber>HR2
0x0110: 303c 2f6d 6f64 656c 4e75 6d62 6572 3e0a 0</modelNumber>.
0x0120: 3c6d 616e 7566 6163 7475 7265 7249 443e <manufacturerID>
0x0130: 3730 303c 2f6d 616e 7566 6163 7475 7265 700</manufacture
0x0140: 7249 443e 0a3c 706f 7374 696e 6754 696d rID>.<postingTim
0x0150: 653e xxxx xxxx xxxx xxxx xxxx 3c2f 706f e>xxxxxxxxxxx</po
0x0160: 7374 696e 6754 696d 653e 0a3c 2f6d 6573 stingTime>.</mes
0x0170: 7361 6765 4865 6164 6572 3e0a 3c6d 6573 sageHeader>.<mes
0x0180: 7361 6765 426f 6479 3e0a 3c6d 6573 7361 sageBody>.<messa
0x0190: 6765 4974 656d 3e0a 3c6d 6573 7361 6765 geItem>.<message
0x01a0: 5479 7065 3e53 5442 5f53 5441 5455 533c Type>STB_STATUS<
0x01b0: 2f6d 6573 7361 6765 5479 7065 3e0a 3c75 /messageType>.<u
0x01c0: 7074 696d 653e 3337 3136 3837 3c2f 7570 ptime>371687</up
0x01d0: 7469 6d65 3e0a 3c6e 756d 6265 724f 6652 time>.<numberOfR
0x01e0: 6573 6574 5369 6e63 654c 6173 7453 5744 esetSinceLastSWD
0x01f0: 4c3e 300a 3c2f 6e75 6d62 6572 4f66 5265 L>0.</numberOfRe
0x0200: 7365 7453 696e 6365 4c61 7374 5357 444c setSinceLastSWDL
0x0210: 3e0a 3c2f 6d65 7373 6167 6549 7465 6d3e >.</messageItem>
0x0220: 0a3c 2f6d 6573 7361 6765 426f 6479 3e0a .</messageBody>.
0x0230: 3c2f 6d65 7373 6167 653e 0a </message>.
xx:xx:xx.xxxxxx IP 8.3.161.3.8080 > 192.168.0.140.32950: . ack 754 win 1984 <nop,nop,timestamp 3389686313 37168853>
0x0000: 4500 0034 667a 4000 3306 770f 0803 a103 E..4fz@.3.w.....
0x0010: c0a8 008c 1f90 80b6 951e 3560 08d4 7698 ..........5`..v.
0x0020: 8010 07c0 a550 0000 0101 080a ca0a 8229 .....P.........)
0x0030: 0237 26d5 .7&.
xx:xx:xx.xxxxxx IP 8.3.161.3.8080 > 192.168.0.140.32950: P 1:103(102) ack 754 win 1984 <nop,nop,timestamp 3389687090 37168853>
0x0000: 4500 009a 667c 4000 3306 76a7 0803 a103 E...f|@.3.v.....
0x0010: c0a8 008c 1f90 80b6 951e 3560 08d4 7698 ..........5`..v.
0x0020: 8018 07c0 5113 0000 0101 080a ca0a 8532 ....Q..........2
0x0030: 0237 26d5 4854 5450 2f31 2e31 2032 3030 .7&.HTTP/1.1.200
0x0040: 204f 4b0d 0a53 6572 7665 723a 2041 7061 .OK..Server:.Apa
0x0050: 6368 652d 436f 796f 7465 2f31 2e31 0d0a che-Coyote/1.1..
0x0060: 436f 6e74 656e 742d 4c65 6e67 7468 3a20 Content-Length:.
0x0070: 300d 0a44 6174 653a 2053 756e 2c20 3235 0..Date:.Sun,.25
0x0080: 204d 6172 2032 3030 3720 3135 3a35 363a .Mar.2007.15:56:
0x0090: 3130 2047 4d54 0d0a 0d0a 10.GMT....
xx:xx:xx.xxxxxx IP 192.168.0.140.32950 > 8.3.161.3.8080: . ack 103 win 5840 <nop,nop,timestamp 37168966 3389687090>
0x0000: 4500 0034 55f9 4000 4006 7a90 c0a8 008c E..4U.@.@.z.....
0x0010: 0803 a103 80b6 1f90 08d4 7698 951e 35c6 ..........v...5.
0x0020: 8010 16d0 9260 0000 0101 080a 0237 2746 .....`.......7'F
0x0030: ca0a 8532 ...2
xx:xx:xx.xxxxxx IP 192.168.0.140.32950 > 8.3.161.3.8080: F 754:754(0) ack 103 win 5840 <nop,nop,timestamp 37168966 3389687090>
0x0000: 4500 0034 55fa 4000 4006 7a8f c0a8 008c E..4U.@.@.z.....
0x0010: 0803 a103 80b6 1f90 08d4 7698 951e 35c6 ..........v...5.
0x0020: 8011 16d0 925f 0000 0101 080a 0237 2746 ....._.......7'F
0x0030: ca0a 8532 ...2
xx:xx:xx.xxxxxx IP 8.3.161.3.8080 > 192.168.0.140.32950: P 1:103(102) ack 754 win 1984 <nop,nop,timestamp 3389687387 37168853>
0x0000: 4500 009a 667e 4000 3306 76a5 0803 a103 E...f~@.3.v.....
0x0010: c0a8 008c 1f90 80b6 951e 3560 08d4 7698 ..........5`..v.
0x0020: 8018 07c0 4fea 0000 0101 080a ca0a 865b ....O..........[
0x0030: 0237 26d5 4854 5450 2f31 2e31 2032 3030 .7&.HTTP/1.1.200
0x0040: 204f 4b0d 0a53 6572 7665 723a 2041 7061 .OK..Server:.Apa
0x0050: 6368 652d 436f 796f 7465 2f31 2e31 0d0a che-Coyote/1.1..
0x0060: 436f 6e74 656e 742d 4c65 6e67 7468 3a20 Content-Length:.
0x0070: 300d 0a44 6174 653a 2053 756e 2c20 3235 0..Date:.Sun,.25
0x0080: 204d 6172 2032 3030 3720 3135 3a35 363a .Mar.2007.15:56:
0x0090: 3130 2047 4d54 0d0a 0d0a 10.GMT....
xx:xx:xx.xxxxxx IP 192.168.0.140.32950 > 8.3.161.3.8080: . ack 103 win 5840 <nop,nop,timestamp 37168981 3389687387,nop,nop,sack sack 1 {1:103} >
0x0000: 4500 0040 55fb 4000 4006 7a82 c0a8 008c E..@U.@.@.z.....
0x0010: 0803 a103 80b6 1f90 08d4 7699 951e 35c6 ..........v...5.
0x0020: b010 16d0 c5ac 0000 0101 080a 0237 2755 .............7'U
0x0030: ca0a 865b 0101 050a 951e 3560 951e 35c6 ...[......5`..5.
xx:xx:xx.xxxxxx IP 8.3.161.3.8080 > 192.168.0.140.32950: F 103:103(0) ack 755 win 1984 <nop,nop,timestamp 3389687413 37168966>
0x0000: 4500 0034 6680 4000 3306 7709 0803 a103 E..4f.@.3.w.....
0x0010: c0a8 008c 1f90 80b6 951e 35c6 08d4 7699 ..........5...v.
0x0020: 8011 07c0 a02b 0000 0101 080a ca0a 8675 .....+.........u
0x0030: 0237 2746 .7'F
xx:xx:xx.xxxxxx IP 192.168.0.140.32950 > 8.3.161.3.8080: . ack 104 win 5840 <nop,nop,timestamp 37168990 3389687413>
0x0000: 4500 0034 55fc 4000 4006 7a8d c0a8 008c E..4U.@.@.z.....
0x0010: 0803 a103 80b6 1f90 08d4 7699 951e 35c7 ..........v...5.
0x0020: 8010 16d0 9103 0000 0101 080a 0237 275e .............7'^
0x0030: ca0a 8675 ...u
xx:xx:xx.xxxxxx IP 8.3.161.3.8080 > 192.168.0.140.32950: F 103:103(0) ack 755 win 1984 <nop,nop,timestamp 3389688832 37168966>
0x0000: 4500 0034 6684 4000 3306 7705 0803 a103 E..4f.@.3.w.....
0x0010: c0a8 008c 1f90 80b6 951e 35c6 08d4 7699 ..........5...v.
0x0020: 8011 07c0 9aa0 0000 0101 080a ca0a 8c00 ................
0x0030: 0237 2746 .7'F
xx:xx:xx.xxxxxx IP 192.168.0.140.32950 > 8.3.161.3.8080: . ack 104 win 5840 <nop,nop,timestamp 37169128 3389687413>
0x0000: 4500 0034 0000 4000 4006 d089 c0a8 008c E..4..@.@.......
0x0010: 0803 a103 80b6 1f90 08d4 7699 951e 35c7 ..........v...5.
0x0020: 8010 16d0 9079 0000 0101 080a 0237 27e8 .....y.......7'.
0x0030: ca0a 8675 ...u
xx:xx:xx.xxxxxx IP 8.3.161.3.8080 > 192.168.0.140.32950: F 103:103(0) ack 755 win 1984 <nop,nop,timestamp 3389690724 37168966>
0x0000: 4500 0034 6686 4000 3306 7703 0803 a103 E..4f.@.3.w.....
0x0010: c0a8 008c 1f90 80b6 951e 35c6 08d4 7699 ..........5...v.
0x0020: 8011 07c0 933c 0000 0101 080a ca0a 9364 .....<.........d
0x0030: 0237 2746 .7'F
xx:xx:xx.xxxxxx IP 192.168.0.140.32950 > 8.3.161.3.8080: . ack 104 win 5840 <nop,nop,timestamp 37169321 3389687413>
0x0000: 4500 0034 0000 4000 4006 d089 c0a8 008c E..4..@.@.......
0x0010: 0803 a103 80b6 1f90 08d4 7699 951e 35c7 ..........v...5.
0x0020: 8010 16d0 8fb8 0000 0101 080a 0237 28a9 .............7(.
0x0030: ca0a 8675 ...u


Looks like it's reporting back to the home office...

Doc

alldeadhomiez
03-25-2007, 01:35 PM
The packet above is actually the HR20 obtaining upnp info from another device.

It would be interesting to know what daemon is generating this activity.

Just noticed that there is a DOA HR20 on ebay: link (http://cgi.ebay.com/DIRECTV-PLUS-HD-DVR-HR20-700-DTV-Direct-TV-NR-DOA_W0QQitemZ290097980533QQcategoryZ67892QQssPageNameZWDVWQQrdZ1QQcmdZViewItem). One could extract the BGA flash from this unit, dump it into a file, and mount the root filesystem under Linux.

By-Tor
03-25-2007, 11:17 PM
Looks like it's reporting back to the home office...
Surfing to the address listed above (http://bbvdms.dtvbb.tv:8080/) gets you an Apache/Tomcat "Congratulations you've set up Apache Tomcat/5.5.17" page, with admin links and the like. Curious.

DocTauri
03-25-2007, 11:26 PM
You didn't go to the full URL. It's actually going to http://bbvdms.dtvbb.tv:8080/DMS/DMSServer

which produces a page that says:
This is class com.directv.dms.DMSServer, using the GET method v3

Which is pretty wierd in that, later in the packet we see dms.directv.com, which doesn't resolve to anything, but is backwards of the string this page presents.

mateom199
03-26-2007, 03:10 PM
It would be interesting to know what daemon is generating this activity.

Just noticed that there is a DOA HR20 on ebay: link (http://cgi.ebay.com/DIRECTV-PLUS-HD-DVR-HR20-700-DTV-Direct-TV-NR-DOA_W0QQitemZ290097980533QQcategoryZ67892QQssPageNameZWDVWQQrdZ1QQcmdZViewItem). One could extract the BGA flash from this unit, dump it into a file, and mount the root filesystem under Linux.

Interesting...I was under the impression that ALL HR20's were not purchased, but leased to the end user. If this guy cancels his D* sub, and D* requests the box back, who knows how much he's gonna be charged for failing to return the box.

mbellot
03-26-2007, 03:54 PM
FYI: The packet above is actually the HR20 obtaining upnp info from another device. Here's a capture of my HR20 (0.140) advertising himself as a upnp to the network.



00:00:30.629497 IP 192.168.0.140.1900 > 239.255.255.140.1900: UDP, length 309
0x0000: 4500 0151 0000 4000 0411 c4db c0a8 008c E..Q..@.........
0x0010: efff ff8c 076c 076c 013d 08b5 4e4f 5449 .....l.l.=..NOTI
0x0020: 4659 202a 2048 5454 502f 312e 310d 0a4c FY.*.HTTP/1.1..L
0x0030: 4f43 4154 494f 4e3a 2068 7474 703a 2f2f OCATION:.http://
0x0040: 3139 322e 3136 382e 302e 3134 303a 3534 192.168.0.140:54
0x0050: 3035 352f 0d0a 484f 5354 3a20 3233 392e 055/..HOST:.239.
0x0060: 3235 352e 3235 352e 3134 303a 3139 3030 255.255.140:1900
0x0070: 0d0a 5345 5256 4552 3a20 504f 5349 582c ..SERVER:.POSIX,
0x0080: 2055 506e 502f 312e 302c 2055 6365 6e74 .UPnP/1.0,.Ucent
0x0090: 7269 6320 5654 432f 312e 300d 0a4e 5453 ric.VTC/1.0..NTS
0x00a0: 3a20 7373 6470 3a61 6c69 7665 0d0a 5553 :.ssdp:alive..US
0x00b0: 4e3a 2075 7569 643a 7575 6964 3a75 726e N:.uuid:uuid:urn
0x00c0: 3a64 6972 6563 7476 2e63 6f6d 3a64 6576 :directv.com:dev
0x00d0: 6963 653a 5354 423a 315b nothing to see ice:STB:1[xx:xx:
0x00e0: here move along :) :) 5d 5b30 5d0d xx:xx:xx:xx][0].
0x00f0: 0a43 4143 4845 2d43 4f4e 5452 4f4c 3a20 .CACHE-CONTROL:.
0x0100: 6d61 782d 6167 653d 3132 300d 0a4e 543a max-age=120..NT:
0x0110: 2075 7569 643a 7575 6964 3a75 726e 3a64 .uuid:uuid:urn:d
0x0120: 6972 6563 7476 2e63 6f6d 3a64 6576 6963 irectv.com:devic
0x0130: 653a 5354 423a 315b nothing to see here e:STB:1[xx:xx:x
0x0140: move along :) :) 5d 5b30 5d0d 0a0d :xx:xx:xx][0]...


Note that the two xx:xx:xx:xx:xx:xx near the end is the [stripped] device's MAC address.

Except that you left them in the hex data area... :p

DocTauri
03-26-2007, 04:32 PM
Duh! Damn! I can't believe I missed that.

DocTauri
03-26-2007, 06:15 PM
Hey mods... Someone want to snip or delete post #21 now that I've corrected the issue?

Thanks,
Doc

mbellot
03-26-2007, 08:27 PM
Hey mods... Someone want to snip or delete post #21 now that I've corrected the issue?

Thanks,
Doc

Done. :cool:

DocTauri
03-26-2007, 08:51 PM
Thanks mbellot!

eBoyDog
03-28-2007, 10:05 AM
If you take the IP domain of which resolves to the IP address of 8.3.161.6, the n do a WhoIs on that IP; such goes back to Level 3 Inc which is a provider of internet services to companies who need to have a internet presence or basicly provide a gateway from Level 3 into what ever company's network.

Google "Level 3" and "Directv" and one of links you get is:
http://www.lexdon.com/article/Level_3_to_Help_Support/17871.html

Which this describes that Level 3 is going to help Directv provide local HDTV content:

BROOMFIELD, Colo., Nov. 3 - Level 3 Communications (Nasdaq: LVLT), a leading provider of broadband network services, today announced that it has been selected by DIRECTV, Inc., to help provide the nationwide backbone solution, consisting of bandwidth and data center services, that will enable the expansion of DIRECTV's High Definition Television (HDTV) services.

Under the agreement, Level 3 will upgrade and augment the DIRECTV backbone to support and aggregate HDTV signals from local markets for rebroadcast to DIRECTV customers. Level 3 has worked with DIRECTV since 1999 and currently provides a substantial portion of DIRECTV's existing private line backbone that supports its standard definition television (SDTV) services.

EvilJack
07-17-2007, 12:49 PM
Just wondering if this info has been updated anywhere else... can we get
a bash prompt or network access to the HR20 like we can the standard
DirecTV Tivo boxes?

With the new D10 ( MPEG4 sat ) and the new HD channels coming soon...
looks like I may be getting a HR20... just wondering what the latest info
on these are. ( specifically... can we get data off of these )

Thanks - jack

vurbano
07-17-2007, 03:17 PM
Just wondering if this info has been updated anywhere else... can we get
a bash prompt or network access to the HR20 like we can the standard
DirecTV Tivo boxes?

With the new D10 ( MPEG4 sat ) and the new HD channels coming soon...
looks like I may be getting a HR20... just wondering what the latest info
on these are. ( specifically... can we get data off of these )

Thanks - jack
Or off of the external Sata drives you can plug in