Page 1 of 3 123 LastLast
Results 1 to 15 of 33

Thread: Password Protection on TiVo

  1. #1
    Join Date
    Apr 2004
    Posts
    6

    Password Protection on TiVo

    Hi All,



    I've done a search and haven't found anything satisfactory to quench my thirst for knowledge on this, so thought I'd post.

    I've got a Phillips HDR212 Series 1 TiVo. I've secured TiVoWeb with a username and password. Now I want to have it ask for a username and password when you telnet to the TiVo (rather than going straight to the bash prompt). Would like the TiVo to handle this directly (Ie: not through a router or switch).

    Cheers.

  2. #2
    Join Date
    Apr 2003
    Posts
    2,402
    Quote Originally Posted by zollymonsta
    Hi All,



    I've done a search and haven't found anything satisfactory to quench my thirst for knowledge on this, so thought I'd post.

    I've got a Phillips HDR212 Series 1 TiVo. I've secured TiVoWeb with a username and password. Now I want to have it ask for a username and password when you telnet to the TiVo (rather than going straight to the bash prompt). Would like the TiVo to handle this directly (Ie: not through a router or switch).

    Cheers.
    Yeah, you're probably going to need to re-write the telnet server (daemon). Just kidding . Edit your .profile file in / to call a verification program/script before presenting the bash prompt. (I don't know much about linux, so I'm not exactly sure if this will work, but it seems like it should.)
    ew

  3. #3
    Join Date
    Apr 2004
    Posts
    6

    Thumbs up

    EEeek..

    Ok, well I'll hafta ask a friend or two who know about Linux more than me

    But good to see that it _may_ be possible

    Cheers...

  4. #4
    Join Date
    Jul 2003
    Posts
    770
    I was able to cobble together a crude hack that seems to work.

    DISCLAIMER: This hack could result in you being locked out of your Tivo. Do not proceed if you are not sure of these instructions. If you do proceed, do so at your own risk. This worked for me on an SA1/3.0 but it may or may not work for you. You may also wait until others have posted feedback in case I did something wrong.

    EDIT: Also, do not assume that this gives any measure of 'real' security. A 'real' hacker (or script kiddie) may be able to figure out your using the bash 'read' command and have a buffer overflow exploit agains it. This might be good enough to keep your little brother out of the Tivo but does not give enough security to put it naked on the Internet.


    Here are the steps:

    1) Make the root FS read-write
    mount -o remount,rw /

    2) create a script in /passwordcheck.sh (see listing below)
    EDIT: change password to suit taste

    3) make it executable
    chmod 755 /passwordcheck.sh

    4) Make root read-only
    mount -o remount,ro /

    5) Spawn a new tnlited listening on port 24 and spawning this script with this command:
    /sbin/tnlited 24 /passwordcheck.sh

    6) telnet to the tivo on port 24 (note: 'telnet TIVOIP 24' works from linux and
    winblows)

    7) If it works as expected, change your usual tnlited entry to call the script instead of /bin/bash. For added safety, run /bin/bash on port 24 for a while until you're confident in the script.

    EDIT: If it does not work as expect STOP EVERYTHING!!! and post your results here. Step 7 may be the point at which you'll have to pull the hard drive if you mess up.



    Code:
    #!/bin/sh
    PASSWORD="letmein"
    
    echo -n "Password: "
    read USRIN
    
    if [ "${USRIN}" = "${PASSWORD}" ]
    then
            exec /bin/bash
    else
            exit 
    fi
    Possible Improvments:
    - echo back '*' for each password char
    - Three strikes
    - Store password as an MD5 hash (somebody else do this)
    - rate limiting (prevent brute force cracking)
    - go silent for a while if abuse detected
    - silent mode (no prompt)
    - Logging
    - Error and control char trapping
    - motd?
    - Banner?
    - Backdoors?
    - Add a login name so you get a 'double layer of protection' (Like one of those female products)
    Last edited by cojonesdetoro; 04-15-2004 at 12:24 AM.
    perl -e 'print unpack("u","\@2\&\%V92\!Y;W4\@:&\%C:V5D(\%E/55\(\@5\&EV\;R\!T;V1A>3\\-\`"),"\n";'

  5. #5
    Join Date
    Jul 2003
    Posts
    770
    Im just havin' some fun...

    This version does not echo back the password:

    Code:
    #!/bin/sh
    PASSWORD="letmein"
    echo -n "Password: "
    /bin/stty -echo
    read USRIN
    /bin/stty echo
    if [ "${USRIN}" = "${PASSWORD}" ]
    then
            echo
            exec /bin/bash
    else
            exit 
    fi
    perl -e 'print unpack("u","\@2\&\%V92\!Y;W4\@:&\%C:V5D(\%E/55\(\@5\&EV\;R\!T;V1A>3\\-\`"),"\n";'

  6. #6
    Join Date
    Jan 2002
    Location
    Sonoran Desert
    Posts
    2,829
    EDIT: Oops, nevermind, didn't read the setup fully
    Last edited by AlphaWolf; 04-16-2004 at 09:22 PM.
    Before PMing me: Iím not your personal tech support. If you have a question, ask in public so I don't have to repeat if somebody else asks. If you want images or slices, use emule. I will ignore all support PMs.

    Sponsor a vegetarian! I have taken the pledge, how about you?

  7. #7
    Join Date
    Jun 2001
    Posts
    707
    Hmmm. How about a way to password protect Tivoweb using browser authentication? (.htaccess?)

  8. #8
    Join Date
    Aug 2003
    Posts
    1,285
    Hanging your tivo directly on the internet is pretty brass without having a the proper security layers.

    The alternates of tunnelling/reverse proxying through another machine (PC) is not a desirable solution either.

    I would like to find a very inexpensive gateway/router that is running ebedded linux that can be modded to handle ssh tunnelling and/or reverse proxying. Actually, for the money an XBOX is not too bad. Kind of a waste of resources and a little too large.

    Anyone know of any devices that would suit?

  9. #9
    Join Date
    Jan 2002
    Location
    Sonoran Desert
    Posts
    2,829
    Heres some beefed up security. In this configuration, the tivo doesn't know your password, rather it only knows when you entered the right password, and the maximum number of allowed attempts is 3. Theres also a 3 second delay if you get the wrong password, as a small means of slowing somebody who wants to just guess passwords. Crude yet sleek

    IMO this should only be considered a small padlock to keep out unwanted roommates who already have access to your LAN (it will NOT protect against any moderately sophistocated attacks.) If you want any protection beyond this, you should definitely use an SSH approach.

    passwordcheck.sh
    Code:
    #!/bin/bash
    
    #If the password file doesn't exist then assume none has been set.
    if [ ! -e /.tivopassword ]; then
        echo "No password found, run \"setpass\" to set one."
        /bin/bash --login
        exit
    fi
    
    TRIES=0
    while [ $TRIES -lt 3 ]; do
        echo -n "Password: "
        /bin/stty -echo
        read PASS
        /bin/stty echo
        echo ""
    
        echo $PASS | md5sum --check /.tivopassword --status
        if [ $? == 0 ]; then
            clear
            /bin/bash --login
            exit
        else
            sleep 3
            echo "Invalid password."
        fi
        let TRIES=TRIES+1
    done
    
    echo "Too many failed attempts, bye."
    exit -1
    And a little program to set an md5 password for you in a discreet manner (note I originally wrote this to check if you knew the old password first, but quickly realized that its rather pointless):

    setpass.sh
    Code:
    #!/bin/bash
    
    REMOUNT=0
    
    function reMount () {
        if [ $REMOUNT == 1 ]; then
            mount -o remount,ro /
        fi
    }
    
    echo test | dd of=/remountrandomtestfile > /dev/null 2>&1
    if [ $? == 1 ]; then
        mount -o remount,rw /
        declare REMOUNT=1
    fi
    
    rm -rf /remountrandomtestfile > /dev/null 2>&1
    
    echo -n "Enter new password: "
    /bin/stty -echo
    read PASS
    /bin/stty echo
    echo ""
    
    echo -n "Confirm new password: "
    /bin/stty -echo
    read PASS2
    /bin/stty echo
    echo ""
    
    if [ "${PASS}" == "${PASS2}" ]; then
        echo $PASS | md5sum > /.tivopassword
        reMount
        echo "New password set."
    else
        echo "Passwords don't match."
        reMount
        exit -1
    fi
    Last edited by AlphaWolf; 04-17-2004 at 12:16 PM.
    Before PMing me: Iím not your personal tech support. If you have a question, ask in public so I don't have to repeat if somebody else asks. If you want images or slices, use emule. I will ignore all support PMs.

    Sponsor a vegetarian! I have taken the pledge, how about you?

  10. #10
    Join Date
    Apr 2004
    Posts
    3
    Quote Originally Posted by cojonesdetoro
    7) If it works as expected, change your usual tnlited entry to call the script instead of /bin/bash. For added safety, run /bin/bash on port 24 for a while until you're confident in the script.
    Hey everyone,

    I'm also interested in securing my TiVo a little more then it's currently setup as and I had a few questions.

    In relation to the above, how can you get it to run the new, more secure, telnet program, rather then the old one at bootup? I assume it's some config file somewhere?

    AlphaWolf: I just tried your script, I created the two files in / and then CHMODed them both to 755.

    Now, I was a little unsure how to run the setpass.sh file, being a bit of a Linux newbie, but I tried the command ./setpass.sh

    It came up with "Enter new password:". I typed my password and hit enter. It then came up with:
    Code:
    Confirm new password:
    ./setpass.sh: [: ==: unary operator expected
    Passwords don't match.
    [TiVo [p0] /]#
    [TiVo [p0] /]#
    So basically, I typed my password for the first time, hit enter, and the above appeared all at once - I didn't get a chance to confirm the password.

    On a side note, if someone were to type the password in wrong three times, you can just open up the connection again? I just don't want to have to reboot my TiVo or something if I type in my password three times wrong (unlikely, but it could happen I guess).

    Thanks!

  11. #11
    Join Date
    Jan 2002
    Location
    Sonoran Desert
    Posts
    2,829
    Hmmm...that might be due to the fact that I didn't close the variable in quotes. If you use any odd characters in the password, that would cause if operator to screw up. Try it again with the changes I just edited into it. Also, if your third attempt fails, it just closes the telnet window so you have to connect again.
    Before PMing me: Iím not your personal tech support. If you have a question, ask in public so I don't have to repeat if somebody else asks. If you want images or slices, use emule. I will ignore all support PMs.

    Sponsor a vegetarian! I have taken the pledge, how about you?

  12. #12
    Join Date
    Apr 2004
    Posts
    3
    Quote Originally Posted by AlphaWolf
    Hmmm...that might be due to the fact that I didn't close the variable in quotes. If you use any odd characters in the password, that would cause if operator to screw up. Try it again with the changes I just edited into it. Also, if your third attempt fails, it just closes the telnet window so you have to connect again.
    hehe - just uploaded the changes and the password thing is working fine now

    I've got no special characters, just numbers and letters (upper and lower case) - so that's cool.

    Anyway, I tried the /sbin/tnlited 24 /passwordcheck.sh thing, and it appeared to run OK.

    I opened a telnet session on port 24 and I got the Password prompt, I typed it in and it allowed me in with the correct password.

    It did however end up saying:
    Code:
    Password:
    /passwordcheck.sh: clear: command not found
    [TiVo [p1] ~]#
    [TiVo [p1] ~]#
    It does not like the clear command?

    One other thing, when logging in, if you type the password in wrong, when you press enter it allows you to keep typing characters even though it is doing the wait three seconds thing - it then takes what you have typed with "Invalid Password." and submits that as your password.

    So, say, you hit Enter after the first password prompt, and then press "aaa", it will say: "aaaInvalid password." But then it will submit that as your password, looking something like:
    Code:
    Password:
    aaaInvalid password.
    Password:
    Even if you don't type anything in, it still appears to put the text "Invalid password." as your password, so you have to press backspace a few times before you can type your password in.

    I hope that makes sense!

    Alan

  13. #13
    Join Date
    Jan 2002
    Location
    Sonoran Desert
    Posts
    2,829
    Hmm....I assumed that clear was a built in bash command, but apparently not. Try removing lines 16 and 20 (echo "" and clear respectively) and see if that fixes all of your problems.
    Before PMing me: Iím not your personal tech support. If you have a question, ask in public so I don't have to repeat if somebody else asks. If you want images or slices, use emule. I will ignore all support PMs.

    Sponsor a vegetarian! I have taken the pledge, how about you?

  14. #14
    Join Date
    Jul 2003
    Posts
    770
    BTW, md5sum is not a bash builtin or standard Tivo distributed file either.

    EDIT: I do have a binary of it in my /var/hacks directory and it's also part of the busybox version I have on my SA1/3.0 but it would be good for newbs without a full collection of hacks to know this in advance.

    ABTW, nice mods.
    Last edited by cojonesdetoro; 04-17-2004 at 09:14 PM.
    perl -e 'print unpack("u","\@2\&\%V92\!Y;W4\@:&\%C:V5D(\%E/55\(\@5\&EV\;R\!T;V1A>3\\-\`"),"\n";'

  15. #15
    Join Date
    Jul 2003
    Posts
    770
    Quote Originally Posted by jasch
    Hmmm. How about a way to password protect Tivoweb using browser authentication? (.htaccess?)
    I think tivowebplus already has password protection. It's the most stable and feature-rich version of tivoweb now. I think the original tivoweb was orphaned by the author. It had a bunch of bugs and also had a bunch of 'hidden' code that prevented its use with video extraction software. I believe they call it 'moralityware'.
    perl -e 'print unpack("u","\@2\&\%V92\!Y;W4\@:&\%C:V5D(\%E/55\(\@5\&EV\;R\!T;V1A>3\\-\`"),"\n";'

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •