This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Hi there folks.
Im from portugal and i have a little problem.
i have 2 x300t working, one was provided by my ISP and the other was from other user that disconnected from ISP provider and when i connect him the box tells me that service is not provided...
There are any Registry in x300 that could be block the box???(diferent of my OK box provided by ISP) or my ISP is blocking any kind of registry
please, any help
Err, what I meant was modyfing the tv2clientce to display the aes key would be easier than hooking the functions
The rdp username/password is not fixed, that's what is included in the xml data, it looks like this:Code: [Select]<GetTerminalServerCredentialsPerApp3Response xmlns="http://www.microsoft.com/tv2/server/tsmonitor">
- The token id seems to be needed to connect.
<GetTerminalServerCredentialsPerApp3Result>Succeed</GetTerminalServerCredentialsPerApp3Result>
<loginCredentials serverName="a.server.T-ONLINE.DE" domainName="TSSF01008" username="rdpsessionuser004" password="Adbe9d0d2-f1cb-48cb-a394-24bb7d2c38b9z" sessionId="5" port="3389" Token="1021cd1d-f894-4681-b4a3-63fcc35719d5" />
</GetTerminalServerCredentialsPerApp3Response>
The aes key can be captured, i watched it and the corresponding IVs with the help of http://www.t-hack.com/forum/index.php?topic=293.0 and http://www.t-hack.com/forum/index.php?topic=278.0 about a year ago, but a modified tv2clientce would be much easier
A rdp session password can be requested and will then be delivered as part of the encrypted xml communication - the complicated part is the extra security, even a valid password is not enough to log in, "someone" has already tried this *cough*.
A wireshark dissector is rather useless, because like I already said, the key is inside the rsa encrypted first server response, and it's different each time.
I don't understand what you mean by rdp stuff beeing complicated, RDP does what i does(i.e. the same that remote desktop on windows does, witch is showing a remote screen) If you use wireshark to get one of the rdp servers hostname, you can connect using the normal remote desktop client in windows... They use RDP to show the interface for activating/deactivating channels(witch is just a normal windows program running on a a normal winserver2003 terminal server session, the client in the box just maps the remote button presses to pc keyboard events) since the native mediaroom does not have that capability.
Do you found the password for logging in into the RDP? or is it a sessionbased one?
Afaik the best part of the whole xml mess is the epg, which is compressed, so the incredibly powerful 300mhz cpu has to parse and decompress ~1MB of binary data wrapped into xml data and then parse the decompressed data again. Unfortunately the rdp stuff is somewhat tamper resistant because it's complicated...
Wrapping tons of binary data into xml is one of the reasons why the box needs ages to boot...