pdf $atellite hacking for fun & pr0fit!
TRANSCRIPT
![Page 2: PDF $atellite Hacking for Fun & Pr0fit!](https://reader031.vdocuments.us/reader031/viewer/2022022417/5879e0de1a28abd0398bfb10/html5/thumbnails/2.jpg)
Who Am I?
● Open Source developer / researcher
– Bluetooth
– RFID
– Full Disclosure / White Hat!● Freelance research / training / lecturing
![Page 3: PDF $atellite Hacking for Fun & Pr0fit!](https://reader031.vdocuments.us/reader031/viewer/2022022417/5879e0de1a28abd0398bfb10/html5/thumbnails/3.jpg)
Why Now?
● Jim Geovedi & Raditya Iryandi– Hacking a Bird in The Sky
● Old Skewl– Started doing this in late 90's.– So, err... why did it take so long to publish?
![Page 4: PDF $atellite Hacking for Fun & Pr0fit!](https://reader031.vdocuments.us/reader031/viewer/2022022417/5879e0de1a28abd0398bfb10/html5/thumbnails/4.jpg)
Feed Hunting
● Look for 'interesting' satellite feeds– Scan all satellites– Scan all frequencies– Report on mailing lists / forums
![Page 5: PDF $atellite Hacking for Fun & Pr0fit!](https://reader031.vdocuments.us/reader031/viewer/2022022417/5879e0de1a28abd0398bfb10/html5/thumbnails/5.jpg)
Poking in the dark
![Page 6: PDF $atellite Hacking for Fun & Pr0fit!](https://reader031.vdocuments.us/reader031/viewer/2022022417/5879e0de1a28abd0398bfb10/html5/thumbnails/6.jpg)
Poking in the dark
![Page 7: PDF $atellite Hacking for Fun & Pr0fit!](https://reader031.vdocuments.us/reader031/viewer/2022022417/5879e0de1a28abd0398bfb10/html5/thumbnails/7.jpg)
Poking in the dark
![Page 8: PDF $atellite Hacking for Fun & Pr0fit!](https://reader031.vdocuments.us/reader031/viewer/2022022417/5879e0de1a28abd0398bfb10/html5/thumbnails/8.jpg)
Poking in the dark
![Page 9: PDF $atellite Hacking for Fun & Pr0fit!](https://reader031.vdocuments.us/reader031/viewer/2022022417/5879e0de1a28abd0398bfb10/html5/thumbnails/9.jpg)
There must be a better way!
● Visualisation is your friend– Human Brain likes images
● Recognise food● Recognise danger● Recognise friends● Recognise enemies
![Page 10: PDF $atellite Hacking for Fun & Pr0fit!](https://reader031.vdocuments.us/reader031/viewer/2022022417/5879e0de1a28abd0398bfb10/html5/thumbnails/10.jpg)
Visual Representations
![Page 11: PDF $atellite Hacking for Fun & Pr0fit!](https://reader031.vdocuments.us/reader031/viewer/2022022417/5879e0de1a28abd0398bfb10/html5/thumbnails/11.jpg)
Visual Representations
![Page 12: PDF $atellite Hacking for Fun & Pr0fit!](https://reader031.vdocuments.us/reader031/viewer/2022022417/5879e0de1a28abd0398bfb10/html5/thumbnails/12.jpg)
Visual Representations
![Page 13: PDF $atellite Hacking for Fun & Pr0fit!](https://reader031.vdocuments.us/reader031/viewer/2022022417/5879e0de1a28abd0398bfb10/html5/thumbnails/13.jpg)
Time travel – day 1
![Page 14: PDF $atellite Hacking for Fun & Pr0fit!](https://reader031.vdocuments.us/reader031/viewer/2022022417/5879e0de1a28abd0398bfb10/html5/thumbnails/14.jpg)
Time travel – day 2
![Page 15: PDF $atellite Hacking for Fun & Pr0fit!](https://reader031.vdocuments.us/reader031/viewer/2022022417/5879e0de1a28abd0398bfb10/html5/thumbnails/15.jpg)
That was then...
● Proprietary control systems– Undocumented
● Reluctant manufacturers
– Special hardware / interface converters● Motor Control● Signal Status
– to RS232
– Expensive receivers
![Page 16: PDF $atellite Hacking for Fun & Pr0fit!](https://reader031.vdocuments.us/reader031/viewer/2022022417/5879e0de1a28abd0398bfb10/html5/thumbnails/16.jpg)
This is now...
● Open standards– DVB Cards– Embedded Linux Receivers
● Dreambox– Tuxbox based– GPL source code– Cross compilers– Alternative firmware
● http://www.ihaveadreambox.com
– http://www.dreammultimediatv.de/
![Page 17: PDF $atellite Hacking for Fun & Pr0fit!](https://reader031.vdocuments.us/reader031/viewer/2022022417/5879e0de1a28abd0398bfb10/html5/thumbnails/17.jpg)
This is now...
● Web Interface– Select programming– Steer dish– Examine feed properties
![Page 18: PDF $atellite Hacking for Fun & Pr0fit!](https://reader031.vdocuments.us/reader031/viewer/2022022417/5879e0de1a28abd0398bfb10/html5/thumbnails/18.jpg)
Web Interface
![Page 19: PDF $atellite Hacking for Fun & Pr0fit!](https://reader031.vdocuments.us/reader031/viewer/2022022417/5879e0de1a28abd0398bfb10/html5/thumbnails/19.jpg)
Stream Info
![Page 20: PDF $atellite Hacking for Fun & Pr0fit!](https://reader031.vdocuments.us/reader031/viewer/2022022417/5879e0de1a28abd0398bfb10/html5/thumbnails/20.jpg)
Stream Info
![Page 21: PDF $atellite Hacking for Fun & Pr0fit!](https://reader031.vdocuments.us/reader031/viewer/2022022417/5879e0de1a28abd0398bfb10/html5/thumbnails/21.jpg)
You've got to know how to grab it...
![Page 22: PDF $atellite Hacking for Fun & Pr0fit!](https://reader031.vdocuments.us/reader031/viewer/2022022417/5879e0de1a28abd0398bfb10/html5/thumbnails/22.jpg)
Stream Info
● dvbsnoop DVB and MPEG stream analyzer– “WireShark for DVB”– Access to raw data from DVB card– Decode known PIDs
http://dvbsnoop.sourceforge.net
![Page 23: PDF $atellite Hacking for Fun & Pr0fit!](https://reader031.vdocuments.us/reader031/viewer/2022022417/5879e0de1a28abd0398bfb10/html5/thumbnails/23.jpg)
Stream Info
![Page 24: PDF $atellite Hacking for Fun & Pr0fit!](https://reader031.vdocuments.us/reader031/viewer/2022022417/5879e0de1a28abd0398bfb10/html5/thumbnails/24.jpg)
Stream Info
![Page 25: PDF $atellite Hacking for Fun & Pr0fit!](https://reader031.vdocuments.us/reader031/viewer/2022022417/5879e0de1a28abd0398bfb10/html5/thumbnails/25.jpg)
Stream Info
![Page 26: PDF $atellite Hacking for Fun & Pr0fit!](https://reader031.vdocuments.us/reader031/viewer/2022022417/5879e0de1a28abd0398bfb10/html5/thumbnails/26.jpg)
Stream Info
![Page 27: PDF $atellite Hacking for Fun & Pr0fit!](https://reader031.vdocuments.us/reader031/viewer/2022022417/5879e0de1a28abd0398bfb10/html5/thumbnails/27.jpg)
Stream Info
![Page 28: PDF $atellite Hacking for Fun & Pr0fit!](https://reader031.vdocuments.us/reader031/viewer/2022022417/5879e0de1a28abd0398bfb10/html5/thumbnails/28.jpg)
Stream Info
![Page 29: PDF $atellite Hacking for Fun & Pr0fit!](https://reader031.vdocuments.us/reader031/viewer/2022022417/5879e0de1a28abd0398bfb10/html5/thumbnails/29.jpg)
Stream Info
![Page 30: PDF $atellite Hacking for Fun & Pr0fit!](https://reader031.vdocuments.us/reader031/viewer/2022022417/5879e0de1a28abd0398bfb10/html5/thumbnails/30.jpg)
Stream Info
![Page 31: PDF $atellite Hacking for Fun & Pr0fit!](https://reader031.vdocuments.us/reader031/viewer/2022022417/5879e0de1a28abd0398bfb10/html5/thumbnails/31.jpg)
Stream Info
![Page 32: PDF $atellite Hacking for Fun & Pr0fit!](https://reader031.vdocuments.us/reader031/viewer/2022022417/5879e0de1a28abd0398bfb10/html5/thumbnails/32.jpg)
Taking over the Dreambox
● Avoid programming– Analyse config files– Tools to tweak and update– Use existing Web Interface URLS– Use remote tools via IP
● ssh / scp● dvbsnoop● tun/tap
![Page 33: PDF $atellite Hacking for Fun & Pr0fit!](https://reader031.vdocuments.us/reader031/viewer/2022022417/5879e0de1a28abd0398bfb10/html5/thumbnails/33.jpg)
Taking over the Dreambox
![Page 34: PDF $atellite Hacking for Fun & Pr0fit!](https://reader031.vdocuments.us/reader031/viewer/2022022417/5879e0de1a28abd0398bfb10/html5/thumbnails/34.jpg)
Taking over the Dreambox
![Page 35: PDF $atellite Hacking for Fun & Pr0fit!](https://reader031.vdocuments.us/reader031/viewer/2022022417/5879e0de1a28abd0398bfb10/html5/thumbnails/35.jpg)
dreaMMap
● python (yay!) script– Grab URL– Read status from returned webpage– Create 3D model
![Page 36: PDF $atellite Hacking for Fun & Pr0fit!](https://reader031.vdocuments.us/reader031/viewer/2022022417/5879e0de1a28abd0398bfb10/html5/thumbnails/36.jpg)
This is now...
![Page 37: PDF $atellite Hacking for Fun & Pr0fit!](https://reader031.vdocuments.us/reader031/viewer/2022022417/5879e0de1a28abd0398bfb10/html5/thumbnails/37.jpg)
This is now...
![Page 38: PDF $atellite Hacking for Fun & Pr0fit!](https://reader031.vdocuments.us/reader031/viewer/2022022417/5879e0de1a28abd0398bfb10/html5/thumbnails/38.jpg)
3D model capabilities
● Point & Click– Steer to sat/freq– Decode DVB/Audio within model– Read Text / EPG– Pipe datagrams to Wireshark
![Page 39: PDF $atellite Hacking for Fun & Pr0fit!](https://reader031.vdocuments.us/reader031/viewer/2022022417/5879e0de1a28abd0398bfb10/html5/thumbnails/39.jpg)
Demonstration
![Page 40: PDF $atellite Hacking for Fun & Pr0fit!](https://reader031.vdocuments.us/reader031/viewer/2022022417/5879e0de1a28abd0398bfb10/html5/thumbnails/40.jpg)
![Page 41: PDF $atellite Hacking for Fun & Pr0fit!](https://reader031.vdocuments.us/reader031/viewer/2022022417/5879e0de1a28abd0398bfb10/html5/thumbnails/41.jpg)
![Page 42: PDF $atellite Hacking for Fun & Pr0fit!](https://reader031.vdocuments.us/reader031/viewer/2022022417/5879e0de1a28abd0398bfb10/html5/thumbnails/42.jpg)
![Page 43: PDF $atellite Hacking for Fun & Pr0fit!](https://reader031.vdocuments.us/reader031/viewer/2022022417/5879e0de1a28abd0398bfb10/html5/thumbnails/43.jpg)
![Page 44: PDF $atellite Hacking for Fun & Pr0fit!](https://reader031.vdocuments.us/reader031/viewer/2022022417/5879e0de1a28abd0398bfb10/html5/thumbnails/44.jpg)
![Page 45: PDF $atellite Hacking for Fun & Pr0fit!](https://reader031.vdocuments.us/reader031/viewer/2022022417/5879e0de1a28abd0398bfb10/html5/thumbnails/45.jpg)
Equipment List
● Dreambox 7020– £250 ($350)
● Dish– £50 £200
● Motor & Mount– £100
● Total = £550 ($785)