View previous topic :: View next topic |
Author |
Message |
bevhoward
Joined: 24 Jun 2005 Posts: 248
|
|
Back to top |
|
|
johnsfine Site Admin
Joined: 10 Aug 2003 Posts: 4766 Location: Bedford, MA |
Posted: Tue Aug 02, 2005 10:18 am Post subject: |
|
|
Unless I'm totally misunderstanding things, those pages seriously overstate the IR aspect of those issues:
1) Many of the devices described as IR are normally RF. I think always RF, but I can't be certain there isn't some bizare model out there.
2) The most serious issues relate to connecting a device to the internal cable system that wasn't expected to be connected. In other words an important layer of protection was assumed to be provided by the end devices on the internal cable system and is totally bypassed by connecting a different end device. That is an interesting exploit issue but no IR component.
The tiny IR component relates to things the TV may be programmed to do that the provided remote doesn't have buttons for. JP1 might be a tool for such things in the hands of an extreme amatuer. But I think direct PC capture and transmit of IR signals would be the method of choice for anyone serious about such things. In which case our reverse engineering of so many IR formats is much more relevent than JP1 itself. |
|
Back to top |
|
|
bevhoward
Joined: 24 Jun 2005 Posts: 248
|
Posted: Tue Aug 02, 2005 10:54 am Post subject: |
|
|
>> overstate <<
That was my first impression as well (appears that ir is widely used in europe for car and garage entry,) but digging into the billing and related aspects of the articles was where my concern arose.
I think that these articles will result in an eventual "lockdown" but I also think that that happening will take time.
Since my post, have uncovered some additional facts that point to the direction of exploit being computer rather than remote based.
Page 2 of http://www.wired.com/news/privacy/0,1848,68370,00.html?tw=wn_2polihead goes more into the threat details. |
|
Back to top |
|
|
johnsfine Site Admin
Joined: 10 Aug 2003 Posts: 4766 Location: Bedford, MA |
Posted: Tue Aug 02, 2005 12:13 pm Post subject: |
|
|
bevhoward wrote: |
Since my post, have uncovered some additional facts that point to the direction of exploit being computer rather than remote based. |
That's what I meant by my "end device" comment: Connect an ordinary computer (with appropriate interface) in place of the custom TV to the internal cable system, and you have access to things on the cable that were intended to be managed by firmware in the custom TV.
Nothing you could do with the IR remote could give you anything you couldn't get via that computer approach and the computer approach can give you lots you couldn't get with IR. If the TV custom firmware is really simplistic (probably is) then using IR might be easier than using a computer for getting some subset of what you might get by computer. |
|
Back to top |
|
|
underquark Expert
Joined: 20 Jun 2005 Posts: 874 Location: UK |
Posted: Tue Aug 02, 2005 3:09 pm Post subject: |
|
|
I have a much more sinister plan. My son and his friends have all got those Tamagotchi things that communicate (and breed) with each other via IR. Mini-bar, here I come |
|
Back to top |
|
|
rhm5757 Advanced Member
Joined: 03 Aug 2003 Posts: 33
|
Posted: Fri Aug 05, 2005 8:17 pm Post subject: |
|
|
One of the more common backend systems is called LodgeNet. These usually have very crappy "stick" remotes with tiny square buttons. I learned all the buttons for it one time when I brought one of my JP1 remotes to a hotel that used that system, since it uses a unique NEC1 device and subdevice code not normally in a UEIC remote. I then made an upgrade when I got back home, which of course I still have, but never did anything with it. I never really got a chance to, as I don't think I've stayed at a hotel with LodgeNet since. Of course I was planning on looking for hidden codes to do things like unlock channels, because I have often been frustrated with these things locking channels on the system. I guess those hidden codes actually exist. Too bad they're likely going to be locked down now. |
|
Back to top |
|
|
The Robman Site Owner
Joined: 01 Aug 2003 Posts: 21238 Location: Chicago, IL |
Posted: Sat Aug 06, 2005 2:35 pm Post subject: |
|
|
The g@rage door openers and key f0b remotes are not an issue as most of them (if not all of them) are RF based.
The h0tel TVs do offer more possibilites though.
I doubt that you can do anything that sinister (like the billing stuff) without a computer (as has been suggested) but you might be able to unlock channels and things like that. Most h0tels use special TVs which allow you to disable certain functions, which could be unlocked by a JP1 user. _________________ Rob
www.hifi-remote.com
Please don't PM me with remote questions, post them in the forums so all the experts can help! |
|
Back to top |
|
|
underquark Expert
Joined: 20 Jun 2005 Posts: 874 Location: UK |
Posted: Sun Aug 07, 2005 2:19 am Post subject: |
|
|
The Robman wrote: | Most h0tels use special TVs which allow you to disable certain functions, which could be unlocked by a JP1 user. |
Equally U could try out various c0des & end up hitting on the p0rn0 film option and having to pay for it or argue loudly at the reception desk tht it wasn't U. I suspect tha' even if some systems are so lax as to allow U access that at least they might l0g where the commands originated from so that even if this was related to Jay-Pee-One and even if U could get it to work it wood be a bit lyke throuwing a brycke thrua jewellers' shop window - i.e. both illlegal and rather obvious. |
|
Back to top |
|
|
The Robman Site Owner
Joined: 01 Aug 2003 Posts: 21238 Location: Chicago, IL |
Posted: Sun Aug 07, 2005 10:49 am Post subject: |
|
|
OK you-queue, I've got your numb3r! _________________ Rob
www.hifi-remote.com
Please don't PM me with remote questions, post them in the forums so all the experts can help! |
|
Back to top |
|
|
underquark Expert
Joined: 20 Jun 2005 Posts: 874 Location: UK |
Posted: Mon Aug 14, 2006 6:38 pm Post subject: |
|
|
Bump.
One year on (hey, I'm patient) and no Tamagotchi codes yet? We're onto generation 3 of the little bu66ers. |
|
Back to top |
|
|
|