+- Kodi Community Forum (https://forum.kodi.tv)
+-- Forum: Discussions (https://forum.kodi.tv/forumdisplay.php?fid=222)
+--- Forum: Hardware (https://forum.kodi.tv/forumdisplay.php?fid=112)
+--- Thread: Hacking the Boxee Box to run XBMC? (/showthread.php?tid=64578)
- outleradam - 2010-12-17
- Hannes The Hun - 2010-12-17
yeah, it's okay adam, you have a book. I've read that stuff in wikipedia, and I have a ph.d. in biology... really guys, this board needs a facepalm smilie.
- stoli - 2010-12-17
Sorry - had to do it. :-)
- Hannes The Hun - 2010-12-17
you are a nasty, nasty person, stoli!
- outleradam - 2010-12-17
Hannes The Hun Wrote:yeah, it's okay adam, you have a book. I've read that stuff in wikipedia, and I have a ph.d. in biology... really guys, this board needs a facepalm smilie.
I actually came across that page while studdying and I figured I would post it. It gives a pretty good explanation of what we are dealing with here and also sorts that ssl thing out from earlier... It's relevant to the discussion so I posted it.
That TPM is the chip in question and that excerpt gives an idea of how to bypass it
Rather then exclaim that you recognize that it is a book, try reading it.
- Hannes The Hun - 2010-12-17
adam, I'm sorry if it looked like a personal insult to you, maybe it's the excellent bottle of chianti working on me. you seem to show some true dedication, so feel free to actively take part in the boxee box hacking process http://boxeeboxwiki.org/wiki/Main_Page and from my personal experience, the best learning progress is achieved by actually taking part in a project, not only doing some reading in dusty books. you will gain a lot from this!
- topfs2 - 2010-12-17
teaguecl Wrote:If there is a key in the firmware of the BB, it won't be of much use - it will be the public key. That doesn't help, you need the private key. If they've left the private key somewhere in the firmware, then somebody should be fired
Right! I knew there was something nagging me I had forgot from my security course
Thanks for the clarification
- outleradam - 2010-12-17
That's for working with the boxee signed code. It's more likely that the code is just signed because decryption would consume mass resources. Also power.
The better option would involve working around the boxee security or disabling it. We have no need to use encryption keys if we can bypass the basic input output chip which would be responsible for stating the signed code is mandatory. I don't immagine that they REALLY use encryption on the soldered flash memory. It is more likely that the TPM checks for an encrypted key of sorts.
If we could find a weakness... What happens when telnetting in and running a simple binary with the executable bit set? Can shell scripts be run? What happens when killall boxee is run? Is there a password set application? What happens if we crashnout boxee when setting a password then telnet in?
- CrashX - 2010-12-17
Where did you guys get the information that exe needs to be signed to be run on boxee box ?
The only thing is that Boxee update is signed and hence we can't create our own iso yet. But once boxee box runs, we can telnet into (using hacks offcourse) and run anything we want ( scripts, restart boxee )
- Hannes The Hun - 2010-12-17
CrashX Wrote:and run anything we want
OMG we could have executed XBMC long ago! FUCK we are stupid! thank you, crashX!
- CrashX - 2010-12-17
Hannes The Hun Wrote:OMG we could have executed XBMC long ago! FUCK we are stupid! thank you, crashX!
Let me rephrase anything that is already on boxee box or is compiled for it ...
- poofyhairguy - 2010-12-18
Hannes The Hun Wrote:this could very well be one of the major points why they switched from tegra2 to intel in the last minute (and not only the decoding limitations). my best guess would be that an android-based tegra2 box would have been far more hacker-friendly, but I'm no expert here.
One thing about the Boxee Box is that it is basically a GoogleTV.
I have a feeling the Boxee folks went to the media overlords and said: "We have this box, please give us content" and the overlords said "What the hell is a Boxee and why would we trust you?!?!" (media overlords are always out of touch)
So then Boxee went back to them again and said: "We have our own version of the GoogleTV platform that you already approved of having enough of your (evil) restrictions, now can we have content?" The media overlords responded "Ok Google TV knockoff, we will support you. But if we EVER find you have opened this platform to hackers you are done for in the media business."
And somewhere, far far away, a poofyhairguy thanks his lucky stars that the Usenet exists to avoid dealing with such characters...
- topfs2 - 2010-12-18
Well that and its proven that tegra2 don't do 1080p with some important codecs
- poofyhairguy - 2010-12-18
topfs2 Wrote:Well that and its proven that tegra2 don't do 1080p with some important codecs
Oh, don't get me wrong- I am not saying they switched to Intel for the content providers. I bet Dlink got a good deal on the Intel hardware thanks to GoogleTV volumes and they switched to hit the right price point (and to avoid Tegra2 sucking).
What I am saying is that I bet Boxee is partially piggybacking on the GoogleTV with content providers if nothing else but to help those old dinosaurs understand what they were trying to do. The trust was bought with using the good names of Intel and Google, and a demand was given to stop any hacking.
- topfs2 - 2010-12-18
poofyhairguy Wrote:Oh, don't get me wrong- I am not saying they switched to Intel for the content providers. I bet Dlink got a good deal on the Intel hardware thanks to GoogleTV volumes and they switched to hit the right price point (and to avoid Tegra2 sucking).
What I am saying is that I bet Boxee is partially piggybacking on the GoogleTV with content providers if nothing else but to help those old dinosaurs understand what they were trying to do. The trust was bought with using the good names of Intel and Google, and a demand was given to stop any hacking.
Ah, yeah I'm sure it have helped them in discussions being able to say its essentially the same hardware as the GoogleTV, and as you say, probably have made prices come down for dlink.