Blackstar

From DisNCord Community Wiki
Revision as of 14:31, 10 September 2024 by JennyWakeman (talk | contribs) (What? Help me!)
Jump to navigation Jump to search

This is a project to (hopefully) achieve remote code execution on the Dish Network ViP line of set-top boxes. The unit used for testing is a Dish Network ViP222k.

I wouldn't place bets on this project's success. I do not have a background in cybersecurity or pentesting. It'd be funny though.

Goals

  • Framebuffer access (for funniest image I'll ever take)
  • Boot NetBSD (someday, somehow)
  • Run Doom (maybe)

UPnP

On startup, the ViP units expose a UPnP server with a surprising (alarming?) amount of functions. Some examples:

  • Increment/decrement channel
  • Force redownload program guide
  • Lock/unlock front panel controls and remote
  • Remote reboot
  • Test satellite switch (annoying, takes a very long time!)

(Among various other things.)

Currently, a Python script has been written (and will eventually be released) that can detect ViP units on a wireless network (via UPnP) and execute exposed actions. This has the added advantage of being able to quickly detect model information and grab the unit's IP (for port scanning, which will be done Soonᚾᛖ.)