So, you have a Telstra T-Box and then you churned to another ISP, or perhaps you decided tor give your T-Box to a friend or family member who doesn’t have a ‘net connection. That’s when you found out just tied to Telstra that box is. Suddenly, the EPG is only showing what’s on now and what’s next, you can’t access your own local media any more and so on.
Or perhaps you are still with Telstra, but want some functionality that the T-Box can do, but Telstra doesn’t allow for – stuff like adding your own IPTV channels.
In short, you like the T-Box firmware you just hate the restrictions Telstra has included. What to do?
The External Hack
Because like most network connected smart appliances, the T-Box runs a version of Linux, several people have attempted to gain access to a shell on the T-Box. First attempts were fairly simple – nmap to look for open ports etc. Unfortunately, this appears to be in vain – you can get a SSH connection to it, but only if you have the correct X.509 certificate. Not surprisingly, you can’t get this from Telstra and while it’s theoretically possible to “crack” or “fake” such a certificate, no-one seems to have tried this approach yet. Nor will I attempt this myself, although if you have the knowledge, skills, time and CPU to do this, I would certainly like to hear from you!
The Internal Hack
Next step is to physically disassemble the T-Box and look for serial connections that might be the console – sure, we might still need to run a password brute force attack to get the root password, but it gives us a chance, right? Unfortunately, this option appears to have been thought of too – while you can find what appears to be a console serial port and it even shows some basic boot-up information, it’s rather quickly disabled in the boot process, and there is no getty running on it, so no login is possible. Sigh.
The End, then?
It might seem that the above means all hope is lost and you are stuck. But does it? What else could we possibly do? Well, the T-Box is quite “chatty” over it’s network connection. It downloads Telstra’s tailored EPG, it lets you view a limited number of Video on Demand services (all Telstra ones, of course), it lets you download movies and TV shows on a rental basis amongst other things. These converstions do not, for the most part appear to be encrypted. Even better, they appear to be standards based – XML and other such standards and protocols are employed. The door, then, is ajar. We may not be able to modify the T-Box itself, but we can lie to it over the network.
My history with the T-Box
I had one of these early on, and actually created such a system to allow local media injection into the Video-on-Demand menu – this was prior to Telstra putting the “My Media” option in place.
After several dead T-Boxes (I think the power supplies blew up) over several months, I had a dummy spit and told Telstra they could cancel the service. Now, several PVR’s and media players later, I have caved in and purchased a second hand T-Box outright from EBay – frankly, the user interface is intuitively simple, the box works well etc. So, back to the grindstone with new the firmware…
I already have published the VoD injector scripts at lie2tbox.weebly.com – over the next few weeks, I’ll be moving that here. Over the next months (at least!) I’ll also be documenting my attempts to inject EPG info, IPTV channels and so on.
If you use this and have any comments or suggestions, or if you would like to help create this system, please do let me know!
That’s all for now.
My TBox hasn’t arrived yet, and life grows ever busier, but still we will get there…