Home > Computer/ Tech Related > Hacking Around with FiOS’ Motorola Set Top Boxes

Hacking Around with FiOS’ Motorola Set Top Boxes

March 27th, 2010 3:00pm Leave a comment

I apologize for this extremely technical post. If you don’t understand technology, go read something else. Otherwise…

I am a very nosy person when it comes to my home network (must be the admin in me). I looked in the router and noticed an automatic port forwarding rule was added, forwarding any TCP traffic to (which is my set top box). When accessed from a browser, I get a Motorola login prompt, but have no idea what the password is. If anyone knows, throw it in the comments. So there is a web based interface to the STB which I can’t access. Interesting.

So Verizon has an Android App that controls my DVR from on the go. Apparently, it authorizes with the box  using a pin and the cell phone number, and then is able to connect to the home network and schedule a recording.  Which gave me an idea…

If I ARP poison my router and do a man in the middle attack, I could essentially packet sniff traffic coming to the router and passing to the box. So I set that up and then sent a command to DVR something from my phone. No dice – Verizon uses SSL certificates and it knew something was bonked, so I couldn’t even communicate with the DVR from my phone. Very cool, how they’re using SSL – it keeps people like me (or real hackers) from sniffing my own traffic.

There was a ton of UDP traffic and here are some interesting things I pulled out of the packet sniffer:

  • User Agent of something (maybe the STB): Mozilla/4.0 (compatible; AP:Fios-Mercury/09.97; PL: Motorola-DCT/23.51; BX:### UA: ##### U; en-US)
  • Yeah, most of the rest of it is useless…

I’m sure I can get some Defcon guys to break in, I’m just not that good. And now, back to doing nothing.

Categories: Computer/ Tech Related Tags:
  1. Hodie
    June 5th, 2011 at 03:35 | #1

    use sslstrip

  2. trump6
    April 12th, 2014 at 15:42 | #2

    A page on the web interface for the verizon router says “password” for the set top box is 99999999988888888. Tried it, and with a few logical user names, but nothing.

You must be logged in to post a comment.