DMP-BDT230​​

From Exploitee.rs
Revision as of 01:22, 7 February 2016 by Resno (talk | contribs) (Text replacement - "gtvcom-20" to "exploiteers-20")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

"Although the information we release has been verified and shown to work to the best our knowledge, we cant be held accountable for bricked devices or roots gone wrong."

Panasonic-DMP-BDT230.jpg

This page will be dedicated to a general overview, descriptions, and information related to the Panasonic DMP-BDT230​​ Blu-Ray player.

Purchase

Buying devices is expensive and, in a lot of cases our testing leads to bricked equipment. If you would like to help support our group, site, and research please use one of the links below to purchase your next device. Purchase the Panasonic DMP-BDT230​​ Blu-Ray Player at Amazon

UART

The pin-out for UART can be found on the image below.

Disassembly

config_file.txt and config_file_global.txt

This Blu-Ray player uses a form of binary config files, to modify and parse this we have created the following tools.

  • [parse_config.py] - Parses config files and gives a position that can be used to modify with edit_config.sh
  • [edit_config.sh] - Modifies a config_file.txt or config_file_global.txt file based on a position and value.


Network Drive Folder Name Command Injection

There is a command sanitization bug within the Network Share "folder name" field. When adding a network share a user is able to use a special syntax to execute root commands on the device.

  1. Click home to go to the main menu
  2. Hit up on the remotes arrow pad to take you to the "Network" menu
  3. Press Left on the remotes arrow pad to take you to the "Network Drive" menu.
  4. Press Up, left, OR right to take you to any of the available types ("Music", "Photos", "Videos")
  5. Choose "Add a network drive"
  6. Enter in any IP Address (EX: 127.0.0.1)
  7. Enter in the command you want to execute within the "Shared Folder Name" field in the following format $(COMMANDHERE). (EX: $(reboot) )
  8. Enter in any "User ID"
  9. Enter in any "Password" (EX: a)
  10. Click "Connect"