Skip to content
This repository

Software for controlling FiOS HD STB's via an IP Network, Code Name: VAG202

branch: master
Octocat-spinner-32 COPYING readme and license updates June 27, 2010
Octocat-spinner-32 README Slight Wording Improvement June 30, 2010
Octocat-spinner-32 README_TECHNICAL
Octocat-spinner-32 connecting.png it keeps talking to me May 29, 2010
Octocat-spinner-32 connecting_blank.png
Octocat-spinner-32 connecting_pwning.png
Octocat-spinner-32 connectlog1.txt stays connected remote and crazy select design June 10, 2010
Octocat-spinner-32 connectlog2.txt stays connected remote and crazy select design June 10, 2010
Octocat-spinner-32 connectlog3.txt stays connected remote and crazy select design June 10, 2010
Octocat-spinner-32 fiostv_database_data.sql generic sql for data June 23, 2010
Octocat-spinner-32 getacode.rb readme and license updates June 27, 2010
Octocat-spinner-32 goggles.png more work and stuff June 13, 2010
Octocat-spinner-32 mobileremote.map remote web server pre aplha June 10, 2010
Octocat-spinner-32 mobileremote.png remote web server pre aplha June 10, 2010
Octocat-spinner-32 packet_log_of_successfull_connection_with_fios_mobile_remote.txt new work June 08, 2010
Octocat-spinner-32 real_remote.png remote web server pre aplha June 10, 2010
Octocat-spinner-32 remote-buttoncodes.txt readme and license updates June 27, 2010
Octocat-spinner-32 remote.rb readme and license updates June 27, 2010
Octocat-spinner-32 remote_console.rb updated tech readme June 27, 2010
Octocat-spinner-32 remote_console_exp.rb readme and license updates June 27, 2010
Octocat-spinner-32 remote_console_exp_prehash.rb readme and license updates June 27, 2010
Octocat-spinner-32 remote_crazy.rb readme and license updates June 27, 2010
Octocat-spinner-32 remote_server.rb readme and license updates June 27, 2010
Octocat-spinner-32 remote_staysconnected.rb readme and license updates June 27, 2010
Octocat-spinner-32 search_vhashdb.rb readme and license updates June 27, 2010
Octocat-spinner-32 search_vhashdb2.rb readme and license updates June 27, 2010
Octocat-spinner-32 search_vhashdb_by_input.rb readme and license updates June 27, 2010
Octocat-spinner-32 stb.rb readme and license updates June 27, 2010
Octocat-spinner-32 stb_getcodes.rb readme and license updates June 27, 2010
Octocat-spinner-32 test_vhashdb.rb readme and license updates June 27, 2010
Octocat-spinner-32 timecode_vhashes.txt acquisition of time based hashes June 08, 2010
Octocat-spinner-32 udp.rb minor fixes May 29, 2010
Octocat-spinner-32 udp2.rb new work June 08, 2010
Octocat-spinner-32 vhash.rb more infor in vhash.rb June 23, 2010
Octocat-spinner-32 vhash2test.rb
README
FiOS TV HD STB Network Control Project - This is BIG!
-----------------------------------------------------


# # # ::: QUICK INFO

Project Code Name: VAG202

This projects purpose to to show how a Verizon FiOS HD STB can be 
controlled via a computer or any other device via a network. It is 
a result of reverse engineering the Verizon FiOS Mobile Remote App
for Android. Its currently only usable by advanced technical users,
but its intent is to be used as a source of information to build its 
functionality into other open source programs. 


# # # ::: CALL FOR HELP - NEED FOR ALPHA GEEKS LINUX OPEN SOURCE FOLKS AND CODERS

Today is June 27, 2010 the protocol has been reversed since June 10, 2010.
However its not done anyone but me any good because, there is a lack of testers
and developers to help and test and work on this stuff. Without additional testing
noone good will come of all this effort. Except for the acedemic exercise of reversing 
the protocol. Please come to #fiostv on freenode irc to help. or fork me.


# # # ::: RESOURCE AND ASSET ASSISTANCE

Reversing this protocol was very difficult and tedious.. highly technical and challenging to
say the least. If you are person looking to contribute to this project or other projects, I'd 
love to talk to you. I am interested in hacking things both technical and biological. My other 
interests include evolutionary and developmental biology, tissue regeneration and synthetic 
organisms, I'd love to work on such things, but I'm a poor code monkey and stuck working on 
real estate websites for corporate relocation. 
 

# # # - - - ::: Background - Yadda Yadda skip this section

Verizon is a interesting name, it has no official meaning, but it makes
me think of vertical horizon, maybe if somehow you could cut into the air
you could see all of the data traveling through it. I suppose they came
out of some mergers and such, I'm not a historian, but I do remember when
I was a kid we had bell atlantic and that disappeared into the ether.
Verizon wireless is another matter, around 2005 it was beginning to
become mandatory everyone have a cellphone, or you were simply a recluse.
I held out until 2007 personally. I hated the cellphones at the time, and
verizon had some stinkers, the main problem was the software.. Verizon
'get it now' enabled you to pay two dollars for a ringtone or even more
for a shitty snake game, what a nightmare. I hated that crap, I got the
lowest phone possible in 2007 and waited for linux to take over the world
as it most certainly will. Well it looks like Verizon used all those
ringtone buying fools money wisely, and upgraded there network
constantly. Then I guess sometime in 2009 they decided, enough horse
shit, lets take this to the next level, finally in November the Droid was
released. The perfect child of open source hackers and cut throat
corporate suits. Meanwhile back in the day on land, DSL came into
existence and sucked immensely to no ones surprise, better than that 33.6
modem tho. Then FiOS comes along, fuck yeah, thats the way to do it. But
damn its only available in the rich part of some area I don't live. (This
is still an issue.) Fast forward to early 2010 and Verizon releases a
mobile app that lets you control the television using you phone. Yes. Can
you hear me now? The droid isn't so much a phone as it is a mobile
computer with phone capabilities, and of course it should control the TV,
and let you in the door and start the car and the whole nine yards. Three
screens and a cloud.. who said that? Wait that other screen, the
computer, it should be able to control the tv too, and via a IP network,
not some rig up with an IR Blaster, are you kidding me? Maybe the
computer could change the channel on a schedule. Perhaps it could change
the channel on every TV in the house at the same time. Maybe it could use
information from a social network to determine when commercials were on
and mute the TV. Maybe during commercials you could switch channels but
then the computer switches back to moment the show returns. Maybe you
could subscribe to someone else's viewing habits so your channel is
synced to there channel. Maybe your just a worn out person falling down
on the couch after a long day of talking on your verizon wireless phone
and checking facebook, you don't know what you want to watch but you want
to be entertained, so the computer cycles through your favorite channels
until you tell it to stop. Whatever the use-case is, obviously your
mobile computer and computer should be able to control the TV, and
control it over an IP network.

The Verizon FiOS mobile remote is pretty neat, it lets you do all the
normal functions of the remote, it lets you send photos from your mobile
to the tv screen instantly (with a 4 second lag of course), and it lets
you set favorites by creating a custom icon based menu with the logos of
your favorite channels. Did I mention that I thought the idea of 'channel
numbers' seems pretty out dated with 2000 channels? Shouldn't we browse
by tag or category or anything but numbers? The software is a lil bit
clunky in some senses tho, it doesn't work in landscape mode, its
interface on android is a bit nonstandard.. and it uses some kind of
bizarre network protocol that looks like something a news station control
center would have used in the early nineties.

The network protocol used by the FiOS mobile remote to control the STB's
(HD only, for some reason.) is binary and not plaintext or xml or
anything sensible. Its connection process is somewhat backwards and it
has several security mechanisms, however it is not encrypted. One would
have to stay up all night long for many nights in some kind of drug
induced frenzy staring at hex codes from sniffed packets, trying to find
correlation's and patterns in order to crack it. Well something along
those lines happened.


# # # - - - ::: Current Situation

The protocol from the FiOS Mobile Remote Application has been reverse
engineered, and I am able to control my TV from my computer via IP
network without any requirement of the FiOS mobile remote application.
However the set of security codes maybe unique to each box, thats really
not a problem as the way to crack it is the same, its just a matter of
determining what its necessary to get a fresh STB talking to the
computer.

I am a Ruby and C developer, and I used arpspoof, wireshark, my brain to
reverse the protocol. I wrote ruby programs that connect to the STB
pretending to be mobile remote and programs that let the mobile remote
connect to them pretending to be a STB.

The code is currently somewhat of a rats nest, and there is several
implementations of the same thing. The idea is here is just to get
something up and working reliably and then someone can write a standard
library in whatever language they choose.


# # # - - - ::: Questions we want to answer from this testing

1) What is possible before installing the FiOS mobile remote widget? Is
this a service on the box that is always on? 2) Is there some kind of pin
number in the initial set up process? I can't recall... 3) Is this thing
running on the STB written in LUA using the SDK that Verizon will maybe
possibly be releasing for FiOS STBs? 4) Are the security codes the same
for each box?

# # # - - - ::: Future issues

Verizon could change the protocol or patch all the security issues at any
time. I think this is unlikely because of the nature of the strange
protocol, and I think fixing it would require a complete rewrite of the
STB, android and iphone apps. Who knows tho.

If someone from Verizon ever reads this, just open the protocol, and have
it use some standard security such as um.. a password? Just to prevent
virus writers and nefarious folk from causing a ruckus. Having the mobile
or home computer or laptop be able to control the TV is the future, and
you know it, keeping the protocol proprietary is just old thinking, more
money and fun is in the open.


# # # - - - ::: Technical

SEE README_TECHNICAL


# # # - - - ::: FAQ 


Q) What does this have to do with MythTV? 
A) Nothing yet, these programs are completely independent from anything else at this time, however 
once the protocol and initial connection process is better understood, a standard library, and standard 
toolkit can be built that MythTV and any other program could then use to control the STB's

Q) WTF are FiOS TV Widgets and how do they relate to this?
A) FiOS TV Widgets are like apps for your STB, they use the same clunky interface as the menu system, 
they do things like show you twitter messages, weather, or help you shop on HSN. They are probably 
written in the LUA language. Verizon is seemingly going to open up widget development with a SDK, 
but they have not done so yet. The normal set up sequence of the FiOS mobile remote involves activating 
a mobile remote widget.

https://www22.verizon.com/fiosdeveloper/General/FiosDevCenterExt.aspx

Q) What is a good reason Verizon Sucks?
A) They charged me $70 of overage for calling a Verizion FiOS landline from a Verizon Wireless Cell Phone.

# # # - - - ::: CONTACT

#fiostv on FREENODE irc, you can get to this chat room by going to this web page:

http://webchat.freenode.net/?nick=fiosguy&channels=#fiostv
 
or using an IRC program

My nick is oneman or rawdod

http://industrialstrengthinc.com
http://rawdod.com

r - a wdod AT gee mail dot com   (remove the spaces and dashes change gee mail to gmail and AT to @)

David Richards

# # # - - - ::: LEGAL 

This code was created by hand from analyzing the in the clear packet transmissions of the verizon fios mobile remote.
No part of the code is owned or created by verizon. With the exception of the 'connecting.png' image which is a peice
of crap anyway, and if THIS IS A BiG DEAL then I will remove it.

Reverse engineering for purposes of interoperability is a protected right under the DMCA. 

Atleast I think it is, im not a fucking god damn lawyer. 

The Program itself 'VAG202' is licensed under the GPL version 3. If you want to give me some money I can release 
a version to you under a different license or do some other work for you. If you take the code and use
it in your own program and don't release the source code, yet relese to the program to anyone but yourself,
then your a massive dick. If your just screwing around with it, thats fine, but if you learn something, do share.
If you double reverse engineer the protocol by reading this code and writing your own code then im not sure 
your in any kind of violation, but I still think you should give me some money. 

Verizon FiOS, This is BiG, Verizon Wireless are trademarks of Verizon Megacorp Inc. Used in fairness.

      Permission is granted to copy, distribute and/or modify this
      document under the terms of the GNU Free Documentation License,
      Version 1.3 or any later version published by the Free Software
      Foundation; with no Invariant Sections, no Front-Cover Texts and
      no Back-Cover Texts.  A copy of the license is included in the
      section entitled "GNU Free Documentation License".


# # # - - - ::: MEDICAL


USE OF THIS PROGRAM OR READING OF THIS DOCUMENT IS CONSIDERED BUT NOT PROVEN SAFE WITH MOST MEDICATIONS
POSSIBLE SIDE EFFECTS INCLUDE: NAUSEA AND VOMITING, RAPID BEARD GROWTH AND COCKEYE. IF THESE SYMPTOMS 
PERSIST OR ARE BOTHERSOME DISCONTUNINUE USE AND CONSULT YOUR LOCAL RASTAFARIAN
Something went wrong with that request. Please try again.