Joined
·
6,970 Posts
These instructions were just emailed to me! I don't know if they will work or not, maybe some of you 721 modders from Slashdot will be able to tell.
If you do this you do so on your own will, DBSTalk.COM and myself will not be held responsable for any damage you may do to your 721.
Enjoy!
HOWTO_Dish721WebSvr
HOWTO: Install a Web Server on Your Dish Network PVR-721
August 2002
INTRODUCTION
Ever wanted to run a Web server on your Dish Network PVR-721? This document describes one method of doing so. If you have physical access to a PVR-721, a Linux-based PC, and a USB-to-Ethernet adapter, you can make your PVR-721 serve up HTML while you watch your favorite shows. The technique described in this document is pretty safe. It doesn't require permanent physical changes to the PVR-721, nor does it require you to break any "warranty stickers" on your PVR-721.
REQUIREMENTS
You'll need a few things before you get started.
1. Dish Network PVR-721 with system software revision 102 or earlier
2. Spare Linux desktop PC with:
a. Kernel 2.4.x
b. XFS support - Highly recommend SGI XFS Installer paired with RedHat 7.3
c. Available IDE connection (master or slave, primary or secondary)
3. Rough working knowledge of Linux administration from the command line
4. USB-to-Ethernet adapter
5. Secure Local Area Network (firewalled at minimum)
6. Separate PC with telnet client and Web browser
If you don't meet all the requirements, you'll need to get creative. Creativity is beyond the scope of this document.
SWAP THE DRIVE OVER
First you'll need to attach the PVR-721's hard drive to a Linux PC so you can copy files to it. Since you won't want to break the "warranty sticker" preventing you from removing the PVR-721's hard drive, you'll want to put the PVR-721 very close to the Linux PC. Here are step-by-step instructions:
1. Power down the Linux PC, remove its cover, and locate the IDE cable and an extra hard drive power cable
2. Power down the PVR-721 (pull power plug), remove its cover, place it near the Linux PC, and locate the hard drive
3. Warning: be very careful not to touch the power supply which is located opposite the hard drive; it is not enclosed, and might shock you
4. Remove the IDE cable and power cable from the PVR-721's hard drive
5. Attach the Linux PC's IDE cable and power cable to the PVR-721's hard drive
Now you can access the PVR-721's hard drive from the Linux PC. It sounds kinda scary, but it's not that bad.
Troubleshooting: If your system can't find the 721's drive, try isolating it as the master drive on the secondary IDE channel. That would make it /dev/hdc in Linux.
MOUNT THE XFS FILESYSTEMS
Create the mount points first.
mkdir /mnt/video; mkdir /mnt/root; mkdir /mnt/next_root; mkdir /mnt/download
I added these lines to /etc/fstab, but you can mount them manually if you want.
/dev/hdc1 /mnt/download xfs defaults,noatime,nodiratime 0 0
/dev/hdc5 /mnt/root xfs defaults,noatime,nodiratime 1 1
/dev/hdc6 /mnt/next_root xfs defaults,noatime,nodiratime 0 0
/dev/hdc8 /mnt/video xfs defaults,noatime,nodiratime 0 0
Once added to fstab, use "mount -a" to auto mount everything.
Bear in mind that hdc5 and hdc6 are interchangeable. The PVR-721 is using one as the root device now, and the other one will be used for the next software update. So you may have to look at the /Download.Version text file to see which partition is running the latest version. Mount that one in the /mnt/root directory.
INSTALL THE WEB SERVER
Next you'll edit some configuration files on the PVR-721, enabling you to start the Web server.
Edit the /mnt/root/etc/crontab file, and add these lines. They refer to some scripts that you'll have to put in place in a later step.
0-59/10 * * * * root /bin/echo 1 > /dev/connectled
5-55/10 * * * * root /bin/echo 0 > /dev/connectled
1,31 * * * * root /sbin/syslogd >> /mnt/video/syslogd-out 2>&1
2,32 * * * * root /sbin/klogd >> /mnt/video/syslogd-out 2>&1
0-50/10 * * * * root /sbin/ifconfig eth0 192.168.1.99 netmask 255.255.255.0 broadcast 192.168.1.255 >> /mnt/video/ifconfig-out 2>&1
1-51/10 * * * * root (cd /; /usr/bin/python /mnt/video/python-bash.py >> /mnt/video/python-bash.log 2>&1 )
2-52/10 * * * * root (cd /; /usr/bin/python /mnt/video/telnetd-wrapper.py >> /mnt/video/telnetd-wrapper.log 2>&1 )
3-53/10 * * * * root (cd /; /usr/bin/python /mnt/video/pythonshell.py >> /mnt/video/pythonshell.log 2>&1 )
4-54/10 * * * * root (cd /; /usr/bin/python /usr/lib/python1.5/CGIHTTPServer.py >> /mnt/video/http.log 2>&1 )
Notes on crontab:
1. Replace the ifconfig line with the static IP address that you'd like the PVR-721 to use.
2. We send all output to debug log files on the data partition. Either send it to log files or send to /dev/null, so it doesn't fill up root's mail file.
3. We start syslogd and klogd for fun. These are optional. The PVR-721's startup scripts start them and then kill those processes because they apparently caused some issues. We like to see the debug info.
4. The echo lines will blink the Message LED every 5 minutes, to indicate CRON is still working.
5. The PVR-721's system clock is in GMT, so scheduling events to run at certain hours of the day takes some math. /mnt/root/var/cron/log helps debug time problems.
Now place the files python-bash.py, telnetd-wrapper.py, and pythonshell.py in the /mnt/video directory. These files have been included at the end of this document. [NOTE: These files have been omitted from this post due to potential copyright problems. You can download the original script source from http://itamarst.org/software/. Look for backdoor.py. Sorry for the inconvenience.]
pythonshell.py: This listens on port 8023. If you telnet to it, it will open up a Python interpreter shell. Quite handy.
telnetd-wrapper.py: This listens on port 23. This is the middle-man between your telnet client and a bash shell. It's really ugly. Basically it reconnects you to 8024, which has python-bash.py running on it. But the middle man strips out carriage returns. It's ugly, but it's the best we've got so far. We're looking for help here getting Twisted's Python Telnet Daemon or SSH daemon working. Their Telnetd opens a python shell, but it could be hacked to give us bash instead.
python-bash.py: This listens on port 8024, it only helps telnetd-wrapper.py. Also note that these two processes quit after you exit from the telnet session. But cron starts them again within 10 minutes.
Place the index.html from below into the /mnt/root directory.
Edit the /mnt/root /usr/DP721/system/Hannibal.ini file. Find the stanza about BreakOut Game, and make it look like this:
#### BreakOut Game
[BreakOut]
uid = 0
gid = 0
exe = /usr/sbin/cron
foreign = 1
start_delay = -1
restart = 0
Why launch cron from the LBreakout game? Annoyingly, the DishLinux crond startup script sleeps for 4 hours before cron is started up.
At this point you may wish to nose around. Feel free. You may look, but don't touch. Any changes you make to startup scripts or binary executables will be detected by the PVR-721 the next time it boots. It will display a "bad hard drive" error message, and reinstall itself, wiping the slate clean (so to speak). Not only will you lose your changes, you'll lose any previously recorded programs. On the bright side, you don't have to worry about permanently damaging the PVR-721 - if you mess it up, it automagically heals itself. A nifty feature, huh?
SWAP THE DRIVE BACK
When you're through nosing around, unmount the PVR-721's boot partition and shutdown the Linux PC. Power it down, and swap the hard drive back. Step-by-step:
1. Shut down the Linux PC with "/sbin/shutdown -hf now"
2. Make sure the Linux PC is powered off
3. Unplug the Linux PC's IDE cable and hard drive cable from the PVR-721
4. Plug the PVR-721's IDE cable and hard drive cable into the PVR-721's hard drive
5. Plug in the USB-to-Ethernet adaptor and network cable.
6. Boot the PVR-721
Your PVR-721 should boot normally; you won't be able to see anything different, except that the link light on your USB-to-Ethernet adapter will illuminate.
START THE WEB SERVER
Now you'll want to start the Web server by playing the LBreakout game on the PVR-721. No, that's no joke. We've secretly replaced the LBreakout game with the cron daemon, which launches the Web server. Sneaky, huh? You'll know it's worked when the "Online" LED on the PVR-721's front panel illuminates. Here are step-by-step instructions:
1. Access the main menu of the PVR-721's user interface
2. Navigate to the "Games" menu
3. Press "Select" to start the LBreakout game
4. Notice that the game doesn't actually start; instead, the cron daemon starts up.
5. Within 10 minutes, the "Online" LED will illuminate on the front panel.
6. Now turn to a computer with a Web browser (any computer on the LAN will do)
7. Point the Web browser at the PVR-721's new home page:
a. http://ipaddress:8000/index.html
8. Verify that you can access the PVR-721's filesystem via the Web server
a. Click the "Echostar" link under the "Proc Filesystem" heading
Congratulations, you did it. You're running a Web server on your Dish Network PVR-721. What's next? It's up to you.
If you're feeling adventurous, try connecting to the telnet server on port 23. It's not a real telnet server, so it won't work exactly like you'd expect, but it provides some functionality.
A WORD OF CAUTION
The PVR-721's filesystem is protected by two security mechanisms, the boot-time "auto-reinstall" mechanism mentioned above, and a "secure loader."
At boot time, the auto-install mechanism checks the disk for validity. It examines each executable (binary or shell script) required for startup. If it finds any changes to those files, it assumes the disk is invalid and reinstalls the operating system from a standby boot partition.
At run time, the secure loader examines executables as they are loaded. If it detects any changes to the executable, it refuses to load it. It's safe to change configuration files (e.g. crontab), and to run the executables that shipped with DishLinux, but "foreign" executables aren't permitted to run. Fortunately DishLinux ships with Python 1.5 support. Python scripts aren't subject to the secure loader.
For details of our research into PVR-721 security and speculation on the implementation details of these security mechanisms, check out our paper on the subject.
If you do this you do so on your own will, DBSTalk.COM and myself will not be held responsable for any damage you may do to your 721.
Enjoy!
HOWTO_Dish721WebSvr
HOWTO: Install a Web Server on Your Dish Network PVR-721
August 2002
INTRODUCTION
Ever wanted to run a Web server on your Dish Network PVR-721? This document describes one method of doing so. If you have physical access to a PVR-721, a Linux-based PC, and a USB-to-Ethernet adapter, you can make your PVR-721 serve up HTML while you watch your favorite shows. The technique described in this document is pretty safe. It doesn't require permanent physical changes to the PVR-721, nor does it require you to break any "warranty stickers" on your PVR-721.
REQUIREMENTS
You'll need a few things before you get started.
1. Dish Network PVR-721 with system software revision 102 or earlier
2. Spare Linux desktop PC with:
a. Kernel 2.4.x
b. XFS support - Highly recommend SGI XFS Installer paired with RedHat 7.3
c. Available IDE connection (master or slave, primary or secondary)
3. Rough working knowledge of Linux administration from the command line
4. USB-to-Ethernet adapter
5. Secure Local Area Network (firewalled at minimum)
6. Separate PC with telnet client and Web browser
If you don't meet all the requirements, you'll need to get creative. Creativity is beyond the scope of this document.
SWAP THE DRIVE OVER
First you'll need to attach the PVR-721's hard drive to a Linux PC so you can copy files to it. Since you won't want to break the "warranty sticker" preventing you from removing the PVR-721's hard drive, you'll want to put the PVR-721 very close to the Linux PC. Here are step-by-step instructions:
1. Power down the Linux PC, remove its cover, and locate the IDE cable and an extra hard drive power cable
2. Power down the PVR-721 (pull power plug), remove its cover, place it near the Linux PC, and locate the hard drive
3. Warning: be very careful not to touch the power supply which is located opposite the hard drive; it is not enclosed, and might shock you
4. Remove the IDE cable and power cable from the PVR-721's hard drive
5. Attach the Linux PC's IDE cable and power cable to the PVR-721's hard drive
Now you can access the PVR-721's hard drive from the Linux PC. It sounds kinda scary, but it's not that bad.
Troubleshooting: If your system can't find the 721's drive, try isolating it as the master drive on the secondary IDE channel. That would make it /dev/hdc in Linux.
MOUNT THE XFS FILESYSTEMS
Create the mount points first.
mkdir /mnt/video; mkdir /mnt/root; mkdir /mnt/next_root; mkdir /mnt/download
I added these lines to /etc/fstab, but you can mount them manually if you want.
/dev/hdc1 /mnt/download xfs defaults,noatime,nodiratime 0 0
/dev/hdc5 /mnt/root xfs defaults,noatime,nodiratime 1 1
/dev/hdc6 /mnt/next_root xfs defaults,noatime,nodiratime 0 0
/dev/hdc8 /mnt/video xfs defaults,noatime,nodiratime 0 0
Once added to fstab, use "mount -a" to auto mount everything.
Bear in mind that hdc5 and hdc6 are interchangeable. The PVR-721 is using one as the root device now, and the other one will be used for the next software update. So you may have to look at the /Download.Version text file to see which partition is running the latest version. Mount that one in the /mnt/root directory.
INSTALL THE WEB SERVER
Next you'll edit some configuration files on the PVR-721, enabling you to start the Web server.
Edit the /mnt/root/etc/crontab file, and add these lines. They refer to some scripts that you'll have to put in place in a later step.
0-59/10 * * * * root /bin/echo 1 > /dev/connectled
5-55/10 * * * * root /bin/echo 0 > /dev/connectled
1,31 * * * * root /sbin/syslogd >> /mnt/video/syslogd-out 2>&1
2,32 * * * * root /sbin/klogd >> /mnt/video/syslogd-out 2>&1
0-50/10 * * * * root /sbin/ifconfig eth0 192.168.1.99 netmask 255.255.255.0 broadcast 192.168.1.255 >> /mnt/video/ifconfig-out 2>&1
1-51/10 * * * * root (cd /; /usr/bin/python /mnt/video/python-bash.py >> /mnt/video/python-bash.log 2>&1 )
2-52/10 * * * * root (cd /; /usr/bin/python /mnt/video/telnetd-wrapper.py >> /mnt/video/telnetd-wrapper.log 2>&1 )
3-53/10 * * * * root (cd /; /usr/bin/python /mnt/video/pythonshell.py >> /mnt/video/pythonshell.log 2>&1 )
4-54/10 * * * * root (cd /; /usr/bin/python /usr/lib/python1.5/CGIHTTPServer.py >> /mnt/video/http.log 2>&1 )
Notes on crontab:
1. Replace the ifconfig line with the static IP address that you'd like the PVR-721 to use.
2. We send all output to debug log files on the data partition. Either send it to log files or send to /dev/null, so it doesn't fill up root's mail file.
3. We start syslogd and klogd for fun. These are optional. The PVR-721's startup scripts start them and then kill those processes because they apparently caused some issues. We like to see the debug info.
4. The echo lines will blink the Message LED every 5 minutes, to indicate CRON is still working.
5. The PVR-721's system clock is in GMT, so scheduling events to run at certain hours of the day takes some math. /mnt/root/var/cron/log helps debug time problems.
Now place the files python-bash.py, telnetd-wrapper.py, and pythonshell.py in the /mnt/video directory. These files have been included at the end of this document. [NOTE: These files have been omitted from this post due to potential copyright problems. You can download the original script source from http://itamarst.org/software/. Look for backdoor.py. Sorry for the inconvenience.]
pythonshell.py: This listens on port 8023. If you telnet to it, it will open up a Python interpreter shell. Quite handy.
telnetd-wrapper.py: This listens on port 23. This is the middle-man between your telnet client and a bash shell. It's really ugly. Basically it reconnects you to 8024, which has python-bash.py running on it. But the middle man strips out carriage returns. It's ugly, but it's the best we've got so far. We're looking for help here getting Twisted's Python Telnet Daemon or SSH daemon working. Their Telnetd opens a python shell, but it could be hacked to give us bash instead.
python-bash.py: This listens on port 8024, it only helps telnetd-wrapper.py. Also note that these two processes quit after you exit from the telnet session. But cron starts them again within 10 minutes.
Place the index.html from below into the /mnt/root directory.
Edit the /mnt/root /usr/DP721/system/Hannibal.ini file. Find the stanza about BreakOut Game, and make it look like this:
#### BreakOut Game
[BreakOut]
uid = 0
gid = 0
exe = /usr/sbin/cron
foreign = 1
start_delay = -1
restart = 0
Why launch cron from the LBreakout game? Annoyingly, the DishLinux crond startup script sleeps for 4 hours before cron is started up.
At this point you may wish to nose around. Feel free. You may look, but don't touch. Any changes you make to startup scripts or binary executables will be detected by the PVR-721 the next time it boots. It will display a "bad hard drive" error message, and reinstall itself, wiping the slate clean (so to speak). Not only will you lose your changes, you'll lose any previously recorded programs. On the bright side, you don't have to worry about permanently damaging the PVR-721 - if you mess it up, it automagically heals itself. A nifty feature, huh?
SWAP THE DRIVE BACK
When you're through nosing around, unmount the PVR-721's boot partition and shutdown the Linux PC. Power it down, and swap the hard drive back. Step-by-step:
1. Shut down the Linux PC with "/sbin/shutdown -hf now"
2. Make sure the Linux PC is powered off
3. Unplug the Linux PC's IDE cable and hard drive cable from the PVR-721
4. Plug the PVR-721's IDE cable and hard drive cable into the PVR-721's hard drive
5. Plug in the USB-to-Ethernet adaptor and network cable.
6. Boot the PVR-721
Your PVR-721 should boot normally; you won't be able to see anything different, except that the link light on your USB-to-Ethernet adapter will illuminate.
START THE WEB SERVER
Now you'll want to start the Web server by playing the LBreakout game on the PVR-721. No, that's no joke. We've secretly replaced the LBreakout game with the cron daemon, which launches the Web server. Sneaky, huh? You'll know it's worked when the "Online" LED on the PVR-721's front panel illuminates. Here are step-by-step instructions:
1. Access the main menu of the PVR-721's user interface
2. Navigate to the "Games" menu
3. Press "Select" to start the LBreakout game
4. Notice that the game doesn't actually start; instead, the cron daemon starts up.
5. Within 10 minutes, the "Online" LED will illuminate on the front panel.
6. Now turn to a computer with a Web browser (any computer on the LAN will do)
7. Point the Web browser at the PVR-721's new home page:
a. http://ipaddress:8000/index.html
8. Verify that you can access the PVR-721's filesystem via the Web server
a. Click the "Echostar" link under the "Proc Filesystem" heading
Congratulations, you did it. You're running a Web server on your Dish Network PVR-721. What's next? It's up to you.
If you're feeling adventurous, try connecting to the telnet server on port 23. It's not a real telnet server, so it won't work exactly like you'd expect, but it provides some functionality.
A WORD OF CAUTION
The PVR-721's filesystem is protected by two security mechanisms, the boot-time "auto-reinstall" mechanism mentioned above, and a "secure loader."
At boot time, the auto-install mechanism checks the disk for validity. It examines each executable (binary or shell script) required for startup. If it finds any changes to those files, it assumes the disk is invalid and reinstalls the operating system from a standby boot partition.
At run time, the secure loader examines executables as they are loaded. If it detects any changes to the executable, it refuses to load it. It's safe to change configuration files (e.g. crontab), and to run the executables that shipped with DishLinux, but "foreign" executables aren't permitted to run. Fortunately DishLinux ships with Python 1.5 support. Python scripts aren't subject to the secure loader.
For details of our research into PVR-721 security and speculation on the implementation details of these security mechanisms, check out our paper on the subject.
