Category: Testing

QA & Testing procedure, software and more.

Posted on by Jean-Luc Aufranc (CNXSoft) - 4 Comments on Hacking ARM TrustZone / Secure Boot on Amlogic S905 SoC

Hacking ARM TrustZone / Secure Boot on Amlogic S905 SoC

Amlogic S905 processor used in many Android TV boxes and ODROID-C2 development board implements ARM TrustZone security extensions to run a Trusted Execution Environment (TEE) used for DRM & other security features. However, Frédéric Basse, a security engineer, worked with others and managed to bypass secure boot in one Amlogic S905 powered Android TV box, namely Inphic i7, but any other device based on the processor would have made the same thing possible. He explains the steps they went through and how they managed to exploit vulnerability to bypass secure boot in a detailed technical blog post. They first started by looking for info in Amlogic S905 datasheet, but most info about TrustZone had been removed from the public version. So not that much help here except a potential address for BOM Root (ROMBOOT_START   0xD9040000). The next step was to connect the UART pins in order to access the […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 45 Comments on Routers, IP Cameras/Phones & IoT Devices can be Security Risks even with the Latest Firmware, and a Strong Admin Password

Routers, IP Cameras/Phones & IoT Devices can be Security Risks even with the Latest Firmware, and a Strong Admin Password

ZTE-ZXHN-F600W

I’ve just read an interesting article entitled “who makes the IoT things under attack“, explaining that devices connected to the Internet such as router, IP cameras, IP Phones, etc.. may be used by Botnet to launch DDoS attacks, and they do so using the default username and password. So you may think once you’ve updated the firmware when available, and changes the default admin/admin in the user interface, you’d be relatively safe. You’d be wrong, because the malware mentioned in the article, Mirai, uses Telnet or SSH trying a bunch of default username and password. That made me curious, so I scanned the ports on my TP-Link wireless router and ZTE ZXHN F600W fiber-to-the-home GPON modem pictured below, and installed by my Internet provider, the biggest in the country I live, so there may be hundred of thousands or millions of such modems in the country with the same default […]

Posted on by Ray - 26 Comments on Xtream Codes IPTV Panel Review – Part 2: Movie Data Editing, Security, Resellers, Users and Pricing Management

Xtream Codes IPTV Panel Review – Part 2: Movie Data Editing, Security, Resellers, Users and Pricing Management

Dear readers, after part 1 of Xtream Codes Panel v.2.2.0 EVO review, here is part 2. I tried hard to get all in two parts, but “to be exhaustive” there will also have to be a part 3… Movie Editing Section As we can see, it’s only possible to assign a movie into a single category, a SELECT BOUQUET Option under the Category would be more then useful. So while Movie Editor Section is useful right now, it still needs improvement. Also taking each movie by hand for editing, after, for example, a Main server crash or changing the Main, is really something, a waste of time. Some of the issues / possible improvements include: No mass edit of movies to bouquets If changing the category of a movie, I found no working method to change in a bulk.. Even if I tried to delete the “content” of a bouquet, […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 1 Comment on How to check HTTP Header and Connection Stats from the Command Line

How to check HTTP Header and Connection Stats from the Command Line

A few days ago, I discussed with somebody whether a file was cached by Cloudflare or not, and this involved getting the HTTP header, and checking for CF-RAY field to see if data is going through one of Cloudflare data centers. This can be done with curl:

In the command above, -s stands for silent so that curl does not show the progress meter, -v stands for verbose to show the header, and -o /dev/null is used to discard the packet load. You can also use -I option (fetch the HTTP-header only) with curl, which – if all you need is the HTTP header – provides a cleaner output:

I also came across httpstat Python script recently via n0where, doing much of the same thing, except it also adds transfer statistics. It can be installed by downloading httpstat.py, or better using pip:

Let’s try it with this very […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 10 Comments on Rikomagic MK22 Octa-core Android TV Box Review – Part 1: Unboxing and Teardown

Rikomagic MK22 Octa-core Android TV Box Review – Part 1: Unboxing and Teardown

Rikomagic became a much better known company when they launched MK802 TV stick in 2012, and over the years they’ve kept introducing new products, and I’ve just received a review sample of their latest Rikomagic MK22 octa-core Android TV box powered by Amlogic S912 processor. I’ve posted photos of the device and its accessories, and check out the hardware design in the first part of the review, before testing Android 6.0 firmware in the second part in a few weeks. Rikomagic MK22 Unboxing I received MK22 in its black and white retail package. The back of the package details the main features, and the hardware specifications. Instead of printing a user’s manual that anybody will hardly read, the company instead printed a QR Core to MK22 user’s manual download link. The TV box ships with a 5V/2.5A power supply, an HDMI cable, and an IR remote control that looks the […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 10 Comments on Review of Allo Vana Player Linux HiFi Audio System with Max2Play, SqueezeBox and Kodi

Review of Allo Vana Player Linux HiFi Audio System with Max2Play, SqueezeBox and Kodi

Last month I showcased what I called “Allo Sparky Audio Kit” with a DAC board (Piano), an amplifier board (Volt), and usually hard to find  reclocker and capacitance multiplier boards (Kali & CM), all connected to Allo Sparky ARM Linux development board powered by Actions Semi S500 quad core Cortex A9 processor, and running Ubuntu 12.04. In the first post, I just described the boards, and showed how to assemble the kit, but now that I have received the user’s manual, it turns out the kit is actually called “Vana Player” and the provided Ubuntu firmware image runs Max2Play Browser based system that’s also available for Raspberry Pi and ODROID boards. Before starting the kit, you’ll need to connect speakers to Piano DAC board and/or Kali board, as well as a 19.5V power source such as a laptop power supply to connect to the CM board. I connected some USB […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 28 Comments on Review of R-Box Pro OTT TV Box with 3GB RAM – Part 1: Unboxing and Teardown

Review of R-Box Pro OTT TV Box with 3GB RAM – Part 1: Unboxing and Teardown

R-Box Pro is just another Amlogic S912 TV box, except it comes with up to 3GB RAM, against 2GB for most other models on the market. Kingnovel sent me a sample with 3GB RAM to check it out, and today I’ll start by taking photos of the devices, and perform a teardown mostly to find out how the 3GB memory design is implemented. R-Box Pro Unboxing The retail package is minimal black box with “OTT TV Box Amlogic S912” and “R-Box Pro” markings and Kodi logo. A sticker on the side will also indicate whether you have received to 2GB or 3GB RAM version. The device ships with an IR remote control with learning function, a 5V/2.5A power supply, an HDMI cable, and a user’s manual in English. The day I received the sample the top cover looked to have many scratches, but after removing the plastic film on the […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 51 Comments on VR SKY CX-V3 Android VR Headset Review – Part 2: GUI, 360° and VR Videos, and Issues

VR SKY CX-V3 Android VR Headset Review – Part 2: GUI, 360° and VR Videos, and Issues

VR SKY CX-V3 is an Android virtual reality headset powered by Allwinner H8vr processor and featuring a 1080p display. I had read VR requires 2K or 4K displays to be useful, but since that’s my very first VR headset, if we don’t count the a Google Cardboard clone as one, I did not mind testing one with a 1920×1080 display, and it ended up being an interesting learning experience. I’ve already shown the hardware with the various buttons, touch interfaces and lenses in the headset, as well as accessories like the charger and headphone in the first part of the review, so today, I’ll go through the interfaces, what works, and mention the issues I had with the device. If you’ve never used a virtual reality headset before, you’ll definitely want to read the user manual, which for once is written in proper English, both for entertainment value, and learn […]

Exit mobile version
UP 7000 x86 SBC