tivo hackery

Where can I find an sshd for Tivo 4.x series 2? <LJ-CUT text=" --More--( 8%) ">Failing that, where can I find a version of tnlited that I can put a shell script wrapper around so that it asks for a password before handing out root shells like candy?

Or (dare to dream) iptables?

(The tnlited here seems to be S1-only, and the sshd linked to from here is 404.)

Failing even that, what magic do I need to go through to be able to cross-compile on x86 targeted to Tivo's brand of PPC? (Or, would it be easier to do this on OSX? Maybe if I link statically, OSX binaries will just work?)

Update: Found Tivo sshd here, yay! It works, even.

Tags: , , , ,

31 Responses:

  1. sc00ter says:

    I don't have answers to your questions, but how is 4.x working out on your directivo? I want to do that hack.

  2. brad says:

    OS X won't let you link statically. I remember getting bit by that once with gcc saying something like, "In OS X land, static linking considered harmful... we're not going to let you."

    • otterley says:

      See Apple's explanation here.

      • johnreen says:

        So... in other words, Apple's technical explanation is basically "We really do know what's best for you, and if you did what you wanted to do, it would fuck with our complete control over what you do."

        • marmoset says:

          So, did you miss the part where they tell you where to get the Csu module to enable static linking or are you just being funny?

          • johnreen says:

            I didn't miss it... I just like how it's written, which is what Apple has always done: "Here's how to shoot yourself in the foot. Here you go. But don't blame us when we fuck you over because we architected shit wrong. You should've listened to us. And for the love of god, won't somebody think of the children your customers?! Just... don't do this. Do what we tell you to do."

            It reminds me of the old "If Operating Systems were Airlines" gag

            They capture the Mac position perfectly.

  3. duskwuff says:

    OS X binaries, whether linked statically or dynamically, will definitely not run on Tivo, as OS X uses a different binary format (Mach-O) than pretty much anything else.

    It's probably a Nex[Tt][Ss]te[Pp] thing. Mach-O supports some bizarre features, like "fat" binaries containing code for multiple architectures.

    • tfofurn says:

      Did not MacOS support fat binaries with 680x0 and PPC in the same file? Intel's C compiler definitely supports multi-chip optimization with run-time chip detection.

      • duskwuff says:

        Yes; that was something else, though. (PEF was the PPC binary format; I don't know what to call their 680x0 format other than Mac OS RSRC.)

  4. warewolf says:

    Make damn sure you turn off the hourly host key regeneration. It might not effect DirecTiVos as much as it did Standalone units, but it's not pretty when sshd steals all available CPU and then some to regen the host RSA and DSA keys.

    btw, #tivo says hi.

    • jwz says:

      Duly noted, thanks. That means "set KeyRegenerationInterval to a big number", I guess? Does that reduce security in some real way?

      • duskwuff says:

        Does that reduce security in some real way?

        Only if the machine's disk is compromised and your network is being sniffed, in which case previous SSH conversations will be readable.

        Not a major concern for a TiVo.

      • warewolf says:

        you could set it to 9999999999999 (a big number), or you could set it to 0, like the man page says:

        In protocol version 1, the ephemeral server key is automatically
        regenerated after this many seconds (if it has been used). The
        purpose of regeneration is to prevent decrypting captured ses-
        sions by later breaking into the machine and stealing the keys.
        The key is never stored anywhere. If the value is 0, the key is
        never regenerated. The default is 3600 (seconds).

        Although, there's really no need to put an sshd on your TiVo... To each his own I guess. Do you intend to place it on the public intarweb or something? Check out JavaHMO and JavaHME (found on sourceforget.net), and tivohme.sf.net. Home Media Extensions are teh shizzor. If the unit isn't a DirecTiVo, or you've intalled the Standalone "OS" on it and enable HMO so you can extract recordings, check out http://evillabs.net/tivo for steps to "decrypt" the .TiVo files.

        • jwz says:

          I'm so old-skool that my home network is an honest-to-god routable /28, none of this NAT garbage for me. Up until this moment, I've had no need for a dedicated firewall box, since each of my machines just runs iptables and handles that on its own. So, my choices were: get sshd running on the tivo; get iptables running on the tivo; buy a router whose only function was to protect the tivo; or put another interface in one of my other boxes and hide the tivo behind that. I was glad to find that getting sshd running was the easy option.

        • jabberwokky says:

          For those of us who have no Windows in the household (or even know anybody who runs it) is there any way to decrypt the .TiVo files? MPlayer calls them encrypted VOBs. I run Linux, and the SO runs OSX.

          Googled for an hour or so and gave up.

          • warewolf says:

            Since you have not paid the M$ tax and have a copy of windows, you're SOL, sorry. My suggestion is to nag TiVo to make a OSX verion of Tivo Desktop 2.0. Also, TiVoToGo only works in the TiVo OS 7.x software (keep that in mind for all of you who have DirecTV units, DirecTV -hates- letting users at their prescious mpeg stream). Or, get someone who knows crypto crypto better than I do to break their crypto. I've got a few notes, but I'm no crypotpgrapher.

          • mattyj2001 says:

            Here's a tip. The Tivo forums at http://www.dealdatabase.com have a wealth of information. Maybe they don't show up in google ...?

            I don't feel like sifting through everything and finding all the links, but here's some things you should search for. There are tools for *nix and Windows:

            0. jdiner's boot CD to get all the goodies running on your Tivo (series 2 only, I think. This will get your telnet and ftpd running, at least. It sounds like some/most of you have already done this.)

            1. Find TyTool. This has the server in it you need to suck things off Tivo. It also has a windows client for downloading and muxing the tivo streams to plain mpeg on the fly.

            2. For Linux users, find TyNix, the curses client for above server. You can only use it to suck the (encrypted) files. Then ...

            3. Find vsplit (for Linux.) This can convert your raw tivo streams to mpg on the commandline.

            4. Alternately, if you have a TivoToGo account, find JavaHMO on sourceforge. It supports downloading TivoToGo, but you need a valid key. As the name implies, this is a JAVA app and should run on any platform, including OS X:


            I hope this helps. You could spend days upon days reading good info at dealdatabase ...


            • jabberwokky says:

              Ah. I should have mentioned one key fact - it's not my TiVo, so I can't install binaries on the actual system. Thus no vserve or .ty streams.

              JavaHMO is nice, and durn useful for downloading the *.TiVo files (which you can also do via the https interface), but it doesn't decrypt. I can get the *.TiVo files already - I have two gigs worth on my system in anticipation of some way to decrypt them. (It *can* be done, as Windows users can do it).

              I don't suppose vsplit works on the *.TiVo files? Off to check...

            • jabberwokky says:

              Oh, and as a side note, there's no need for vsplit if you have MPlayer - MPlayer will read and play .ty files right off the bat (and stream them... and mencoder will reencode them to your choice of codec and container).

            • jabberwokky says:

              re: dealdatabase:

              That's *exactly* what I was looking for. Thanks very much for the link. For anybody interested, the direct links to the interesting stuff is:


              The mpeg can be dumped, and the code to encrypt is is known... people are now "just" trying to figure out how to pull keys and decrypt it. Looks like it will be done fairly soon, and I now know where to keep an eye on for emerging solutions.

        • jwz says:

          So, does HMO let you do anything besides stream MP3s and photos to the Tivo, and extract MPEGs?

          My MP3 box already feeds S/PDIF to my stereo, so I don't see any reason to route that through Tivo. I can't imagine ever wanting to look at a photo on a TV screen. And I don't have any easy way to master video DVDs anyway (I've done it, but it sucked) so I'm going to hold off on ever trying that again for a while.

          Just trying to verify whether my I was right in having filed "HMO" into my brain's "you can ignore this" category.

          Now what would be sweet would be if I could add menus to the Tivo app, that ran arbitrary programs. But from what I've read, nobody's figured out how to crack it open that far, right?

          • warewolf says:

            HME lets you make ... wait for it .. I bet it's your favorite language of all time ...

            JAVA! applications to ... uh, render their display on the TiVo. Take a look at the screenshots on http://tivohme.sf.net/, and the community HME application site, http://hme.pvrblog.com/. TiVo made a demo connect-four clone called "skull & bones", and there's a spiffy app that lets you view google maps on your TiVo. Lots and Lots of room for growth. I expect TiVo to blast off with HME, especially after their hopping in bed with Comcast.

            HMO lets you xfer recordings between TiVos, and to your PC, along with viewing jpegs, and listening to MP3s. With TiVo Desktop you can xfer the recordings to your PC, and play them back w/ a password (I have yet to crack it, I'm working on it... it's blowfish crypto..). With SonicMyDVD, or the aforementioned lame-ass hack http://evillabs.net/tivo/, you can convert it to straight mpeg, and then burn it to DVD if you wanted to.

            (HMO == Home Media Option, HME == Home Media Extensions)

            • mark242 says:

              To be fair, it probably isn't worth installing the HME extensions until after someone comes up with a truly killer app. So far, the Flickr interface is interesting but not spectacular; the demos much less so.

              I'm waiting for someone to pull off a BitTorrent implementation that streams the downloaded files to your Tivo. Tivo over IP, as it were.

    • otterley says:

      Can't you just nice(1) it?

      • warewolf says:

        Not really, the TiVo has some real-time stuff built into it, and there's actually a small utility on the TiVo .. egh, I can't telnet into any of my TiVos at the moment, but it effectivly does the same thing as nice(1), but correctly. I think the name of the app is runpri or something.


        - The use of 3rd party software on the TiVo can interfere with the normal useage of the TiVo, either use software to change the priority levels to their lowest setting or disable the 3rd party software. The TiVO does not use normal UNIX priority levels so you'll need getpri/setpri/nicepri from http://tivo.samba.org/download/mbm/bin.

        I'm wrong, it's setpri/getpri.