Rooting a NeoTV set top box from the couch

The NeoTV is a set top box built by Netgear to compete with the likes of Roku. It streams video from the usual Internet sources like Netflix, Hulu Plus, and YouTube. [Craig] recently cracked his unit open, and in the process discovered that the NeoTV can be rooted using nothing but the remote control.

He starts with a hardware overview. The box houses a single-board ARM design with a 128MB of NAND and 256MB of RAM. The serial port is easy to find, but it does not provide a root shell (which often is one of the easiest ways to root a device). He next turns to poking around the unencrypted firmware update to see what he can learn. That’s how he discovered that the SSID value when connecting to WiFi is fed into a system() command. This glaring security hole lets you run just about anything you want on the device by issuing commands as fake SSID names. It’s just a matter of a little Linux know-how and [Craig] now has root access on his device.

Comments

  1. anon says:

    _LOL_

  2. wretch says:

    Very impressed.

  3. AMS says:

    Wow… Now the question is how does the netflix streamer work and can we port it to other systems.

  4. Alex Rossie says:

    Almost as bad as when android piped all keyboard input to a root shell!

  5. Nebojša says:

    This guy won. I’m really impressed.

  6. John says:

    LMAO! There’s a prank to pull if you know your neighbor likes to steal WiFi and has one of these NeoTV boxes!

    Are you telling us that you can just set up a wireless router that’s not connected to anything, call it “rm -rf /*” and that’ll work?

  7. Isaac says:

    This is hilariously legendary.

  8. metal says:

    So how hard would xbmc be to get on ntv300?

  9. Mike says:

    How can I root the neotv prime

  10. Mike says:

    How can I put xbmc on neotv prime any body knows please help

  11. Mike says:

    Still no answer how can I put xbmc on neotv prime step by step please help

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 96,388 other followers