Rooting a NeoTV set top box from the couch

The NeoTV is a set top box built by Netgear to compete with the likes of Roku. It streams video from the usual Internet sources like Netflix, Hulu Plus, and YouTube. [Craig] recently cracked his unit open, and in the process discovered that the NeoTV can be rooted using nothing but the remote control.

He starts with a hardware overview. The box houses a single-board ARM design with a 128MB of NAND and 256MB of RAM. The serial port is easy to find, but it does not provide a root shell (which often is one of the easiest ways to root a device). He next turns to poking around the unencrypted firmware update to see what he can learn. That’s how he discovered that the SSID value when connecting to WiFi is fed into a system() command. This glaring security hole lets you run just about anything you want on the device by issuing commands as fake SSID names. It’s just a matter of a little Linux know-how and [Craig] now has root access on his device.

17 thoughts on “Rooting a NeoTV set top box from the couch

  1. LMAO! There’s a prank to pull if you know your neighbor likes to steal WiFi and has one of these NeoTV boxes!

    Are you telling us that you can just set up a wireless router that’s not connected to anything, call it “rm -rf /*” and that’ll work?

  2. I am a noon but I do have a ntv300. I read in some forums that firmware update 1.0.68 mistakenly added dlna capabilities. Would I be able to access that using this?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s