- hacker
Hacking Yamaha RX-V475
nmap
$ sudo nmap -sT -p 1-65535 -v -A 192.168.2.33 Initiating OS detection (try #1) against 192.168.2.33 NSE: Script scanning 192.168.2.33. Initiating NSE at 15:28 Completed NSE at 15:29, 30.12s elapsed Nmap scan report for 192.168.2.33 Host is up (0.00051s latency). Not shown: 65529 closed ports PORT STATE SERVICE VERSION 80/tcp open tcpwrapped |_http-favicon: Unknown favicon MD5: 731538E62E7F79E7418995F493609777 |_http-title: Site doesn't have a title (text/html). 1024/tcp open rtsp Apple AirTunes rtspd 141.9 (Apple TV) | rtsp-methods: |_ ANNOUNCE, SETUP, RECORD, PAUSE, FLUSH, TEARDOWN, OPTIONS, GET_PARAMETER, SET_PARAMETER, POST, GET 1900/tcp open tcpwrapped 8080/tcp open http-proxy? |_http-open-proxy: Proxy might be redirecting requests |_http-title: Site doesn't have a title (text/html). 10200/tcp open unknown 50000/tcp open ibm-db2? 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port8080-TCP:V=6.40%I=7%D=12/3%Time=529DDBF2%P=x86_64-apple-darwin13.0. SF:0%r(GetRequest,145,"HTTP/1\.1\x20200\x20OK\r\nCONTENT-TYPE:\x20text/htm SF:l\r\nCONTENT-LENGTH:\x20260\r\n\r\n<!DOCTYPE\x20HTML\x20PUBLIC\x20\"-// SF:W3C//DTD\x20HTML\x204\.01\x20Frameset//EN\"\x20\"http://www\.w3\.org/TR SF:/html4/frameset\.dtd\">\r\n<html>\r\n<head>\r\n<meta\x20http-equiv=\"Co SF:ntent-Type\"\x20content=\"text/html;\x20charset=iso-8859-1\">\r\n</head SF:>\r\n\r\n<body>\r\n\r\n<H1>PRESENTATION\x20PAGE</H1>\r\n</body>\r\n</ht SF:ml>\r\n")%r(FourOhFourRequest,1A,"HTTP/1\.1\x20404\x20Not\x20Found\r\n\ SF:r\n"); MAC Address: 00:A0:DE:A1:A4:84 (Yamaha) Device type: media device Running: Denon embedded OS CPE: cpe:/h:denon:avr-2113 OS details: Denon AVR-2113 audio receiver Network Distance: 1 hop TCP Sequence Prediction: Difficulty=17 (Good luck!) IP ID Sequence Generation: Incremental Service Info: OS: Mac OS X; Device: media device; CPE: cpe:/o:apple:mac_os_x
Chips
Zentel a3v56s30ftp-G6 256Mb DRAM 166Mhz Link
?HanRun hr903125C Ethernet (Can not find with google)
smsc 8700c http://pdf1.alldatasheet.com/datasheet-pdf/view/170571/SMSC/LAN8700.html
- Spansion S29GL256S90TFi02 256Mb flash
- silicon image s 19573CTUC NFW308D 1305 AH01PD2
- Cinema DSP TMS320070YE101BRFP
SMSC DM850A (?AirPlay)
- Some Logig chip: probably r5f3650enfb (hard to see)
PCM9211 (Digital audio) http://www.ti.com/product/pcm9211
curl -v 10.0.2.52 > /dev/null * Rebuilt URL to: 10.0.2.52/ * Hostname was NOT found in DNS cache * Trying 10.0.2.52... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to 10.0.2.52 (10.0.2.52) port 80 (#0) > GET / HTTP/1.1 > User-Agent: curl/7.37.0 > Host: 10.0.2.52 > Accept: */* > < HTTP/1.1 200 OK * Server AV_Receiver/3.1 (RX-V475) is not blacklisted < Server: AV_Receiver/3.1 (RX-V475) < Content-Encoding: gzip < Content-Type: text/html < Content-Length: 15819 < Content-Language: en < { [data not shown] 100 15819 100 15819 0 0 87857 0 --:--:--
curl -v 10.0.2.52:8080 * Rebuilt URL to: 10.0.2.52:8080/ * Hostname was NOT found in DNS cache * Trying 10.0.2.52... * Connected to 10.0.2.52 (10.0.2.52) port 8080 (#0) > GET / HTTP/1.1 > User-Agent: curl/7.37.0 > Host: 10.0.2.52:8080 > Accept: */* > < HTTP/1.1 200 OK < CONTENT-TYPE: text/html < CONTENT-LENGTH: 260 < <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> </head> <body> <H1>PRESENTATION PAGE</H1> </body> </html>
- description
- Yamaha RX-v475 reverse engineering
- started
- 2013-12-03