Tag Archive: Anytime


Hacking Sky Anytime+ Part 2

*Update* Further investigation

See my previous post: https://tickett.wordpress.com/2011/05/25/hacking-sky-anytime/

I couldn’t help but start some investigating…

I installed WinPcap, Cain & EffeTech HTTP Sniffer in a virtual machine and got cracking

Firstly, I had to enable ARP poisoning in Cain

You can find your sky box’s ip address by pressing services -> 0 -> 6 from the sky remote
Add to the list then start APR
Now from EffeTech HTTP Sniffer configure then start sniffing

Cool- so it’s using plain ‘old HTTP…
I tried a few of the .jpg links and it worked aok: http://cdn.sky.com/60445/bsky_skymovies/BOX_COVER/bsky_skymovies-THUM0000000000071243-20110518154138.jpg (note here I tried from both a sky broadband connection and from a non-sky connection and both worked (does this suggest you may be able to use anytime+ without sky broadband? Hmm…)
Unfortunately when I tried the .nff or .oecm- In Google Chrome I get “Error 6, file not found” and in Internet Explorer/Firefox I get a prompt for credentials (which I can’t seem to decipher from the sniffer logs). I also tried spoofing the User-Agent but that didn’t seem to help either.

That’s about the limit of my investigative skills- so I’ll have to hope others will take it further.

L

*Update* See the result of some investigation, packet sniffing etc
*Update2* See further investigation 

I am curious and don’t think I’ve seen this discussed yet…

Sky’s relatively new product- Anytime+ allows us (sky broadband + tv customers) to download content direct to our sky box for later viewing (or on-demand if your internet connection is fast enough).
Sky Anytime+ Movies
The Sky box is connected to the network and assigned an IP address- the device then presumably connects to a server to download a list of available content and then upon request, the content itself. So I imagine we can use some form of packet sniffing to identify where the box is connecting to and what information is being transferred?

Could we then download this content from a pc? I expect the content being downloaded is encrypted and contained in .str files so maybe even if we could get the files on a pc we could open/view them.

What about the other direction? Redirect the box to connect to your server which returns a list of content on your network and allows you to view it? Again- I expect you’d need to convert to .str and each programme would be downloaded to the box, viewed and then deleted.

Intrigued- let me know if you have any thoughts on this!

L

%d bloggers like this: