Hacking Apple TV without a patchstick?
Wouldn’t it be nice to update your Apple TV with the latest hacks/plugins all without opening it up or using the troublesome patchstick? What if all this can be done by just clicking on the “Update Software” option from the Apple TV menu.
In theory, it is entirely possible. And it will be quite a breakthrough if someone can make it a reality.
It is simple, really. The whole idea behind this hack is to use DNS spoofing technique to “trick” the Apple TV to think that it is getting software updates from Apple. However, the reality is that it is getting the updates from a fake server that we setup with all the hacked updates.
Here are steps:
- setup internet sharing on a local computer on a private network.
- connect Apple TV that computer.
- setup a fake update server on the same private network.
- on the computer shared internet connection, tell it to override the Apple update server with the IP address of the fake server.
- put dummy software update on the fake update server.
- run software update on the Apple TV to download the dummy software update.
Now, though the idea is simple but, in reality, it is not as simple as it sounds. This is mainly due to the fact that each software update package is “signed” with a special signature. And so far, nobody knows knows about how the signature is generated yet.
So there, the idea has been presented. If anybody has any insights into how the software update package is signed, we can really revolutionize the way Apple TV is hacked.
Friday 20 Jun 2008 | | Del.icio.us | News
July 20th, 2008 at 8:02 am
Actually the whole problem is not getting the AppleTV to talk to your fake update server, it is making it accept an unsigned file. Forget cracking the signature, it is not viable.
Also, if you do crack the signature, you might as well get involved with iPhone hacking, which also uses signed firmware. The dev team’s Pwnage “fixes” this, but by making the device ignore the mismatching signature, rather than getting the signature right. It would require previous modification of the AppleTV for this technique to work though, so it kind of beats the purpose of this.
The only way to do it without previously modifying the AppleTV would have to be via some sort of vulnerability exploit, but then it would work only for a short while (until the next software update), so I believe this idea does not have a lot of potential, unless we can get the AppleTV to ignore the signature checking (quite hard to do, if you ask me).