|
| Author |
Message |
krkeegan
Site Admin
Joined: 04 Jan 2008
Posts: 412
Location: Los Angeles, CA
|
 Posted: Sun Mar 23, 2008 9:20 am Post subject: |
 |
|
| So does it appear that XMPP is being used? I read the link provided by gmd and it seems to make sense. PaulS I think XMPP is already in 9.2 and used for the current amazon unbox already??
|
|
| Back to top |
|
 |
real_armooo
pyTivo Creator
Joined: 23 Mar 2008
Posts: 42
|
| Posted: Sun Mar 23, 2008 11:41 am Post subject: |
|
|
It looks like everything going to mind.tivo.com is to find the correct xmpp server.
I was able to get this response.
| Code: |
<?xml version="1.0" encoding="utf-8"?>
<bodyXmppInfo>
<port>5224</port>
<sendPresence>10.10.30.12@productiontcd.tivo.com/dummyresource</sendPresence>
<sendPresence>tcdMonitor@productiontcd.tivo.com</sendPresence>
<server>208.73.181.192</server>
<xmppId>pc.1000024321@productiontcd.tivo.com</xmppId>
</bodyXmppInfo>
|
I was able to use pidgin to login to to the xmpp server.
Tivo desktop is not checking the SSL certs that is is using so a simple MITM attack works to view the streams.
| Description: |
|
Download |
| Filename: |
from_mind.tivo.com.txt |
| Filesize: |
2.62 KB |
| Downloaded: |
32 Time(s) |
| Description: |
|
Download |
| Filename: |
to_mind.tivo.com.txt |
| Filesize: |
5.01 KB |
| Downloaded: |
24 Time(s) |
|
|
| Back to top |
|
|
krkeegan
Site Admin
Joined: 04 Jan 2008
Posts: 412
Location: Los Angeles, CA
|
| Posted: Sun Mar 23, 2008 11:50 am Post subject: |
|
|
| real_armooo wrote: | Tivo desktop is not checking the SSL certs that is is using so a simple MITM attack works to view the streams. |
I thought of that idea. Glad to hear it works. Is this truly the Real "Armooo"?
|
|
| Back to top |
|
|
real_armooo
pyTivo Creator
Joined: 23 Mar 2008
Posts: 42
|
| Posted: Sun Mar 23, 2008 7:48 pm Post subject: |
|
|
Yes this is the real armooo.
It looks like like XMPP may not be needed to push requests to the tivo. It seems like this POST would work.
| Code: |
POST /mind/mind7?type=bodyOfferModify&bodyId=tsn:6520001802C0F2A HTTP/1.1
Cookie: CAMS_SID_CAMSPRDCLUSTER_TIVOCOM=camsprdCluster-sjcamsprd02-tivocom-909bc5afb679fb8447927a621f93a2f29c756e26; CAMS_SID_CAMSPRDCLUSTER_TIVOCOM=camsprdCluster-sjcamsprd02-tivocom-1f77451e17d1fd6c88694f40f336477e10c21181
Content-Type: x-tivo/dict-binary
User-Agent: Mind Session
Host: mind.tivo.com:8181
Content-Length: 515
Connection: Keep-Alive
<86>bodyId^A<93>tsn:6520001802C0F2A^@<8b>description^A<9b>Transferred by TiVo Desktop^@<88>duration^A<84>4252^@<8c>encodingType^A<92>mpeg2ProgramStream^@<89>partnerId^A<8c>tivo:pt.3187^@<88>pcBodyId^A<92>tivo:pc.1000024321^@<8b>publishDate^A<93>2008-03-24 04:29:56^@<84>size^A<8a>3064411136^@<86>source^AÅfile:/C%3A%2FDocuments%20and%20Settings%2FStephanie%2FDesktop%2FVideo^@<85>state^A<88>complete^@<88>subtitle^A²The Fairly Odd Parents - Channel Chasers.xvid-pyro^@<85>title^A<85>Video^@<83>url^Aëhttp://10.0.1.52:8080/%7B01285128-504A-41EB-89A0-4F18D8BAB31A%7D/%7BC0D9F2D5-BB43-4E89-82E5-88BD37C477C1%7D^@<80>
|
|
|
| Back to top |
|
|
krkeegan
Site Admin
Joined: 04 Jan 2008
Posts: 412
Location: Los Angeles, CA
|
| Posted: Sun Mar 23, 2008 8:00 pm Post subject: |
|
|
| Wow if that is the case, this could be very easy to implement.
|
|
| Back to top |
|
|
real_armooo
pyTivo Creator
Joined: 23 Mar 2008
Posts: 42
|
| Posted: Sun Mar 23, 2008 9:05 pm Post subject: |
|
|
Sample code to create a x-tivo/dict-binary from a python dict.
| Description: |
|
Download |
| Filename: |
dictcode.py.txt |
| Filesize: |
1.77 KB |
| Downloaded: |
27 Time(s) |
|
|
| Back to top |
|
|
real_armooo
pyTivo Creator
Joined: 23 Mar 2008
Posts: 42
|
| Posted: Sun Mar 23, 2008 10:53 pm Post subject: |
|
|
I am going to have to try watching the xmpp traffic. I have been sending requests to mind.tivo.com and have been getting the same responses at tivo desktop, but I am not seeing any results.
Here is the test script I have been using.
| Description: |
|
Download |
| Filename: |
testsend.py.txt |
| Filesize: |
2.57 KB |
| Downloaded: |
19 Time(s) |
|
|
| Back to top |
|
|
ebf
Joined: 21 Mar 2008
Posts: 47
|
| Posted: Mon Mar 24, 2008 10:55 am Post subject: Why is it slow... |
|
|
| I was wondering why TiVo Desktop transcoding and transferring is so slow! I am guessing they are not using ffmpeg. Is that because it cannot be used with commercial software?
|
|
| Back to top |
|
|
real_armooo
pyTivo Creator
Joined: 23 Mar 2008
Posts: 42
|
| Posted: Mon Mar 24, 2008 8:07 pm Post subject: |
|
|
It is starting to look like tivodesktop it talking directly to the tivo to push the videos. The only thing I have seen over XMPP is a request to update when I sellected some CNET thing on my tivo. It looks like the HME app sends a push to tivo desktop to check its feeds. And then tivo desktop directly tells the tivo to start downloading the file. Still only a guess at this point I may hve been doing something wrong with the HTTP POSTS last night. I think the next step is to watch the https traffic from the PC to the TIVO.
| Code: |
<message from="10.10.30.39@productiontcd.tivo.com" id="uY9EG-71388" to="pc.1000024321@productiontcd.tivo.com"><body><?xml version="1.0" encoding="utf-8"?><xmppAction><action>cdsUpdate</action></xmppAction></body></message>
|
I setup this iptables rules on my firewall to see the traffic.
| Code: |
iptables -t nat -A PREROUTING -i eth0 -s ! 10.0.1.51 -p tcp --dport 5224 -j DNAT --to 10.0.1.51:5224
iptables -t nat -A POSTROUTING -o br0 -s 10.0.1.0/24 -d 10.0.1.51 -j SNAT --to 10.0.1.2
|
| Description: |
|
Download |
| Filename: |
xmppproxy.py.txt |
| Filesize: |
1.91 KB |
| Downloaded: |
21 Time(s) |
|
|
| Back to top |
|
|
real_armooo
pyTivo Creator
Joined: 23 Mar 2008
Posts: 42
|
| Posted: Mon Mar 24, 2008 9:42 pm Post subject: |
|
|
x-tivo/dict-binary format
Dict = <Pairs>0x80
Pairs = <Key>0x01<Value>0x00
Value = <String> | <Dict>
Key = <String>
String = <Size>text
Size = 7 bit size bit 8 always set
Select "Download this program" on Tivo
Tivo Desktop gets sent a XMMP message to update
<?xml version="1.0" encoding="utf-8"?><xmppAction><action>cdsUpdate</action></xmppAction>
Tivo Desktop
Post /mind/login
url encoded
ams_security_domain=tivocom
cams_login_config=http
cams_original_url=/mind/mind7?type=infoGet
cams_cb_username=armooo%40armooo.net
cams_cb_password=123
Server Reply 302
Location:https://sjepx03.tivo.com:8181/mind/mind7?type=infoGet
(sjepx03.tivo.com will not resolve?)
POST /mind/mind7?type=pcBodySearch
x-tivo/dict-binary
{}
Server Reply
<?xml version="1.0" encoding="utf-8"?>
<pcBodyList>
<isBottom>true</isBottom>
<isTop>true</isTop>
<pcBody>
<bucketNumber>1756</bucketNumber>
<levelOfDetail>low</levelOfDetail>
<name>STEPH</name>
<pcBodyId>tivo:pc.1000024321</pcBodyId>
<type>pcBody</type>
</pcBody>
</pcBodyList>
POST /mind/mind7?type=syncInstructionsGet&bodyId=tivo:pc.1000024321
x-tivo/dict-binary
{
'bodyId' : 'tivo:pc.1000024321',
'database' : {
'bodySyncId' : '1',
'databaseName' : 'pcSubscription',
'mindDatabaseState' : {
'bodySyncId' : '1',
'dbName' : 'pcSubscription',
'mindSyncCounter' : '2',
'mindSyncId' : '1',
'nextServerIdForBody' : '1500000',
'type' : 'syncMindDatabaseState',
},
'mindSyncIdAck' : '1',
'type' : 'syncBodyState',
}
}
Reply
<?xml version="1.0" encoding="utf-8"?>
<syncInstructions>
<database>
<databaseName>pcSubscription</databaseName>
<noPrivateData>false</noPrivateData>
<sendData>all</sendData>
<type>syncInstructionsForDatabase</type>
<when>soon</when>
</database>
<mindGlobalState>
<mindId>tivo:md.production</mindId>
<randomId>1000024321</randomId>
<type>syncMindGlobalState</type>
</mindGlobalState>
<nextSyncInterval>980</nextSyncInterval>
<noPrivateData>false</noPrivateData>
</syncInstructions>
Post /mind/mind7?type=bodyOfferSchedule
x-tivo/dict-binary
{
'pcBodyId' : 'tivo:pc.1000024321'
}
Reply
<?xml version="1.0" encoding="utf-8"?>
<bodyOfferList>
<bodyOffer>
<bodyId>tsn:6520001802C0F2A</bodyId>
<bodyOfferId>tivo:bo.15000241</bodyOfferId>
<createDate>2008-03-25 04:53:17</createDate>
<description>No Blu-Ray for XBox 360, Reznor makes 1.6 million, Firefox 3 Eats Less Memory, Google Sky, RIAA Sets 750 Per Song, Intel Releasing 6 Cores, Reporter Gets Owned and Kevin's latest iPhone Rumor</description>
<levelOfDetail>high</levelOfDetail>
<offerId>tivo:of.bs.15000241</offerId>
<partnerId>tivo:pt.3187</partnerId>
<pcBodyId>tivo:pc.1000024321</pcBodyId>
<publishDate>2008-03-22 00:00:00</publishDate>
<source>http://revision3.com/diggnation/feed/quicktime-high-definition/</source>
<sourceOfferId>tivo:of.ts.2300731</sourceOfferId>
<state>scheduled</state>
<subscriptionId>tivo:sb.15000381</subscriptionId>
<subtitle>Diggnation - iPhone Rumor Du Jour</subtitle>
<title>Diggnation</title>
<type>bodyOffer</type>
<updateDate>2008-03-25 04:53:17</updateDate>
<url>http://www.podtrac.com/pts/redirect.mov/bitcast-a.bitgravity.com/revision3/web/diggnation/0142/diggnation--0142--2008-03-20hamsters--hd.h264.mov</url>
</bodyOffer>
<isBottom>true</isBottom>
<isTop>true</isTop>
</bodyOfferList>
After a while (dl and transcoded?)
POST /mind/mind7?type=bodyOfferModify&bodyId=tsn:6520001802C0F2A
x-tivo/dict-binary
{
bodyId : tsn:6520001802C0F2A
bodyOfferId : tivo:bo.15000241
description : No Blu-Ray for XBox 360, Reznor makes 1.6 million, Firefox 3 Eats Less Memory, Google Sky, RIAA Sets 750 Per Song, Intel Releasing 6 Cores, Reporter Gets Owned and Kevin's latest iPhone Rumor
duration: 2992
encodingType : mpeg2ProgramStream
partnerId : tivo:pt.3187
pcBodyId : tivo:pc.1000024321
publishDate : 2008-03-22 00:00:00
size : 3883161600
source : http://revision3.com/diggnation/feed/quicktime-high-definition/
sourceOfferId : tivo:of.ts.2300731
state : complete
subscriptionId : tivo:sb.15000381
subtitle : Diggnation - iPhone Rumor Du Jour
title : Diggnation
type : bodyOfferModify
url : http://10.0.1.52:8080/%7BSD%7D/%7B504795A4-0429-444D-8E43-8920D4AC910D%7D
}
REPLY
<?xml version="1.0" encoding="utf-8"?>
<bodyOffer>
<bodyId>tsn:6520001802C0F2A</bodyId>
<bodyOfferId>tivo:bo.15000241</bodyOfferId>
<createDate>2008-03-25 04:53:17</createDate>
<description>No Blu-Ray for XBox 360, Reznor makes 1.6 million, Firefox 3 Eats Less Memory, Google Sky, RIAA Sets 750 Per Song, Intel Releasing 6 Cores, Reporter Gets Owned and Kevin's latest iPhone Rumor</description>
<duration>2992</duration>
<encodingType>mpeg2ProgramStream</encodingType>
<levelOfDetail>high</levelOfDetail>
<offerId>tivo:of.bs.15000241</offerId>
<partnerId>tivo:pt.3187</partnerId>
<pcBodyId>tivo:pc.1000024321</pcBodyId>
<publishDate>2008-03-22 00:00:00</publishDate>
<size>3883161600</size>
<source>http://revision3.com/diggnation/feed/quicktime-high-definition/</source>
<sourceOfferId>tivo:of.ts.2300731</sourceOfferId>
<state>complete</state>
<subscriptionId>tivo:sb.15000381</subscriptionId>
<subtitle>Diggnation - iPhone Rumor Du Jour</subtitle>
<title>Diggnation</title>
<updateDate>2008-03-25 05:12:24</updateDate>
<url>http://10.0.1.52:8080/%7BSD%7D/%7B504795A4-0429-444D-8E43-8920D4AC910D%7D</url>
</bodyOffer>
POST /mind/mind7?type=subscribe&bodyId=tsn:6520001802C0F2A
{
bodyId : tsn:6520001802C0F2A
idSetSource {
contentId: tivo:ct.bs.15000241
offerId : tivo:of.bs.15000241
type : singleOfferSource
}
title : pcBodySubscription
uiType : cds
}
|
|
| Back to top |
|
|
real_armooo
pyTivo Creator
Joined: 23 Mar 2008
Posts: 42
|
| Posted: Tue Mar 25, 2008 5:52 pm Post subject: |
|
|
| I have just pushed my first video to the tivo. The video is being served up from pytivo. I used a very messy script external to pytivo to send the request to mind.tivo.com with a few posts. I am going to clean that script up. And post it.
|
|
| Back to top |
|
|
StanSimmons
Joined: 04 Jan 2008
Posts: 10
|
| Posted: Tue Mar 25, 2008 6:02 pm Post subject: |
|
|
| real_armooo wrote: | I have just pushed my first video to the tivo. The video is being served up from pytivo. I used a very messy script external to pytivo to send the request to mind.tivo.com with a few posts. I am going to clean that script up. And post it. |
Very Nice!
|
|
| Back to top |
|
|
real_armooo
pyTivo Creator
Joined: 23 Mar 2008
Posts: 42
|
| Posted: Tue Mar 25, 2008 8:11 pm Post subject: |
|
|
Here it is.
You need to set username, password, tsn and url.
Run it and your tivo should start downloading video.
It may stop transferring early, and it uses the names from the push not from pytivo. It also acts like a unbox download and will not let you start watching until it thinks you can watch it to the end.
The partnerId is a magic number. I did not see how to get it from the server. I just saw my tivo desktop sending it. I am not sure if it needs to change for each account.
It should not overwrite your tivo desktop's existing pcBodyId. But it will create one if you have not linked your account yet. I don't see why this would not work without a plus key, but I have one so it has not been tested.
I would like to know if this works for anyone else.
| Description: |
|
Download |
| Filename: |
testsend.py.txt |
| Filesize: |
6.73 KB |
| Downloaded: |
34 Time(s) |
|
|
| Back to top |
|
|
krkeegan
Site Admin
Joined: 04 Jan 2008
Posts: 412
Location: Los Angeles, CA
|
| Posted: Tue Mar 25, 2008 9:41 pm Post subject: |
|
|
Very very cool. I can't get it to work yet but it seems like you are close.
I get this error
| Code: |
<error><code>badArgument</code><text>Field bodyId differs in the URL args and in the body</text></error>g |
|
|
| Back to top |
|
|
krkeegan
Site Admin
Joined: 04 Jan 2008
Posts: 412
Location: Los Angeles, CA
|
| Posted: Tue Mar 25, 2008 9:48 pm Post subject: |
|
|
OK line 121 was missed it should read:
| Code: |
'https://mind.tivo.com:8181/mind/mind7?type=subscribe&bodyId=tsn:' + tsn, |
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
