Archive for July, 2009

Digital Assassination – The Ultimate Revenge!

Thursday, July 30th, 2009

All examples included in this posting are for educational purposes only and should never be put to practice or used. In other words, do not do them!

Death by Ethernet Given that today is the opening day for DEFCON 17 (a hacker conference), I figured I would pay homage by exposing some cyberwar techniques that are more social in nature, easier than writing amazing meterpeter exploits, but just as (if not more) impactful.

These days, cyber bullying is popular. Cyber bullying is when a bully makes fun of a kid online using MySpace, email, posting jokes, etc. Cyber-bullying is so harmful to a child’s mind and online persona that it has led several victim children to suicide. Cyber-bullying was brought to light when Megan Meier’s suicide was attributed to cyber-bulling via MySpace.

Children are not the only possible victims of cyber-bullying; someone’s online persona is also a great target. An online persona is an important commodity these days; a Google search on someone’s name is almost the modern day resume. These online personas are part of a larger group of what I term Digital Natives. The Internet has simply amplified older techniques used by intelligence agencies and governments.

Attacking someone’s online persona or discrediting someone using their online persona could have horrific consequences.

With communication and social media, there are new attack vectors, and cyber-bulling can be taken to a new level, something I call “Digital Assassination”. Digital Assassination, which is not anything new per-say, takes old methods and some new methods to manipulate, embarrass, cause jail time, discredit associations, politicians, corporations, or (in some people’s minds) have the ultimate result by invoking someone to commit suicide.

I had an internal struggle about writing this post. I do not condone the methods I discuss, nor have I ever practiced them. I hope this posting is used merely as a mean to inform people and protect them from being victims, rather than encouraging unethical, illegal, or nefarious actions.

There are a lot of tricks to the SEO (Search Engine Optimization) trade. Most of them involve manipulating Google, embedding data on pages to cause Google to think your site is more important than another site. This is what I call “search engine de-optimization.” What if the same techniques used in SEO were used to power a disinformation (or smear) campaign designed to destroy or manipulate someone or something’s digital existence? What if those techniques were combined with hacking, social manipulation? The result is scary.

At first you may feel that the general concept seems somewhat “out there”, but let’s look at some of the possible implementations.

Blog Pressure and Disinformation

    If an attacker is trying to eliminate a movement or politician’s influence, what better way is there to do so than ruining the essence of the movement or tainting the politician’s reputation? Someone can hire a team of paid bloggers; say 150 of them, working in India. There are companies that provide small blogger armies (just Google “paid bloggers”). They all operate on the Internet as if they come from different parts of the world (via proxy servers to make it more convincing), and all they do is post negative sentiments.

    The more this is deployed, the more the victim’s name in Google becomes associated with these negative blog postings. Thus, a Google search for the victim reveals blog postings about how he or she is an alcoholic, child molester, a physical abuser, etc.

    This can be amplified by using mailing list postings and USENET.

    Taking that further, one can link each blog comment to each other and create a more articulated web of links, which will help Google optimize the data.

    Likewise, what if you wanted to start marital troubles for someone? The attacker could start posting about the victim on dontdatehimgirl.com or various places such as twitter:

    “This guy is an asshole, we met at a corporate dinner three years ago, have been having an ongoing affair, and he’s been telling me that he was going to leave his wife, now he just cut me off! I want to expose for who he really is.”

    Or

    “I met last week at the conference, it was an amazing, romantic whirlwind. Now I am pregnant he refuses to return my calls or emails. Help!”

    What’s worse is this could be used via Facebook or even via pure email to the wife. With a little Photoshop help, by creating fake caught-cheating photos, it may be a hard to disprove

    Taking the caught-cheating photos and placing them on various sites will also help Google cache them in images.google.com. Further, if the images are named after the person’s name, it will help them come up first in a Google search.

    Cheating can also be replaced with other actions like industrial espionage, bad associations (having dinner with people you should hate). Imagine photoshopped photos of a VP of a company handing documents to the CEO of a competing company.

Jail Time

    Another method requires a little more work and some hacking skills that some people may not have. Yet it’s one of the most powerful methods one could use. This method basically involves hacking someone’s computer or taking it over remotely, implanting a lot of child porn on the computer, and posting that same child porn on USENET with the victim’s real email address.

    USENET is patrolled so carefully for this type of material that the result would be an FBI agent’s knock on the victim’s door, jail time, public embarrassment, maybe a pile of felonies, and to top it off… everyone thinks the victim is a pedophile.

    There are other methods such as filling a USB Drive full of child porn and simply dropping it near the victim’s car where he or she may pick it up. The attacker then tips off the police.

    In essence, the attacker frames someone for a crime. With the anonymous nature of the Internet, Operating Systems, and general digital accounting, it’s easy to put these crimes on the shoulders of the victim.

Fake Logs

    Another vicious attack vector would be simply to make-up an attack. Create logs of someone uploading child porn to a web site, making fake posting to your blog threatening to kill the president, or just a fake hacking attempt. System logs are all text, so typing up a log that looks real would be very simple and law enforcement can use that information as evidence.

    If fake evidence is introduced, it could have more power than actually attempting to frame someone for a crime.

Rogue Disinformation

    Hacker groups, governments, terrorist groups, politicians, businesses, and other activist groups use the Internet to spread their propaganda, turning their web sites into recruiting machines.
    What better way is there to disrupt them by using disinformation to discredit and fragment the momentum?

    One can hack their web site, and rather than a full website defacement, only change the wording a tiny bit, just enough to turn people off. Doing so will make their followers go, “huh?” and it may take a while for the changes to be caught.

    As an example (which should never be done and is fictitious), on a Governor’s web page, there is usually an about section. Let’s just say the text officially reads, “People who know me know that besides faith and family, nothing’s more important to me than our beloved Alaska.”

    IF one were to change that text to read; “People who know me know that nothing’s more important to me than my liberal views and beloved Alaska. In my life, I reject faith and family.”

    If the site massaging is not detected, the new text would sit for a few weeks would spread some serious disinformation.

    It’s also possible to register web sites that appear to be supporting a victim, gather viewing, and then negatively morph the message over time. For example, register supportgovernorname.com, copy the full text and content from other governor support sites. Link the site in places such as Wikipedia and other political blogs. Once there is traffic and linking going directly to the site (people are reading it/using it), slowly morph the text to make her messaging appear negative. Using DDoS attacks to shutdown the official web site to force people to the alternative fake site would also help force people to your messaging.

    For “informal movements” such as “the anti-sec movement”, a few well-placed postings usually derail them quickly. I suggested in a previous post that their threat of finding exploits to OpenSSH may have been someone not with the anti-sec movement anonymously posting using their name as a smear campaign. This hurt their public reputation.

Moving on…

There are many other examples of using Digital Assassination to control situations. I’m sure my readers could think of many other methods of using the Internet to control people and movements. I would be interested in hearing these ideas and attribute them in this page.

What you see, read, and link to may not always be reality.

Share

Tags: , , , , ,
Posted in DDoS, Hackers, Opinion | 6 Comments »

Using Squid Proxy to Fight DDoS

Friday, July 24th, 2009



Complicated web applications are often difficult to scale, as a result they become easy DDoS targets. However, making them scale is easy with front-end proxy servers. The added scale gives an application more resiliency to DDoS attacks.


When setup correctly, the proxy “network” becomes the target of any malicious activity and can be placed globally while still keeping the original web application in same location for content.


This is by no means new, it’s been done all over the Internet and in some cases is the base of a bunch of different companies. This is just a simple tutorial that is meant to help people understand how this works.


Proxy servers can also be used with a dynamic caching function which can provide caching which will help increase the speed and functionality of the web site.

Positives:

  • Scales web server farms
  • Increases reach
  • Can accelerate a web site
  • Can provide additional security layers

    Negatives:

  • Adds an additional layer of debugging
  • Slows down long dynamic pages if they are not cacheable
  • Expensive to operate


    To start, I recommend using Squid Proxy version 2.7, it is available at http://www.squid-cache.org/


    After downloading the package, the vanilla build will suffice for most needs. You can use FreeBSD as the operating system and simply make install on the /usr/ports/www/squid package or build the package with a ./configure –prefix=/usr/local ; make install


    Often the prefix is /usr/local but determine what is appropriate for your OS.


    After the build has finished you will need to configure Squid, attached below is a sample configuration file:

    acl all src 0.0.0.0/0.0.0.0
acl DO_NOT_CACHE urlpath_regex -i cgi-bin \? asp php css js
acl manager proto cache_object
acl purge method PURGE
#
refresh_pattern .               0       20%     1440
#
http_access allow all
icp_access allow all
#
request_header_max_size 10 KB
#
cache_dir ufs /vol1/cachedir 512 16 256
#
visible_hostname supersite.com
pid_filename /var/run/squid.pid
#
cache_access_log /var/log/httpd/proxy-a_access.log
#
cache_mem 64 MB
maximum_object_size_in_memory 64 MB
#
httpd_accel_host virtual
httpd_accel_uses_host_header on
#
#
connect_timeout 30 seconds
#
emulate_httpd_log on
hierarchy_stoplist cgi-bin ? asp css js php
http_port XX.YY.ZZ.AA:80
http_port XX.YY.ZZ.BB:80
negative_ttl 60 seconds
no_cache deny NOCACHE

    The configuration options are all explained in the default configuration file, the only major items to change are the http_port list, which should be the IP address it should respond on and the cache configuration. Some sites may have special items that should not cache. Often css and js should cache, but for this example they are dynamic.


    The logs will be written to /var/log/httpd/proxy-a_access.log in a combined Apache style format.


    When starting the squid, you will need to create a /cache directory on the server, simply run:


    mkdir /vol1/cachedir
    chown squid /vol1/cachedir

    You will also need to Create swap directories so Squid can run:


    /usr/local/bin/squid –z


    You will also need to teach squid how to communicate back to your “real” or “backend” web farm, often the DNS for www points to the IP address squid is answering requests for, this can be done using the /etc/hosts file:


    XX.YY.AA.BB www.mysitedns.com


    Replace the example above with the real IP address of the web farm and the host entry you want to be used to reach the IP address.


    Once squid is running and answering requests (/usr/local/bin/squid -k reconfigure /usr/local/etc/squid.conf) and the cache is working, it tends to stay stable until the hardware fails or you become under DDoS attack, which may require some additional ACLs within the squid.conf or SYN cookies configurations on the OS itself.


    Scaling squid is also not very difficult, it’s possible to load balance a farm of Squid servers with any standard load balancer, and have the requests still return to the same web farm, which may or may not work with any given user authentication / sessions setup.


    Blocking a given attack in Squid is trivial, however, if there are hundreds of Squid servers to configure at the same time, this may require some special configuration management that could require some development effort.


    Often most attacks have an empty or mal-formed User-Agent, this simple ACL will block 99% of invalid User-Agent attacks:

    acl OK_BROWSER browser a b c d e f g h i j k l m n o p a r s t u v w x y z 1 2 3 4 5 6 7 8 9 0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
acl DO_NOT_CACHE urlpath_regex -i cgi-bin \? asp php css js
http_access allow OK_BROWSER
http_access deny all
http_access deny manager
http_access deny purge
icp_access allow all


    You can also create a deny filter by creating an ACL that will deny rather than allow, the above ACL requires the user to have an VARCHAR in their User-Agent, which is pretty wide, so denying a specific item can be done like this:


    acl BAD_BROWSER browser Attack-Bot


    Add the deny line as the first line in the http_access ACL:


    http_access deny BAD_BROWSER


    Blocking a specific URL can look like this configuration line (which is designed to block most malicious requests):


    acl BLOCK_URI urlpath_regex -i \.exe \.\./\.\. \.\.\. \.ida \.idq \.IDA \.cnf \.asp \.dll 333-3333 test999 passwd /etc \` boot \.exe cmd \./\./ filenumber \% \* \; SELECT \\\.\.\\ \/\.\.\/


    Configuration of connection rate limiting looks like:


    acl 8conn maxconn 8


    And blocking a specific source address prefix:


    acl ip_addr1 src 192.168.1.0/24


    Just ensure that the ACL that is created is also configured in the http_access deny/allow list properly. Squid also needs to be told to re-read the configuration file, this is done by sending squid a –k reconfigure flag which will simply reload the rules without impacting traffic.


    To enable reverse proxy of SSL with the Squid cache owning the SSL certificate, you can use a pem cert and the following configuration line:


    https_port IP:443 cert=/usr/local/etc/squid/certs/COMPANY/COMPANY.pem key=/usr/local/etc/squid/certs/COMPANY/COMPANY.key


    Good luck and happy calamari

    Share

    • Tags: , ,
    Posted in DDoS, Tutorial | 3 Comments »

    The Anti-Sec Non-Movement

    Wednesday, July 22nd, 2009
    A group calling itself “The Anti-Sec movement” released this statement over 48-hours ago:

    “In 48 hours, the anti-sec movement will publicly unveil working exploit code and full details for the zero-day OpenSSH vulnerability we discovered. It will be posted to the Full-Disclosure security list.”

    A number of people thought it was a joke, yours truly included. Yet there was a “what if” scenario which could have been ugly, so it should not have been completely ignored.

    The post to the Full-Disclosure security list may have been done to harm the reputation of the “movement”, something of a disinformation campaign. It also could be that they are just a bunch of script-kiddy kids.

    Anyway, for some mid-week entertainment, I put out an open call for Anti-Sec to use their new cool exploit to hack my personal server:

    “In fact, if it’s not FUD… use your uber cool 0-day sploit to hack my server please! blyon@blyon.com port 22. Prove it!”

    Of course the hack never happened, I had a few people trying to brute-force logins for accounts that did not even exist.

    HELPFUL TIP: Look, kiddies, if you’re going to try, at least use the username I provided to start with.


    I think anti-sec failed basic logic 1A, I mean… holy flawed logic Batman: In the ImageShack hack, their manifesto demands zero public disclosure on exploits, but then they contradict their own words by saying, “It [their OpenSSH exploit] will be posted to the Full-Disclosure security list.”

    As for their OpenSSH exploit: Anti-sec proved they have too much free time on their hands during the summer. The anti-sec movement needs to have a movement back to school. At least some people used it as an opportunity to cleanup their system configs.

    Share

    Tags: , , , ,
    Posted in DDoS, Hackers, Opinion | 3 Comments »

    OpenSSH owned?

    Monday, July 20th, 2009
    A group called “the anti-sec movement” which credits itself for hacking ImageShack about two weeks ago, and astalavista.com, could have possibly found the holy grail of exploit code: A remote exploit for OpenSSH.

    OpenSSH is an open source client/server protocol that replaced telnet (an unencrypted remote management tool), it’s what system administrators use to login to their Unix computers, phone switches, power management tools, serial consoles, routers, etc. It’s been running so long in the public that people trust it.

    In fact, in many cases it is much like a door to a house, just out there on the street and if you have the right keys, you can come in.

    The anti-sec movement has announced that in 48-hours they will release code which allows you to open any door on the Internet (if it’s visible).

    “Soon, the very foundations of Information Technology and Information Security will be unearthed as millions upon million of systems running ANY version of OpenSSH are compromised by wave after wave of script-kiddie and malicious hacker.”

    This type of hype happens every now and then, especially around the time of DEFCON (a large hacker conference in Las Vegas). It could be, and most likely is — FUD.


    In fact, if it’s not FUD… use your uber cool 0-day sploit to hack my server please! blyon@blyon.com port 22. Prove it!

    SANS also thinks it is FUD and they just put out a release about the “exploit”. Sounds like they feel it’s most likely a brute force user attack, which is pretty basic, old, and boring.

    If it is real, anti-sec said they will also be “unleashing powerful computer worm source code with the ability to automatically find and compromise systems running any and all versions of OpenSSH.”

    Meanwhile: Filter SSH, turn it off if you don’t know what it is, change the default port from 22 to something else, or enable TCP Wrappers.

    Let’s sit back and enjoy the show… if there is one.

    Here are some useful links:

    Share

    Tags: , , , ,
    Posted in Hackers | 2 Comments »

    The life of a Tweet

    Wednesday, July 8th, 2009

    This system is tracking the anatomy and life of a Tweet. I sent out the following Tweet on July 8 16:49:00 PDT:

    @BarrettLyon #RTME Click http://blyon.com/rtme and watch the realtime results the
    other RT/clicks! RT this as much as possible!

    The concept is simple, I wrote a stats engine to track the data of each user that clicks on the embeded URL in the tweet.

    As people click on the link and retweet, the data on this page populates and rows near realtime.

    What you are looking at now is 2 minutes from realtime results of the life of the Tweet.

    Tweet Click-Throughs by Time

    You need to upgrade your Flash Player

    Interactive Click-Throughs Map

    You need to upgrade your Flash Player

    Click-Throughs by Country

    You need to upgrade your Flash Player

    So far we’ve seen 95 countries:

    1. United States 1440
    2. Mexico 267
    3. United Kingdom 187
    4. Canada 132
    5. Singapore 126
    6. France 100
    7. Germany 96
    8. China 77
    9. Spain 68
    10. Brazil 68
    11. unknown 56
    12. South Africa 53
    13. Netherlands 49
    14. Australia 49
    15. Russia 47

    Click-Through Broswer Type

    You need to upgrade your Flash Player

    There have been 13886 different browser types:

    1. Firefox 3.5 4308
    2. Firefox 3.0 1925
    3. Safari 4.0 1196
    4. MSIE 7.0 1123
    5. MSIE 8.0 780
    6. MSIE 6.0 754
    7. Chrome 3.0 686
    8. Opera 9.80 264
    9. MSIE 8.0 (Media Center 5.0) 251
    10. MSIE 7.0 (Media Center 5.0) 249
    11. Firefox 2.0 182
    12. Chrome 2.0 168
    13. Mozilla 5.0 154
    14. MSIE 8.0 (Media Center 6.0) 144
    15. Mozilla 4.0 129

    User Profile Page Click-Throughs

    You need to upgrade your Flash Player
    1. Direct 13828
    2. barrettlyon 26
    3. jayadelson 11
    4. home 6
    5. dlprager 5
    6. fantomsurfer 2
    7. msherr 2
    8. cyberwar 1
    9. barrettlyon 1
    10. alexalbrecht 1
    11. cyberwar 1
    12. twitter 1
    13. timeline/home 1

    Retweets by ASN (network)

    1. 8151 180
    2. 8075 146
    3. 9506 119
    4. 14778 93
    5. 7132 75
    6. 19262 64
    7. 33651 61
    8. 1668 54
    9. 5713 51
    10. 22773 50
    11. 23724 31
    12. 15169 30
    13. 13448 30
    14. 14618 30
    15. 3352 29

    About the System

    There’s anti-game code in this, each click on rtme only counts once. One click, one vote!

    The stats should stay about 120 seconds behind realtime. Please send me comments, I can update the code anytime.

    Barrett Lyon creates fun companies that do all sorts of innovative exciting things with video and security.

    CDN cdn
    BitGravityBitGravity Barrett Lyon
    BitGravityBitGravity
    Barrett Lyon
    LimeLight Networks LimeLight Networks
    EdgeCast EdgeCast
    CDNetworks CDNetworks
    Consulting Consulting
    Speaker Speaking Opportunity
    Speaker Speaking Opportunity
    Content Delivery Network Content Delivery Network
    Content Delivery Content Delivery
    Flash Streaming Flash Streaming
    Interactive Video Interactive Video
    Live Streaming Live Streaming
    Live Video Live Video
    Streaming Audio Streaming Audio
    Streaming Media Streaming Media
    Video Delivery Video Delivery
    Video Hosting Service Video Hosting
    Video Podcasting Video Podcasting
    Video Podcasts Video Podcasts
    Video Services Video Services
    Video Streaming Video Streaming
    Barrett Lyon Barrett Lyon
    Barrett Lyon Barrett Lyon
    Barrett Lyon Barrett Lyon
    Barrett Lyon Barrett Lyon
    Barrett Lyon Barrett Lyon
    Barrett Lyon Barrett Lyon
    Barrett Lyon Barrett Lyon
    Share

    Tags: , , ,
    Posted in Twitter Research | 10 Comments »

    We are Digital Natives

    Saturday, July 4th, 2009
    A new class of person has emerged in the online world: Digital Natives. While living in San Francisco, I also live on the Internet. The Internet is now a place: a two dimensional world that has transcended the web; there is no government, and the citizens are Digital Natives. As Digital Natives, we are not people that only exist in a physical sense–we are something or someone metaphysically different. We are no longer just citizens of say, the United States; we are also citizens of the Internet.

    The concept of the Digital Native is a paradigm shift. In the past, there were movements, but not full worlds where one can exist and do as one pleases in parallel with their physical being. Some Digital Natives are deeply affiliated with all sorts of interests that bring them together organically: Piracy groups, massively multiplayer online games, open source software development, cracking encryption, etc. Others become deeply interested in movements such as Anonymous, the RBN (Russian Business Network), or even terrorist organizations.

    I’m not trying to say a Digital Native is better than someone unplugged in the Congo, I am trying to say they exist in a different social construct.

    Some Digital Natives may feel like their digital citizenship takes precedence over their physical citizenship. They choose not to define themselves by what country they live in but, rather, by what online movement(s) they are involved in. In these situations, what law does one live by? How are the actions of a Digital Native regulated? Governments don’t know how to react to, control, or assert power over them in these situations.

    Digital Americans are no longer just American citizens–they have a deep affiliation as Internet citizens as well.

    This scares the crap out of Governments all over the world, because they are ill prepared to deal with these situations. To government regimes that are comfortable asserting their control, this concept is terrifying. How do they counteract the changes online and the movements? Do they need to change their politics, defense, propaganda, and warfare?

    Apparently the U.S. Government thinks so. In June of 2009, under an order signed by Defense Secretary Robert Gates, the Pentagon announced it will create a Cyber Command to oversee the U.S. military’s efforts to protect its computer networks and have presence in “cyberspace”.

    Now even the US Military war machine is joining the world of Digital Natives.

    I’m a bit worried, not for us, but for them.

    Barrett Lyon creates fun companies that do all sorts of innovative exciting things with video and security.

    CDN cdn
    BitGravityBitGravity Barrett Lyon
    BitGravityBitGravity
    Barrett Lyon
    LimeLight Networks LimeLight Networks
    EdgeCast EdgeCast
    CDNetworks CDNetworks
    Consulting Consulting
    Speaker Speaking Opportunity
    Speaker Speaking Opportunity
    Content Delivery Network Content Delivery Network
    Content Delivery Content Delivery
    Flash Streaming Flash Streaming
    Interactive Video Interactive Video
    Live Streaming Live Streaming
    Live Video Live Video
    Streaming Audio Streaming Audio
    Streaming Media Streaming Media
    Video Delivery Video Delivery
    Video Hosting Service Video Hosting
    Video Podcasting Video Podcasting
    Video Podcasts Video Podcasts
    Video Services Video Services
    Video Streaming Video Streaming
    Barrett Lyon Barrett Lyon
    Barrett Lyon Barrett Lyon
    Barrett Lyon Barrett Lyon
    Barrett Lyon Barrett Lyon
    Barrett Lyon Barrett Lyon
    Barrett Lyon Barrett Lyon
    Barrett Lyon Barrett Lyon
    Share

    Tags: , , , , , ,
    Posted in DDoS, Philosophy | 3 Comments »

    Watch and Stream Cable TV with your Mac via FireWire!

    Wednesday, July 1st, 2009

    No home office is complete without some distracting TV to watch. Originally I was going to install a TV in my office, but I thought “I have this nice display, why do I need a TV?”. Well, after a little digging I did manage to get the FireWire feed off my Comcast box working well. This works for any cable box that has an enabled FireWire port, so this is not limited to Comcast.

    This works thanks to a 2004 FCC mandate which requires cable companies to provide a functional 1394 (FireWire) port on request. The main issue is that there’s no real easy instructions on how to attach to the FireWire port and control it with a Mac (until now).

    Once I found the right software, getting it all working was actually very easy. In fact, for technical people, it is less work than using a Slingbox.

    The instructions here are for the Mac, but there are some links at the end of this article to help the PC folks out there too. On Linux, I am sure this is a cakewalk because Video4Linux is very feature rich and attaching to the FireWire device is easy.

    Step 1 – Connect the Firewire

    Comcast STB Firewire ports This step is rather self-explanatory, but hey… every time I fly somewhere, someone tells me how to buckle my seatbelt. So, connect your Comcast box to your Mac via Firewire. You should find a Firewire port on the back of your Comcast box. On my Motorola DCT-6412 the Firewire is on the back.

    Step 2 – Install VLC

    Install the current version of VLC. You can find the most current DMG here. The install is very clean because the folks at the VideoLAN Project have really done a fantastic job creating a tier 1 product.

    Just install VLC and we’ll come back to it later.

    Step 3 – Install Apple’s FireWire SDK

    Download and install the FireWire SDK, it’s a bunch of developer tools, example projects, documentation, and other components that will really help you get this thing working. The actual “example” tool kit we need is called the AV/C Device-Control Panel.

    First download the SDK by following this link: Apple Development Kits. This requires an Apple developer account. The kit you want to download is 39.6 MB large and is called, “FireWire SDK 26 for Mac OS X (DMG)”.

    Download and install the SDK. It will create a new directory called “Developer” which you should be able to locate via Finder. Inside Developer is another directory called, “Applications”, and inside there is “FireWireSDK Applications”.

    The full path is: /Developer/Applications/FireWireSDK Applications

    You should see an application called AVCBrowser, just double click that.

    Once the AVCBrowser is open, you should see your STB appear on the list. In my case it looks like this:



    Simply click on “Open Device-Control Panel”.

    This should bring up another window that looks like this:



    Click on the “Panel” tab and click “Open Device”, followed by “Start Viewer”:



    Once you click “Start Viewer” it should create a socket for VLC to attach to the FireWire device and launch VLC. Within seconds you should see whatever channel your STB is tuned to.



    Using the panel you can change channels, adjust volume, etc!

    Step 4 – Experiment and Enjoy!

    VLC is a feature rich application which works very well for this type of use. There are a few things you might want to play with before settling down with “it works”.

    Streaming

    VLC has a fantastic Streaming/Transcoding Wizard which will allow you to re-broadcast (stream) your feed.

    When streaming your TV, it makes a Slingbox obsolete. Just export the stream to your lan or to the Internet using Multicast or a variety of other interesting streaming methods.

    There is a fantastic tutorial on how to stream using VLC here.

    I highly suggest you play with this. If you have a dedicated Mac powering your stream, you can export the stream and watch TV around the house/office over wifi.

    Interlaced video

    Comcast also tends to broadcast their channels interlaced, thus enabling the de-interlace option in VLC is a good idea, I usually use “BOB” as the de-interlacing method.

    DVR/save shows

    There’s a very easy tab within VLC which will allow you to both save and stream a feed. Likewise you can also just save what you’re watching. Just look for the “Streaming/Saving” option in “open network”. The Streaming/Transcoding wizard will also let you “Save to file”.

    Good luck!

    If you have improvements, suggestions, or additional how-to data, I will be happy to post them here with credit to you.

    Also please comment or email me your results, I would love to know if this helped people.

    Other useful links:

  • Replay Guide Windows Directions
  • MythTV Cable Boxes which support FireWire
  • Comcast Channel Listings
  • Video4Linux Wiki

    Barrett Lyon creates fun companies that do all sorts of innovative exciting things with video and security.

    CDN cdn
    BitGravityBitGravity Barrett Lyon
    BitGravityBitGravity
    Barrett Lyon
    LimeLight Networks LimeLight Networks
    EdgeCast EdgeCast
    CDNetworks CDNetworks
    Consulting Consulting
    Speaker Speaking Opportunity
    Speaker Speaking Opportunity
    Content Delivery Network Content Delivery Network
    Content Delivery Content Delivery
    Flash Streaming Flash Streaming
    Interactive Video Interactive Video
    Live Streaming Live Streaming
    Live Video Live Video
    Streaming Audio Streaming Audio
    Streaming Media Streaming Media
    Video Delivery Video Delivery
    Video Hosting Service Video Hosting
    Video Podcasting Video Podcasting
    Video Podcasts Video Podcasts
    Video Services Video Services
    Video Streaming Video Streaming
    Barrett Lyon Barrett Lyon
    Barrett Lyon Barrett Lyon
    Barrett Lyon Barrett Lyon
    Barrett Lyon Barrett Lyon
    Barrett Lyon Barrett Lyon
    Barrett Lyon Barrett Lyon
    Barrett Lyon Barrett Lyon
    Share

    • Tags: , , , , , ,
    Posted in Tutorial | 14 Comments »