Sunday, February 21, 2016

Extracting images from Crestron Airmedia communication

Few years ago, my school decided to put up bunch of TV's with Crestron Airmedia so students could share their screens. I decided to see if I could do anything interesting with them(take over the broadcast for example :-D). All the stuff below is from me trying to mess with Crestron Airmedia. I didn't find anything that I could use to do fun things but I learned something in the process.

I may or may not look at Airmedia software and communication again. Depends on how bored I get.

More information about Crestorn AirMedia:
http://www.crestron.com/products/airmedia_mobile_wireless_hd_presentations/index.html?from=www.crestron.com%2Fairmedia

http://www.crestron.com/resources/product_and_programming_resources/catalogs_and_brochures/online_catalog/default.asp?jump=1&model=am-100

First, I nmapped the IP address.


Port 80 and 443 are for downloading application (which allows you to share your screen), management, and remote view (you don't have to look at the TV screen, you can also view shared screen via browser)

I started doing packet capturing and filtering some of the stuff.

I noticed that ports 3268 and 289 were used by the desktop app to communicate. The desktop app sent wppaliveROCK and the server replied with wppaliveROLL.

Port 515 is used by the server to receive screen/screen updates from user's computer.

Their datasheet or configuration document has more information about these ports.







Here's the correct code being sent. This doesn't really matter because as soon as the person disconnects, the code changes.



Computer starts using port 515 after the connection is done. At the time, I was new to forensics or any type of file analysis. I noticed JFIF, instead of realizing it was jpg, I Googled it and found out that it was jpg.



(source: GaryKessler.net)

I decided to figure out how to extract images automatically.
I was familiar with python and had heard of scapy before.
I knew that part was 515 and I learned about binascii library while researching.

from scapy.all import *
import binascii

pcap=rdpcap("correct_pcap.pcap")

allthestuff = ""

for i in range(len(pcap)):
    if (pcap[i].dport == 515):
       dstpacket = pcap[i]
       if Raw in dstpacket:
            allthestuff = allthestuff + str(pcap[i].load)

startaddr = ''
endaddr = ''
startaddrlist = []
endaddrlist = []

for i in range(len(allthestuff)):
        if (i > len(allthestuff)-4):
                break
        else:
                if (binascii.hexlify(allthestuff[i] + allthestuff[i+1] + allthestuff[i+2] + allthestuff[i+3]) == "ffd8ffe0"):
                        startaddr = i
                elif (binascii.hexlify(allthestuff[i] + allthestuff[i+1]) == "ffd9"):
                        endaddr = i+2
                        startaddrlist.append(startaddr)
                        endaddrlist.append(endaddr)



for i in range(len(startaddrlist)):
 outfile = open("img"+str(i)+".jpg", "w")
        outfile.write(allthestuff[startaddrlist[i]:endaddrlist[i]])
 outfile.close()

print "done extracting images"

Here's the output:





4 comments:

  1. This comment has been removed by a blog administrator.

    ReplyDelete
    Replies
    1. Hello all
      am looking few years that some guys comes into the market
      they called themselves hacker, carder or spammer they rip the
      peoples with different ways and it’s a badly impact to real hacker
      now situation is that peoples doesn’t believe that real hackers and carder scammer exists.
      Anyone want to make deal with me any type am available but first
      I‘ll show the proof that am real then make a deal like

      Available Services

      ..Wire Bank Transfer all over the world

      ..Western Union Transfer all over the world

      ..Credit Cards (USA, UK, AUS, CAN, NZ)

      ..School Grade upgrade / remove Records

      ..Spamming Tool

      ..keyloggers / rats

      ..Social Media recovery

      .. Teaching Hacking / spamming / carding (1/2 hours course)

      discount for re-seller

      Contact: 24/7

      fixitrogers@gmail.com

      Delete
  2. Such a strikingly basic article.I basically wish to offer a creature proceed for the standard data you have perfect here on this post.
    extract images from pdf online

    ReplyDelete
  3. Hello Everyone !

    USA Fresh & Verified SSN Leads along with Driving License/ ID Number, AVAILABLE with 99.9% connectivity
    All Leads have genuine & valid information.

    **DETAILS IN LEADS**
    First Name | Last Name | SSN | Dob | Driving License Number | Address | City | State | Zip | Phone Number | Account Number | Payday | Bank Name | Employee Details | IP Address

    *Price for SSN lead $2
    *You can ask for sample before any deal
    *If anyone buy in bulk, we can negotiate
    *Sampling is just for serious buyers

    ==>ACTIVE, FRESH CC & CVV FULLZ AVAILABLE<==
    ->$5 PER EACH

    ->Hope for the long term Business
    ->Interested buyers will be welcome

    **Contact 24/7**
    Whatsapp > +923172721122
    Email > leads.sellers1212@gmail.com
    Telegram > @leadsupplier
    ICQ > 752822040

    ReplyDelete