Password Extraction

[agg23]

I'm glad to see all of the progress you've made in reverse engineering the Slingbox protocol. Do you have any thoughts for how to extract admin passwords, particularly after Nov. 9, 2022? This would go a long way to keeping Slingboxes operational into the future.

[GerryDazoo]

the link is in the readme.
"https://newwatchsecure.slingbox.com/watch/slingAccounts/account_boxes_js" But I don't think this will work after Nov 9. A factory reset might let you set the password BUT I don't know if it will work after NOV 9.

[agg23]

Yes, I know about that method. I was wondering about in an offline/post Nov. 9th capacity. At very least, I wonder if they have pinned certs (particularly the oldest boxes), or if they would be susceptible to MITM for initial setup and deriving the admin password.

[GerryDazoo]

I don't think a MITM would be successful. Their security is a little better than that. I know you can set the password on a Solo box but not on more recent hardware.

[GerryDazoo]

Let's hope the password/account info doesn't all disappear in Nov.

[Toei79]

idk how describe my situation. i just see this github to find you able to do this.

i have two im trying with 350. the situation its i cant get it work, i check and i still have old passwords save on firefox in my old hard drive but when i check i get this error

so if after november 9 you dont make nothing its a lost cause?

[GerryDazoo]

The "old passwords" are incorrect. If your looking at firefox then you're probably looking at the password for your sling account and not the passwords for your slingboxes. There's a couple of threads here on how to recover passwords from the sling player console logs. So there's a good change you can get this going.

[Toei79]

The "old passwords" are incorrect. If your looking at firefox then you're probably looking at the password for your sling account and not the passwords for your slingboxes. There's a couple of threads here on how to recover passwords from the sling player console logs. So there's a good change you can get this going.

well i reset , idk where find a thread i see one where mention someone find a way for 350-500 but not more info

i ending do a reset, so i use admi thing password and works, but i only getting audio no video signal. i able to login to my account but i cant setup anything, i have one 350 , im guessing its in component side and not on composite signal but video its 640x XXX then idk about if its that the case.

[GerryDazoo]

You should not have done a reset.

[Toei79]

You should not have done a reset.

well then sounds bad i guess. :/

i just checked someone did on reddit with one 500 and i though was safe but i get some initializing on sling app for pc.

im thinking its on component instead composite need try with composite.

[Toei79]

i have three units two 350 and one sb300 so far i only touch this one.

[GerryDazoo]

You won't be able to use the web remote. :-( But streaming should work.