Hacking devices can/will void your warranty and can turn your expensive consumer electronics into worthless trash if you don't know what you're doing. This blog is for information purposes only, and if you try to hack into your own consumer electronics, you do so at your own risk. The device I'm currently hacking is the Canon SX10 IS camera.

Saturday, November 29, 2008

An easier way

This didn't seem like a productive time while working on my ScreenPlay Pro.

I have found several other methods for modifying the contents of the first partition. But I'll spare you the story and give the simplest and easiest way, which is going to make it much easier for others to do.

TELNET into the drive using root as the username (no password)
mount -o remount /dev/root /

that's all. That remounts the root as a readable / writable drive.

So I created a couple of CGI scripts to make it easy to transfer stuff onto the drive. First, I created a www directory and a www\cgi-bin directory on the NTFS drive. Then I navigated to /tmp_orig/www/cgi-bin and using vi created a file called copyhere
Here's the contents:


cp /usr/local/etc/dvdplayer/hdd/volumes/HDD1/www/* /tmp/www
cp /usr/local/etc/dvdplayer/hdd/volumes/HDD1/www/cgi-bin/* /tmp/www/cgi-bin
chmod 775 /tmp/www/cgi-bin/*

then I remounted the drive read-only using:

mount -o remount -o ro /dev/root /

and exited out of telnet.

What that enabled me to do is to place anything I want copied into the www and www/cgi-bin directories on the drive by simply putting them onto the NTFS partition from windows, then bringing up the browser and going to:
(replacing x.x.x.x with the IP address of the drive, of course) it automatically copies the contents to the www and cgi-bin directories and makes the cgi-bin stuff executable.

Now as I compile, I can add stuff to the drive easily. I also created another CGI script to allow me to execute a series of commands on the drive. That script is a little more complicated, because I made a full HTML form output with an input box to enter the commands in. The whole purpose of this is when my two computers are occupied, I can still hack into my screenplay pro using my Wii. It runs everything I enter as root.

Anyway, even though this is an easier way to do this, if you are just getting started I still heavily recommend making an image of the ext3 partitions before starting.


  1. Hey! I want to look onto my Screenplay HD (not the Pro), but i never worked with Telnet. Could you tell me, how to make the connection in telnet?

  2. Not sure on the ScreenPlay HD. If it is the same kind of structure, then the easiest way would be to use Ext2fs driver (available free on the net) so that you can mount the OS partition, then go into the /etc/inetd.conf file and uncomment the # before the telnet command. You would need to use a tool like Notepad++ (also available free on the net) to modify it without converting LF to CR/LF. Anyway, if your drive already has Telnet on there, that would enable it. Otherwise, you've got a long path to go down, including compiling a telnet for it.

  3. hi, i have an hd-pro and use my lacie internet storage as extra hdd. the only thing that really s*cks is the net password. so the hd pro uses Realtek_guest as user and realtek_pw as password. my lacie cannot handle a password without a number in it. is there a way to change this realtek_pw password?

  4. The Realtek_guest and realtek_pw are embedded in the DvdPlayer binary. Use a tool like HxD to edit the DvdPlayer binary, find the realtek_pw and change the password to realtek_1w (so you use the same number of characters).

    Alternatively, you could have it do a cifs type mount after a brief delay in the startup scripts (to give it time to recognize the network). Having never done this myself, I can't tell you how to do that, but if I figure it out, I'll be sure to post it on my blog.

  5. Ok, that didn't take long. You have to create a directory on the ScreenPlay media drive where you will host the network connection *permanently*. After you've done that, go to the /usr/local/etc directory and add to the rcS file:

    mount -t cifs // /tmp/hddmedia/mountdir -o user=username,password=pass

    replace the with the IP address of whatever device you're trying to connect to, and dir with the shared directory name, and mountdir with the directory name you created on the screenplay, username with your user login name and pass with the password.