Results 1 to 1 of 1
  1. #1
    DF Super Moderator DJ Overdose's Avatar
    Join Date
    Jul 2001
    On da decks.
    Thanked:        2,429
    Karma Level

    Tech Defeating the Infomir/MAG Portal blocking

    Not my work, but found this on Reddit and it may be of use to some folks here
    I've spent the last few days digging around with Wireshark + custom firmware to see how this was working, and it turns out it's quite simple and can be removed from all current firmware on all models that I've tested (250/254/256/322/324). We could, as people currently are, keep changing portal URLs - but this is not sustainable and as the box is phoning home on every boot, is more than likely just making it easier for Infomir to just re-block on the next wave of updates to the blacklist.

    At boot the box performs the following:

    • DNS lookup for NTP server
    • Contact all NTP Servers found
    • Executes the script /etc/rc.d/rcS.d/S98stbapp (which then launches stbapp - the browser that displays your portal)
    • DNS lookup for mag???
    • Encrypted communication with mag???
    • Saves result of this communication as /mnt/Userfs/data/dls.backup
    • Displays portal selection page
    • If portal is blocked, it then loads and displays the error message (which is stored in the javascript for the Inner Portal - so we can edit this if we choose)
    • Otherwise load portal as normal

    Once dls.backup is stored in the box, it will continue to block all currently known portals on the blacklist even if Infomir's server is unreachable. /mnt/Userfs is not wiped on firmware restore either, so it will persist between versions unless we wipe it. This means we have two tasks to perform:

    • Patch stbapp OR the hosts file to block the blacklist server
    • Erase dls.backup to prevent cached lookups

    Personally I favour patching stbapp, as this ensures it's impossible for it to somehow slip through (since it'll be looking for the wrong server.) But in the current firmware versions both methods seem effective. Both of theses tasks CAN be done by hand, but the easiest way (especially for larger providers) is to build a custom firmware that users can just load from a USB that will both patch the problem and prevent Infomir from pushing any more automatic updates to that box. For those comfortable making the change and would rather do it themselves the details are below. If people need them, I can build patched firmware for the boxes that people need, but won't have the time to build and upload them before probably Sunday evening.
    To edit the hosts file (/etc/hosts) add the following line (replace mag324 with the correct model for you):

    To patch stbapp, open /usr/local/share/app/stbapp in a HEX editor, search for

    and make ANY change to the domain name (without changing the length AT ALL)

    Finally to ensure that the dls.backup will be deleted after flashing your custom firmware than add the following line to

    /mnt/Userfs/data/dls.backup before the line that launches stbapp:

    rm /mnt/Userfs/data/dls.backup

    If all the above has been done correctly, then all previously blocked portals will now be accessible again, and no future blocks will have any effect either.

    The info above is ideally designed to be done as part of the process of compiling a custom firmware. If you want to do it directly on the box then you can access it using an SSH client (such as PuTTY)
    You connect to the IP of your box using your SSH client with the following details:

    Login: root
    Password: 930920

    Infomir's factory images disable SSH, so if you can't connect then you'll need to flash your box with a firmware from (
    Browse to the page for your specific model of box, and download the file named "imageupdate"
    Place that file on a USB stick (which must be formatted as FAT32. MAG254 and earlier can be picky about which sticks they recognise, you may need to try a few - don't use USB3.0 sticks) in a folder named after your box model (eg mag256) and then reboot your box while holding down the menu key on the remote. This will take you into the setup menu

    Select Upgrade Tools
    Select Upgrade from USB

    That should flash your box with a firmware that allows console access.
    Once you get in via SSH, run the following commands to do a quick and dirty patch:
    echo >> /etc/hosts
    rm /mnt/Userfs/data/dls.backup
    reboot && exit
    Obviously as in the instructions above, replace mag256 with whatever model of mag you have. This isn't (in my opinion) as good of an option as a custom firmware since it won't auto-purge the cache if it somehow comes back, or block automatic updates (so make sure you disable automatic updates yourself BEFORE you take the box online after flashing it)
    My hope is that providers will start offering custom firmware to their end users, which will simplify life greatly.

    Link to the custom firmwares:!ccUUxAhS!Gw83gbooR...FvxWQFvBBrgDH0

    DJ OD
    Last edited by DJ Overdose; 21st January 2019 at 10:12 AM.

Social Networking Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts