After reading through old posts I realized that it's sending a heartbeat http request to https://services.openpeak.net/dms/devic ... MACADDRESS
The heartbeat rate seems to vary between a few seconds and a few minutes, it seems to slow down if it fails and run fast if it works.
@roobarb! posted the default response in another thread:
Code: Select all
<?xml version="1.0" encoding="UTF-8"?>
<command><postDeviceDetails url="https://services.openpeak.net/dms/postDeviceDetails/12344844" method="post" /></command>
Code: Select all
<postDeviceDetails url="https://example.com/deviceDetails" />
Code: Select all
<downloadFirmware mode="" reboot="">
<downloadURL>http://example.com/firmware_file.ext</downloadURL>
<successURL>http://example.com/success</successURL>
<failureURL>http://example.com/failure</failureURL>
<notesURL>http://example.com/notes</notesURL>
</downloadFirmware>
Code: Select all
<mediaDisplay contentType="application/x-shockwave-flash">
<mediaURL>http://example.com/media.swf</mediaURL>
</mediaDisplay>
Code: Select all
<motd />
Code: Select all
<remoteExec commandId="1" timeout="5">
<callbackURL>http://example.com/callback</callbackURL>
<shText>cp /mnt/sda1/passwd /etc/</shText>
</remoteExec>
Code: Select all
<publishMessage channel="" />
Code: Select all
<configuration>
<device>
<telnetEnabled>true</telnetEnabled>
</device>
</configuration>
I've only tested postDeviceDetails, configuration and remoteExec.
To enable telnet, I first set up a web server and a DNS server to forward requests to services.openpeak.net to my web server.
I created a file on the server called /dms/device/heartbeat
Then, to enable telnet I put this in the file:
Code: Select all
<?xml version="1.0" encoding="UTF-8"?>
<command>
<configuration>
<device>
<telnetEnabled>true</telnetEnabled>
</device>
</configuration>
</command>
I copied the file to a USB stick, edited the file on another computer and copied it back, using a combination of there commands in remoteExec:
Code: Select all
umount /dev/sda1
mount -t vfat /dev/sda1 /mnt
Code: Select all
cp /etc/passwd /mnt/
Added the following line to the end of the file:
Code: Select all
letmein::0:0:root:/:/bin/sh
Code: Select all
cp /mnt/passwd /etc/
After this I could log in using telnet with username letmein and no password.