Some stuff around Orange, the ugly ISP

[image: the Orange logo]

Information given here may be out of date.

(English in there not very correct, maybe.)

Here come somes hacks with an Orange home connection. I have an optical fiber thing.

Some stuff may not work, maybe I forgot things. Get in touch.

Connection setup

The wall has an optical fiber connection.

In it is plugged an optical<->ethernet modem.

This modem is connected to the livebox with an ethernet cable.

A computer is connected to the livebox with an ethernet cable.

A TV decoder is connected to the livebox with an ethernet cable.

The livebox is V2, I think.

The TV decoder is UHD 87.

It is possible to directly plug a computer to the modem.

It is possible to put a computer with two ethernet ports between the modem and the livebox.

It is possible to put a computer with two ethernet ports between the livebox and the TV decoder.

The TV decoder has an IP of

The computer has an IP of

The computer has a GNU/Linux system (ubuntu 12.10, laziness).

Capture traffic

To capture traffic, use a computer with two ethernet cards and configure it as a bridge.

My computer has only one ethernet port, but it has USB and I have a mini2440 with USB and ethernet. I made a system for the mini2440 to become a USB-ethernet bridge, plugged in an USB port of the computer.

Download that, unzip somewhere, then get that unzip it at the same place, build the thing and put nor.bin in the NOR memory of the mini2440. I didn't test much, it may fail. Ask me. Here is a pre-compiled nor.bin image.

Since I'm a noob with network, I had to write a userland program to capture traffic on eth0 and usb0 and be a bridge. I tried brctl but it did not work. I'm a noob. See the dirty hack mini2440-2.0/data/c20/c20.c.

Then on the computer, run bridge.c (as found in mini2440-2.0/data/c20/bridge.c). There again, maybe you can configure with whatever tool to have a bridge.

Then launch wireshark or whatever and record the traffic.

HELP WANTED: how can I configure the linux kernel to act as a bridge? Userland stuff for that is overkill.

Between livebox and modem

If you put your computer between the livebox and the modem then you get the full traffic entering/leaving your house.

You will then see that they use 802.1Q to partition various traffics. Internet is on eth0.835. TV is on eth0.840. SIP is on eth0.851.

Between TV decoder and livebox

Putting the computer between the TV decoder and the livebox captures the TV decoder traffic. Nothing special here, plain IP.

Internet without livebox

Here is how you access the internet without the livebox.

The computer is directly plugged in the modem.

You need to configure PPP. Run pppoeconf and give your username/password. I saved as "dsl-provider". Here is the content of the file /etc/ppp/peers/dsl-provider (username removed):

# Minimalistic default options file for DSL/PPPoE connections

#lcp-echo-interval 30
#lcp-echo-failure 4
#mtu 1492
#maxfail 0
#holdoff 20
plugin eth0.835
user "XXX"

Then you must:

modprobe 8021q
vconfig add eth0 835
vconfig add eth0 840 (for TV streams)
ifconfig eth0.835 up
ifconfig eth0.840 up
pon dsl-provider

To check connection status, run "plog".

To end the connection, run "poff".

I had to copy /etc/ppp/resolv.conf to /etc/resolv.conf.

Take care. No firewall, no nothing. If your computer has a crappy system, people from the world may own it easily.

On the other hand, you can put whatever server you want just as easily.

TV on computer without livebox nor TV decoder

To watch TV, the computer sends an IGMP V2 join message to the channel and the stream is then multicasted to the computer.

Note that methods here don't work for crypted channels.

Detect channels

(I think you can adapt that for a detection while connected to the livebox. Not tried though.)

First thing to do is to detect available channels.

Channels are on 232.0.X.X (as far as I know). Just send IGMP join messages for all the IPs in there (65536). It took two hours with 10 messages/second. You may then re-run a slower check (1 message/second) for specific ranges, some join messages may have been lost.

Get that. Compile.

Maybe you will have to edit things. The files *.h come from wireshark captures of IGMP traffic between the modem and the livebox while the TV decoder is on and I switch channels.

You also need nemesis 1.4 (which needs libnet 1.0.2a). Local copies: libnet-1.0.2a.tar.gz If you can't compile those, ask.

You run:

./detect-tv > /dev/null

Then in another shell:

./probe-tv > /dev/null

In the end, you get a file FOUND with the found channels. Some of them will send encrypted stuff. Some will work only at some hours of the day (think Canal+). You will use vlc or whatever to check that (took me several hours). You also need to check what UDP port they use. Normally it's 8200 but I've had streams on 8208 (crypted though) (I guess). Use wireshark or whatever.

HELP WANTED: better detect-tv and probe-tv, without the need for nemesis.

Watch TV: method 1, barbarian

No need to touch the route tables, no need for eth0.840 up.

Hum, not sure for route tables, maybe you need:

route add -net netmask lo

I tried to run:

vlc rtp://

But not working. Linux sends IGMP v3 stuff instead of V2. So I made my own sender, using c.c (used in detection step) and captured stuff with wireshark. See

You need to adapt it, there are hardcoded paths. To watch rtp://, you do:

./ 4000 8200 1 2

4000 is the local UDP port to use. You can put something else.

"sudo" asks for your password. I first do a "sudo bash" then back out of root and then "sudo" does not ask me the password (for a few minutes). The script is ugly, so this behavior is necessary.

In short, I create a IGMP v2 join packet that I will send every 20s as long as I want to watch the channel. bridge-tv listens to the traffic on eth0 and throws all RTP stuff for the chosen channel back locally on UDP To watch I run vlc rtp:// (4000 is a parameter and may be changed, to watch several channels at the same time).

When I'm done, I send an IGMP v2 leave.

The script is very ugly, but things work.

Since it's barbarian, forget it and go next method. (I'm a network noob.)

Watch TV: method 2, less barbarian

I'm a noob with network. It didn't know about /proc/sys/net/ipv4/conf/*/force_igmp_version nor /proc/sys/net/ipv4/conf/*/rp_filter nor VLAN priority settings. By using them correctly, no need for any script at all and launching vlc just worksTM.


ifconfig eth0.840 up
route add -net netmask eth0.840
for i in `find /proc/sys/net/ipv4/conf -name rp_filter`; do echo 0 > $i; done
echo 2 > /proc/sys/net/ipv4/conf/eth0/force_igmp_version
echo 2 > /proc/sys/net/ipv4/conf/eth0.840/force_igmp_version
vconfig set_egress_map eth0.840 0 5

(Not sure about the IP, but that works. Check your wireshark sniffings. Not sure if both force_igmp_version are required, maybe only for eth0.840 is enough.)

The last line is important. IGMP join and leave messages must have priority 5 otherwise we are not accepted in the multicast group.

And now, just run:

vlc rtp://

TV on computer with a livebox

With method 3 below, you can get completely rid of a TV decoder.

Method 1, barbarian

The TV decoder talks to the livebox with no VLAN. So no need for eth0.840.

We must send IGMP packets with IP of TV decoder. This is what does. Get that, compile c.c and leave.c, adapt and go. You also need nemesis (see above).

But it's barbarian, so forget it and go next method. (I think I'm a network noob.)

Method 2, less barbarian

The problem solved by above solution is that the IGMP traffic must have IP of TV decoder. As a network noob, I didn't know about virtual networks (eth0:1 for example). With it, no need for

So add a virtual network with the IP of the TV decoder and route multicast traffic to it. We need the rp_filter and force_igmp_version stuff too.

ifconfig eth0:1 up
route add -net netmask eth0:1
for i in `find /proc/sys/net/ipv4/conf -name rp_filter`; do echo 0 > $i; done
echo 2 > /proc/sys/net/ipv4/conf/eth0/force_igmp_version

The IGMP join messages are okay, but not the leave. Those are sent with IP of computer, instead of, as asked by the route thing. Why? (Did I already say I am a noob with network?)

So I wrote igmp-relay.c, that you run as a daemon. It listens to leave packets and sends correct ones (may not work on your host, big dirty hack).

HELP WANTED: why the IGMP leave message is not sent with IP address but with even if I route IGMP traffic to eth0:1?

Method 3 - we're getting there

Someone analyzed the DHCP sent by the TV decoder. It sets the option "user-class".

So for me (ubuntu), I edit /etc/dhcp/dhclient.conf and add the following line:

send user-class "PC_MLTV";

Then I run:

dhclient eth0

And all works. No need for igmp-relay.c anymore. IGMP version may have to be forced to 2, and the rp_filter thing may be needed as well, as for method 2. I did not reboot to test with a clean session.

And you can get rid of the TV decoder. But you only have the clear channels. The crypted one use something called VIACCESS I think. Maybe it has been cracked. (If you cracked the thing, send me an HOWTO for my own benefit. I obviously won't publish the thing for them to keep using it and those-who-know to watch unauthorized TV channels for free.)

About vlc

A simple playlist.m3u:

#EXTINF:0,1 - TF1
#EXTINF:0,2 - France 2
#EXTINF:0,3 - France 3
#EXTINF:0,4 - Canal+
#EXTINF:0,5 - France 5
#EXTINF:0,6 - M6

VLC keyboard shortcuts:

Note: the quality of some channels really sucks. We need "deinterlace" thing. Even with that, it might be ugly. It depends on the deinterlace algorithm used and who you are and what you see and can accept. See that.

Here comes a little screenshot.

Deinterlace off:
[image: deinterlace 'off' example]

Deinterlace on (blend):
[image: deinterlace 'on' example]

The text is moving from right to left at constant speed.

For me, I like Yadif or Yadif (2x). But not perfect. Life.

Web TV with GNU/Linux

Recent VLC has support for smooth streaming, but that does not work well.

I wrote a little bridge program to get the "smooth streaming" best quality stream available and throw it locally to a modified vlc (so that it won't change quality at runtime). Ultra-hackish, so I won't release.

What to really do is to improve vlc. I won't do that.

Or write a better bridge that throws an MP4 stream to get rid of this "smooth stream" bullshit. Just add a moov box based on the manifest file and then append the moof boxes you receive might work. Maybe.


To be written. (This is SIP with VLAN eth0.851.)

Random hacks

wanip.c: runs a command each time the WAN IP of your livebox changes. Requires miniupnp. I needed it to work with (some sort of dyndns). adds a NAT rule to redirect the external port 25 to port 8000 of a given internal IP. That thing talks to the livebox with HTTP, so it may fail to work for you because the protocol may be different in your case or have changed since I released it. I set up a very simple SMTP server on my computer and my internal IP address sometimes changes and I'm too lazy to go to the web console to update the NAT rule. You may change the ports to adapt to your needs. I first wrote port.c but the livebox does not accept to set NAT rules with UPnP IGD for privileged ports as it seems. (Note that port.c is not finished, put here in case I need it at some point in the future.) Security reason? Let me laugh...

lanip.c runs a command whenever your local IP changes. Useful to automatize the use of

To do

Crack the VIACCESS thing to watch all the TV channels. Try some man-in-the-middle stuff, the TV decoder connects with HTTPS to various hosts. Maybe we can pretend to be them, I don't know. HTTPS is immune to man-in-the-middle, no? What? Yes, I'm a network noob.

Direct connection and smtp connection to non-orange smtp hosts (does not work with livebox).


Created: Thu, 29 Nov 2012 15:32:50 +0100
Last update: Thu, 25 Sep 2014 16:51:37 +0200