Set-top box Hacking: freeing the 'Freebox' (39c3)

What this episode covers

The French ISP 'Free' was the first to introduce a set-top box in France in 2002, named the Freebox. Four years later, the fifth version of the Freebox was released and distributed to customers. It comprises two devices: a router, and a PVR called the Freebox HD, both running Linux. The Freebox HD had innovative features at the time, such as live television control and HD capabilities. Such a device has a lot of potential for running homebrew, so I decided to hack it. I present how I got arbitrary code execution on the Freebox HD and then root privileges, using a chain of two 0-day exploits, one of which is in the Linux kernel. I then analyze the device, run homebrew software, and explain the structure of the ISP's private network that I uncovered while exploring the device. The Freebox HD is a set-top box with media player capabilities designed and built by the French ISP 'Free' in 2006, and distributed to customers since (including me). It is still in use and will be maintained until the end of 2025. When I got it, I wanted to run homebrew software on it, so I decided to reverse engineer it. The initial goal was to get arbitrary code execution. The Freebox HD being largely undocumented, this talk shows the full process of reverse engineering it from scratch: * Initial visual inspection * Disassembly and inspection of the insides * Attack surface analysis and choice of the target * Search and exploitation of a vulnerability in PrBoom (a Doom source port running on the Freebox HD) * Analysis of the Linux system running on the Freebox HD * Search and exploitation of a Linux kernel exploit to escape the sandbox and gain root privileges * Decryption and dump of the firmware * Analysis of the Linux system and the programs of the Freebox HD * Playing with the remote control capabilities * Reverse engineering of the private networks of the ISP The two exploits used to gain full root access were both discovered for this specific hack, which makes them 0-day exploits. The analysis leads to some interesting discoveries about the device itself, but also the ISP, how their technical support works and accesses the devices remotely, and much more! Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/set-top-box-hacking-freeing-the-freebox

Share this episode

Similar Episodes

No similar episodes found.

Similar Podcasts

LIGHTS, CAMERA, SMILE! Creatives Club Media Lights, Camera, Smile, is a podcast for anyone with a dream to share something with the world, out of the overflow of themselves - be it their mind, their heart, their personalities, and much more. Each of us are alive in this moment in time, with an innate ability to have ideas and create various things to benefit both ourselves and the people around us for a reason, and here, you will find the encouragement, the inspiration, and the motivation to do just that. Hosted by Cicily, founder of Creatives Club, she dives into various topics surrounding creativity and business. Exploring entrepreneurship for creatives in a corporate reality, sharing tips and tricks in a media centered company, answering questions regarding what a creative actually is are just a few of the things discussed on this podcast. Be encouraged to create for yourself as Cicily gets vulnerable by pivoting the camera to herself for the first time.To submit questions for Cicily to answer, or have her address certain t Chewing the Fat with WorkForge WorkForge Bite-Sized Conversations for Building a Stronger Workforce Welcome to Chewing the Fat, a podcast delving deep into the world of food manufacturing. Dive into real conversations around critical topics like staffing, retention, onboarding, and career development in this essential industry. Subscribe now to gain insights from your peers, subject matter experts and more on the biggest issues facing food manufacturers today: -Hiring and retaining employees -Addressing the challenges of the Silver Tsunami -Improving time to productivity of new employees -Engaging employees from hire to retire And more... Tune in to Chewing the Fat, a WorkForge podcast, and join the conversation on how to build and sustain a resilient, high-performing workforce in food manufacturing. Sermons | Countryside Bible Church Countryside Bible Church At Countryside Bible Church, we equip believers to joyfully live holy lives, to serve one another, and to share the gospel of Jesus Christ, all to the glory of God. We are committed to a high view of God, and a high view of Scripture. The PFN Cincinnati Bengals Podcast Pro Football Network The PFN Cincinnati Bengals Podcast is where you can stay up-to-date with the latest news and analysis on the Cincinnati Bengals! Our hosts, industry experts Jay Morrison and Dallas Robinson, provide weekly coverage of all the latest rumors and updates about the Bengals. Don’t forget to follow the show to receive new episodes directly in your podcast feed and leave a rating and review to let us know your thoughts.

Frequently Asked Questions

How long is this episode of Chaos Computer Club - recent events feed (high quality)?

This episode is 51 minutes long.

When was this Chaos Computer Club - recent events feed (high quality) episode published?

This episode was published on December 29, 2025.

What is this episode about?

The French ISP 'Free' was the first to introduce a set-top box in France in 2002, named the Freebox. Four years later, the fifth version of the Freebox was released and distributed to customers. It comprises two devices: a router, and a PVR called...

Can I download this Chaos Computer Club - recent events feed (high quality) episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.