Yeah these are Yahoo TV Widget url signing keys for Samsung & LG devices, they are used together with a timestamp to prevent you from grabbing other people's widgets/spoofing devices. If you fire up wireshark while you're poking at these TV's you'll see some calls to Yahoo services ending in &sign=
url = http://....yahoo....?1=a&2=b&3=c url = url+"&sign="md5(url+Secret) Update the ts (timestamp in msecs) parameter, resign, post & play. Interesting to look at the various widgets & sources, none of them have any form of obfuscation applied to the javascript, could be useful in finding and exploring unknown APIs :) -Travis On Thu, Mar 10, 2011 at 3:18 PM, Ryan Sears <[email protected]> wrote: > Hrm.... > > Could this have something to do with this => http://pastebin.com/rD8hwpxT? :-P > > As far as 'magic secrets' go, either disclose something or don't. Then move > on, personally I think posting cryptic messages to a public forum like this > is a bit dumb. If you're trying to say something, just say it. > > Ryan > > ----- Original Message ----- > From: "T Biehn" <[email protected]> > To: "full-disclosure" <[email protected]> > Sent: Thursday, March 10, 2011 1:22:50 PM GMT -05:00 US/Canada Eastern > Subject: [Full-disclosure] Some magic secrets. > > SA: R8P6PtAlwn2bQobnedI2g7TxgqL4n091Fcq44nRh6CY- > L: qCb_hz5hQVQezObhN.VP8HYkBdubli1el0xDUxDpvrU- > SO:? > V:? > > Do the replace live: <value key="gallery.gallery-url">localhost</value> > > > Also, > First! > > -Travis > -- > FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C > http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on > http://pastebin.com/f6fd606da > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on http://pastebin.com/f6fd606da
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
