BarTender's Blog 'o stuff: Sailpoint IdentityIQ (IIQ) &quot;encrypted&quot; passwords, 20 Feb 2019 04:27:00 PSTSailpoint IdentityIQ IIQ allows you create "encrypted" passwords so then you store those encrypted passwords in config files such as the database credentials that are stored within the file.</p> <p>&nbsp;</p> <p>dataSource.username=identityiq<br>dataSource.password=1:iCAlakm5CVUe7+Q6hVJIBA==</p> <p>&nbsp;</p> <p>There are two versions of the symmetrical encryption either "AES" or "AES/CBC/PKCS5Padding".&nbsp;</p> <p>If it's a legacy AES one then the format is as above, "key number : encrypted password"</p> <p>If it's a new "AES/CBC/PKCS5Padding" format then they insert "ACP" as an additional field with the same colon separator so it becomes: "1:ACP:JaGpXuLFE2btMQjnrggkdju449U/qfp1HLQA1rgSGno="</p> <p>&nbsp;</p> <p>Sailpoint cleverly supports decrypting the "encrypted" passwords if you pass a "special" system property via the command line when calling the identityiq.jar which is called by the iiq command line tool. I found this decompiling the identityiq.jar under sailpoint.server.KeyStoreConsole where they had byte encoded the string they required (facepalm).</p> <p>&nbsp;</p> <p style="padding-left: 40px;"><strong>sailpoint.keyStore.consoleContext=magellan</strong></p> <p>&nbsp;</p> <p>So you call Sailpoint command line using:</p> <p>java -cp WEB-INF/lib/identityiq.jar -Dsailpoint.keyStore.consoleContext=magellan sailpoint.launch.Launcher keystore</p> <p>&nbsp;</p> <p>You will see there are two new commands at then end "encrypt" and "decrypt"</p> <p>&gt; ?</p> <p>Console Commands</p> <p>? display command help<br>help display command help<br>echo display a line of text<br>quit quit the shell (same as exit)<br>exit exit the shell (same as quit)<br>source execute a file of commands<br>properties display system properties<br>time show how much time a command takes to run.<br>xtimes Run a command x times.<br>about<br>addKey Generate a new encryption key, the key will be securly generated and random.<br>list List the contents of the keystore.<br>master Change the master password and re-encrypt the keystore using the new master.<br>use Specify the keystore and master file to use when interacting with an alternate keystore.<br><strong>encrypt</strong><br><strong>decrypt</strong></p> <p>&gt; decrypt<br>decrypt &lt;string&gt;</p> <p>If you have created a custom key rather than the standard supplied one it will default to use the latest key.</p> <p>&gt; encrypt hello<br>2:ACP:GmOPFExdXOZXjq69jlIujgk0JhfTxEbl9zF4BtK2MKo=</p> <p>But you can encrypt using key 1</p> <p>&gt; encrypt hello 1<br>1:ACP:JaGpXuLFE2btMQjnrggkdju449U/qfp1HLQA1rgSGno=</p> <p>Or specify key 2</p> <p>&gt; encrypt hello 2<br>2:ACP:VaziygP3Bmu/rwKayN4iWyjATKcJKlASg/8x4PRYnZg=</p> <p>Then decrypt by just pasting the whole string in.</p> <p>&gt; decrypt 1:ACP:JaGpXuLFE2btMQjnrggkdju449U/qfp1HLQA1rgSGno=<br>hello</p> <p>Or the standard password stored within the for the database password:</p> <p>&gt; decrypt 1:iCAlakm5CVUe7+Q6hVJIBA==<br>identityiq</p> <p>You'll also notice that the list option displays generated AES keys in base64 format which is kinda hand.</p> <p>&gt; addKey<br>Generate a new encryption key (y/n)?<br>y<br>Generating a new encryption key for keystore [/data/sailpoint/WEB-INF/classes/iiq.dat].<br>New encrpytion key successfully saved to keystore.<br>All application servers must be restarted for changes to take effect.<br>&gt; list<br>Listing contents for keystore [/data/sailpoint/WEB-INF/classes/iiq.dat].<br>KeyAlias Algorithm Format Object</p> <p>2 AES RAW lcECExlG4AF/ehwvZ9SIKw==<br>&gt;</p> <p>&nbsp;</p> <p>Thanks sailpoint for making decrypting passwords so easy.Useful SNMP OIDs for Home Automation, 13 Jan 2019 07:37:00 PSTI've been playing with Home Assistant and using a few devices around my home network so thought it would be useful to document some of the useful SNMP OIDs I have found:</p> <p>Switches:</p> <table style="width: 100%; border-collapse: collapse; border-style: solid;" border="1"> <tbody> <tr> <td style="width: 20%;">Device</td> <td style="width: 20%;">SNMP OID</td> <td style="width: 5%;">On Value</td> <td style="width: 5%;">Off Value</td> <td style="width: 50%;">Notes</td> </tr> <tr> <td style="width: 20%;">APC 7920 PDU</td> <td style="width: 20%;">.</td> <td style="width: 5%;">1</td> <td style="width: 5%;">2</td> <td style="width: 50%;">Increment the last value of the OID for the port number.</td> </tr> <tr> <td style="width: 20%;">Raritan PX2-2190R</td> <td style="width: 20%;">.</td> <td style="width: 5%;">1</td> <td style="width: 6%;">0</td> <td style="width: 50%;">Increment the last value of the OID for the port number.</td> </tr> <tr> <td style="width: 20%;">Cisco 3750 PoE Switch inline power</td> <td style="width: 20%;">.</td> <td style="width: 5%;">1</td> <td style="width: 6%;">4</td> <td style="width: 50%;">Increment the last value of the OID for the port number. Integer 4 is "disabled" and 1 is Auto</td> </tr> </tbody> </table> <p>&nbsp;</p> <p>&nbsp;</p> <p>Sensors:</p> <table style="width: 100%; border-collapse: collapse; border-style: solid;" border="1"> <tbody> <tr> <td style="width: 20%;">Device</td> <td style="width: 20%;">SNMP OID</td> <td style="width: 60%;">Notes</td> </tr> <tr> <td style="width: 20%;">Raritan DPX-T2H2 sensor for PX2-2190R Temp</td> <td style="width: 20%;">.</td> <td style="width: 60%;">Need to divide number by 10 to get decimal place as it is an integer. The DPX-T2H2 has two sensors and the second sensor has the OID value of .3</td> </tr> <tr> <td style="width: 20%;">Raritan DPX-T2H2 sensor for PX2-2190R Humidity</td> <td style="width: 20%;">.</td> <td style="width: 60%;">Humidity and the second sensor is .4</td> </tr> <tr> <td style="width: 20%;">Raritan PX2-2190R</td> <td style="width: 20%;">.</td> <td style="width: 60%;">Rms Current</td> </tr> <tr> <td style="width: 20%;">Raritan PX2-2190R</td> <td style="width: 20%;">.</td> <td style="width: 60%;">Rms Voltage</td> </tr> <tr> <td style="width: 20%;">Raritan PX2-2190R</td> <td style="width: 20%;">.</td> <td style="width: 60%;">Active Power</td> </tr> <tr> <td style="width: 20%;">Raritan PX2-2190R</td> <td style="width: 20%;">.</td> <td style="width: 60%;">Apparent Power</td> </tr> <tr> <td style="width: 20%;">Raritan PX2-2190R</td> <td style="width: 20%;">.</td> <td style="width: 60%;">Power Factor</td> </tr> <tr> <td style="width: 20%;">Raritan PX2-2190R</td> <td style="width: 20%;">.</td> <td style="width: 60%;">Active Energy</td> </tr> <tr> <td style="width: 20%;">Raritan PX2-2190R</td> <td style="width: 20%;">.</td> <td style="width: 60%;">Active Energy</td> </tr> <tr> <td style="width: 20%;">APC NMC AP9335T</td> <td style="width: 20%;">.</td> <td style="width: 60%;">Need to divide number by 10 to get decimal place as it is an integer</td> </tr> </tbody> </table> <p>&nbsp;New Zealand Dialing validation regex, 09 Sep 2018 07:10:00 PDTWas doing some work with the NZ Dialing plan and needed to write some regex to validate NZ numbers. Using the information from the <a href="" target="_blank" rel="noopener">NAD</a> this is what I ended up with</p> <div>^0[34679][2-9]\d{6}$|^020[1-6]\d{6,7}$|^0210[03-8]\d{5,6}$|^<wbr>021[12]\d{6}$|021[3-9]\d{<wbr>5}$|^02[279]\d{7}$|^028\d{<wbr>6,8}$</div> <div>&nbsp;</div> <div>Local area codes 03,04,06,07,09 are all 8 digits long including the 0</div> <div>&nbsp;</div> <div>Mobiles 0201 to 0206 are either 10 or 11</div> <div>Mobiles 0211 and 0212 are 10</div> <div>Mobiles 0213 to 0219 are 9&nbsp;</div> <div>Mobiles 022, 027 and 029 are 10</div> <div>Mobiles 028 are 9 to 11 digits</div> <div>&nbsp;</div> <div>I could be wrong here, but that was my understanding. Feel free to comment on the above if any of it is incorrect.</div>Akamai IP Reputation Filter, 30 May 2018 02:53:00 PDTSo today I had an interesting issue where I was unable to access a web site from a customers internet connection.</p> <p>It seems that Akamai IP Reputation Filter has for some reason decided that the reputation of this IP address has some random issue that will prevent me from accessing their web site.</p> <p>The sites I can't access include:</p> <p></p> <p></p> <p>When I attempt to access the sites I get:</p> <p>------</p> <h1>Access Denied</h1> <p>You don't have permission to access "" on this server.</p> <p>Reference #18.67ff6dcb.1527719015.a6cebb8</p> <p>------</p> <p>At no point in the above do you have any idea this is related to Akamai Web Application Firewall blocking you. There are a number of not particularly helpful posts on the Akamai community talking about the issue.</p> <p><a href="" target="_blank" rel="noopener"></a></p> <p><a href="" target="_blank" rel="noopener"></a></p> <p><a href="" target="_blank" rel="noopener"></a></p> <p>And none of them provide any real resolution apart from contacting the site you are trying to access and then they can contact Akamai and figure out why.</p> <p>So after a lengthy conversations it turns out the only way to resolve the issue is to send an email to "support at" and then hopefully get to the bottom of why you are blocked.</p> <p>My first email consisted of:</p> <p>------</p> <p>Akamai does not block users from accessing our customers&rsquo; websites. However, our customers can use tools and policies which may in turn block you (the end user). Our customers use these rules to protect them and you from malicious actors on the internet.</p> <p>We have checked the logs you provided and have found you are being blocked because of a Web Application Firewall rule being triggered by your IP address.&nbsp;The most likely reason that a company or an end user may be blocked from several sites is due to Reputation-based blocking. &nbsp;Billions of IP addresses interact with the Akamai Intelligent Platform every month, and the Client Reputation module provides information regarding the reputation of each of them. Customers with this module enabled can block IP addresses whose reputation exceeds a certain configurable threshold.</p> <p>Some of other reasons that a block may be happening are:</p> <p>Explicit IP blocking / blacklisting</p> <p>Location-based blacklisting</p> <p>Rule-based blocking (i.e. web application firewall protections)</p> <p>HTTP request rate controls (e.g. DoS protections)</p> <p>We cannot unblock your IP address as it is the Akamai clients who make up the rules to block certain customers. You can check directly with the website owners why your IP is being blocked if you feel you have not done any harm or any illegal activities on the site you are being blocked.&nbsp;</p> <p>Having said this, I have checked&nbsp;x.x.x.x and its not being blocked.</p> <p>------</p> <p>So that's no use at all, as we are still blocked. When I finally manage to figure out how to unblock our IP address I will update this blog.Bogon Filtering using Regex, 23 Jan 2018 03:16:00 PSTI had to filter the Bogon (<a href="" target="_blank" rel="noopener">RFC1918</a> + CGNAT (<a href="" target="_blank" rel="noopener">RFC6598</a>) + Loopback (<a href="" target="_blank" rel="noopener">RFC990</a>) + Link Local (<a href="" target="_blank" rel="noopener">RFC3927</a>)) from within a proxy server I was setting up. <a href="" target="_blank" rel="noopener">RFC5735</a> covers a lot of the non-routeable addresses all in a single RFC with the exception of CGNAT. I used <a href="" target="_blank" rel="noopener">this page as a start</a> and tweaked it to my own requirements.</p> <p>My regex testing site of preference is: <a href="" target="_blank" rel="noopener"></a> as it has an excellent UI to test with and breaks out what the regex is doing.</p> <p>This is the regex I ended up with:</p> <p><span class=" UFICommentActorAndBody"> <span data-ft="{&quot;tn&quot;:&quot;K&quot;}"><span class="UFICommentBody">((?:10|127)(?:\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3})|((?:192\.168|169\.254|172\.(?:1[6-9]|2[0-9]|3[0-1])|100\.(?:6[4-9]|[7-9][0-9]|1[0-1][0-9]|12[0-7]))(?:\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){2})</span></span></span></p> <p>Reading it the regex blocks the following ranges:</p> <p> &amp;</p> <p>Regex: ((?:10|127)(?:\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3})</p> <p>Explanation - A non capture group ?: match 10 or 127 then capture ". + 1-255" {3} times as a non capture group.</p> <p>&nbsp;</p> <p> &amp;</p> <p>Regex: ((?:192\.168|169\.254)(?:\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){2})</p> <p>Explanation: A non capture group ?: match 192.168 or 169.254 then capture ". + 1-255" {2} times as a non capture group.</p> <p>&nbsp;</p> <p></p> <p>Regex: ((172\.(?:1[6-9]|2[0-9]|3[0-1])(?:\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){2})</p> <p>Explanation: "172." then non capture group 16-19 or 20-29 or 30-31 then capture ". + 1-255" {2} times as a non capture group.</p> <p>&nbsp;</p> <p></p> <p>Regex: ((100\.(?:6[4-9]|[7-9][0-9]|1[0-1][0-9]|12[0-7])(?:\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){2})</p> <p>Explanation: "100." then non capture group 64-69 or 70-99 or 100-119 or 120 to 127 then capture ". + 1-255" {2} times as a non capture group.</p> <p>&nbsp;</p> <p>Hope someone finds this useful.Extracting encrypted passwords from Sun Identity Manager, 01 Nov 2011 11:25:00 PDTFor my sins I am using Sun IDM.&nbsp; And I was somewhat disappointed at how easy it is to extract any password from Sun IDM without needing any authentication.&nbsp; As long as you have comand line access to call the LH you can extract the configurator password.&nbsp; Here are a few links I found on this topic.<br><br><a href=""></a><br><a href=""></a><br><br>The second link includes the javascript code needed, but a session needs to be established first.&nbsp; So this is the modified code I used.<br><br>/* Decrypt Sun IDM Passwords */<br>importPackage(;<br>importPackage(;<br>var _lhSession = new InternalSession();<br>print("Encrypted = " + arguments[0]);<br>var pwd = new EncryptedData();<br>pwd.fromString(arguments[0]);<br>print("Decrypted = " + pwd.decryptToString());<br>/* End */</p> <p>Then have the above script called pwd.js.&nbsp; Calling it as shown below:<br><br>./lh js pwd.js "3A961D0D453E218C:6BCF235D:122ED7C4BB6:-7FA4|GsggQAq2YSSbb1sZE9Xaxw=="<br>Encrypted = 3A961D0D453E218C:6BCF235D:122ED7C4BB6:-7FA4|GsggQAq2YSSbb1sZE9Xaxw==<br>Decrypted = configurator</p> <p><br>So... to get the encrypted password you want, a modified version of the JS to take an input file&nbsp;and return the passwords:</p> <p>/* Decrypt Sun IDM Passwords */<br>importPackage(;<br>importPackage(;<br>importPackage(;<br>importPackage(;<br>importPackage(;<br>var _lhSession = new InternalSession();<br>var file = new FileReader(arguments[0]);<br>var br = new BufferedReader(file);<br>var line;<br>while ((line = br.readLine()) != null) {<br>var obj = _lhSession.getObject(Type.USER, line);<br>var pwd = new EncryptedData();<br>pwd.fromString(obj.getAttribute("password"));<br>print(obj.getName() + "," + pwd.decryptToString()); <br>}<br>/* End */</p> <p>Plus i've now got the offline decryption working too by extracting out the encryption key:<br><br>$WSHOME/bin/lh console -c "getObject EncryptionKey *"<br><br>And the Misc data:<br><br>/* Extract Misc Data */<br>importPackage(;<br>importPackage(;<br>var _lhSession = new InternalSession();<br>var obj = _lhSession.getObject(Type.MISCELLANEOUS, "miscData");<br>print("Result" + obj.toXml());<br>/* End */<br><br>Then call the javascript:<br><br>$WSHOME/bin/lh js misc.js<br><br>Using the code shown above from Dark Edges.<br><br>Sad.. But true.<br><br><br>NZ Cell Site location information - Now with Google Fusion Tables!, 25 Aug 2011 04:00:00 PDTMany of you may know that I have an existing blog entry with KML files you can download or load up in Google Earth here: <a href=""></a><br /><br />So... Now thanks to Mark Hansen and is great work he did drawing all the links nationwide <a href=""></a><br /><br />I've come to learn of <a href="">Google Fusion Tables</a>.&nbsp; Now the super cool thing about Fusion Tables is you can map data from a table in fusion tables directly into Google Maps and not have the annoying <a href="">1000 Placemark limit you have with KMLs</a> plus sluggish response when loading a KML file into Google Maps.<br /><br />With Google Fusion you can either map directly from with Fusion from your dataset, or write up a small web page and do some pretty stuff.&nbsp; I've got the web page so then I can add a Fusion Tables style in so all the place marks have a "T"/"V" etc depending on if it's a Telecom or Vodafone site.<br /><br id="tinymce" class="mceContentBody " /><strong>Try V2 of The NZ Cell Information:</strong> <a href=""></a><br /><br />If you look in the html it lists the Fusion Table data that I extracted out of <a href="">RSM</a> which can be found here: <a href="">1355049</a>.&nbsp; <br /><br /><br />NZ Cell Site Information, 25 Sep 2010 05:52:00 PDTI have extracted the data out of the Radio Spectrum Management Database <a href="">Spectrum Search Lite</a> which is the Government agency who controlls all radio frequencies in NZ. They kindly put up their whole database as a Access 97 DB free for download (Yay for Open Govt!).&nbsp; So this is the frequencies that the companies are allowed to transmit from, not necessarily an actual Cell Site.&nbsp; But more often that not it IS a cell site.<br />First I transferred the Access Database into a SQLite Database using <a href="">mdb-sqlite</a>. Then using a SQL Query and <a href="">Saxon</a> I manipulated the files into KML Files.<br /><br /><strong>NEW UPDATE:</strong><br /><br />I've been playing around with Google Fusion thanks to Mark Hanson's great entry showing how he used the RSM data to get all the radio links: <a href=""></a><br /><br />Now I have a <a href="">Google Fusion site showing all sites</a>.<br /><br />Update: I've just added Carrier specific kml's with icons at each site saying what frequencies are transmitted from that site.<br /><br />Update, this is a work in progress with updated data and displaying the data slightly differently.<br /><br /> RSM Database dump 20 June 2011<br /><br />If you want a copy of the whole archive to create the KMLs from the RSM Database download just PM me and I will send you the link.<br /><strong><br />All Sites</strong><br /><br />All Cell Sites by Carrier:<br />This lists all Cell Sites broken down by carrier.&nbsp; The <a href="">Google Maps 1000 Feature Limit</a> means that it won't load properly in anything other than Google Earth.<br /><a href="">KML</a> and <a href=";hl=en&amp;q=">Google Maps Link</a><br /><br />This has just Telecom, Voda, 2Deg and Woosh, and all the frequencies on a per-site basis.&nbsp; It still doesn't open very well in Google Maps due to the large number of Placemarks.<br />And a GPS with the Site Name - Provider and Location all in the Name string:<br /><a href=""></a> or <a href=";hl=en&amp;q=">Google Maps Link</a><br /><br /><strong>Telecom</strong><br /><br />All Telecom Sites: CDMA, XT850 and XT2100<br /><a href="">KML</a> or <a href=";hl=en&amp;q=">Google Maps Link</a><br /> <br />Telecom CDMA:<br /><a href="">KML</a> or <a href=";hl=en&amp;q=">Google Maps Link</a><br /> Telecom XT 850 Mhz:<br /> <a href="">KML</a> or <a href=";hl=en&amp;q=">Google Maps Link</a><br /> Telecom XT 2100 Mhz:<br /> <a href="">KML</a> or <a href=";hl=en&amp;q=">Google Maps Link</a><br /> <br /><strong>Vodafone</strong><br /><br />All Vodafone Sites: 900, 1800 and 2100<br /><a href="">KML</a> or <a href=";hl=en&amp;q=">Google Maps Link</a><br /> <br />Vodafone GSM 900:<br /> <a href="">KML</a> or <a href=";hl=en&amp;q=">Google Maps Link</a><br /> Vodafone GSM 1800:<br /> <a href="">KML</a> or <a href=";hl=en&amp;q=">Google Maps Link</a><br /> Vodafone WCDMA 2100:<br /> <a href="">KML</a> or <a href=";hl=en&amp;q=">Google Maps Link</a><br /> <br />Note: I'm not sure which 900Mhz sites are 2G and which are 3G Extended.&nbsp; This isn't registered in RSM since Vodafone own the frequency and can do what they like with it.<br /><br /><strong>Two Degrees</strong><br /><br />All Two Degrees Sites: 900, 1800 and 2100<br /><a href="">KML</a> or <a href=";hl=en&amp;q=">Google Maps Link</a><br /> <br />Two Degrees GSM 900:<br /> <a href="">KML</a> or <a href=";hl=en&amp;q=">Google Maps Link</a><br /> Two Degrees GSM 1800:<br /> <a href="">KML</a> or <a href=";hl=en&amp;q=">Google Maps Link</a><br /> Two Degrees WCDMA 2100:<br /> <a href="">KML</a> or <a href=";hl=en&amp;q=">Google Maps Link</a><br /> <br /><strong>Custom Two Degrees Maps</strong><br /><br />And New Cell Site Locations (that only have microwave backhaul so far).<br /><br /><a href="">KML</a> or <a href=";hl=en&amp;q=">Google Maps Link</a><br /><br />And All 2D Locations across the country.<br /><br /><a href="">KML</a> or <a href=";hl=en&amp;q=">Google Maps Link</a><br /><br /><br /><br /><strong>Woosh</strong><br /><br /> Woosh TD-CDMA 2067.5:<br /> <a href="">KML</a> or <a href=";hl=en&amp;q=">Google Maps Link</a><br /><br />Any other mobile networks I should add, just PM me.<br /><br />Feel free to redistribute in any format you want, as this is public information from RSM anyway.Fun with Snapper - Take 1, 18 Jul 2009 23:15:00 PDTAfter getting a Snapper USB I thought I would look into what it's all about a bit more, and see if I can see what's going on and look into the card using Linux. Firstly it took a while to figure out where to find the USB Driver software, as the Snapper site isn't exactly obvious on where you download it from: <- The main start page <- Download the ActiveX control <- Download either the USB or Snapper Feeder driver Or direct links: <- Phone home to see if it all works. Ok, so you can start off with getting the ActiveX control installed, this is why you need IE (ugh) Then after I had the drivers installed I found out it's a Smartcard, in fact it's a JCOP 3.1 card as per its ATR. Using standard smartcard interrogation tools, I found the ATR for the USB is: "3B 69 00 FF 4A 43 4F 50 33 31 56 32 32" which means it's a JCOP 31 v22 72K as per: Ok, so it's a pretty secure card, banking quality so doing anything untoward is pretty much out. Now on to see if I can get GPShell working with it: ... Watch this space.Gemini image blowing up Clone Dreamboxes, 18 Apr 2008 05:14:00 PDTJust a FYI for you clone dreambox owners out there.<br /><br />It seems that in an &quot;Attack on the Clones&quot; the Gemini team have released a kill switch after you have been running the image for a while as part of their 4.x (but especially 4.3 and 4.31) images that will brick your Clone DM500 to a point that you will never be able to get it back.<br /><br />My recommendation is to run the PLi image, but for those looking at putting a Gemini image on your clone box ... just say no.Daylight Savings in NZ, 01 Apr 2008 11:23:00 PDTOne thing you Kiwi's may be having is the DST Start &amp; Stop times in all the Dreambox images (PLi &amp; Gemini) are not correct, so you need a correct Timezone file.<br /><br />I have posted a entry on the PLi site about this here: <a href=";thread_id=5762">;thread_id=5762</a><br /><br />You need to download the zoneinfo.tgz, extract out the file &quot;Auckland&quot; and rename it to &quot;localtime&quot; then ftp it to /var/etc which is where the localtime with incorrect DST start and stop times is at.&nbsp; Then reboot your box by telneting to the box and typing reboot.<br /><br />Then you should be done and the timezone should be fine!.Changing MAC address, 02 Feb 2008 23:38:00 PSTI was asked this and didn't know the answer, as the boxes I have had always have unique mac address, so it was never a problem... however it was pretty easy to change as detailed below:<br /><br />Telnet to the DM, and type the following commands:<br /><br />cd /var/etc<br />rm init<br />echo \#!/bin/sh &gt;&gt; init<br />echo ifconfig eth0 down &gt;&gt; init<br />echo ifconfig eth0 hw ether xx:xx:xx:xx:xx:xx &gt;&gt; init<br /> echo ifconfig eth0 up &gt;&gt; init<br />chmod 755 init<br />reboot<br /><br />You need to change the xx:xx:xx to the mac address you want.&nbsp; Then the box will reboot... and the MAC address is changed.&nbsp;&nbsp; Easy!Moteck Motor Setup on a Dreambox, 17 Jan 2008 03:44:00 PSTAfter playing around for a while deeply confused why I couldn't get my newly purchased Moteck Satellite motor (ex trademe!) to correctly point to Optus D1 I figured out my problem.<br /><br />I found on another site the following:<br /><br /> The file you need to modify is the /var/tuxbox/config/enigma/config file. The Diseqc 1.2 motor settings are in the line starting with 's:/elitedvb/DVB/config/lnbs/0/RotorTable'<br /> <br /> Example Settings are: <br />s:/elitedvb/DVB/config/lnbs/0/RotorTable=-0300014-0220030-0180011-0150029.......<br /> <br /> Yours may/will well be different but you get the idea..... The format is:<br /> Entry &quot;-0300014&quot;<br />&quot;-0300&quot; = 030.0 West (Hispa)<br /> &quot;014&quot; = stored position 14<br /> <br /> or<br /> <br /> +0192002<br /> +0192 = 019.2 East<br /> 002 = stored position 2<br /> <br /> Whenever I load a new image I select diseqc complex setup, untick the USALS setting, save and exit, then load captains settings, reboot.<br /> <br />So What I needed to do was change:<br /><br />s:/elitedvb/DVB/config/lnbs/0/RotorTable=+1600000<br /><br />As I had configured D1 (160.0 East) to Stored Position 0. So I needed to remove that and set it to:<br /><br />s:/elitedvb/DVB/config/lnbs/0/RotorTable=<br /><br />This then meant that the GotoXX was always used and hopefully (once the motor is up on my roof!) the motor will move to the right location for each satellite!.<br /><br /> that took me ages to figure out!Dreambox SCART Connector for Component, 06 Jan 2008 23:31:00 PSTI have had various questions about the SCART Connector on the Dreambox.<br /><br />The SCART supports (from what I have tested) Composite and Component, however in theory it also supports S-Video (as per what you can configure in the On Screen Display setup).<br /><br />For a SCART to Component connection I recommend buying a <a href="">JayCar WQ7255</a> which at $48 seems not such a bad price (I don't work for Jaycar nor do I have shares in them, just a cheap place to go and get a cable that works IMHO).<br /><br />The wiring that you should look for is shown below, the three connectors in the middle of the right hand side of the SCART connector are the component out, the two down the bottom are the Left &amp; Right Audio.<br /><br /><img src="" alt="" width="518" height="349" /><br /><br />Once you have the right cable go into the AV Setup under Setup -&gt; System Settings and set the Colour Format to &quot;YPbPr&quot; for Component instead of &quot;RGB&quot; or &quot;CBVS&quot; for Composite.Recording using your remote on a DM500, 25 Nov 2007 00:46:00 PSTTo start off with this Blog entry it took me a while to figure out how to actually record using your remote control on a DM500 since the Regular DM500 remote doesn't have the &quot;VIDEO&quot; button.<br /><br />Below is the best pics I could find of the two different remotes. The one on the left is the commonly supplied remote with the DM500, whereas the one on the right (grabbed via the web interface) is the one with the &quot;VIDEO&quot; aka PVR menu on it. If I could find somewhere that I could buy the Fully Featured remotes cheaply I may look at doing that... Just for this purpose.<br /><br /><img src="" alt="Dreambox Remotes" width="312" height="338" /><br /><br />So what I do is re-program the &quot;Yellow&quot; button to be the PVR menu to enable PVR mode, and then you can use the &quot;Radio&quot; button to start recording.<br /><br />To reprogram the yellow button you need to get into the &quot;Blue&quot; Menu from the Gemini image. Select the &quot;Quickbutton Settings&quot; as shown below:<br /><br /><img src="" alt="" width="441" height="441" /><br /><br /><br />Then select &quot;DVR&quot; from the Quick Button settings:<br /><br /><img src="" alt="" width="373" height="485" /><br /><br />Then hit OK.<br /><br />Now back in the Main User Interface you can hit the &quot;Yellow&quot; button to bring up the DVR Menu down the bottom of the screen.&nbsp; As shown below:<br /><br /><img src="" alt="DVRScreenshot" width="720" height="576" /><br /><br />Then hit the &quot;Radio&quot; button to start recording on your remote, and the &quot;TV&quot; button to stop recording.... EASY!<br /><br />On the network side you need to make sure you have a network mounted filesystem for the DM500.<br /><br />In the web interface (http://DreamIP) login with the default username &quot;root&quot; and password &quot;dreambox&quot;. Select the Config -&gt; Mount Manager button.<br /><br />Then Add a new mount. The &quot;Client Directory&quot; should be set to &quot;/var/mnt/hdd&quot; which is the default mount directory for the Harddisk. &quot;Server Directory&quot; is the name of the share if you are mounting CIFS or SAMBA. It's also worth turning on &quot;AutoMount&quot; so it will mount each time the DM boots.<br /><br />Save the mount in the Web UI.<br /><br />Last but not lease don't forget to create a directory called &quot;movie&quot; in the root of the share. That is the place where the recordings will be put.<br /><br /><br />If you find this helpful click on my banners so I can get paid.... So far US 35 Cents and counting :)..LNB Setup for Dreambox, 24 Oct 2007 02:17:00 PDTFor those who have a Dreambox there are 3 main types of LNB Options you may have:<br /><br />*** PLEASE READ THROUGH THE WHOLE DOCUMENT BEFORE YOU PLUG YOUR DREAMBOX INTO THE POWER, OR PLUG IT INTO THE SATELLITE CABLE, FAILURE TO DO THIS MAY BLOW UP EITHER YOUR SKY BOX, OR YOUR DREAMBOX, OR BOTH.. YOU HAVE BEEN WARNED!!! ***<br /><br />If you live in an Apartment you should do all of this configuration before you plug in the Satellite Cable. As you will need to turn off the LNB power.<br /><br />Option 1: Old Style Sharp LNB supplied with Sky in a residential installation where you are the only person connected to the Sky Dish.<br /><br />They look something like this:<br /><br /><img src="" alt="" /><br /><br />For this you will need to configure your LOF to be 11300.<br /><br />Or you may have one of the New Dual Throat LNBs supplied by sky, they look like this (thanks for the photo &quot;you know who&quot;!).<br /><br /><img src="" alt="" /><br /><br />Notice how the white plastic bit pointing towards the dish is &quot;Oval&quot; instead of &quot;Circular&quot; as is shown in the Old Style Sharp LNB.<br /><br />Below are screenshots showing how you configure the satellite for Optus D1 and C1 if you have a Dual Throat.<br /><br />First get into the menu by selecting the &quot;Menu&quot; key or &quot;Dream&quot; key depending on your remote and select Setup (option 6):<br /><br /><img src="" alt="" width="720" height="160" /><br /><br />Then select Service Searching:<br /><br /><img src="" alt="" /><br />Then Satellite Configuration:<br /><br /><img src="" alt="" width="720" height="576" /><br />Under Satellite Config you need to specify &quot;non-standard user defined configuration...&quot; from the drop down list:<br /><br /><img src="" alt="" /><br /><br />Then you setup to use Optus D1 as your satellite, and make sure the 22hz tone is off as shown below:<br /><br /><img src="" alt="" /><br /><br />Now you need to make the changes under LNB 0 to specify the correct LOF, go to the LNB and press the OK button.<br /><br /><img src="" alt="" /><br /><br />The above should either be 10750 (if it is a newer version of the Sky LNB, aka the Dual Throat), or if it is an older one the settings should all be 11300 instead of 10750.<br /><br />** Update, the Threshold should actually be set to 11800, not 10750, 10750 when the LOF/L is 10750 works, but technically it should be set to 11800 no matter what your LOF/L is.<br /><br />Check the Next page and make sure everything is disabled.<br /><br /><img src="" alt="" /><br /><br />Save those settings and you are done.<br /><br />Option 2: Dual Throat LNB supplied by Sky.<br /><br />If you do have a Dual Throat LNB (photo to come up soon when I get a good pic of one) then the LNB LOF should be set to 10750. Also you can add in the Second Transponder by adding an additional LNB. As shown below:<br /><br /><img src="" alt="" width="592" height="462" /><br /><br />Option 3: Live in an apartment building with a single Satellite dish suppling the whole building.<br /><br />If this is your situation then you should make sure that LNB Power is turned off, this also means you won't be able to pick up the Virtical Transponders, only the Horizonal, so no Impara/NITV :(. Also your LNB LOF should be set to 11300. The LNB Power off is shown below, this would also be the same if you had more than one Decoder all pluged up via a Satellite Splitter. You should only have ont Set Top Box powering the LNB, all the others should have their LNB power turned off... otherwise you could blow up your tuner (and need a whole new box :(... <br /><br /><img src="" alt="" /><br /><br /><br />I hope this helps someone... Click the Ad Links above if you found this useful :)<br /><br />Bt