Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Games Entertainment

Telnet into Dreamcast? 441

Jeos wrote to us with a fun Saturday afternoon project: "OK so today I was bored, and I did what anyone with a Dreamcast and a portscanner would do, I did a port scan on my Dreamcast. The results are interesting"-click below to read more.Update: 09/12 08:02 by H : Yes, this is a hoax - or sources from inside Sega say it is.

Starting nmap V. 2.12 by Fyodor (fyodor@dhp.com, www.insecure.org/nmap/)
Host (129.***.**.***) appears to be up ... good.
Initiating TCP connect() scan against (129.***.**.***)

Port State Protocol Service
23 open tcp telnet
80 filtered tcp http
113 open tcp auth
179 open tcp bgp
12345 filtered tcp NetBus
12346 filtered tcp NetBus
TCP Sequence Prediction: Class=random positive increments
Difficulty=561888 (Good luck!)
Sequence numbers: 2B26AFA0 2B49A760 2B5316DA 2B647480 2B7655AB 2B852F62
No OS matches for host (see for more info)
Nmap run completed -- 1 IP address (1 host up) scanned in 33 seconds

The OS fingerprinting didn't guess the OS, big surprise, but the interesting thing is all the ports that are open. The ones that interested me the most were 23 and 80, the normal telnet and web server ports. I tried to connect to my Dreamcast with a web browser, no luck there. Then I tired to telnet into it, jackpot! I was able to telnet in, and prompted to give a username/password. Of course I had no idea what the username or password would be, I wonder if it's some sort of backdoor for Sega?
Now i have to see if I can do anything interesting with the other ports.
This discussion has been archived. No new comments can be posted.

Telnet into Dreamcast?

Comments Filter:
  • *Rubs hands together* And this just happens to be the one I ordered at work! Muhahahahahahahahahahahhahahahahahahahha!

    Joseph Foley
    InCert Software Corp.
  • The res. of a TV is not so low that a web browser on it is "useless". I use a decidedly average Sanyo 52cm as the monitor for the stranger of my two PCs, and it's passable, though to be able to use it at a distance you really have to increase the font size one notch.

    I've used it in both 640x480 underscan and 800x600 overscan. (both PAL) You lose a few lines, but it copes.

    I'm sure with HDTV, or even a "normal" Sony Trinitron, it would be perfectly workable. Then the issue is the web browser program itself.

  • Yes, this is highly likely, as there are still countries that have non-standard dialtones.

    I remember having one BigAss(tm) fight with the compuserve dialup software in Hungary some years ago, until i realized that the damn modem didn't consider the Hungarian dialtone to be a dialtone!


    ________________________________________________ ___________
  • I would concure that they are prolly not using a differnt light (laser) source. Getting more bits onto a CD style platter involves layers, and varying the focal point of the reader head. The very top layer of the disk would have data on it, but is semi opaque. The layer under that has data on it, and it accessed by focusing the reader head laser to a deeper depth, thus attaining double the density of a traditional disk. Then there are 2 sided disks requiring a dual focus/dual reader head drive to read them. Bottom line: the CD style storage disk (CDrom/DVD/DreamCast) could hold a LOT MORE data than the dreamcast or the current DVD format is exploiting today. (Byte [byte.com] had an interesting article on this topic when DVDs first came out.
  • by Anonymous Coward
    I'd like to see some of the documentation that says a Yamaha CDR can burn a GDR on a standard CDR disc. Have any of you actually seen a GDR? The GD-ROM is actually written in two sessions. There is a single density session near the center of the disc that can be read by any CD-ROM drive. The majority of the disc however is a high density session that is on the outer part of the disc. This is achieved by using a proprietary compression format. The high density section is also read from the outer edge of the disc inward, instead of from the inner edge outward. Also, GD-ROMs currently CAN NOT be burned on regular CDR machines. Burning a GDR currently requires a special Sega produced machine. A standard game disc takes approximately 1.5 hours to burn.
  • This is rather pointless, the server itself could easily diconnect the client, rather than make the client disconnect itself. Does the IRC server politely tell the irc client to please disconnect itself when someone issuses a KICK or BAN command on a user? hell no, it just freaking boot em out, doesnt care what the client does, cause after that point, it doesnt matter.
  • quick test:

    visit http://www.mav.net/teddyr/access/info.shtml

    dial in via ppp with a normal pc/mac/etc/machine, find out what the ip address that is assigned to your machine is (the domain name); then check the page above if its within the same "range"... (ie; if it says proxy or cache in the machine name... then it is transparantly proxied; same if the machine ip shown is not the same as winipcfg or pppd tells you that you have....

    https://www.mav.net/teddyr/syousif/ [mav.net]
  • But what's so special about that - I can hook up my computer's G400 to a TV display, too. The really cool thing is the power of the Dreamcast is hidden from the user.

    Actually, that's only part of the cool thing. The other is that a Dreamcast costs between 10% and 20% of a good "gaming" PC, and somewhat less than a more basic model. If Sega is on the ball, this could be a huge selling point with parents: "Buy the Dreamcast. It's cheaper than a PC, your kid can browse the web with it, and it's at least a US$1000 less than a computer that'll play the same games." Sounds like a winning pitch to me.

  • I was considering picking up one of these kewl little boxes, but I really wouldn't have much use for one. If a user can DCC information back and forth over the DCIRC client, then a person could download MP3s onto a zip drive while playing "kill em all!"(c)anygame inc. That might make buying one a little more tempting.
  • GDROMs are regular CDROMs with less error checking IMHO. You can burn GDROMs from Yamaha(?) Cd writers.
  • Of course I had no idea what the username or password would be, I wonder if it's some sort of backdoor for Sega?

    I don't know about you guys, but I wouldn't store any personal documents on my game system (I don't even think I could), so Sega can have all the backdoors they want on my dreamcast (not that I even own one, yet).

    It is interesting however. Maybe they could use it to check for illegally bootlegged games (If the games come on CD, I'm pretty uneducated on the subject).
  • Ok so from previous posts we know that they are filtering the 12345 etc ports. Thus stopping BO and other such harrasment. We also know he is connecting through his school. Now what ports are 'open,' well it's the 80 and 23. To follow up we all know what 80 and 23 are used for. The simple answer is that his school is blocking these ports so you can't run servers. In fact I'm suprised that 21 isn't showing the same thing. We see that nobody else is getting this, and with his web broswer open he was useing the other ports for the browsing, notice they are not filtered. Come on people we are smarter then this.
  • Last I knew blue lasers hadn't been perfected to work for more than about 30 seconds, so I really, really doubt that it's a blue laser. I can stick a GD-ROM in my normal CD ROM drive and it will read the disc as well, so it's seeing something on the normal CD wavelength. It could be using some sort of overlay, which could concievably up the capacity to 1 GB.
  • Well the modem is included with the system...seeing that I have on right next to me and it came with the modem.

    (It rules by the way. I have sonic and soul calibur and I'm having a blast.)
  • Try 80 min media : 700MB storage. Most new PC games are stored on this format.. thus limiting the number of ppl getting a sucessful backup. :)
  • by Anonymous Coward
    Is what seperates a Hacker from Users. Natural curiosity.
  • I would doubt it most ti calcs are powered by a z80 which i think is not 32-bit clean :) OTOH, the 89 is a much better calc than the 83-87s, its actually a 92 without the kewlness. Anyways maybye i'll convince my parents to buy me an 89
  • I would concure that the DC drive prolly isn't using any special light/laser source. One of the things that makes todays CDrom/DVDdrives so afordable is the cheap/safe laser. Getting more data on a optical platter involves layers, and focusing. The disk would have 2 layers (the top layer would be semi opaque/seethrough. and the bottom layer would not) When the reader head focuses the laser on the top of the disk, that layer of data would be read. When the laser focuses further down into the disk, *that* lower layer of data would be read. This gives you double the data density without a lot of cost. Then there is a double sided/dual focal point drives that can read twice as much again. The bottom line? You will be seeing cheap plastic optical platters storing 4.7Gbytes(todays DVD) / 10Gbytes / 20Gbytes without having to alter the laser source or sector structure. (I think Byte magazine [byte.com] had an article on this when DVD first came out) comments welcome.
  • by Hacksworth ( 81145 ) on Saturday September 11, 1999 @06:37AM (#1688356) Homepage
    So if I'm the first person to crack into the dreamcast and change its files, do I get to keep it? (a la LinuxPPC :)
  • So... what probably happened is that the website you accessed to tell you your IP gave you the IP of whatever proxy server (remember, it could be transparent, esp. at a university) you were using.
    The remote site only tells you the IP of the packets it gets from you.. which probably come from a proxy.
  • This is too weird... I just have two questions:

    1. (dumb one) How was this thing getting its TCP/IP? Ethernet port, serial PPP, what?

    2. Doesn't the Dreamcast run WinCE?
  • by j_d ( 26865 )

    re you crazy???? Hydro Thunder is an arcade perfect port and the grafx are incredible! I can't believe some people's bias towards something can warp their perception of other products so much.

    The only thing my perception's been warped by is the video on the demo disk. I think the graphics look muddy and washed out, and most of the boats are really small. Of course, the arcade version could feature muddy, washed out graphics, I dunno.

  • Yes, the dreamcast does run a _version_ of windows ce, and from what I understand the dreamcast comes with a modem...

  • I would agree that this apears to be a very good scan of his ISP :)
  • This little article really started to make me think about the possiblility of companies and their control over almost anything that they want to sell. I've seen the many articles on SlashDot about this topic, but this never really hit home until I saw some concrete evidence (at least in my opinion). Very interesting..

    It's a shame that the docs of the hardware don't cover this or at least give some insight into why those particular ports are open, etc.. I think users that actually spend hard earned money (or not so hard earned) to buy the product deserve to know.

  • by tm2 ( 90351 ) on Saturday September 11, 1999 @10:28AM (#1688365)
    Here's the nmap -v against my Dreamcast on the net via ppp at the ISP Best.com: [root@pocket tm]# nmap -v 205.x.x.x Starting nmap V. 2.3BETA5 by Fyodor (fyodor@dhp.com, www.insecure.org/nmap/) No tcp,udp, or ICMP scantype specified, assuming vanilla tcp connect() scan. Use -sP if you really don't want to portscan (and just want to see what hosts are up). Host (205.x.x.x) appears to be up ... good. Initiating TCP connect() scan against (205.x.x.x) Adding TCP port 113 (state Open). The TCP connect scan took 40 seconds to scan 1487 ports. Interesting ports on (205.x.x.x): Port State Protocol Service 113 open tcp auth Nmap run completed -- 1 IP address (1 host up) scanned in 40 seconds. Note: the browser was on irc at the time, which is how I figured out the IP address, and probably why port 113 was open (for username authentication) Why the heck would a Dreamcast let you telnet in anyway? It's not like you can store files on a Dreamcast, or run apps remotely... Toshi
  • just call up sega and say you want the username and password. maybe they'll give it to you...
    hopefully its not a defualt username and pwd for every machine...
  • It is FUD because when /. hears the word "Microsoft" they automatically assume, "Oh, I guess it has to always run MS CE as it's OS, and it has to run Internet Explorer as it's browser, and if it crashes, that must mean it's Microsofts fault". You don't do any checks to see how true that is or anything.
  • by pp ( 4753 ) on Saturday September 11, 1999 @10:32AM (#1688368)
    If the DC was behind NAT/MASQ the IP would show
    up to be the router that does the NAT:ing.

    The open ports are consistant with this (telnet, BGP4, http), all are services that are running
    on pretty much every cisco router.

  • I'll be dialing up to a Linux box sitting about 2 feet away from it, and connecting it to the 'net through a gateway to my ISP.

    This means that I'll have a machine sitting behind my firewall giving God-knows-what responses to God-knows-what requests.


    It never occurred to me that my video games would be a security risk...

  • surely these will surface soon after realease, but what can happen once you get in? if it runs wince, maybe you could change the software (do video systems such as these even use disk drives, daveo is not familiar with them?) and write your own video-game api! now that would be one certain sweet project!
  • Now, give it a few months, and see the script kiddies crashing Sega consoles.. ;-P
  • Ok, so if Dreamcast accepts telnets, wonder why? Some undocumented connection for later use? Anyway, I can just feel a hundred /.'ers right now trying to get in. I wonder how long it will take?

    -- Moondog
  • I found the Byte Magazine article mentioned in my previus post. [byte.com] I think this article [byte.com] will answer your questions regarding today optical storage.
  • Nope... 4.0 and up.

    What you're thinking of is internet access that comes via a tunneled IP protocol atop AOL's proprietary internal communication protocol.

    PPP dialup is in beta testing for the newer clients (and what better test platform than all them Dreamcast users -(
  • We should follow the proud tradition created by the users of SlashDot and done since the begining of time and slashdot someones Dreamcast just for the hell of it.

    If we dont, someone might think we dont exist anymore, and therefore that Linux is dead, that since WinCE runs on the Dreamcast and we failed to slashdot the Dreamcast that Sega is actually MS and that Bill Gates is actually Sonic and that Im waaaay off topic. What a world.

    Time to go to bed.
  • While is entirely possible that the Dreamcast has it's own TCP/IP stack, I suspect that what you port scanned was really a proxy server of some sort that the dreamcast uses for it's internet access.
  • Waitaminute.... the damn thing just came out. And your all ready bored with it????

    Byron Ray
  • The problem for a paranoid person would be the following:

    It can be easy for a developer (either intentionally or via a rogue cracker/disgrunteled employee) to install a sniffer or other trojan running on a game console {that is if they do get an ethernet port.. which I hope that it does}... The amount of data that can be gatherd would be phenominal..

    A paranoid person would consider ANY dreamcast cd that is given away free to be suspect...

    [extremely paranoid mode /on: Hmm.. I wonder if the cds that were recalled had any....problem....with them /off] :-)

    https://www.mav.net/teddyr/syousif/ [mav.net]
  • Not bad actually - it uses some pretty legible fonts, and of course they're at a pretty large size. So you have to scroll a lot, but it's quite good in general. Better quality than the video out on my old Voodoo Rush board for sure.
  • Accually I think the sega rep does, he just wasn't expecting such a question and probably didn't realize there was a telnet port open on the dreamcast.
    a: no. i tried scanning for open ports on my dreamcast, i saw telnet was open, and i tried using telnet to access it. i did this from my dsl-connected computer. i got the login and password prompt in the telnet window. the dreamcast works fine, even when i'm using telnet.
    r: whoa, man. i dunno.
    a: alright..
    r: i couldn't give you any dns or anything
    a: yeah?
    r: that'd be ILLEGAL!

    It seemed that he was starting to catch on towards the end there.
  • CNN is carrying an article regarding the release of Dreamcast, apparently quite a few games made it out that were defective. For more info:

    http://www.cnn.com/TECH/computing/9909/10/dc.pro blems/index.html

    PS: I know this isn't directly related to port-scanning the box, please don't moderate me down!
  • Um... CE comes with the dream cast, so you wouldn't have to spend any money on it...
    "Subtle mind control? Why do all these HTML buttons say 'Submit' ?"
  • What we know:

    1> Runs Windows CE
    2> Leaves open Port 21
    3> Has an obvious Shared directory


    1> Is Share to gain OS access or is it an encryted password given to each box to allow them to talk?

    2> Is the OS accessable at all or is the default set so that universal access to the OS is read only to prevent us from screwing it up?

    3> Why would Sega need a back door into your dreamcast system in the first place.
  • I tried portscanning my DC (US DC, running the packed-in web browser, showing this very article on /. on my TV :) and the latest nmap showed no ports open. I could ping the DC but telnet on any of the ports mentioned did nothing. I'm positive I got the right machine because my PPP dialup has a fixed IP and DNS =)

    Anyone else tried this and had it work? What disc did you have running in the DC?
  • Did you try diconnecting your dreamcast and trying the port again? If it still works... it ain't your dreamcast. If it doesn't.. it MAY have been
  • Well, you might end up spending more mone for Visual C++ then you're dream cast (pluss running somthing like a webserver would be slow of a CD-rom). *but* you can code stuff for CE if you want, check out:

    http://msdn.microsoft.com/cetools/ [microsoft.com] for more info. but I don't know if you would need to burn CE on the CD as well or not.

    writing a CE application would probably be easyer then writing somthing that would actualy run on a DreamCast.

    also, was the 'dream cast portscan' done while a game that used CE was running? I would think that nmap would detect CE. Or was it just the sega ROM that was scanned?
    "Subtle mind control? Why do all these HTML buttons say 'Submit' ?"
  • what would slashdot be without this post?

    Actualy, I belive that work was done to get NetBSD to run on the thing, so you may not need to port linux.

    I don't know how usefull the system is for *general purpose* computing (IE they spent all there money on sweet graphics chips). With built in networking it might be posible to build a beowulf cluster, but I don't know how easy it would be to get a program to run on dreamcast (Sega may have 'locked it down' to prevent game piracy, and unlicensd games)
    "Subtle mind control? Why do all these HTML buttons say 'Submit' ?"
  • by Anonymous Coward on Saturday September 11, 1999 @02:08PM (#1688460)
    i just wrote a quick cgi script on my linux box to print out the ip address of the client visiting it. I then went to the cgi script on the dreamcast, and telneted into it. didn't work. i don't have nmap installed, so I'm not going to telnet random ports, but i can tell you that i couldn't get anything out of port 23 and 80. And the cgi script worked right- the client address was different than my linux box's and was on the subnet my isp uses- so it seems to be pretty valid. gr, i hate bogus posts, especially when it gets all the slashdot readers all excited like that. ah well. -ethan
  • by Anonymous Coward
    DHCP is a protocol used on ethernet LANs to do dynamic host configuration. ISPs use "dynamic IP" setups where RADIUS or TACACS spits out a random unused IP from a network for the user to use. DHCP is NOT used in dialup connections.
  • by savvy ( 8628 ) on Saturday September 11, 1999 @06:49AM (#1688484) Homepage
    The Dreamcast comes with a 56k modem for internet game play and web browsing and the like (it actually includes an irc chat client which I thought was awesome).

    The OS issue is not as clear cut. The dreamcast supports two OS's, and games are allowed to pick and choose which one they want to run on top of. A heavily modified version of WinCE is one choice, which should allow for easy ports of PC games (or rather, would make for easy ports to Win32 from the Dreamcast I would be willing to bet). The other choice is Sega's own proprietry OS, that is rumored to be based on the Saturn's OS. It would be interesting to know if the person who did this TCP/IP scan was running the web browser CD when he did this, or one of the games that supports internet play, such as Sonic Adventure.
  • by m3000 ( 46427 ) on Saturday September 11, 1999 @06:56AM (#1688497)
    Doesn't the Dreamcast run WinCE?

    How many times do we have to explain it! This has been rehashed countless times over Slashdot, and al it really amounts to is FUD. Anyway, to explain it read this. [slashdot.org]
  • by Anonymous Coward
    I have no idea what the name and pass is for the machines. We have never even heard about this...
  • well what else would it be? unless its based on a serial number of some kind.

    but what the hell would you do once you were in the system?

    if it is actually used as a backdoor, the commands may not be obvious either. the purpose of it as a backdoor would most likely be to disconnnect the user from the game services. somebody should start working on cracking it just for the hell of it, because i doubt sega will give out info about a backdoor.
  • I theorise no consperacies here. Although I acknowledge that games for console systems aren't developed on the consoles, bugs may arise at a later date.

    I am willing to bet that the telnet entrance gives the user read-only access to registers, and maybe even snapshots of memory. Such tools could be useful to have memory snapshots show up in a web browser on the same PC as the development going on.

    Unfortunately, I haven't followed the specs of the system, but I'll assume also, that Sega may exploit open ports with later addon products.

  • I don't personally have access to a Dreamcast of my own to experiment on, but let's have a little more information, please! A have a few questions about this article...

    1) Through what means was the portscan performed? Was the modem attached to some sort of ISP or what?

    2) What about the other protocols running:
    23 open tcp telnet
    80 filtered tcp http
    113 open tcp auth
    179 open tcp bgp
    12345 filtered tcp NetBus
    12346 filtered tcp NetBus

    Did anyone try to access the web server and see what was open (if not exactly what happened)? What about the two "NetBus" ports? Is there a version of NetBus for WinCE (or whatever Dreamcast runs) that I don't know about? If people are concerned about telnet insecurities, wouldn't NetBus be a larger risk?

    3) Has anyone attempted to brute-force their way through telnet, or any known exploits for the other protocols to check against a faulty implementation?

    I find this information very interesting, but honestly I'm not sure whether or not I believe it without further details!
  • by Shaheen ( 313 ) on Saturday September 11, 1999 @07:10AM (#1688584) Homepage

    I would suspect Sega enabled this feature as a way to debug the Dreamcast - I would also suspect most other console manufacturers do the same, only with proprietary hardware interfaces.

    But what really interests me in how well the Dreamcast pulls off this 'convergence' thing that big companies like Microsoft, Sun, and others have been harping about. I mean, last year, these two companies were saying "We're gonna make it easy for everyone to access and use the Internet! Just watch!"

    Here we are a year later and out of nowhere comes Sega with this console that not only plays some really great games, but also connects to the Internet and enables you to browse the web. But what's so special about that - I can hook up my computer's G400 to a TV display, too. The really cool thing is the power of the Dreamcast is hidden from the user.

    Many of us here complaints that computers are too hard to use - there's no simple way to operate a computer like a television (push a button, and you're there). (We all know we hate these comments, but almost have to admit it.) The good thing about Dreamcast is that any John Q. Gamer (even their parents) can use this thing - they don't have to be computer literate! On the other hand, there's enough power in the device that real computer hackers like us can go to the length of making interfaces to the device (provided there are external ports and such) to harness that power - and the fact of the matter is, we will if given the chance.

    - Shaheen

  • by belphegore ( 66832 ) on Saturday September 11, 1999 @07:21AM (#1688618)
    What ISP are you dialing up through that you saw port 80 open? I've noticed that disturbingly Netcom/Mindspring has started diverting all traffic aimed at port 80 through a proxy server of theirs. I suppose nominally this is to improve caching and make my web browsing faster or something, but you can bet they're tracking everywhere I browse.
    A side effect of this is that nmap will *always* show an open port 80, because when nmap sends packets aimed at port 80, they wind up going to Netcom's proxy server and not the intended host. Also means that if nmap is doing its fingerprint testing against that port 80, it will get the fingerprint of the proxy, not of the actual host.
    If the machine you're portscanning from is going through a Netcom dialup, you're probably just seeing the port 80 on their proxy, and not on the dreamcast. The fact that 12345 and 12346 are also both showing up is also indicative that a router somewhere between your scanner and the dreamcast is doing some filtering/proxying/monitoring. Unless it's just coincidence, I can't imagine why Sega would open those ports.
  • by Dhark Fibre ( 90299 ) on Saturday September 11, 1999 @07:22AM (#1688621)
    Dreamcast USA version has a 56k modem inside and supposedly you will be able to purchase a 10 mbs ethernet card later before X-mas to play with all you friends ( it'd be neat if you could play Q2 at a LAN party with it ). To accomplish this it has to have an IP protocol stack. The parameters and source code for the current stack are actually free ( or sorta free ) if you download the Development Suite for WinCE from Microsoft's web site. Hey at least its cheaper to develop for the dreamcast than any Sony playstation machine.
  • by .pentai. ( 37595 ) on Saturday September 11, 1999 @07:22AM (#1688623) Homepage
    The dreamcast itself does not run CE. CE was ported to the dreamcast so that developers which choose to use it (none do that I know of, but I may be wrong) can.

    Since he was booting with the the web browser disc (I'd assume) it most likely is running CE however...

  • Very interesting. I do have (and use) the WinCe SDK, reading through the CE Builder SDK info the DreamCast is referenced a few times. The hardware OS is boot from GDRom only, all directX D3D, internet, etc.. is all disc specific. While possible it could be a back door, from a developer viewpoint its probably unlikly to be anything interesting.. as well as vendor and developer specific.
  • Connected Edition or something.
    "'Is not a quine' is not a quine" is a quine.
  • ATX1 duh we know that. We're talking about the dreamcast though, how do you even go about sending AT commands to it in the first place, noone yet knows (outside of Sega of course). And for some reason I doupt Sega has SLIP installed.
  • Jeos, as others have indicated you may have actually been probing your providers set up. There's not enough information to determine whether that is so or not. In that case be very careful about brute forcing it, if it is actually your provider that you're looking at they may become somewhat miffed.

    If you're running a linux box it should be possible to set it up as a mini provider. You'd probably have to set up a DHCP server, PPP and telephony obviously. Your provider would then be taken out of the loop and the IP address of the dreamcast box would be easily detectable. If nmap or whatever still detected open ports you could be pretty sure that it was the real deal.

    I think this is pretty interesting, I may run out and buy one just to check.

  • I can see where telnet would be useful for a game.


    A programmer could telnet into the machine and look at or change variables, do step execution, etc.

    Anyone who has done any embedded development can see the logic in this. Game consoles are, in fact, embedded applications. I used to work with ZWorld controllers that allowed me to monitor the execution of the software through the serial port. It was a godsend. IIRC, Sony's AIBO was debugged by telnetting into it.
  • Been way to long sense I've seen it done, but I believe you can simply hook up your dreamcast to your computers modem, dial out on the dreamcast and send an ATA to the modem on the computer. Then just run a ppp server. ok accually its not that simple as you have to force the dreamcast to ignore the fact there is no dialtone.. but if you can pull that off.
  • They have succeded in that, but their machine is completly useless as an Internet Browser (mail, web, other). This is because of the resolution on a TV it's way to low.

    I know what I'm talking about, I've seen it in action and I've used a Amiga+TV to browse with when my monitor broke. I soon grew made and jumped of a cliff... :-) It's impossible to use..

  • by sTp81 ( 26840 ) on Saturday September 11, 1999 @07:30AM (#1688655)
    I checked the http server log for my site (dricasworld.com - complete coverage of the Dreamcast's online capabilities) and got a hostname of a Dreamcast user. Scanned it for open ports and none of those mentioned in the article were open. The guy either blundered and scanned the wrong IP or is full of it.
  • by Anonymous Coward
    Hmm. It's running windows.... Try user: admin, no password ;-P
  • by ElDaveo ( 90306 ) on Saturday September 11, 1999 @07:51AM (#1688678)
    I called Sega a few muinets ago and asked for the U/P. Once I explained the Telnet thing, the customer service rep became *very* aggrivated, and said that Sega has left a lot of ports open, and the reason "will be announced at a later date". Right.
  • by Mawbid ( 3993 )
    Nah, it's for the Marine Corps. They wanna pick out the kids who have been desensitised the most from exposure to violent games and are known to have great reflexes. The kids who aim for the head, shoot once, and move right along to the next one. No point in wasting their valuable talents on their classmates. They're needed in the Corps!

    I thought this would make a good joke but then I realised it wasn't the least bit funny.

  • First of all if the telnet thing is real, its probably an easter egg not back door. I'd try "Joshua" as the username and see if it brings up War-Games. If Sega/the developer of the game wanted info about you it would send proprietary "game statics" through the net to some address. Secondly, people are asking about converting a DC into a "PC", the Saturn could take a normal PC keyboard with an adapter, I would think there would be a simlar thing for the DC. Since the GD-ROM use red laser tech to burn their disc, it should be posible for most CD-R drives to burn a GD, though it may take low-level control of the burning laser.
  • If the IRC server is run by sega, it is very simple to have the IP address masked (only for clients that connect to that server). I remember seeing an "anonymizer" type patch for an IRC server which gave the options to do just that... either have the form of
    "UNIQUEID.anon.ircnetwork.com" or
    "UNIQUEID.realnetworkname.com" where the hostname (first item till the first dot) was replaced by a uniqueid/sessionid... The IRC Ops can see the real information, and the log does contain the mapping info...

    so to repeat... if they connect to a fixed irc server, then it is trivial to make the server hide the hostname info, or even "totally fake it"....

    https://www.mav.net/teddyr/syousif/ [mav.net]
  • Here you go... most everything you'd want to know about copying a GD-ROM. GD-ROMS are physically no different than a CD-ROM, just the low-level formatting of the disc. So all you should need is the right software.

    http://www.johny.sk/cdrinfo/reviews/dreamcast/inde x.html [johny.sk]
  • The only game that has a browser built-in right now is Sonic Adventure. The HTTP_USER_AGENT for the Dreamcast is "Mozilla/3.0 (compatible; Planetweb/1.123 JS SSL US Gold; Dreamcast US)", while for Sonic it is "Mozilla/3.0 (SonicKey)". The hostname I scanned was using the Planetweb browser and not the Sonic browser. The fact is that the guy who emailed /. didn't get accurate results. As much as everyone would like to believe it, those ports aren't open.
  • Dont know if they are or not.... But it would be a VERY cool move if they did.. think of it...

    1-Dorm rooms with Ethernet
    There are many of those cropping up every day

    2-Cable modems (ethernet interface)
    It would be worth it to pay the extra $5 to get a second ip for a dream cast since I already have a cable modem

    3-ADSL modems (ethernet interface)
    This would probably be a better bet than an integrated ADSL modem..

    4-Home network
    friends brings their dreamcasts to play multiplayer in a home lan.

    5-LAN parties
    If there is a Quake2 for the dreamcast, i have a feeling that it will quickly become the lan party tool of choice for many

    an ethernet port opens up MANY more multiplayer possibilities... thus more sales... (of hardware and software).. [the question becomes; can the IP address be configured manually, or does it have to use DHCP; or will it use that autonegotiation stuff in 98 and macos; falling back to dhcp]

    https://www.mav.net/teddyr/syousif/ [mav.net]
  • by AMSmith42 ( 60300 ) on Saturday September 11, 1999 @08:40AM (#1688696)
    Let me get this straight; you have a new Dreamcast AND you were bored? That doesn't make the Dreamcast sound too enticing :)
  • The Yamaha 4416S will write "GD-ROMs" no problem... All you need is the software! :-) I know the 4416S, 6416S and above will do it, I'm not sure about the IDE drives though. Non-Yamaha drives will not write GD-ROM. I'm expecting GD-ROM support in software like CDRWIN this fall... Viv.
  • by m3000 ( 46427 ) on Saturday September 11, 1999 @08:53AM (#1688707)
    First off, AOL doesn't work with the DC. I forgot why, but it doesn't. Also, no, it doesn't use IE. It uses Planetweb's browser, more info here [dricasworld.com].
  • AOL is it's current form doesn't work with the Dreamcast, but they could easily port it over using WinCE. Also, AOL can work over TCP/IP (that's how we used it at work to test websites under it), so it could be enabled to use the Dreamcast's native internet support. You're not required to dial into Sega's net service, you can choose your own ISP.

    Don't underestimate AOL, we all hate them, but they're the biggest "ISP". There's already 300,000 Dreamcasts operating in the US and Canada, and that's one large and easy market for them to go after. Pop in the disc, and turn it on. Jacob Rens Daily Videogame News and Info: http://www.the-nextlevel.com

  • This open port business could have something to do with Sega's marketing of the machine.

    Their ads jokingly say that it knows everything about you, but maybe it's logged into some vast database Sega has assembled with everything about you.

    Hmm... trading info back and forth between the machine and the server while you play. Major conspiricy theory stuff here ;-)

    - Jacob Rens
    Daily Videogame News and Info: http://www.the-nextlevel.com

  • A bit off topic, but is there going to be an RC5 client for this sucker?


  • That still doesn't mean anything. Dynamic IP's get re-assigned, so it could well have been someone else's system you portscanned.
  • by NovaX ( 37364 )
    I think that was NetBSD, not FreeBSD. Free's the one that goes for servers on x86 (and somewhat on a Alpha/Sparc). NetBSD is the extremely portable BSD varient.
  • by cot ( 87677 ) on Saturday September 11, 1999 @09:07AM (#1688726)
    DaveO:Hi, I just nmapped my DC and saw several open ports! I could even telnet into it and get a login prompt! What are you trying to pull?

    Sega:Ummm, sorry sir, I don't know about any maps or netting.... The extra ports on your computer are for possible expansion in the future, to allow for new featu-

    DaveO:What are you talking about?!? This is an invasion of my and every American's privacy! You people make me sick!

    Sega:I'm sorry you feel this way. Honestly, there have been additional connectors on SEGAs console systems for years, allowing for future upgradability, such as more controllers, external storage, etc. I don't really see how this affects your privacy. You could always return the system if you can't live with this.

    DaveO:This is ridiculous, I can't believe you thing you are going to get away with this you ^##%@#%$@


  • by ZeroTolerance ( 18688 ) on Saturday September 11, 1999 @09:09AM (#1688727) Homepage

    23 open tcp telnet
    80 filtered tcp http
    113 open tcp auth
    179 open tcp bgp
    12345 filtered tcp NetBus
    12346 filtered tcp NetBus

    The 'filtered' in the above means that those ports are actually intercepted somewhere in between ... this DOESN'T mean that the device is actually listening on those ports ... for ports 12345 and 12346 I can understand this ... most ISP's totally block access to ports 12345, 12346 and 31337 nowadays (oh how difficult it is to change the IP of BO/NetBus .. but it protects your system from the average script kiddie, I guess) .. I don't know why port 80 would be blocked though .. makes no sense to me .. but from the above list, it's absolutely logical that you didn't get a connection with your web-browser
  • by Anonymous Coward
    Perhaps the ports are open for upgrade reasons. Consider the following scenario: Sega realizes there has been a small bug. They decide to release an upgrade for the operating system. They send registered users a letter telling them to go to a web site or whatever. The user goes, and from there, an applet connects to their dreamcast (from the server side), gets the system information from a telnet session by "logging in" and then the dreamcast spits back OS version info, firmware revision, etc, and then the applet uploads the correct operating system revision to the dreamcast. Is this possible?
  • Nice respect for peoples privacy there, port mapping a visitor to your web site. I'll make sure to religiously not visit it.

    In any case you don't have anywhere near enough information to make a judgement on whether Jeos' 'blundered' or was 'full of it'. If the Dreamcast user on your site was connecting to you through any sort of device that does network address translation (i.e. a firewall or cablemodem sharing device such as a UMAX UGate-Plus) or the provider they were connecting through did any filtering on incoming requests then they would fail. You don't even know if the user got bored, turned off their Dreamcast and turned on their PC.
  • by j_d ( 26865 )
    This is too weird... I just have two questions:

    1. (dumb one) How was this thing getting its TCP/IP? Ethernet port, serial PPP, what?

    2. Doesn't the Dreamcast run WinCE?

    Question 1 : The dreamcast comes with a web browser, and a 56kbs modem. It lets you set up a connection to whatever service you like, or you can use worldnet, which is Sega's "preferred provider". I'd assume that when you've got the browser up and running, you've also got these ports open so Sega can nefariously check your system out. Muah ha ha!

    Question 2 : The Dreamcast CAN run Wince. It doesn't have to. Games load everything from the GD, so a developer could roll his own, go with sega's or go with Wince.
    So far, the only wince game I've seen (Hydrothunder) looks Really Bad.

    and there you are
  • by ethomson ( 90316 ) on Saturday September 11, 1999 @08:30AM (#1688735)

    According to this portscan, the dreamcast supports BGP! For those of you who aren't familar with BGP, it's a policy-based routing protocol used (for instance) at the NAPs.

    So does this mean that Sega is going to start selling routing cards for the dreamcast? It's good to see that someone's finally working on an internet device that isn't just a client, but an affordable router! It's high-time I got rid of that crappy Cisco we have over here and replaced it with a fine piece of networking machinery, like a Sega. I'm so happy to see a router that's not just cheap - but you can also play games on!!!

    Seriously, though, it does indeed appear that your ISP is doing something silly redirecting ports. This is particularly probably since nobody else can recreate this test. Either that or Sega chose a really bad port number to bind on.

  • (From the help-me-get-my-feet-back-on-the-ground dept...)

    Ok, what do we have here ? We have a machine that allows data input (the CD drive and the telnet port), remote access and data output (outgoing ports).

    So far, we do not know how the stuff inside works. For example, we do not have any Dreamcast emulator. But this may happen soon.

    IF we manage to understand the inner protocols of the system (after all, it has been done for the playstation, it is probably feasible for a WinCE machine, isn't it ?), then we might produce slightly modified CDs to have the console do rather cool things :

    Remote Dreamcast playing on your computer. Setting some mechanism to redirect display directives through the outgoing port, and accept commands from incoming. Ever tried a 20-players Destruction Derby over the internet ?...

    This might work the other way round : by telnetting into the console and interfering with its display output, we might modify the look of the games at will - imagine : themes for your Dreamcast !

    X servers for Dreamcast. Yeah. Now this may have implications that I cannot even imagine - or it may just be plain bullshit as well. I don't know. I don't even want to know. The very concept in itself (come on, X on a console !) is enough to make me wonder.

    Thomas Miconi
    Karma Police - enforcing peace of mind by all possible means

  • by kriston ( 7886 )
    The web browser in DC is nothing like Pocket MSIE. It's something called Planetweb, and it's nothing to be excited about. Still, it's better than WebTV. It also has built-in email and IRC, if you can believe that.

    My browser disc didn't work so I returned the whole thing for a new one... everything works now except I cancelled the internet registration half-way through and now it thinks I'm registered. I can't figure out how to get back to registration so I guess I'll have to sign up on the PC to get my login information that way and manually enter it. It's not exactly ready for prime-time.


    Kriston J. Rehberg
    http://kriston.net/ [kriston.net]

  • i wonder if the dreamcast has _NSAKEY embedded anywhere? :)

    $mrp=~s/mrp/elite god/g;
  • by Jeos ( 49871 ) on Saturday September 11, 1999 @08:39AM (#1688743)
    Ok heres a little more info on the Dreamcast, I was the one who posted.

    I was running the web browser CD on the Dreamcast and I was dialed to my ISP, my university. I ran the port scan from my computer. I obtained the IP of the Dreamcast from a website which gives you your IP. It's possible this is wrong, but this is the only way I can think of to get my IP. As far as I know there is no direct way to get the IP, the Dreamcast doesn't tell you your IP.

    I would like to try and find a l/p for it, although it'll be kinda hard since I don't even have a username. If anyone knows of a good brute force program for telnet let me know. My email is aminidab@mailcity.com.
  • It's not external, it's modular. There is a tab on the bottom of the DC that lets you remove the 56k modem and replace it with something better. I'm personally excited about a rumored ethernet card so I can use it on the cable modem.


    Kriston J. Rehberg
    http://kriston.net/ [kriston.net]

  • > 2. Doesn't the Dreamcast run WinCE?

    For what probably won't be the last freakin time, NO, the Dreamcast does not run WinCE. It CAN run WinCE.
  • by whimsy ( 24742 ) on Saturday September 11, 1999 @09:35AM (#1688750)
    i called sega's dreamcast number (1-888-345-SEGA), they asked for my name and phone, and i proceeded to fake it:

    rep:can i please have your name and phone number?
    aaron:doody doody doo!
    r: thanks, how can i help you?
    a: well.. i was using my dreamcast, and i tried to telnet into it. it asked me for a username and password.
    r: huh?
    a: i tried telnetting into my dreamcast from another computer.
    r: is telnet ppp?
    a: huh?
    r: do you know what ppp is?
    a: yes. both computers are connected via ppp. the dreamcast is connected over modem and my computer is connected via dsl.
    r: uhhhh...
    a: anyway, could you give me the username and password?
    r: you shouldn't need one.
    a: everything works fine - thats not the problem. i just want to see what it does.
    r: do you use at & t worldnet?
    a: no.
    r: well just go to "other" when you reboot, and that will tell you how to sign up. did i answer all your questions today?
    a: well, no. that's not the problem, everythign works fine. there's no other number i could call?
    r: you mean your isp?
    a: no. for dreamcast.
    r: that's me!
    a: okay. do you know a login and password for the dreamcast?
    r: you need a login and password when you start the dreamcast?
    a: *chuckle* i think we're misunderstanding each other. i'll start over. my dreamcast is connected via modem, via my isp. my computer is connected via dsl, via another isp.
    r: okay...is your isp worldnet?
    a: no. i tried scanning for open ports on my dreamcast, i saw telnet was open, and i tried using telnet to access it. i did this from my dsl-connected computer. i got the login and password prompt in the telnet window. the dreamcast works fine, even when i'm using telnet.
    r: whoa, man. i dunno.
    a: alright..
    r: i couldn't give you any dns or anything
    a: yeah?
    r: that'd be ILLEGAL!
    a: *chuckle*
    r: alright, sorry i couldn't help. have a good day.
    a: you too!

    hmm..and i don't even own a dreamcast :P
  • by kriston ( 7886 ) on Saturday September 11, 1999 @09:35AM (#1688754) Homepage Journal
    The whole thing on OpenBSD on Sega Dreamcast is here:


    Kriston J. Rehberg
    http://kriston.net/ [kriston.net]

  • and then you can see what's really going on...
  • by RaveX ( 30152 )
    As another user has stated, ping flooding is a denial of service attack. As I am now stating, Dreamcast doesn't use an out-of the box, stock release of any OS, meaning that "exploits" aren't known yet. Therefore, if you're going to hack it, you'd better be more than a script kiddie who has no idea what they're doing other than hitting buttons that say "p1ng fl00d" or the like...

Beware of Programmers who carry screwdrivers. -- Leonard Brandwein