If any of you have a box that hasn't been activated the ethernet port will light up and get a valid ip address since it's never been updated. You can then ssh into the box without any password, and it is a root user. For ones that have been updated they disabled the Ethernet port, and you have to make a script on a usb drive that the box looks for and runs commands from to renable it. I haven't had time to get back into hacking the box for fta use much, but back when the service was active I did have a non updated box I played around with and gained a lot of information on. I have a script lying around on one of my computers, that basically can be put on a flash drive and plugged into the orby dvr or regular stb and it enabled the ethernet port, even on the latest firmware. The best I was able to do in the past was change the transponder config file to point to a new frequency and get it to scan in and add the channels in a weird format. How the original box worked was it basically read from a pre configured transponder config file that just had the frequency, modulation, and symbol rate. Then it took that and scanned it and compared it against a list with names that matched all the service pids in the transponder mux. It had a bunch of other hard coded stuff, but the firmware was definitely based on a generic image for various different companies that kaon made boxes for. I think the best we can expect from these boxes is to use them on something like 103 west with the muzak transponder that also has nhk world on it. I couldn't ever get it to do more than one transponder at a time. What I was actually trying to accomplish in the past was enable dvr on non dvr orby stbs, as the code was nearly the same and it had references to a usb hdd for recording, so that might also be something that can be done for recording ota channels with non dvr models. You can dump the firmware and it's not really encrypted, just hard to read as it has a bunch of java binaries. For example that nice orby guide backdrop and logo are in one of the compiled, but not encrypted java app binaries called alticaptor. This is probably a lot of information that only devs would understand, but I definitely think we can do something with these boxes. Probably our best bet is trying to run regular linux for the same cpu on these. It's a broadcom soc, the same exact chip is used in the dish network wally, and some cable boxes. It's also super similar to a roku cpu or an older raspberry pi.