Trying to hack/crack a remote control

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

I've got a new Harmony 1000 remote from logitech. It's a new
touchscreen remote that has just came out.  Of course, I can't leave
well enough alone and would like to take a look at the inner workings
of this thing.  That's where it gets difficult and I'm hoping someone
might be able to help.

The remote connects via usb using a Belcarra USB Lan Link.  The remote
gets assigned an IP address of  I've scanned it and it
shows that it is running both telnet and ftp (as well as another
service called "discard" according to nmap).  So I've tried to
telnet/ftp into it using a various combination of passwords and
usernames.  I've also tried to do a dictionary attack, but the remote
shuts the service down after so many attempts.  I've also tried using
both Cain and Wireshark to analyze the packets being sent to the
remote during an update that is performed by the included software. I
got a lot of data, but I can't seem to find any plaintext passwords or
usernames in the packets.  It seems to be just some TCP traffic
travelling between the two.  The software running on the computer is
java, and the remote's software might be java as well.

Do you guys have any ideas on how I might be able to get into this
thing?  Any exploits on the telnet or FTP service that can be run? Any
digging through .jar files that may reveal anything?

Site Timeline