As the new owner of an abandoned Redbox kiosk, you're now responsible for a heavy, motorized steel unit that could become a security risk if left unattended. Before leaving it powered on for an extended period, there are several key adjustments worth making to ensure safety and reliability.
First and foremost, DO NOT power on the unit. Doing so may cause damage to the kiosk and/or discs. To access the lock, you will need to open the back cover of the kiosk. Indoor units require an S02 Robertson (square) bit, while outdoor units use either H4 Security Hex or T25 Security Torx bits. These screws line the outer edge of the back plate, and once removed, the panel can be lifted off.
After gaining access to the unit, begin by removing as many discs as possible from deck 4 (the fourth platform from the top of the carousel) to reach the lock. During this process, make sure to clear any discs that may be jamming the carousel, as a stuck carousel can cause issues when powering the unit on.
Once deck 4 is cleared, it’s helpful to position a flashlight either on top of the carousel pointing downward or on deck 5, aiming at the lock. With proper lighting, observe the lock’s barrel on the front of the unit to determine the direction of the arrow. If the arrow points up, press the indent on the top of the barrel. If it points down, press the indent on the bottom. Use a flathead screwdriver to reach through deck 4 and depress the small square on either the top or bottom of the barrel, depending on the arrow’s direction.
A successful action will be indicated audibly, and the lock cylinder and handle should extend from the housing. To open the door, turn the handle counter-clockwise until the door is fully unscrewed and can swing open. Since some of these kiosks may have been sitting unopened at retailers for months, they might be difficult to open. We recommend applying grease or lubricant to the mechanism to make future openings easier.
todo: (add images)
Each kiosk includes a cellular modem, which was previously used to maintain an internet connection. However, most data plans have been inactive since December 2024 due to non-payment, meaning the unit may not currently be online. Before reconnecting any kiosk to the internet, it’s strongly recommended to remove or disable vulnerable software such as Kaseya and RealVNC 4 to reduce security risks. These outdated tools could expose the system to potential threats. If still installed, the IBR200 modem can also be repurposed as a Wi-Fi extender, operating on the 2.4GHz band with a maximum speed of 60 Mbps.
It is not recommended to connect systems running Windows 7 Embedded Standard (32-bit) to the internet. This operating system is no longer supported by Microsoft and does not receive security updates, leaving it highly vulnerable to modern exploits. Connecting it to the internet increases the risk of unauthorized access, malware infections, and data breaches—especially if legacy software like RealVNC 4 or Kaseya is still installed.
Kaseya was used by Redbox for remote kiosk management. The software can only connect via the accessredbox.net servers, which is still registered at present. However, the domain could potentially be repurposed in the future by a malicious actor to serve as a Command and Control server for any kiosks still connected to the internet. To mitigate this risk, you should disable Kaseya services in Service Management or uninstall the software entirely.
RealVNC 4, an outdated version of remote access software, is installed on many Redbox kiosks. This version has several security vulnerabilities due to weak authentication, lack of encryption, and other exploitable flaws such as buffer overflow vulnerabilities. These issues could allow attackers to gain unauthorized access to the kiosk, potentially compromising sensitive information or controlling the system remotely. Given that RealVNC 4 is no longer supported and lacks security updates, it is highly recommended to either uninstall RealVNC 4 entirely or disable the service through Service Management to mitigate any security risks.
It is recommended that all kiosk owners delete old .log files, as they may contain limited personal information from previous users. However, Redbox complies with PCIe standards for handling such information. If your kiosk has been inactive for several months, the KioskEngine application will automatically purge these old logs upon startup.
C:\Program Files\Redbox\KioskLogs\ErrorLogsC:\Program Files\Redbox\KioskShell\logsC:\Program Files\Redbox\REDS\DeviceService\logsC:\Program Files\Redbox\REDS\Kiosk Engine\logsC:\Program Files\Redbox\REDS\Update Manager\logsC:\ProgramData\Redbox\KioskClient\LogsC:\ProgramData\Redbox\UpdateClient\LogsIf you've recently acquired a Redbox kiosk and want to tinker with your machine in the comfort of your own room, you may want to look into setting up a VNC server. A VNC server will allow you to remotely access and control your kiosk from any device, anywhere, which can save you the hassle of connecting a keyboard and mouse each time you need to access the machine. This is especially useful if your kiosk is placed in a less convenient location, like outdoors or in a cold garage. To start a VNC server on your kiosk, you'll need to choose one first. UltraVNC is highly recommended, as it works great on 32-bit devices and is easy to setup. First, visit this page to download the latest version of UltraVNC Server (make sure to select the 32-bit architecture). Then, drag this executable on a USB stick and plug it into your kiosk.
Once you boot your kiosk, open the File Explorer and navigate to your external USB. Click on the executable to start the installation, and follow the instructions to set up your VNC server. When the installation is complete, navigate to C:\Program Files\uvnc bvba\UltraVNC and launch the uvnc_settings.exe file located in this folder. Here, you'll be able to configure your VNC server and setup a password for accessing it.
Then, apply all changes and restart your system. Once your system boots back up, you should be able to access your VNC Server at port 5900 (by default). Download a VNC Client on your devices (like RealVNC Viewer), and enter your kiosk's local IP address followed by the port. You should be able to connect without issues and access your kiosk on your network!
Tip: If you want to access your kiosk outside of your network, you can setup port forwarding on your router to expose the 5900 port.
If you'd like to have the option of managing the files on your kiosk with ease, enabling the SMB1 protocol is a good choice. Similarly to setting up a VNC Server, SMB will allow you to access your kiosk's internal files without the need of navigating through File Explorer directly. Before enabling SMB, you'll need to create a new Administrator account or change the password for Rbuser to login. You can learn how to change the default Administrator password here.
If you already have access to an Administrator account, open the Command Prompt on your kiosk and run the following command to enable SMB through the registry editor:reg add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" /v SMB1 /t REG_DWORD /d 1 /f
This will create a registry record enabling SMB1 on your device. Before you continue, it's also recommended that you ensure SMB will start properly on boot. To do this, enter the Services Manager (services.msc) and look for the following services: Server, Workstation, and TCP/IP NetBIOS Helper. For each of these, right-click them and select Properties, and make sure that the Startup type is set to "Automatic". They most likely are, but if not, make sure to update them as so and start them afterwards if they aren't already.
Once you've enabled SMB and configured the start-up services, you'll want to grant permission to access the C:\ drive on your kiosk. Navigate to your C:\ drive in File Explorer and right-click on it, then select Properties. Click the Sharing tab, and select Advanced Sharing to open the permission manager. Tick the "Share this folder" option, and create a “Share name” to continue (you can name this whatever you'd like). Click the Permissions button below it, and check Allow for each option (Read/Write/Full Access), making sure the “Everyone” group is selected.
After doing this, you should be able to access your kiosk files through SMB! If you don't know how to do this already, you can use this guide here. When you're prompted to enter your credentials, use the login for your Administrator account that you setup before you started. That's it!
If you want to enable functionalities like starting a VNC server, enabling the SMB protocol, or any other tasks that require a local network connection, you'll want to connect your kiosk to your home network. As you may already know, however, you may not want to expose your computer to the internet directly as it may cause complications in the future when software is no longer supported (or in the case of being required to upgrade Windows 7). To help minimize your risk to such complications, you can configure your router's firewall and disable access to WAN. If you don't have your kiosk connected to the internet already, you can follow the instructions here.
To do this, you'll need access to your router's administrator panel. This tutorial will be using OpenWRT, but most router's support this functionality in a similar way (the instructions may vary, however). First, login to your router's OpenWRT interface and go to Network > Firewall > Traffic Rules. Then, create a new forward rule with the “Source zone” set to LAN, and the “Destination zone” set to WAN. Then, update this forward rule to the following details:
Name: [enter any name here]
Restrict to address family: IPv4 and IPv6 (default)
Protocol: TCP+UDP (default)
Source zone: LAN (default)
Source MAC address: [select your kiosk's MAC address here]
Source address: [select your kiosk's local IP address here]
Source port: any (default)
Destination zone: WAN (default)
Destination address: any (default)
Destination port: any (default)
Action: reject
Click the Save & apply button below, and wait for the changes to propagate. Your kiosk should now have internet access restricted to only communicate devices in your local network.
Electrical work must be performed with extreme caution and precision. If you are unsure about any part of this process, or lack the proper tools or experience, stop immediately and consult a licensed electrician. Improper wiring can result in serious injury, death, fire, and/or damage to kiosk equipment.
This guide is for individuals who plan to reuse the existing outlets within the kiosk. If you're not confident in completing this process, consider using an extension cord as an alternative. Make sure the cord supports at least 125V. Keep in mind that, depending on the type of cord used, it may obstruct the removal and reinstallation of the drop bin.
Ensure all outlet connections are secure and tight before performing any tests.