For a while now I've wanted a standalone internet radio; something that
only required power and had wifi and would then stream audio from my
desktop machine. A bit like the
Slim Squeezebox but
without the need to plug it into a HiFi setup. I'd found the range of
devices based on the Reciva Barracuda module,
but they all seemed a bit too expensive to impulse buy.
Currys are now doing the Logik IR100, which
uses this module, for £49.99, at which point I decided it was
worth a look.
I'd already done some investigation about the module. It runs Linux,
Reciva do the Right Thing and make their
code available, and it can have its
firmware upgraded. There used to be a wiki of info, but it's disappeared
recently. Richard Kalton has a
blog of his progress - he's got a shell, but doesn't seem to have found
any serial console pinouts and seems to have gained the info required to
get a shell (which he doesn't disclose) from reading the flash off the
board itself. 'bill888' also has a general
Logik IR100 page.
The radio itself seems quite consumer friendly. You plug it in, press
the on button and tell it to search for networks. It then shows a list
of ESSIDs which you can select from. It'll let you enter a WEP/WPA key
if necessary, but I setup an unencrypted wireless network for testing.
It then downloads a station list and you can chose what you want to
listen to. Seems to do exactly what it says on the box.
It doesn't support Oggs though. And all my music is Ogged. So I want in.
As a first approach I'm trying not to take it apart - it doesn't seem
like anyone's got serial access, or confirmed JTAG as working, so there
doesn't seem to be anything to be gained by opening it up yet. So I
decided to watch network traffic, in particular what it does when you
ask it to check for new firmware.
The initial request is for:
http://copper.reciva.com/cgi-bin/service-pack.pl?serial=<serialno>;sp=<current service pack>&hw=<hardware id>&sv=<serial firmware>&check=1
This then sends a redirect to:
reciva://copper.reciva.com:6000/service-pack/sp-wrap-cache/sp.255-c-158.tar
Now reciva:// is an encrypted custom protocol it seems, that passes
the serial number to the server, which then returns a challenge, which
the device then hashes up and generates a session key, passes back to
the server and asks for the file. You can see this in lib/rtp.c from
the curl tarball on the Reciva GPL site. Unfortunately there are bits
missing - several files (rtp_encrypt.h, rtp_encrypt.c,
sernum.c) and it appears to want to talk to some sort of sernum
daemon. As such I haven't been able to get a copy of the firmware
upgrade tarball. :(
However, if I could get one and have a look to see the format (is it a
full file system image, or just changed files? Is it relative or
absolute paths?) then I think it should be possible to build a new
firmware image, hijack the connections to copper.reciva.com on my local
network, and redirect to a http:// URL rather than a reciva://
URL, thus avoiding having to do the encryption stuff. Assuming, of
course, that the upgrade isn't itself signed or encrypted. More prodding
required...
