time to get cracking.

Ok I have two of the Aireo mp3 players and the maker refuses to give me any information on how to get things inside it. yes they mention that it act's like a regular usb drive, but if you put your mp3's on it they do not show up in any of the music selections lists, only in one playlist called "unknown". i find that highly unacceptable. Besides the reason I bought this over the ipod was the wifi and FM transmit functions. so in order to not feel remorse over buying this unit over an ipod that would work perfectly with my computer and with linux, and in an attempt to get away from the horrible soniqsync app that you are forced to use with this player I am officially calling out for starting progress to completely reverse engineer this device. So far hardware wise I love the thing, it's failing is it's windows software and the fact that the management of the parent company is afraid of open source by refusing to help.

reverse engineering both the USB transfers and the WIFI transfers are top priority. I would love for my main linux server in the house to automatically change playlists for me as well as upload my favorite podcasts to the unit.

after digging in the firmware of the aireo I have came to the conclusion that it seems that it uses a form of Windows CE. there are refrences in plain text that you can see in a hex editor that refer to the "Microsoft RNDIS virtual adapter miniport" and there are also refrences to TFTPStateMachine so TFTP may be the way the unit retrieves it's files from the "server" when in wifi mode.

and it also has refrences to "inflate 1.1.4 Copyright 1995-2002 Mark Alder" as well as a bunch of what look like hidden test menus that must be accessable with a key combination on boot. as well as the groundwork for the microphone in front and even using one of the headphone plugs as a line level in for recording.

with other refrences to pressing [enter] and [space] in the bin file I am certian that this is not a "from scratch" firmware but certianly an embedded os with their code sitting on top. this increases the chances that the wifi protocol is completely standard. so a ethernet sniffer is in order so I can dig through a typical communication session and discover it's "secrets"

after some research i found this....
Microsoft, in my opinion, used the public domain INFLATE.C by Mark Alder (1992) as the basis for their decompression engine supplied in EXTRACT.EXE and FDI.LIB. Mark's code is also used with KWAJ Mode 4 compressed archives (DECOMP.EXE) and Microsoft's Plus! DriveSpace 3 "UltraPack" (DRVSPACE.BIN), both of which use the PKWare encoding.

which further solidifies my suspicions that windows CE is under the hood in the Aireo. along with lots of talk on the net that windows CE.NET uses the "Microsoft RNDIS virtual adapter miniport" plaintext line in compiled binaries of the system.

My next steps is to install windows 98 or 2000 on a Vmware install on my linux machine so I can snoop ALL communication in and out of it easily and see what exactly is going on on the Pc side and the Aireo side.

also I have came to the conclusion that I need to take advantage of this and make the app that will replace the soniqsync cross platform capable. So I am goingto write it in python using wxpython widget control so that the final result will be able to run on Windows, Linux and OSX.


Popular Posts