Hacking The Connects Internet Radio

[zivan56]

The online radio stuff could probably easily be broken by "imitating" the Yahoo site and API; fooling it into using something like shoutcast.com. This sound quality is probably because they use low quality music for streaming (Yahoo)...

[CrowdAds]

[tuba for life]

Quote:

Originally Posted by zivan56

The online radio stuff could probably easily be broken by "imitating" the Yahoo site and API; fooling it into using something like shoutcast.com. This sound quality is probably because they use low quality music for streaming (Yahoo)...

Do you actually know if the radio could be broken because that would most likely open up a lot of options for programmers. If they can get to different radio sites then why not websites in the future.

[EnzoTen]

Quote:

Originally Posted by zivan56

The online radio stuff could probably easily be broken by "imitating" the Yahoo site and API; fooling it into using something like shoutcast.com. This sound quality is probably because they use low quality music for streaming (Yahoo)...

The Connect uses Zing to interface with Yahoo's API. Zing sits in between the Connect and Yahoo. www.zing.net

[zivan56]

Yep, I've been able to trace some things to https://agrs.zing.net/ where there is a RPC service. If someone could capture some traffic between the device and this, it would be a start. The Sirius radio wifi device also uses the same protocol and software for the most part.
Also, the recover app has an interesting DLL that emulates the device and connect to the update service. In fact, if you are a .NET developer, you can import it into the namespace and use parts of it easily.

[zivan56]

Quote:

Originally Posted by tuba for life

Do you actually know if the radio could be broken because that would most likely open up a lot of options for programmers. If they can get to different radio sites then why not websites in the future.

Most likely, we would just "emulate" the web service it uses and do some simple route changing to ensure it talks to the fake service instead. I see no reason why you couldn't use this as a web browser, once the encrpytion is cracked all that we would need to do is compile something like mimo and run it instead of their custom mono app that they use for the GUI.

[t-nine]

I think it'd be alot more difficult than you may think. This would require a complete firmware edit, and even then, it may not work for sure.

[EnzoTen]

You dont necessarily need to edit the firmware you can emulate the web service as zivan65 points out. It would be an access point that would spoof the zing service... in this case https://agrs.zing.net/

[mtz2000]

This is kind of an old thread again - but i'd like to encourage everyone to add his experiences or ideas into this great wikipage about Sansa Connect Hacking or as well in here. We can make it!

[PromisedPlanet]

Quote:

Originally Posted by mtz2000

This is kind of an old thread again - but i'd like to encourage everyone to add his experiences or ideas into this great wikipage about Sansa Connect Hacking or as well in here. We can make it!

I'm all for centralizing discussions (though it's a bit like herding cats), but ... are Rockboxers going to be interested in an approach that doesn't actually involve hacking the Connect's firmware?

[PromisedPlanet]

Quote:

Originally Posted by zivan56

Yep, I've been able to trace some things to https://agrs.zing.net/ where there is a RPC service. If someone could capture some traffic between the device and this, it would be a start. The Sirius radio wifi device also uses the same protocol and software for the most part.

Zivan56, are you actually able to sniff the streaming music packets? Have you been able to figure anything out about stream headers, type of encryption etc.?

[obo]

Quote:

Originally Posted by PromisedPlanet

I'm all for centralizing discussions (though it's a bit like herding cats), but ... are Rockboxers going to be interested in an approach that doesn't actually involve hacking the Connect's firmware?

Rockbox as an app is a possibility (basically a specialised simulator build) - something similar has already been done for a series of Motorola smartphones. A big hurdle with the Connect is it's lack of UMS/MSC support - getting files onto a Connect would either involve finding an exploit in the existing firmware (and/or associated libraries), or finding a way of uploading what we want via the recovery procedure. From looking at the root filesystem the assets (the 17Mb tar.gz) is GPG verified on the Connect when it is received - strings in the flash firmware mention PGP, so something similar may be done for the initrd image too.