Slashdot Mirror
Hacking the Streamium
UVwarning writes "I submitted a review to Slashdot about a month ago complaining about various problems with Philips' streamium MCi-200 (an Internet micro hi-fi system). The main gripes being that Philips controls which Internet radio stations you can listen to and that the PC-link software (which is used to serve MP3s from your PC to your Streamium) only runs on Windows. I managed to fix both of these problems by reverse engineering the PC-link protocol and writing my own pc-link server in perl, which can be run on practically any OS, *and* can trick the Streamium into playing any Internet MP3 stream that you want! This is a must-have for any Streamium user. Here is a more detailed article along with the perl script and an outline of the PC-link protocol."
Well I'm too sleepy to think much beyond the fact that Phillips probably won't like this.
How long before version 2 units that prevent this, or some other propietary work that forces someone to do some more reverse engineering?
Twelve fingers or one, its how you play. ~Gattaca (Vincent)
that being Sony will sue him into revoking via DMCA,... LOL
So you dont even read the post ehh. It clearly mentions Philips' streamium MCi-200. So if you must first post, then first post correctly.
... whenever a text is transmitted, variation occurs. This is because human beings are careless, fallible, and occasiona
The XML schema is publically available, the protocol is plain text, and XXML itself is widely documented and implemented. I'm sure the provided Perl script iis a nice application, but its hardly the product of "reverse-engineering".
"The lesson to be learned is not to take the comments on slashdot too literally." --Vinnie Falco, BearShare
Philips sues *you* and throws *you* in jail!
Seriously, you're going to taste the blade of the DMCA pretty soon. I mean, what if Philips wanted to sell you this new-found freedom for $39.99 in the form of a "Freedom Xpansion Pack(tm)"?
So get your mirrors on, bitches!
I don't know, Philips might be okay with this... It's not like they're making more money from the restrictions, or losing money from his hack, or it's affecting other customers. Microsoft doesn't want modded Xboxes on live because it affects service for others (really people, why does a linux xbox need to be on live? Sure, it's a pain to take the chip out every time, but it's also a pain to lose every other game to a 13 year old with a wallhack). Printer makers don't like toner cartridge hacking because they lose money. But Phillips doesn't have any financial reason to sue the guy... they may do so because they want to control their products, on the other hand.
They don't even need the DMCA for this.
:)
isn't it so that the philps license forbids reverse engineering (like most software licenses?)
the fact that he had the original software makes him a computer criminal legally, because he violated the terms of agreement to which he agreed when he was within 3 feet of the original software
int.
Let me guess, you're one of those guys who laughs at your own lame jokes when you tell them over and over again.
Did you actually chuckle when you posted this knowing its been told hundreds of times already?
It was funny the first 10 times, but its NOT FUNNY ANYMORE.
GET IT?
AC
"Normally this would point back at the pc-link server and the streamium would just access the mp3 file through there, but you could give it a url for some mp3 stream somewhere on the internet."
I see a fireware upgrade in the near future :-\
Belief is the currency of delusion.
Props for sticking it to the man but isn't the Stream/ium just a set of speakers connected to the internet?
What's the difference between this and simply streaming music to your computer, then streaming it out of another set of speakers?
Maybe it's the idea of replacing radio with a true people's medium? Maybe wrenching power away from the media moguls and using the internet as the peoples voice to listen to/stream the music they want? In that case why did you buy the Stream/Ium in the first place? It obviously only connects to Phillips approved content and judging by this statement: " Digital connectivity also enables the Streamium MC-i200's digital connectivity to receive additional services and features from Philips and its partner companies as and when they are offered. Details of available updates for both the Streamium MC-i200 and the FW-i 1000 will be posted on the Philips Audio website, www.audio.philips.com." It sounds like its going to be collecting data about you.
If you get an error, type "OVERRIDE" or "SECURITY OVERRIDE" and then try the optimize command again.
Now that it's so much more useful it seems like a good deal.
That red on alloy look is kind of quaint and so retro 20th century though. Do they come in another color ?
Maybe not. There doesn't seem to be any reason for the original restriction other than that of ease of implementation of the client software, so... it's probably in no-ones interest to crack down on this.
You've just "reverse-engineered" HTTP and XML.
-- 'The' Lord and Master Bitman On High, Master Of All
The slimp3, if you've not heard of it, is a thin-client that will play mp3s streamed from the server. The server is written in perl, and kicks much ass. I'm pretty sure that people are using the server as a front end to their mp3s (as the server can also feed an http stream), even without owning the slimp3 hardware.
Those with perl-talent should totally be able to hack the existing (open source) slimp3 server into supporting this hardware as well.
Granted, I'm not too sure how much the slimdevices folks would appreciate this, but the two projects seem ripe for marriage.
AM/FM Tuner Card___$ 20
100 Watt Speakers__$ 50
TV Tuner Card______$ 40
Linux of choice____$free
Total Cost_________$310
What do ya know? Cheaper than the Streamium, yet I can play movies too.
First of all I'll admit I didn't read the article...
;)
What I did do was start wondering if there are any open standards to do things like this... I've been thinking about making a box at home to serve mp3s and movies, which would then be played at various devices (my desktop PC, my tv-attached laptop etc...)
This might not be quite on topic, but are there open standards for linking devices for serving and playing back media in a user friendly fashion? Sure you can do things like this, but the whole user friendlyness is critical for me, or rather my girlfriend, who won't have any of it unless she can use it too
.: Max Romantschuk
It costs you $310?
Good, sell one to me for $320, and you can keep the difference.
C|Net tells me I can get one for $350. Heck, sell it to me for $330, I'm feeling generous.
GPL Deconstructed
The general customer wants nice looking devices which connect to the internet. Philips has "tricked" them into buying this music device which you could build in a single ARM Linux board.
But hey, don't we want nice looking mp3 players? I know I would want my PS2 to play MP3's (which I've bought the Linux kit for... :-) Saves 1 noisy PC.
Post the Perl script everywhere, so we can still have it when Philips sues you ;-)
do you? It doesn't seem anybody does...
They are losing something. It's not money, it's not customers... it's control. Sometimes that's more important than either of the others.
occultae nullus est respectus musicae - originally a Greek proverb
...this is a site I did last year for wireless Mac OS X/iTunes to my home theater. I can listen to streaming or whatever...audio, and video. The basic premise can apply to most any computer and home stereo system, so if you want to try (and don't use OS X), don't worry...there's plenty for everyone.
just because it is generally held to be so doesnt mean it is. Fair Use is not covered by common law, and is open to interpretation.
The DMCA, however, forbids reverse engineering for the purpose of circumventing digitally protected media.
Morally, I agree with what this guy did. However, by posting this he is getting himself into a world of sh*t.
Manipulate the moderator system! Mod someone as "overrated" today.
I said that, actually. I just think companies are more likely to sue if there's money in it, or if it helps them.
Save yer money... Build your own iNet rAdio, where you control the content.
My dad works for Philips, and as long as I can remember, they've been putting out products with reasonable or good quality and ofttimes a very nice technological edge, only to have them fucked up by some marketing droid imposing rediculous limitations on them.
Hell, that the software is put out only for windows I can understand: Philips has a pretty good relation to microsoft and has, afaik, never even bothered to look at alternatives, but I just can't understand why they limit the Internet-radio part to just a few 'philips-certified' stations. No brainer!
It's probably something to do with philips large interests in media groups (they have large stocks in some recording companies, and also in Vivendi, which does this kind of stuff too I think) and some marketing guy thinking this is a smart way to combine the two. Anyway, to make my point, someone making this thing useable, and removing stupid restrictings on it might actually make it *interesting* for consumers.
---
"The chances of a demonic possession spreading are remote -- relax."
cosine is the compliment's sine thus
the angle who's sine is X and the angle who's compliment's sine is X are, obviously, compliments.
1. Should Phillips fight this as much as they can?
2. Should Phillips welcome it as added value for customers?
3. Should Phillips start to release just the hardware and specs, and simply let other people do their software work for free?
Interesting business idea if nothing else, sucker others into working for you without having to pay them, and then feed them that it is because of their freedom...
...why do you need to stream something to another PC? If you have a LAN, you can play any file from wherever you want, no?
Phillips starts a tenuous DMCA lawsuit against the reverse engineers
Prove 1=2
=> 3=3
Not a very convincing proof is it? Yet it's exactly what you've done.
Jeez, how do you expect the poor boy to get first post if he goes through all this work.
Show some love man.
Somebody explain to me what genius at Phillips thought it would be a competitive advantage to control the stream a customer could listen to, and why that's an advantage.
Oh. Advantage. Righto. Gotcha. Phillips thought, gee, we can force users to listen to only these channels, and then we can get those channels to pay us with money from the additional ad revenue they can get by claiming all those captive ears.
Except. I'd never buy, for instance, a GE TV that would only tune in NBC, the network owned by GE. In fact, I'd be so offended by that idea, I'd make a point not to buy GE or watch NBC. (Let me emphasize that GE does not sell an NBC-only TV or tuner, as far as I know.)
I'm in the market for something like a Streamium. But now I definitely won't buy Phillip's Streamium product, and I'll be very disinclined to buy any Phillips products, because I now know they don't want customers, they want customer ears to sell to "strategic partners".
In fact, I'll be very disinclined to buy anything without an open specification.
I bought an Archos Jukebox. It's great hardware. It's built-in firmware is definitely substandard software. An open source replacement, Rockbox, is an order of magnitude faster, and far far more configurable.
But I can't use the open source replacement, because Archos won't release its specification for my model of Archos. (I'll be able to use it soon, thanks to some remarkable reverse engineering by the Rockbox team.)
I have a simple proposition for hardware manufacturers: I'll buy what I can use as I wish to use it. I won't buy your product to become a commodity you can sell to your partners. You want to profit, manufacturers? Sell an open specification product. Don't try to sell me to advertisers.
Opinions on the Twiddler2 hand-held keyboard?
Gollum(scantily clad in just a loin cloth):
.and wriggling
Bring it to me raw. .
If the box won't connect to the 'huge range... currently on line', but only a smaller, Philips authorised, range, then that's false advertising, which, in Europe, anyway, is illegal. So before wasting time hacking the box it would be worth dropping a line to the Advertising Standards Authority or your national equivalent, or to your local Trading Standards office.
Remember, as Lessig points out, the law is also code, and has APIs you can use.
I'm old enough to remember when discussions on Slashdot were well informed.
From the last example in his protocol list, it looks like streamium might open up a port that allows hard drive access through a web interface. Could this be possible? I bet there are plenty of streamium users who dont/wont have firewalls. Will it be the end user or the manufacterer who gets sued by the RIAA for copyright violations?
-AC.
Philips is not even an American company, you moron.
*sigh*
Not to mention the fact that it looks horrible. That thing is not going to enter my living room!
The SliMP3 is cute, but to use it in, say, my kitchen I'd need a separate amp and speakers. In my living room I stream MP3s to my surround sound setup via an FM radio transmitter on the back of the server box upstairs, controlled via VNC on iPAQ or laptop. What I really want is something battery powered and portable that can stream mp3s off my home server wherever I go: this looks like it *might* be a possibility here - comments?
Okay, so I don't see it on Philips site: How much, and is it out yet? It looks pretty cool, but I think it'd be much better if it had a small internal hard disk for mp3 storage. Personally, something like this would be much more effective as a component for a home stereo system. Many companies like Denon, and Onkyo have similar MP3 network access built into their top of the line receivers, but offering something like this as a stand-alone component for a cheaper price would be great!
Best don your asbestos pants now.
...and he grinned, like a fox eating shit out of a wire brush.
Philips remote control division has recently released a remote based on Linux and Java. You would think Microsoft hates that if they cared.
I think I'll keep my Audiotron. At least I can play whatever I want in streams ans has an optical output for my preamp. And Turtlebeach actually listens to people on their mailing list and they release Firmware updates, including beta-ones to play with. The Philips unit, looks like something I would have in my kitchen(which is fine), but I'd really prefer the Audiotron in my stereo stack.
my sig
Why? Because you have to be 100% sure that the code reading and writing the value (presumably using fprintf() or similar) has the IP address in *local* byte order , not network byte order when doing it. 2 hosts with different endian processors will write the same numeric value differently as ascii text if that numeric value is in network order and all the TCP/IP APIs required network byte order to function correctly. I see potential for problems here.
Well, Philips' marketing and packaging is fairly ambiguous about what you can listen to.
:) - And then hook it up to a significantly larger sound system ;)
Connect to Multiple Online Music Services, it says; now this sounds like "Streams that Philips wants you to listen to".
General alarm bells would be sounding already with that part of the blurb if it wasn't for:
Online Radio:
Go global! select from thousands of stations of music, news, sports and special interests in any language, from every region.
Which would lead me to think "Great! this listens to all the channels globally which run from shoutcast style systems (re: Mp3 capability)
And I would have been wrong.
And it would have gone back to the store in a hurry.
Anyway; I've always fancied making one of these myself, possibly with a Mini_ITX form factor
Ripping an new rectum in the fabric of spacetime.
Streamium - Streaming at a premium!
== Jez ==
Do you miss Firefox? Try Pale Moon.
You're under arrest!
--Koninklijke Philips Electronics.
Hi-Fi and mp3 do not belong together in the
same article.
"Somebody explain to me what genius at Phillips thought it would be a competitive advantage to control the stream a customer could listen to, and why that's an advantage."
:-)Hell look at what this guy had to do to achieve this "hardware hack." So many layers of security to break through etc. It is almost as if they barely cared if their interface to the box was hacked. (Only a DMCA attack or pull down letter will tell us for sure.)
Hmm off the top of my head...
Ensure standards and practises.
(e.g. They don't want the first station on the list to be an infomercial station put up by some spammer who has decided that he wants to go into audio spam and make his title extra high in the results by hook or by crook. Multiply that one guy by a million and the products station listing feature is useless.)
They wanted to sell you the razor and make money off the blades.
(e.g. Stations pay a premium and get listed OR get better positioning. Lets not forget that Philips has significant audio interests all over the world. If you want to add your own, you pay a small fee and head on over to My.Philips.com and add your stations or "premium content." Before you blame Philips why don't you ask Live365 or MP3.com if they asked for an exclusive that precluded competitors like shoutcast etc.)
They wanted to avoid liability.
(e.g. Some bonehead countries might declare the device illegal if the stations are not paying royalties to their governmental/industry body that is collecting them. Philips could be sued or prosecuted under some nebulous law that says they facilitated piracy. Sony defending Beta redux anyone? They are a multinational company after all.)
Finally technically the device needs a default page. That page due to the nature of the Internet likely, will not have every station on there. No matter what they put on there someone will be miffed. Still it needs a default.
"In fact, I'll be very disinclined to buy anything without an open specification."
Ya and Philips and has a terrible track record there. I mean they lobby against non standard cd's (they created the cd standard). Their remote control codes are in every good universal remote because A) they stay basically the same and B) they will ship you them via mail for the price of shipping etc. (btw I know this because I bought a uniiversal remote and used their docs to make a homebrew IR kit for my new DAB coffee maker which may appear on slashdot in the near future
Still ya it is nice to have open hardware running open standards especially in areas that affect me as a consumer buying their product. Yet the product line is good enough as is that I am looking at the new WiFi model coming down the pipe www.audio.philips.com/Streamium/mci250.asp (flash).
I understand what could be some of the methods for their madness and hope you can see some possible motivations to their angle too.
pingmeep
- Mp3 stations need more dedicated recievers to achieve a critical mass.
..philips Streamium.
I just ran a wire from my home stereo to my linux box and then wrote a simple web interface to madplay which I control through my Audrey that sits in the kitchen.
Read about it here Source is here
It works great for me. Some little bugs, but I'm very happy with it.
I will say that the hack is cool though. Good work.
Live web cams
It works like this: The Streamium sends out a broadcast UDP packet -- sorry, I forget which port at the moment, but it's in my notes -- and any PC with the MM Jukebox Media Server loaded sends back a UDP packet in response. The collected responses are displayed on the front panel.
The XML format is interesting, as it is sort of a page-description language over XML. There are root-nodes, menu-nodes, and leaf-nodes, and these correspond to tracks and subcategories. But all of this, of course, it automagically generated by MM Jukebox (Genre, Title, etc...). So this perl script is really of limited usefulness until someone can graft it to something like XMMS which keeps and categorizes tag information.
STFW
http://www.mrexcel.com/
ho ! Nice statistic ! Fucking foolproof !
Okay, "Lord Bitman", I'll assume that you're just sleepy and not stupid. We can wait for the next article about a new P2P app and for you to derisively claim that the author "only reverse-engineered TCP" to do that.
May we never see th
Name a few good games made by big consumer electronics companies.
if, rather than instantly seeing that it's TCP-based, he spends countless hours pushing raw binary around, eventually coming up with something which, to TCP, is broken, then yes. Did you even read his code? "#Streamium doesnt like spaces", no, HTTP doesnt like spaces. It also doesnt like :,@,#, NUL, etc. Streamium has nothing to do with it.
-- 'The' Lord and Master Bitman On High, Master Of All
Hi,
r eceiver.as p
? Ca t=&PHPSESSID=
i ons/SearchTool s/item-details.asp?sku=M975-1036
instead of going with this why not use a Rio Receiver instead?
http://www.sonicblue.com/audio/rio/rio_
It's a nice little box developed by the same guys who invented the Empeg, the coolest Linux based car radio in the world. The RR can be bought for $129 at Tigerdirect and there are lots of units on eBay which can typically be had for around $90.
It has an ethernet port, HPNA (if you don't want to run any wires through your house), built in amplifier, RCA out, headphone out, remote control. They only include a very barebones software for Windows which is basically a DHCP/NFS server that bootstraps the unit and allows it to download an embedded Linux version. But there are several servers for running on your own Linux machine.
I just bought one off of eBay and like it a lot. The sound quality is very good and there is an active developer community at the Rio Receiver discussion board:
http://rioreceiver.comms.net/php/ubbthreads.php
Here's one reseller Tigerdirect:
http://www.tigerdirect.com/applicat
regards,
Heiko - not affiliated with Tiger/Sonicblue
if, rather than instantly seeing that it's TCP-based, he spends countless hours pushing raw binary around, eventually coming up with something which, to TCP, is broken, then yes.
::XML_foobar. That's *hardly* a reason to go after the author and claim that he was trying to "reverse engineer" XML or HTTP. Many, *many* programs that generate simple XML don't use libxml, and the same is even more true for HTTP. Hell, I'll bet that less than .1% of software that generates HTML uses any kind of a library to do it. There's no need for it.
So his program is a bit of a hack, and he's not using
I suppose you could say that he "reimplemented" a tiny part of HTTP, but he's certainly not reverse engineering it -- what he reverse engineered was the protocol that Streamium uses that sits on XML. To bash the author for this is attacking someone that just handed you a piece of software. If you don't like it, fine, write a "better" version that uses w3c-libwww and libxml. Don't try to insult him.
May we never see th
For filling me in. Now I'll be sure to not even buy this product.
No sig for you!!
Of course, I could just be "going after him" for claiming that such is what he did, and point to the evidence that he didnt even realize it.
-- 'The' Lord and Master Bitman On High, Master Of All
A coworker of mine was examining one of these devices two months ago and found that the http server in the PC side software supplied with the streamium would serve any file he specified - whether or not it was found in the media database. Of course, one would have to know the file name and path to make the URL, but there seemed to be no provision against probing. I have no idea whether this has been corrected in the current version. When informed of this, the CTO, whose new toy it was, quickly disabled the server side software. I would be cautious in exposing any PC running this server. To say the least.