Skip to content

Tag: hacking

temporary Hackerspace at MindField

Published April 20, 2011

This sounds very cool! Nice one, hackerspace ppl.

Ireland’s Hackerspaces and Makerspaces (091 Labs – Galway, Belfast Hackerspace, MilkLabs – Limerick, Nexus Cork and TOG – Dublin) have been asked to build and man a temporary hackerspace during the MindField – International Festival of Ideas (http://www.mindfield.ie/). MindField will take place over the weekend of 29 April – 1 May in Merrion Square.

During MindField our temporary hackerspace will provide a range of events where festival participants can learn about diybio, 3D printing, basic electronics and micro controllers, electronic fashion/crafting and open data. These events are included in the festival schedule (http://mindfield.ie/festival-schedul/).

In parallel with these events we have an opportunity run a Hardware Hacking Challenge. In this challenge we will try to engage a group of willing hacker, makers and festival participants in the challenge to create or construct interesting or innovative projects out of recycled hardware. We are trying to source interesting materials, electronic devices or equipment that can be used to based projects off or as sources of components.

We are particularly interested in devices that contain various types of transducers which can then be hooked up to micro controllers and computers. We’re not looking for normal computer equipment or servers we’ve got lots of that, but more unusual stuff that people have lying around.

If you think you’ve got something they might like, contact Robert Fitzsimons.

Comments closed

Eircom’s “DDOS”, or not

Published July 15, 2009

I woke up this morning to hear speculation on RTE Radio as to how Eircom’s DDOS woes were possibly being caused by the Russian mob, of all things. This absurd speculation is not helped by lines in statements like this:

‘The company blamed the problems on “an unusual and irregular volume of internet traffic” directed at its website, which affected the systems and servers that provide access to the internet for its customers.’

I’m speculating, too, but it seems a lot more likely to me that this isn’t just a DDOS, and someone — possibly just a lone Irish teenager — is running an attempted DNS cache-poisoning attack. Here’s why.

Last week, there were two features of the attack in reports: DDOS levels of traffic and incorrect pages coming up for some popular websites. To operate a Kaminsky DNS cache-poisoning attack requires buckets of packets — easily perceivable as DDOS levels. This level of traffic would be the first noticeable symptom on Eircom’s network management consoles, so it’d be easy to jump to the conclusion that a simple DDOS attack was the root cause.

This week, there’s just the DDOS levels of traffic. No cache poisoning effects have been reported. This would be consistent with Eircom’s engineers getting the finger out over the weekend, and upgrading the NSes to a non-vulnerable version. ;)

Once the attacker(s) realise this, they’ll probably stop the attack.

It’s not even a good attack for a bad guy to make, by the way. Given the timing, right after major press about a North Korean DDOS on US servers. it’s extremely high-profile, and made the news in several national newspapers (albeit in rather inept fashion). If someone wanted to make money from an attack, a massive-scale packet flood indistinguishable from a DDOS against the nation’s largest ISP is not exactly a subtle way to do it.

In the meantime, apparently OpenDNS have really seen the effects, with mass switchover of Eircom’s customers to the OpenDNS resolvers. Probably just as well…

11 Comments

Links for 2008-10-07

Published October 7, 2008
2 Comments

Links for 2008-08-13

Published August 13, 2008
1 Comment

My Commodore 64 demos

Published January 10, 2008

I recently came across my record at the Commodore Scene Database, and was happy to find that someone had found and uploaded two demos I had written, back in my days as a member of the C=64 demo scene between 1988 and 1990:

(I was a member of the groups ‘Excess’ and ‘Thundertronix’ / ‘TNT’, going by the handle of ‘Mantis’.)

With the help of CBA, I was overjoyed to track down another long-lost demo, my crowning achievement on the platform:

If you’re curious, feel free to go read those wiki pages or download the .d64’s — they run fine in VICE, the Commodore emulator (amazingly). If you’ve only got time to check one, check Rhaphanadosis; it’s much better than the others.

I’m very impressed with VICE. As far as I can tell, it’s perfectly bug-for-bug compatible with the real hardware, playing all of the demos perfectly (apart from a little additional speed due to differing hardware performance). If you haven’t already got VICE set up, bear in mind that after installing it, you’ll need a copy of the C=64’s ROM images; here’s a local set.

Also, the Commodore Scene Database is pretty awesome — it’s a full-scale IMDB-style setup, tracking the history of the Commodore demo scene in massive detail. Nice work guys!

The demos were written 100% in 6502/6510 assembly. I developed them using an Action Replay cartridge’s built-in monitor; it had an assembler, but one which didn’t support symbolic addressing. In other words, every piece of assembly used hand-computed branch offsets, and every variable and subroutine was tracked — on paper — by memory location, rather than using symbolic labels. If you want to know what the monitor was like, the VICE built-in monitor is almost identical!

I wrote these when I was 16; part 4 of Rhaphandosis notes the date as being 20 May 1989.

It’s interesting reading the scrollers, and doing web and CSDB searches in follow-up to see what happened next — one of the other Excess members, Raistlin is now Robert Troughton, a successful game developer in the UK with several major titles under his belt.

A Google search for Thundertronix finds a copy of “sex’n’crime” zine, issue 17, July 1990, which notes:

one of the new groups formed in 1990 (jm: slightly off, I think) is THUNDERTRONIX, better known as TNT. they are based in ireland and are doing very well for themselves. they have, in my mind, one of the best coders in the uk, namely MANTIS. he is currently coding a game with many new routines, etc… hopefully he should get some demos out soon!

woo! Er, unfortunately that game never went anywhere. ah well. ;)

BTW, it’s funny reading my scrollers in those demos. At the time, I was convinced that the c=64 was a dead platform — yet here we are in 2008, and there’s still a thriving demo scene on the Commodore. Incredible!

6 Comments

Rule Discovery Progress Update

Published August 4, 2007

Back in March, I wrote a post about a new rule discovery algorithm I’d come up with, based on the BLAST bioinformatics algorithm. I’m still hacking on that; it’s gradually meandering towards production status, as time permits, so here’s an update on that progress.

There have been various tweaks to improve memory efficiency; I won’t go into those here, since they’re all in SVN history anyway. But the results are that the algorithm can now extract rules from 3500 spam and 50000 ham messages without consuming more than 36 MB of RAM, or hitting disk. It can also now generate a SpamAssassin rules file directly, and apply a basic set of QA parameters (required hit rate, required length of pattern, etc.).

On top of this, I’ve come up with a workflow to automatically generate a usable batch of rules, on a daily basis, from a spam and ham corpus. This works as follows:

  • Take a sample of the past 4 days traffic from our spamtrap network. Today this was about 3000 messages.

  • add the hand-vetted spam from my own accounts over the same period (this helps reduce bias, since spamtraps tend to collect a certain type of spam), about 3400 messages.

  • discard spams that scored over 10 points (to concentrate on the stuff we’re missing).

  • Pass the remaining 3517 spams, and text strings from over 50000 nonspam messages, into the “seek-phrases-in-log” script, specifying a minimum pattern length of 30 characters, and a minimum hitrate of 1% (in today’s corpus, a rule would have to hit at least 34 messages to qualify).

  • That script gronks for a couple of minutes, then produces an output rules file, in this case containing 28 rules, for human vetting. (Since I’ve started this workflow, I’ve only had to remove a couple of rules at this step, and not for false positives; instead, they were leaking spamtrap addresses.)

  • Once I’ve vetted it, I check it into rulesrc/sandbox/jm/20_sought.cf for testing by the SpamAssassin rule QA system.

The QA results for the ruleset from yesterday (Aug 3) can be seen here, and give a pretty good idea of how these rules have been performing over the past week or two; out of the nearly 70000 messages hit by the rules, only 2 ham mails are hit — 0.0009%.

In fact, I measured the ruleset’s overall performance in the logs provided by the 4 mass-check contributors who provided up-to-date data in yesterday’s nightly mass-check; bb-jm, jm, daf, dos, and theo (all SpamAssassin committers):

Contributor Hits Spams Percent
bb-jm 4249 24996 17.00%
jm 3450 14994 23.00%
daf 1236 35563 3.48%
dos 32867 100223 32.79%
theo 28077 382562 7.34%

(bb-jm and jm are both me; they scan different subsets of my mail.)

The “Percent” column measures the percentage of their spam collection that is hit by at least one of these rules; it works out to an average of 16.72% across all contributors. This is underestimating the true hitrate on “fresh” spam, too, since the mass-check corpora also include some really old spam collections (daf’s collection, for example, looks like it hasn’t been updated since the start of July).

Even better, a look at the score-map for these rules shows that they are, indeed, hitting the low-scoring spam that other rules don’t hit.

That’s pretty good going for an entirely-automated ruleset!

The next step is to come up with scores, and publish these for end-user use. I haven’t figured out how this’ll work yet; possibly we could even put them into the default “sa-update” channel, although the automated nature of these rules may mean this isn’t a goer.

If you’re interested, the hits-over-time graph for one of the rules (body JM_SEEK_ICZPZW / Home Networking For Dummies 3rd Edition \$10 /) can be viewed here.

3 Comments

BT’s daily disconnects, revisited

Published March 2, 2007

As I noted last year, BT, the ISP I use here in Ireland, disconnects broadband sessions on a daily basis, assigning a new IP address; this is really aggravating to anyone who uses a VPN, such as most telecommuters. Reportedly, this is done to work around deficiencies in their billing system.

A comment from Jeremy on that post suggested something interesting, though:

Just had a very helpful tech support guy on from BT. [… he] told me to restart the modem sometime that will make it convenient for the 24 hour IP change – i.e. restart it at 6am, and then it’ll change IP every day at 6am.

I’ve tested this, and it works. Much more convenient! Now the renumbering and VPN breakage can take place when I want it to — at the start of the workday, instead of some random point chosen by BT’s billing system. Quite an improvement.

To make this useful, here’s a script, “reboot-zyxel”, which will reboot your Zyxel P-660RU router remotely over the LAN. (It requires perl and curl.)

13 Comments

Bleadperl regexp optimization vs SA

Published November 16, 2006

I’ve been looking some more into recent new features added to bleadperl by demerphq, such as Aho-Corasick trie matching, and how we can effectively support this in SpamAssassin. Here’s the state of play.

These are the “base strings” extracted from the SpamAssassin SVN trunk body ruleset (ignore the odd mangled UTF-8 char in here, it’s suffering from cut-and-paste breakage). A “base string” is a simplified subset of the regular expression; specifically, these are the cases where the “base strings” of the rule are simpler than the full perl regular expression language, and therefore amenable to fast parallel string matching algorithms.

The base strings appear in that file as “r” lines, like so:

r I am currently out of the office:__BOUNCE_OOO_3 __DOS_COMING_TO_YOUR_PLACE
r I drive a:__DOS_I_DRIVE_A
r I might be c:__DOS_COMING_TO_YOUR_PLACE
r I might c:__DOS_COMING_TO_YOUR_PLACE

The base string is the part after “r” and before the “:”; after that, the rule names appear.

Now, here are some limitations that make this less easy:

  • One string to many rules: each one of those strings corresponds to one or more SpamAssassin rules.

  • One rule to many strings: each rule may correspond to one or more of those strings. So it’s not a one-to-one correspondence either way.

  • No anchors: the strings may match anywhere inside the line, similar to ("foo bar baz" =~ /bar/).

  • Multiple rules can fire on the same line: each line can cause multiple rules to fire on different parts of its text.

  • Subsumption is not permitted: the base-string extractor plugin has already established cases where subsumption takes place. Each string will not subsume another string; so a match of the string “food” against the strings “food” and “foo” should just fire on “food”, not on “foo”.

  • Overlapping is permitted: on the other hand, overlapping is fine; “foobar” matched against “foo” and “oobar” should fire on both base strings. (The above two are basically for re2c compatibility. This is the main reason the strings are so simple, with no RE metachars — so that this is possible, since re2c is limited in this way.)

  • Most rules are more complex: most of the ruleset — as you can see from the ‘orig’ lines in that file — are more complex than the base string alone. So this means that a base string match often needs to be followed by a “verification” match using the full regexp.

Now, the problem is to iterate through each line of the (base64-decoded, encoding-decoded, HTML-decoded, whitespace-simplified) “body text” of a mail message, with each paragraph appearing as a single “line”, and run all those base strings in parallel, identifying the rule names that then need to be run.

This is turning out to be quite tricky with the bleadperl trie code.

For example, if we have 3 base strings, as follows:

  hello:RULE_HELLO
  hi:RULE_HI
  foo:RULE_FOO

At first, it appears that we could use the pattern itself as a key into a lookup table to determine the pattern that fired:

  %base_to_rulename_lookup = (
    'hello' => ['RULE_HELLO'],
    'hi' => ['RULE_HI'],
    'foo' => ['RULE_FOO']
  );

  if ($line =~ m{(hello|hi|foo)}) {
    $rule_fired = $base_to_rulename_lookup{$1};
  }

However, that will fail in the face of the string “hi foo!”, since only one of the bases will be returned as $1, whereas we want to know about both “RULE_HI” and “RULE_FOO”.

m//gc might help:

  %base_to_rulename_lookup = (
    'hello' => ['RULE_HELLO'],
    'hi' => ['RULE_HI'],
    'foo' => ['RULE_FOO']
  );

  while ($line =~ m{(hello|hi|foo)}gc) {
    $rule_fired = $base_to_rulename_lookup{$1};
  }

That works pretty well, but not if two patterns overlap: /abc/ and /bcd/, matching on the string “abcd”, for example, will fire only on “abc”, and miss the “bcd” hit.

Given this, it appears the only option is to run the trie match, and then iterate on all the regexps for the base strings it contains:

  if ($line =~ m{hello|hi|foo}) {
    $line =~ /hello/ and rule_fired("HELLO");
    $line =~ /hi/ and rule_fired("HI");
    $line =~ /foo/ and rule_fired("FOO");
  }

Obviously, that doesn’t provide much of a speedup — in fact, so far, I’ve been unable to get any at all out of this method. :(

This can be optimized a little by breaking into multiple trie/match sets:

  if ($line =~ m{hello|hi}) {
    $line =~ /hello/ and rule_fired("HELLO");
    $line =~ /hi/ and rule_fired("HI");
    ...
  }
  if ($line =~ m{foo|bar}) {
    $line =~ /foo/ and rule_fired("FOO");
    $line =~ /bar/ and rule_fired("BAR");
    ...
  }

But still, the reduction in regexp OPs vs the addition of logic OPs to do this, result in an overall slowdown, even given the faster trie-based REs.

Suggestions, anyone?

(by the way, if you’re curious, the current code is here in SVN.)

18 Comments

Ireland now has RFID passports

Published October 17, 2006

Back in February, I wrote about some Dutch hackers remotely reading Dutch RFID passports, and my email to the Irish Passport Office enquiring about their plans.

They never bothered writing back; I guess they were too busy implementing the damn things :( Their new ‘ePassports’ are now mandatory for new Irish passports:

The chip technology allows the information stored in an Electronic Passport to be read by special chip readers at a close distance.

“special chip readers at a close distance” and/or “random criminals looking for Irish victims at a distance of 30 feet”, I guess.

Here’s the slides for Riscure’s attack on the Dutch passports. Irish passports are similarly using “Basic Access Control”. I wonder if Irish passport numbers are sequential, since that seems to be a key part of their attack?

3 Comments

Linksys NSLU2 Contemplation

Published July 7, 2006

These days, I shouldn’t have time for after-hours hobby projects; I should be organising weddings and so on. But it’s a compulsion. ;)

As a result, here’s some notes I’ve been keeping on building a home NAS (network-attached storage) server, using the nifty little Linksys NSLU2: http://taint.org/wk/BuildingNasServer

Anyone done this? Care to leave a comment noting the results? I’m curious.

3 Comments

Mobile phone repair at Karol Bagh Market

Published November 11, 2005

I love these pictures:

I link-blogged that article ages ago, but I keep thinking of it, so it’s worth a proper post in its own right, to expand on that.

These guys work at an Indian mobile phone repair stall in Karol Bagh Market, in Delhi. The blog entry notes:

As in China, many of the mobile phone shops and street kiosks offer mobile phone repair service. Many of these guys can strip and rebuild a mobile phone in minutes. … a lot of the hyperbole surrounding western hacker culture makes me smile compared to what these guys are doing day in day out.

Also, a commenter notes: ‘in india, for about 1$, you can convert a CDMA phone to GSM !! also, they can unlock phones and do a veriety of hacks for little money.’

There’s so many lessons I’m getting from it:

  1. I’ve had a shoe resoled in 5 minutes for next to nothing at a stall not too different from that — but this is a mobile phone. It’s amazing to think of that level of hardware hacking taking place every day at a back-street market stall.

  2. Those phones were doubtless planned, as a product, with a ‘ship back to manufacturer’ support plan. That clearly isn’t going to fly without that developed-world luxury, Fedex. So this is the developing-world street finding its own uses for things, and working around the dependencies on systems that are optimised for the developed world.

  3. It’s the flip-side of Joshua Ellis’ grim meathook future, where we’re not facing down the barrel of a New-Orleans-style descent into barbarity if the power suddenly cuts out; tech can go on. It may be a little chunkier, though, and with more duct tape, but hey.

  4. It’s also a beautiful demonstration of how those of us in the developed world who assume that developing-worlders cannot find a use for high tech, are talking shit. (cf. Ethan Zuckerman as a good example of someone who gets this, more than almost anyone else I can think of.)

I think this is one of the most important lessons I learned while travelling through India and SE Asia a few years back — the developing world is using high tech, and it’s not using it in the same ways we do — or even the ways we anticipated, and we have plenty to learn from them too.

Found at Jan Chipchase’s site, which is full of great contemplation on this stuff. (The story on Seoul’s selca culture is nuts, too — it’s like Flickr^1000.)

(PS: I have a wisdom tooth extraction scheduled for next Friday… wish me luck. That’s another thing you don’t want to happen in the developing world, although I daresay it’d rock in Bangkok!)

(Update: clarification — my cite of Ethan Z was meant as a compliment ;)

16 Comments

UK ATM fraud in the 1990s

Published October 24, 2005

The Register: How ATM fraud nearly brought down British banking. This story is mind-boggling; it claims that UK ATM security had two major issues that have been kept secret since the 1990s:

  • An insecure data format used for the data on the magnetic stripes in one bank’s cards;

  • Another bank’s computing department “going rogue”, “cracking PINs and taking money from customers’ accounts with abandon” as the story puts it. Yikes.

The latter problem is scary, but in my opinion the former problem is more interesting from a computer security point of view.

This is a classic example of bad data format design, as it left the PIN and the account details individually rewritable — in other words, an attacker could (and did) change one while keeping the other intact.

This British Computer Society abstract provides more details on the who, how and where:

… it was revealed that UKP 130,000 had been stolen from Abbey National cardholders during 1994 and 1995 with counterfeit cards. Andrew Stone, a bank security consultant who had been advising Which?, the magazine of the Consumers’ Association, was jailed for five and a half years for the theft. This fraud involved spying on Abbey customers as they used their cards in automated teller machines (ATMs) or cash dispensers… [Stone] recorded card details and personal identification numbers (PINs) using powerful video cameras. The details were then encoded on the magnetic strips of other cards.

Finally, another quote from the Reg story:

why is he telling this explosive story now? Because chip and PIN has been deployed across the UK ATM network. “The vulnerability in the UK ATM network was still there to be exploited — if someone had chanced upon it.”

I wonder if other banking systems worldwide are still vulnerable, however? Did any other banks elsewhere license the vulnerable systems from UK banks, without knowing about these vulnerabilities? How long did it take for them to be fixed, if they were fixed?

1 Comment

Daniel Cuthbert’s Travesty of Justice

Published October 12, 2005

The Samizdata weblog posts more details about the Daniel Cuthbert case, where a UK techie was arrested for allegedly attempting to hack a tsunami-donation site. Here’s what happened:

Daniel Cuthbert saw the devastating images of the Tsunami disaster and decided to donate UKP30 via the website that was hastily set up to be able to process payments. He is a computer security consultant, regarded in his field as an expert and respected by colleagues and employers alike. He entered his full personal details (home address, number, name and full card details). He did not receive confirmation of payment or a reference and became concerned as he has had issues with fraud on his card on a previous occasion. He then did a couple of very basic penetration tests. If they resulted in the site being insecure as he suspected, he would have contacted the authorities, as he had nothing to gain from doing this for fun and keeping the fact to himself that he suspected the site to be a phishing site and all this money pledged was going to some South American somewhere in South America.

The first test he used was the (dot dot slash, 3 times) http://taint.org/ sequence. The ../ command is called a Directory Traversal which allows you to move up the hierarchy of a file. The triple sequence amounts to a DTA (Directory Traversal Attack), allows you to move three times. It is not a complete attack as that would require a further command, it was merely a light ‘knock on the door’. The other test, which constituted an apostrophe (`) was also used. He was then satisfied that the site was safe as his received no error messages in response to his query, then went about his work duties. There were no warnings or dialogue boxes showing that he had accessed an unauthorised area.

20 days later he was arrested at his place of work and had his house searched.

(His actions were detected by the IDS software used by British Telecom.)

In my opinion, this is a travesty of justice.

His actions were entirely understandable, under the circumstances, IMO. They were not hostile activities in themselves — they might have been the prelude to hostility, in other cases, but, as his later activity proved, not in this one.

Instead of making parallels with “rattling the doorknob” or “lurking around the back door of a bank”, a better parallel would be looking through the bank’s front window, from the street!

If only law enforcement took this degree of interest in genuine phishing cases, where innocent parties find their bank accounts emptied by real criminals, like the unprosected phisher in Quebec discussed in this USA Today article!

Appalling.

Comments closed

Hacking Netflix

Published July 8, 2004

Movies: Hacking Netflix, via torrez.

Jason Kottke points out a great quote on a Friendster cross-site scripting attack — this great quote: ‘We have a policy that we are not being hacked.’

He also speculates that Google used the GMail invite-network data for whitelisting — but whitelisting based on email address alone is trivially exploitable, so I’d doubt it.

I’m just back from a trip over to Cape Cod to meet family (halfway between here and Ireland, y’see ;) — lots and lots of luvverly lobster and sundry shellfish — and after a 6 day trip, had 5000 spams and a couple of thousand nonspam mails to deal with. Thankfully SpamAssassin dealt with the spams (only about 5 false negatives, no false positives I could spot) — but I’m going to have to do something about that volume of mail. drowning in the stuff. argh.

Comments closed

Action Replay

Published June 6, 2004

Hacking: Amazing — the Action Replay cartridge is still around!

To be honest, I’m quite surprised that the PS2 hardware platform allows any of this stuff without some mod-chip-style soldering… but then, it’s pretty clear Datel have the technology to figure these things out. Impressive.

Aside: in my teens, I wrote demos on the Commodore 64 entirely in the Action
Replay’s built-in monitor. I tried using compilers that supported such luxuries as symbolic labels, variable names, etc., but the ability to halt the entire machine and debug extensively, with a single button press, was just too nifty ;)

Comments closed

‘Who Wants to be a Millionaire’ walkthrough

Published August 15, 2003

Wow — this guy won $250,000 on WWTBAM, and blogged it up, in excruciating detail. (His ‘Phone a friend’ friend also details his experiences, too). It sounds terrifying…

Hacking: Real-life UNIX disaster recovery.

Commuting: Guardian: A Life Inside meets commuter hell. The author of ‘A Life Inside’ is a convicted felon, undergoing a gradual release from prison; recently he’s been permitted to commute to a day job outside the big house.

‘I’ve had a good run, I suppose. More than a year of almost incident-free commuting.’ — until this episode, where one of those space invaders — the type who is perfectly happy to push you out of the way to make themselves comfortable — arrives…

I leaned farther away. Soon my back was hurting. Hang on a minute, I thought. I’ve paid the same as him for this seat. I was entitled to sit up straight. So I did. Back came the elbow. I wasn’t budging. And so battle commenced.

A glance at his computer revealed little activity. He was obviously too preoccupied with trying to make me budge. I was determined to resist this blatant act of aggression. I couldn’t help thinking it would never happen in prison – not without ensuing combat. I thought about my pal Toby Turner. This laptop lout was lucky he wasn’t sitting next to him in his heyday. I could just imagine Toby’s reaction to the elbow treatment.

Paying no heed to the mass of silent bystanders, my shaven-headed friend would have been on his feet in a flash. ‘Do you know how many fuckin’ anger management courses I’ve done?’

‘Er, no,’ his startled tormentor would stutter.

‘Six fuckers!’ Toby would yell, ‘and I still ain’t passed!’

Comments closed

Reverse-engineering: now even easier with added XML

Published February 17, 2003

Slashdot posts a story about ‘Hacking the Streamium’ — the Streamium is an ‘internet micro hi-fi’ made by Philips. The poster writes ‘the main gripes (are) that Philips controls which Internet radio stations you can listen to and that the PC-link software … only runs on Windows. I managed to fix both of these problems by reverse engineering the PC-link protocol and writing my own pc-link server in perl, which can be run on practically any OS, *and* can trick the Streamium into playing any Internet MP3 stream that you want’.

A quick look at his page notes ‘the protocol consists of fairly simple xml tags’. It sure does; I’d imagine it took all of 5 minutes with a tcpdump reversing that! In fact, it looks so easy to reverse-engineer, you’d have to wonder if the engineers at Philips weren’t hoping something like this might happen ;)

Comments closed