Hello ladies & gentlemen! This instructable deals with some benign hacking of the Chinese Wifi Audio Receiver Model A900 from “Aicer”. Because, of course, allowing users to change the receiver’s AirPlay and DLNA name via the web-based config is just too obvious of a feature to include. …Or listing the company’s website where we could get an updated firmware? …or even having a website?? But not to fear! Because the operating system on the device is a version of Linux, we can do some basic hack&slash to remedy this obvious shortcoming. In this tutorial, I will explain everything in extreme detail, so even if you have never used Linux before, follow the steps carefully, and you will do fine. For the more advanced readers, I’ll section off & boldify the necessary commands first, with the verbose descriptions tucked beneath. It's really a 2 step process. Shouldn't take more than 10 minutes.
Hopefully write up will also be a nice intro to the world of Linux and some basic “hacking” & may be applied to other similar devices too. So have fun, play around, and don’t worry: we won’t do anything crazy here, so 1: your warranty won’t be voided (warranty on a Chinese product??) and 2: the chances of the device getting bricked are negligible unless you deviate from the tutorial into the unexplored ether of hacking. Anyhoo, let’s get down to it.
Step 1: Necessary Tools
- The device in question.
- A PC or Mac with an Ethernet port
- An Ethernet cable
- Paperclip or similar object
- Putty - for telnet. It’s a freeware program for PCs; Macs can just use the Terminal and skip this.
- Your favorite drink
- White Hat – & you have to wear it
Step 2: Boot the Device Into Failsafe Mode
An article by a Russian person provides us a great starting point. Because not everyone can read Russian, we will go over the steps here in English. Our receiver runs OpenWRT, a slimmed down version of Linux made for embedded devices. To change the AirPlay/DLNA name, will need to log in to the receiver, change a config file, save, and that’s it.
- Power off your device.
- Plug in the receiver with the Ethernet cable into your computer.
- Set your computer’s IP address to 192.168.1.2. (Save your original settings. After we are done messing around with this stuff, you will need to revert this back to its original set up.) See Pic 1 for an illustration.
- Plug in the receiver's microUSB to turn it on. Watch the LEDs carefully. (They are both green at first.) OpenWRT allows us to enter a failsafe mode by pressing a physical button at a specific point during start up. (http://wiki.openwrt.org/doc/howto/generic.failsafe)
- At the moment when one of the LEDs comes off, use your paperclip right away & press the Reset Button on the receiver thus enabling OpenWRT’s failsafe mode. Timing is important here. (We press the reset button because it is the only physical button on our device.) Also, you don’t have to hold the reset button. Just a momentary, but firm, press is enough. This will not actually reset the receiver.
- You’re now going to telnet (“set up a link over the network so you can use the operating system”) to the receiver. In order for the telnet to work, your computer (the Client) must have IP address 192.168.1.2, hence our messing around with the IP address above. The receiver (aka the Host) will have IP 192.168.1.1. So, here we go: On PCs, go get Putty if you don’t have it yet. It’s free, very small, & modular (no install needed). Download the putty.exe one. After download, double click it & set it up so it looks like the second screenshot.
- When you are ready, take a deep breath & click the Open button. You should then be rewarded with the beautiful black screen of image #3: OpenWRT automatically logs us in as root. (Linux-ese for “the all powerful super user”) We are now ready to do some Linuxing!
Step 3: Change the Config File and Reboot
Now that we successfully logged into OpenWRT, we are looking at the SquashFS partition of the receiver, which is read only. We can’t make any changes. The JFFS2, read & writeable partition, is not present…yet. From now on, we are going to be typing in Linux commands into Putty’s terminal, so for the sake of the tutorial, I will highlight what we actually type in green. Don’t forget to press <ENTER> after each command. :) Our commands:
mount_root Mount JFFS2 partition to enable read & write access
vi /etc/config/audio Use vi to modify the audio config file
reboot –f Done! Reboot & Enjoy. Alternatively, you can just pull the plug.
Please look through the screenshots for all the details.
Step 4: Clean Up
Very important. Firstly, you need to undo what you changed in the Network Settings. ie set your IP address to whatever it was before. Then, if you don’t need putty for anything else, you may simply delete the program into the recycle bin. No uninstall needed here. Hope you enjoyed hacking your wifi receiver. Don your white hat proudly!
Extra credit: add a hack to the web config interface so changing the airplay name is more straight-forward in the future.