I am owner of the Philips MCI730 device. It runs Linux inside and has WIFI and Ethernet ports. It supports MP3 and Internet Radio. Also device supports UPNP/DLNA, so i am able to listen music directly from my NAS. Device is working mostly fine, but there are some very annoying problems.
- WIFI works VERY unstable. I tried with 2 different routers. Sometime it just loosing AP. As workaround i am using Ethernet-connected access point in the “Client” mode.
- No compressed lossless formats are supported. For me it sounds very stupid – there is MP3/WMA support, but no FLAC, wavepack or ape. As workaround my NAS converts lossless files to the LPCM on the fly.
- No gap-less playback from UPNP device. I think it is limitations of the Firware.
- Control point is implemented with a lot of bugs.
Despite all this problems i like the device, because it works good with my favorite radio-stations and FM tuner is also very good, i had much more expensive receiver before, but quality of radio was poor (bad reception zone). I think that WIFI problem should be easy-to-fix. Probably software is one-big-blob, so it would not be possible to add more formats. For control point interface probably some telnet-based workaround could be found. Problem is lack of root access. I tried several options to get root on the device, but no luck so far. Some findings:
- There is no web interface. NMAP shows that ports 111/tcp, 1024/tcp and 8888/tcp are open. On 8888 Mediabolic UPNP/DLNA server is running. It is unclear what is on 1024 ports, tcp connection could be established, but it is closed in a short time.
- According to NMAP system is running Linux 2.6.X.
- I used tcpdump on my router to capture protocol between device and Philips servers. Protocol is HTTP (no TLS) with all data sent in the message body. Data is encrypted somehow.
- On USB only FAT formatted drives are detected.
- There is no GPL code or firmware sources/binaries on the vendor web site.
So i assume that only way to hack this device is to physically open it.What could be done then:
- There should be somewhere serial interface, soldered or not.
- JTAG (likely) or removable flash (unlikely).
- If CPU is not hidden there will be more chances to find what is running on this box.
I am going to open the box in the nearest time. I found no stickers on the case, so warranty should not be affected. If you have positive experience with hacking this type of the devices – please drop me a comment.