Monday, February 23, 2009

Using the Archos 605 browser without the plugin

I've owned an Archos 605 Wifi for several years, but have always been bugged that you need to buy plugins for such things as playing some file formats, and the web browser. The cinema plugins cost ~$20, while the broswer plugin costs the most at $30. I've been avoiding needing the cinema plugins by re-encoding my videos into a valid format, but I've been stuck for a way to get a working browser.

You can purchase these plugins either on your computer and install them onto the device, or you can buy them right on the device. To do that, you have to connect to a wireless network, then access the archos store through one of many links in the device's firmware.

The device opens the store, using opera...the browser you supposedly have to buy a plugin for. I've never actually seen a device with the browser plugin, so I don't know what kind of functionality you get with it, but if you can live without such things as bookmarks the built in browser seems fully functional. The trick is, Archos only allows you to visit certain pages (the archos store, several video pages specifically designed for the device), and these don't allow you to visit any other pages besides themselves. Also, the URL bar is missing. Essentially, you are stuck with these pages unless you buy the plugin.



To break out of this, I had to find a way to redirect traffic the device makes from archos.com to somewhere else, perhaps my own webserver. I had previously read a page that showed how to prank your neighbors who connect to your wireless network by flipping all their pictures on websites upside-down, or by directing all their traffic to kittenwar.com using iptables. Since my router is running dd-wrt, I can enter iptable commands directly into the firmware to achieve the same results.

I started by researching iptable commands, and found a page right on the dd-wrt website which demonstrated a list of commands. I wrote a single command to redirect archos.com traffic to my own personal webserver,
http://pjgat09.gotdns.com

iptables -t nat -I PREROUTING -p tcp -d archos.com -s 192.168.1.102
-j DNAT --to 69.177.224.219

(note: 192.168.1.102 is the ip my archos gets on my personal network, 69.177.224.219 is/was the ip of my webserver)

Success! Any time I tried to go to the archos store, I ended up at a 404 page on my server.

The next step was to figure out what document the archos is trying to access when it connects. Apparently the starting page is http://archos.com/storewifi/shortcuts/redirect.html?acc=3. I mimicked this on my server, and had a new homepage for my archos.

Next step was to solve the problem of not having an address bar. I added a simple form, and used javascript to load the page you enter. Problem solved. Check out the source for my page if you're interested: http://pjgat09.gotdns.com/storewifi/shortcuts/redirect.html



I now have a "fully" functional Opera browser, which I can actually access other webages with. Time to see what this thing can do.

First, YouTube: Fail. Apparently flash is not enabled in the built in browser, or without the plugin.



Next, Facebook: Partial Pass, It worked, but terribly slow.

How about the Acid 2 and 3 tests?

Acid 2: Full pass! Surprising, but it is Opera after all.



Acid 3: Fail, as the test so kindy told me.



A few other pages showed this browser isn't too bad. One thing that interested me was the "home" button on the right. This button used to take you to the archos content portal, where you could read news or watch videos. However, it stopped working after my iptables redirect.

After checking my webserver's access log, I saw the device is also trying to access a seperate xml file in addition to redirect.html. Apparently the "home" button is setup by the xml document, which allows me direct it anywhere I please.

The redirect page was even more interesting. It loads a javascript document, http://acp.archos.com/acppriv/archospipe.js. This code accesses what seems to be an archos specific javascript object, and allows you to read data from the device, including firmware version, remaining space, language and country. I've made a proof of concept html page to demo this: http://pjgat09.gotdns.com/acppriv/index.html. This page does nothing harmful to your device, but feel free to look at the source on your computer before loading it on your own device. If you apply this hack as shown, this is the page which will load when you click on the "home" button.

Among other things I have tried with this browser, I am able to upload any file in the filesystem, assuming I know its full path. Maybe this can be useful for further hacking, who knows. I am interested in hearing from people who do have the browser plugin, and knowing whats different from what I've done. Also if you get this working too, let me know!

3 comments:

  1. Very nice. I managed to get gentoo running on an apple TV and a MSI Wind U100... It wasn't easy! I really haven't got time this year :( Here are my posts about gentoo: http://iouzo.blogspot.com/search/label/Gentoo

    keep it up thouh :D

    ReplyDelete
  2. can you make a video on youtube explaining how to do this pllllllllllllleassssssssssee

    ReplyDelete
  3. This comment has been removed by the author.

    ReplyDelete