Category: computers

Despite earning my degree in computer engineering, I haven’t done anything useful with assembly language since I was a strapping young idealistic lad convinced that compilers lie along the road to inefficiency. Much has changed. Heck, I write Java code for a living now — pretty much the opposite of efficient. I have to have a gig of ram just to run that sucky ant program.

While hacking my MP3 player, I discovered that the filesystem uses hashing to quickly lookup file names, which brought up the question of which hash function it uses. While I suppose one could reverse the hash function knowing a very large set of inputs and outputs, I decided it would probably be much more expedient to just put my atrophied x86 asm knowledge to work for me.

This turned out to be a lot easier than I thought. It only took about 20 minutes and I never had to step through code in a debugger.

Step 1: Disassemble Windows program for loading files onto the device, including the data segment. Look for the offset of a useful printf format string (“hash is %d, expected %d”).
Step 2: Search disassembly for loading said offset in a call to printf. Not surprisingly, this is right after the computation of the hash.
Step 3: Examine nearby calls for things like shifts and mods (common hashing operations).
Step 4: Relearn the stupidities of the x86 ISA (ecx is a loop counter, eax and edx figure in mysteriously for divides, etc).
Step 5: Convinced that a nearby call is it, reimplement in C and test.

Booyeah.

Just to follow up the earlier post, I officially announce my Karma driver web page, including the kernel patch such as it is. I’ve worked out some more details about the disk so I expect to be able to mount it shortly. Peter from empeg declares it “could be useful.”

My poor MP3 player is destined to be relegated to the trash heap with all of the other Not-An-iPods. For good reason, really, since I have broken it in several different ways since I’ve had it: first the hard drive failed, then after replacing the unit, I dropped the new one and the scroll wheel broke off, and the battery leads came off the mainboard. I’ve soldered the battery back on and glued the scroll wheel back, so it continues to hobble along. Other than build quality, it is a fine MP3 player: it does OGG and FLAC, gapless, has a decent UI, fits nicely in one’s pocket.

What is most annoying about this device is that you have to use Rio’s software to transfer stuff to it over USB, and this only works in Windows. Otherwise, you are stuck using a Java app over ethernet in Linux which is sloooooooow. It would be nice if you could just use it like any old hard drive. Imagine being able to use a hard drive like a hard drive!

So, armed with the recent purchase of the book Linux Device Drivers, I have set out to reverse engineer this bad boy. It isn’t a straight up mass storage device, but if you poke around on it you can make it enter mass storage mode (also, you can make it reboot). From there, it should be a “simple” matter of using dd and figuring out the file system to make this thing a bit more user-friendly.

It took me a couple weeks of looking at hex dumps, but I’ve got phase one completed. Life is good.

Aug 17 08:09:10 dust kernel: usb 1-2: new high speed USB device using address 2
Aug 17 08:09:10 dust kernel: usb 1-2: Product: Rio Karma
Aug 17 08:09:10 dust kernel: usb 1-2: Manufacturer: Rio
Aug 17 08:09:10 dust kernel: usb 1-2: SerialNumber: 00000000000000000
Aug 17 08:09:15 dust kernel: scsi0 : SCSI emulation for USB Mass Storage devices
Aug 17 08:09:15 dust kernel: Vendor: Rio Model: Rio Karma Rev: 0101
Aug 17 08:09:15 dust kernel: Type: Direct-Access ANSI SCSI revision: 02
Aug 17 08:09:15 dust kernel: SCSI device sda: 39070080 512-byte hdwr sectors (20004 MB)