Saturday, December 29, 2007

More about control files

When I say that the files are 16k in size, I mean that they appear to be 16k on the filesystem. Interestingly, the Eye-Fi Manager also seems to write to them only in 16k chunks. It never writes partial bits of the files. Also, it's good to note that you need to do synchronous file i/o to the files when doing things to them.

Operating systems cache access to files so that if you write to them twice in quick succession, it sometimes only makes one write to the actual disk. It can take seconds or minutes for a filesystem operation to get out to the disk. The Eye-Fi manager ensures that it does synchronous i/o by using some fcntl() calls on OSX. I'm not sure what it does in Windows. I'm using fsync() on the file descriptors in Linux to get the same effect.


Chris said...

Wow, a whole blog purely for Eye-Fi hacking. Long tail indeed.

Anyway, I'm also hacking the Eye-Fi though I haven't touched the the configuration side at all yet.

My first concern is to get the photo transfer stuff working, and I've hit a little snag in that the card and the software authenticate with each other using what I think is an HMAC-MD5 with a pre-shared key. I have the key from the configuration file, but I've yet to actually find out what the combination of things being hashed actually is.

I've got two fronts open on finding out though, one reverse engineering the software and two I've emailed one of the founders of Eye Fi (Berend, who as far as I can tell is the software guy) to see if he'll just tell me. No response as yet, but he could simply be on holiday atm.

The rest of the photo transfer looks dead simple, as befits a really really low power embedded device. The card simply scans the local subnet with ARP requests, and then for each host it finds, tries to open the Eye Fi port with a three way handshake. Presumably if there's more than one host with the port open, it'll try each in turn to see if it's the right host to talk to. The photo transfers themselves are using SOAP over HTTP (natch.)

I look forward to seeing any technical stuff you figure out about the configuration side of things.

Incidentally, I discovered the eye-fi software works fine under the latest WINE (though not last July's WINE that I had installed previously) Since one of the first things I checked is if the software was using Window's cryptlib MD5 algorithm, since that would have made it insanely trivial to determine what is being hashed (it isn't, sadly.)

Chris said...

Heh, as an update to the above comment, apparently I was trying too hard.

Reverse engineering the binary reveals that it isn't an HMAC, just a straight MD5. What is being hashed is a concatenation of the card's MAC address, the client nonce and the upload key. These are hashed as byte values, not as I'd originally assumed ASCII strings of hex. This seems a little odd to me, considering using ASCII would mean they didn't have to convert anything, but on reflection it's probably like this to make life easy on the card, not the software.

Anyway, I guess next weekend I'll hack up a little perl script to commune with the card and dump photos to disk. If you're interested in the results then just put a comment here, or I think you can email me via blogger...

paul said...

Hey Chris,

Hows the hack going? I've been dissappointed with my (windows hosted) eyefi card as it does not let me use it without its software. For me this means I cant leave a copy of my pix while we're at grandma's, etc...

Its odd that i can see the directory's file structure but am unable to copy files.

While i am not much of a programmer, i am interested in repurposing the card to receive imaged from a RSS or webserver to allow pictureframes to be remotly updated.

Good Luck!

Jeff Tchang said...

I've managed to hack up a PHP server that successfully accepts the Eye-Fi transfers.

I really want to see what we can do as far as hacking the firmware though.

Mark D M said...

Keep the hacks up on this device it is quite interesting.

In my ideal situation:
I would preprogram this card for ANY windows or other share (no proprietary software). I could now take this device and using either a third party device or the included USB adapter, connect it to the front of a USB quipped DVD player, or Place it directly in the card slot on my HArd disk media player, to eventually connect to and access DIVX video files for playback. The insane part is that the use with a NAS is precluded with the current software requirement.

HAs anyuone managed to perform a benchmark for this device, especially for the WiFi part?