This has been a long time in coming, without really too much good news on the hack front. I wanted to compile the information that we have so far, so that if someone is interested they can maybe take what’s been learned here and do something with it. A strong caveat is that Sonos has been actively working on the firmware updates and this information is more than likely out of date.

 

Another caveat, messing with this stuff can ruin very expensive hardware/software. Mess around with this stuff at your own risk.

 

Here’s what we know so far.

1.) The firmware uses CramFS.

2.) The root password is encrypted on the bridge, but is (was?) wide open on the S5.

3.) The firmware is pretty easy to get to. If you look at the http links in my previous Sonos post and view the source of some of the pages, the link to the firmware can be found in there. Just search within the source for “firmware”. You are looking for a giant link in the source that includes your Sonos ID (SID). The links are dynamically created for every Sonos household. Put the link that you find in your browser and it will spit out a firmware file.

4.) There are some html files in the firmware called “dealernetsetup.htm”  which could be useful to see if the Sonos is broadcasting? Don’t enable this though, it will set the SSID to some demo SSID and you won’t be able to revert it. You’ll need to do a hard reset it to get it back.

5.) Looks like you can also change the country of your Sonos utilizing the region.htm.

6.) Haven’t been able to telnet or ssh into the S5.

7.) http://Sonos’s IP address:1400/status/jffs/upgrade.log. The download link for the firmware should be in here as well.

8.) Use “binwalk” and “firmware mod kit” to unpack and analyze the cramfs. This only works on linux.

 

Some hack ideas for the Sonos.

1.) Making the Sonos work over standard wifi and bypass the bridge equipment. The bridge simply acts as a literal “bridge” N router. This was the main goal I had in mind, but wasn’t able to make it happen. I had setup an Ubuntu machine that ran some of the scripts found in the firmware, but never was able to get this to work.

2.) Apple Airtunes integration.

3.) Creating your own speaker clients without having to purchase Sonos gear. Emulating an S5 using a small computer, etc…