I put off posting about this a) because this tool is still incomplete, and b) iRex promised us (http://www.mobileread.com/forums/showthread.php?t=7420) to open up the specs of the iRex Delivery Server (iDS) protocol. But as time goes by many of us grow impatient with the company's slow development efforts aimed at making the iLiad reader more usable. So perhaps the best way to convince them how desperately we want to help (through gaining access to the SDK and the flashing process!) is by sharing with you what we've found so far about the iDS protocol.

Web2iDS is a PHP script that uses undocumented XML commands to communicate with the iRex Delivery Server (iDS). Although I wrote the script, all credits should go to TadW who did the main work by finding the XML sequences through connection sniffing (http://www.mobileread.com/forums/showthread.php?t=7091) and trial and error.

While I am not going to explain the tool sources or XML commands in detail right now (c'mon, it's Sunday, don't you think I've anything better to do?), let me say that you'll find the interesting stuff in iLiadBrowser.php, which contains the class responsible for communicating with the iDS. It's a thin wrapper around the procedural interface to cURL provided by PHP. Obviously for it to work, you must have the cURL extension installed.

Enough said, files are attached to this thread.

Some hints:


When iRex issues a firmware upgrade, you should get its download URL via "Get Software Upgrade"
When iRex issues a firmware patch, you should get its download URL via "Get content"
iRex keeps track of what you've already downloaded and successfully installed on your iLiad. So if you are already fully patched with the latest software, you won't see the download URLs (if you use the same email/password combination as for your iLiad and its serial number) - in other words, if you want to go snooping around, next time there is an upgrade, don't upgrade your iLiad before using this tool ;)

That's cool.

I'll try it right now.

Thanks for releasing it.

It works. Real good work. Now vise versa, I want to see some open "Project Gutenberg" - iDS Server out threre :-).

It works. Real good work. Now vise versa, I want to see some open "Project Gutenberg" - iDS Server out threre :-).
That would be easy - if we were allowed to change the iDS IP manually in the iLiad settings.

Other than that, your only chance is to spoof the iDS IP and redirect it to your own location. This way, of course, you could also flash the iLiad with your own firmware (which is what most people here would love to do, I think) ;)

That would be easy - if we were allowed to change the iDS IP manually in the iLiad settings.

Ok, does someone know exactly what response the iLiad is expecting from iDS in order to download some content and put it into, let's say, the news directory? :-)

That would be easy - if we were allowed to change the iDS IP manually in the iLiad settings.


You can provide a different primary DNS. Or is it number coded?

well, it should be enough to set your router so that ids.irexnet.com resolves to the IP you want.... :-)

That would be easy - if we were allowed to change the iDS IP manually in the iLiad settings.

Other than that, your only chance is to spoof the iDS IP and redirect it to your own location. This way, of course, you could also flash the iLiad with your own firmware (which is what most people here would love to do, I think) ;)
Actually you could provide the answer to that.

If you opened a proxy server of say: http://ids.mobileread.com:8080 we could set that as our proxy in an iLiad "mobileread" profile and you could serve content by having the proxy point ids.irexnet.com to ids.mobileread.com:80.

I'm willing to help set it up.

I hadn't seen this anywhere else so I'm putting it up here...

This is the dump from the iLiad client certificate:
Owner: EMAILADDRESS=ca@irextechnologies.com, CN=iRex Technologies BV Cert Authority, O=iRex Technologies BV, L=Eindhoven, ST=Brabant, C=NL
Issuer: EMAILADDRESS=ca@irextechnologies.com, CN=iRex Technologies BV Cert Authority, O=iRex Technologies BV, L=Eindhoven, ST=Brabant, C=NL
Serial number: eda1401cecd3000a
Valid from: Fri Oct 14 07:33:33 PDT 2005 until: Wed Oct 13 07:33:33 PDT 2010
Certificate fingerprints:
MD5: CC:C7:1C:ED:03:0D:60:AF:33:34:6F:0D:D7:3D:F3:32
SHA1: F8:5D:6E:AE:C6:52:3B:19:0D:5C:ED:96:25:DF:81:32:EC :DE:8E:2C

I wonder why they're using a "self signed" SSL certificate? Well why wonder when it makes our life easier right?

Thwy could change it if they get a big partner interested on strong DRM. If at the end they do not get any, it is absurd to have strong defenses. Besides, a serious DRM could have its own hardware system based in the SDcard or in the CFcard.

Several months ago there was a rumor that the iLiad had one of the Philips TPM chips installed. I haven't seen much evidence of that so far...

Several months ago there was a rumor that the iLiad had one of the Philips TPM chips installed. I haven't seen much evidence of that so far...

Neither me, but we have not documented all the chips in the board. Still, I think that a more useful strategy for vertical or B2B markets is to have a CF-card device on charge of the autentification and decription. The iDS should send an encrypted document and the CF device should do the decription. If they want maximum security (example, to avoid a decrypted document to leak from the /tmp to some user directory) the card based device can work in a by page basis, or to interact with some extra software instead of xpdf or minimo. As someone has noticed, the iLiad display can be scanned, so to try to control the last phase from decryption to display is nonsense.

The TPM chips can do flow through encryption/decryption and have a secure onboard key storage module.

http://en.wikipedia.org/wiki/Trusted_Platform_Module

Web2iDS is a PHP script that uses undocumented XML commands to communicate with the iRex Delivery Server (iDS). Although I wrote the script, all credits should go to TadW who did the main work by finding the XML sequences through connection sniffing (http://www.mobileread.com/forums/showthread.php?t=7091) and trial and error.


Thanks for this great piece of work guys. Here is a very simple perl/LWP script that accesses the IDS server in the same way for those of you that don't have php and want to experiment. It should be called ids.pl, but the forum doesn't like .pl files, so I've called it ids.txt.

Thanks for this great piece of work guys. Here is a very simple perl/LWP script that accesses the IDS server in the same way for those of you that don't have php and want to experiment. It should be called ids.pl, but the forum doesn't like .pl files, so I've called it ids.txt.
And thank you, too ;)

We just enabled upload of Perl (.pl) files.

Actually you could provide the answer to that.

If you opened a proxy server of say: http://ids.mobileread.com:8080 we could set that as our proxy in an iLiad "mobileread" profile and you could serve content by having the proxy point ids.irexnet.com to ids.mobileread.com:80.



I have tried this. I have written a mini-ids server as a mod-perl handler. It parses the XML sent by the Iliad and sends back appropriate responses - just handles Ping, GetServerURI and GetUpgradeSoftware at the moment - but these should be enough to see if the concept works.

I ran this server on my LAN and connected the Iliad to it through a squid proxy.

Although it works fine with the web2ids software, and (as far as I can tell) the responses and headers are identical to the ones sent back by the real IDS server, the Iliad won't play ball. It believes that it has found IDS, sends several Ping requests, then gives up with an error in download message.

I can only guess that it doesn't like my self-signed SSL cert. If anybody has any ideas about how I can pursue this one further or anything I might have missed, I'd be pleased to hear from you. Happy to give access to my server if it would be useful.

Although it works fine with the web2ids software, and (as far as I can tell) the responses and headers are identical to the ones sent back by the real IDS server, the Iliad won't play ball. It believes that it has found IDS, sends several Ping requests, then gives up with an error in download message.
The XML responses from Web2iDS are not complete. We'd have to dig further and see what the iLiad sends to the server and what it receives in return to write a working proxy.

The XML responses from Web2iDS are not complete. We'd have to dig further and see what the iLiad sends to the server and what it receives in return to write a working proxy.

So has anybody kept a full transcript of a conversation between Iliad and ids including all headers?

BTW, in case you were wondering, I have been sitting quietly waiting for the SDK for 3 months. Now I am fed up with waiting. Maybe we won't have an SDK until after Christmas. Even then it will most likely be highly restricted and won't let us do what we want to. So I am poking around again :happy2:

I have tried this. I have written a mini-ids server as a mod-perl handler.


Any chance you post this up...? Thanks...! :D

Any chance you post this up...? Thanks...! :D

Sure - here it is. I didn't post before because it is uncommented, hacky, and contains unrelated bits of other stuff I'm working on. Still - if you can live with that then you're welcome :square:

The .pl files should actually be .pm - but this extension isn't on the allowed list - sorry Alexander!

Sure - here it is. I didn't post before because it is uncommented, hacky, and contains unrelated bits of other stuff I'm working on. Still - if you can live with that then you're welcome :square:

The .pl files should actually be .pm - but this extension isn't on the allowed list - sorry Alexander!

Thanks... Will play with this when I have minute...!