UPnP A/V profile
The UPnP A/V profile was developed specifically for distributing and playing
digital content, such as music and films over the network. There are generally
two types of devices that are of interest for hacking: media servers, that
store content and stream it over the network, and media renderers, that can
play content on speakers, or a TV set.
After the Internet Gateway Device (IGD) profile the A/V (audio/video) profiles are the most widely used UPnP profiles and have been implemented in hardware boxes, such as network storage devices and media players, but also in various software players.
The MediaServer and MediaRenderer profiles have gone through various generations. Two versions of the specifications were released. Version 1.0 was released in 2002, while version 2.0 was released in 2006. The Digital Living Network Alliance (DLNA) has standardized on version 1.0.
The MediaServer profile is a simple container for a few
- AV Transport
With the MediaRenderer profile I want to see how easy it is to play content on
a device remotely and to create a possibility to do multimedia spamming, like
audio or video spamming.
I have successfully applied this technique to the Noxon Audio device, but have not yet found other devices that can do this, but that is entirely because I just have a few MediaRenderer devices (more are welcome. If you can, please consider donating one). I am still not sure whether or not this is intended behaviour, since the specifications don't say anything about it. I am assuming that it is "legal" according to the specifications (and maybe even a selling point for some manufacturers). Maybe it should not have been. Once again it is shown that ease of use and security are orthogonal.
UPnP A/V devices
For my tests I have a few devices, mostly MediaServers. I am still looking for
a few MediaRenderers, since my guess is that most mayhem can be done
- Noxon Audio
- NETGEAR EVA700
- Excito Bubba
- Google MediaServer
- Linksys WRT350Nv2