I have to admit that I'm little bit pissed off - why my CVP cannot freely go to Internet!?

I'd like to share my music creations with all of you by means to publish it on web site and send you only link which you will use to direct your CVP's browser in order to download this and vice versa. But not, it's not possible yet! Actually it is technically possible right away but software in CVP disables this functionality to freely direct CVP's browser on arbitrary Internet site.

On Yamaha commercials one can read that their instruments have IDC (Internet Direct Connection). Actually they have connection not to Internet (world wide) but to one Internet site only! It smells like we're fooled a little bit.

However, my CVP has LAN and WLAN settings but PROXY settings too. Yesterday I came up to an idea to install small proxy server on my local computer in LAN (it was Proxy+ (http://www.proxyplus.cz)) which would sit between my CVP and IDC site and trace CVP/IDC request/responses to see what kind of browser is inside my CVP and where's this IDC site that my CVP points to by default and finally what is going on under the hood of this IDC communication.

The header of initial request "to Internet" from CVP browser looks like this:

GET http://direct.music.yamaha.com/cl/ HTTP/1.0
MIME-Version: 1.0
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
User-Agent: CVP-403/1.20 (BR; REGION_WORLDWIDE)
Accept-Language: en,ja,de,fr,es,it
Proxy-Connection: Keep-Alive
Host: direct.music.yamaha.com
Pragma: no-cache


OK what one can conclude from this request header?

CVP browser calling IDC site (regular Apache web server on RedHat) using HTTP protocol as expected (CVP's browser supports only HTTP ver. 1.0 while newer browsers that we usually use like IE or FF use HTTP ver. 1.1). So IDC site is:

http://direct.music.yamaha.com

This request header with this line User-Agent: CVP-403/1.20 (BR; REGION_WORLDWIDE) says that User-Agent (internal browser) is Yamaha's proprietary browser called "CVP" (403 here is my CVP model and 1.20 is firmware version - I upgraded it few days ago from ver. 1.00). Of course this browser is probably not developed from the scratch but based on known rendering engines like Mozilla/Gecko but I cannot be sure now. But having this information in header IDC site immediatelly know what CVP model requests IDC content, what is firmware installed in it etc. Could be useful for clever redirection and filtering of IDC content depending on supported features by CVP.

With line Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */* this browser sends info to IDC server that it is capable of representing GIF, XBMP, JPEG and even progressive JPEG images! Who would expect that from such a small and embedded browser!?

Line Accept-Language: en,ja,de,fr,es,it sends to IDC server info what are preferred languages to inform server what kind of content to return (in whivh language).

Other lines are not so important (just define not caching of content and MIME 1.0 support). It is not shown here but it also sends cookie content in order to keep session alive with IDC site, but again not important for this overview. (Guys familiar with web development will know what I'm talking about).

However this browser is much sophisticated that I expected at the beginning; it supports; various content formatting, various image formats, web forms, web frames JavaScript ... amazing.

Huh, I'd like to take advantage of it!

As previously stated IDC site is: http://direct.music.yamaha.com. I know that some of you already clicked on this link with big expectations but nothing specially happened. Yamaha just returned their official IDC site's content which does not look like content on your CVP.

Of course web application logic on Yamaha's side checks the browser type from mentioned request header that all browsers send while communicating with servers on other side; if it is CVP (mentioned before) IDC's web server returns IDC's content like this one below (rendered inside Firefox and cropped for this forum) otherwise it returns regular content.

IDC content:
312

So in order to get back real IDC content (as shown above) you have to represent yourself (I mean your browser should do that) to IDC as CVP browser not Internet Explorer or Firefox. One can do that by tampering header data (here's TamperData (http://tamperdata.mozdev.org) and it as Firefox add.on (https://addons.mozilla.org/en-US/firefox/addon/966)) and define User-Agent parameter content as CVP. Since for IDC this is request as one sent from CVP itself, it will return content as for CVP.

Learn Music:
313
Get Music:
314
Songs:
315
Styles:
316

This content is adjusted for representation and pointer buttons on CVP. Links will not work as standard links in Firefox. One have to research the source of these web pages to see where all these links point to.

Generally for those familiar with web development, IDC has one controller (probably MVC design) index.php which redirects requests according to action parameter sent like:

http://direct.music.yamaha.com/index.php?action=LearnMusic
http://direct.music.yamaha.com/index.php?action=GetMusic

etc.

Finally, one can redirect CVP's request inside proxy to arbitrary address so I redirected my CVP (address: direct.music.yamaha.com) to my private web server and it works! CVP on LCD rendered the content of my web server.

Now I can redirect it on any other site on Internet.

I can say now that I have WIDC (Whole Internet Direct Connection) :p

Of course this is not convenient method and I will hardly take advantage of this but... as Bogat said to Louis, "I think this is the beginning of a beautiful friendship" (between me and Yamaha)

Does your proxy server take care of protecting your CVP from viruses? What if the site you go to employs the use of popups?

Nice job, Stjepan. Very interesting the things you have thought to accomplish with your instrument.

Does your proxy server take care of protecting your CVP from viruses? What if the site you go to employs the use of popups?

CVP viruses?, viruses like all other programs (even more) depend on operating system behind. There's no viruses for CVP's operating system. Even if there were viruses for CVP OS, simple proxy wouldn't help here not jeopardize more CVP. Proxy here is just one step more in communication between CVP and IDC site. (More sophisticated proxies could be configured to check and filter content for viruses but this is beyond the scope of this discussion).

Nice job, Stjepan. Very interesting the things you have thought to accomplish with your instrument.

As Danny told once, this group in not about creating music only (there's a lot of them as such) but about CVP itself (CVP functionalities).

This thread is totally technically oriented not musically I know but ...

CVP viruses?, viruses like all other programs (even more) depend on operating system behind. There's no viruses for CVP's operating system. Even if there were viruses for CVP OS, simple proxy wouldn't help here not jeopardize more CVP. Proxy here is just one step more in communication between CVP and IDC site. (More sophisticated proxies could be configured to check and filter content for viruses but this is beyond the scope of this discussion).

I only brought up the question of viruses because the CVP is an awfully expensive computer to have someone maliciously attack. It was a big picture type of question. One I assume Yamaha would want to answer before they open up the full capability of the browser in future releases.



As Danny told once, this group in not about creating music only (there's a lot of them as such) but about CVP itself (CVP functionalities).

This thread is totally technically oriented not musically I know but ...



Don't get me wrong, I like the topic.

I only brought up the question of viruses because the CVP is an awfully expensive computer to have someone maliciously attack. It was a big picture type of question. One I assume Yamaha would want to answer before they open up the full capability of the browser in future releases.

I was really surprised to see how complex HTML content this browser can render. I expected rudimentary functionality (text, few image types and that's it). I think there's no security concerns. This CVP (browser) is opened (or closed if you prefer) to Internet public the same allowing to direct it on arbitrary site or not.

I'm pretty sure that the reason for not allowing opening other Internet sites is their own IDC service for selling songs, sheet music, styles etc. It's actually content sharing monopoly. Their thinking is probably that allowing other to openly share their songs, styles etc. over Internet would result in lower profit from their own site.

Don't get me wrong, I like the topic.
I'm glad to hear that, it sounded to me before that I went far away from he purpose of this forum.

Hi !

What proxy do you use ? If, by chance, you use squid, could you give the configuration you used ?

Thank you !

In my first post I said that I was using Proxy+ but it doesn't matter what proxy you use. Yamaha has possibility to connect to IDC directly or through proxy. The main idea is to redirect (while proxying) Yamaha's only request to IDC site to another arbitrary site. When proxy receives a request from CVP, it should make it go on another site. So, this could be Proxy+, Squid on Linux or any other proxy server.