Easy to Read Bicycle Computer

[David Schneider] had trouble seeing his bike computer in the sunlight and wanted a navigation solution that would be both readable and not require a smart phone. In good hacker fashion, [David] married a Raspberry Pi and a Kindle Touch (the kind with the E-ink display). The Kindle provides a large and easy-to-read display.

[David] was worried about violating the DCMA by modifying the Kindle. Turns out, he didn’t have to. He simply used the book reader’s Web browser and set the Pi up as a wireless access point. One clever wrinkle: Apparently, the Kindle tries to phone home to Amazon when it connects to a wireless network. If it can’t find Amazon, it assumes there’s no valid network and treats the network as invalid. To solve this issue, [David] causes the Pi to spoof the Kindle into thinking it gets a valid response from Amazon.

The other work around was to change how the Python application on the Pi updates the screen. [David] found that without that optimization, the constant redrawing on the E-ink display was annoying. The Pi-related hardware includes a GPS, some reed switches, and a WiFi dongle.

Continue reading “Easy to Read Bicycle Computer”

How the Kindle Touch jailbreak was discovered

The Kindle Touch has been rooted! There’s a proof video embedded after the break, but the best part about this discovery is that [Yifan Lu] wrote in-depth about how he discovered and exploited a security hole in the device.

The process begins by getting a dump of the firmware. If you remove the case it’s not hard to find the serial port on the board, which he did. But by that time someone else had already dumped the image and uploaded it. We guess you could say that [Yifan] was shocked by what he found in the disassembly. This a ground-up rewrite compared to past Kindle devices and it seems there’s a lot to be hacked. The bootloader is not locked, but messing around with that is a good way to brick the device. The Javascript, which is the language used for the UI, is not obfuscated and Amazon included many hooks for later plugins. Long story short, hacks for previous Kindles won’t work here, but it should be easy to reverse engineer the software and write new ones.

Gaining access to the device is as easy as injecting some HTML code into the UI. It is then run by the device as root (no kidding!). [Yifan] grabbed an MP3 file, changed its tag information to the HTML attack code, then played the file on the device to exploit the flaw. How long before malicious data from illegally downloaded MP3 files ends up blanking the root file system on one of these?

Continue reading “How the Kindle Touch jailbreak was discovered”