So you’ve been rooting devices eh? If you get caught you’re headed for the big house, the lockup, the pen, the joint, they’ll send you up the river, you better be careful! Seriously though, if you buy a device and circumvent the security features should that in itself be breaking the law? We’re not talking about stealing intellectual property, like playing copied games on a chipped system (yeah, that’s stealing). We mean unlocking a device so that you can use it for what you wish. Be it your own prototyping, or running open-source applications. Unfortunately if the current Digital Millennium Copyright Act exemptions expire it will be a crime.

Thankfully, [Bunnie] is doing something about this. You may remember him as the guy that found most of the ridiculous security holes in the original Xbox, or the brain behind the Chumby. Now’s he’s got an online petition where your voice can be heard. Speak up and let the US politicians know why unlocking a device isn’t a crime.

[via Twitter]

[Kubbur87] put together a guide to replacing the Non-touch Kindle 4 screensavers with your own images. We’ve already seen a way to remove the Special Offers banners from the newest version of Kindle Hardware, this hack lets you use your own 600×800 Portable Network Graphics (.png) file instead of the images pushed to the device by Amazon.

Frankly, we’re shocked at how easy this hack is. [Kubbur87] puts the device into developer mode, enables SSH, and then goes to work on the Linux shell within. It seems the only line of protection is the root password which he somehow acquired.

After the break you’ll find his videos which show how to enable developer mode and how to perform this hack. By putting a file named “ENABLE_DIAGS” with no extension on the device when it is recognized as a USB storage device you’ll gain access to the diagnostic menu system. From there it’s just a matter of cruising that menu to get SSH access. Like we said, you’ll need the root password, that that’s as easy as naming your favorite video game character from the 1980′s.

Read the rest of this entry »

[Chris'] family made the mistake of giving him a hackable Christmas gift. We’d bet they didn’t see much of him for the rest of the day as he set about rooting this Android wristwatch.

This thing has some pretty powerful hardware under the hood. It’s sporting an OMAP3 processor running at 600 MHz along with 256 MB of RAM. [Chris] needed to get his hands on a firmware image in order to look for security holes. He found a way to spoof the update application in order to intercept an upgrade image from the Internet.

He dumped the firmware locations and got to work searching for a way to exploit the device. Details are a bit scarce about want exactly he did, but you can download his modified image, letting you root your own Motorola Actv using the Android Debug Bridge.

We’ve embedded a demo video after the break. The OS is pretty snappy on the tiny device. We’re not sure what will come of this functionality, but we assume [Chris] was really only interested in the challenge of rooting process itself.

Read the rest of this entry »

The Kindle Touch has been rooted! There’s a proof video embedded after the break, but the best part about this discovery is that [Yifan Lu] wrote in-depth about how he discovered and exploited a security hole in the device.

The process begins by getting a dump of the firmware. If you remove the case it’s not hard to find the serial port on the board, which he did. But by that time someone else had already dumped the image and uploaded it. We guess you could say that [Yifan] was shocked by what he found in the disassembly. This a ground-up rewrite compared to past Kindle devices and it seems there’s a lot to be hacked. The bootloader is not locked, but messing around with that is a good way to brick the device. The Javascript, which is the language used for the UI, is not obfuscated and Amazon included many hooks for later plugins. Long story short, hacks for previous Kindles won’t work here, but it should be easy to reverse engineer the software and write new ones.

Gaining access to the device is as easy as injecting some HTML code into the UI. It is then run by the device as root (no kidding!). [Yifan] grabbed an MP3 file, changed its tag information to the HTML attack code, then played the file on the device to exploit the flaw. How long before malicious data from illegally downloaded MP3 files ends up blanking the root file system on one of these?

Read the rest of this entry »

Amazon’s new tablet reader, the Kindle Fire has been rooted. Early this morning [Death2All110] posted the steps he took to gain root access to his device (which is so fresh out of the box it still smells new). The heavy lifting is done by a package called SuperOneClick which aims to root all manner of phones and devices running Android.

There’s a bit more than the one click necessary, but not by much. Using the Android Developer Bridge in conjunction with the SDK you need to put in a value that will be recognized as the VID. From there, turn on the ability to install apps from unknown developers, re-enumerate the device on your PC and run the one-click package.

What can you do with this? Well, it completely opens up the Android OS so that you can bend it to your will. We haven’t seen any demonstrations yet, but it should be even better than what we saw done with the Sony PRS-T1.

[Addictive Tips via Reddit]

Cries of “I am root!” abound once again with the rooting of Sony’s PRS-T1 eBook reader. The eBook Reader Blog took the original rooting directions and then looked at some of the things you can do with root access.

This hardware is based around an ePaper display, but we must say that the performance seems to be fantastic. There may be a few missing features from the original user interface (like how pages are turned) that can be fixed with root access, but we think it’s the added Android access that makes this worth it. In the video after the break you’ll see that you can drop through to the Android 2.2 desktop and install any application you’re interested in using. This is a multi-touch display so it’s well suited for navigation although applications don’t work well yet because of excessive screen refreshing. But we’re sure that will improve with time. Of note is the ability to play music through apps like Pandora, and the ability to load content from other providers like Amazon books via the Kindle app.

Every time we write one of these rooted features we can’t help but think back to this I’m a Mac spoof video…. you’ll see why in the last few seconds.

Read the rest of this entry »

Apparently Verizon customers are expected to pay for a second data plan if they want to be allowed to use a cellphone as a mobile hotspot. This means one data plan for the phone, and a second for the tethering. [DroidBionicRoot] thinks this is a little silly since there is already a data cap on the phone’s plan. But he’s found a way around it if you don’t mind rooting the phone to enable free tethering.

Not surprisingly it’s a very simple alteration. The phone is already capable of tethering, to enable the feature without Verizon’s permission just edit one database value. In the video after the break, [DroidBionicRoot] starts the process with a rooted Droid Bionic handset. He purchases an app for $2.99 which allows him to edit SQL databases on the handset. From there he navigates to the ‘Settings Storage’ database and changes the ‘entitlement_check’ key value to 0. Reboot the phone and tethering is now unlocked.

Read the rest of this entry »

[Shawn] emailed us some pictures and a description of his latest hack. He cracked open a Rosewill RXS-3211 IP Camera because the output of the web interface made him certain that it was running Linux and he wanted to unlock some more potential from the device. These cameras are used for security, and offer a browser-based interface via a WiFi connection. After studying the circuit board he started poking around an unpopulated set of four pads and managed to get a serial connection up and running. The device’s serial terminal operates at 115200 baud using eight data bits, one stop bit, and even parity.

He wonder where to go from here and we have a few ideas. You can see in the terminal readout above that it announces when motion is detected. We think this motion detection would be quite useful with a small rover while adding live video broadcasting at the same time. An embedded Linux system should be able to interface with the device and we think that a bit of creative coding would open up the WiFi connection for other use as well. Not bad for a module that can be had for as little as $29. We’ve included all the images [Shawn] sent us after the break and we’d love to hear your thoughts on what you’d use this for in the comments.

Read the rest of this entry »