Amazon Fire TV Update Bricks Hacked Devices

The Amazon Fire TV is Amazon’s answer to all of the other streaming media devices on the market today. Amazon is reportedly selling these devices at cost, making very little off of the hardware sales. Instead, they are relying on the fact that most users will rent or purchase digital content on these boxes, and they can make more money in the long run this way. In fact, the device does not allow users to download content directly from the Google Play store, or even play media via USB disk. This makes it more likely that you will purchase content though Amazon’s own channels.

We’re hackers. We like to make things do what they were never intended to do. We like to add functionality. We want to customize, upgrade, and break our devices. It’s fun for us. It’s no surprise that hackers have been jail breaking these devices to see what else they are capable of. A side effect of these hacks is that content can be downloaded directly from Google Play. USB playback can also be enabled. This makes the device more useful to the consumer, but obviously is not in line with Amazon’s business strategy.

Amazon’s response to these hacks was to release a firmware update that will brick the device if it discovers that it has been rooted. It also will not allow a hacker to downgrade the firmware to an older version, since this would of course remove the root detection features.

This probably doesn’t come as a surprise to most of us. We’ve seen this type of thing for years with mobile phones. The iPhone has been locked to the Apple Store since the first generation, but the first iPhone was jailbroken just days after its initial release. Then there was the PlayStation 3 “downgrade” fiasco that resulted in hacks to restore the functionality. It seems that hackers and corporations are forever destined to disagree on who actually owns the hardware and what ownership really means. We’re locked in an epic game of cat and mouse, but usually the hackers seem to triumph in the end.

How To Get 50 More Zed From Your Rigol DS1054Z

[Chris] has been spending a lot of time in the wife’s sewing room lately, and things got pretty serious late last night as he hacked his shiny new Rigol DS1054Z to unlock the 1104Z capabilities lurking within.

The rumors are true, and ungoverning the software is as simple as looking up your serial number and knowing the right URL for generating a valid license. [Chris] ran into a dud site, but that’s the price of doing business in the shadowy parking garage basements of the interwebs. Once he knocked on the right door and uttered the secret word, however, he became the proud owner of 50MHz additional bandwidth, decoders for SPI, I²C, and RS-232, twice the storage depth, and all teh triggers that ship with the 1104Z.

Stick around for [Chris]’s video walk-through. Can’t rationalize the purchase even at the ridiculously low price point? Here’s one way to make it happen. You’ll laugh, you’ll cry, you’ll learn some French.

Continue reading “How To Get 50 More Zed From Your Rigol DS1054Z”

Finding a Shell in a Bose SoundTouch

Bose, every salesperson’s favorite stereo manufacturer, has a line of WiFi connected systems available. It’s an impressively innovative product, able to connect to Internet Radio, Pandora, music libraries stored elsewhere on the network. A really great idea, and since this connects to a bunch of web services, you just know there’s a Linux shell in there somewhere. [Michael] found it.

The SoundTouch is actually rather easy to get into. The only real work to be done is connecting to port 17000, turning remote services on, and then connecting with telnet. The username is root.

The telnet service on port 17000 is actually pretty interesting, and we’re guessing this is what the SoundTouch iOS app uses for all its wizardry. [Michael] put a listing of the ‘help’ command up on pastebin, and it looks like there are commands for toggling GPIOs, futzing around with Pandora, and references to a Bluetooth module.

Interestingly, when [Michael] first suspected there could be Linux inside this box, he contacted Bose support for any information. He figured out how to get in on his own, before Bose emailed him back saying the information is proprietary in nature.

Chromecast Is Root

Image from [psouza4] on the xda-developers forum

Chromecast is as close as you’re going to get to a perfect device – plug it in the back of your TV, and instantly you have Netflix, Hulu, Pandora, and a web browser on the largest display in your house. It’s a much simpler device than a Raspi running XBMC, and we’ve already seen a few Chromecast hacks that stream videos from a phone and rickroll everyone around you.

Now the Chromecast has been rooted, allowing anyone to change the DNS settings (Netflix and Hulu users that want to watch content not available in their country rejoice), and loading custom apps for the Chromecast.

The process of rooting the Chromecast should be fairly simple for the regular readers of Hackaday. It requires a Teensy 2 or 2++ dev board, a USB OTG cable, and a USB flash drive. Plug the Teensy into the Chromecast and wait a minute. Remove the Teensy, plug in the USB flash drive, and wait several more minutes. Success is you, and your Chromecast is now rooted.

Member of Team-Eureka [riptidewave93] has put up a demo video of rooting a new in box Chromecast in just a few minutes. You can check that out below.

Continue reading “Chromecast Is Root”

Chromecast bootloader exploit

chromecast-hack

Well that didn’t take long. The team over at GTVHacker have worked their magic on Chromecast. The HDMI dongle announced by Google last week was so popular they had to cancel their 3-free-months of Netflix perk. We think the thing is worth $35 without it, especially if we end up seeing some awesome hacks from the community.

So far this is just getting your foot in the door by rooting the device. In addition to walking through the exploit the wiki instructions give us a lot more pictures of the internals than we saw from the teardown in yesterday’s links post. There’s an unpopulated pad with seventeen connections on the PCB. You can patch into the serial connections this way, running at a 115200 8n1. But you won’t have terminal access out of the box. The exploit uses a vulnerability in the bootloader to flash a hacked system folder which provides root. After wiping the cache it reboots like normal but now you can access a root shell on port 23.

Continue reading “Chromecast bootloader exploit”

One Kindle launcher to rule them

kindle-launcher

Ask around and chances are you can find a friend or family member that still has their early generation Kindle but doesn’t use it anymore. There are quite a number of different things you can do with them, and now there’s a single Launcher that works for all models of hacked Kindles. KUAL is the Kindle Unified Application Launcher.

Loading the launcher on your device does require that it be Jailbroken/Rooted, but that’s really the entire point, right? Once on your device the system is easy to configure. Menus themselves can be customized by editing the XML and JSON pair for each list. The screenshot on the left illustrates some of the applications you might want to run. We could see a VNC viewer being useful, and everyone likes to have games — like Doom II or the entire Z-machine library — on hand when they unexpectedly get stuck somewhere. But MPlayer? Does anyone actually use their ePaper device to watch videos?

CASUAL seeks to make Android hacking OS agnostic

CASUAL-android-hacking-scripts

[Adam Outler] tipped us off about a cross-platform Android hacking suite he’s been working on. The project, which is called CASUAL, brings several things to the table. First and foremost it breaks down the OS requirements seen on some hacks. It can perform pretty much any Android hack out there and it doesn’t care if you’re using Linux, OS X, or Windows.

We’ve embedded two videos after the break. The screenshot seen above is from the first clip where [Adam] demonstrates the package rooting the Oppo Find5 Android phone. He then goes on to show off the scripting language CASUAL uses. This layer of abstraction should make it easier to deploy hacking packages, as CASUAL handles all of the underlying tools like the Android Debug Bridge, fastboot, and Heimdall (an open source Odin replacement which brings the low level tool to all OS platforms) . The second video demonstrates a Galaxy Note II being rooted, and having a new recovery image flashed.

Continue reading “CASUAL seeks to make Android hacking OS agnostic”