Rooting the Amazon Fire TV Cube with an Arduino

Amazon might not be happy about it, but at least part of the success of their Fire TV Stick was due to the large hacking and modification scene that cropped up around the Android-powered device. A quick search on YouTube for “Fire Stick Hack” will bring up a seemingly endless array of videos, some with millions of views, which will show viewers how to install unofficial software on the little media dongle. Now it looks like their latest media device, the Fire TV Cube, is starting to attract the same kind of attention.

The team at [Exploitee.rs] has recently taken the wraps off their research which shows the new Fire TV Cube can be rooted with nothing more than an Arduino and an HDMI cable you’re willing to cut apart. Of course, it’s a bit more complicated than just that, but between the video they’ve provided and their WiKi, it looks like all the information is out there for anyone who wants to crack open their own Cube. Just don’t be surprised if it puts you on the Amazon Naughty List.

The process starts by putting the device’s Amlogic S905Z into Device Firmware Upgrade (DFU) mode, which is done by sending the string “boot@USB” to the board over the HDMI port’s I2C interface. That’s where the HDMI cable comes in: you can cut into one and wire it right up to your Arduino and run the sketch [Exploitee.rs] has provided to send the appropriate command. Of course, if you want to get fancy, you could use an HDMI breakout board instead.

With the board in DFU mode in you gain read and write access to the device’s eMMC flash, but that doesn’t exactly get you in because there’s still secure boot to contend with. But as these things tend to go, the team was able to identify a second exploit which could be used in conjunction with DFU mode to trick the device into disabling signature verification. Now with the ability to run unsigned code on the Fire TV Cube, [Exploitee.rs] implemented fastboot to make it easier to flash their custom rooted firmware images to the hardware.

As with the Fire TV Stick before it, make sure you understand the risks involved when you switch off a device’s security features. They’re often there to protect the end user as much as the manufacturer.

Continue reading “Rooting the Amazon Fire TV Cube with an Arduino”

Learn to Optimize Code in Assembly… for Android

When programming a microcontroller, there are some physical limitations that you’ll come across much earlier than programming a modern computer, whether that’s program size or even processor speed. To make the most use of a small chip, we can easily dig into the assembly language to optimize our code. On the other hand, modern processors in everyday computers and smartphones are so fast and have so much memory compared to microcontrollers that this is rarely necessary, but on the off-chance that you really want to dig into the assembly language for ARM, [Uri Shaked] has a tutorial to get you started.

The tutorial starts with a “hello, world” program for Android written entirely in assembly. [Uri] goes into detail on every line of the program, since it looks a little confusing if you’ve never dealt with assembly before. The second half of the program is a walkthrough on how to actually execute this program on your device by using the Android Native Deveolpment Kit (NDK) and using ADB to communicate with the phone. This might be second nature for some of us already, but for those who have never programmed on a handheld device before, it’s worthwhile to notice that there are a lot more steps to go through than you might have on a regular computer.

If you want to skip the assembly language part of all of this and just get started writing programs for Android, you can download an IDE and get started pretty easily, but there’s a huge advantage to knowing assembly once you get deep in the weeds especially if you want to start reverse engineering software or bitbanging communications protocols. And if you don’t have an Android device handy to learn on, you can still learn assembly just by playing a game.

Ask Hackaday: Why Aren’t We Hacking Cellphones?

When a project has outgrown using a small microcontroller, almost everyone reaches for a single-board computer — with the Raspberry Pi being the poster child. But doing so leaves you stuck with essentially a headless Linux server: a brain in a jar when what you want is a Swiss Army knife.

It would be a lot more fun if it had a screen attached, and of course the market is filled with options on that front. Then there’s the issue of designing a human interface: touch screens are all the rage these days, so why not buy a screen with a touch interface too? Audio in and out would be great, as would other random peripherals like accelerometers, WiFi, and maybe even a cellular radio when out of WiFi range. Maybe Bluetooth? Oh heck, let’s throw in a video camera and high-powered LED just for fun. Sounds like a Raspberry Pi killer!

And this development platform should be cheap, or better yet, free. Free like any one of the old cell phones that sit piled up in my “hack me” box in the closet, instead of getting put to work in projects. While I cobble together projects out of Pi Zeros and lame TFT LCD screens, the advanced functionality of these phones sits gathering dust. And I’m not alone.

Why is this? Why don’t we see a lot more projects based around the use of old cellphones? They’re abundant, cheap, feature-rich, and powerful. For me, there’s two giant hurdles to overcome: the hardware and the software. I’m going to run down what I see as the problems with using cell phones as hacker tools, but I’d love to be proven wrong. Hence the “Ask Hackaday”: why don’t we see more projects that re-use smartphones?

Continue reading “Ask Hackaday: Why Aren’t We Hacking Cellphones?”

Hacker Pops Top On NFC Vending Machines

Vending machines used to be a pretty simple affair: you put some coins in, and food or drink that in all likelihood isn’t fit for human consumption comes out. But like everything else today, they are becoming increasingly complex Internet connected devices. Forget fishing around for pocket change; the Coke machine at the mall more often than not has a credit card terminal and a 30 inch touch screen display to better facilitate dispensing cans of chilled sugar water. Of course, increased complexity almost always goes hand in hand with increased vulnerability.

So when [Matteo Pisani] recently came across a vending machine that offered users the ability to pay from an application on their phone, he immediately got to wondering if the system could be compromised. After all, how much thought would be put into the security of a machine that basically sells flavored water? The answer, perhaps not surprisingly, is very little.

The write-up [Matteo] has put together is an outstanding case study in hacking Android applications, from pulling the .apk package off the phone to decompiling it into its principal components with programs like apktool and jadx. He even shows how you can reassemble the package and get it suitable for reinstallation on your device after fiddling around with the source code. If you’ve ever wanted a crash course on taking a peek inside of Android programs, this is a great resource.

By snooping around in the source code, [Matteo] was able to discover not only the location of the encrypted database that serves as the “wallet” for the user, but the routine that generates the encryption key. To cut a long story short, the program simply uses the phone’s IMEI as the key to get into the database. With that in hand, he was able to get into the wallet and give himself a nice stack of “coins” for the next time he hit the vending machines. Given his new-found knowledge of how the system works, he even came up with a separate Android app that allows adding credit to the user’s account on a rooted device.

In the video after the break, [Matteo] demonstrates his program by buying a soda and then bumping his credit back up to buy another. He ends his write-up by saying that he has reported his findings to the company that manufacturers the vending machines, but no word on what (if any) changes they plan on making. At the end of the day, you have to wonder what the cost-befit analysis looks like for a full security overhaul when when you’re only selling sodas and bags of chips.

When he isn’t liberating carbonated beverages from their capitalistic prisons, he’s freeing peripherals from their arbitrary OS limitations. We’re starting to get a good idea about what makes this guy tick.

Continue reading “Hacker Pops Top On NFC Vending Machines”

Golf Practice Made Easy with Robotics

When you think of sports, you usually think of something that takes a lot of physical effort. Golf is a bit different. Sure, you can get some walking in if you don’t take a cart. But mostly golfing is about coordination and skill and less about physical exertion. Until you want to practice driving. You hit a bucket of balls and then you have to go walk around and pick them up. Unless you have help, of course. In particular, you can delegate the task to a robot.

The robot that [webzuweb] built looks a little like a plywood robot vacuum. However, instead of suction, it uses some plywood disks to lift the balls and deposit them in a hopper. The electronics consist of an Arduino and an Orange Pi Lite. A GPS tells the robot where it is and it develops a search pattern based on its location.

Continue reading “Golf Practice Made Easy with Robotics”

iCub is the Robot that is Equally Cute and Creepy

We shouldn’t say iCub — the humanoid robot from Italy — is creepy. After all, human-like robots are in their infancy and an early computer or automobile would hardly be indicative of where those industries would take us. You can see the little guy in the video below.

The effort is open source and was part of an EU project that has been adopted by 20 labs around the world. The video just shows a guy in VR gear operating the robot, but the website has a lot of technical information if you want to know more.

Continue reading “iCub is the Robot that is Equally Cute and Creepy”

Reverse Engineered Media Controller From Car Is Best Friends With Android

The CAN bus is a rich vein to mine for a hacker: allowing the electronic elements of most current vehicles to be re-purposed and controlled with ease. [MikrocontrollerProjekte] has reverse engineered a CAN bus media and navigation controller and connected it to an STM32F746G-Discovery board. The STM32 is in turn connected to an Android phone, and allows the media controller to trigger a large number of functions on the phone, including music playback, maps, and general Android navigation.

When reverse engineering the controller, [MikrocontrollerProjekte] employed a variety of approaches. A small amount of information was found online, some fuzzing was done with random CAN bus IDs and messages, as well as some data logging with the device inside the car to identify message data to the relevant IDs on the bus.

The STM32F746G-Discovery board acts as a Human Interface Device (HID), emulating a mouse and keyboard connected to the Android phone via USB OTG. The LCD screen shows the output of the keystrokes and touchpad area. We’re not sure how useful the mouse-emulation would be, given that the phone has a touchscreen, but the media functions work really well, and would also make a really snazzy music controller for a PC.

We’ve covered plenty of other cool CAN bus hacks, like reverse-engineering this Peugeot 207, or this general purpose CAN sniffer.

Continue reading “Reverse Engineered Media Controller From Car Is Best Friends With Android”