Root, On An Amazon Echo Dot

July 22, 2023 by Jenny List 38 Comments

The Amazon Echo has become an indispensable device for many people unconcerned by its privacy implications. It’s easy to forget that it’s not quite a new product anymore, with the oldest examples now long in the tooth enough to no longer receive security updates. A surprise is that far from being mere clients to Amazon cloud services, they in fact run a version of Android. This makes old dots interesting to experimenters, but first is it possible to gain root access? [Daniel B] has managed it, on a second-generation Echo Dot.

In a sense, this is nothing new, as root has previously been achieved on an Echo Dot through means of a patched kernel. Echo devices use a chain of trust boot process in which each successive step must verify the Amazon signing of the previous one. The kernel patch method breaks the ability to reboot the device with root access. [Daniel’s] method bypasses that chain of trust by using a custom pre-loader injected over USB through an exploit.

As an example, [Daniel] created a web server on his Dot, which can serve audio captured by the device. Don’t panic just yet — an analysis of the other security features suggests that this is not the dangerous exploit it might seem. It does however open up these powerful but now pretty cheap devices as potentially usable for other purposes, which can only be a good thing.

We’ve previously brought you [Daniel]’s work freeing the WiFi details from a Dot.

Turning Old Kindles Into AI Powered Picture Frames

May 15, 2023 by Tom Nardi 4 Comments

While we tend to think of Amazon’s e-paper Kindles as more or less single-purpose devices (which to be fair, is how they’re advertised), there’s actually a full-featured Linux computer running behind that simple interface, just waiting to be put to work. Given how cheap you can get old Kindles on the second hand market, this has always struck us as something of a wasted opportunity.

This is why we love to see projects like Kindlefusion from [Diggedypomme]. It turns the Kindle into a picture frame to show off the latest in machine learning art thanks to Stable Diffusion. Just connect your browser to the web-based control interface running on the Kindle, give it a prompt, and away it goes. There are also functions to recall previously generated images, and if you’re connecting from a mobile device, support for creating images from voice prompts.

You can find cheap older Kindles on eBay.

All you need is a Kindle that can be jailbroken, though technically the software has only been tested against older third and fourth-generation hardware. From there you install a few required packages as listed in the project documentation, including Python 3. Then you just move the Kindlefusion package over either via USB or SSH, and do a little final housekeeping before starting it up and letting it take over the Kindle’s normal UI.

Given the somewhat niche nature of Kindle hacking, we’re particularly glad to see that [Diggedypomme] went through the trouble of explaining the nuances of getting the e-reader ready to run your own code. While it’s not difficult to do, there are plenty of pitfalls if you’ve never done it before, so a concise guide is a nice thing to have. Unfortunately, it seems like Amazon has recently gone on the offensive, with firmware updates blocking the exploits the community was using for jailbreaking on all but the older models that are no longer officially supported.

While it’s a shame you can’t just pick up a new Kindle and start hacking (at least, for now), there are still millions of older devices floating around that could be put to good use. Hopefully, projects like this can help inspire others to pick one up and start experimenting with what’s possible.

Continue reading “Turning Old Kindles Into AI Powered Picture Frames” →

Softmod An Xbox, And Run Your Own Software

June 5, 2022 by Donald Papp 17 Comments

The original Xbox might be old hardware, but that doesn’t mean it’s not worth messing with. Wonder what it takes to softmod an original Xbox? Modding is essentially jailbreaking, and softmodding is doing it using an entirely software-driven process, with no need to crack open the case or mess with electronics.

Don’t let that fool you into thinking the process requires nothing more than pressing a button; it’s actually quite involved, but more accessible now that [ezContents] has published a comprehensive walkthrough for softmodding an original Xbox, complete with loads of screenshots and photos.

The process uses a softmodding tool but that’s only the first step. Making the magic happen comes from installing a carefully crafted save file to the console, booting with an exploited game disk, and then installing software that the manufacturer doesn’t want on the hardware, via a process that the manufacturer doesn’t want to happen. Considering that, it’s expected to have to jump through a few hoops.

Now that your original Xbox is freed from its shackles without having to crack open the case, maybe crack it open anyway and check it for leaking caps and internal RTC batteries before it dies a corrosive death.

Change Desktop Environments On… IOS?

November 19, 2021 by Bryan Cockfield 32 Comments

While Apple’s modern operating systems may seem like they exist independently of the rest of the computing world, they are actually close cousins of modern versions of Linux. The primary link between the two is that Apple’s offerings are Unix-based and even though Linux isn’t Unix in the strict sense, it’s built to be extremely Unix-like. Plenty of Linux software is POSIX-compliant, meaning it is effectively compatible with true Unix. But what can we do with that information? Well, to start, we can run Linux desktop environments on top of an iOS install on your favorite iPhone or iPad.

To be sure, we will be filing this hack in the “because you can” category. [Torrekie], the creator of this project, has plenty of builds (Google translate from Chinese) where the boundaries between things like Linux and Unix are either blurred or nonexistant. In this particular project, a jailbroken iOS device is essentially gifted a ported version of XFCE which is able to run fairly well on iOS thanks to its compatibility with Unix environments. Details on how this was accomplished are sparse without a full investigation of the source code right now, but you can head over to the repository if you are curious enough to try this for yourself. [Torrekie] does note that this will only work with iOS devices that have been jailbroken using the “unc0ver” jailbreak only though.

To be sure, the relationship between modern Apple operating systems and Linux is about as close as modern Porsches and the Volkswagen Beetle, but either way the two are close enough to get interesting and impressive mashups like this project. For now only time will tell if using XFCE on iOS will be useful for anyone, but other projects bridging the gap between Linux and Apple are sure to be more immediately fruitful.

Oculus Go VR Headset Gets Root Access, No Jailbreak Needed

October 21, 2021 by Donald Papp 16 Comments

The Oculus Go, Facebook’s first generation standalone VR headset, hit the market back in 2018 but it’s taken until now for owners to get an official unlocked OS build. The release was hinted at by former Oculus CTO John Carmack in a recent Tweet as something he had been pushing for years. This opens the hardware completely, allowing root access without the need for an unofficial jailbreak.

Oculus Go headset [image: WikiMedia Commons]

The Oculus Go is Android-based and has specifications that are not exactly cutting edge by VR standards, especially since head tracking is limited to three degrees of freedom (DoF). This makes it best suited to seated applications like media consumption. That said, it’s still a remarkable amount of integrated hardware that can be available for a low price on the secondary market. Official support for the Go ended in December 2020, and the ability to completely unlock the device is a positive step towards rescuing the hardware from semi-hoarded tech junk piles where it might otherwise simply gather dust.

When phone-based VR went the way of the dodo, millions of empty headsets went obsolete with it for a variety of reasons, but at least this way perfectly-good (if dated) hardware might still get some use in clever projects. Credit where credit is due; opening up root access to old but still perfectly functional hardware is the right thing to do, and it’s nice to see it happening.

Software Removes The Facebook From Facebook’s VR Headset (Mostly)

October 13, 2021 by Donald Papp 18 Comments

It’s not a jailbreak, but [basti564]’s Oculess software nevertheless allows one the option to remove telemetry and account dependencies from Facebook’s Oculus Quest VR headsets. It is not normally possible to use these devices without a valid Facebook account (or a legacy Oculus account in the case of the original Quest), so the ability to flip any kind of disconnect switch without bricking the hardware is a step forward, even if there are a few caveats to the process.

To be clear, the Quest devices still require normal activation and setup via a Facebook account. But once that initial activation is complete, Oculess allows one the option of disabling telemetry or completely disconnecting the headset from its Facebook account. Removing telemetry means that details about what apps are launched, how the device is used, and all other usage-related data is no longer sent to Facebook. Disconnecting will log the headset out of its account, but doing so means apps purchased from the store will no longer work and neither will factory-installed apps like Oculus TV or the Oculus web browser.

What will still work is the ability to sideload unsigned software, which are applications that are neither controlled nor distributed by Facebook. Sideloading isn’t on by default; it’s enabled by putting the headset into Developer Mode (a necessary step to installing Oculess in the first place, by the way.) There’s a fairly active scene around unsigned software for the Quest headsets, as evidenced by the existence of the alternate app store SideQuest.

Facebook’s control over their hardware and its walled-garden ecosystem continues to increase, but clearly there are people interested in putting the brakes on where they can. It’s possible the devices might see a full jailbreak someday, but even if so, what happens then?

PS2 Emulation On The Xbox Series S: A Story Of Walled Gardens

December 15, 2020 by Maya Posch 25 Comments

It’s hardly a secret any more at this point that today’s game consoles from Microsoft and Sony are essentially AMD gaming rigs packed up into a custom package and with tweaked system software. So it’s not too surprising that enterprising hackers got the Playstation 2 emulator of RetroArch running on an Xbox Series X|S game console despite Microsoft’s attempts to stop them. (Video, embedded below.)

It’s possible to sneak the RetroArch app past Microsoft’s security checkpoints by shelling out $19 for a Microsoft Developer Account, setting up Developer Mode on the XBox console, and getting the Universal Windows Platform (UWP) port of RetroArch from the official website. This has the advantage of it being a blessed-by-the-Redmond-gods approach. But one cannot play retail games in Developer Mode and large games due to a 2 GB limit.

More recently, a hacker by the name of [tunip3] found a flaw in the Xbox app distribution system which allows one to download a ‘retail’ version of RetroArch. This involves marking the RetroArch app as ‘private’, allowing it to skip a review by Microsoft. People whose email address is on a whitelist are then granted download permission for that app on their Xbox console. The advantage of this ‘retail’ approach is that it does not feature the 2 GB filesize limits. The disadvantage is that Microsoft is free to take the app down and ban [tunip3]’s developer account.

My Way Versus the Highway

A lot about this comes down to a simple question of ‘why?’. Why even jump through these hoops to set up a limited, possibly ToS-breaking emulator on what is ultimately a gaming PC running Windows 10? Why not use that Raspberry Pi 4 or NUC system that’s been giving you sad eyes for the past months from where it’s been stuffed into a dusty corner?

Continue reading “PS2 Emulation On The Xbox Series S: A Story Of Walled Gardens” →