A Better Way To Hack The Wink

January 5, 2015 by Brian Benchoff 33 Comments

If you’re looking for Home Automation appliances, you might want to check out the Wink Hub. It’s fifty bucks, and has six radios on board: WiFi, Bluetooth, Z-Wave, Zigbee, and 433MHz Lutron and Kidde. That’s an insane amount of connectivity in a very cheap package. It’s been pwnzor3d before, but dinnovative has a much better solution for getting root on this device.

Earlier methods of rooting the Wink involved passing commands via URLs – something that’s not exactly secure. The new method leverages what’s already installed on the Wink, specifically Dropbear, to generate public keys on the Wink hub and getting that key onto another computer securely. The complete exploit is just a few lines in a terminal, but once that’s done you’ll have a rooted Wink hub.

Even though the Wink hub has been rooted a few times before, we haven’t seen anything that leverages the capabilities of this hardware. There isn’t another device with a bunch of IoT radios on the market for $50, and we’re dying to see what people can come up with. If you’ve done something with your Wink, send it in on the tip line.

Rooting The Nest Thermostat

June 24, 2014 by Brian Benchoff 48 Comments

nest-300x293 A few months ago, Google bought a $3.2 billion dollar thermostat in the hopes it would pave the way for smart devices in every home. The Nest thermostat itself is actually pretty cool – it’s running Linux with a reasonably capable CPU, and adds WiFi to the mix for some potentially cool applications. It can also be rooted in under a minute,

As [cj] explains, the CPU inside the Nest has a Device Firmware Update mode that’s normally used for testing inside the Nest factory. This DFU mode can also be used to modify the device without any restrictions at all.

With a simple shell script, [cj] plugs the Nest into his laptop’s USB port, puts the device into DFU mode, and uploads a two-stage booloader to enable complete control over the Linux-powered thermostat.

As a bonus, the shell script also installs an SSH server and enables a reverse SSH connection to get around most firewalls. This allows anyone to remotely control the Nest thermostat, a wonderful addition to the Nest that doesn’t rely on iPhone apps or a cloud service to remotely control your Internet enabled thermostat.

Video of the rooting process below.

Continue reading “Rooting The Nest Thermostat” →

Jailbreaking The Kindle Paperwhite

October 5, 2012 by Brian Benchoff 32 Comments

The Kindle Paperwhite, Amazon’s newest e-ink reader featuring a touch interface with a higher contrast display, is now officially jailbroken.

[geekmaster], the geek master behind this hack, based his jailbreak off [Yifan]’s previous hack to jailbreak the Kindle Touch. Installation is a snap, and only requires you to upload the data.stgz file to the root directory of the Paperwhite and restart the device. On the next boot, the Paperwhite will be jailbroken, allowing you to do tons of cool stuff with a tiny Linux device connected to an e-ink screen.

We’ve already seen a few really cool uses for jailbroken Kindles including a weather station display and a serial terminal for your Raspberry Pi. Cracking the newer and better Kindle Paperwhite means those e-ink projects you’ve been thinking about building just became much more attractive.

One word of warning from [geekmaster], though: USB downloader mode isn’t yet enabled. If you brick your device, you’ll need to connect your Kindle to a serial port. This shouldn’t be a problem for Hackaday readers, but it is something to watch out for.

Petition For DMCA Exemptions Regarding Rooting/unlocking Gadgets

January 28, 2012 by Mike Szczys 71 Comments

So you’ve been rooting devices eh? If you get caught you’re headed for the big house, the lockup, the pen, the joint, they’ll send you up the river, you better be careful! Seriously though, if you buy a device and circumvent the security features should that in itself be breaking the law? We’re not talking about stealing intellectual property, like playing copied games on a chipped system (yeah, that’s stealing). We mean unlocking a device so that you can use it for what you wish. Be it your own prototyping, or running open-source applications. Unfortunately if the current Digital Millennium Copyright Act exemptions expire it will be a crime.

Thankfully, [Bunnie] is doing something about this. You may remember him as the guy that found most of the ridiculous security holes in the original Xbox, or the brain behind the Chumby. Now’s he’s got an online petition where your voice can be heard. Speak up and let the US politicians know why unlocking a device isn’t a crime.

[via Twitter]

Rooting Sony PRS-T1 Lets You Get At The Android Goodies

October 26, 2011 by Mike Szczys 25 Comments

Cries of “I am root!” abound once again with the rooting of Sony’s PRS-T1 eBook reader. The eBook Reader Blog took the original rooting directions and then looked at some of the things you can do with root access.

This hardware is based around an ePaper display, but we must say that the performance seems to be fantastic. There may be a few missing features from the original user interface (like how pages are turned) that can be fixed with root access, but we think it’s the added Android access that makes this worth it. In the video after the break you’ll see that you can drop through to the Android 2.2 desktop and install any application you’re interested in using. This is a multi-touch display so it’s well suited for navigation although applications don’t work well yet because of excessive screen refreshing. But we’re sure that will improve with time. Of note is the ability to play music through apps like Pandora, and the ability to load content from other providers like Amazon books via the Kindle app.

Every time we write one of these rooted features we can’t help but think back to this I’m a Mac spoof video…. you’ll see why in the last few seconds.

Continue reading “Rooting Sony PRS-T1 Lets You Get At The Android Goodies” →

1-Click Android Rooting

August 17, 2009 by Eliot 19 Comments

rooting

In the last few days, rooting the T-Mobile G1 and myTouch 3G has become much easier. [Zinx] released FlashRec which lets you flash a new recovery image onto your Android phone. It takes advantage of Linux kernel vulnerability CVE-2009-2692. The app lets you backup your current image and then flashes Cyanogen’s Recovery Image 1.4. Once that’s done, you can use any custom Android build you want. Android and Me has documented the entire process on their site and points out the ridiculously large number of custom ROMs that are out there. Embedded below is a video from [unknownkwita] showing the rooting process.

Continue reading “1-Click Android Rooting” →