We left our little studio in the Kootenays last July to travel throughout Europe, traveling to discover about new media, spiritual centers, art, design and open source initiative. I decided to go really minimal on the computer gear stuff, so I only packed my Kindle, a camera, an android phone and of course my Raspberry Pi!
The Raspberry pi, although a beautiful project and quite an electronic feat, it can be a bit limiting as a main production machine, but I convinced myself I could use it as my main traveling computer.
Although I ended up buying a laptop while traveling, all that dreaming and tinkering ended up working nicely, creating a really portable development platform. At the least it has become a proof of concept that could be used for other similar projects. So here is how you can create your very own KindleBerry Pi!
First we want to be able to use UsbNetworking when connecting Kindle. When the Kindle is on usbNetworking, it assign the ip 192.168.2.2 to its USB port. Whe then need the Raspberry Pi to assign its USB port the IP 192.168.2.1 and that has to be automatic. To do so, the first step is to add to your /etc/network/interfaces :
Now we need the Raspberry Pi to 1) make sure one user login automatically and 2) have a screen multiuser session started at boot time. We will be using the same user for the login at boot time and login with the Kindle.
You probably can work some simple passwordless ssh with authentication key, to save some time and add some cute scripting to simplyfi the whole connection process, but once you are connected you can then start using the Raspberry Pi keyboard. There is actually a lot of improvement that could be done with this hack, so feel free to send your ideas!
Hum, I am not sure what OS the sony e-reader uses. Does it have a wireless connectivity to the network ? Do you have some sort of shell or terminal emulator on the device ? If so you could start by trying to ssh to the raspberry pi, that would be a good first step.
Sony PRS-T1 e-reader has a modified Android 2.2which I have rooted of course, therefore I have the market and also f-droid installed, form the last one I installed a terminal emulator, which works good.
I forgot to mention that the reader has a wi-fi connection, but it automatically disconnects after a couple minutes and the raspberry has no wifi connection, so I would like to use the usb connection to keep the connection (and battery) up.
Do you think that using some usb tethering or reverse tethering application would do the job?
In this case, almost every android device would be suitable for this task allowing a really convenient way to get a monitor for the raspberry devices (maybe with vnc, too)
The other actual possibility is connecting a B&N touch to a powered USB hub and to a keyboard. But touch is android-powered, and it uses the keyboard on this hack in a USB Host mode, so it is fairly unstable and maybe even proner to bricking or other failures (battery drainage beyong recharge, I have readed).
Thanks! Yes a battery for the Raspberry Pi is good. I had one to complete the setup, but since the voltage could be hard to balance (I had a hard time powering the USB network and the keyboard at the same time for some reason) I mostly experiment with the Raspberry Pi connected. You will just need to have the right amps coming out of the battery, but I am sure that over the Rpi site you can find plenty of info about user testing battery!
For my own usage, and I do a lot of journaling, it was a nice text editor. For actualy vim hacking, well since you only have about 16 colors it was a bit limiting, but still usable for css and php. But for email, irc, bboard and other shell usage it was great!
I restarted the pi and got the message when booting that he did find the Kindle etc. When the kindle boots the screen of the Kindle is switching permanently from the usb network screen to the home screen.
For the actual dashboard all files are in the bin folder, where there is a shell script, start.sh, that will run the pythonscript, put the system into a deep sleep and repeat once it wakes up. Note that this script will run forever and the kindleneeds to be restarted to kill it. While this is fine for a dashboard, for debugging/testing this is a little annoying,therefore a script start_once.sh is included, which will run the script once and stop.
With these scripts in place everything is set up to start working on the Python code that will grab some data and display it on the screen. However, that will be discussed in the next post, for now you look at the picture below thatshows KUAL with our own freshly created buttons, that will soon run some Python code to do our bidding.
While not without issues, it was possible to jailbreak the Kindle Paperwhite 3, install Python and run custom code onit. This means everything is ready to start hacking together a few scripts to actually turn the kindle into a dashboard.Stay tuned as this will come up in the next post.
The week starts with yet another security breach. At the DefCon Black Hat security conference in Los Vegas on Saturday, the hacker known as Sick Codes presented a new jailbreak that allows him to take control of several models of John Deere tractors via their touchscreen terminals.
This case demonstrates how vulnerabilities in device software can lead to fundamental security risks. If software is not continuously updated, as it should be, this poses real dangers not only to device functionality but also to people. The current hack not only has negative consequences for John Deere's interests and trustworthiness, but also has the potential to put the agricultural industry, and therefore the food supply chain, at risk.
In this blog post, we explain what has allegedly happened, how it affects equipment maker Deere & Company and other manufacturers, and present ideas on how to mitigate the risk and avoid such exploits in the future.
To achieve this, he managed to bypass the dealer authentication and start a reboot check to restore the device. In this way, the terminal behaved as if it were being used by a certified merchant account, which greatly expanded the hacker's rights and privileges. But that's not the end of the story. Through the log history of the device, he was able to dig even deeper and discovered another potential timing attack. Part of the reason this attack was possible is that some John Deere terminals, including the 2630 and 4240 models, run unpatched Linux and unsupported Windows CE systems that are outdated and vulnerable to existing exploits.
He also soldered a custom controller directly onto the board to bypass the system's protection mechanisms. He impressively demonstrated that John Deere's devices are not protected from internal and external threats.
Turns out it was not necessary to dive deep into the massive software portal. He discovered the first issue already when logging in. But that was not anywhere near the end of it. In his research, he discovered some serious security vulnerabilities that allowed hackers to find out sensitive data about John Deere's customers based on their VIN numbers: Owner, location of operation, age and duration of subscription.
Since John Deere apparently provides the infrastructure for over-the-air updates, outdated software components could have been avoided in the first place. This would prevent unauthorized access and keep the device's functionality. The reliable provision of security updates for modern high-tech devices, even if they are used in rural areas, is extremely important. They are not optional if companies want to successfully position products on the market in the long term.
It is difficult to overestimate the relevance of security updates for all companies in the context of industrial IoT, not just for those in the agricultural machinery market. Modern digital embedded products need to be regularly updated with the latest security patches, feature upgrades and additional business services. Today, software updates are the essential part of competitive solutions, without them products are becoming outdated the moment they are released.
At emteria, we are well aware of the security risks and high demand that solution manufacturers face today. That's why we provide a reliable cloud-backed over-the-air infrastructure to keep embedded devices running Android secure and up to date. We are currently preparing the release of Android 12, but we also care about keeping existing products up to date. For example, we are helping our customers to apply security patches for their eight-year-old software stacks to ensure that not only new but also customers' previous investments are protected and up-to-date. We envision that modern software development and update rollout processes in the IIoT environment will look like this everywhere in the future.
Let's summarize: Sick Codes has impressively demonstrated a jailbreak of John Deere tractors. He was able to bypass John Deere's authentication and gained access to the underlying software of the tractor terminal.
The hack demonstrates that agricultural products may open the door for external threads by relying on older versions of operating systems and lacking proper over-the-air firmware updates. Because creating and distributing software updates will gain even more important for competitive solutions, enterprises in many sectors need to invest in a reliable over-the-air infrastructure to prevent hacks and malfunctions in mission-critical devices.
emteria solves the challenge of customizing and maintaining Android OS for off-the-shelf hardware and industrial platforms. Our users operate and update thousands of devices running a modern Android operating system on one management platform.
Hey guys!
Back in the days when zeepro was still a company to deal with, they offered to jailbreak your ZIM. It was just a process of registering your ZIM with its serial number and giving up the guarantees of the device.
I had a few issues in the beginning that could be solved with pierres help so I thought it might not be a good idea to give up my guarantee and support.
But now, I gained some experience in 3D Printing and regarding the fact that I most likely will never ever get any information about my last issue from Zeepros support, I wonder if it was still possible to jailbreak the device.
(I have already tried the way that Zeepro offered, but since the server is down, this wont work)