[frederic] tells a story about his team Google Nest Hub Hack (2nd generation) — Running Ubuntu on it, bypassing Google's boot image signature check. Like many good hacks, this FCC website starts with pictures. Reverse-engineering a charger and USB daughterboard pin-out, he found a UART connection and broke it with a custom adapter. With a debug console and insight into the process, they moved on to hacking, piece by piece through hardware and software until it was perfect.
This story gives a lot of background and insight into the code that was being investigated, and the way the attack targets were chosen. Through fuzzing, he found a buffer overflow in the bootloader code that could be triggered with the help of a non-standard block size. These are hard-coded into USB flash drives, so they created a special firmware for the Pico Pico and, soon after, achieved code execution. Then, they joined the uboot functions and loaded Ubuntu, bypassing the boot image signature check.
It's an amazing document of a hacking journey, and an exciting read (pun intended) to boot. Looks like the bug has been patched for half a year now, so you probably can't flash your Google Nest to Ubuntu anymore. However, you may be able to Run Up-to-Date Linux on Your Amazon Echo,
we thank [Sven] to share it with us!
0 Comments