Difference between revisions of "OYO Hacking"
(→The easy way) |
Coffeeholic (talk | contribs) m (correct formatting error) |
||
(19 intermediate revisions by 8 users not shown) | |||
Line 1: | Line 1: | ||
{{Project | {{Project | ||
|picture=Oyo-1.jpg | |picture=Oyo-1.jpg | ||
− | |ProjectStatus= | + | |ProjectStatus=Finished |
|ProjectNiche=Software | |ProjectNiche=Software | ||
|ProjectPurpose=Fun | |ProjectPurpose=Fun | ||
Line 36: | Line 36: | ||
Serial : 0000000000000000 | Serial : 0000000000000000 | ||
</pre> | </pre> | ||
+ | === Memory === | ||
+ | * Ram: 128Mb | ||
+ | * Storage: 2Gb | ||
+ | * External: MicroSDHC | ||
+ | === Battery === | ||
+ | * Voltage: 3.7v | ||
+ | * 1530mAh | ||
+ | |||
+ | === Wireless === | ||
+ | * Mediatek WLAN MT5921 | ||
+ | * 2.4Ghz | ||
== Files == | == Files == | ||
Line 44: | Line 55: | ||
* QBookApp settings: /rwdata/settings/QBookApp.ini | * QBookApp settings: /rwdata/settings/QBookApp.ini | ||
* Browser startup page: /usr/local/qisda/etc/index.html | * Browser startup page: /usr/local/qisda/etc/index.html | ||
+ | * Ebook version (in Settings -> Device info): /mnt/etc/rootfs.rev | ||
=== Installed Apps === | === Installed Apps === | ||
− | To run Qengineer (diagnostics): | + | To run Qengineer (diagnostics): Boot the device with USB connected and pressing the home and back buttons, or in console: kill linuxrc, then QBookApp, then run /qdutil/em/start /qdutil/em/QEngineer |
+ | |||
+ | == Getting root == | ||
− | == The easy way == | + | === The easy way === |
While messing around with serial and getting stuff working is a lot of fun, it's also quite cumbersome. So I have modified the firmware to make this process easier. | While messing around with serial and getting stuff working is a lot of fun, it's also quite cumbersome. So I have modified the firmware to make this process easier. | ||
− | + | # Download the firmware from this wiki: [[File:Oyofw.tar.bz2]] | |
− | + | # Unpack the archive to the root of your microSD card. | |
− | Unpack the archive to the root of your microSD card. | + | # Install dropbear on your local machine. (Consult your distribution's documentation if you need help.) |
+ | # Run the following commands: | ||
+ | ## <code>mkdir dropbear</code> | ||
+ | ##<code>dropbearkey -t dss -f dropbear/dropbear_dss_host_key && dropbearkey -t rsa -f dropbear/dropbear_rsa_host_key</code> | ||
+ | # Copy the generated directory (<code>dropbear</code>) to the root of your microSD card. | ||
− | + | To install the new software, there are two methods. You can use either of the below, you '''should not''' do both. Make sure the battery is charged, otherwise the update might fail with a 'low battery' error. | |
− | + | * Insert the microSD card, go to Settings -> Advanced setting -> Software update and click the checkmark when asked. | |
− | + | * Turn off your OYO and insert the microSD card. While holding the previous page and next page buttons, turn on your OYO. Keep holding these buttons until <code>Update OS</code> appears on your screen. | |
− | |||
− | |||
− | |||
− | |||
− | Turn off your OYO and insert the microSD card. | ||
− | |||
− | While holding the previous page and next page buttons, turn on your OYO. Keep holding these buttons until <code>Update OS</code> appears on your screen. | ||
Wait until the OYO asks you to reboot the device. | Wait until the OYO asks you to reboot the device. | ||
Line 81: | Line 92: | ||
Otherwise, anyone on the network will be able to SSH into your reader. | Otherwise, anyone on the network will be able to SSH into your reader. | ||
− | === | + | === Serial Hardware mod === |
+ | You can solder a hardware serial port, checkout [http://ownyo.de ownyo.de] for the pinouts and locations. | ||
+ | |||
+ | You can then connect to serial via: <code>picocom -b 115200 /dev/ttyUSB0</code> | ||
+ | |||
+ | == OTA Updating == | ||
+ | |||
+ | You will first have to have followed the steps above to put our firmware on your OYO. After you have done that, subsequent updates can be downloaded over Wi-Fi. | ||
+ | |||
+ | Make sure to delete the <code>qdutil</code> directory from your SD card before attempting to update OTA. The SD card seems to override the file that the reader downloads. | ||
+ | |||
+ | To do this, go to Settings -> Advanced settings -> Software update | ||
+ | |||
+ | A page on this wiki should pop up. If not, you have not followed the steps above correctly. | ||
− | + | Read that page for further instructions, and enjoy. | |
== Getting root == | == Getting root == | ||
Line 95: | Line 119: | ||
<code>sudo modprobe usbserial vendor=0x0525 product=0xa4a5</code> | <code>sudo modprobe usbserial vendor=0x0525 product=0xa4a5</code> | ||
(Check with lsusb) | (Check with lsusb) | ||
+ | |||
+ | If the above fails (because usbserial is builtin and not loaded as a module), try the following: | ||
+ | <code>echo 0525 a4a6 | sudo tee /sys/bus/usb-serial/drivers/generic/new_id</code> | ||
+ | as suggested in the [https://www.kernel.org/doc/html/latest/usb/usb-serial.html#generic-serial-driver USB serial documentation]. | ||
+ | |||
To get your OYO to behave like a serial device, grab a MicroSD card, create a file called <code>usbdebug</code> on it, put it into your OYO and reboot it while having it attached to your computer. | To get your OYO to behave like a serial device, grab a MicroSD card, create a file called <code>usbdebug</code> on it, put it into your OYO and reboot it while having it attached to your computer. | ||
Line 104: | Line 133: | ||
<code>sudo picocom --b 115200 --f n --p on --d 8 /dev/ttyUSB0</code> | <code>sudo picocom --b 115200 --f n --p on --d 8 /dev/ttyUSB0</code> | ||
− | If you get the following error: <code>FATAL: failed to config device /dev/ttyUSB0: Cannot set the device attributes: Invalid argument</code> Make sure you have the correct usb device id 0xa4a6 or | + | If you get the following error: <code>FATAL: failed to config device /dev/ttyUSB0: Cannot set the device attributes: Invalid argument</code> Make sure you have the correct usb device id 0xa4a6 or 0xa4a5. And try reloading the usbserial module: |
* <code>rmmod usbserial</code> | * <code>rmmod usbserial</code> | ||
* <code>sudo modprobe usbserial vendor=0x0525 product=0xa4a5</code> (or 0xa4a6) | * <code>sudo modprobe usbserial vendor=0x0525 product=0xa4a5</code> (or 0xa4a6) | ||
Line 125: | Line 154: | ||
<code>cp /etc/passwd /mnt/etc/passwd</code> | <code>cp /etc/passwd /mnt/etc/passwd</code> | ||
− | == | + | == Over The Air updates (OTA) == |
+ | |||
+ | The OYO supports over the air updates, the mechanism it uses was reverse-engineered by faking the browser agent string on the update site of http://chapitreoyo.adaptive-navigation.com/update/ | ||
+ | |||
+ | The 'magic' URL uses a call to http://www.example.com/QExec/QFWUpdate?file=XXXX.tar.bz2&md5=XXXX.txt | ||
+ | |||
+ | The file points to [[File:Oyofw.tar.bz2]] and the md5 to a file like [[File:Oyofw.md5sums.txt]] | ||
+ | |||
+ | That URL does not work in the 'normal' OYO browser, it redirects to http://www.iana.org/domains/example like on normal browsers. | ||
+ | |||
+ | Only when activated from the Advanced Settings > Software update it starts the OTA update. | ||
+ | |||
+ | Other operations: http://www.example.com/QExec/QClose/ and non-tested: QLocBrowser QWebView | ||
== More information == | == More information == | ||
Line 132: | Line 173: | ||
* Info/sources: [http://openinkpot.org/wiki/Device/Qisda-eBook OpenInkpot] | * Info/sources: [http://openinkpot.org/wiki/Device/Qisda-eBook OpenInkpot] | ||
* oyohack wiki: [https://gitorious.org/oyo-hack/pages Gitorious] | * oyohack wiki: [https://gitorious.org/oyo-hack/pages Gitorious] | ||
+ | * ArdaXi: [https://github.com/ArdaXi/oyo-hacking oyo-hacking github] | ||
+ | * Photos of internals: [http://ownyo.de/ OwnYO] (and serial mod) |
Latest revision as of 01:35, 26 January 2020
Projects | |
---|---|
Participants | Arda Xi, The JinX |
Skills | |
Status | Finished |
Niche | Software |
Purpose | Fun |
All information on modding/hacking the OYO E-reader
Contents
Hardware
CPU Info
Processor : ARM926EJ-S rev 5 (v5l) BogoMIPS : 199.47 Features : swp half fastmult edsp java CPU implementer : 0x41 CPU architecture: 5TEJ CPU variant : 0x0 CPU part : 0x926 CPU revision : 5 Cache type : write-back Cache clean : cp15 c7 ops Cache lockdown : format C Cache format : Harvard I size : 16384 I assoc : 4 I line length : 32 I sets : 128 D size : 16384 D assoc : 4 D line length : 32 D sets : 128 Hardware : SMDK2416 Revision : 0000 Serial : 0000000000000000
Memory
- Ram: 128Mb
- Storage: 2Gb
- External: MicroSDHC
Battery
- Voltage: 3.7v
- 1530mAh
Wireless
- Mediatek WLAN MT5921
- 2.4Ghz
Files
To download
- Firmware: File:Oyofw.tar.bz2
- Thalia Sources SG060B00_V009.tgz
On the system
- QBookApp settings: /rwdata/settings/QBookApp.ini
- Browser startup page: /usr/local/qisda/etc/index.html
- Ebook version (in Settings -> Device info): /mnt/etc/rootfs.rev
Installed Apps
To run Qengineer (diagnostics): Boot the device with USB connected and pressing the home and back buttons, or in console: kill linuxrc, then QBookApp, then run /qdutil/em/start /qdutil/em/QEngineer
Getting root
The easy way
While messing around with serial and getting stuff working is a lot of fun, it's also quite cumbersome. So I have modified the firmware to make this process easier.
- Download the firmware from this wiki: File:Oyofw.tar.bz2
- Unpack the archive to the root of your microSD card.
- Install dropbear on your local machine. (Consult your distribution's documentation if you need help.)
- Run the following commands:
-
mkdir dropbear
dropbearkey -t dss -f dropbear/dropbear_dss_host_key && dropbearkey -t rsa -f dropbear/dropbear_rsa_host_key
-
- Copy the generated directory (
dropbear
) to the root of your microSD card.
To install the new software, there are two methods. You can use either of the below, you should not do both. Make sure the battery is charged, otherwise the update might fail with a 'low battery' error.
- Insert the microSD card, go to Settings -> Advanced setting -> Software update and click the checkmark when asked.
- Turn off your OYO and insert the microSD card. While holding the previous page and next page buttons, turn on your OYO. Keep holding these buttons until
Update OS
appears on your screen.
Wait until the OYO asks you to reboot the device.
After the reboot, enable WLAN and note the IP.
You should now be able to SSH into your device, using the username root
and the password SReader
.
Warning: You should now set your root password to something secure using the following commands.
passwd
cp /etc/passwd /mnt/etc/passwd
Otherwise, anyone on the network will be able to SSH into your reader.
Serial Hardware mod
You can solder a hardware serial port, checkout ownyo.de for the pinouts and locations.
You can then connect to serial via: picocom -b 115200 /dev/ttyUSB0
OTA Updating
You will first have to have followed the steps above to put our firmware on your OYO. After you have done that, subsequent updates can be downloaded over Wi-Fi.
Make sure to delete the qdutil
directory from your SD card before attempting to update OTA. The SD card seems to override the file that the reader downloads.
To do this, go to Settings -> Advanced settings -> Software update
A page on this wiki should pop up. If not, you have not followed the steps above correctly.
Read that page for further instructions, and enjoy.
Getting root
The Frank's wiki page above is quite useful, but a lot of data is outdated and/or unnecessary. The following is a simple guide to do whatever you like to your OYO.
First, you will want to run the following command to get your kernel to accept the OYO as a serial device.
sudo modprobe usbserial vendor=0x0525 product=0xa4a6
or
sudo modprobe usbserial vendor=0x0525 product=0xa4a5
(Check with lsusb)
If the above fails (because usbserial is builtin and not loaded as a module), try the following:
echo 0525 a4a6 | sudo tee /sys/bus/usb-serial/drivers/generic/new_id
as suggested in the USB serial documentation.
To get your OYO to behave like a serial device, grab a MicroSD card, create a file called usbdebug
on it, put it into your OYO and reboot it while having it attached to your computer.
touch usbdebug
After the OYO has booted, you will want to open a serial connection to it.
sudo picocom --b 115200 --f n --p on --d 8 /dev/ttyUSB0
If you get the following error: FATAL: failed to config device /dev/ttyUSB0: Cannot set the device attributes: Invalid argument
Make sure you have the correct usb device id 0xa4a6 or 0xa4a5. And try reloading the usbserial module:
-
rmmod usbserial
-
sudo modprobe usbserial vendor=0x0525 product=0xa4a5
(or 0xa4a6)
If you get garbage, you can try the following:
- Keep pressing enter until you get a prompt like this.
- do a
sudo killall -9 picocom
, and asudo cat /dev/ttyUSB0
and press cltr-c. And start over with picocom. You might need to reload the usbserial module here. - If this doesn't help, try rebooting your machine or a different machine, this 'feature' is flaky, it's why you want an sshd.
Samsung login:
You can then login, using the login root
and the password SReader
.
At this point, I suggest changing the root password.
passwd
Because the device copies the content of /mnt/etc
to /etc
an extra step is required.
cp /etc/passwd /mnt/etc/passwd
Over The Air updates (OTA)
The OYO supports over the air updates, the mechanism it uses was reverse-engineered by faking the browser agent string on the update site of http://chapitreoyo.adaptive-navigation.com/update/
The 'magic' URL uses a call to http://www.example.com/QExec/QFWUpdate?file=XXXX.tar.bz2&md5=XXXX.txt
The file points to File:Oyofw.tar.bz2 and the md5 to a file like File:Oyofw.md5sums.txt
That URL does not work in the 'normal' OYO browser, it redirects to http://www.iana.org/domains/example like on normal browsers.
Only when activated from the Advanced Settings > Software update it starts the OTA update.
Other operations: http://www.example.com/QExec/QClose/ and non-tested: QLocBrowser QWebView
More information
- Links: Revspace wiki
- Shell access and more: Franks Wiki
- Info/sources: OpenInkpot
- oyohack wiki: Gitorious
- ArdaXi: oyo-hacking github
- Photos of internals: OwnYO (and serial mod)