Difference between revisions of "OYO Hacking"

From Technologia Incognita
Jump to: navigation, search
(The easy way)
m (correct formatting error)
 
(19 intermediate revisions by 8 users not shown)
Line 1: Line 1:
 
{{Project
 
{{Project
 
|picture=Oyo-1.jpg
 
|picture=Oyo-1.jpg
|ProjectStatus=Active
+
|ProjectStatus=Finished
 
|ProjectNiche=Software
 
|ProjectNiche=Software
 
|ProjectPurpose=Fun
 
|ProjectPurpose=Fun
Line 36: Line 36:
 
Serial : 0000000000000000
 
Serial : 0000000000000000
 
</pre>
 
</pre>
 +
=== Memory ===
 +
* Ram: 128Mb
 +
* Storage: 2Gb
 +
* External: MicroSDHC
 +
=== Battery ===
 +
* Voltage: 3.7v
 +
* 1530mAh
 +
 +
=== Wireless ===
 +
* Mediatek WLAN MT5921
 +
* 2.4Ghz
  
 
== Files ==
 
== Files ==
Line 44: Line 55:
 
* QBookApp settings: /rwdata/settings/QBookApp.ini
 
* QBookApp settings: /rwdata/settings/QBookApp.ini
 
* Browser startup page: /usr/local/qisda/etc/index.html
 
* Browser startup page: /usr/local/qisda/etc/index.html
 +
* Ebook version (in Settings -> Device info): /mnt/etc/rootfs.rev
  
 
=== Installed Apps ===
 
=== Installed Apps ===
To run Qengineer (diagnostics): Kill linuxrc, then qbookapp, then run /qdutil/em/start /qdutil/em/QEngineer
+
To run Qengineer (diagnostics): Boot the device with USB connected and pressing the home and back buttons, or in console: kill linuxrc, then QBookApp, then run /qdutil/em/start /qdutil/em/QEngineer
 +
 
 +
== Getting root ==
  
== The easy way ==
+
=== The easy way ===
  
 
While messing around with serial and getting stuff working is a lot of fun, it's also quite cumbersome. So I have modified the firmware to make this process easier.
 
While messing around with serial and getting stuff working is a lot of fun, it's also quite cumbersome. So I have modified the firmware to make this process easier.
  
First, download the firmware from this wiki: [[File:Oyofw.tar.bz2]]
+
# Download the firmware from this wiki: [[File:Oyofw.tar.bz2]]
 
+
# Unpack the archive to the root of your microSD card.
Unpack the archive to the root of your microSD card.
+
# Install dropbear on your local machine. (Consult your distribution's documentation if you need help.)
 +
# Run the following commands:
 +
## <code>mkdir dropbear</code>
 +
##<code>dropbearkey -t dss -f dropbear/dropbear_dss_host_key && dropbearkey -t rsa -f dropbear/dropbear_rsa_host_key</code>
 +
# Copy the generated directory (<code>dropbear</code>) to the root of your microSD card.
  
Install dropbear on your local machine. (Consult your distribution's documentation if you need help.)
+
To install the new software, there are two methods. You can use either of the below, you '''should not''' do both. Make sure the battery is charged, otherwise the update might fail with a 'low battery' error.
  
Run the following command:
+
* Insert the microSD card, go to Settings -> Advanced setting -> Software update and click the checkmark when asked.
 
+
* Turn off your OYO and insert the microSD card. While holding the previous page and next page buttons, turn on your OYO. Keep holding these buttons until <code>Update OS</code> appears on your screen.
<code>dropbearkey -t dss -f dropbear_dss_host_key && dropbearkey -t rsa -f dropbear_rsa_host_key</code>
 
 
 
Copy the generated files (<code>dropbear_dss_host_key</code> and <code>dropbear_rsa_host_key</code>) to the root of your microSD card.
 
 
 
Turn off your OYO and insert the microSD card.
 
 
 
While holding the previous page and next page buttons, turn on your OYO. Keep holding these buttons until <code>Update OS</code> appears on your screen.
 
  
 
Wait until the OYO asks you to reboot the device.
 
Wait until the OYO asks you to reboot the device.
Line 81: Line 92:
 
Otherwise, anyone on the network will be able to SSH into your reader.
 
Otherwise, anyone on the network will be able to SSH into your reader.
  
=== Further steps ===
+
=== Serial Hardware mod ===
 +
You can solder a hardware serial port, checkout [http://ownyo.de ownyo.de] for the pinouts and locations.
 +
 
 +
You can then connect to serial via: <code>picocom -b 115200 /dev/ttyUSB0</code>
 +
 
 +
== OTA Updating ==
 +
 
 +
You will first have to have followed the steps above to put our firmware on your OYO. After you have done that, subsequent updates can be downloaded over Wi-Fi.
 +
 
 +
Make sure to delete the <code>qdutil</code> directory from your SD card before attempting to update OTA. The SD card seems to override the file that the reader downloads.
 +
 
 +
To do this, go to Settings -> Advanced settings -> Software update
 +
 
 +
A page on this wiki should pop up. If not, you have not followed the steps above correctly.
  
You will probably want to enable Dropbear always, not just when the MicroSD card is inserted at boot. To change this, copy the keys to a location directly on the device (use <code>/mnt/etc</code> instead of <code>/etc</code>!) and edit <code>/mnt/etc/inittab</code> to reflect the new location.
+
Read that page for further instructions, and enjoy.
  
 
== Getting root ==
 
== Getting root ==
Line 95: Line 119:
 
<code>sudo modprobe usbserial vendor=0x0525 product=0xa4a5</code>
 
<code>sudo modprobe usbserial vendor=0x0525 product=0xa4a5</code>
 
(Check with lsusb)
 
(Check with lsusb)
 +
 +
If the above fails (because usbserial is builtin and not loaded as a module), try the following:
 +
<code>echo 0525 a4a6 | sudo tee /sys/bus/usb-serial/drivers/generic/new_id</code>
 +
as suggested in the [https://www.kernel.org/doc/html/latest/usb/usb-serial.html#generic-serial-driver USB serial documentation].
 +
  
 
To get your OYO to behave like a serial device, grab a MicroSD card, create a file called <code>usbdebug</code> on it, put it into your OYO and reboot it while having it attached to your computer.
 
To get your OYO to behave like a serial device, grab a MicroSD card, create a file called <code>usbdebug</code> on it, put it into your OYO and reboot it while having it attached to your computer.
Line 104: Line 133:
 
<code>sudo picocom --b 115200 --f n --p on --d 8 /dev/ttyUSB0</code>
 
<code>sudo picocom --b 115200 --f n --p on --d 8 /dev/ttyUSB0</code>
  
If you get the following error: <code>FATAL: failed to config device /dev/ttyUSB0: Cannot set the device attributes: Invalid argument</code> Make sure you have the correct usb device id 0xa4a6 or 0xa4a6. And try reloading the usbserial module:
+
If you get the following error: <code>FATAL: failed to config device /dev/ttyUSB0: Cannot set the device attributes: Invalid argument</code> Make sure you have the correct usb device id 0xa4a6 or 0xa4a5. And try reloading the usbserial module:
 
* <code>rmmod usbserial</code>
 
* <code>rmmod usbserial</code>
 
* <code>sudo modprobe usbserial vendor=0x0525 product=0xa4a5</code> (or 0xa4a6)
 
* <code>sudo modprobe usbserial vendor=0x0525 product=0xa4a5</code> (or 0xa4a6)
Line 125: Line 154:
 
<code>cp /etc/passwd /mnt/etc/passwd</code>
 
<code>cp /etc/passwd /mnt/etc/passwd</code>
  
== Installing dropbear (SSH) ==
+
== Over The Air updates (OTA) ==
 +
 
 +
The OYO supports over the air updates, the mechanism it uses was reverse-engineered by faking the browser agent string on the update site of http://chapitreoyo.adaptive-navigation.com/update/
 +
 
 +
The 'magic' URL uses a call to http://www.example.com/QExec/QFWUpdate?file=XXXX.tar.bz2&md5=XXXX.txt
 +
 
 +
The file points to [[File:Oyofw.tar.bz2]] and the md5 to a file like [[File:Oyofw.md5sums.txt]]
 +
 
 +
That URL does not work in the 'normal' OYO browser, it redirects to http://www.iana.org/domains/example like on normal browsers.
 +
 
 +
Only when activated from the Advanced Settings > Software update it starts the OTA update.
 +
 
 +
Other operations: http://www.example.com/QExec/QClose/ and non-tested: QLocBrowser QWebView
  
 
== More information ==
 
== More information ==
Line 132: Line 173:
 
* Info/sources: [http://openinkpot.org/wiki/Device/Qisda-eBook OpenInkpot]
 
* Info/sources: [http://openinkpot.org/wiki/Device/Qisda-eBook OpenInkpot]
 
* oyohack wiki: [https://gitorious.org/oyo-hack/pages Gitorious]
 
* oyohack wiki: [https://gitorious.org/oyo-hack/pages Gitorious]
 +
* ArdaXi: [https://github.com/ArdaXi/oyo-hacking oyo-hacking github]
 +
* Photos of internals: [http://ownyo.de/ OwnYO] (and serial mod)

Latest revision as of 01:35, 26 January 2020

Projects
Oyo-1.jpg
Participants Arda Xi, The JinX
Skills
Status Finished
Niche Software
Purpose Fun

All information on modding/hacking the OYO E-reader

Hardware

CPU Info

Processor	: ARM926EJ-S rev 5 (v5l)
BogoMIPS	: 199.47
Features	: swp half fastmult edsp java 
CPU implementer	: 0x41
CPU architecture: 5TEJ
CPU variant	: 0x0
CPU part	: 0x926
CPU revision	: 5
Cache type	: write-back
Cache clean	: cp15 c7 ops
Cache lockdown	: format C
Cache format	: Harvard
I size		: 16384
I assoc		: 4
I line length	: 32
I sets		: 128
D size		: 16384
D assoc		: 4
D line length	: 32
D sets		: 128

Hardware	: SMDK2416
Revision	: 0000
Serial		: 0000000000000000

Memory

  • Ram: 128Mb
  • Storage: 2Gb
  • External: MicroSDHC

Battery

  • Voltage: 3.7v
  • 1530mAh

Wireless

  • Mediatek WLAN MT5921
  • 2.4Ghz

Files

To download

On the system

  • QBookApp settings: /rwdata/settings/QBookApp.ini
  • Browser startup page: /usr/local/qisda/etc/index.html
  • Ebook version (in Settings -> Device info): /mnt/etc/rootfs.rev

Installed Apps

To run Qengineer (diagnostics): Boot the device with USB connected and pressing the home and back buttons, or in console: kill linuxrc, then QBookApp, then run /qdutil/em/start /qdutil/em/QEngineer

Getting root

The easy way

While messing around with serial and getting stuff working is a lot of fun, it's also quite cumbersome. So I have modified the firmware to make this process easier.

  1. Download the firmware from this wiki: File:Oyofw.tar.bz2
  2. Unpack the archive to the root of your microSD card.
  3. Install dropbear on your local machine. (Consult your distribution's documentation if you need help.)
  4. Run the following commands:
    1. mkdir dropbear
    2. dropbearkey -t dss -f dropbear/dropbear_dss_host_key && dropbearkey -t rsa -f dropbear/dropbear_rsa_host_key
  5. Copy the generated directory (dropbear) to the root of your microSD card.

To install the new software, there are two methods. You can use either of the below, you should not do both. Make sure the battery is charged, otherwise the update might fail with a 'low battery' error.

  • Insert the microSD card, go to Settings -> Advanced setting -> Software update and click the checkmark when asked.
  • Turn off your OYO and insert the microSD card. While holding the previous page and next page buttons, turn on your OYO. Keep holding these buttons until Update OS appears on your screen.

Wait until the OYO asks you to reboot the device.

After the reboot, enable WLAN and note the IP.

You should now be able to SSH into your device, using the username root and the password SReader.

Warning: You should now set your root password to something secure using the following commands.

passwd
cp /etc/passwd /mnt/etc/passwd

Otherwise, anyone on the network will be able to SSH into your reader.

Serial Hardware mod

You can solder a hardware serial port, checkout ownyo.de for the pinouts and locations.

You can then connect to serial via: picocom -b 115200 /dev/ttyUSB0

OTA Updating

You will first have to have followed the steps above to put our firmware on your OYO. After you have done that, subsequent updates can be downloaded over Wi-Fi.

Make sure to delete the qdutil directory from your SD card before attempting to update OTA. The SD card seems to override the file that the reader downloads.

To do this, go to Settings -> Advanced settings -> Software update

A page on this wiki should pop up. If not, you have not followed the steps above correctly.

Read that page for further instructions, and enjoy.

Getting root

The Frank's wiki page above is quite useful, but a lot of data is outdated and/or unnecessary. The following is a simple guide to do whatever you like to your OYO.

First, you will want to run the following command to get your kernel to accept the OYO as a serial device.

sudo modprobe usbserial vendor=0x0525 product=0xa4a6 or sudo modprobe usbserial vendor=0x0525 product=0xa4a5 (Check with lsusb)

If the above fails (because usbserial is builtin and not loaded as a module), try the following: echo 0525 a4a6 | sudo tee /sys/bus/usb-serial/drivers/generic/new_id as suggested in the USB serial documentation.


To get your OYO to behave like a serial device, grab a MicroSD card, create a file called usbdebug on it, put it into your OYO and reboot it while having it attached to your computer.

touch usbdebug

After the OYO has booted, you will want to open a serial connection to it.

sudo picocom --b 115200 --f n --p on --d 8 /dev/ttyUSB0

If you get the following error: FATAL: failed to config device /dev/ttyUSB0: Cannot set the device attributes: Invalid argument Make sure you have the correct usb device id 0xa4a6 or 0xa4a5. And try reloading the usbserial module:

  • rmmod usbserial
  • sudo modprobe usbserial vendor=0x0525 product=0xa4a5 (or 0xa4a6)

If you get garbage, you can try the following:

  • Keep pressing enter until you get a prompt like this.
  • do a sudo killall -9 picocom, and a sudo cat /dev/ttyUSB0 and press cltr-c. And start over with picocom. You might need to reload the usbserial module here.
  • If this doesn't help, try rebooting your machine or a different machine, this 'feature' is flaky, it's why you want an sshd.

Samsung login:

You can then login, using the login root and the password SReader.

At this point, I suggest changing the root password.

passwd

Because the device copies the content of /mnt/etc to /etc an extra step is required.

cp /etc/passwd /mnt/etc/passwd

Over The Air updates (OTA)

The OYO supports over the air updates, the mechanism it uses was reverse-engineered by faking the browser agent string on the update site of http://chapitreoyo.adaptive-navigation.com/update/

The 'magic' URL uses a call to http://www.example.com/QExec/QFWUpdate?file=XXXX.tar.bz2&md5=XXXX.txt

The file points to File:Oyofw.tar.bz2 and the md5 to a file like File:Oyofw.md5sums.txt

That URL does not work in the 'normal' OYO browser, it redirects to http://www.iana.org/domains/example like on normal browsers.

Only when activated from the Advanced Settings > Software update it starts the OTA update.

Other operations: http://www.example.com/QExec/QClose/ and non-tested: QLocBrowser QWebView

More information