Using an open system to develop a closed device is nothing new, and it is working. We can therefore hardly call Barnes&Noble innovators for basing their Nook e-book reader on the Android operating system. In another community, opening closed devices (and especially those that run on an open system) is also a well-known sport, and Apple’s jailbreakers are among the most active.
So, Nook has been rooted, and some clever guys have hacked it to basically turn it into a Web-browing, Facebooking, and Twittering machine. Apparently, some things, like Google Maps, don’t work, because some libraries are missing (in other words, it will take a it longer to put them in).
Two things drew my attention to that attack, though, and both of them are related to the design of the Nook offer.
First, the Nook comes with a free lifetime 3G connection, which allows users to download e-books over-the-air through the AT&T network (US only). This is nice, but the hack could offer Nook owners unlimited 3G for life. Of course ,this is unrealistic, as B&N and AT&T will find a way to make this impossible (until the next hack). However, it definitely raises the stakes about the hack, especially if it can be made accessible to many users.
Then, the Nook makes things quite easy for hardware hackers. The system is stored on a MicroSD card. Apparently, the card can’t be swapped for a larger one (too easy), but still, some things can be added to it (this is the base of the hack). Depending on what can exactly be changed on that card, we are going to see really interesting uses of the Nook. And for once, we won’t need to solder anything to have full access to the system. Nice.
I have taken a short look at the hackers’s site, and there isn’t much information about hacks at the Android level, and I am still wondering how much integrity checks that device includes. The current rooting process simply consists in enabling remote debugging of the device. Most likely, this feature could be removed from the MicroSD, but the next question would then become: Can we put it back in? That’s where integrity checks kick in, and the mechanism that performs these is better off if it sits outside of the SD itself.
One last point that I love in the hack, where the security dog bites its master. The command line recommended to disable automatic B&N updates is as follows:
mv /system/etc/security/otacerts.zip /system/etc/security/otacerts.zip.bak
Sure looks like somebody is hiding the OTA certificates used to authenticate the update site.
I will stop for now, but there are barrels of fun to come from this hack in the future.
No Comments