This article is part of an extended series on Kobo development and investigation
Apparently I have to make this more obvious:
- Take a backup of your Kobo's SD card before doing anything. If something doesn't work, you can't fix your Kobo without this backup. I will not send you a backup.
- Any device hacking is risky. If you can't afford to break your device, leave now.
The Kobo Wifi has this handy 802.11 radio that it really only uses for online shopping. Not only is it calling out to be used for RSS feeds and web browsing, but it is also a really handy tool for developing on the device without having to crack it and solder serial port headers onto the board.
We can gain telnet and ftp access to the device quite trivially; see the pre-made KoboRoot.tgz patch linked to below for the really easy way. (WARNING: The premade patch is for an older Kobo Wifi firmware. See the comments for instructions and newer version info).
If you want to roll your own patch or you're using a different firmware revision, there isn't much to do. The Kobo already has busybox's telnetd, ftpd and inetd on it. All that's necessary is to:
- Edit /etc/inittab and add the lines:
::sysinit:/etc/init.d/rcS2 ::respawn:/usr/sbin/inetd -f /etc/inetd.conf.en
- Create /etc/init.d/rcS2 with the content:
#!/bin/sh mkdir -p /dev/pts mount -t devpts devpts /dev/pts /usr/sbin/inetd /etc/inetd.confand run
chmod a+x /etc/init.d/rcS2to flag it executable.
- create /etc/inetd.conf with the content:
# service_name sock_type proto flags user server_path args 21 stream tcp nowait root /bin/busybox ftpd -w -S / 23 stream tcp nowait root /bin/busybox telnetd -i
- tar our new /etc into KoboRoot.tgz
(Edited for safer method suggested by tjm)
KoboRoot.tgz may then be used to update the device's operating system by putting it in the
.kobo directory on the user-accessible flash.
Because it's not designed to be accessible from the outside world, the Kobo doesn't have any root password set. Telnet and FTP access as root will be offered with a blank password by default. You can change that once you telnet in if you like, by typing "passwd" at the root prompt. This won't affect the device's normal operations, only telnet/ftp access.
I created a canned
KoboRoot.tgz (for firmware 1.7 ONLY) with these changes to save you the hassle of making them yourself. It was made from the initscripts in firmware release 1.7.4; if you use it with any other firmware and it fails to boot you'll have to do a factory reset. Because there are no binaries in the patch, only a modified
/etc/init.d/rcS and a new
/etc/inetd.conf, you can easily verify that the code isn't malicious. It has two optional features you can uncomment in
/etc/init.d/rcS to (a) syslog to user flash for debugging, and (b) run a user-defined script from
.kobo/rc.sh every boot. Both are commented out so they do nothing unless you edit the script to enable them.
Unlike modifying the boot splash screen, this is a pretty safe change as it's completely erased by a factory reset of the device.