- #SPOTIFY CARTHING UPDATE#
- #SPOTIFY CARTHING CODE#
- #SPOTIFY CARTHING PASSWORD#
- #SPOTIFY CARTHING PC#
Sudo update bulkcmd 'setenv initargs $ ro root=/dev/mmcblk0p15' Sudo update bulkcmd 'setenv initargs init=/sbin/pre-init' Once we had UART console, we continued about, and crafted a method to enable a root shell over UART: We were able to upload a signed BL2, and then from there, upload a signed B元3, which kicked us into Amlogic’s Burn Mode.įrom here we were able to execute U-Boot shell commands via Amlogic’s update command, and the bulkcmd feature it houses.Īt this point, it became clear UART would aid our efforts, and with some simple voltage sniffing and an educated guess, we discerned the UART has the following pin-out:įor our development case, we wanted more persistent access to the UART pins, so we removed the sticker on the rear of the device, dissasembled, removed the rear heat-shield, and then filed out part of the case, as shown below We discovered shortly into research, that holding buttons 1 & 4 on boot put the deivce into Amlogic’s USB mode, where you can upload BL2 images! Sweet.
#SPOTIFY CARTHING CODE#
To start, U-boot and Linux kernel source code for this device is public but advertised nowhere by Spotify. When the device was discounted, I (Nolen) picked up a few units for security research, and messaged Fred shortly after starting to ask about collaborating on it - and comically he had independently already started. It is unfortunately very underpowered, with a lower-end Amlogic chip, the S905D2, paired with 500 MB of RAM - ouch. This device was designed to be a simple music selection device that mounts to your car dashboard or air-vents. When the Car Thing launched, it largely flew under most people’s radar, and comically it wasn’t until Spotify deeply discounted it in late 2022, to $29.99 that it caught our eyes. Note: There is a script that is intended to be run from a UART shell included in scripts that will enable persistent ADB, but is not reccomended, as it will remove the abillity to OTA update. Usb 1-2: New USB device strings: Mfr=1, Product=2, SerialNumber=3 Usb 1-2: New USB device found, idVendor=18d1, idProduct=4e40, bcdDevice= 2.23 Usb 1-2: new high-speed USB device number 18 using xhci_hcd The host should see a new USB device connection in dmesg like this one:
#SPOTIFY CARTHING PC#
Hold buttons 1 & 4 on the case, and plug the Car Thing into your PC via USB.
Clone/Download this repo locally, and change your shell’s directory to it & ensure you libusb-dev installed. Guide : U-Boot shell over USB ( USB burning mode) /scripts/: scripts used to simplify interactions with the devices. /initrd/: files to customize the initrd image. /images/: prebuilt images to upload via USB. update: Client for the USB Burning protocol implemented in Amlogic bootloaders. Theoretically, if you have a good eMMC dump, the U-Boot shell should allow you to restore the partitions. Yes! Perfectly normal and usable, this just enables root access and ADB.Ĭan I go back to stock after installing custom OS’s or messing up the stock image?. But if you disable dm-verity and modify on-device partitions, OTA updates will fail, though given this device is EOL, we don’t expect further OTA updates. If you don’t perform any persistent change, probably yes. A PC running some flavor of 64-bit GNU Linuxĭoes this process void my warranty on this device?. #SPOTIFY CARTHING PASSWORD#
A Car Thing (superbird) without USB password. You are solely responsible for any damage caused to your hardware/software/keys/DRM licences/warranty/data/cat/etc… Requirements Note: this method has been tested on the factory firmware (device never used/updated : App Version 0.24.107 - OS Version 6.3.29), but should work on all firmware versions released as of this article’s writing. The offer is available "while supplies last" or until August 7th - whichever befalls first.Spotify Car Thing (superbird) resources to access U-Boot shell over USB. The reasons behind this decision were cited to be “several factors, including product demand and supply chain issues.” This obviously means that stocks are now limited, and Spotify has made this clear in its promo email. $45 is probably the lowest the Car Thing will ever sell for since Spotify has discontinued manufacturing, merely months after making it widely available in the US, following a long period of lottery-like sales through a waitlist system. To avail of it, you'll have to use the coupon code "EXTRA10" when checking out from the official online store for the accessory. We say "further" because the price has already been dropped from $90 to $50, meaning another 10% off will bring it down to $45 - that's a very compelling 50% discount all in all. A promo email sent out to Spotify users in the US announces the start of a "Summer Sale" for the Car Thing that slashes its price down further by 10%.
0 kommentar(er)
