Google Home Mini Charcoal Chalk $19 @ Bunnings
Table of Content
A exploit could be needed to bypass the secure boot. What's left is to research vulnerabilities on the WiFi/BLE module of the device or to modify the firmware stored in the NAND Flash of the device. The hardware and software of the Google Home Mini is very close to what is embedded into Google Chromecast devices. Hence, it's interesting to have a look at what have been discovered against this product. Explore our range of smart lighting products and learn how easy it is to automate your lighting. When using Voice Match, keep in mind that a voice similar to yours, or a recording of your voice, could result in Google incorrectly recognising someone else as you.
Control your privacy on Google Assistant with your voice. Ask questions like “Where can I change my privacy settings? ” to get answers to the most common privacy and security questions. Turn on the lights, adjust the thermostat, or get an alert when there’s a person or package at your front door. Google Home on WearOS will be available as a preview as we continue to add controls and improvements.
The Kernel Image
So far i control the wifi lights in my house which is much faster and more convienient than opening the app on my phone or grabbing the remote in the kitchen. Just saying "Hey google, turn the kitchen lights on/off" has been worth it just for that. But in my use-case, by having multiple google home mini/nests across multiple rooms i can use my voice to control my lights, heaters in different rooms. And also there is a feature called broadcast that sends out a voice message to each device. I have two, other than music, the one in the kitchen gets the most use. I find it much easier to use the voice control to set a timer or change the song rather than picking up my phone when I'm busy cooking.
That's why, for this project, I chose to rely on nMigen. The very same HDL concepts do of course apply, but can be expressed with the syntax a convenience offered by Python. Everything is now finally ready on the hardware side. The Google Home Mini PCB + Interposer Board can be connected to the NandBug Main Board. The Interposer board, soldered on the Google Home Mini PCB, ready to be used.
Smart lighting
Of course, using 2.54mm connectors may cause signal integrity issues when dealing with high speed signals. However, looking at the Flash datasheet, it appears the maximum speed was not that fast, and I chose to take the risk. Receiving and transmitting data to and from the NAND Flash. This is done using the Synchronous FIFO mode of the FT2232H. In this mode, the FPGA and the FT2232H communicates by using a parallel bus synchronized by a 60Mhz clock. This allow for a reasonably fast data throughput.
I sadly realized the Google Home Mini was not booting anymore. I quickly understood how naive I was by reading the init.rc script from the Kernel initramfs. Both the cache and factory_store partitions are mounted with the noexec flag. Reading through the init.rc script of the initramfs, it appears these two partitions are YAFFS2 partitions.
Related Products
This bitstream will generate a FSM that's able to program pages. The pages addresses and data are received from the FT2232H using the Sync FIFO Mode. This bitstream will generate a FSM that's able to erase blocks. The addresses to erase are received from the FT2232H using the Sync FIFO Mode.
Overall, I'm quite happy with how NandBug is working. The NAND Flash dumping and programming features are reliable. This script will simply generate the Passthrough bitstream and upload it to the FPGA. Generate a list of blocks to erase and pages to program. This step can optionally be skipped if a LAST_DUMP file is provided. For unidirectional signals, this connection can be achieved directly.
Please note the Kernel version, sources, initramfs and init.rc file will be useful in the second part of this series of article. The Linux Kernel version and compilation timestamp can be extracted from strings present in the binary data. Here, the Linux Kernel command line contains the mtdparts configuration variable.
All the juicy technical data is likely protected by a NDA. One of the two MEMS microphone of the device. The acoustic hole is on the other side of the PCB. Shop online by December 20th for delivery by Christmas.
We have safe and secure options to help you Get It Home. Want a smarter home but not sure where to start?
A FT2232H. This component adds Hi-Speed USB connectivity to the board. The general idea is in fact to make the NAND Flash of the Google Home in-system programmable. It may sound like an over engineered solution and it maybe is. But, hey, I'm doing this project for fun anyway. It's the most direct way of achieving code execution on the platform.
To help with the soldering process, I ordered a stencil at the same time with the Interposer PCB. The holes of the stencil are matching the NAND Flash footprint. This is done with a soldering iron equipped with a flat tip, a small piece of desoldering braid and a lot of soldering flux. First things first, the NAND Flash must be desoldered from the Google Home PCB. This has been done with a cheap hot air reworking station.
However, for the bidirectional signals of the data bus, some arbitration is needed. In this mode, the FPGA will directly connect all the NAND Flash signals between the Google Home circuit and the NAND Flash. Here again, the FPGA is directly clocked by the 60MHz signal generated by the FT2232H when it's used in this mode.
It's simply breaking out the NAND Flash signals to traditional 2.54mm pitch connectors. Sending various configuration bitstreams to the FPGA. This is done by using the SPI protocol and a couple of additional GPIOs.
Comments
Post a Comment