Hack Nintendo's Alarm Clock To Show Cat Pics? Let's-a-go!

A hacker who uses the handle GaryOderNichts has found a way to break into Nintendo's recently launched Alarmo clock, and run code on the device.

Nintendo bills Alarmo as a way to "make waking up fun" – a tall order. The clock looks like a cartoony take on a vintage, red round alarm clock, but with an interactive screen.

Alarmo plays sounds and music from Nintendo's signature games to rouse owners from their slumber – which honestly sounds like a whole new level of Hell. But apparently, a lot of people are willing to pay $99.99 to have Bowser's angry face staring at them if they don't leap out of bed.

Upon receiving his shiny, new device, Gary opened up the Alarmo – which required removing a single screw next to its USB-C port.

Gary was already aware of posts by graduate computer science researcher Naomi Smith, known as Spinda on X, who had already found Serial Wire Debug (SWD) pins on the device's board. Smith had also been poking the Alarmo for exploitable holes and wrote code to dump the embedded multimedia card (eMMC) – which contains an encrypted content folder with files for each of the video game themes, a system file, a factory file, and a file called 2ndloader.bin.

Using Spinda's findings, his own research, a Raspberry Pi connected to the SWD pins, and with assistance from the vulnerability researcher Mike Heskin (aka hexkyz), Gary found and exploited a vulnerability in the cryptographic processor's interface, then obtained the AES-128-CTR key used to encrypt and decrypt the Alarmo content files. Using the newfound visibility the key afforded, he was able to figure out the device's boot process and load firmware binaries over USB. This was how he created and ran his custom payload that displays a cat picture.

Gary has shared his testing USB payload (the cat picture), along with a project that allows anyone to brute-force the Alarmo's AES key. So we may be seeing some interesting Alarmo custom code being developed and deployed in the near future.

The Register sought comment from Nintendo to inquire whether the Super Mario shop maker is aware of the hack being used for other purposes. We didn't immediately receive a response, but will update this story if and when we do.

If you want to see the cat photo, here it is. We can't think of a better post-Halloween treat. ®

RECENT NEWS

From Chip War To Cloud War: The Next Frontier In Global Tech Competition

The global chip war, characterized by intense competition among nations and corporations for supremacy in semiconductor ... Read more

The High Stakes Of Tech Regulation: Security Risks And Market Dynamics

The influence of tech giants in the global economy continues to grow, raising crucial questions about how to balance sec... Read more

The Tyranny Of Instagram Interiors: Why It's Time To Break Free From Algorithm-Driven Aesthetics

Instagram has become a dominant force in shaping interior design trends, offering a seemingly endless stream of inspirat... Read more

The Data Crunch In AI: Strategies For Sustainability

Exploring solutions to the imminent exhaustion of internet data for AI training.As the artificial intelligence (AI) indu... Read more

Google Abandons Four-Year Effort To Remove Cookies From Chrome Browser

After four years of dedicated effort, Google has decided to abandon its plan to remove third-party cookies from its Chro... Read more

LinkedIn Embraces AI And Gamification To Drive User Engagement And Revenue

In an effort to tackle slowing revenue growth and enhance user engagement, LinkedIn is turning to artificial intelligenc... Read more