Hack Nintendo's Alarm Clock To Show Cat Pics? Let's-a-go!
A hacker who uses the handle GaryOderNichts has found a way to break into Nintendo's recently launched Alarmo clock, and run code on the device.
Nintendo bills Alarmo as a way to "make waking up fun" – a tall order. The clock looks like a cartoony take on a vintage, red round alarm clock, but with an interactive screen.
Alarmo plays sounds and music from Nintendo's signature games to rouse owners from their slumber – which honestly sounds like a whole new level of Hell. But apparently, a lot of people are willing to pay $99.99 to have Bowser's angry face staring at them if they don't leap out of bed.
Upon receiving his shiny, new device, Gary opened up the Alarmo – which required removing a single screw next to its USB-C port.
Gary was already aware of posts by graduate computer science researcher Naomi Smith, known as Spinda on X, who had already found Serial Wire Debug (SWD) pins on the device's board. Smith had also been poking the Alarmo for exploitable holes and wrote code to dump the embedded multimedia card (eMMC) – which contains an encrypted content folder with files for each of the video game themes, a system file, a factory file, and a file called 2ndloader.bin.
Using Spinda's findings, his own research, a Raspberry Pi connected to the SWD pins, and with assistance from the vulnerability researcher Mike Heskin (aka hexkyz), Gary found and exploited a vulnerability in the cryptographic processor's interface, then obtained the AES-128-CTR key used to encrypt and decrypt the Alarmo content files. Using the newfound visibility the key afforded, he was able to figure out the device's boot process and load firmware binaries over USB. This was how he created and ran his custom payload that displays a cat picture.
- Nintendo sues alleged Switch pirate pair for serious coin
- Fired Disney staffer accused of hacking menu to add profanity, wingdings, removes allergen info
- Cast a hex on ChatGPT to trick the AI into writing exploit code
- Brazen crims selling stolen credit cards on Meta's Threads
Gary has shared his testing USB payload (the cat picture), along with a project that allows anyone to brute-force the Alarmo's AES key. So we may be seeing some interesting Alarmo custom code being developed and deployed in the near future.
The Register sought comment from Nintendo to inquire whether the Super Mario shop maker is aware of the hack being used for other purposes. We didn't immediately receive a response, but will update this story if and when we do.
If you want to see the cat photo, here it is. We can't think of a better post-Halloween treat. ®
From Chip War To Cloud War: The Next Frontier In Global Tech Competition
The global chip war, characterized by intense competition among nations and corporations for supremacy in semiconductor ... Read more
The High Stakes Of Tech Regulation: Security Risks And Market Dynamics
The influence of tech giants in the global economy continues to grow, raising crucial questions about how to balance sec... Read more
The Tyranny Of Instagram Interiors: Why It's Time To Break Free From Algorithm-Driven Aesthetics
Instagram has become a dominant force in shaping interior design trends, offering a seemingly endless stream of inspirat... Read more
The Data Crunch In AI: Strategies For Sustainability
Exploring solutions to the imminent exhaustion of internet data for AI training.As the artificial intelligence (AI) indu... Read more
Google Abandons Four-Year Effort To Remove Cookies From Chrome Browser
After four years of dedicated effort, Google has decided to abandon its plan to remove third-party cookies from its Chro... Read more
LinkedIn Embraces AI And Gamification To Drive User Engagement And Revenue
In an effort to tackle slowing revenue growth and enhance user engagement, LinkedIn is turning to artificial intelligenc... Read more