Ok! I was able to dump the entire internal microsd without open my Kobo and without using an external microsd
I figured out that my Kobo wasn't connected even if wifi was up, so I changed rcS in order to wait for network and creating a reverse shell.
This is the code I've added at the end of rcS:
Quote:
(code=1;
while [ $code -ne 0 ]; do
usleep 10000000;
echo "# Hello world!" | nc 192.168.1.5 2223;
code=$?;
done;
nc 192.168.1.5 2223 -e /bin/sh
) &
|
...where 192.168.1.5 is my pc address where I run netcat like this:
When Kobo update is finished, you can turn off wifi and start the browser, so the network goes up and I can start send command from my computer (xz is for compression). Keep in mind that I'm using a GNU/Linux box
Quote:
|
nc -lp 2222 | xz > dump.img.xz
|
Then, on the previous nc instance (where I have my Kobo reverse shell) I launched:
Quote:
pkill nickel
mount -o ro,remount /mnt/onboard
mount -o ro,remount /
dd if=/dev/mmcblk0 bs=8M | nc 192.168.1.5 2222
mount -o rw,remount /
mount -o rw,remount /mnt/onboard
/usr/local/Kobo/nickel -platform kobo -skipFontLoad &
|
While dd is running, you can look your dump growing with:
It will take a while, about ~15 minutes. My dump.img.xz for Kobo Aura HD (almost new) is ~800 MB.
Possible improvements:
- Don't touch rcS, put code under update-wifi.sh (it requires starting network with some commands)
- Send compressed image, reducing network stress (xz -c maybe)