Jibo-Revival-Group/JiboAutoMod
8
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

init

Browse Source
This commit is contained in:
Kevin
2026-03-15 20:24:40 +02:00
commit d1ad48155e
8 changed files with 1911 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
99-jibo-rcm.rules Normal file
View File

@@ -0,0 +1,18 @@
# Jibo RCM Mode USB Rules
# This allows non-root users to access Jibo in RCM mode
#
# Installation:
# sudo cp 99-jibo-rcm.rules /etc/udev/rules.d/
# sudo udevadm control --reload-rules
# sudo udevadm trigger
#
# Then unplug and replug Jibo (or re-enter RCM mode)
# Nvidia APX (Tegra RCM mode) - Jibo uses 0955:7740
SUBSYSTEM=="usb", ATTR{idVendor}=="0955", ATTR{idProduct}=="7740", MODE="0666", GROUP="plugdev", TAG+="uaccess"
# Jetson TK1 RCM mode (just in case)
SUBSYSTEM=="usb", ATTR{idVendor}=="0955", ATTR{idProduct}=="7140", MODE="0666", GROUP="plugdev", TAG+="uaccess"
# Shield TK1 RCM mode (just in case)
SUBSYSTEM=="usb", ATTR{idVendor}=="0955", ATTR{idProduct}=="7f40", MODE="0666", GROUP="plugdev", TAG+="uaccess"

206
README.md Normal file
View File

@@ -0,0 +1,206 @@
# Jibo Auto-Mod Tool
**Automatically enable developer mode on Jibo robots**
This tool automates the process of modding a Jibo robot to enable SSH access and developer mode. It works on both **Linux** and **Windows**.
## ⚠️ Warning
**USE AT YOUR OWN RISK!** This tool modifies your Jibo's internal storage. While the process is generally safe:
- **Always keep backups** - the tool creates them automatically
- **Don't disconnect during write operations** - this could brick your Jibo
- **Calibration data is unique** - your backup contains data specific to YOUR Jibo
## Quick Start
### Linux
```bash
# Make the script executable
chmod +x jibo_automod.sh
# Run the tool
./jibo_automod.sh
```
### Windows
1. Install [Python 3.8+](https://www.python.org/downloads/) (check "Add to PATH")
2. Install [MSYS2](https://www.msys2.org/) for build tools
3. Double-click `jibo_automod.bat`
Or use WSL (Windows Subsystem for Linux) and follow Linux instructions.
## Requirements
### Linux
- Python 3.8+
- build-essential (gcc, make)
- libusb-1.0-dev
- arm-none-eabi-gcc (ARM toolchain)
- ~20GB free disk space
**Ubuntu/Debian:**
```bash
sudo apt update
sudo apt install build-essential libusb-1.0-0-dev git python3 \
gcc-arm-none-eabi libnewlib-arm-none-eabi
```
**Arch/CachyOS:**
```bash
sudo pacman -S --needed base-devel libusb git python \
arm-none-eabi-gcc arm-none-eabi-newlib
```
### Windows
- Python 3.8+
- MSYS2 with MinGW-w64 toolchain
- Zadig (for USB driver installation)
- ~20GB free disk space
## What Does It Do?
1. **Builds Shofel** - Compiles the exploit tool from source
2. **Dumps eMMC** - Reads the entire 15GB storage (~2-4 hours)
3. **Modifies Partition** - Changes `/var/jibo/mode.json` from "normal" to "int-developer"
4. **Writes Back** - Updates only the modified partition
5. **Verifies** - Reads back to confirm the write was successful
## Usage
### Full Automatic Mod
```bash
./jibo_automod.sh
```
### Just Dump (no modification)
```bash
./jibo_automod.sh --dump-only -o my_jibo_backup.bin
```
### Use Existing Dump
```bash
./jibo_automod.sh --dump-path /path/to/existing_dump.bin
```
### Write Pre-Modified Partition
```bash
./jibo_automod.sh --write-partition var_modified.bin --start-sector 0x7E9022
```
## Command Line Options
| Option | Description |
|--------|-------------|
| `--dump-only` | Only dump eMMC, don't modify |
| `--dump-path FILE` | Use existing dump instead of dumping |
| `--output, -o FILE` | Output file for dump |
| `--start-sector HEX` | Sector for write operation (default: 0x7E9022) |
| `--force-dump` | Re-dump even if file exists |
| `--rebuild-shofel` | Force rebuild of exploit tool |
| `--skip-detection` | Skip USB device detection |
| `--no-verify` | Skip write verification |
## Entering RCM Mode
To mod your Jibo, you need to put it in RCM (Recovery Mode):
1. **Locate the buttons:**
- RCM button: Small button under the base
- Reset/Power button: Standard power button
2. **Enter RCM:**
- Hold the RCM button
- Press the reset/power button
- Release both when you see a red LED (no boot animation)
3. **Verify:**
- On Linux: `lsusb` should show `NVIDIA Corp. APX`
- On Windows: Device Manager shows "APX" device
## After Modding
Once the tool completes successfully:
1. Unplug Jibo from USB
2. Hold power button until red LED goes off
3. Power on Jibo normally
4. Wait for boot - you should see a **checkmark** instead of the eye animation
5. SSH into Jibo:
```bash
ssh root@<jibo-ip-address>
# Password: jibo
```
## Troubleshooting
### "Jibo not found in RCM mode"
- Make sure you're holding RCM button while pressing reset
- Try a different USB cable (data cables, not charge-only)
- On Windows, install WinUSB driver using Zadig
### "Permission denied" on Linux
- Run with sudo: `sudo ./jibo_automod.sh`
- Or add udev rules for the Nvidia APX device
### Build fails
- Make sure ARM toolchain is installed
- On Arch: `pacman -S arm-none-eabi-gcc arm-none-eabi-newlib`
- On Ubuntu: `apt install gcc-arm-none-eabi libnewlib-arm-none-eabi`
### Dump crashes near 99%
- This is often OK - the last partition may be empty space
- Check if your dump file is ~14-15GB, that's probably complete
### SSH connection refused
- Make sure Jibo shows checkmark on boot
- Verify you're using the correct IP address
- Try `ssh -v` for debug output
## File Structure
```
JiboAutoMod/
├── jibo_automod.py # Main tool (Python)
├── jibo_automod.sh # Linux launcher
├── jibo_automod.bat # Windows launcher
├── README.md # This file
├── guide.md # Original manual guide
├── Shofel/ # Shofel exploit source
│ ├── Makefile
│ ├── shofel2_t124 # Built executable
│ └── ...
└── jibo_work/ # Working directory (created)
├── jibo_full_dump.bin
├── var_partition.bin
└── var_partition_backup.bin
```
## Technical Details
### Partition Layout
| # | Size | Purpose |
|---|------|---------|
| 1 | 1GB | System A |
| 2 | 1GB | System B |
| 3 | 50MB | Boot config |
| 4 | 2GB | Root filesystem |
| 5 | 500MB | /var (we modify this) |
| 6 | ~10GB | Data |
### Mode Values
- `"normal"` - Standard Jibo operation
- `"int-developer"` - Developer mode (SSH enabled, services disabled)
## Credits
- Shofel exploit based on fail0verflow's Fusee Gelée
- Katherine Temkin's research on Tegra vulnerabilities
- devsparx for the T124 port
- The Jibo preservation community
## License
This tool is provided as-is for educational and preservation purposes. See individual component licenses in the Shofel directory.

BIN
__pycache__/jibo_automod.cpython-313.pyc Normal file
View File

Binary file not shown.

268
guide.md Executable file
View File

@@ -0,0 +1,268 @@
- - -
Before starting ANY work , lets get you up to speed with the enviroment and what you will need ...
1. Some sort of linux device with at least 32Gb storage, that could be a : Spare laptop , Raspberry Pi , a PC etc...
> [!info]
> 1. for the sake of this guide we will be using my main computer running on CachyOS with the 6.19... kernel but you dont have to replicate my setup
> 2. This guide **requires** you have basic knowledge of the linux terminal
>[!Warning]
>I Throw around the word shofel , and i do mean the shofel version **SPECIFICALLY** in devsparx repo (using the improvements brach for now) i show later on how to clone it , if anything should change i will try my best to update this guide as fast as possible , but do note our build of shofel will be undergoing some updates!
> [!WARNING]
> # Please do inform yourself
> we are NOT liable for any damage caused to your device if you proceed with this guide , if you are not sure remotely on what youre doing i recommend either wait for the easier installation method , or find someone on the discord to guide you!!! (they arent liable for any damage either)
2. A micro usb cable ==**that you know is reliable**==
3. Like 4-5 Hours
4. A Jibo **(THAT IS SETUP TO YOUR NETWORK, AND YOU KNOW ITS IP)**
5. An the mindset of (everything will be fine!)
- - -
# Part 1 | Connecting your jibo
So first , go ahead and plug jibo in to your host device that you are going to dump the firmware into using your usb cable
Hold the RCM button and press the reset button (or the power button if yours is off), and you should see a red light at his face but he **wont boot normally**
![[Jibo RCM.jpg]]
in the terminal were gonna execute `lsusb` to check for `NVIDIA Corp. APX`
```shell
kevin  lsusb
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 002: ID 1532:023f Uhhh no
Bus 001 Device 003: ID 0a12:0001 Ltd Bluetooth Dongle (HCI mode why tho)
Bus 001 Device 004: ID 08bb:2902 cant see me :)
Bus 001 Device 005: ID 1bcf:08b8 nope not me, its the guy below
Bus 001 Device 007: ID 0955:7740 NVIDIA Corp. APX <<<<<< LOOK FOR THIS ENTRY!!!!
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 003 Device 002: ID 0644:800f TEAC Corp. US-144 yes i use a 144 deal with it
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 004 Device 002: ID 0951:1666 Kingston wanna be drive
kevin 
```
- - -
# Part 2 | Now before building shofel , get your packages ready
```bash
#for cachy / Arch users:
sudo pacman -S --needed base-devel libusb git python python-pip
#for Ubuntu / debian users:
sudo apt update
sudo apt install build-essential libusb-1.0-0-dev git python3 python3-pip
#for fedora its whatever that is (i chatgpt'd it)
sudo dnf groupinstall "Development Tools"
sudo dnf install libusb1-devel python3-pip
```
Now time to clone & build shofel!
change to your home directory and use `git` to clone the branch and then use `make` to build it!
```bash
cd ~
git clone -b improvements/IncreasedUSBReadWriteSpeed https://github.com/devsparx/ShofEL2-for-T124.git
cd ShofEL2-for-T124/
make
# if it exits with error code 1 dont be alarmed , if you have a shofel executable in your directory , it compiled fine :)
```
# Part 3 | Dumping your jibo!
Now , to get that full image (roughly about ==15Gb==)
we will run our newly build `shofel` using the `EMMC_READ` function , starting from 0 `0x0` to 30480896 `0x1D60000`
```bash
sudo ./shofel2_t124 EMMC_READ 0x0 0x1D60000 full_jibo_dump.bin
```
this may crash due to that im not sure how large exactly each jibos storage is (they should be the same from what i have seen in the community)
But if it crashes like 98.9% or 99.9% in then you have most of the image cloned so you should be good (we can repair it later , or you might not need to since the last partition is basically empty space!)
>[!Info]
>Techically you dont need a full dump , BUT! I havent confirmed enough yet that all jibos have the same stuff stored in the same sectors , but its good to to have a back up to calculate your own sectors **and to most importantly , read below :**
>[!WARNING]
>Make sure you make a backup of the filesystem ... this is basically YOUR jibo , and it also contains YOUR jibos calibration data that might not be able to get restored by someone else... so keep a backup of the `.bin` in case of an emergency
# Part 4 | Modifying the /var partition
Now that you have your image `.bin` ready and backed up its time to edit the /var partition!, thats Partition 5 at around 500mb
we can use `fdisk` to list the partitions in our bin
```bash
fdisk -l jibo_full_dump.bin`
```
```shell
kevin  fdisk -l jibo_full_dump.bin
GPT PMBR size mismatch (30777343 != 30777341) will be corrected by write.
The backup GPT table is corrupt, but the primary appears OK, so that will be used.
The backup GPT table is not on the end of the device.
Disk jibo_full_dump.bin: 14,68 GiB, 15757999104 bytes, 30777342 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: 00042021-0408-4601-9DCC-A8C51255994F
Device Start End Sectors Size Type
jibo_full_dump.bin1 34 2048033 2048000 1000M Microsoft basic data
jibo_full_dump.bin2 2048034 4096033 2048000 1000M Microsoft basic data
jibo_full_dump.bin3 4096034 4198433 102400 50M Microsoft basic data
jibo_full_dump.bin4 4198434 8294433 4096000 2G Microsoft basic data
jibo_full_dump.bin5 8294434 9318433 1024000 500M Mic<<< This is the one!
jibo_full_dump.bin6 9318434 30777310 21458877 10,2G Microsoft basic data
kevin 
```
now lets chop off the partition...
Look for the line ending in `p5` or labeled as the 5th partition. You need two numbers from that line: **Start** and **End**
> My Numbers:
> - **Start:** `8294434`
> - **End:** `9318433`
To tell the computer exactly how much data to "chop off," we need the total count of sectors
The formula is:
$$(End - Start) + 1 = Count$$
**My Math:**
$$(9318433 - 8294434) + 1 = 1,024,000$$
Write your result down,this is your **Count**. We will now extract the Partition
We use `dd` (Disk Destroyer... but here, it's the Disk Dumb joke... i couldnt think of something funny).
`skip` = Your **Start** sector.
`count` = Your calculated **Count**.
```Bash
dd if=jibo_full_dump.bin of=var_partition.bin skip=8294434 count=1024000
```
## Part 4.2 | Mounting as a loop device
Now lets make a "loop" device and mount the `var_partition.bin` to it!
```Bash
mkdir jibo_var
sudo mount -o loop var_partition.bin jibo_var/
```
you should see it appear as a mounted disk drive on your system!, now you have to navigate to `jibo_var/jibo/mode.json`
Open it with any text editor (like `vim` or `vscode` or notepad i dont care)
Find the line: `"mode": "normal"` (its legit the only line in there)
**Change it to:** `"mode": "int-developer"`
Save the file and exit
>[!IMPORTANT]
> **Unmount** the partition to save the changes to the `.bin` file!!!!
Now mode `int-developer` basically disables everything the robot runs (including firewall , so you can just ssh into it .. maybe in later guides you might be informed to change this value to something else , but currently its the simplest & easiest way to get root shell in the robot , and from there since you have root you can do everything you could by manually rewriting the entire dump)
Anyway you are free to mount the rest of the fs partitions to parouse the file system or if you want live editing , i will make a guide on how to connect to ftp...
but if you have legit reached this point you really should know by now how to setup ftp yourself :|
```Bash
sudo umount jibo_var
```
# Part 5 | Writing our modified var partition to jibo!
We are ready to put the modified chunk back into the robot. To do this, we must convert your **Start Sector** from a normal number (Decimal) to a computer number (Hexadecimal) because thats what shofel requires at this point of time.
### 1. The Conversion
Take your Start Sector (mine was `8294434`) and use an online converter or your Linux calculator to get the **Hex** value.
**My Hex was** `0x7E9022`
here is a quick calculator site i found on the web,
https://www.inchcalculator.com/decimal-to-hex-converter/
If you dont know hex you can validate your calculation by punching in my value and see if it returns the same hex as mine
### 2. The Flash
time to run the write command, this sends your modified `/var` partition directly to that specific starting point on Jibo's memory.
```shell
./shofel2_t124 EMMC_WRITE <Your HEX Sector> var_partition.bin
#my version example
#./shofel2_t124 EMMC_WRITE 0x7E9022 var_partition.bin
```
# Part 6 | Almost there!
Actually who am i tricking , you typed the write command , it hopefully succeeded so why are we not done?
well its done but i like to do a check myself to make sure its done correctly, SO
were gonna read back that part of memory:
```Bash
./shofel2_t124 EMMC_READ 0x7E9022 0xFA000 verify_var.bin
```
and were gonna compare their hashes If the two files are identical, the math was right.
```Bash
md5sum var_partition.bin verify_var.bin
```
**If the strings of letters/numbers match exactly WERE DONE!!!!
Go and unplug your jibo , and to be safe hold the power button until the red LED goes off
then power him on , and wait for it to boot normally
what we expect is to not start his eye but show a big check mark on his display, if thats the case , go ssh to jibos IP
```shell
ssh root@<jibos-ip>
password: jibo
```
And Boom , you are IN!

49
jibo_automod.bat Normal file
View File

@@ -0,0 +1,49 @@
@echo off
setlocal enabledelayedexpansion
echo.
echo ============================================================
echo JIBO AUTO-MOD TOOL - Windows Launcher
echo ============================================================
echo.
:: Check for Python
where python >nul 2>&1
if %errorlevel% neq 0 (
echo [ERROR] Python not found! Please install Python 3.8+ from:
echo https://www.python.org/downloads/
echo.
echo Make sure to check "Add Python to PATH" during installation.
pause
exit /b 1
)
:: Check Python version
for /f "tokens=2 delims= " %%a in ('python --version 2^>^&1') do set PYVER=%%a
echo [INFO] Found Python %PYVER%
:: Check if running as admin (recommended for USB access)
net session >nul 2>&1
if %errorlevel% neq 0 (
echo [WARNING] Not running as Administrator.
echo USB access may be limited. Consider right-clicking
echo and selecting "Run as administrator".
echo.
)
:: Change to script directory
cd /d "%~dp0"
:: Run the Python tool
echo [INFO] Starting Jibo Auto-Mod Tool...
echo.
python jibo_automod.py %*
if %errorlevel% neq 0 (
echo.
echo [ERROR] Tool exited with error code %errorlevel%
pause
)
endlocal

1182
jibo_automod.py Normal file
View File

File diff suppressed because it is too large Load Diff

61
jibo_automod.sh Executable file
View File

@@ -0,0 +1,61 @@
#!/bin/bash
# Jibo Auto-Mod Tool - Linux/macOS Launcher
# This script checks dependencies and runs the auto-mod tool
set -e
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
cd "$SCRIPT_DIR"
echo ""
echo "============================================================"
echo " JIBO AUTO-MOD TOOL - Linux Launcher"
echo "============================================================"
echo ""
# Check for Python 3
if ! command -v python3 &> /dev/null; then
echo "[ERROR] Python 3 not found!"
echo " Install with: sudo apt install python3"
exit 1
fi
PYVER=$(python3 --version)
echo "[INFO] Found $PYVER"
# Check if running as root
if [ "$EUID" -ne 0 ]; then
echo "[INFO] Not running as root. sudo will be used when needed."
# Check if we can sudo
if ! sudo -v &> /dev/null; then
echo "[WARNING] Cannot use sudo. USB operations may fail."
fi
fi
# Check for required tools
check_tool() {
if ! command -v "$1" &> /dev/null; then
echo "[WARNING] $1 not found. Install: $2"
return 1
fi
return 0
}
MISSING=0
check_tool "lsusb" "sudo apt install usbutils" || MISSING=1
check_tool "make" "sudo apt install build-essential" || MISSING=1
check_tool "gcc" "sudo apt install build-essential" || MISSING=1
check_tool "arm-none-eabi-gcc" "sudo apt install gcc-arm-none-eabi" || MISSING=1
if [ $MISSING -eq 1 ]; then
echo ""
echo "[WARNING] Some dependencies are missing. The tool will try to continue"
echo " but some features may not work."
echo ""
fi
# Run the tool
echo "[INFO] Starting Jibo Auto-Mod Tool..."
echo ""
python3 jibo_automod.py "$@"

127
windows_setup.bat Normal file
View File

@@ -0,0 +1,127 @@
@echo off
setlocal enabledelayedexpansion
echo.
echo ============================================================
echo JIBO AUTO-MOD - Windows Development Environment Setup
echo ============================================================
echo.
:: Check if running as admin
net session >nul 2>&1
if %errorlevel% neq 0 (
echo [WARNING] Not running as Administrator.
echo Some installations may require admin rights.
echo.
)
echo This script will help you set up the development environment
echo for building and running the Jibo Auto-Mod tool on Windows.
echo.
:: Check for Python
echo [1/4] Checking Python installation...
where python >nul 2>&1
if %errorlevel% neq 0 (
echo [ERROR] Python not found!
echo.
echo Please install Python 3.8+ from:
echo https://www.python.org/downloads/
echo.
echo IMPORTANT: Check "Add Python to PATH" during installation!
echo.
echo After installing Python, run this script again.
pause
exit /b 1
) else (
for /f "tokens=2 delims= " %%a in ('python --version 2^>^&1') do set PYVER=%%a
echo [OK] Python !PYVER! found
)
:: Check for MSYS2
echo.
echo [2/4] Checking MSYS2 installation...
if exist "C:\msys64\usr\bin\bash.exe" (
echo [OK] MSYS2 found at C:\msys64
set MSYS2_PATH=C:\msys64
) else if exist "C:\msys32\usr\bin\bash.exe" (
echo [OK] MSYS2 found at C:\msys32
set MSYS2_PATH=C:\msys32
) else (
echo [ERROR] MSYS2 not found!
echo.
echo Please install MSYS2 from:
echo https://www.msys2.org/
echo.
echo After installing:
echo 1. Open "MSYS2 MINGW64" from Start Menu
echo 2. Run: pacman -Syu
echo 3. Run this script again
pause
exit /b 1
)
:: Install MSYS2 packages
echo.
echo [3/4] Installing required packages via MSYS2...
echo.
echo This will install: gcc, make, libusb, arm-none-eabi-gcc
echo.
set MSYS2_BASH=%MSYS2_PATH%\usr\bin\bash.exe
:: Create a temporary script for MSYS2
set TEMP_SCRIPT=%TEMP%\jibo_setup.sh
echo #!/bin/bash > "%TEMP_SCRIPT%"
echo echo "Updating package database..." >> "%TEMP_SCRIPT%"
echo pacman -Sy --noconfirm >> "%TEMP_SCRIPT%"
echo echo "Installing MinGW toolchain..." >> "%TEMP_SCRIPT%"
echo pacman -S --noconfirm --needed mingw-w64-x86_64-gcc mingw-w64-x86_64-make >> "%TEMP_SCRIPT%"
echo echo "Installing libusb..." >> "%TEMP_SCRIPT%"
echo pacman -S --noconfirm --needed mingw-w64-x86_64-libusb >> "%TEMP_SCRIPT%"
echo echo "Installing ARM toolchain..." >> "%TEMP_SCRIPT%"
echo pacman -S --noconfirm --needed mingw-w64-x86_64-arm-none-eabi-gcc >> "%TEMP_SCRIPT%"
echo echo "Done!" >> "%TEMP_SCRIPT%"
"%MSYS2_BASH%" -l -c "source '%TEMP_SCRIPT%'"
del "%TEMP_SCRIPT%"
:: Install Zadig info
echo.
echo [4/4] USB Driver Setup (Zadig)...
echo.
echo To communicate with Jibo in RCM mode, you need the WinUSB driver.
echo.
echo Steps:
echo 1. Download Zadig from: https://zadig.akeo.ie/
echo 2. Put Jibo in RCM mode (hold RCM + press power)
echo 3. Run Zadig
echo 4. Options ^> List All Devices
echo 5. Select "APX" from the dropdown
echo 6. Select "WinUSB" as the target driver
echo 7. Click "Replace Driver"
echo.
:: Final instructions
echo.
echo ============================================================
echo SETUP COMPLETE
echo ============================================================
echo.
echo To build Shofel and run the mod tool:
echo.
echo 1. Open "MSYS2 MINGW64" from Start Menu
echo 2. Navigate to this folder:
echo cd /c/path/to/JiboAutoMod
echo 3. Build Shofel:
echo cd Shofel ^&^& make
echo 4. Run the mod tool:
echo python ../jibo_automod.py
echo.
echo Or use the batch launcher:
echo jibo_automod.bat
echo.
echo NOTE: Some USB operations may require running as Administrator.
echo.
pause
endlocal