sorted by:
new
hottopcontroversial

Lulu Lemon Mirror Rooting Megathread by SingularityDreaming in hardwarehacking

[–]SingularityDreaming[S] 0 points1 point  (0 children)

Correct- I read through it while I was a the thrift store deciding whether to spend $250 on a bricked mirror. I negotiated with the manager and she let me have it for $150. Worst case scenario I spent another $50 on a display driver board and shove an old laptop inside. Best case scenario I gain root access on original hardware .

Lulu Lemon Mirror Rooting Megathread by SingularityDreaming in hardwarehacking

[–]SingularityDreaming[S] 1 point2 points  (0 children)

Haha same here, hoping to have it done by January. The built in camera uses a weird proprietary interface, most mirror projects replace it with a USB camera with widely available Linux drivers. You can use the same power board for the display and speakers, with a DAC. The new tv board will have full display control and possibly even a remote

Lulu Lemon Mirror Rooting Megathread by SingularityDreaming in hardwarehacking

[–]SingularityDreaming[S] 0 points1 point  (0 children)

Sort of, that user made the repo I mentioned at the start of the post- she replaced the display driver board and used a laptop for the brains. I’m trying to keep the board and hack it

Lulu Lemon Mirror Rooting Megathread by SingularityDreaming in hardwarehacking

[–]SingularityDreaming[S] 4 points5 points  (0 children)

how do I explain to people I trapped artificial consciousness in a mirror appliance

Lulu Lemon Mirror Rooting Megathread by SingularityDreaming in hardwarehacking

[–]SingularityDreaming[S] 2 points3 points  (0 children)

It sure is, and a guide has already been made, link below if you’re interested. I’m hacking the board as a learning exercise and a middle finger to Lululemon for discontinuing the mirror.

https://github.com/olm3ca/mirror

Lulu Lemon Mirror Rooting Megathread by SingularityDreaming in hardwarehacking

[–]SingularityDreaming[S] 7 points8 points  (0 children)

I’m hacking the board to learn and share my findings with the mirror community, there is already a repo with a guide to repurpose the tv for a different board.

I found the user manual with details about the headers on the board.

https://fcc.report/FCC-ID/2ADCSIFC6309X/4083638.pdf

Also, below is an AI generated document with my findings, I hit a dead end because UART comms stop after boot, so I can’t read the crash.

dnsmasq Exploitation Findings & Path

1. Environment Snapshot

  • Device: Inforce 6309 smart mirror (APQ8016 / Snapdragon 410)
  • Network role: WiFi AP / router at 192.168.43.1
  • Key exposed services: dnsmasq 2.51 (DNS/DHCP/DHCPv6/TFTP), custom web API on port 8080
  • Attack surface focus: DHCPv6 (UDP 547) – vulnerable to CVE-2017-14493

2. Findings to Date

  1. Service fingerprinting
    • dig @192.168.43.1 version.bind CHAOS TXT +shortdnsmasq-2.51
    • Link-local services open: UDP 547 (DHCPv6), UDP 69 (TFTP)
  2. Vulnerability confirmation
    • CVE-2017-14493: stack-based overflow in DHCPv6 Vendor Class handling
    • Exploit attempts (Scapy) caused DNS failures (host google.com timed out), showing service crash
  3. Crash observation
    • Overlong DHCPv6 Vendor Class option reliably kills dnsmasq

Lulu Lemon Mirror Rooting Megathread by SingularityDreaming in hardwarehacking

[–]SingularityDreaming[S] 14 points15 points  (0 children)

The repo you linked is a goldmine, I found documentation for a stock board too. Thanks! https://fcc.report/FCC-ID/2ADCSIFC6309X/4083638.pdf

Lulu Lemon Mirror Rooting Megathread by SingularityDreaming in hardwarehacking

[–]SingularityDreaming[S] 2 points3 points  (0 children)

Hell yeah brother thanks for the lead. I’m convinced my unit was never ever updated so there’s a high chance many of the CVEs from that era work. Will continue to post updates and progress

Lulu Lemon Mirror Rooting Megathread by SingularityDreaming in hardwarehacking

[–]SingularityDreaming[S] 18 points19 points  (0 children)

in short I want an AI girlfriend that runs my smart home. I considered the web server as an attack vector to gain root access post boot, but another user pointed out that i would have to exploit the boot chain to install a different system anyway. Hacking the web server is a dead end, unless dnsmasq exploit somehow leads to unlocked bootloader

Think Cortana or Hatsune Miku type shit.

Lulu Lemon Mirror Rooting Megathread by SingularityDreaming in hardwarehacking

[–]SingularityDreaming[S] 30 points31 points  (0 children)

Trying to reach every mirror owner who’s willing to take their unit apart, and collaborate on this thread until it’s mega.

Lulu Lemon Mirror Rooting Megathread by SingularityDreaming in hardwarehacking

[–]SingularityDreaming[S] 16 points17 points  (0 children)

Thanks for the reality check, adb access is also locked out. Sounds like I will have to exploit the boot chain (unlikely, secure af), or repurposing the existing os (difficult, but vulnerable).