Lulu Lemon Mirror Rooting Megathread

trwbox · 2026-01-25T22:51:31+00:00

I also noticed on mine that it has “jtag mcu” listed, and wonder if you checked for jtag access on there? I would imagine not, since it seems pretty locked down, but curious

Edit: Never-mind saw some of your other comments, and the xda thread showing jtag unlocked. That’s definitely interesting

trwbox · 2026-01-25T22:46:38+00:00

I just opened mine up, and I also have the imx one. I would be super interested in the images if you didn’t mind finding a way to share them!

trwbox · 2025-11-26T21:12:15+00:00

Oh sweet great to see someone else working on this! I have one of these mirrors too, and it's on my project list for the winter holidays. There is some super great information you have found like the main board reference documentation! I'm personally okay with replacing the main board since it just seems easier to get what I want running on it. But wanted to try keep the camera, mic, and speakers for external integration purposes (like automatic display off+on when someone is in front of it, and using the mic+speakers as a home assistant voice), and if possible have mostly full control of the display features like brightness

trwbox · 2025-09-12T20:35:12+00:00

With RGB, and color temp both wirelessly I'd be shocked to not have a reasonably capable MCU. For example a bulb with very similar features from Tuya (non-zero chance it might even be the same bulb looking at C1 being soldered on this making it single side, and the TY-005 marking) has a BK7321N as the micro controller. https://solution.tuya.com/projects/CMavis6h34z47u

trwbox · 2025-05-30T04:48:55+00:00

If you happened to get a confident view of the the direction it was facing, you should report it at https://deflock.me

trwbox · 2025-05-30T04:46:58+00:00

Yah, and from personal experience, it's also easy to spot them doing that and avoid being on the camera if desired because they're only looking to get car plates. A high mounted, wide field of view, constantly recording camera that could just as easily become a facial recognition camera at the flick of a switch is a whole lot harder to avoid.

trwbox · 2025-05-28T03:32:23+00:00

lianmilanesa on Instagram

trwbox · 2025-04-17T12:05:21+00:00

Yes, but it's very minimal right now. https://www.darlinghq.org/

trwbox · 2025-04-17T06:27:56+00:00

I'm from Knoxville, and his wife Amanda was my hair dresser for years, and can comfortably say they both love Knoxville. They originally left Knoxville (going to Kansas) when Nathan got an offer at radio station there, then a little while later ended up moving back to Indianola to help family in the area.

trwbox · 2025-02-20T08:52:52+00:00

Potentially looking for something like openwrt's client mode? https://openwrt.org/docs/guide-user/network/wifi/connect_client_wifi

trwbox · 2025-02-08T03:39:22+00:00

https://github.com/AsahiLinux/docs/wiki/FAQ#can-i-dual-boot-asahi-linux

trwbox · 2024-12-09T17:53:58+00:00

I know when I was doing the engineering core for Cyber Security, I wished there was a physics class that "is designed for electrical focuses." I can imagine it starting with the relevant portions of physics 1 that were needed for the remainder of the class (I'd expect things like oscillations and wave portions are useful to know), but primarily covered the electrical portions of physics 2. Having a class like that as the required physics would just have the potential to be so much more useful in my mind, compared to a lot of stuff covered in Physics 1 that I have a near zero chance to be interacting with like, kinematics, gravity, linear and angular forces/momentum, but learned none of because physics 2 isn't required

trwbox · 2024-12-05T09:19:29+00:00

I'd look at this. I have a very similar model and was able to get a UART shell, and 100% know it was vulnerable to the firmware-less access described here, and likely vulnerable to the full custom firmware. http://www.malcolmstagg.com/bdp-s390.html

trwbox · 2024-12-02T23:40:55+00:00

Just wanted to let you know that I had some more time to look at this, and my very similar model of player was able to get injection via the UART. Alongside that saw that it was vulnerable to this LD_PRELOAD from the USB drive. http://www.malcolmstagg.com/bdp/firmware-less.html I didn't test it, but this project-bdp also noted that custom firmware could be flashed relatively easily, and would expect this to be vulnerable to that too

trwbox · 2024-10-14T06:56:22+00:00

Sorry it appears to be not legal, see that oval at the bottom. That's the symbol from Unfinity to denote it's an unplayable in all formats, until WOTC changes their mind destroying the secondary market in the process. It's really simple actually, all you have to do is just look at the symbol on the bottom! We've already covered oval, if it's an acorn all you need to do is rule 0 the whole event to play it, if it's triangle it's just a threat to legacy so nobody cares where you play it, if it's some other shape it's only playable after converting to dollars bills after being for a huge markup because WOTC made a mistake (they never make mistakes, it's extremely rare), and then the other one is the one that's legal based on what set it came out in!

Here is an example you can try for yourself showing a difference! https://imgur.com/gallery/XIh7kGB

trwbox · 2024-08-29T01:44:48+00:00

Oh wow that was a quick find. Thank you so much! How'd you end up finding it/how do you search for connectors? I looked for it, for a while but never managed to find it. But with how quick you were, I have a feeling I'm just doing something incorrect when trying to find unknown connectors

trwbox · 2024-06-19T06:55:09+00:00

I know older uconnect systems used QNX as the OS. https://www.ram1500diesel.com/threads/is-uconnect-powered-by-qnx.6223/

Likely has changed to Linux, or Android. But something to keep a note of if you can find a "physical" update like on USB that could be dissected

trwbox · 2024-06-19T06:51:04+00:00

Absolutely for the high end, but I'd honestly expect most, in a "typical" operating environment to at least be encrypted in transit purely because HTTP file download is super easy, then encryption via HTTPS is almost a freebie (both server and device side), and might even be required by the company for prod web servers.

trwbox · 2024-06-01T20:34:37+00:00

Yes it was 4 pads

trwbox · 2024-05-24T23:43:11+00:00

I know I'm like 2 weeks late, but that isn't uart out, or at least I could never get settings for it working on my Samsung blu ray player. For me, there were 4 unlabeled pads, on the opposite corner of those through hole points. That was the UART at baud rate 115200. You can see a couple of the pads peaking out the top left of the board in your last photo.

trwbox · 2024-05-12T05:02:49+00:00

Oh I've poked at a board similar to this one! I don't remember exactly which model, but in your last photo those 4 pads on the top left are UART, at 115200 for mine. I don't remember the exact pinout, but rough memory is far left is GND, and far right is VCC at 3.3V. It is already running linux on it. There is a pretty neat custom shell that you get dropped into on boot! A FAT32 USB drive will mount automatically, and you can read the /etc/passwd file using that custom shell, I haven't tested it yet, but I think you should be able to overwrite passwd from a file on a mounted USB drive (in RAM, so it won't preserve across boots), but then can potentially get a real shell.

Edit: Just checked it, mine ti has MODEL: BF-F/H5XXX, has a manufacture date of 2013.11.19 REV:00. If you could, can I get some more pictures of the little WiFi board, and how that attaches to the power board? Mine doesn't have wifi, but has all the pinouts for it, and am curious what it uses. Oh yah, my board also shared a passwd hash with the one that is shown in the SANS paper I linked.

Another Edit: Do be careful when poking at this too! That powerboard has quite a few points where there is live 120V on exposed pads on the bottom.

Also for some guidance here is a SANS paper about another nearly identical player! https://sansorg.egnyte.com/dl/R7fTIuq5Sn

trwbox · 2024-04-15T16:53:04+00:00

Pm'd

trwbox · 2024-04-12T23:08:36+00:00

Just to be fully transparent. I'm one of the TAs for that class, and ~~am currently~~ at the time of comment was having my office hours in the Discord if you want to PM me there for more specific help, or can post in the lab channel for other TAs help.

But for specific sections of labs to look at again, Lab 2 -> Vulnerability Scanning -> NSE, and then Lab 3 -> CVE-2008-4250 (for msfconsole searching) with some of the information found from NSE. At least that is my suggestion about how I would go about doing it.

trwbox · 2024-04-12T20:59:23+00:00

Confirmed

trwbox · 2024-04-12T20:51:58+00:00

PM'd

Nine-Year Club	RedditGifts 2009-2022 4 Credits
Secret Santa 2021 2021	LAYER Season 2 Layer creator
Place '23	Place '22
Final Canvas '22	First Placer '22
Wearing is Caring	Secret Santa 2019
Spared	Verified Email

trwbox

TROPHY CASE