HOME ARTICLES DOWNLOADS CONTACT
Openschemes Feed

  Subscribe in a Reader

Subscribe via Email

Main Menu
Openschemes Articles
Categories
Site Sponsors
Site Hits
Total Hits
« Hacking USB Serial Ports
Serving ROMs to the REB1200 »

Hacking the REB1200… A revival!

QRCode

Tags: , ,

Filed under: REB1200 | September 21, 2009 @ 11:55 pm (Views: 391)

The REB1200 was one of the first true contenders for the e-book market.  It has a nice (for the times) color touchscreen, prescient use of Li-Ion battery for plenty of airplane read time, and external CF memory for holding as many ebooks as your wallet could allow.
Although poor business decisions ultimately killed and revived it several times, it was a good product and offers some interesting hackability.  I’ve just noticed that the product line has again been picked up by a third party so as interest and used ebay sales surge, I decided to go dust off some old files and publish the hacks we knew back in the day (almost a decade ago) for that old-school hack feeling.  We’ll also touch on what’s happening these days to get you from the year 2000 to now post haste.

REB1200 in the secret EJFM Mode

Fig 1 - Don’t you wish your ebook was hot like me

As shown above, this is the REB1200 in the secret EJFM mode.  Anecdotally, I heard one time that EJFM stands for Erik J WXXX’s File Manager, a developer on the original team.

Interested in hacking your REB1200?  Not satisfied with secret test modes, but you’d like to get all the way down to the raw bytes?  Do you find it easier to write your own custom firmware, DES-encrypt it, and upload yourself rather than posting your feature request on the manufacturer’s forum?  Tired of using Windows to drag and drop files and you’d like to hex edit boot sectors and partition tables to splice in arbitrary boot code?  Awww, us too!!

What you will need:

  • A REB1200 with firmware lower than 4.x. I’m not yet sure if the new 4.x firmware can be manipulated and downgraded, so for safety’s sake - don’t upgrade just yet!

  • A networked PC running RebLibrarian.  The uber-REB tool for firmware work

  • A copy of Eliberate2 to run the buffer overflow hack.  Original author’s excellent page is here.  Or you can fetch a local backup here: Eliberate2 - REB1200 buffer overflow exploit for fetching from internal memory

  • Your device’s DES key - finding this will be the subject of another article

  • An EJFM-hacked firmware file.  This will be the subject of yet another article.

So go dig that REB1200 out of the closet and find your Compact Flash Reader - there’s life in this box yet!
Bookmark and Share

Related Posts:
  • Nandoori - SPMP8k Raw USB NAND Dumper (February 16, 2010)
  • SPMP8k FRMorp v1.1 - Improved the Linux side (February 9, 2010)
  • SPMP8k NAND Overview and NAND File Dump Tool - beta (January 29, 2010)
  • SPMP8000 NAND Dump Teaser! (January 25, 2010)
  • SPMP8000 - mydigit.cn SK8015C firmware request (January 24, 2010)

    • Metadata:

    RSS feed for comments on this post.
    TrackBack URI

    Leave a comment

    Contact Openschemes


    Copyright © 2003 by Openschemes  |   |  Design by 7dana.com