Jailbreaking RabbitOS: Uncovering secret logs, and GPL violations

> I could also build an entire custom kernel from source, but Rabbit Inc. has chosen to violate the GPL2 license and not make the sources available. Of particular note are their drivers for hall-effect scroll wheel sensing, and camera rotation stepper motor control, which are closed-source and yet statically linked into the GPL'd kernel image. Violations like this are hugely destructive to the free software ecosystem, from which companies like Rabbit Inc. benefit.

GPL requires you to disclose the license and source code on request, but Truth Social got away with not disclosing the license until someone realized they were using AGPL code, and only then released the source. I wonder if Rabbit will slip by doing the same.

> logs include:

Your precise GPS locations (which are also sent to their servers). Your WiFi network name. The IDs of nearby cell towers (even with no SIM card inserted, also sent to their servers). Your internet-facing IP address. The user token used by the device to authenticate with Rabbit's back-end API. Base64-encoded MP3s of everything the Rabbit has ever spoken to you (and the text transcript thereof).

Nasty :0

lol! I worked at Rabbit and left after reading through the codebase and being gaslit by the execs

> On July 12th, I asked Rabbit Inc. if they had any comments to make on the content of this article,

> As of the end of July 15th, they have not responded.

Their lawyers are considering the options how to sue you.

> However, due to the aforementioned "kamakiri" bootrom exploit, the first link of the chain is irrevocably broken.

> [...]

> But, we don't even need to use an exploit here. Both the brom and Preloader boot stages feature a USB bootloader mode, which in the r1's case will accept unsigned DA ("Download Agent") images over USB, and allow you to execute them from memory (from SRAM in the case of brom, and DRAM in the case of Preloader).

The RabbitOS developers can patch all of this by setting an efuse that instructs the bootrom to block bootloader access over USB. Moto did this a couple years ago with their MediaTek devices that were susceptible to bootrom attacks via this surface. If I remember correctly this efuse was set at the LK stage and was applied in a regular OTA firmware update.

Cool write up!

The software looks garbage and the company doesn’t seem great either at this point.

But if it’s easy enough to run custom apps on (even/especially) in kiosk mode, I could imagine some pretty interesting use cases for this form factor.

Bonus points if you could just slap something together as a PWA too, as then it gets much quicker than programming an ESP32 + battery + screen, and in what looks like s pretty nice self contained unit.

Would be nice, ideally to be able to get it running more secure / without any Google services, something like GrapheneOS.

Having not looked at what’s out there (yet) does anyone know if people are using them in this way for custom single focus apps or have any pointers?

Ah, I wish this product could have panned out. I hope it doesn't become a bugbear for future experiments with hardware user interfaces + AI. I'm still of the Bret Victor school of thought that we can do better than just tapping and swiping at glass rectangles.

It's kinda funny all/most of the initial goodwill towards the Rabbit was purely because of the Teenage Engineering design.

I hope TE chooses their clients better in the future. The guy behind Rabbit is a known grifter.

So this is the Juicero of AI assistants.

What did people expect to lapin?

I'm enjoying reading this, and I never paid much attention to the R1 product. "Carroot" was enough of a chuckle to merit the rest. :D

I need to ask, will this break the warranty trying to recreate these steps?

What’s the actual value of pinpointing behavior for the crowd that bought this?

Maybe identifying who would buy the next Juicero, Multivitamins and “be your own boss” Multi-level-Marketing scheme?

Is the data harvest restricted to that particular device or is it an Android feature?

Very interesting writeup!

Honestly ... what did people expect.

I don't have any interest in this product or sympathy for its manufacturer, but:

>On July 12th, I asked Rabbit Inc. if they had any comments to make on the content of this article [...] As of the end of July 15th, they have not responded.

That *was* between zero and two working days, depending on how early on Friday the author asked them for comments and how late on Monday they waited for a response. It might've been better to wait a few more days. I doubt they would've responded even then, but it would've made the case of their incompetence stronger, and given them less ammo for a rebuttal should they choose to make one.

It was surprisingly (or not) hard to find what this "Rabbit R1" device was (despite the `I assume by now that most people have heard of the Rabbit R1.`), so here is a paste from Wired:

"The promise was simple. Speak into the device and it'll complete tasks for you thanks to Rabbit's “large action models”—call an Uber, reserve dinner plans via OpenTable, play a song through Spotify, or order some food on DoorDash. Just speak and it will handle it, just like if you handed your smartphone to a personal assistant and asked them to do something for you."

I don't understand why an app on the phone wouldn't do that, but maybe I'm not hype enough.

> In the spirit of terrible rabbit-themed puns, I'm naming the jailbreak "carroot".

This is good.

Good writeup on the process, but the amount of negative spin in the article left a bad taste in my mouth.

He says he didn't bother reporting the issue at first (!) but then later criticizes Rabbit for not responding to his July 12th e-mail in less than 2 business days.

However, Rabbit had already fixed the issue and released a security advisory on July 11th, a day before he finally decided to contact them. You can see their security advisory on their website, dated July 11th ( https://www.rabbit.tech/security-advisory-071124 ) To be fair, the post does bury this at the very end of the article, but it spends most of the opening sections talking about how much it "sucks" and leans heavily on the logging issue and their lack of response before eventually admitting that it was already fixed.

> As of 11 July, we’ve made the following changes:

> Pairing data can no longer be used to read from rabbithole. It can only trigger actions.

> Pairing data is no longer logged to the device.

> We have reduced the amount of log data that gets stored on the device.

> The Factory Reset option is now available via the settings menu. Customers should use this option to erase ALL data from their r1 prior to transferring ownership.

Shamelessly resubmitting my own article with a slightly more attention-grabbing title ;)

This company is definitely wading through the trough of disillusionment. Excited what root on the device could open up.

I have been disappointed in its hackability; however, the joy I receive when watching my 10 year old dive into a topic of his choice with this neon orange LLM is worth far more to me than the $200 for my R1. During these summer months I let him stay up late with this as his only glowing screen and he basically uses it like I used Encyclopedia Brittanica, except much more deeply and with more interesting subjects. I think it's a great little piece of purpose-driven hardware.

I dropped my own ChatGPT subscription and use this if I need to do some heavy lifting. I know it won't last forever, but it will last until the company goes bottom-up -- and longer if we get more boottime control through tools like this.

I have, in fact, not heard of the Rabbit R1. And the link in TFA leads to some weird promo video instead of something informative. Does anyone have a succinct explanation of what the article is talking about?

Edit: nm, I commented before reading other comments. Anyone else confused should read jylam's comment explaining.

So..umm..not an internet connected sex toy then?

I hate this type of articles, not because of content but because of what authors trying to do. They always try to be morally superior and create controversy by nitpicking issues.

These types of logs are extremely useful for debugging, just by doing that doesn't mean it's doing it for the purpose of selling your data to evil corp.

Oh, no! GPS, WiFi, cell tower location, token to attach to their network, all that information flowing! Hope none of you are using an Android phone or iPhone.

Get a grip, people.