top of page
cyber hacker beagle thinking.jpg
Search

Let's-A-Go Find Vulnerabilities!



Nintendo's Alarmo

Nintendo has made waves in 2024 with a variety of exciting releases, one of the most talked-about being their innovative alarm clock, Alarmo.


Released exclusively for Nintendo Online members on October 10, 2024, Alarmo has generated buzz and speculation. Reports suggest that Nintendo plans to make Alarmo available to the general public by 2025.


Priced at $99.99 USD, Alarmo offers users an immersive waking experience that feels like stepping into a Nintendo game. The alarm clock tailors its sounds based on the user’s sleep patterns, ensuring a unique and personalized wake-up experience.


For more information about Alarmo's hardware and design, check out this link!




Let's-a-go Hack!


On October 29, 2024, @GaryOderNichts [Gary] published a blog offering insights into the reverse engineering of Alarmo's hardware. In a blog written by Gary, Gary conducts an excellent deep dive into the key hardware components of Alarmo, highlighting features such as:


  • 2.4 GHz WiFi connectivity for firmware and content downloads

  • 24 GHz millimeter wave presence sensor

  • MCU - STM32H730ZBI6

  • 4 GB eMMC IC


Gary notes that by removing a single screw at the bottom of Alarmo, this allowed access to Alarmo's internal components.

While Gary wasn't the first to attempt reverse engineering Alarmo, there has been a recent surge of posts on X from others exploring its components. With collaboration from these contributors (@_spinda) and a Raspberry Pi, Gary successfully identified and exploited a vulnerability in the processor's interface. Using a custom script, Gary obtained an AES-128-CTRY key used to encrypt Alarmo's content files. This breakthrough allowed Gary to reverse-engineer Alarmo's boot process and run a custom payload that displayed a picture of a cat on the device.

For more details on the payload and Gary's work, check out Gary's GitHub repository. You can also follow Gary on X, where Gary posted a video of Doom being played on Alarmo.


Thank you, Gary, for sharing your insights. This has brought insight into the importance of product security and secure coding practices! To learn more about what the community is doing to educate themselves on hardware reverse engineering, check out this Reddit post.

References and Links:



 
 
 

Comments

bottom of page