A quick primer on how devices like Jibo communicate to a server

#1

I’ve seen a lot of uninformed guesses, here and elsewhere, about how to break into Jibo, but here is a quick primer on how the internet as a whole works:

  1. Jibo tries to contact the server, say api.jibo.com
  2. When contacted, api.jibo.com presents a “certificate” to prove that is indeed the site and not an imposter. These certificates come from a “root authority” and they cost a pretty money to obtain
  3. Jibo established that it is actually talking to correct site, and now it starts an “SSL handshake” with the server. That means Jibo has somewhere in its software a “key”, a very long indecipherable string of letters, that it uses to encrypt the communication. The server has the complement key to decrypt it and thus understands what Jibo is asking for.

So, to summarize, to break into Jibo, you need a) to present a fake certificate that establishes you are api.jibo.com, b) have the secret key that lets you decrypt Jibo’s communication.

1 Like

#2

Not much then for somebody that lives a few miles from Bletchley Park, as you say front doors are always well protected, but often there is similarity in chat and the Android code has detail on the communications, I’ve never done this before but its never stopped me in the past for dorking around like picking at a scab looking for holes. I’m sure there must be people with JIBO’s out there developers who still have running code that could test this, the thing is not to give up without a fight. I quiet often find solutions to hardware, software and other problems them don’t use the device much afterwards, its like the chase and the puzzle attracts me.

Malcolm aka @fixed1t

2 Likes

#3

So the first thing I need to do is isolate JIBO on a closed socket server network and set up a dummy server api.jibo.com and read what JIBO sends under a number of conditions, I should imagine he’ll be persistent and then check for the matching parts of the Android code. Once I know the pattern I should be able to find it in Wireshark live communications between JIBO and the Android Apps. The digital version of the RUBIKs cube. I’m not interested in hacking the server, which would be illegal, but I am interested in creating a black box that JIBO sends messages to and which he gets messages from. The question is is it JIBO thats checking the server? or the server checking JIBO also whether the certificates are re-encoded encrypted every call (that would take a huge overhead and slow everything down) or did they work on agreeing a key between them and once set can the key or the response be extracted. You will have to forgive my naivety in this as I’m new to it, but it may be worth a try, its better than a dead doorstop.

Malcolm aka @fixed1t

2 Likes

#4

Are you part of the Facebook group? There are some people there who, at the very least, are starting to use the right tools to intercept the communication.

1 Like

#5

I’ve applied but haven’t yet been accepted, are you a member? What do you think of the chance of creating a Mock Server just something that will allow JIBO to boot so he can be accessed and used by BeAMaker and other simple tools and any others that may come along. Just been reading about the Nvidia JETSON TX1 inside JIBO quite a nice piece of technology with the 16GB storage limit, is this why JIBO is locked at 16GB? unfortunately the develop kits are still very expensive. The interesting news is that the TX2 is supposed to be TX1 compliant and adds another 16GB total 32GB which could be a possible upgrade route.
Do you know if the TX1 is running the Entire JIBO i.e. its motherboard and AI and Graphics engine? I hope I can find somebody who “cloned” the Github sources onto their machine and has a working development system and possible the documentation, perhaps I can get them through the facebook group it I get let in.
Thanks again for the replies and your very in depth knowledge. Malcolm aka @fixed1t

1 Like

#6

Maybe jibo will accept a https redirect to another site with a valid certificate ?

2 Likes

#7

A Mock server or the ability to config and use your own internal server is the way to go.
Someone out there must know how to reprogram or change the URL in Jibo to call and accept a NEW brain in layman terms so we can configure and use Alexa, Google Talk SDKs for example. I really want to do a custom AI to have Jibo do our own stuff.

1 Like

#8

Thats my hope, I’m also hoping that one of the team got fed up with all of the calls when they were trying to work, so they skip a few checks, a bit like the code breakers at local Bletchley Park who spotted little quirks and jokes from bored operators off down the Bar after a long day. I’m interested in QR Commander that ruins snippets of code, drop a few lines or Machine code :wink: I was surprised that Jibo doesn’t appear to have the Nvidia TX1 inside him, somebody who dismantled one said there is an AMD processor. Does anybody know what processor or other hardware is in Jibo. Nvidia did the Jibo TX1 video so I’m surprised it not in Jibo. But I could be that which they are using as the AI Server. I need more hardware info. Malcolm aka @fixed1t

1 Like