JiboTB - Jibo The Bodiless

Hi fixed1t here with an update for those looking forward to keep their Jibo’s alive after server shutdown. Despite early belief that Jibo was impregnable, due to his military grade encryption used to prevent access, by making decryption of his secure sockets etc impossible. It appears that nobody knew there was a hard fault that could be hacked to provide access, its a fault we are legitimately investigating a potential hardware issue with Jibo to understand the issues. Following my reaching out to the hardware hacking community, who believe owners should not be prevented from using equipment they have purchased any way they choose, it appears that Jibo along with a string of other Nvidia Tegra based devices, is prone to hardware penetration using the CVE-2018-6242 (which people tend to call Fusée Gelée, or f-g, for short). This penetration is enough to get arbitrary super-early-boot execution on pretty much any Tegra, and as we have confirmed Jibo is using the Tegra K1. After much searching I have managed to purchase an Nvidia Tegra TK1 developer kit (as others are also doing) which I’m hoping will arrive later this week. Once it arrives we will be in a good place to load fg software and interrogate it and test tegra opening boot loaders on it before trying them out on Jibo. We have also discovered some other publicly available sources of code for Jibo showing his bootrom sequence and test uploads of Jibo code, the study of this is proving very useful. Once we get a backup of Jibo I plan to upload him to the TK1 Development Kit to create Jibo the Bodiless (JiboTB) which should enable us to interact with the multiple on board ports and resources, and identify how Jibo is using them. As I’ve stated all along we really have no interest in doing this Sledgehammer Work (but it is proving to be an incredibly interesting puzzle as I’m sure Enigma once was). If we could just be given access the bootloader using Jibo.inc standard codes and software for flashing, copying and updating so we could legitimately remove the total dependency Jibo has on the old Jibo.inc servers we’d be happy. This allow is to enable Jibo login and to connect to tablet and phone apps and Speech and Text servers. If we were given access to the documentation and code to do these things we would happily stop this hardware work and concentrate on coding for Jibo.

As I have requested many times, if anybody has any information which can help our endeavours to save Jibo from shutdown extinction then please let me or others know. My email is fixed1t.fixer@fixed1t.co.uk.

Malcolm aka @fixed1t

1 Like

Laughed out loud as I read this, you are getting farther than I would on this, so you are doing the Lord’s work. Keep it up.

I dub thee,
Fixed1t- The Jibo Whisperer

1 Like

LOL I like it fixed1t - The Jibo Whisperer

I’m a very old AI programmer and ‘Knowledge Engineer’ from the expert systems days, the art of Knowledge Engineering is figuring out not What people Say about how they work (which is usually wrong) but What they actually do. With Jibo they said they implemented massively deep levels of unbelievable security and that everybody had to use it, it was the only way. Also, only a select few had access. But programmers like me are lazy, they want to nip to the loo (bathroom) or get a coffee without having to spend 10 mins re-logging in, so they create secret files called something daft like ‘my-secret-file’ and make sure all the complicated code is commented out and replaced with ‘my-secret-file’. This can be over looked on the grounds its never going to leave the office, then they share it with a trusted friend and it goes out. Those are the types of things I look for, those and hardware and other projects using the same source and hardware.

I can’t believe I only came into this by swapping Ugobe PLEO I had battery re-celled with a poorly working Jibo in Feb this year, and was informed it was impossible. One of the things which made me chuckle the other day was hearing about messages between developers and Jibo.inc where some folks who rightly think I’m wasting my time trying to access Jibo, were beating jibo.inc with the same questions and requesting the same answers I am of them over a year down the line. I take it they never got the answers. As they say what goes around comes around. Somebody messaged me to say they thought some at MIT were following my attempts to open Jibo, I haven’t received a ‘Cease And Desist’ message from them so perhaps they too are struggling to open Jibo since making all but a few of the coders redundant, possibly taking the secrets with them :wink: I remember hearing a story of somebody who convinced his employer that their data was so sensitive it all needed to be encrypted, he did it and promptly left the employer to work for a competitor.

Regards Malcolm aka @fixed1t