Hacking the TomTom ONE through Open Source

By David M Williams
Monday, 16 July 2007 10:18

Business IT - Open Source

Work continued in deciphering how the TomTom boots. This was greatly aided by the source code now being accessible, and one year later the Chaos Computer Club - perhaps still pleased with their boost in fortunes - presented a paper on what they had achieved thus far towards this end. Techniques discussed included reverse engineering and forcing buffer overflows, all of which provided data as to how the GO could be controlled to run any arbitrary program. Screen shots were presented showing point-and-click adventure system ScummVM playing on the handheld, and showing the TomTom displaying the image being received via a USB-connected Webcam.

Most importantly, the Blowfish cipher key was discovered and unveiled, finally unlocking the TomTom for custom boot loaders paving the way to replacement operating systems.

With this under their belt, the Chaos Computer Club profferred new suggestions for custom apps: the obvious MP3 player and WiFi sniffer, but more imaginatively a radar detector and a crypto-key server responding to Bluetooth requests.

So then, how can you and I exploit this hard work by such dedicated netizens? The answer is found in the pages of the OpenTom project. This site distils the accumulated knowledge of many hackers, explaining how to build applications that run on the TomTom as well as alternate operating system images. One such image is provided, in the form of OpenTom itself; an open source, community built, TomTom environment that enhances the factory-supplied image by including an MP3 player and permitting remote connections giving a regular Linux shell.

OpenTom can be downloaded as pre-compiled images, or in source-code format for customising and self-compiling. No matter which route you choose, copy the two resulting binaries ttsystem and root.cpio to an SD card and reboot following the instructions on site. The OpenTom image is executed instead.

For those not so bold, examining the TomTom's source code has yielded a litany of interesting tricks that can still customise the device while minimising risk because the actual images being executed are still the original, supplied, programs. These tricks include making custom menu structures, changing the startup and shutdown screens and even adding utility via event loggers, offroad navigation and reversing an itinerary, helping you get back home again.

There's no end to what can be achieved with little more than an inquisitive mind. If you have a TomTom, check out the OpenTom project and become familiar with the new things you can make your device do. If you are a software developer, see what you can do to expand the repertoire and give back to the community who has brought freedom this far.