Home Business IT Open Source Hacking the TomTom ONE through Open Source

Hacking the TomTom ONE through Open Source

Gadget geeks worldwide are collaborating to make the ubiquitous TomTom GO portable satellite navigation system more useful. In contrast to other models of SatNav devices, particularly those bundled with PDAs, the GO is especially known for its simplicity: turn it on, set routes via touchscreen, and away you go (and go you do, quite literally!)

This protective layer is deliberately restrictive, which is good for consumers. After all, who wants to buy a device, with a dedicated purpose in mind, but have it crash or be cumbersome to use? Yet, for hardware hackers, eking out versatility is an extra sweet result due to the effort needed to circumvent the layer protecting its hardware.

Many may ask why would you want to do something like this anyway. For most the question is moot; simply being able to prove you can is sufficient motivation. Others put forth practical applications - for instance, outputting GPS locations via Bluetooth to a WiFi-enabled laptop, thus pinpointing precisely where open WiFi networks are located. And others imagined how nifty a tiny touchscreen media player could be, particularly with its built-in SD slot and loudspeaker.

The key to it all is Linux. The TomTom GO runs Linux, specifically a custom distro called TomTomLinux or TTL, with an ARM processor. So, logic dictates, if you can compile a program for Linux on the ARM then you can run it on the TomTom.

It's not been quite that simple; for starters, the device doesn't have a keyboard or hard drive and nor can it be made to boot from a USB drive. Original work to reign in the GO centered around attempts to invoke a remote shell login while USB-connected to a computer. Some not insignificant success was achieved when it was fdiscovered that the system's start-up scripts contained a call to a file called /mnt/sdcard/ttn - i.e. an executable program called ttn located on the SD card. This meant it became trivial to have the TomTom run any custom app provided it was named ttn and saved to the memory stick.

Unfortunately, the TomTom didn't cater for pseudo-terminals - the /dev/pty devices that represent remote logins, as opposed to the /dev/tty devices which correspond to physical keyboards (or TeleTYpes). Thus, remote login still appeared unassailable until finally a TCP/IP stack was brought to heel under Bluetooth via the rfcomm utility. This finally permitted remote command-line sessions from a desktop computer. Even so, little could be performed except to probe the innards of the system.

In an unexpected twist of events, the gpl-violations.org project took exception to TomTom building an embedded Linux system without going along with the GNU General Public License (GPL) constraints that the Linux kernel used, and custom modifications, be freely available as open source. They were successful in this and TomTom agreed to release the full source code including all additions and changes made in-house. Additionally, TomTom showed their "appreciation" for Free Software by making a donation, described as "significant", to the infamous Chaos Computer Club - read into this what you may.

The result was a breakthrough and brought forth a cornucopia of technical information. The SatNav vendor now provides free downloads for all versions of its GO software from version 4 to the present 6.5. Additionally, TomTom detail the compilers and libraries they used to build the embedded OS and provide both Linux and Windows versions of the necessary toolchain that targets the ARM processor. It is actually surprising how many open source elements are used including terminal emulators, tools to erase flash memory and tools to initialise Bluetooth, the popular MPlayer multimedia player and others and thus gpl-violations.org were right to pursue the matter.

It must be clearly pointed out that the TomTom mapping and navigation application itself remained fully proprietary; it was the GO's operating system which was the subject of the violation. This was fine; for the wiley hackers, the actual SatNav software - despite being the primary focus for general consumers - was totally irrelevant. The goal was to master the box itself.

Work continued in deciphering how the TomTom boots. This was greatly aided by the source code now being accessible, and one year later the Chaos Computer Club - perhaps still pleased with their boost in fortunes - presented a paper on what they had achieved thus far towards this end. Techniques discussed included reverse engineering and forcing buffer overflows, all of which provided data as to how the GO could be controlled to run any arbitrary program. Screen shots were presented showing point-and-click adventure system ScummVM playing on the handheld, and showing the TomTom displaying the image being received via a USB-connected Webcam.

Most importantly, the Blowfish cipher key was discovered and unveiled, finally unlocking the TomTom for custom boot loaders paving the way to replacement operating systems.

With this under their belt, the Chaos Computer Club profferred new suggestions for custom apps: the obvious MP3 player and WiFi sniffer, but more imaginatively a radar detector and a crypto-key server responding to Bluetooth requests.

So then, how can you and I exploit this hard work by such dedicated netizens? The answer is found in the pages of the OpenTom project. This site distils the accumulated knowledge of many hackers, explaining how to build applications that run on the TomTom as well as alternate operating system images. One such image is provided, in the form of OpenTom itself; an open source, community built, TomTom environment that enhances the factory-supplied image by including an MP3 player and permitting remote connections giving a regular Linux shell.

OpenTom can be downloaded as pre-compiled images, or in source-code format for customising and self-compiling. No matter which route you choose, copy the two resulting binaries ttsystem and root.cpio to an SD card and reboot following the instructions on site. The OpenTom image is executed instead.

For those not so bold, examining the TomTom's source code has yielded a litany of interesting tricks that can still customise the device while minimising risk because the actual images being executed are still the original, supplied, programs. These tricks include making custom menu structures, changing the startup and shutdown screens and even adding utility via event loggers, offroad navigation and reversing an itinerary, helping you get back home again.

There's no end to what can be achieved with little more than an inquisitive mind. If you have a TomTom, check out the OpenTom project and become familiar with the new things you can make your device do. If you are a software developer, see what you can do to expand the repertoire and give back to the community who has brought freedom this far.


Did you know: 1 in 10 mobile services in Australia use an MVNO, as more consumers are turning away from the big 3 providers?

The Australian mobile landscape is changing, and you can take advantage of it.

Any business can grow its brand (and revenue) by adding mobile services to their product range.

From telcos to supermarkets, see who’s found success and learn how they did it in the free report ‘Rise of the MVNOs’.

This free report shows you how to become a successful MVNO:

· Track recent MVNO market trends
· See who’s found success with mobile
· Find out the secret to how they did it
· Learn how to launch your own MVNO service


David M Williams

joomla site stats

David has been computing since 1984 where he instantly gravitated to the family Commodore 64. He completed a Bachelor of Computer Science degree from 1990 to 1992, commencing full-time employment as a systems analyst at the end of that year. Within two years, he returned to his alma mater, the University of Newcastle, as a UNIX systems manager. This was a crucial time for UNIX at the University with the advent of the World-Wide-Web and the decline of VMS. David moved on to a brief stint in consulting, before returning to the University as IT Manager in 1998. In 2001, he joined an international software company as Asia-Pacific troubleshooter, specialising in AIX, HP/UX, Solaris and database systems. Settling down in Newcastle, David then found niche roles delivering hard-core tech to the recruitment industry and presently is the Chief Information Officer for a national resources company where he particularly specialises in mergers and acquisitions and enterprise applications.