Hack Nintendo's alarm clock to show cat pics? Let's-a-go!
How 'Gary' defeated Bowser broke into the interactive alarm clock
A hacker who uses the handle GaryOderNichts has found a way to break into Nintendo's recently launched Alarmo clock, and run code on the device.
Nintendo bills Alarmo as a way to "make waking up fun" – a tall order. The clock looks like a cartoony take on a vintage, red round alarm clock, but with an interactive screen.
Alarmo plays sounds and music from Nintendo's signature games to rouse owners from their slumber – which honestly sounds like a whole new level of Hell. But apparently, a lot of people are willing to pay $99.99 to have Bowser's angry face staring at them if they don't leap out of bed.
Upon receiving his shiny, new device, Gary opened up the Alarmo – which required removing a single screw next to its USB-C port.
Gary was already aware of posts by graduate computer science researcher Naomi Smith, known as Spinda on X, who had already found Serial Wire Debug (SWD) pins on the device's board. Smith had also been poking the Alarmo for exploitable holes and wrote code to dump the embedded multimedia card (eMMC) – which contains an encrypted content folder with files for each of the video game themes, a system file, a factory file, and a file called 2ndloader.bin.
Using Spinda's findings, his own research, a Raspberry Pi connected to the SWD pins, and with assistance from the vulnerability researcher Mike Heskin (aka hexkyz), Gary found and exploited a vulnerability in the cryptographic processor's interface, then obtained the AES-128-CTR key used to encrypt and decrypt the Alarmo content files. Using the newfound visibility the key afforded, he was able to figure out the device's boot process and load firmware binaries over USB. This was how he created and ran his custom payload that displays a cat picture.
- Nintendo sues alleged Switch pirate pair for serious coin
- Fired Disney staffer accused of hacking menu to add profanity, wingdings, removes allergen info
- Cast a hex on ChatGPT to trick the AI into writing exploit code
- Brazen crims selling stolen credit cards on Meta's Threads
Gary has shared his testing USB payload (the cat picture), along with a project that allows anyone to brute-force the Alarmo's AES key. So we may be seeing some interesting Alarmo custom code being developed and deployed in the near future.
The Register sought comment from Nintendo to inquire whether the Super Mario shop maker is aware of the hack being used for other purposes. We didn't immediately receive a response, but will update this story if and when we do.
If you want to see the cat photo, here it is. We can't think of a better post-Halloween treat. ®