Museum Audio Player Jailbreak

It was very easy.

The Imagineear XP4 is a museum audio player device. I immediately wondered if it was possible to 'Jailbreak'.

The device was in the seemingly inescapable state of a kiosk tour application, just meant for listening to audios related to the tour. You type in the 'stop number', and it plays the corresponding audio. However, after pressing the volume buttons it popped up a very familiar looking volume dialog, very Android KitKat. So I started trying stuff.

From some online documentation, I found that there was a 'secret' code: Choosing stop number 9999 on the tour displayed the battery percentage, however this was unfortunately the only code mentioned in the manual other than a way to reset by pressing the * button for 15 seconds.

Undeterred, I started trying random codes and eventually I happened to type 3333, and to my surprise, it instantly crashed the tour application. The device was sent to the Android home screen, and it was indeed Android KitKat. Unfortunately I couldn't find a way to activate the 'home button', so when I found myself in an inescapable place I had to restart the device using the afformentioned * method.

After some looking about, I found that play services were kind of broken, however there was an app installed called 'ROM Toolbox'. This is the holy grail for a bad actor (luckily not me), as it allows app management, root file management, a root Linux terminal, script runners, and more. Also, yes, the device is rooted.

I made sure to reset the device after my tomfoolery, however it was certainly interesting just how easy it was to defeat the security of this device completely.

Thanks for reading,
Ethan M