Get the latest tech news

Jooki – Taking Control of a Forgotten Device

Jooki was a dream come true for parents—an intuitive, screen-free audio player that let kids enjoy music and stories with the tap of a token. But that dream turned into frustration when the company behind Jooki went bankrupt, leaving countless devices bricked and families frustrated. But what if Jooki isn’t as dead as it seems? This blog post isn’t just about fixing a broken audio player—it’s about peeling back the layers of its firmware, finding hidden exploits, a backdoor and unlocking code execution. With a bit of ingenuity, we might just breathe new life into these abandoned devices—on our own terms. Ready to dive into the rabbit hole? Let’s crack this thing open.

This blog post isn’t just about fixing a broken audio player—it’s about peeling back the layers of its firmware, finding hidden exploits, a backdoor and unlocking code execution. Mender also supports state scripts, allowing pre- and post-update automation, and offers security features like TLS encryption and device authentication. This design appears to be intended for over-the-air (OTA) updates but, if exploited by a malicious actor, could enable remote code execution (RCE).

Get the Android app