Hacking Alexa, the new Amazon Echo

I heard about the new Amazon Echo and immediately submitted my request. I got an invitation a few weeks later and Alexa (the Echo’s name) arrived the day before we were having all of our friends over for a party. The Out Of Box Experience was great. I have a friend with ADHD and he went nuts with it. I don’t think we ever heard a complete song form beginning to end.

As an aside, my daughters discovered a secret easter egg: Ask Alexa “What does the fox say?” Hilarious!

To be absolutely clear form the beginning, I love my Echo and I am very excited about what Amazon will be doing with it in the future. My favorite two things, besides the music, about Alexa: “Play This American Life” and “Play The Writer’s Almanac”. This blog post is about exploring what ELSE I can do with Alexa.

So here’s what I’ve done and what I learned and what I plan to do. I’ll fill in details later, I just want to get this out there, so people can see that there’s hacking going on with Alexa.

Amazon Echo Wireshark

1. Portscan Alexa, both in Setup mode and regular mode. In Setup mode Alexa creates an Infrastructure wifi network AMAZON-DP1 that you can connect to. You get the IP address 192.168.11.44 from her DHCP, and she’s at 192.168.11.1 . She responds on ports 8080 (HTTP) and 443 (SSL). More on these later. She runs Linux on an ARM processor, an A8 I think.

2. Alexa runs Avahi to advertise over mDNS. It declares services on 9 (workstation), 22 (sftp), and 22 (ssh). None of these connect, though. šŸ™ But boy would it be fun to ssh into her!

3. Wireshark her: Among other places, she hits pins.amazon.com and pindorama.amazon.com, which have something to do with the web-based control websites. The remote control website, basically just a web-based version of the Echo app, is at echo.amazon.com . More on that later. ALL traffic is SSL encryped. I’ll be monitoring her long-term later on to see if she listens when she shouldn’t… šŸ™‚

Here’s a Wireshark capture file from Alexa starting up.

4. Fake the Echo app configuration process: This was fun until I realized Amazon has a great API for all of this. More on that later. But if I connect to the Amazon-DB1 wifi network in SetupĀ mode,Ā HTTP POST to port 8080 (Only POST is supported, no GET!), POST /OOBE HTTP/1.1 and then some Thrift JSON you can access all of the setup configuration. [0, 1:{“str”,”ping”}, 0, {}] or something like that.

5. Open her up! She’s sealed down tight, glued together on the bottom, so I don’t really want to do this, but I will. The source code shows that USB ports are being used for development.

6. The Linux source that’s used and modified on the Echo is all posted, as it should be, at Source Code NoticeĀ . It’s neat to see what tools they have running on Alexa. But of course they don’t post any Amazon code, which is where all of the real work is happening.

7. There is an API! SeeĀ http://echo.amazon.com/js/eb25f-app.min.jsĀ . Maybe it isn’t a public API, but it exists. I’m working on parsing it out (Visual Studio took like 2 minutes just to cleanup-refactor the javascript!) I hope to document the API as I go along here. Keep your eyes out for new posts. There’s a goldmine in that API. For example:

alpha: “projectdee-ui-dev-registration.aka.amazon.com”,
beta: “projectdee-ui-registration.aka.amazon.com”,
gamma: “projectdee-ui-gamma-registration.aka.amazon.com”,
“pre-prod”: “projectdee-ui-pre-prod-registration.aka.amazon.com”,
prod: “guipitan.amazon.com”

In general, it really looks like Alexa communications are sealed down tight via SSL. There’s a web API for monitoring her TO-DO list and grocery list and history and cards and etc. More on that later. But it really, truly seems that her brain is in the cloud, so I don’t think there is much available for hacking her program. My one hope is that the wake-up word “Alexa” or “Amazon” can be modified, because that HAS to be local, right? And if that can be hacked, maybe there’s some more local voice recognition that can be hacked.

We’ll see! Happy hacking! Post comments below and let me know what you’ve tried! I’ll update as I can.

8 thoughts on “Hacking Alexa, the new Amazon Echo

  1. So….I have ordered one, but it wont get here until May-July. I am also interested in hacking this puppy, specifically to change the wake name….in a nod to Star Trek, a simple “Computer” should activate it.
    Let me know if you make any progress on it.

    Thanks,

    Brent

  2. I had read that they would be adding more wake words down the line, not sure if you would be able to select your own but having more choices would be nice. I really, really want to be able to control my Philips Hue lights with her.

  3. Glad to see people smarter than me are going to be playing with this thing: I’d love for it to attract a homebrew community like the Wii or Kinect. Right now it’s just a fancy music player and alarm clock, but if I could plug it in to my calendar and voicemail and Twitter and RSS reader etc. etc. etc….

  4. Just letting you know they’ve added that, in case you didn’t notice.

  5. So any more news? I would like to issue remote commands — like have Alexa repeat a command out loud, so I can remote turn on my Xbox One (though that is already a possibility with Xbox Glass) or surprise someone at home. I would also like to configure some way to access Cortana type data — “Alexa, have Cortana schedule an appointment today at noon”.

  6. I just picke dup my set of Philips HUe lights last night adn set them up in less than 20 minutes. using them through the echo voice interface definitely has a small learning curve, but once you get the commands understood, she responds relatively well to vocal commands on light operations. I will have to admit though, with only having used this for voice activated light control, I have already noticed that the response (despite her acknowledging the command) isn’t 100%, probably closer to 75-80%.

  7. Awesome, have you considered a man in the middle attack using a DNS proxy? I’ve contacted Amazon about the Echo and tried to get them to give me the username/password to SSH at first they agreed and sent off an email (supposedly) but I’ve been unable to get a response since then from them. Worth a shot, wish they would let the owner use its hardware. I’m mostly interested in the hardware then the software and I’ve seen plenty of cool open source personal assistants out there.

Comments are closed.