Skip to content

rsync for the Kobo

I've recently got an ebook reader - I decided to take a Kobo for a number of ressons:
  • pretty cheap
  • easily hackable (and it seems that they understand Open Source - Most of the software for their devices is on github - )
  • no hard vendor lock-in (Well, they do have their kobo-store, but you are not forced to use it.)
First a Warning: Hacking the firmware of embedded devices always includes the risk to break the device. And it may void Warranty. If you can't live with that risk don't do it!
And always backup all your data first! If you screw something up you will need to do a factory reset - and this will wipe all data. Why rsync? For backups - my tool of choice is dirvish. Of course I could connect the Kobo via USB, mount it and do the backup from there, but I prefer the direct way. And I can do a full system backup, not only the data.

Step 1) Getting a root Shell

The Kobo runs on Linux with busybox, so it has a telnet server already installed but not activated. So we don't need additional software for this step, we just need to change a few config files. To do this the update system can be misused - it's pretty simple: Connect via USB and put a KoboRoot.tgz into the .kobo folder. This file will then be extracted to / - without any kind signature checks or similar. Easy to use, but also easy to break stuff.
Some tutorials I found recommend to do a factory reset first, I did not and it just worked fine. The hardest part is to find the download Url of the firmware package. You could try to run an update on your Kobo and sniff the network or use the (Win only) setup software and have a look what it downloads. Or just trust other people who have already collected the urls - like in this thread @ Unzip that and you will find KoboRoot.tgz besides other stuff we don't need now. From the tar we just need a few files:
tar -xvzf ../KoboRoot.tgz ./etc/init.d/rcS ./etc/inetd.conf ./etc/inittab
In the Package for my device there is no /etc/inittab included, so I had to trust the files I found in the net. Get inetd to listen on port 23 and run telnet - add to etc/inetd.conf:
23 stream tcp nowait root /bin/busybox telnetd -i
The standard firmware does not mount /dev/pts which is necessary for telnet. I added to etc/init.d/rcS just below the other mount-lines:
mkdir -p /dev/pts
mount -t devpts devpts /dev/pts
And finally we need to make sure inetd gets started. Add to etc/inittab:
::respawn:/usr/sbin/inetd -f /etc/inetd.conf
or like I did just create the etc/inittab
::respawn:/sbin/getty -L ttymxc0 115200 vt100
::shutdown:/bin/umount -a -r
::respawn:/usr/sbin/inetd -f /etc/inetd.conf
Tar this into a KoboRoot.tgz and put the file into .kobo on your device. After disconnecting USB it will install it and reboot. Turn on Wifi in the settings and start the Browser (it enables Wifi only on demand, starting the browser makes sure it really does) and you should be able to connect via telnet as root without password. The kobo is wide open now, do this only in a secure network.

Step 2) install the dropbear ssh server

So far I'm too lazy to set up a build environment for the Kobo, so I'm using binaries from the debian armhf port. After reading tjms comment I started with Maemo binaries. While they do work for dropbear they fail with rsync, more about that later. Download the deb from, unpack it and create a Kobo update package:
mkdir d
cd d
ar x ../dropbear*.deb data.tar.gz
tar xzf data.tar.gz
tar -cvzf ../KoboRoot.tgz usr/{bin,lib,sbin}
Copy the KoboRoot.tgz into .kobo of the reader and let it install and reboot again. Then connect via telnet to set it up:
# add the private key(s) for the box(es) you want to connect from
mkdir -p /root/.ssh
echo "your key" >> /root/.ssh/authorized_keys

# create host key
mkdir -p /etc/dropbear
cd /etc/dropbear
test -f rsa_host_key || dropbearkey -t rsa -f rsa_host_key
test -f dss_host_key || dropbearkey -t dss -f dss_host_key

# dropbear complains if this is not present
touch /var/log/lastlog

# edit /etc/passwd
vi /etc/passwd
Here we need to disable the login without password and change root's home directory from / to /root.
You could also set a password for root, but for me it's fine to have pubkey access only. In the passwd file there is a second root user "admin" with password "admin". I don't know yet if it's used for something and if it's safe to delete it. Now we can try dropbear:
/usr/sbin/dropbear -d /etc/dropbear/dss_host_key -r /etc/dropbear/rsa_host_key -F -s -E
Try to login via ssh. Maybe there are some permissions to change. If this is successful add dropbear to /etc/inittab:
::respawn:/usr/sbin/dropbear -d /etc/dropbear/dss_host_key -r /etc/dropbear/rsa_host_key -F -s
and remove the previously added line for inetd (telnet).

Step 3) rsync

This took me a while since I started with Maemo packages - rsync just did exit 1 without any further notice, strace and LD_DEBUG did not really help, finally derRichard pointed me to the right direction: The Kobo uses EABI5, Maemo EABI4, so everything that needs additional shared libraries will fail. Download rsync and libpopt from and This time no more need to use the Kobo updater, i just scp it to the device:
ar x rsync_*.deb data.tar.gz
mkdir rsync
cd rsync
tar -xvzf ../data.tar.gz
scp usr/bin/rsync root@kobo:/usr/bin/
cd ..
ar x libpopt0_*.deb data.tar.gz
mkdir libpopt
cd libpopt
tar -xvzf ../data.tar.gz
scp scp lib/ root@kobo:/lib/
and on the Kobo:
cd /lib
ln -s
and rsync works:
[root@(none) ~]# rsync --version 
rsync  version 3.0.9  protocol version 30
Copyright (C) 1996-2011 by Andrew Tridgell, Wayne Davison, and others.
Web site:
    64-bit files, 64-bit inums, 32-bit timestamps, 64-bit long ints,
    socketpairs, hardlinks, symlinks, IPv6, batchfiles, inplace,
    append, ACLs, xattrs, iconv, symtimes

rsync comes with ABSOLUTELY NO WARRANTY.  This is free software, and you
are welcome to redistribute it under certain conditions.  See the GNU
General Public Licence for details.
some Kobo hacking resources: