💾 Archived View for uscoffings.net › tech › embedded › kobo-touch › analytics.gmi captured on 2024-06-19 at 22:51:37. Gemini links have been rewritten to link to archived content

-=-=-=-=-=-=-

Disabling Google Analytics on the Kobo Touch

[date: 2017]

While digging into the Kobo Touch, I discovered that it posts stats back via Google Analytics, and naive attempts to block these posts result in the statistics getting queued indefinitely in a config file. This file will grow without bound and be updated repeatedly in flash. Not ideal in an embedded environment.

The pending statistics are stored in `/mnt/onboard/.kobo/Kobo/Kobo eReader.conf` under the `GAQueue` label. It would be most ideal to not collect such statistics in the first place.

Disabling GAQueue

Since the Google Analytics variable is named GAQueue, perhaps functions are named similarly. Let's look for GA...

$ arm-2010q1/bin/arm-linux-objdump  -T ~/libnickel.so.1.0.0 | c++filt | grep GA
...
008e24ac g    DF .text  000004d4  Base        EventEngine::fireGAEvent(GAEventType const&, QMap<QString, QVariant>)

fireGAEvent sounds promising. Disassemble some, so I know the bytes that start this function, to be used as a landmark:

$ arm-2010q1/bin/arm-linux-objdump  -d ~/libnickel.so.1.0.0 | less
...
008e24ac <_ZN11EventEngine11fireGAEventERK11GAEventType4QMapI7QString8QVariantE>:
  8e24ac:       e92d4ff0        push    {r4, r5, r6, r7, r8, r9, sl, fp, lr}
  8e24b0:       e59f44b8        ldr     r4, [pc, #1208] ; 8e2970 <_ZN11EventEngine11fireGAEventERK11GAEventType4QMapI7QString8QVariantE+0x4c4>
  8e24b4:       e59f54b8        ldr     r5, [pc, #1208] ; 8e2974 <_ZN11EventEngine11fireGAEventERK11GAEventType4QMapI7QString8QVariantE+0x4c8>
...

Now fire up the binary editor, and go to offset 0x8e24ac.

008E24AC  F0 4F 2D E9 B8 44 9F E5 B8 54 9F E5 04 40 8F E0 05 30 94 E7 .O-..D...T...@...0..
008E24C0  B0 64 9F E5 3C D0 4D E2 02 70 A0 E1 03 50 A0 E1 0C 00 8D E5 .d..<.M..p...P......

Yes, that looks correct. Remember, the Kobo runs the ARM in little endian mode, so 0xe92d4ff0 is stored in memory backwards. To return from a function, do `bx lr`:

e12fff1e        bx      lr

So change the prior dump to:

008E24AC  1E FF 2F E1 B8 44 9F E5 B8 54 9F E5 04 40 8F E0 05 30 94 E7 ../..D...T...@...0..
008E24C0  B0 64 9F E5 3C D0 4D E2 02 70 A0 E1 03 50 A0 E1 0C 00 8D E5 .d..<.M..p...P......

Save, upload, reboot, and enjoy no overflowing GAQueue variables.