Rooting the Coffee Machine

Eccellenza Touch Coffee Maker
Rooting the Coffee Machine

So you get a new coffee machine. It has network capabilities…. and It  has a USB port…
Obviously this means you should hack it.

The Process:
The steps we took sort of went like this.Go make cup of Coffee

  1. Notice login interface while making coffee.
  2. Google default account info and test. Sadly this worked
  3. Notice USB port and Network config
  4. Connect to Network (does not support WPA2 enterprise)

This is when things got fairly interesting. We wanted the coffee machine to be on our enterprise network but the network configuration interface does not allow for that. We looked up firmware updates to no avail but after emailing the support team we were sent a dropbox link to download the latest firmware.

The download was quite interesting. This one download pretty much allowed us to see exactly how the update process would function and what scripts would be ran and when during the boot process. This also contained an entire drive where we could find things such as the shadow file, or the ssh configuration.

Using nmap we did a scan on the device and what’d ya know. SSH is enabled, isn’t that lovely. After trying to bruteforce our way into the device via SSH and the root users hashed password found in the shadow file we were unsuccessful with many wordlists. Then we noticed the ssh/sshd.conf and how passwordauthentication was disabled; whoops. Decided this was the end of the road for this route and started to think of alternative routes.

We installed the firmware update without editing anything and noticed the glorious command line. Being as it is updating the system we assume it is running with root privileges. So we go ahead and edit the script. After the mounting process we want to stop the update and allow us to have a romantic getaway with the lovely command line via keyboard access using the USB port. Reading the code we find a good place to insert our code and we go ahead and insert 3 lines.

echo “Done hacking.”
finish_update 0

Now when we plug in the USB we will have root privileges on the command line. We are not done just yet as this is just the drive used for updating. We discovered many other drives on the device. With educational guess and check we were able to discover the main drive. We then mounted this drive to the tmp directory and chroot on over there. We are now root on the main drive and can simply go to /etc/ssh/sshd.conf and enable passwordauth and we are set to go. Before attempting to ssh into the device we ran “passwd “ with no parameter which seemed to set the password to nothing. While in this command line the input responses were not giving much information therefore we are not positive this command actually mattered.

Let us now sit back at our desk and ssh right into the coffee machine. There is plenty to explore in here and the possibilities of what you can do with this are endless. I recommend playing music through the coffees speakers and or playing a movie via the touch panel; but that’s just me.

4 thoughts on “Rooting the Coffee Machine

Add yours

  1. Where did you get the firmware from? I emailed VKI and they won’t send it to me! We bought the machine second hand and just want to update to the latest version.


    1. The firmware was given to me after emailing “” One of their techs replied as well as CC’ed another employee with a dropbox link. Unfortunately the file is no longer saved on my device and the dropbox link is no longer working.


    1. Unfortunately my internship at the company with the coffee machine came to an end soon after this post. Therefore, I didn’t play much with it after obtaining root access and testing some fun ideas. If there is anything you’d like to know in particular feel free to ask me.


Leave a Reply to CirclesWeRun Cancel reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Create a website or blog at

Up ↑

%d bloggers like this: