How to read your ebooks without bullshit

My notes on setting up a Kobo Libra 2 ereader for reading sideloaded files without online tracking.

I'm not sure as to the extent to which this works for other Kobo ereaders; I know the Clara BW doesn't support bypassing sign-on altogether, you need to use a throwaway account on setup in order to enable sideload mode. Preventing the firmware from spying on you is probably the same for all Kobo ereaders (provided they support sideloading update tarballs) however I haven't tested this and YMMV.

Bypassing sign-on

  1. Select your language and let the cursed thing update itself. It's possible that future updates may make this hack impossible, though fortunately it's easy to downgrade the firmware as long as you're able to mount the ereader user's home directory.
  2. Instead of signing in over wifi, select "Don't have a Wi Fi network?" and plug your ereader into a computer. You should now see a drive with label KOBOeReader; mount it.
  3. Edit .kobo/Kobo/Kobo eReader.conf; in the [ApplicationPreferences] section, set SideloadedMode=true — careful, it's case sensitive!
  4. Write the config file, unmount the drive, and reboot the ereader. You should now have bypassed sign-in.

Neutering the spyware

The Kobo firmware sends tracking information to Google Analytics, which can be disabled by null-routing the relevant domains in the firmware's /etc/hosts. Unfortunately, we're not given root access by default so there's no easy way to edit this file on-device; we must sideload an update with the hosts file modified in the rootfs tarball.

Kobo firmware update files may be downloaded using this Kobo Firmware Downloads tool. Note that the zip files come directly from ereaderfiles.kobo.com, this isn't some sketchy shareware site. In my case I have a Kobo Libra 2 running the latest firmware version 4.38.23171. For the sake of simplicity I recommend downloading the exact version you're running — however in the future if Kobo introduces more malware into their firmware this recommendation may change and you may be better off downgrading to a known-good version like the one I'm currently running. 

unzip kobo-update-VERSION.zip -d kobo-update
mkdir kobo-update/koboroot
sudo tar xzvpf kobo-update/KoboRoot.tgz -C kobo-update/koboroot

Here we're running tar as root in order to preserve user and group metadata and editing the hosts file with sudo tee in order to ensure that it's owned by root. 

echo '127.0.0.1 www.google-analytics.com ssl.google-analytics.com google-analytics.com' \
	| sudo tee -a kobo-update/koboroot/etc/hosts >/dev/null

This is the bare minimum to disable google analytics; for good measure you could also block all Kobo domains and use your favorite blocklist of advertising, tracking, and malware domains. Here I'm just importing Peter Lowe’s Ad and tracking server list and Dan Pollock's hosts file (both used by uBlock Origin) just in case I ever want to browse the web on this thing. 

curl 'https://pgl.yoyo.org/as/serverlist.php?hostformat=hosts&mimetype=plaintext' \
	| sudo tee -a kobo-update/koboroot/etc/hosts >/dev/null
curl https://someonewhocares.org/hosts/hosts \
	| sudo tee -a kobo-update/koboroot/etc/hosts >/dev/null

Now to package the rootfs back up into a tarball: 

sudo tar czvf - -C kobo-update/koboroot . > kobo-update/new.tgz

For paranoia's sake, verify that the new tarball is identical to the old one sans-hosts file before overwriting it: 

diff <(less kobo-update/KoboRoot.tgz | sed 's/staff/50/;s/build/3018/g' | tr -s '[:space:]' | sort) \
	<(less kobo-update/new.tgz | tr -s '[:space:]' | sort)

Assuming the diff gave the expected result, we can now delete the working files. 

mv kobo-update/new.tgz kobo-update/KoboRoot.tgz
sudo rm -rf kobo-update/koboroot

Finally, copy the contents of the kobo-update directory into the .kobo directory on your ereader, dismount the filesystem, and reboot. The custom update should then be applied.

Installing koreader

The stock firmware's UI looks pretty but its functionality is pretty limited and it doesn't let you organize your books and whatnot into directories (pretty important when you have over a thousand files on the thing!), so I'm installing koreader:

  1. Download the KFmon release and unzip it into the ereader's home directory.
  2. Download the appropriate KOReader release version for your device and unzip it into the .adds subdirectory on your ereader.
  3. Dismount and reboot!

The stock firmware has no qualms about polluting the book listing by indexing into hidden directories, this can be fixed by editing .kobo/Kobo/Kobo eReader.conf. Personally, I don't want the stock firmware indexing my files either, so I extended the regex to ignore anything in the "personal" directory. 

[FeatureSettings]
ExcludeSyncFolders=(\\.(?!kobo|adobe).+|([^.][^/]*/)+\\..+|personal)

Page last modified on 2025-01-18 Sat 21:51 This site made with <3 in GNU Emacs