View Single Post
Old 10-25-2011, 05:43 PM   #51
yifanlu
Kindle Dissector
yifanlu can program the VCR without an owner's manual.yifanlu can program the VCR without an owner's manual.yifanlu can program the VCR without an owner's manual.yifanlu can program the VCR without an owner's manual.yifanlu can program the VCR without an owner's manual.yifanlu can program the VCR without an owner's manual.yifanlu can program the VCR without an owner's manual.yifanlu can program the VCR without an owner's manual.yifanlu can program the VCR without an owner's manual.yifanlu can program the VCR without an owner's manual.yifanlu can program the VCR without an owner's manual.
 
Posts: 662
Karma: 170717
Join Date: Jul 2010
Device: Amazon Kindle 3
Quote:
Originally Posted by Matan View Post
The kindle browser is using a very old webkit. Perhaps there is a known exploit that works? It runs as root, so even reading or writing a local file should be enough:

http://www.metasploit.com/modules/au...t_xslt_dropper


This is not an easy option, but the iMX50x SoCs have two external boot mode signals that control the boot process, allowing for download and execution a program from the USB port. This will allow you to run a non crippled uboot.

http://cache.freescale.com/files/32b...=Documentation
Thanks for the advice. My main concern right now is finding out how the signature checks for the updater works. If that's secure, we should try another avenue of getting in. It seems like after, what, 4 years of exploiting the updater script. It may have lived it's days.

Last edited by yifanlu; 10-25-2011 at 06:22 PM.
yifanlu is offline   Reply With Quote