View Single Post
Old 01-20-2012, 10:14 AM   #396
geekmaster
Всё гениальное просто.
geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.
 
geekmaster's Avatar
 
Posts: 5,069
Karma: 6789001
Join Date: Nov 2011
Location: Щедрость не имеет пределов.
Device: *.*
The new kindles have basic security flaws that were fixed long ago on other devices.

One exploit already published here allows native code execution from inside HTML, used by the yinfalu's MP3 jailbreak. This has been fixed in the latest kindle touch firmware update.

Another exploit is the tar root path bug published here, used by ixtar's data.tar.gz jailbreak. This method inspired me to search for and find another related exploit that may survive a firmware update that breaks ixtar's method, and which works on both the kindle touch and the k4nt.

I decided to try something I previously used in 2005 to inject and execute code in WRT54G routers with no firmware modifications, and this exploit works on both the kindle touch and the k4nt. My "new" method does not require any assistance from a host PC after the exploit package is put onto the kindle USB drive. It does not use data.tar.gz. It does not use MP3 files. It does not require any typing at an onscreen keyboard. It uses "something else".

My new jailbreak is not much more complicated to activate than the MP3 method. It requires a reboot followed by a 3-level deep menu selection.

Last edited by geekmaster; 01-20-2012 at 11:25 AM.
geekmaster is offline   Reply With Quote