View Single Post
Old 05-11-2012, 10:11 AM   #226
VoxT3R
Member
VoxT3R began at the beginning.
 
Posts: 13
Karma: 10
Join Date: Oct 2011
Device: Kindle 2 US version
Question

Quote:
Originally Posted by ixtab View Post
I think I just found an alternative way of jailbreaking the device. I actually stumbled upon this while looking for a way to de-brick a KT which is not showing any UI, but is at least capable of booting up to the point of announcing itself as a USB device.

So here's how it goes:
- /etc/upstart/filesystems.conf contains a line to extract, and then delete, /mnt/us/data.tar.gz if present
- this file can be made to contain absolute path locations. ("tar cvfzP").
- This alone only allows us to write to whatever is already mounted read-write. But that includes, for example, "/var/local/system/locale".
- The locale file in turn is sourced from pretty much everywhere ("source /var/local/system/locale"), and can contain shell code.

I'm attaching a proof-of-concept exploit. *RENAME* RUNME.sh.txt to RUNME.sh, then just copy both files to /mnt/us (or even just into the root folder via USB drive). Then reboot. The result should be:
- Three new files in /mnt/us/, namely RUNME.{done,out,err}. For reasons completely obscure to me, sometimes the .out file stays empty, even though it shouldn't. May just be a FS syncing problem though. In any case, the actual execution DID take place in all cases (for me).
- For the proof-of-concept, a copy of /opt/amazon/ebook/config/locales/default.properties has been made as "jb.properties".

As said, this may not only be useful for jailbreaking, but also for de-bricking devices which don't properly get the UI running anymore. As long as USB drive access works, this method should also work. For a bricked device, the reboot is achieved by long-pressing (30 secs?) the power button.

Let me know if this is reproducible.

UPDATE: For newbies: This is NOT a jailbreak!. DO NOT USE THIS UNLESS YOU KNOW WHY AND HOW TO USE IT CORRECTLY!
Hi all.

Ive just got a Kindle Touch and wanted to use custom screensavers instead of the ad versions on the device.

I'm currently at work, and Im limited in time, and like a complete douche, I didn't fully read the info stating that the data.tar.gz file is not a jailbreak.

So what have I done... well, I copied the data.tar.gz (on its own) from the above post and rebooted the kindle. Now the kindle wont boot past the Kindle tree screen.

I know I should be hung, drawn and quartered for not reading the post, but could someone please help a novice like me restore my kindle into a working state and get it to boot up? I really ain't bothered about a custom screensaver hack anymore, I just need my kindle working.

Thanks in advance for any help offered guys,

VoxT3R

Last edited by VoxT3R; 05-11-2012 at 10:26 AM.
VoxT3R is offline   Reply With Quote