View Single Post
Old 05-27-2012, 07:27 PM   #16
geekmaster
Всё гениальное просто.
geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.
 
geekmaster's Avatar
 
Posts: 5,070
Karma: 6789001
Join Date: Nov 2011
Location: Щедрость не имеет пределов.
Device: *.*
Quote:
Originally Posted by NiLuJe View Post
Am I the only one that finds this somewhat funny?

Anyway, good job!
It is very funny, until amazon gets a big 3G bill for a 3G botnet installed on kindles that visited an infected web page when connected using wifi.

Unless amazon patched it in 5.1.0, you could previously visit any web page over 3G by clicking a link to google on a facebook "desktop site" page, from social networking. There was a youtube video showing this but google seems to not be finding it now.

Aha... found it. This worked on stock firmware, no jailbreak, no hacks. It seems that accessing the web with the social network "browser" uses a relaxed rule set. I see that the video says that it is also for 5.1.0. This new updated video was just posted 2 weeks ago. I am sure that I first saw this long before 5.1.0 was around. The old one showed a closeup of the 3G connection. This one cheats and uses wifi, but he SAYS it also works on 3G. The old video SHOWED a 3G demo. I wonder if the old video is still out there,,,


Of course, this is complicated enough to be only useful in a real emergency, or by an automated tool such as a botnet might use.

Also, after the gaping security hole announced in this thread, it may be worth looking for more security screw-ups that they added to this firmware version. Perhaps we can get root shell from the search bar now by escalating a framework shell? (FYI I used a netcat reverse shell started from the home page search bar when I was trying to get root on 5.0.0, running as user "framework", back before the MP3 jailbreak).

Note to amazon staff: We want root access so we can add fun things to our kindles, such as these:
geekmaster kindle video player: http://www.mobileread.com/forums/sho...d.php?t=177455
[Kindle Touch] xterm & matchbox-keyboard: http://www.mobileread.com/forums/sho...d.php?t=179286
newtrix - geekmaster's new tricks: http://www.mobileread.com/forums/sho...d.php?t=176802
But ESPECIALLY so we can continue to help debrick kindles for people who found us AFTER your firmware updates bricked their unmodified kindle. Please continue to add features and fix bugs (instead of adding new bugs like 5.1.0 did, which bricked a lot of kindles). But while you are making things BETTER, do not lock us out! Adding obfuscation to the java code in 5.1.0 is very annoying but does not really slow anybody down. Please stop doing that crap, okay?

Last edited by geekmaster; 05-27-2012 at 11:14 PM.
geekmaster is offline   Reply With Quote