View Single Post
Old 10-08-2012, 06:43 PM   #1
Panopticon
Junior Member
Panopticon shines like a glazed doughnut.Panopticon shines like a glazed doughnut.Panopticon shines like a glazed doughnut.Panopticon shines like a glazed doughnut.Panopticon shines like a glazed doughnut.Panopticon shines like a glazed doughnut.Panopticon shines like a glazed doughnut.Panopticon shines like a glazed doughnut.Panopticon shines like a glazed doughnut.Panopticon shines like a glazed doughnut.Panopticon shines like a glazed doughnut.
 
Posts: 7
Karma: 8816
Join Date: Oct 2012
Device: Kindle Paperwhite
Post Fake-register your Paperwhite 5.2.x to use collections and other blocked features

Amazon needlessly limits the functionality of your unregistered Kindle Paperwhite, such as disabling the Collections and Wikipedia widget features.

To unlock all of your Kindle's functionality you either have to register (and grant them access to juicy analytics) or trick the Kindle into thinking it's registered.

The following process is only for developers who are comfortable with SSH, SCP, and the possibility of bricking their devices. Someone better than myself can make this into a more streamlined process. I've only done this on my own Kindle Paperwhite Wi-Fi running 5.2.0 (1729740065).

Overview:
Like previous versions, the /var/local/java/prefs/reginfo file must be populated with your account credentials. This file can be created locally and sent to your Kindle via SSH/scp.

Unlike previous versions Amazon will remotely unregister your Kindle whenever it phones home, which happens periodically and whenever you connect to Wi-Fi. To prevent this I've added iptables rules that run as soon as an interface is brought up. Note that I've created a blacklist of individual IPs...I currently believe that this list isn't comprehensive, and more work needs to be done by developers to add to it or create a more robust solution.

Procedure:

Update:
Twobob and knc1 replied with some excellent comments on this procedure. Notably the individual IP addresses can be replaced with ranges of IPs, which will all but guarantee the device will never communicate with Amazon's update servers, and there's an existing iptables configuration file that can be used as the target for iptables-save.


I've updated the relevant steps to include these better procedures.

0. Pray to your personal God that you don't create a foolish iptables rule that locks you out of USB networking.

1. Jailbreak

2. Enable USB networking and set your SSH password

3. Go into airplane mode

4. Plug in USB and connect. You'll have to set your IP address to something in the 192.168.15.x range (not 254)

5. Create a reginfo file on your local computer that fits the following template:

Code:
#Tue Oct 09 08:30:44 GMT+12:56 2012
givenName=NAME
deviceName=NAME's Kindle
userName=RANDOM NAME
deviceEmailAddress=FAKE@EMAIL.com
6. Push this to your device over scp. The destination directory is /var/local/java/prefs/

Code:
scp reginfo root@192.168.15.254:/var/local/java/prefs/
You must also prevent your Kindle from deleting this file! (It loves to delete the fake registration information whenever it can.)

In the SSH session, run:

Code:
chmod 444 /var/local/java/prefs/reginfo
chown root:root /var/local/java/prefs/reginfo
chattr +i /var/local/java/prefs/reginfo
The chattr sets a flag that marks the file as immutable...it cannot be changed unless you run chattr -i.


7. Reboot and verify that your Kindle thinks it's registered. Don't proceed if this step doesn't work.

It's now necessary to prevent your Kindle from phoning home with Amazon's servers.

Deprecated instructions:
Spoiler:
I've determined these IPs by letting my Kindle sync and then checking its active connections...As such, I can guarantee that this isn't an inclusive list and it's probably dependent on your locale. Thus your Kindle may still spontaneously de-register until developers have fully populated this list of Amazon servers. (Alternatively, maybe we can figure out a domain to block.)


8. Enable USB networking again and SSH into the device

9. Start adding iptables rules in the shell. If at this point you totally screw up, you can reboot and your changes won't be saved.

iptables -I inserts a rule and iptables -D deletes one.

Code:
iptables -I OUTPUT -m iprange --dst-range 23.0.0.0-23.15.255.255 -j DROP
iptables -I OUTPUT -m iprange --dst-range 50.16.0.0-56.19.255.255 -j DROP
iptables -I OUTPUT -m iprange --dst-range 72.21.192.0-72.21.223.255 -j DROP
iptables -I OUTPUT -m iprange --dst-range 107.20.0.0-107.23.255.255 -j DROP
iptables -I OUTPUT -m iprange --dst-range 184.72.0-184.75.255.255 -j DROP
iptables -I OUTPUT -m iprange --dst-range 204.246.160.0-204.246.191.255 -j DROP
iptables -I OUTPUT -m iprange --dst-range 205.251.192.0-205.251.255.255 -j DROP
iptables -I OUTPUT -m iprange --dst-range 207.171.160.0-207.171.191.255 -j DROP
Thanks to knc1 and Twobob for the IP address ranges!

Deprecated instructions:
Spoiler:

Code:
iptables -I OUTPUT -d 72.21.194.114 -j DROP
iptables -I OUTPUT -d 72.21.203.200 -j DROP
iptables -I OUTPUT -d 72.21.211.191 -j DROP
iptables -I OUTPUT -d 72.21.214.149 -j DROP
iptables -I OUTPUT -d 72.21.214.150 -j DROP
iptables -I OUTPUT -d 72.21.215.58 -j DROP


These commands instruct your Kindle's firewall to silently drop all outbound requests to those destinations. Again, there may be other Amazon auth servers that will have to be discovered via trial and error.

10. Run iptables -L and verify that these entries exist. Run something like

iptables -D OUTPUT -m iprange --dst-range 207.171.160.1-207.171.191.254 -j DROP

Deprecated instructions:
Spoiler:

iptables -D OUTPUT -d 72.21.194.114 -j DROP


if you want to remove a rule.

11. In the SSH session run iptables-save (first by itself to verify that it spits out a list of rules) then run:

Code:
iptables-save > /etc/sysconfig/iptables
This produces a file that contains the current state of your firewall, and it will be automatically loaded.

Deprecated instructions:
Spoiler:

Code:
iptables-save > /etc/iptables.conf
This produces a file that contains the current state of your firewall, and can be loaded to restore this state.

We're going to instruct the Kindle to load these rules whenever it connects to a network.

12. Set the permissions on that file by running these commands in your SSH shell:

Code:
chmod 644 /etc/iptables.conf
chown root:root /etc/iptables.conf
13. Create a local file called iptables:

Code:
#!/bin/sh
         
# Note: if bad rules are inadvertently (or purposely) saved it could block
# access to the server except via a local shell.               
                            
# Paths verified only on Kindle 5.2.0			                               
RESTORE=/usr/sbin/iptables-restore                         
STAT=/bin/stat                    
IPSTATE=/etc/iptables.conf
                          
test -x $RESTORE || exit 0
test -x $STAT || exit 0   
                       
# Check permissions and ownership (rw------- for root)
if test `$STAT --format="%a" $IPSTATE` -ne "600"; then
  echo "Permissions for $IPSTATE must be 600 (rw-------)"
  exit 0                                                 
fi      
  
# Since only the owner can read/write to the file, we can trust that it is
# secure. We need not worry about group permissions since they should be  
# zeroed per our previous check; but we must make sure root owns it.    
if test `$STAT --format="%u" $IPSTATE` -ne "0"; then                
  echo "The superuser must have ownership for $IPSTATE (uid 0)"
  exit 0                                                       
fi      
  
# Now we are ready to restore the tables
$RESTORE < $IPSTATE
14. On your local machine, use scp to push this file to the Kindle, in the directory /etc/network/if-pre-up.d/iptables:

Code:
scp iptables root@192.168.15.244:/etc/network/if-pre-up.d/
The scripts inside that directory are run whenever an interface is activated. Thus your "iptables" script will be executed automatically, and your firewall will revert to the state you've saved in /etc/iptables.conf.

Thus, you can see that if you want to make future changes to your firewall, you must update the iptables.conf file using
Code:
iptables-save > /etc/iptables.conf
15. In your SSH session, set the permissions on the iptables file:

Code:
chmod 755 /etc/network/if-pre-up.d/iptables
chown root:root /etc/network/if-pre-up.d/iptables


16. Finally, turn airplane mode off and connect to a WiFi network.

17. Verify that your Kindle still appears to be registered. If step 7 worked but your Kindle has now de-registered, it's because it's chosen a new Amazon auth server. If you wish to help this hack you may now:

a. Run
Code:
netstat -n
in your SSH session. Find any "ESTABLISHED" connections to suspicious-looking IPs.

b. Block these IP addresses with iptables. If all is well (you didn't lock yourself out) update your saved firewall rules.

c. Reboot. If it worked, please post the IP address(es) you added here!

Your Kindle now believes it's registered, and it's prevented from discovering the truth thanks to the Kindle's firewall.

Last edited by Panopticon; 10-08-2012 at 10:26 PM.
Panopticon is offline   Reply With Quote