Thread: Kindle Touch 5.0 Jailbreak
View Single Post
Old 01-03-2013, 04:57 PM   #247
dlion
Junior Member
dlion began at the beginning.
 
Posts: 1
Karma: 10
Join Date: Jan 2013
Device: KT
data.tar.gz works
Quote:
Originally Posted by ixtab View Post
I think I just found an alternative way of jailbreaking the device. I actually stumbled upon this while looking for a way to de-brick a KT which is not showing any UI, but is at least capable of booting up to the point of announcing itself as a USB device.

So here's how it goes:
- /etc/upstart/filesystems.conf contains a line to extract, and then delete, /mnt/us/data.tar.gz if present
- this file can be made to contain absolute path locations. ("tar cvfzP").
- This alone only allows us to write to whatever is already mounted read-write. But that includes, for example, "/var/local/system/locale".
- The locale file in turn is sourced from pretty much everywhere ("source /var/local/system/locale"), and can contain shell code.

I'm attaching a proof-of-concept exploit. *RENAME* RUNME.sh.txt to RUNME.sh, then just copy both files to /mnt/us (or even just into the root folder via USB drive). Then reboot. The result should be:
- Three new files in /mnt/us/, namely RUNME.{done,out,err}. For reasons completely obscure to me, sometimes the .out file stays empty, even though it shouldn't. May just be a FS syncing problem though. In any case, the actual execution DID take place in all cases (for me).
- For the proof-of-concept, a copy of /opt/amazon/ebook/config/locales/default.properties has been made as "jb.properties".

As said, this may not only be useful for jailbreaking, but also for de-bricking devices which don't properly get the UI running anymore. As long as USB drive access works, this method should also work. For a bricked device, the reboot is achieved by long-pressing (30 secs?) the power button.

Let me know if this is reproducible.

UPDATE: For newbies: This is NOT a jailbreak! DO NOT USE THIS UNLESS YOU KNOW WHY AND HOW TO USE IT CORRECTLY!

IT'S ALIVE!!!!!!!!!!! TY,TY,TY

The data.tar.gz and runme.sh copy to KT root WORKED.
My KT was bricked after I tried to update with yifanlu's exploit more than a year ago. It's been a long wait for a working fix.
It was stuck at tree screen with no progress bar, but I could see the kindle drive in windows via usb.
So I tried the above copy to kindle fix, and the 30 second reboot. The KT reboot twice and then started normally. I was still registered.
I can't remember if I had books on it, but all it has now are the dics and U-G.
The OS is 5.0.4.

I now have 2 KT's because I got a replcmnt from AMZ (after a long talk with a tech).
Thanks a million.
dlion is offline   Reply With Quote