Thread: [Progress] Jailbreaking Kindle 4.0 (Touch/No Keyboard)
View Single Post
Old 11-12-2011, 11:56 PM   #62
yifanlu
Kindle Dissector
yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.
 
Posts: 662
Karma: 475607
Join Date: Jul 2010
Device: Amazon Kindle 3
Also, here's a webkit code execution exploit that works on the Kindle 4.

http://imthezuk.blogspot.com/2010/11...fter-free.html
http://trac.webkit.org/changeset/64706

However, the POC linked above is designed for Android 2.1 and just does a DoS on the Kindle 3/4. When I have time, I'll play around with it to see if I can get the pointer right.

The shell code for above tries to call /system/bin/sh while Kindle uses /bin/sh, so the shell code needs to change too. Also, the current shell code tries to open a reverse shell. When testing it out to see if it works, on your computer, do "nc -l 12345". Set your computer's ip and port in hex in the HTML file, ln -sf /bin/sh /system/bin/sh, and load it with your Kindle. Then mess with the pointer found in the NaN() until you can type in shell commands on your computer and it loads on the Kindle (no output though). If THAT works, then I can modify the shell code to jailbreak. Have fun.
yifanlu is offline   Reply With Quote