Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > E-Book Readers > Amazon Kindle > Kindle Developer's Corner

Notices

Reply
 
Thread Tools Search this Thread
Old 04-12-2012, 09:34 PM   #1
ixtab
(offline)
ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.
 
ixtab's Avatar
 
Posts: 2,903
Karma: 6677559
Join Date: Dec 2011
Device: K3, K4, K5, KPW, KPW2
[Kindle Touch] Firmware 5.1.0 and jailbreak

The data.tar.gz exploit has been fixed with FW 5.1.0.

The only relatively easy remaining jailbreak method is Method 3 from http://yifan.lu/p/kindle-touch-jailbreak/ .

However, at least if the mmcblk0p2_ssh.img diags partition is installed, this method fails at the last step. I.e.: the actual payload gets installed on the main partition, but exiting diags mode is impossible. It yields an error about some xml file missing every time (I don't remember the exact file name, but it's something like diags_info.xml or so). The only way to get out of diags mode is to ssh into it (assuming that it actually *is* an SSH-enabled diags partition!), and to issue "idme -d --bootmode main; reboot".

Can anybody confirm this? If so, is anybody willing to take a look at this, possibly coming up with a revised (probably even final) version of the jailbreak?

Last edited by ixtab; 04-12-2012 at 09:38 PM.
ixtab is offline   Reply With Quote
Old 04-12-2012, 10:09 PM   #2
geekmaster
Всё гениальное просто.
geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.
 
geekmaster's Avatar
 
Posts: 5,070
Karma: 6789001
Join Date: Nov 2011
Location: Щедрость не имеет пределов.
Device: *.*
Quote:
Originally Posted by ixtab View Post
The data.tar.gz exploit has been fixed with FW 5.1.0.
I have another method that uses an unescaped user input bug in the diags menu, to run a runme.sh and install diags ssh with no flashing needed. I was saving it for when data.tar.gz no longer works. Do we need it now?

That diags_ssh came from dasmoover, and I added the ssh files to it. Perhaps we should build a new one from a "factory original" diags partition? Does somebody have one they can PM me a link to? Perhaps it is a version mismatch between the diags kernel and partition.

I will put ssh in the good one...

EDIT: Perhaps I should include my touchscreen onscreen keyboard and console in the new jailbreak? And GUI buttons and stuff. (No custom code -- only sh script that uses a few built-ins)...

Last edited by geekmaster; 04-12-2012 at 10:17 PM.
geekmaster is offline   Reply With Quote
Old 04-13-2012, 03:12 AM   #3
seaniko7
wannabe developer
seaniko7 can grok the meaning of the universe.seaniko7 can grok the meaning of the universe.seaniko7 can grok the meaning of the universe.seaniko7 can grok the meaning of the universe.seaniko7 can grok the meaning of the universe.seaniko7 can grok the meaning of the universe.seaniko7 can grok the meaning of the universe.seaniko7 can grok the meaning of the universe.seaniko7 can grok the meaning of the universe.seaniko7 can grok the meaning of the universe.seaniko7 can grok the meaning of the universe.
 
seaniko7's Avatar
 
Posts: 181
Karma: 156548
Join Date: Mar 2011
Device: Kindle: 2xKeyboard, Classic, 2xTouch, 2xPW, PW2; Onyx: Boox M92
Wouldn't it be easier to modify 5.1 update. We could include older busybox, userstore files from /etc, remove sanity checks and sign it with jailbreak key...

Btw, lab126 has implemented ARM NEON in kernel, which speeds up e-ink display a little.
seaniko7 is offline   Reply With Quote
Old 04-13-2012, 04:47 AM   #4
geekmaster
Всё гениальное просто.
geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.
 
geekmaster's Avatar
 
Posts: 5,070
Karma: 6789001
Join Date: Nov 2011
Location: Щедрость не имеет пределов.
Device: *.*
Quote:
Originally Posted by seaniko7 View Post
Wouldn't it be easier to modify 5.1 update. We could include older busybox, userstore files from /etc, remove sanity checks and sign it with jailbreak key...

Btw, lab126 has implemented ARM NEON in kernel, which speeds up e-ink display a little.
Okay then, I need a 5.1 diags partition image to add SSH to it... Anybody got one for me?
geekmaster is offline   Reply With Quote
Old 04-13-2012, 07:59 AM   #5
geekmaster
Всё гениальное просто.
geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.
 
geekmaster's Avatar
 
Posts: 5,070
Karma: 6789001
Join Date: Nov 2011
Location: Щедрость не имеет пределов.
Device: *.*
I am cleaning up my onscreen keyboard and console shell, to use with my jailbreak that *should* probably work with the new firmware. But... I *need* a new diags partition image to test it. It exploits a bug in the diags menu. I need to see if it still works before I release it to a flood of complaints if it was fixed.

Could somebody please supply me with a link to a compressed (.zip or .gz is fine) mmbclk0p2.img for 5.1.0? Put it on mediafire or wherever... Thanks.

I will release my new jailbreak AFTER I test it on a 5.1.0 diags partition...

Do I *really* need to start a NEW thread for this request to get noticed by somebody who will take the time and effort to do this for me?

geekmaster is offline   Reply With Quote
Old 04-13-2012, 08:07 AM   #6
ixtab
(offline)
ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.
 
ixtab's Avatar
 
Posts: 2,903
Karma: 6677559
Join Date: Dec 2011
Device: K3, K4, K5, KPW, KPW2
I'm pretty sure that the update does not change the diags partition. At least, after reverting to 5.0.0, then updating to 5.1.0 using this method, SSH was still available on the diags partition.

There might have been some file updates though. If noone else does it till then, I'll send you a dump when I get back home (still some 6-8h to go).
ixtab is offline   Reply With Quote
Old 04-13-2012, 08:17 AM   #7
wolftail
Connoisseur
wolftail will blow your mind, man!wolftail will blow your mind, man!wolftail will blow your mind, man!wolftail will blow your mind, man!wolftail will blow your mind, man!wolftail will blow your mind, man!wolftail will blow your mind, man!wolftail will blow your mind, man!wolftail will blow your mind, man!wolftail will blow your mind, man!wolftail will blow your mind, man!
 
wolftail's Avatar
 
Posts: 59
Karma: 57554
Join Date: Jan 2012
Location: Romania
Device: Kindle Touch
Lightbulb

Quote:
Originally Posted by ixtab View Post
However, at least if the mmcblk0p2_ssh.img diags partition is installed, this method fails at the last step. I.e.: the actual payload gets installed on the main partition, but exiting diags mode is impossible. It yields an error about some xml file missing every time (I don't remember the exact file name, but it's something like diags_info.xml or so). The only way to get out of diags mode is to ssh into it (assuming that it actually *is* an SSH-enabled diags partition!), and to issue "idme -d --bootmode main; reboot".

Can anybody confirm this? If so, is anybody willing to take a look at this, possibly coming up with a revised (probably even final) version of the jailbreak?
After doing some of the tests in diagnostics, the file is created. I don't remember exactly which tests but I was able to exit. (This has also happened to me some time ago when I played with the diags the first time after getting my Kindle.)
PS: I have successfully jailbroken my 5.1 Kindle. Thanks!

Last edited by wolftail; 04-13-2012 at 08:21 AM.
wolftail is offline   Reply With Quote
Old 04-13-2012, 08:19 AM   #8
thomass
Wizard
thomass ought to be getting tired of karma fortunes by now.thomass ought to be getting tired of karma fortunes by now.thomass ought to be getting tired of karma fortunes by now.thomass ought to be getting tired of karma fortunes by now.thomass ought to be getting tired of karma fortunes by now.thomass ought to be getting tired of karma fortunes by now.thomass ought to be getting tired of karma fortunes by now.thomass ought to be getting tired of karma fortunes by now.thomass ought to be getting tired of karma fortunes by now.thomass ought to be getting tired of karma fortunes by now.thomass ought to be getting tired of karma fortunes by now.
 
Posts: 1,643
Karma: 1928003
Join Date: Mar 2011
Location: Türkiye
Device: Kindle 5.3.7
Quote:
Originally Posted by geekmaster View Post
Could somebody please supply me with a link to a compressed (.zip or .gz is fine) mmbclk0p2.img for 5.1.0? Put it on mediafire or wherever... Thanks.
Ok, I'm here
Just created one and uploading to dropbox. However my internet is really slow.
thomass is offline   Reply With Quote
Old 04-13-2012, 08:25 AM   #9
geekmaster
Всё гениальное просто.
geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.
 
geekmaster's Avatar
 
Posts: 5,070
Karma: 6789001
Join Date: Nov 2011
Location: Щедрость не имеет пределов.
Device: *.*
Quote:
Originally Posted by wolftail View Post
After doing some of the tests in diagnostics, the file is created. I don't remember exactly which tests but I was able to exit. (This has also happened to me some time ago when I played with the diags the first time after getting my Kindle.)
PS: I have successfully jailbroken my 5.1 Kindle. Thanks!
Actually, I remember that problem when my touch was new. It went away after running the diagnostics which created the missing file.

Perhaps we need to do that to the diags partition with ssh, and then repost it. That will eliminate a lot of confusion for many people, I think...

Thanks for the reminder... A little karma bump for that.
geekmaster is offline   Reply With Quote
Old 04-13-2012, 08:27 AM   #10
geekmaster
Всё гениальное просто.
geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.
 
geekmaster's Avatar
 
Posts: 5,070
Karma: 6789001
Join Date: Nov 2011
Location: Щедрость не имеет пределов.
Device: *.*
Quote:
Originally Posted by thomass View Post
Ok, I'm here
Just created one and uploading to dropbox. However my internet is really slow.
OK. I will be looking for the link to it.
geekmaster is offline   Reply With Quote
Old 04-13-2012, 08:51 AM   #11
wolftail
Connoisseur
wolftail will blow your mind, man!wolftail will blow your mind, man!wolftail will blow your mind, man!wolftail will blow your mind, man!wolftail will blow your mind, man!wolftail will blow your mind, man!wolftail will blow your mind, man!wolftail will blow your mind, man!wolftail will blow your mind, man!wolftail will blow your mind, man!wolftail will blow your mind, man!
 
wolftail's Avatar
 
Posts: 59
Karma: 57554
Join Date: Jan 2012
Location: Romania
Device: Kindle Touch
Question

After updating to the new firmware I had a problem. At every reboot the kindle would go into the Kindle needs repair screen. The only way to prevent this was to connect my kindle to a computer so that it would go directly into the USB drive mode. After disconnecting, it would return to the main menu.

The cause of this was the fact that I had installed some custom fonts but I removed the custom libfreetype. The fonts displayed correctly in the UI but caused some boot hiccups. After installing the custom libfreetype, the problem went away. I posted this so that if anyone has the same problem, they will be able to get their Kindle to work again.

Now the only problem left is that I cannot edit fonts anymore as the fonthack is incompatible with the new firmware. All Dev Apps refuse to open, throwing the same error (App incompatible, please update Kindle). (Krosswords does this too for me.) This does not bother me too much at the moment because I am happy with my custom fonts. One question tough: If I run the fonthack uninstaller, would the fonts return to default?

Last edited by wolftail; 04-13-2012 at 08:53 AM.
wolftail is offline   Reply With Quote
Old 04-13-2012, 09:05 AM   #12
eureka
but forgot what it's like
eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.
 
Posts: 728
Karma: 2314258
Join Date: Dec 2011
Location: north (by northwest)
Device: Kindle Touch
5.1.0 doesn't change diags partition.

/var/local/system/locale and /var/local/system/tzVar aren't sourced anymore in upstart scripts, but rather parsed. data.tar.gz extraction step is removed from appropriate upstart script.

But there is something new. /var/local/system/fixup and /var/local/system/onetimefixup are checked for existence and (on success) executed. And if /var/local/system/onetimefixup had been executed, it will be deleted afterwards.
eureka is offline   Reply With Quote
Old 04-13-2012, 09:08 AM   #13
geekmaster
Всё гениальное просто.
geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.
 
geekmaster's Avatar
 
Posts: 5,070
Karma: 6789001
Join Date: Nov 2011
Location: Щедрость не имеет пределов.
Device: *.*
Quote:
Originally Posted by eureka View Post
5.1.0 doesn't change diags partition.

/var/local/system/locale and /var/local/system/tzVar aren't sourced anymore in upstart scripts, but rather parsed. data.tar.gz extraction step is removed from appropriate upstart script.

But there is something new. /var/local/system/fixup and /var/local/system/onetimefixup are checked for existence and (on success) executed. And if /var/local/system/onetimefixup had been executed, it will be deleted afterwards.
Those look like excellent payload destinations. I have a jailbreak method triggered from the diags menu that will deposit them (if it has not been fixed).
geekmaster is offline   Reply With Quote
Old 04-13-2012, 09:26 AM   #14
thomass
Wizard
thomass ought to be getting tired of karma fortunes by now.thomass ought to be getting tired of karma fortunes by now.thomass ought to be getting tired of karma fortunes by now.thomass ought to be getting tired of karma fortunes by now.thomass ought to be getting tired of karma fortunes by now.thomass ought to be getting tired of karma fortunes by now.thomass ought to be getting tired of karma fortunes by now.thomass ought to be getting tired of karma fortunes by now.thomass ought to be getting tired of karma fortunes by now.thomass ought to be getting tired of karma fortunes by now.thomass ought to be getting tired of karma fortunes by now.
 
Posts: 1,643
Karma: 1928003
Join Date: Mar 2011
Location: Türkiye
Device: Kindle 5.3.7
Quote:
Originally Posted by geekmaster View Post
OK. I will be looking for the link to it.
mmcblk0p2.zip: http://db.tt/aAbjBNqE
thomass is offline   Reply With Quote
Old 04-13-2012, 09:50 AM   #15
geekmaster
Всё гениальное просто.
geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.
 
geekmaster's Avatar
 
Posts: 5,070
Karma: 6789001
Join Date: Nov 2011
Location: Щедрость не имеет пределов.
Device: *.*
UPDATE: The following information is for the diags partition that comes factory installed on the new kindles shipped with 5.1.0. The 5.1.0 update package does not install these changes on a kindle with older firmware. I flashed this new diags partition to my kindle touch, and there is an image file available with SSH pre-installed (see the "simple debricking" thread for download links).

I just compared that 5.1.0 diags image to my virgin 5.0.0 diags image. There are 153 files that are different, but a lot of those are symlinks.

5.0.0 diags: /etc/version.txt:
Software System Version: 137022-diags_signed-137022
Thu Nov 3 11:23:42 PDT 2011

5.1.0 diags: /etc/version.txt:
Software System Version: 137333-diags_signed-137333
Wed Nov 9 15:20:31 PST 2011

The shadow files are different too (as expected). The root passwords have different hashes. The diags root password is fiona180, which is probably derived from the serial number of the kindle that contained this image. For the diags_ssh, I changed the root password to use the mario hash, so it was not locked to a serial number.

/etc/guid is different too (also as expected).

/etc/fstab is different. It now contains the nfs mount , and the usb drive now had "nonempty" removed from it.

Many binary files are different in /bin, /sbin, /usr/bin, and /usr/sbin.

libcrypto.so is different.

mx50_yoshi_mma8453.ko is different.

And... /opt/factory/system_diags is different! This means that my jailbreak "secret" method might not work. I will need to flash this and test it.

So... in general... EVERYTHING that matters is DIFFERENT in the new diags partition that comes installed on new kindles.

EDIT: Thanks thomass!

UPDATE: /opt/factory/diagrootfs_md5_list is different. Specifically. these lines have changed:
Code:
----- old -----
33bb5670b73099ddd50f6ee546e1bbff  /etc/version.txt
8902ff941a46977702d2952933b12a72  /bin/busybox
e923c5541dd69c079cdc448f02814320  /usr/sbin/lsof
cd7029e00ecbfe87f4f0932ac774bf9d  /usr/lib/libcrypto.so.0.9.8
f4c4de1bc9a347eb48415ce52ee3423e  /opt/factory/system_diags
0b8f019fdb714ce8a2cc4b131b76f919  /sbin/mkfs
cb982256e7d68879a398180c0cc2fa81  /lib/modules/2.6.31-rt11-lab126/kernel/arch/arm/mach-mx5/mx50_yoshi_mma8453.ko
----- new -----
8247740e27c9e1ec9fc939d39567e798  /etc/version.txt
5e3150ccf41f5567d05c5857ad43a8f3  /bin/busybox
3732f0fd1eb61ada6759888c849abc5d  /usr/sbin/lsof
72db7538d8c6e5e74d2adf8e90482f0b  /usr/lib/libcrypto.so.0.9.8
94ed963e40ac6c894a219fbb1adcf216  /opt/factory/system_diags
3eb798198f269aea41cc2bbf97c4d2a9  /sbin/mkfs
747f02d7dba82c7e0ed572beeeebbdbb  /lib/modules/2.6.31-rt11-lab126/kernel/arch/arm/mach-mx5/mx50_yoshi_mma8453.ko
---------------
Also, there is a new file: /opt/ar6k/target/AR^003/hw2.1.1/bin/AR6003_calfile.bin

(As mentioned above, these changes are not installed when you update old firmware to 5.1.0 using the firmware update install package.)


Last edited by geekmaster; 04-14-2012 at 02:11 AM.
geekmaster is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
K5 Kindle Touch 5.0 Jailbreak yifanlu Kindle Developer's Corner 246 01-03-2013 05:57 PM
K5 Kindle Touch Jailbreak Support Team geekmaster Kindle Developer's Corner 39 01-14-2012 06:26 AM
iPod Why jailbreak an iPod touch Donnageddon Apple Devices 3 03-27-2011 02:55 PM


All times are GMT -4. The time now is 12:11 AM.


MobileRead.com is a privately owned, operated and funded community.