Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > E-Book Readers > Amazon Kindle > Kindle Developer's Corner

Notices

Reply
 
Thread Tools Search this Thread
Old 05-05-2012, 11:25 AM   #76
Dweia
Junior Member
Dweia plays well with othersDweia plays well with othersDweia plays well with othersDweia plays well with othersDweia plays well with othersDweia plays well with othersDweia plays well with othersDweia plays well with othersDweia plays well with othersDweia plays well with othersDweia plays well with others
 
Posts: 7
Karma: 2614
Join Date: May 2012
Device: Kindle Touch
Quote:
Originally Posted by geekmaster View Post
Perhaps your "geekmaster's hack" (whichever one that is) is running against the wrong partition? Can you post the contents of the hack you used?
Well, that might be - though you said it would work on both partitions. I am "only" talking about the RUNME.sh - which doesn't run in Diags (but does run in Main) - completely independent of the actual content of RUNME.sh... I was taking the data.tar.gz from this post:

Quote:
Originally Posted by geekmaster View Post
UPDATE: I have added a universal payload that should work with multiple kindles, if installed at /var/local/system/mntus.params, using whatever method is available for that device. For the K4NT and Touch, I have provided a data.tar.gz that contains my "universal" payload which launches RUNME.sh on the USB drive if it exists and there is not a RUNME.done file. [...]

This RUNME.sh just displays stuff on the screen to show that it works. Because this can be launched from main or diags mode, the script does not know which partition is root, [...]
Quote:
Originally Posted by geekmaster
Beware that your root partition will be either mmcblk0p1 or mmcblk0p2 depending on how you booted, so the missing /usr/local is not clear (which partition?)
Sorry, I guess it can get confusing, so again:
in MAIN MODE (mmcblk0p1) consistently over reboots:
/usr/local/bin, /usr/local/sbin, /usr/local/etc contain dropbear
/var/local/system contains mntus.param
in DIAGS MODE (mmcblk0p2) :
/usr/local/bin, /usr/local/sbin, /usr/local/etc get completely deleted
/var/local/system gets cleared
Quote:
Originally Posted by geekmaster
Yes I want a copy of the different diags partition. Thanks.
I uploaded the file to mmcblk0p2.019-J2-diags_yoshi-155938.img.gz (somewhat lengthy filename, but at least that identifies which version it is...)

Greetings,
Dweia
Dweia is offline   Reply With Quote
Old 05-05-2012, 11:55 AM   #77
geekmaster
Всё гениальное просто.
geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.
 
geekmaster's Avatar
 
Posts: 5,066
Karma: 6789001
Join Date: Nov 2011
Location: Щедрость не имеет пределов.
Device: *.*
I downloaded the file -- thanks for the link. You post made me MORE confused.

I have never seen anything remove files from diags. I just wanted to be sure that you were not accidentally looking at main where those file should be missing (unless you installed them there). You can check for an /etc/upstart/ folder to know which partition is root. Or you can mount main or diags to /mnt/mmc just to KNOW which partition you are looking at.

It can get confusing, and your symptoms do not match anything I have seen. Are you sure you are not confusing main and diags partitions here?
geekmaster is offline   Reply With Quote
Old 05-05-2012, 10:29 PM   #78
gmack523
Junior Member
gmack523 began at the beginning.
 
Posts: 1
Karma: 10
Join Date: May 2012
Device: Kindle
New Guy Here

Hi guys. I just went through the thread and I'm a little confused. Is there now a working jailbreak for 5.1.0 or is this still a work in progress? Any assistance would be greatly appreciated. Thank you!
gmack523 is offline   Reply With Quote
Old 05-05-2012, 11:37 PM   #79
geekmaster
Всё гениальное просто.
geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.
 
geekmaster's Avatar
 
Posts: 5,066
Karma: 6789001
Join Date: Nov 2011
Location: Щедрость не имеет пределов.
Device: *.*
Quote:
Originally Posted by gmack523 View Post
Hi guys. I just went through the thread and I'm a little confused. Is there now a working jailbreak for 5.1.0 or is this still a work in progress? Any assistance would be greatly appreciated. Thank you!
Yifanlu's instructions posted at the touch wiki still work fine. They involve booting from diags twice, if you read the instructions.

When that no longer works, I have a new method to replace it. And you can always go back to flashing a diags partition that has SSH pre-installed.

I discovered that although my payload works fine from main or diags, you need to boot diags once to install the payload from my data.tar.gz.

I suggest you just use Yifanlu's method. There is a link to the touch wiki in the "simple debricking" sticky...


Last edited by geekmaster; 05-05-2012 at 11:40 PM.
geekmaster is offline   Reply With Quote
Old 05-06-2012, 06:25 PM   #80
Dweia
Junior Member
Dweia plays well with othersDweia plays well with othersDweia plays well with othersDweia plays well with othersDweia plays well with othersDweia plays well with othersDweia plays well with othersDweia plays well with othersDweia plays well with othersDweia plays well with othersDweia plays well with others
 
Posts: 7
Karma: 2614
Join Date: May 2012
Device: Kindle Touch
Quote:
Originally Posted by geekmaster View Post
I downloaded the file -- thanks for the link. You post made me MORE confused.
Apologies

Quote:
Originally Posted by geekmaster
It can get confusing, and your symptoms do not match anything I have seen. Are you sure you are not confusing main and diags partitions here?
Very sure, yes. I put in BOTH partitions identical content in /usr/local - consisting of a "dropbearmulti" binary, several symlinks to it and an RSA-key in the "etc" subdirectory. For the Main-partition, everything is and stays Ok - for the Diags-partition, all three subdirectories get "at some point" lost. Still need to figure out when exactly - but it must be somewhere between leaving Diags and restarting into Main. (Since while still in Diags, I can use the SSH-login... After booting to Main, the files are gone)

***** looking through "my" diags-partition *****
  • data.tar.gz won't work due to changed "/etc/upstart/userstore" - also it seems to be planned for future firmwares to not work in main-mode, though "something new" might work even then. Seems like packages or "bundles" need to be signed at some point... We'll see when or if it happens.
  • haven't yet found anything that points to deletion of /usr/local/ ...
  • mntus.params is in principle in the same location, but has (at least) two more parameters, which might not be necessary as long as the FAT32-partition already exists.

Not yet very helpful, but all I can do without going a couple times per SSH into the Kindle and rebooting a few dozen times. Will try that in a few days, I guess.

Greetings,
Dweia
Dweia is offline   Reply With Quote
Old 05-06-2012, 08:07 PM   #81
geekmaster
Всё гениальное просто.
geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.
 
geekmaster's Avatar
 
Posts: 5,066
Karma: 6789001
Join Date: Nov 2011
Location: Щедрость не имеет пределов.
Device: *.*
Quote:
Originally Posted by Dweia View Post
  • data.tar.gz won't work due to changed "/etc/upstart/userstore" - also it seems to be planned for future firmwares to not work in main-mode, though "something new" might work even then. Seems like packages or "bundles" need to be signed at some point... We'll see when or if it happens.
  • haven't yet found anything that points to deletion of /usr/local/ ...
  • mntus.params is in principle in the same location, but has (at least) two more parameters, which might not be necessary as long as the FAT32-partition already exists.

Not yet very helpful, but all I can do without going a couple times per SSH into the Kindle and rebooting a few dozen times. Will try that in a few days, I guess.

Greetings,
Dweia
I do not think diags uses upstart, or at least it did not on 5.0.x firmware.

I do know that 5.1.0 broke eink update compatibility, so you cannot use the eink header file structure definitions to build a program that works on both 5.0.x and 5.1.x firmware using ioctl() calls to update the eink display. They recompiled everything using the new header file, which makes the new programs not work on the old kernel (wrt eink).

I would not be at all surprised that they messed up other stuff too. It just seems odd that they would make a change that breaks compatibility between MINOR version numbers like this...
geekmaster is offline   Reply With Quote
Old 05-07-2012, 12:30 PM   #82
Dweia
Junior Member
Dweia plays well with othersDweia plays well with othersDweia plays well with othersDweia plays well with othersDweia plays well with othersDweia plays well with othersDweia plays well with othersDweia plays well with othersDweia plays well with othersDweia plays well with othersDweia plays well with others
 
Posts: 7
Karma: 2614
Join Date: May 2012
Device: Kindle Touch
Quote:
Originally Posted by geekmaster View Post
I do not think diags uses upstart, or at least it did not on 5.0.x firmware.
You are probably right, though /etc/upstart/userstore is called from /etc/upstart/diags, which in turn is symlinked from /etc/rcS.d/S50diags...

I found by now also the reason for the missing files in /usr/local - it reminded me of the line "# TODO - make sure production loses /usr/local/bin to disable this" seems that's not a "TODO" any more, but rather a "DONE".

strings system_diags |grep usr/local
Code:
/usr/local/bin/dropbearmulti
mkdir -p /usr/local/sbin
/usr/local/sbin/dropbearkey
/usr/local/sbin/dropbear
rm -rf /usr/local/*
I don't know, why dropbear is explicitly named within the system_diags binary - I wonder, if it might actually be contained as a binary ressource or something, so that dropbear can be created "on the fly"... Whatever the reason, when "disabling diagnostics", the last line is executed any byebye dropbear. Maybe I'll try to install it in /usr/bin or something, and see if I can get a start-script to run it...

Another (pssibly) interesting thing that "strings system_diags" showed is that there are somewhere a few parameters for "idme", which suggest it might be possible to get into fastboot directly from diags:

strings system_diags |grep idme
Code:
idme -d --bootmode fastboot
idme -d --postmode diag-nuspo
idme -d --postmode normal
idme -d --postmode diag-nm
idme -d --bootmode main
Lastly I need to correct one thing that I wrote in my first post here: your RUNME.sh *is* executed also when booting into Diags mode, once the "mntus.params" is installed when booting to Main mode...

Greetings,
Dweia
Dweia is offline   Reply With Quote
Old 05-07-2012, 12:39 PM   #83
geekmaster
Всё гениальное просто.
geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.
 
geekmaster's Avatar
 
Posts: 5,066
Karma: 6789001
Join Date: Nov 2011
Location: Щедрость не имеет пределов.
Device: *.*
Quote:
Originally Posted by Dweia View Post
Another (pssibly) interesting thing that "strings system_diags" showed is that there are somewhere a few parameters for "idme", which suggest it might be possible to get into fastboot directly from diags:
Unless they removed it, you could set fastboot mode from the exit menu.

As I understand it, there are several different versions of the diags partition for 5.1.0 in the wild now, so what works on one may not work on another.

That auto-deleting /usr/local really sucks.
geekmaster is offline   Reply With Quote
Old 05-07-2012, 01:51 PM   #84
ixtab
(offline)
ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.
 
ixtab's Avatar
 
Posts: 2,903
Karma: 6677485
Join Date: Dec 2011
Device: K3, K4, K5, KPW, KPW2
Quote:
Originally Posted by Dweia View Post
I don't know, why dropbear is explicitly named within the system_diags binary - I wonder, if it might actually be contained as a binary ressource or something, so that dropbear can be created "on the fly"... Whatever the reason, when "disabling diagnostics", the last line is executed any byebye dropbear. Maybe I'll try to install it in /usr/bin or something, and see if I can get a start-script to run it...
First off, thanks for posting the image! I took a look inside it - specifically I disassembled /opt/factory/system_diags. I'm not terribly proficient at ARM instructions, but anyway here are two relevant snippets:
Spoiler:

Code:
.text:0001ECD4
.text:0001ECD4 ; =============== S U B R O U T I N E =======================================
.text:0001ECD4
.text:0001ECD4 ; Attributes: bp-based frame
.text:0001ECD4
.text:0001ECD4 sub_1ECD4                               ; CODE XREF: sub_4A714+ACp
.text:0001ECD4                                         ; DATA XREF: .rodata:0004D644o
.text:0001ECD4
.text:0001ECD4 var_6C          = -0x6C
.text:0001ECD4 oldR4           = -0x10
.text:0001ECD4 oldR11          = -0xC
.text:0001ECD4 oldSP           = -8
.text:0001ECD4 oldLR           = -4
.text:0001ECD4
.text:0001ECD4                 MOV     R12, SP
.text:0001ECD8                 STMFD   SP!, {R4,R11,R12,LR,PC}
.text:0001ECDC                 SUB     R11, R12, #4
.text:0001ECE0                 SUB     SP, SP, #0x5C
.text:0001ECE4                 MOV     R4, R0
.text:0001ECE8                 LDR     R0, =aUsrLocalBinDro ; "/usr/local/bin/dropbearmulti"
.text:0001ECEC                 SUB     R1, R11, #-var_6C
.text:0001ECF0                 BLX     sub_4B29C
.text:0001ECF4                 CMP     R0, #0
.text:0001ECF8                 BNE     loc_1EDDC
.text:0001ECFC                 LDR     R3, [R4]
.text:0001ED00                 MOV     R0, R4
.text:0001ED04                 LDR     R1, =aMntrootRw ; "mntroot rw"
.text:0001ED08                 LDR     R3, [R3,#0x98]
.text:0001ED0C                 BLX     R3
.text:0001ED10                 LDR     R3, [R4]
.text:0001ED14                 LDR     R1, =aMkdirPUsrLocal ; "mkdir -p /usr/local/sbin"
.text:0001ED18                 MOV     R0, R4
.text:0001ED1C                 LDR     R3, [R3,#0x98]
.text:0001ED20                 BLX     R3
.text:0001ED24                 LDR     R0, =aUsrLocalSbinDr ; "/usr/local/sbin/dropbearkey"
.text:0001ED28                 SUB     R1, R11, #-var_6C
.text:0001ED2C                 BLX     sub_4B29C
.text:0001ED30                 CMP     R0, #0
.text:0001ED34                 BEQ     loc_1ED54
.text:0001ED38                 LDR     R3, [R4]
.text:0001ED3C                 MOV     R0, R4
.text:0001ED40                 LDR     R1, =aLnSSS     ; "ln -s %s %s"
.text:0001ED44                 LDR     R2, =aUsrLocalBinDro ; "/usr/local/bin/dropbearmulti"
.text:0001ED48                 LDR     R12, [R3,#0x98]
.text:0001ED4C                 LDR     R3, =aUsrLocalSbinDr ; "/usr/local/sbin/dropbearkey"
.text:0001ED50                 BLX     R12
.text:0001ED54
.text:0001ED54 loc_1ED54                               ; CODE XREF: sub_1ECD4+60j
.text:0001ED54                 LDR     R0, =aUsrLocalSbin_0 ; "/usr/local/sbin/dropbear"
.text:0001ED58                 SUB     R1, R11, #-var_6C
.text:0001ED5C                 BLX     sub_4B29C
.text:0001ED60                 CMP     R0, #0
.text:0001ED64                 BEQ     loc_1ED84
.text:0001ED68                 LDR     R3, [R4]
.text:0001ED6C                 MOV     R0, R4
.text:0001ED70                 LDR     R1, =aLnSSS     ; "ln -s %s %s"
.text:0001ED74                 LDR     R2, =aUsrLocalBinDro ; "/usr/local/bin/dropbearmulti"
.text:0001ED78                 LDR     R12, [R3,#0x98]
.text:0001ED7C                 LDR     R3, =aUsrLocalSbin_0 ; "/usr/local/sbin/dropbear"
.text:0001ED80                 BLX     R12
.text:0001ED84
.text:0001ED84 loc_1ED84                               ; CODE XREF: sub_1ECD4+90j
.text:0001ED84                 LDR     R0, =aEtcDropbearDro ; "/etc/dropbear/dropbear_rsa_host_key"
.text:0001ED88                 SUB     R1, R11, #-var_6C
.text:0001ED8C                 BLX     sub_4B29C
.text:0001ED90                 CMP     R0, #0
.text:0001ED94                 BEQ     loc_1EDB4
.text:0001ED98                 LDR     R3, [R4]
.text:0001ED9C                 MOV     R0, R4
.text:0001EDA0                 LDR     R1, =aMkdirPEtcDropb ; "mkdir -p /etc/dropbear/ && %s -t rsa -f"...
.text:0001EDA4                 LDR     R2, =aUsrLocalSbinDr ; "/usr/local/sbin/dropbearkey"
.text:0001EDA8                 LDR     R12, [R3,#0x98]
.text:0001EDAC                 LDR     R3, =aEtcDropbearDro ; "/etc/dropbear/dropbear_rsa_host_key"
.text:0001EDB0                 BLX     R12
.text:0001EDB4
.text:0001EDB4 loc_1EDB4                               ; CODE XREF: sub_1ECD4+C0j
.text:0001EDB4                 LDR     R3, [R4]
.text:0001EDB8                 MOV     R0, R4
.text:0001EDBC                 LDR     R1, =aUsrLocalSbin_0 ; "/usr/local/sbin/dropbear"
.text:0001EDC0                 LDR     R3, [R3,#0x98]
.text:0001EDC4                 BLX     R3
.text:0001EDC8                 LDR     R3, [R4]
.text:0001EDCC                 MOV     R0, R4
.text:0001EDD0                 LDR     R1, =aMntrootRo ; "mntroot ro"
.text:0001EDD4                 LDR     R3, [R3,#0x98]
.text:0001EDD8                 BLX     R3
.text:0001EDDC
.text:0001EDDC loc_1EDDC                               ; CODE XREF: sub_1ECD4+24j
.text:0001EDDC                 MOV     R0, #0
.text:0001EDE0                 SUB     SP, R11, #0x10
.text:0001EDE4                 LDMFD   SP, {R4,R11,SP,PC}
.text:0001EDE4 ; End of function sub_1ECD4


To me, this looks as if dropbear was installed, configured, and started(!) if the file /usr/local/bin/dropbearmulti is present.

Now on to the second part:
Spoiler:

Code:
.text:0003DDE4
.text:0003DDE4 ; =============== S U B R O U T I N E =======================================
.text:0003DDE4
.text:0003DDE4
.text:0003DDE4 sub_3DDE4                               ; DATA XREF: .rodata:00052AE8o
.text:0003DDE4
.text:0003DDE4 var_530         = -0x530
.text:0003DDE4
.text:0003DDE4                 MOV     R12, SP
.text:0003DDE8                 LDR     R3, =off_4BE88
.text:0003DDEC                 STMFD   SP!, {R4,R5,R11,R12,LR,PC}
.text:0003DDF0                 SUB     SP, SP, #0x510
.text:0003DDF4                 SUB     R11, R12, #4
.text:0003DDF8                 SUB     SP, SP, #8
.text:0003DDFC                 MOV     R4, R0
.text:0003DE00                 LDR     R0, =aHaldevicesetti ; "HalDeviceSetting"
.text:0003DE04                 STR     R3, [R11,#-0x2C]
.text:0003DE08                 MOV     R3, #0
.text:0003DE0C                 STR     R3, [R11,#-0x28]
.text:0003DE10                 STR     R3, [R11,#-0x24]
.text:0003DE14                 STR     R3, [R11,#-0x20]
.text:0003DE18                 STR     R3, [R11,#-0x1C]
.text:0003DE1C                 BL      sub_10198
.text:0003DE20                 CMP     R0, #0
.text:0003DE24                 STR     R0, [R4,#0x20C]
.text:0003DE28                 SUBEQ   R2, R11, #0x520
.text:0003DE2C                 LDREQ   R3, =off_543B0
.text:0003DE30                 SUBEQ   R2, R2, #4
.text:0003DE34                 BEQ     loc_3DE6C
.text:0003DE38                 LDR     R3, [R0]
.text:0003DE3C                 MOV     R2, #0xC
.text:0003DE40                 ADD     R5, R4, #0x210
.text:0003DE44                 STR     R2, [R11,#-0x24]
.text:0003DE48                 STR     R5, [R11,#-0x1C]
.text:0003DE4C                 SUB     R1, R11, #0x2C
.text:0003DE50                 LDR     R3, [R3,#0x3C]
.text:0003DE54                 BLX     R3
.text:0003DE58                 CMP     R0, #0
.text:0003DE5C                 BEQ     loc_3DE90
.text:0003DE60                 SUB     R2, R11, #0x520
.text:0003DE64                 LDR     R3, =off_543B8
.text:0003DE68                 SUB     R2, R2, #4
.text:0003DE6C
.text:0003DE6C loc_3DE6C                               ; CODE XREF: sub_3DDE4+50j
.text:0003DE6C                                         ; sub_3DDE4+110j
.text:0003DE6C                 LDMIA   R3, {R0,R1}
.text:0003DE70                 LDR     R3, [R4]
.text:0003DE74                 STMIA   R2, {R0,R1}
.text:0003DE78                 MOV     R1, R2
.text:0003DE7C                 LDR     R3, [R3,#0x208]
.text:0003DE80                 MOV     R0, R4
.text:0003DE84                 MOV     R2, #2
.text:0003DE88
.text:0003DE88 loc_3DE88                               ; CODE XREF: sub_3DDE4+F0j
.text:0003DE88                 BLX     R3
.text:0003DE8C                 B       loc_3DFEC
.text:0003DE90 ; ---------------------------------------------------------------------------
.text:0003DE90
.text:0003DE90 loc_3DE90                               ; CODE XREF: sub_3DDE4+78j
.text:0003DE90                 LDR     R0, [R4,#0x20C]
.text:0003DE94                 MOV     R3, #0xE
.text:0003DE98                 STR     R3, [R11,#-0x24]
.text:0003DE9C                 SUB     R1, R11, #0x2C
.text:0003DEA0                 STR     R5, [R11,#-0x1C]
.text:0003DEA4                 LDR     R3, [R0]
.text:0003DEA8                 LDR     R3, [R3,#0x3C]
.text:0003DEAC                 BLX     R3
.text:0003DEB0                 LDR     R3, [R4]
.text:0003DEB4                 CMP     R0, #0
.text:0003DEB8                 BEQ     loc_3DED8
.text:0003DEBC                 LDR     R2, =aCouldNotMountA ; "Could not mount/access customer partiti"...
.text:0003DEC0                 SUB     R1, R11, #0x14
.text:0003DEC4                 LDR     R3, [R3,#0x208]
.text:0003DEC8                 MOV     R0, R4
.text:0003DECC                 STR     R2, [R1,#-0x510]!
.text:0003DED0                 MOV     R2, #1
.text:0003DED4                 B       loc_3DE88
.text:0003DED8 ; ---------------------------------------------------------------------------
.text:0003DED8
.text:0003DED8 loc_3DED8                               ; CODE XREF: sub_3DDE4+D4j
.text:0003DED8                 LDR     R3, [R3,#0x1FC]
.text:0003DEDC                 MOV     R0, R4
.text:0003DEE0                 BLX     R3
.text:0003DEE4                 CMP     R0, #0
.text:0003DEE8                 SUBEQ   R2, R11, #0x520
.text:0003DEEC                 LDREQ   R3, =off_543C0
.text:0003DEF0                 SUBEQ   R2, R2, #4
.text:0003DEF4                 BEQ     loc_3DE6C
.text:0003DEF8                 LDR     R3, [R4]
.text:0003DEFC                 MOV     R0, R4
.text:0003DF00                 LDR     R3, [R3,#0x200]
.text:0003DF04                 BLX     R3
.text:0003DF08                 CMP     R0, #0
.text:0003DF0C                 BEQ     loc_3DFEC
.text:0003DF10                 LDR     R0, =unk_5A20B  ; command ### this is "/usr/sbin/mntroot rw"
.text:0003DF14                 BL      system
.text:0003DF18                 LDR     R0, =aMntBaseUsEnabl ; "/mnt/base-us/ENABLE_DIAGS"
.text:0003DF1C                 SUB     R1, R11, #0x84
.text:0003DF20                 BLX     sub_4B29C
.text:0003DF24                 CMP     R0, #0
.text:0003DF28                 BNE     loc_3DF38
.text:0003DF2C                 LDR     R0, =aMntBaseUsEnabl ; "/mnt/base-us/ENABLE_DIAGS"
.text:0003DF30                 BL      remove
.text:0003DF34                 BL      sync
.text:0003DF38
.text:0003DF38 loc_3DF38                               ; CODE XREF: sub_3DDE4+144j
.text:0003DF38                 LDR     R0, =unk_5A23A ### this is "/usr/sbin/rpinit"
.text:0003DF3C                 SUB     R1, R11, #0x84
.text:0003DF40                 BLX     sub_4B29C
.text:0003DF44                 CMP     R0, #0
.text:0003DF48                 BNE     loc_3DF6C
.text:0003DF4C                 SUB     R0, R11, #0x520
.text:0003DF50                 LDR     R1, =aSStart    ; "%s start"
.text:0003DF54                 SUB     R0, R0, #4      ; s
.text:0003DF58                 LDR     R2, =unk_5A23A
.text:0003DF5C                 BL      sprintf
.text:0003DF60                 SUB     R0, R11, #0x520
.text:0003DF64                 SUB     R0, R0, #4      ; command
.text:0003DF68                 BL      system
.text:0003DF6C
.text:0003DF6C loc_3DF6C                               ; CODE XREF: sub_3DDE4+164j
.text:0003DF6C                 LDR     R0, =aRmRfUsrLocal ; "rm -rf /usr/local/*"
.text:0003DF70                 BL      system
.text:0003DF74                 LDR     R3, [R4]
.text:0003DF78                 MOV     R0, R4
.text:0003DF7C                 LDR     R3, [R3,#0xB0]
.text:0003DF80                 BLX     R3
.text:0003DF84                 LDR     R1, =aSSendingMntroo ; "%s: sending  mntroot_ro: idme -d --boot"...
.text:0003DF88                 MOV     R2, R0
.text:0003DF8C                 MOV     R0, R4
.text:0003DF90                 BL      sub_38410
.text:0003DF94                 LDR     R0, =unk_5A29A  ; command
.text:0003DF98                 BL      system
.text:0003DF9C                 LDR     R3, [R4]
.text:0003DFA0                 MOV     R0, R4
.text:0003DFA4                 LDR     R5, [R3,#0x1A0]
.text:0003DFA8                 LDR     R3, [R3,#0xB0]
.text:0003DFAC                 BLX     R3
.text:0003DFB0                 MOV     R3, #0x9F
.text:0003DFB4                 MOV     R1, #1
.text:0003DFB8                 SUB     R2, R11, #0x124
.text:0003DFBC                 STR     R0, [SP,#0x530+var_530]
.text:0003DFC0                 MOV     R0, R4
.text:0003DFC4                 BLX     R5
.text:0003DFC8                 LDR     R0, =aIdmeDBootmodeM ; "idme -d --bootmode main"
.text:0003DFCC                 BL      system
.text:0003DFD0                 BL      sync
.text:0003DFD4                 LDR     R3, =unk_70CD0
.text:0003DFD8                 MOV     R0, #0
.text:0003DFDC                 STR     R0, [R3,#0x7C]
.text:0003DFE0                 MOV     R3, #1
.text:0003DFE4                 STR     R3, [R4,#0xC]
.text:0003DFE8                 B       loc_3DFF8
.text:0003DFEC ; ---------------------------------------------------------------------------
.text:0003DFEC
.text:0003DFEC loc_3DFEC                               ; CODE XREF: sub_3DDE4+A8j
.text:0003DFEC                                         ; sub_3DDE4+128j
.text:0003DFEC                 MOV     R0, 0xFFFFFFFF
.text:0003DFF0                 MOV     R3, #2
.text:0003DFF4                 STR     R3, [R4,#0xC]
.text:0003DFF8
.text:0003DFF8 loc_3DFF8                               ; CODE XREF: sub_3DDE4+204j
.text:0003DFF8                 SUB     SP, R11, #0x14
.text:0003DFFC                 LDMFD   SP, {R4,R5,R11,SP,PC}
.text:0003DFFC ; End of function sub_3DDE4
.text:0003DFFC


... and here, the relevant logic seems to be: if /mnt/us-base/ENABLE_DIAGS exists, remove it, AND rm -rf /usr/local/*, THEN reboot to main.

Now go figure how these two things go together (as the second part would also remove /usr/local/bin/dropbearmulti, which is needed for the first part to make sense)... WTF?

PS: I also don't know what that "/usr/sbin/rpinit start" command would mean, this file doesn't exist either. WTF²?

Last edited by ixtab; 05-07-2012 at 01:58 PM.
ixtab is offline   Reply With Quote
Old 05-07-2012, 02:04 PM   #85
geekmaster
Всё гениальное просто.
geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.
 
geekmaster's Avatar
 
Posts: 5,066
Karma: 6789001
Join Date: Nov 2011
Location: Щедрость не имеет пределов.
Device: *.*
At least we can flash on old diags with SSH preinstalled that does not delete these files (unless an OTA update adds that undesired "feature" back in).
geekmaster is offline   Reply With Quote
Old 06-28-2012, 04:43 AM   #86
PaulSanS
Junior Member
PaulSanS began at the beginning.
 
Posts: 1
Karma: 10
Join Date: Jun 2012
Device: Kindle Touch
3G Connection problem

Hello. I successfully installed jalibreak 1.1 on my Kindle Touch (serial B00F *, firmware 5.1.0). After this Kindle stopped finding 3G network. I tried uninstall Jalibreak (using update_jailbreak_1.1_k5_uninstall.bin) and Reset Device. 3G still unavailable. Is there any solution?
PaulSanS is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
K5 Kindle Touch 5.0 Jailbreak yifanlu Kindle Developer's Corner 246 01-03-2013 04:57 PM
K5 Kindle Touch Jailbreak Support Team geekmaster Kindle Developer's Corner 39 01-14-2012 05:26 AM
iPod Why jailbreak an iPod touch Donnageddon Apple Devices 3 03-27-2011 01:55 PM


All times are GMT -4. The time now is 03:02 AM.


MobileRead.com is a privately owned, operated and funded community.