[Progress] Jailbreaking Kindle 4.0 (Touch/No Keyboard)

[theholyraptor]

yifanlu,
I know you posted a new thread with jailbreak info but perhaps you'll want to update your first post on this thread too to indicate that the jailbreaks have been done just to be completely clear and concise.

[Belkaar]

My first post and first steps:

!! Read the entire tutorial before starting. If you don't understand one of the steps don't try it. You will risk bricking your Kindle !!

How to enable SSH via Wifi on Kindle 4 (4.0.1) nt on windows:

1) Get your kindle serial from the settings menu

2) Run the following python code to get your root password

Code:

#!/usr/bin/env python
import hashlib
print("fiona%s"%hashlib.md5("XXXYOURSERIALXXX\n".encode('utf-8')).hexdigest()[7:11])

3) Enter diagnostic mode: create an empty file with name ENABLE_DIAGS on your kindle via USB and reboot (Settings -> Menu -> Restart)

4) In diagnostic mode plug in the USB cable and go to usb networking: Misc individual diagnostics -> Utilities -> Enable USBnet

5) Install windows driver. Windows (7) won't recognize the correct driver, so you have to select it manually: Go to device manager, and select the new unkown device, right click and install driver. Then click your way to the driver list, select "Network card" then "Microsoft Inc" then "Remote NDIS based internet sharing device"

6) setup windows network. Setup the IP for the new connection: IP 192.168.15.1 Subnet 255.255.255.0, rest empty

7) Open ssh client like putty and connect to 192.168.15.244 user name root and password from the python script 'fionaXXXX' (or 'mario' for 4.0)

8) mount main partition

Code:

mount /dev/mmcblk0p1 /mnt/base-mmc

9) copy dropbear binary:

Code:

cp -r /usr/local /mnt/base-mmc/usr/
sync

10) add firewall rule:

Code:

vi /mnt/base-mmc/etc/sysconfig/iptables

add line

Code:

-A INPUT -i wlan0 -p tcp --dport 22 -j ACCEPT

hit ESC , then enter :wq and press enter

11) reboot: On the kindle exit usb mode and go to the main menu, then select 'Exit, Reboot or Disable Diags' -> 'Disable Diagnostics'

12) disconnect USB cable

13) after it finished rebootin you can point your SSH client (or WinSCP) to the Wifi IP when kindle is running in normal mode

[AlexeyII]

removed

[thomass]

Quote:

Originally Posted by kacir

I believe you do remember Sony Rootkit scandal. Official, stamped (that is, not burned) CDs from Sony BMG label were, at the time just before scandal, as trustworthy source as they get. And yet ...

It only takes one distributor of audiobooks (just as an example) to get "creative" with protecting their "Intellectual Property" and you can get very nasty stuff installed on your Kindle.

There are *so* many relatively trustworthy sources of legal mp3s, e-books, audiobooks and other stuff. Such as http://www.jamendo.com/en/ . I have discovered lots of great music through that site. Music that is NOT distributed by MAFIAA members.


I consider this ability to run arbirtary code as root on device just by opening an mp3 file (and God knows what else!) to be a severe security risk.

I think, a hack to disable such hacks,apart from jailbreak, which execute through a mp3 file is necessary

[geekmaster]

Quote:

Originally Posted by thomass

I think, a hack to disable such hacks,apart from jailbreak, which execute through a mp3 file is necessary

I completely agree -- the jailbreak should install this protection to prevent malware from using this mp3 vector.

And for kindle touch owners who do not want a full jailbreak on their kindle, a stripped version of the hack that ONLY fixes the mp3 bug would be a good thing to have.

[Belkaar]

Quote:

Originally Posted by AlexeyII

- startup script /init.d/dropbear search binary at /usr/local/sbin/dropbear
- my kindle 4 doesnt have /usr/local/ on main partition

You are correct. sorry for that. I corrected the tutorial.
You just need to copy the directory p2/usr/local to p1/usr

[zackor]

First of all, thanks for your work and congratulations for all you've already achieved!

However, I find this little unfair, that Kindle4 non-touch users (such as myself) are being marginalized :P Id be greateful for an answer; if it's actually possible to change K4 classic screensavers to the custom ones? As nobody answered hawkeye85 question - Im waiting to change screensavs too and have been following this thread since I got my K4!

Do I need to manually ssh Kindle, like Belkaar described?

[abishur]

Actually, even though the thread says kindle 4 touch everyone keeps posting solutions for the kindle 4 nt isn't that non-touch (as you can tell from my posts amount I new) ? Will any of the posted solutions actually work for the touch?

[hondamarlboro]

I m not sure, but the above script is in public? and are there no risk of brick k4 with the above method for entry users?

[yifanlu]

If anyone's interested in writing a book reader or reader plugin for the Kindle Touch, I can help. I don't have the time to do it, but I know pretty much how the Reader SDK works. Still waiting for that epub plugin...

[Belkaar]

Quote:

Originally Posted by hondamarlboro

I m not sure, but the above script is in public? and are there no risk of brick k4 with the above method for entry users?

Of course there is always risk for bricking your kindle.
Most of the information above (including the script) I got from the internet and this forum. It's just all packaged in one place.

[Belkaar]

Quote:

Originally Posted by zackor

First of all, thanks for your work and congratulations for all you've already achieved!

However, I find this little unfair, that Kindle4 non-touch users (such as myself) are being marginalized :P Id be greateful for an answer; if it's actually possible to change K4 classic screensavers to the custom ones? As nobody answered hawkeye85 question - Im waiting to change screensavs too and have been following this thread since I got my K4!

Do I need to manually ssh Kindle, like Belkaar described?

I don't know of an easier way.

But if you have ssh you can do the following:

1) create a folder on the kindle called 'screensaver' (where the documents folder is)

2a) ssh into the kindle via wifi

Code:

mv /opt/amazon/screen_saver/600x800 /opt/amazon/screen_saver/600x800_
ln -s /mnt/us/screensaver /opt/amazon/screen_saver/600x800

2b) ssh into kindle via usb

Code:

mount /dev/mmcblk0p1 /mnt/base-mmc
mv /mnt/base-mmc/opt/amazon/screen_saver/600x800 /mnt/base-mmc/opt/amazon/screen_saver/600x800_
ln -s /mnt/us/screensaver /mnt/base-mmc/opt/amazon/screen_saver/600x800

3) put your screensaver files into the created directory (you need to restart the kindle after putting in new files)

Don't worry if you delete the folder or don't have any files in it the screensaver will be blank white

[AlexeyII]

Usbnetwork & Dropbear package for Kindle 4 no touch for runing in production (non-diag) mode

This stuff need because in PROD mode needed files in /usr/local absent, and startup scripts cannot run usbnetwork & dropbear services
Requirements: Kindle 4 no touch 4.0.0/4.0.1 firmware, installed jailbreak

Installing:
1) instal jailbreak if you dont have
2) place update_k4w_usbnetwork&dropbear.bin to root folder of attached kindle
3) update

Activate:
1) place empty ENABLE_USBNET in root folder of attached kindle & restart
2) after restart you will see screen about usb connection with no switch to main screen
3) ssh to 192.168.15.244, login as root and enter password (password relative to serial number of your device, you need calculate it before )
4) if you want remove "usb connection screen" do command:

Code:

lipc-set-prop -i com.lab126.volumd useUsbForNetwork 1
/etc/init.d/volumd stop
/etc/init.d/volumd start
/etc/init.d/framework restart

5) if you want restore normal mode and have "usb connection screen", you need reboot device manualy, like "sh /etc/init.d/reboot stop" or other way
6) file ENABLE_USBNET will be deleted by kindle automaticaly, after reboot usbnetwork will be disabled

[abishur]

I'll give it a shot, though I also notice when getting my serial number, my firmware is actually version 5.0.0 not 4.0.1 we'll see what happens!

[yifanlu]

Some useable tweaks I've found:

-To stop the browser from using an large font, edit /var/local/waf/browser/config.xml and delete the line that says "<setting name="defaultFontSize" value="20"/>" (must be done at each reboot as the device resets the settings)
-To rotate the device (in books and the browser but not home screen), type (in ssh)
# lipc-set-prop com.lab126.winmgr orientationLock L
for landscape left
# lipc-set-prop com.lab126.winmgr orientationLock R
for landscape right
# lipc-set-prop com.lab126.winmgr orientationLock U
for portrait
# lipc-set-prop com.lab126.winmgr orientationLock D
for inverted portrait
-To enable accelerator (no point except allow the Kindle to see rotate event, it does nothing with those events though), edit "/etc/upstart/makexconfig" and on line 120, edit "IS_ACCEL=0" to "IS_ACCEL=1"