Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > E-Book Readers > Amazon Kindle > Kindle Developer's Corner

Notices

Reply
 
Thread Tools Search this Thread
Old 07-02-2012, 09:26 AM   #1
mmatej
Connoisseur
mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.
 
Posts: 91
Karma: 14730
Join Date: Jun 2012
Device: none
[KT 5.1.0] Web jailbreak

Hi all,
I have created simple web jailbreak for Kindle Touch 5.1.0. It exploits (recently) found security bug in browser and performs same steps as the current "universal" jailbreak version. It has also support installing bin update packages on-site (I only put there unjailbreak, because I don't know if package creators want to see their work there - please post your opinion). It has also very bad English, so if you have better text strings for replacement, I will replace it gladly.
Here is the link: http://jailbreak-kt.tk/.
You should open it in KT's web browser. Also, it won't work if you don't have 5.1.0 FW version.
Please try it and comment!
mmatej is offline   Reply With Quote
Old 07-02-2012, 11:09 AM   #2
geekmaster
Carpe diem, c'est la vie.
geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.
 
geekmaster's Avatar
 
Posts: 6,433
Karma: 10773668
Join Date: Nov 2011
Location: Multiverse 6627A
Device: K1 to PW3
They fixed it in 5.1.1 because we reported it to them as a seriously dangerous security loophole. Can you imagine how big a bill they could get from their cellphone data carriers if a bunch of 3G K5s with 5.1.0 firmware got infected from visiting a WEB PAGE, and then joined a botnet?

Luckily, to use 3G you need to register your kindle, and amazon will automatically push a firmware upgrade to it to fix this.

Or... is this a NEW web page exploit that I am not aware of? Please point me to a thread that describes it (if there is one). If so, it has the same dangerous security implications. Thanks.
geekmaster is offline   Reply With Quote
Advert
Old 07-02-2012, 11:13 AM   #3
mmatej
Connoisseur
mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.
 
Posts: 91
Karma: 14730
Join Date: Jun 2012
Device: none
No, it's the about one month old exploit. I still don't have 5.1.1 firmware, do you?
mmatej is offline   Reply With Quote
Old 07-02-2012, 11:23 AM   #4
aditya3098
Guru
aditya3098 ought to be getting tired of karma fortunes by now.aditya3098 ought to be getting tired of karma fortunes by now.aditya3098 ought to be getting tired of karma fortunes by now.aditya3098 ought to be getting tired of karma fortunes by now.aditya3098 ought to be getting tired of karma fortunes by now.aditya3098 ought to be getting tired of karma fortunes by now.aditya3098 ought to be getting tired of karma fortunes by now.aditya3098 ought to be getting tired of karma fortunes by now.aditya3098 ought to be getting tired of karma fortunes by now.aditya3098 ought to be getting tired of karma fortunes by now.aditya3098 ought to be getting tired of karma fortunes by now.
 
Posts: 608
Karma: 1588610
Join Date: Jan 2012
Device: Kindle Scribe
Nice!
I sucessfully bricked my touch! In other words, it CAN brick my touch.

Update: A reboot fixed it
aditya3098 is offline   Reply With Quote
Old 07-02-2012, 11:27 AM   #5
mmatej
Connoisseur
mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.
 
Posts: 91
Karma: 14730
Join Date: Jun 2012
Device: none
Quote:
Originally Posted by aditya3098 View Post
Nice!
I sucessfully bricked my touch! In other words, it CAN brick my touch.

Update: A reboot fixed it
This should really not happen. I've tested it minimally 4 times on clean FW. What exactly did it do?

EDIT: I tested it again on my KT and it works okay.
mmatej is offline   Reply With Quote
Advert
Old 07-02-2012, 11:29 AM   #6
geekmaster
Carpe diem, c'est la vie.
geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.
 
geekmaster's Avatar
 
Posts: 6,433
Karma: 10773668
Join Date: Nov 2011
Location: Multiverse 6627A
Device: K1 to PW3
Quote:
Originally Posted by mmatej View Post
No, it's the about one month old exploit. I still don't have 5.1.1 firmware, do you?
AFAIK it only comes on NEW kindles. I guess they will push it out AFTER somebody uses it to start a kindle botnet. I still WANT 5.1.1 images to compare to 5.1.0...

At least you did something USEFUL with it. One step closer to a kindle botnet.

Last edited by geekmaster; 07-02-2012 at 11:31 AM.
geekmaster is offline   Reply With Quote
Old 07-02-2012, 11:44 AM   #7
mmatej
Connoisseur
mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.
 
Posts: 91
Karma: 14730
Join Date: Jun 2012
Device: none
Quote:
Originally Posted by geekmaster View Post
...
At least you did something USEFUL with it. One step closer to a kindle botnet.
That botnet thing should not be too hard to create. You can look at the page sources to see how it's the bug triggered (I use it to download payload script on the tmpfs to Kindle / http://jailbreak-kt.tk/bin/script.sh / and then run it).
mmatej is offline   Reply With Quote
Old 07-02-2012, 11:55 AM   #8
geekmaster
Carpe diem, c'est la vie.
geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.
 
geekmaster's Avatar
 
Posts: 6,433
Karma: 10773668
Join Date: Nov 2011
Location: Multiverse 6627A
Device: K1 to PW3
Quote:
Originally Posted by mmatej View Post
That botnet thing should not be too hard to create. You can look at the page sources to see how it's the bug triggered (I use it to download payload script on the tmpfs to Kindle / http://jailbreak-kt.tk/bin/script.sh / and then run it).
Ahhh... so the botnet is a work in progress, then? That will get amazon to push out a fix (or not)...
geekmaster is offline   Reply With Quote
Old 07-02-2012, 12:00 PM   #9
mmatej
Connoisseur
mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.
 
Posts: 91
Karma: 14730
Join Date: Jun 2012
Device: none
Quote:
Originally Posted by geekmaster View Post
Ahhh... so the botnet is a work in progress, then? That will get amazon to push out a fix (or not)...
No, not really but the device could be taken over completely - disabling updates and so, then Amazon could not destroy the botnet by issuing OTA update. Maybe they could disable 3G then for FW 5.1.0 versions, but it doesn't solve the attacks via WiFi. And I think, FW versions could be faked to allow 3G after Amazon's disable, but I'm far OT now.
mmatej is offline   Reply With Quote
Old 07-02-2012, 12:51 PM   #10
mmatej
Connoisseur
mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.
 
Posts: 91
Karma: 14730
Join Date: Jun 2012
Device: none
Anyway, I am going to add other packages to the site if nobody is against it, so the installing process will be much simpler (unlike the current "download to PC, transfer to Kindle").
mmatej is offline   Reply With Quote
Old 07-02-2012, 01:01 PM   #11
aditya3098
Guru
aditya3098 ought to be getting tired of karma fortunes by now.aditya3098 ought to be getting tired of karma fortunes by now.aditya3098 ought to be getting tired of karma fortunes by now.aditya3098 ought to be getting tired of karma fortunes by now.aditya3098 ought to be getting tired of karma fortunes by now.aditya3098 ought to be getting tired of karma fortunes by now.aditya3098 ought to be getting tired of karma fortunes by now.aditya3098 ought to be getting tired of karma fortunes by now.aditya3098 ought to be getting tired of karma fortunes by now.aditya3098 ought to be getting tired of karma fortunes by now.aditya3098 ought to be getting tired of karma fortunes by now.
 
Posts: 608
Karma: 1588610
Join Date: Jan 2012
Device: Kindle Scribe
Source code? I assume there is SOME server-side?
aditya3098 is offline   Reply With Quote
Old 07-02-2012, 01:10 PM   #12
mmatej
Connoisseur
mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.mmatej is less competitive than you.
 
Posts: 91
Karma: 14730
Join Date: Jun 2012
Device: none
Quote:
Originally Posted by aditya3098 View Post
Source code? I assume there is SOME server-side?
Yes, there are SOME server-side php scripts for checking user agent, package database and download stats. I could send you clone of server root, but that seems to be unecessary. All magic is done on the client side, so (for example) if you wanted to create botnet infector page, you would not need it. Take a look at the scripts.js file.

Last edited by mmatej; 07-02-2012 at 01:16 PM. Reason: my stupid English
mmatej is offline   Reply With Quote
Old 07-02-2012, 01:49 PM   #13
eureka
but forgot what it's like
eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.
 
Posts: 741
Karma: 2345678
Join Date: Dec 2011
Location: north (by northwest)
Device: Kindle Touch
Quote:
Originally Posted by geekmaster View Post
They fixed it in 5.1.1 because we reported it to them as a seriously dangerous security loophole.
Do you have any facts (user reports) about this method failing with 5.1.1 or it's just an assumption?
eureka is offline   Reply With Quote
Old 07-02-2012, 01:56 PM   #14
geekmaster
Carpe diem, c'est la vie.
geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.
 
geekmaster's Avatar
 
Posts: 6,433
Karma: 10773668
Join Date: Nov 2011
Location: Multiverse 6627A
Device: K1 to PW3
Quote:
Originally Posted by eureka View Post
Do you have any facts (user reports) about this method failing with 5.1.1 or it's just an assumption?
Perhaps I oversimplified my statement too much. The intent was not to convey an absolute assumption. I get complaints about using too many words in my posts, but when I leave some out, statements start to look too "assumptive".

There are all kinds of unverified reports about 5.1.1, including that it deletes dropbear files (breaking USBnet), and that it deletes developer keys, and other annoyances. There was a PM discussion between a few of us about 5.1.1 (probably) being released because of this security flaw. Until I get my hands on 5.1.1, I will not be able to verify any of the claims, and everything is just a guess.

Can somebody with 5.1.1 (NiLuJe?) please test this?

Last edited by geekmaster; 07-02-2012 at 02:05 PM.
geekmaster is offline   Reply With Quote
Old 07-02-2012, 02:05 PM   #15
knc1
Going Viral
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
Quote:
Originally Posted by mmatej View Post
That botnet thing should not be too hard to create. You can look at the page sources to see how it's the bug triggered (I use it to download payload script on the tmpfs to Kindle / http://jailbreak-kt.tk/bin/script.sh / and then run it).
Filenames with embedded spaces . . . .
Now that is a really friendly thing to do for the experience level of the intended audience.

Since that filename might be accessed from either windows or linux, why not use a cross-platform name (no whitespace or other special characters)?
knc1 is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Hacks Kindle (3) Keyboard : Upgrade and Jailbreak or Jailbreak and Upgrade?? prado Amazon Kindle 3 06-11-2021 10:13 PM
Kindle Fire Web Browser will likely allow for web based games. sirmaru Kindle Fire 10 11-15-2011 02:55 PM
problem browsing web, web's with many links? KRorschachZ Amazon Kindle 1 11-20-2010 02:05 AM
Web Standards for E-books by Joe Clark (web article) guyanonymous General Discussions 2 03-18-2010 10:36 PM
Mobile Web surfing on the rise says Face of the Web Alexander Turcic Lounge 2 04-20-2006 01:17 PM


All times are GMT -4. The time now is 04:59 AM.


MobileRead.com is a privately owned, operated and funded community.