Usbnetwork/ssh on kindle 3?

[dinkus]

Zafkin's method appears to be the only currently published way to get a shell on a kindle 3. I'm surprised there isn't more discussion here. Has anyone reproduced? I'm waiting for some parts for my serial cable and will report back as soon as I've tried.

What method are people using to enable access to running OS via wifi ("jailbreak")? Can you copy zafkin's dropbear onto the filesystem and have it run at boot? Has anyone used this to look for easier vectors to shells?

[capitanfracassa]

Would you mind giving a more detailed step-by step?
What do you mean by "/2 voltage divider"?
How do you interrupt u-boot? How do you upload and run?

Sorry for being dumb, but I have never done it.

[Tiersten]

Quote:

Originally Posted by capitanfracassa

What do you mean by "/2 voltage divider"?

Two 10K resistors will do.

Quote:

Originally Posted by capitanfracassa

How do you interrupt u-boot?

Press a key.

Quote:

Originally Posted by capitanfracassa

How do you upload and run?

Sorry for being dumb, but I have never done it.[/QUOTE]
Read the u-Boot documentation.

If you don't know what you're doing or aren't 100% confident then I wouldn't attempt it as there is a chance to damage your Kindle.

[capitanfracassa]

Quote:

Originally Posted by Tiersten

Two 10K resistors will do.

I assume, in series on the TX/RX lines? ( PC - 10K - Kindle Tx, PC -10K -Kindle Rx)? But why? Isn't the Kindle's serial port hooked internally with around 4V?

Quote:

Originally Posted by Tiersten

If you don't know what you're doing or aren't 100% confident then I wouldn't attempt it as there is a chance to damage your Kindle.

I won't do it until I know what I'm doing, that is why I am asking for detailed instructions, thanks for the link.

[Dibblah]

The kindle serial port is 1.8v. A resistive divider will work for the:
PC -> Kindle

But the other direction is far more complex - 1.8v -> 3.3v won't work with the standard mosfet level shifter.

Best bet is to get an adapter which does 1.8v natively - I made one with a FT232rl.

I can confirm that the kernel with initrd works fine to change the password. If the kindle appears "stuck", just hit the power switch for a short time (1s) and it wakes back up.

Cheers,

Allan.

[NiLuJe]

Okay. I'm stupid.

Unless I'm mistaken, I've got a jailbreak working. It's even dumber than before. -_-"

EDIT: Yep, it works. >_<". And when I say that it's dumb, it's *really* dumb. So dumb I'm amazed no one tried it before o_O. And my update to the packager work, so that's nice too .

UPDATE: Oops. Figured out why no one tried it before :P. It couldn't work on FW 2.x .

[isotherm]

Great! When will we be able to test it?

[NiLuJe]

It's attached in the Fonts/SS/Misc Hacks thread .

[Tiersten]

Quote:

Originally Posted by NiLuJe

EDIT: Yep, it works. >_<". And when I say that it's dumb, it's *really* dumb. So dumb I'm amazed no one tried it before o_O. And my update to the packager work, so that's nice too .

Huh. That is really simple. I always forget you can put symlinks into a tarball. I guess sometimes the "simple" ones are the hardest to find though since you automatically go nahhh... they wouldn't let us do that...

Nice work

[NiLuJe]

That's actually what the previous jb did, only it did it from an official signed update script that ran like a proper update after the misc. .bin parsing [Said update then failed horribly because obviously we didn't bundle the patches & stuff, so the patching process in itself failed, but the tarball had already been unpacked, so we were good]. Turns out we didn't even need to go there at all on fw 3.x ^^.

EDIT: USBNet updated in the Fonts thread. .

[isotherm]

Awesome, usbNetwork works! I can work on hotkeys again...

With wifi, it seems we can just connect to our devices over the network, even if they're not plugged into the computer. I'm trying this now, but want to make sure I get the security right. By the same token, be careful now when enabling "auto" mode of usbNetwork. You might not want everyone to be able to telnet to your Kindle, if you happen to connect it to your computer at a hotspot!

[NiLuJe]

Yeah, I haven't looked at the WiFi at all yet, I guess there's some iptables trickery involved to get somewhere? (Not that familiar with iptables myself, unfortunately :/).

But, yeah, getting something like SSHFS working over wifi would be kinda nice .

[ecostin]

Quote:

Originally Posted by NiLuJe

Okay. I'm stupid.

Unless I'm mistaken, I've got a jailbreak working. It's even dumber than before. -_-"

EDIT: Yep, it works. >_<". And when I say that it's dumb, it's *really* dumb. So dumb I'm amazed no one tried it before o_O. And my update to the packager work, so that's nice too .

This is incredible! Whoever at lab126 has chosen the tar source code (busybox, whatever) should search for another job, like programmer at Microsoft ...

To everybody - apply this soon, a new update might bring a real GNU tar binary and this JB would no longer work.

Great job!!

[ecostin]

Quote:

Originally Posted by NiLuJe

Yeah, I haven't looked at the WiFi at all yet, I guess there's some iptables trickery involved to get somewhere? (Not that familiar with iptables myself, unfortunately :/).

But, yeah, getting something like SSHFS working over wifi would be kinda nice .

The iptables default INPUT policy is DENY, with the exception of the trojan port 40317. iptables -P INPUT ACCEPT changes this and it can be accessed via both WIFI and USB-NET (and 3G, of course). Binaries (target armv6l works very well, no libs required) for ssh/dropbear, strace can be found at:
http://impactlinux.com/fwl/downloads/binaries/extras/

[NiLuJe]

Thanks! I'll take a look at iptables to do something a bit less 'wide-open' for SSH/TelNet in the USBNet script