Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > E-Book Readers > Amazon Kindle > Kindle Developer's Corner

Notices

Reply
 
Thread Tools Search this Thread
Old 08-16-2016, 02:34 PM   #3706
eschwartz
Ex-Helpdesk Junkie
eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.
 
eschwartz's Avatar
 
Posts: 19,422
Karma: 85397180
Join Date: Nov 2012
Location: The Beaten Path, USA, Roundworld, This Side of Infinity
Device: Kindle Touch fw5.3.7 (Wifi only)
@fennectech,

I advise you to read this link: http://xyproblem.info/

Then ask your question again.
eschwartz is offline   Reply With Quote
Old 08-16-2016, 07:02 PM   #3707
fennectech
Connoisseur
fennectech will become famous soon enoughfennectech will become famous soon enoughfennectech will become famous soon enoughfennectech will become famous soon enoughfennectech will become famous soon enoughfennectech will become famous soon enoughfennectech will become famous soon enough
 
Posts: 57
Karma: 748
Join Date: Aug 2016
Device: Kobo Clara HD, Kobo Clara E2, Kindle 4 Keyboard 3G
Reread the readme and found nothing about it being able to change the root password so i have to figure out a way to change it i have root access through kual scripts

Okay i see how do i get the root password after updating to the latest firmware (wich changes it from the standard mario) usbnetworking gives me the ssh server but its rather useless without the root password ive tried echoing replacement content /etc/shadow but that just makes it so /none/ of the accounts can log in ive been considering running kubrick copying /etc/shadow to /etc/shadow.bak and then updating and replacing /etc/shadow with the content of /etc/shadow.bak would that solve the issue of the firmware updates changing my password? last night i acheaved my ssh server over wifi but i still cannot get a root shell over it ive tried using kual scripts to change the password but that doesnt work ether (dunno why yet)

Last edited by fennectech; 08-16-2016 at 07:11 PM.
fennectech is offline   Reply With Quote
Advert
Old 08-16-2016, 07:11 PM   #3708
knc1
Going Viral
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
Do not double post on this forum.

Do read:
https://www.mobileread.com/forums/sho...postcount=1617

Do you need someone to post a picture of the 'enter' key so you can find it on your keyboard?

YOU DO NOT HAVE TO HAVE THE ROOT PASSWORD IF YOU FOLLOW DIRECTIONS
The USBnetwork package already handles that for you -
Just press the 'enter' key if you see a 'user/password' prompt from the kindle.

OH, wait, you still have to buy a keyboard that has a working 'enter' key.
You need to do that, it is an important key to have working on your keyboard.
knc1 is offline   Reply With Quote
Old 08-16-2016, 07:24 PM   #3709
eschwartz
Ex-Helpdesk Junkie
eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.
 
eschwartz's Avatar
 
Posts: 19,422
Karma: 85397180
Join Date: Nov 2012
Location: The Beaten Path, USA, Roundworld, This Side of Infinity
Device: Kindle Touch fw5.3.7 (Wifi only)
That would be the XY problem I spoke of.

But I have to learn of it from your other posts in other threads.


Okay, fine -- you clearly don't want to engage in a conversation with us about your problem. So we will stop responding to you, and let you post your thought processes in peace.

Just one request: please use your own personal thread. This one is supposed to be for getting help with the packages in the first post -- it is unfair to the other members to bump this thread (generating "new post" alerts).
eschwartz is offline   Reply With Quote
Old 08-16-2016, 08:17 PM   #3710
fennectech
Connoisseur
fennectech will become famous soon enoughfennectech will become famous soon enoughfennectech will become famous soon enoughfennectech will become famous soon enoughfennectech will become famous soon enoughfennectech will become famous soon enoughfennectech will become famous soon enough
 
Posts: 57
Karma: 748
Join Date: Aug 2016
Device: Kobo Clara HD, Kobo Clara E2, Kindle 4 Keyboard 3G
Quote:
Originally Posted by knc1 View Post
Do not double post on this forum.

Do read:
https://www.mobileread.com/forums/sho...postcount=1617

Do you need someone to post a picture of the 'enter' key so you can find it on your keyboard?

YOU DO NOT HAVE TO HAVE THE ROOT PASSWORD IF YOU FOLLOW DIRECTIONS
The USBnetwork package already handles that for you -
Just press the 'enter' key if you see a 'user/password' prompt from the kindle.

OH, wait, you still have to buy a keyboard that has a working 'enter' key.
You need to do that, it is an important key to have working on your keyboard.
well thats wierd i could swear i tried that before ANYWAYS ill have to find a way to lock this down as i cannot leave an SSH server running with no root pass xD
fennectech is offline   Reply With Quote
Advert
Old 08-16-2016, 09:41 PM   #3711
knc1
Going Viral
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
Quote:
Originally Posted by fennectech View Post
well thats wierd i could swear i tried that before ANYWAYS ill have to find a way to lock this down as i cannot leave an SSH server running with no root pass xD
Yes you can, it only works that way over the USB cable, and with the USB cable you have physical security.

I.E: You can see its entire length and are expected to notice if someone has spliced in a wire tap.

You are still having problems backing away from what you want done to think the situation through clearly.

You are not inventing computer science here, that is a known field and some of us have been practicing it for over a half of a century.

It is rather insulting for you to assume we haven't thought about and dealt with whatever seems to be a challenge to yourself.

Believe it or not,
there are people in this world with more knowledge and experience than yourself.

Last edited by knc1; 08-16-2016 at 09:44 PM.
knc1 is offline   Reply With Quote
Old 08-21-2016, 07:29 AM   #3712
nasser
Evangelist
nasser ought to be getting tired of karma fortunes by now.nasser ought to be getting tired of karma fortunes by now.nasser ought to be getting tired of karma fortunes by now.nasser ought to be getting tired of karma fortunes by now.nasser ought to be getting tired of karma fortunes by now.nasser ought to be getting tired of karma fortunes by now.nasser ought to be getting tired of karma fortunes by now.nasser ought to be getting tired of karma fortunes by now.nasser ought to be getting tired of karma fortunes by now.nasser ought to be getting tired of karma fortunes by now.nasser ought to be getting tired of karma fortunes by now.
 
nasser's Avatar
 
Posts: 475
Karma: 445678
Join Date: Feb 2010
Device: Too many..
ImageMagick vulnerability?

In my reading up on ImageMagick, I came across this:
https://imagetragick.com/

Are Kindles running the screensaver hack under risk? i.e by downloading a booby-trapped image? I would think(hope? ), that the Kindle OS mishmash of linux/java/javascript is too weird for any such exploit.

Some mitigation steps are suggested. I assume NiLuJe would've incorporated them into the latest build..?
nasser is offline   Reply With Quote
Old 08-21-2016, 08:20 AM   #3713
Yourcat
Groupie
Yourcat knows the way to San Jose.Yourcat knows the way to San Jose.Yourcat knows the way to San Jose.Yourcat knows the way to San Jose.Yourcat knows the way to San Jose.Yourcat knows the way to San Jose.Yourcat knows the way to San Jose.Yourcat knows the way to San Jose.Yourcat knows the way to San Jose.Yourcat knows the way to San Jose.Yourcat knows the way to San Jose.
 
Posts: 175
Karma: 54048
Join Date: Mar 2016
Device: PW3 5.6.5-usbnet
https://www.imagemagick.org/discours...=29588#p132726
'... We have secured the delegates in ImageMagick 7.0.1-9 and 6.9.4-7 by sanitizing the parameters. ...'
I assume old versions are vunerable. Anyhow I'm not sure whether gif, png and jpeg images can be used to exploit this bug. There may be a small number (~zero) of users using svg as screensaver images.
Yourcat is offline   Reply With Quote
Old 08-21-2016, 09:24 AM   #3714
knc1
Going Viral
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
Quote:
Originally Posted by Yourcat View Post
https://www.imagemagick.org/discours...=29588#p132726
'... We have secured the delegates in ImageMagick 7.0.1-9 and 6.9.4-7 by sanitizing the parameters. ...'
I assume old versions are vunerable. Anyhow I'm not sure whether gif, png and jpeg images can be used to exploit this bug. There may be a small number (~zero) of users using svg as screensaver images.
The first one mentioned is similar to the exploit used by the prior 'universal jail break' (although not via IM).

And it is not NiLuJe's that one need worry about, that one can not be run without a jail break (there is an execute prohibit on visible usb storage until jail broken).

The IM that ships as part of the system will certainly be old enough to be vulnerable.

So all you need to do is feed it a properly formated, "bad", screensaver image filename.
But stock Kindles do not accept custom screensavers on USB storage.

It might be worth checking if using the built-in image viewer to view files from /images gives access to the built-in convert command vulnerability.
knc1 is offline   Reply With Quote
Old 08-21-2016, 10:47 AM   #3715
nasser
Evangelist
nasser ought to be getting tired of karma fortunes by now.nasser ought to be getting tired of karma fortunes by now.nasser ought to be getting tired of karma fortunes by now.nasser ought to be getting tired of karma fortunes by now.nasser ought to be getting tired of karma fortunes by now.nasser ought to be getting tired of karma fortunes by now.nasser ought to be getting tired of karma fortunes by now.nasser ought to be getting tired of karma fortunes by now.nasser ought to be getting tired of karma fortunes by now.nasser ought to be getting tired of karma fortunes by now.nasser ought to be getting tired of karma fortunes by now.
 
nasser's Avatar
 
Posts: 475
Karma: 445678
Join Date: Feb 2010
Device: Too many..
The IM from lab126 is not available on customer image kindles.
It's only available on jailbroken kindles which have retained the factory image.
Or is it still available somewhere on fresh kindles?
nasser is offline   Reply With Quote
Old 08-21-2016, 11:43 AM   #3716
eschwartz
Ex-Helpdesk Junkie
eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.
 
eschwartz's Avatar
 
Posts: 19,422
Karma: 85397180
Join Date: Nov 2012
Location: The Beaten Path, USA, Roundworld, This Side of Infinity
Device: Kindle Touch fw5.3.7 (Wifi only)
The stock imageviewer is disabled (you can enable it using Collections Manager).
eschwartz is offline   Reply With Quote
Old 08-21-2016, 12:01 PM   #3717
knc1
Going Viral
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
Quote:
Originally Posted by nasser View Post
The IM from lab126 is not available on customer image kindles.
It's only available on jailbroken kindles which have retained the factory image.
Or is it still available somewhere on fresh kindles?
Thanks for the reminder.

I keep forgetting you are exploring factory_*_something for us.
knc1 is offline   Reply With Quote
Old 08-21-2016, 09:22 PM   #3718
NiLuJe
BLAM!
NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.
 
NiLuJe's Avatar
 
Posts: 13,477
Karma: 26012464
Join Date: Jun 2010
Location: Paris, France
Device: Kindle 2i, 3g, 4, 5w, PW, PW2, PW5; Kobo H2O, Forma, Elipsa, Sage, C2E
Thanks for the link, I somehow missed that batch of CVEs...

Yeah, current builds should use a saner-ish version, I'll probably tweak the delegates config just to be safe, though .

As was mentioned, irrelevant for vanilla devices, though, I'm not even sure IM is actually used by anything (it used to (or still does?) live in /usr/local, which should tell you something ).
NiLuJe is offline   Reply With Quote
Old 08-22-2016, 07:44 AM   #3719
nasser
Evangelist
nasser ought to be getting tired of karma fortunes by now.nasser ought to be getting tired of karma fortunes by now.nasser ought to be getting tired of karma fortunes by now.nasser ought to be getting tired of karma fortunes by now.nasser ought to be getting tired of karma fortunes by now.nasser ought to be getting tired of karma fortunes by now.nasser ought to be getting tired of karma fortunes by now.nasser ought to be getting tired of karma fortunes by now.nasser ought to be getting tired of karma fortunes by now.nasser ought to be getting tired of karma fortunes by now.nasser ought to be getting tired of karma fortunes by now.
 
nasser's Avatar
 
Posts: 475
Karma: 445678
Join Date: Feb 2010
Device: Too many..
Quote:
Originally Posted by NiLuJe View Post
...I'm not even sure IM is actually used by anything
...
The images in a book can be zoomed and panned. Could it be used for that?

Quote:
Originally Posted by NiLuJe View Post
...(it used to (or still does?) live in /usr/local, which should tell you something ).
/usr/local/bin which contains lab126's convert is empty in the customer image of current Kindles. Only the kindles jailbroken with the latest method have it intact. That too, only if they retain the initial factory image. An update to a later version would again wipe it out.
nasser is offline   Reply With Quote
Old 08-22-2016, 11:29 AM   #3720
Yourcat
Groupie
Yourcat knows the way to San Jose.Yourcat knows the way to San Jose.Yourcat knows the way to San Jose.Yourcat knows the way to San Jose.Yourcat knows the way to San Jose.Yourcat knows the way to San Jose.Yourcat knows the way to San Jose.Yourcat knows the way to San Jose.Yourcat knows the way to San Jose.Yourcat knows the way to San Jose.Yourcat knows the way to San Jose.
 
Posts: 175
Karma: 54048
Join Date: Mar 2016
Device: PW3 5.6.5-usbnet
Updating screensaver to the latest version is likely a good idea. Even though it seems that exploiting this bug using PNG or JPG images from within the ss code may be tricky. I assume that SVG or MVG images are not used by common users.
Yourcat is offline   Reply With Quote
Reply

Tags
fonts, fw3, hack, jailbreak 3.1, niluje's hacks, screensavers, usbnet

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
USB network can't connect Slusho64 Kindle Developer's Corner 22 01-23-2013 09:00 PM
USB Network help? XxKryoxX Kindle Developer's Corner 6 12-31-2012 08:47 AM
Is there a hacks to install Time to read feature in other Kindles ? Biberkopf Kindle Developer's Corner 1 11-27-2012 04:08 PM
Hacks DXG Font hacks ? nimblem Amazon Kindle 2 09-21-2010 03:35 PM
Font Hacks wildchild06241 Introduce Yourself 5 06-24-2010 08:08 PM


All times are GMT -4. The time now is 04:48 AM.


MobileRead.com is a privately owned, operated and funded community.