Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > E-Book Readers > Amazon Kindle > Kindle Developer's Corner

Notices

Reply
 
Thread Tools Search this Thread
Old 08-29-2010, 02:08 AM   #1
yifanlu
Kindle Dissector
yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.
 
Posts: 662
Karma: 475607
Join Date: Jul 2010
Device: Amazon Kindle 3
Usbnetwork/ssh on kindle 3?

I don't have a kindle 3 yet, but anyone got usbnetwork working yet? Or some other way to access root?

P.S: What I'm curious about is how the rootfs has changed. If you have ssh/telnet working, it'd be nice if you can gzip the root fs and PM it to me, because I would love to poke around the os. If you don't know how to gzip the root fs, just type this in a shell "tar cvzf /mnt/us/root.tar.gz /" and the archive should be on the fat32 USB storage.

Last edited by yifanlu; 08-29-2010 at 02:11 AM.
yifanlu is offline   Reply With Quote
Old 08-29-2010, 07:14 AM   #2
NiLuJe
BLAM!
NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.
 
NiLuJe's Avatar
 
Posts: 13,477
Karma: 26012492
Join Date: Jun 2010
Location: Paris, France
Device: Kindle 2i, 3g, 4, 5w, PW, PW2, PW5; Kobo H2O, Forma, Elipsa, Sage, C2E
I'll get right on that as soon as I get my K3 (Monday/Tuesday) .

Hopefully they won't have broken our actual jailbreak method...
NiLuJe is offline   Reply With Quote
Old 08-29-2010, 01:48 PM   #3
yifanlu
Kindle Dissector
yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.
 
Posts: 662
Karma: 475607
Join Date: Jul 2010
Device: Amazon Kindle 3
Quote:
Originally Posted by NiLuJe View Post
I'll get right on that as soon as I get my K3 (Monday/Tuesday) .

Hopefully they won't have broken our actual jailbreak method...
Do a quick ;debugOn and `help when you get it to see if "usbNetworking" is still a command. If so, good, if not, you may have to use the Serily TTL line to get root access
yifanlu is offline   Reply With Quote
Old 08-29-2010, 10:41 PM   #4
hondamarlboro
Enthusiast
hondamarlboro turned on, tuned in, and dropped out.hondamarlboro turned on, tuned in, and dropped out.hondamarlboro turned on, tuned in, and dropped out.hondamarlboro turned on, tuned in, and dropped out.hondamarlboro turned on, tuned in, and dropped out.hondamarlboro turned on, tuned in, and dropped out.hondamarlboro turned on, tuned in, and dropped out.hondamarlboro turned on, tuned in, and dropped out.hondamarlboro turned on, tuned in, and dropped out.hondamarlboro turned on, tuned in, and dropped out.hondamarlboro turned on, tuned in, and dropped out.
 
hondamarlboro's Avatar
 
Posts: 32
Karma: 35466
Join Date: Jul 2010
Location: Japan
Device: Kindle2, Kindle3, Kindle4, Kindle Touch, Kindle Fire
";debugOn" command successfully acceptable, but "`help" doesn't work Prefix of command may be changed...
hondamarlboro is offline   Reply With Quote
Old 08-29-2010, 11:26 PM   #5
hondamarlboro
Enthusiast
hondamarlboro turned on, tuned in, and dropped out.hondamarlboro turned on, tuned in, and dropped out.hondamarlboro turned on, tuned in, and dropped out.hondamarlboro turned on, tuned in, and dropped out.hondamarlboro turned on, tuned in, and dropped out.hondamarlboro turned on, tuned in, and dropped out.hondamarlboro turned on, tuned in, and dropped out.hondamarlboro turned on, tuned in, and dropped out.hondamarlboro turned on, tuned in, and dropped out.hondamarlboro turned on, tuned in, and dropped out.hondamarlboro turned on, tuned in, and dropped out.
 
hondamarlboro's Avatar
 
Posts: 32
Karma: 35466
Join Date: Jul 2010
Location: Japan
Device: Kindle2, Kindle3, Kindle4, Kindle Touch, Kindle Fire
New prefix of input for kindle3

Quote:
Originally Posted by hondamarlboro View Post
";debugOn" command successfully acceptable, but "`help" doesn't work Prefix of command may be changed...
Got one successfully!
After ";debugOn", hit "~help" in command line, not "`help". usbNetwork is still alive
hondamarlboro is offline   Reply With Quote
Old 08-30-2010, 10:26 AM   #6
NiLuJe
BLAM!
NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.
 
NiLuJe's Avatar
 
Posts: 13,477
Karma: 26012492
Join Date: Jun 2010
Location: Paris, France
Device: Kindle 2i, 3g, 4, 5w, PW, PW2, PW5; Kobo H2O, Forma, Elipsa, Sage, C2E
... And they broke our current jailbreak method.

The installer now wants a *signed* bundle file (.dat)...

I'm trying a few things right now, but I may have to pass the torch on this one...

EDIT: Worse. It wants *everything* signed, even if it's not listed in the bundle file. AFAICT, we're pretty much screwed.

Code:
100830:163929 system: I _otaupexec:def:processing update /mnt/us/update_jailbreak_k3g_install.bin
100830:163929 system: I _otaupexec:def:version is "FC02"
100830:163929 system: I _otaupexec:def:update image checksum OK
100830:163929 system: E _otaupexec:def:signature does not exist for "/tmp/.update-tmp.7378/update-adds.tar.gz"
100830:163930 system: E _otaupexec:def:signature verification failed
That was with a signed .dat from a minor official OTA update (without an update-adds.tar.gz). Without a signed dat:

Code:
100830:152004 system: I _otaupexec:def:processing update /mnt/us/update_jailbreak_k3g_install.bin
100830:152004 system: I _otaupexec:def:version is "FC02"
100830:152004 system: I _otaupexec:def:update image checksum OK
100830:152004 system: E _otaupexec:def:signature does not exist for "/tmp/.update-tmp.20788/update_jailbreak_k3g_install.dat"
100830:152005 system: E _otaupexec:def:signature verification failed
If anyone has an idea (software wise, because I guess we could always use the serial console and brute-force the root passwd...), I'm all ears... Until then, there's not much more I can do... ;/

EDIT²: Oops, forgot to attach the updated packager. (UPDATE: Moved the the packager thread)

EDIT Ter: Some random ideas I haven't checked out:

FB01 Manual updates. Don't know which scripts handle these, and if it's as much strict as otaup. And if we can roll proper manual updates with the current packager tool.
FD03 OTA updates. otaup handles these on the K2, but treats them the exact same way as FC02 updates.

UPDATE: Huh. Turns out, we didn't need to try so hard. We did have to update the packager though, .

Last edited by NiLuJe; 09-18-2010 at 05:39 PM.
NiLuJe is offline   Reply With Quote
Old 08-30-2010, 07:20 PM   #7
vega07
Enthusiast
vega07 is on a distinguished road
 
Posts: 48
Karma: 50
Join Date: Jul 2010
Device: Kindle 2
*cries*
vega07 is offline   Reply With Quote
Old 08-30-2010, 09:40 PM   #8
karthwyne
Connoisseur
karthwyne has a complete set of Star Wars action figures.karthwyne has a complete set of Star Wars action figures.karthwyne has a complete set of Star Wars action figures.karthwyne has a complete set of Star Wars action figures.karthwyne has a complete set of Star Wars action figures.
 
karthwyne's Avatar
 
Posts: 59
Karma: 480
Join Date: Jul 2010
Location: Atlanta, GA
Device: Kindle Wifi, Kindle US
Quote:
Originally Posted by vega07 View Post
*cries*
Agreed. Here's to hoping a method is found.
karthwyne is offline   Reply With Quote
Old 09-01-2010, 02:14 AM   #9
clarknova
Addict
clarknova plays well with othersclarknova plays well with othersclarknova plays well with othersclarknova plays well with othersclarknova plays well with othersclarknova plays well with othersclarknova plays well with othersclarknova plays well with othersclarknova plays well with othersclarknova plays well with othersclarknova plays well with others
 
clarknova's Avatar
 
Posts: 241
Karma: 2617
Join Date: Mar 2009
Location: Greenwood, SC
Device: Kindle 2
Quote:
Originally Posted by NiLuJe View Post
... And they broke our current jailbreak method.
Major bummer.


I've got a program running right now that's trying to brute force a sha 256 collision against known kindle checksums, but since nobody has ever found a sha 256 collision before, this method is stupidly far fetched.
clarknova is offline   Reply With Quote
Old 09-03-2010, 03:41 PM   #10
test011
Connoisseur
test011 can self-interpret dreams as they happen.test011 can self-interpret dreams as they happen.test011 can self-interpret dreams as they happen.test011 can self-interpret dreams as they happen.test011 can self-interpret dreams as they happen.test011 can self-interpret dreams as they happen.test011 can self-interpret dreams as they happen.test011 can self-interpret dreams as they happen.test011 can self-interpret dreams as they happen.test011 can self-interpret dreams as they happen.test011 can self-interpret dreams as they happen.
 
Posts: 65
Karma: 20728
Join Date: Jan 2010
Device: K2i, K3(B006), KT(WiFi)
Quote:
Originally Posted by vega07 View Post
*cries*
agreed.
test011 is offline   Reply With Quote
Old 09-03-2010, 07:00 PM   #11
markatlnk
Member
markatlnk began at the beginning.
 
Posts: 12
Karma: 10
Join Date: Aug 2010
Device: kindle 3
Would any of the PDF buffer overrun exploits work, I have a bunch of pdf files that will crash my K3.
markatlnk is offline   Reply With Quote
Old 09-03-2010, 07:08 PM   #12
yifanlu
Kindle Dissector
yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.
 
Posts: 662
Karma: 475607
Join Date: Jul 2010
Device: Amazon Kindle 3
Is the problem with getting shell through serial TTL really that you don't have the password? I know people read the kernel partition through uBoot, why not do the same for the root partition (/dev/mmcblk0p1), then modify passwd file, and re-flash it onto the kindle? (or do this with the initramfs)?

Also, here's variables dumped from the uBoot source from Amazon:
Quote:
#define CONFIG_EXTRA_ENV_SETTINGS \
"uboot_net=tftpboot 0x84000000 u-boot.bin\0" \
"uboot_serial=loady 0x84000000\0" \
"uboot_ram=go 0x84000000\0" \
"bootargs_diag=setenv bootargs tests=all\0" \
"diags_net=tftpboot 0x84000000 diagmon.uimage; run bootargs_diag; bootm 0x84000000\0" \
"diags_serial=loady 0x84000000; run bootargs_diag; bootm 0x84000000\0" \
"bootargs_base=console=ttymxc0,115200 mem=256M panic=10\0" \
"bootcmd_root_nfs=setenv bootargs $(bootargs_base) root=/dev/nfs rw nfsroot=$(nfsrootfs),v3,tcp rw ip=$(ipaddr):$(serverip):$(serverip):$(netmask):ma rio1 rootdelay=3\0" \
"bootcmd_root_mmc=setenv bootargs $(bootargs_base) root=/dev/mmcblk1p1 rw ip=none\0" \
"bootcmd_root_mvn=setenv bootargs $(bootargs_base) root=/dev/mmcblk0p1 rw ip=none\0" \
"bootcmd_kernel_nfs=nfs 0x87f40400 $(nfsrootfs)/uImage; bootm\0" \
"bootcmd_kernel_tftp=tftp 0x87f40400 uImage; bootm\0" \
"bootcmd_nfs=run bootcmd_root_nfs; run bootcmd_kernel_nfs\0" \
"bootcmd_flash=run bootcmd_root_mvn; run bootcmd_kernel_nor\0" \
"bootcmd_card=run bootcmd_root_mmc; run bootcmd_kernel_nor\0" \
"bootcmd_recovery=run bootcmd_root_recovery; run bootcmd_kernel_nor\0" \
"bootcmd_defaultflash=setenv bootargs; run bootcmd_kernel_nor\0" \
"bootcmd=bootm 0x87f40400\0" \
"testmem=mtest 0x80000000 0x86ffffff\0" \
"nfsrootfs=/nfsboot\0" \
"ethaddr=00:22:33:44:55:66\0" \
"cfgreset=protect off all ; erase " TOSTRING(CFG_ENV_ADDR) " +" TOSTRING(CFG_ENV_SECT_SIZE) "\0" \
"bootretry=-1\0" \

Last edited by yifanlu; 09-03-2010 at 07:20 PM.
yifanlu is offline   Reply With Quote
Old 09-04-2010, 07:43 PM   #13
Zafkin
Junior Member
Zafkin is on a distinguished road
 
Posts: 1
Karma: 70
Join Date: Sep 2010
Device: Kindle 3
The only issue is that there doesn't seem to be a simple way to access the main MMC partition from the provided u-boot - a custom initramfs solves that easily.

I've compiled an image to perform modifications quickly with a serial cable - available here http://dl.free.fr/pN6Hu6beI (gpl'ed kernel + /dev prepared with the devices list from the preloaded u-boot image + klibc utils + dropbear)

How to use it :

- Connect 3 wires to rx/tx/gnd (if you only have a 3.3V Serial-TTL converter like me, my Kindle didn't explode with a /2 voltage divider on TX - just for information), interrupt u-boot
- Upload the image with loady 0x84000000 and an Y-Modem client (minicom, hyperterminal)
- Boot the image with bootm 0x84000000
- After a few seconds you'll end up on a minimalist shell with no prompt
- Create a mount point with mkdir /root
- Mount the main partition with mount -t ext3 /dev/mmcblk0p1 /root
- Chroot to a better shell with chroot /root /bin/sh

From now on, you can do whatever you want - for example edit /etc/shadow with vi, then sync, exit the shell, and reboot. Just do it quickly, or find a way to disable the power management, otherwise it'll kick in and serial communication doesn't seem to wake up the device

For quick & dirty tests without the cable, I've included a (statically compiled & ugly) dropbear binary in /drop of the initramfs - remember to tweak the firewall in /etc/sysconfig/iptables if you want to use it. It'll be better to properly compile your own version though.

There is an account without password too, named default.
Zafkin is offline   Reply With Quote
Old 09-05-2010, 12:51 AM   #14
yifanlu
Kindle Dissector
yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.
 
Posts: 662
Karma: 475607
Join Date: Jul 2010
Device: Amazon Kindle 3
So you got shell access? Can you please do me a favor and send me a copy of the root fs, so I can play around with it before I get my kindle 3? Thank you !
yifanlu is offline   Reply With Quote
Old 09-06-2010, 04:03 AM   #15
blkhawk
Bit Wrangler
blkhawk is far, far better than a slap in the face with a wet fish.blkhawk is far, far better than a slap in the face with a wet fish.blkhawk is far, far better than a slap in the face with a wet fish.blkhawk is far, far better than a slap in the face with a wet fish.blkhawk is far, far better than a slap in the face with a wet fish.blkhawk is far, far better than a slap in the face with a wet fish.blkhawk is far, far better than a slap in the face with a wet fish.blkhawk is far, far better than a slap in the face with a wet fish.blkhawk is far, far better than a slap in the face with a wet fish.blkhawk is far, far better than a slap in the face with a wet fish.blkhawk is far, far better than a slap in the face with a wet fish.
 
blkhawk's Avatar
 
Posts: 31
Karma: 93324
Join Date: Sep 2010
Device: Oasis
A short Powerbutton slide triggers a wakeup from sleep.

-blkhawk
blkhawk is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Kindle 3.0.1 firmware and usbNetwork bmf Kindle Developer's Corner 15 10-18-2010 06:12 PM
Hacks Kindle 2 - Firmware 2.5.4 - usbNetwork Zaidi Amazon Kindle 8 10-06-2010 08:23 AM
How do I mount Kindle DX rootfs on a Mac - usbNetwork needed? software.enginee Kindle Developer's Corner 14 06-08-2010 03:20 PM
SSH to Kindle Zorz Kindle Developer's Corner 16 01-15-2010 01:18 AM
Kindle + SSH? Elegant Forkbomb Amazon Kindle 3 03-05-2009 08:12 AM


All times are GMT -4. The time now is 11:03 AM.


MobileRead.com is a privately owned, operated and funded community.