12-10-2011, 04:51 PM | #1 |
doofus
Posts: 2,521
Karma: 13088847
Join Date: Sep 2010
Device: Kobo Libra 2, Kindle Voyage
|
Kindle Touch (K5) has been rooted!
http://www.the-digital-reader.com/20...it-runs-html5/
sorry if this is old news, but I don't see it here. The Touch has been rooted. Turns out K5 is written mostly in HTML5/Javascript, as opposed to Java on previous models. This means old hacks won't work, but it should be easier to write new hacks. The page says it should be possible to add epub support to the reader. Maybe add covers to the home screen, since it's just a web page apparently. I hate Java but HTML5/Javascript I can deal. Dang, too bad I can't use the touch. Maybe I need to rig something up... |
12-10-2011, 05:16 PM | #2 |
Junior Member
Posts: 3
Karma: 10
Join Date: Nov 2011
Device: Kindle, T1, 9" below $300
|
...and you can see the development right here:
https://www.mobileread.com/forums/sho...d.php?t=151537 people of this forum did excellent job! https://www.mobileread.com/forums/sho...d.php?t=158894 Last edited by pbook; 12-10-2011 at 05:19 PM. |
12-10-2011, 05:52 PM | #3 |
Resident Curmudgeon
Posts: 73,982
Karma: 128903378
Join Date: Nov 2006
Location: Roslindale, Massachusetts
Device: Kobo Libra 2, Kobo Aura H2O, PRS-650, PRS-T1, nook STR, PW3
|
I thought the new Kindles were K4 models of various flavors and not K5. So why is the K4 touch being called the K5 touch?
|
12-10-2011, 07:05 PM | #4 |
Kindle Dissector
Posts: 662
Karma: 475607
Join Date: Jul 2010
Device: Amazon Kindle 3
|
Technically the Kindle Touch can be called the "Kindle 5" Amazon never really gave numbers to any of the devices. However, Kindle 1 ran 1.0, K2 & DX ran 2.0, K3 ran 3.0, K4 (no keyboard) ran 4.0. The Touch runs 5.0.
|
12-11-2011, 02:15 AM | #5 |
eBook Enthusiast
Posts: 85,544
Karma: 93383043
Join Date: Nov 2006
Location: UK
Device: Kindle Oasis 2, iPad Pro 10.5", iPhone 6
|
It's the firmware version. The Kindle non-touch has v4.x firmware; the Kindle Touch has v5.x firmware.
Last edited by HarryT; 12-11-2011 at 03:38 AM. |
12-11-2011, 05:27 AM | #6 |
Wizard
Posts: 3,450
Karma: 10484861
Join Date: May 2006
Device: PocketBook 360, before it was Sony Reader, cassiopeia A-20
|
It is very scary.
Random mp3 can carry payload to do nasty things to the device. I wonder how many mp3 files designed to hijack your device are being distributed on the net at the moment. Can metadata in an e-book carry similar payload? |
12-11-2011, 05:31 AM | #7 |
eBook Enthusiast
Posts: 85,544
Karma: 93383043
Join Date: Nov 2006
Location: UK
Device: Kindle Oasis 2, iPad Pro 10.5", iPhone 6
|
Not to the best of my knowledge, but the simple answer is not to get MP3 files (or eBooks) from untrustworthy sources.
|
12-11-2011, 07:50 AM | #8 | |
Wizard
Posts: 3,450
Karma: 10484861
Join Date: May 2006
Device: PocketBook 360, before it was Sony Reader, cassiopeia A-20
|
Quote:
It only takes one distributor of audiobooks (just as an example) to get "creative" with protecting their "Intellectual Property" and you can get very nasty stuff installed on your Kindle. There are *so* many relatively trustworthy sources of legal mp3s, e-books, audiobooks and other stuff. Such as http://www.jamendo.com/en/ . I have discovered lots of great music through that site. Music that is NOT distributed by MAFIAA members. I consider this ability to run arbirtary code as root on device just by opening an mp3 file (and God knows what else!) to be a severe security risk. |
|
12-11-2011, 08:18 AM | #9 |
eBook Enthusiast
Posts: 85,544
Karma: 93383043
Join Date: Nov 2006
Location: UK
Device: Kindle Oasis 2, iPad Pro 10.5", iPhone 6
|
Even if the Kindle had a buffer overflow "exploit" in its MP3 player (and I've never heard anyone say that it does), do you really think that anyone is going to go to the trouble of adding code to an MP3 file which will execute on the extremely obscure ARM Freescale processor that the Kindle uses? I really, REALLY doubt it myself.
|
12-11-2011, 09:30 AM | #10 |
Wizard
Posts: 1,516
Karma: 2567610
Join Date: Oct 2009
Device: Kindles - Keyboard, Fire, 2-US, iPhone, iPAD
|
Great job Yifanlu and everybody else up there in the Developers forum who was messing around with it. I lurked off and on with your discussions in interest but most of your talk goes way beyond my comprehension.
Good job |
12-11-2011, 10:20 AM | #11 | |
Wizard
Posts: 3,450
Karma: 10484861
Join Date: May 2006
Device: PocketBook 360, before it was Sony Reader, cassiopeia A-20
|
Quote:
This is no obscure buffer overflow exploit. http://yifan.lu/2011/12/10/kindle-to...kroot-and-ssh/ Mp3 file contains tags. Such as name of singer or name of song. Those tags are displayed by player "application" that is, in reality, just a web browser window in disguise. Most of the menus and applications on Kindle touch are in fact HTML 5 pages with Java script and CSS. So the author of the hack simply inserted some Java script code into the mp3 tag and the browser happily displayed the tag - executing the Java script code (function called nativeBridge.dbgCmd(); that can execute any shell script as root) in the process without sanitising input. |
|
12-11-2011, 10:22 AM | #12 |
eBook Enthusiast
Posts: 85,544
Karma: 93383043
Join Date: Nov 2006
Location: UK
Device: Kindle Oasis 2, iPad Pro 10.5", iPhone 6
|
Thanks for that. It's interesting, but it doesn't worry me, because in order to do any harm, there would need to be a malicious script on your Kindle for the Javascript to execute. Javascript cannot create script files (or, indeed, any files).
Last edited by HarryT; 12-11-2011 at 10:35 AM. |
12-11-2011, 10:57 AM | #13 |
Kindle Dissector
Posts: 662
Karma: 475607
Join Date: Jul 2010
Device: Amazon Kindle 3
|
If an attacker wants to do something malicious, you would first have to download an MP3 from them. The XSS only works with the artist, title, or album field, all of which are easily seen from a modern operating system. If you're really worried, all you have to do is check those three fields before loading any downloaded music unto your Kindle. If you see <script> in any of the fields, don't use it.
Now of course, that's if the attacker is using the same exploit. There's no telling what other holes amazon left in the device. |
12-11-2011, 05:37 PM | #14 |
Connoisseur
Posts: 50
Karma: 10
Join Date: Dec 2011
Device: Kindle Touch
|
This sounds very exciting but a Kindle Touch is such a limited device. It isn't a tablet like the Fire. What can you do with a jailbroken Kindle (except the obvious-remove ads for free)? Has anyone made improvements to the interface of other Kindles that have been jailbroken? That would interest me.
|
12-11-2011, 07:22 PM | #15 |
Kindle Dissector
Posts: 662
Karma: 475607
Join Date: Jul 2010
Device: Amazon Kindle 3
|
Well, the device is only been freed for a day. Developers aren't magicians.
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Touch Problem with rooted touch nook | wafercat | Barnes & Noble NOOK | 5 | 09-26-2011 06:48 PM |
Touch Nook Rooted with some problems | wafercat | Android Developer's Corner | 0 | 09-20-2011 04:10 AM |
Rooted Nook Touch vs Kobo Touch? | producerism | Which one should I buy? | 20 | 09-09-2011 10:10 PM |
Problem with rooted touch nook | wafercat | Introduce Yourself | 3 | 09-02-2011 05:38 PM |
Touch Rooted Touch partitions | JSWolf | Nook Developer's Corner | 2 | 06-22-2011 10:26 AM |