Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > E-Book Readers > Amazon Kindle > Kindle Developer's Corner

Notices

Reply
 
Thread Tools Search this Thread
Old 06-17-2015, 07:12 AM   #1
therful
Junior Member
therful began at the beginning.
 
Posts: 6
Karma: 10
Join Date: Jun 2015
Device: none
Question What firmware does the PW2 currently ship with?

I'm debating of whether to buy a PW2 or a Kobo ereader. Whether I can jailbreak the kindle is a big factor in my decision. Does anyone know what firmware a brand new PW2 ships with?
therful is offline   Reply With Quote
Old 06-17-2015, 07:17 AM   #2
knc1
Helpdesk Junkie
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 7,828
Karma: 6975338
Join Date: Feb 2012
Device: Too many.
Quote:
Originally Posted by therful View Post
I'm debating of whether to buy a PW2 or a Kobo ereader. Whether I can jailbreak the kindle is a big factor in my decision. Does anyone know what firmware a brand new PW2 ships with?
Sure, the Amazon production manager does.

But you can bet it is a version in the 5.6.x firmware series.

And (so far) you can jail break **any** Amazon firmware over the serial port.
knc1 is online now   Reply With Quote
 
Advertisement
Old 06-17-2015, 07:47 AM   #3
therful
Junior Member
therful began at the beginning.
 
Posts: 6
Karma: 10
Join Date: Jun 2015
Device: none
Quote:
Originally Posted by knc1 View Post
Sure, the Amazon production manager does.

But you can bet it is a version in the 5.6.x firmware series.

And (so far) you can jail break **any** Amazon firmware over the serial port.
Thanks for the speedy reply.
Unfortunately I'm not quite comfortable opening it up and soldering.
Just out of curiosity, is there anyone working on a 'serial-less' jailbreak?
therful is offline   Reply With Quote
Old 06-17-2015, 08:44 AM   #4
knc1
Helpdesk Junkie
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 7,828
Karma: 6975338
Join Date: Feb 2012
Device: Too many.
Quote:
Originally Posted by therful View Post
- - - -
Just out of curiosity, is there anyone working on a 'serial-less' jailbreak?
The common practice here is to only announce results.

But I suspect not (the technical picture is pretty hopeless), although I could be wrong.
knc1 is online now   Reply With Quote
Old 06-17-2015, 05:06 PM   #5
leroti
Junior Member
leroti began at the beginning.
 
Posts: 2
Karma: 10
Join Date: Jun 2015
Device: Kindle Paperwhite 2
Quote:
Originally Posted by knc1 View Post
The common practice here is to only announce results.

But I suspect not (the technical picture is pretty hopeless), although I could be wrong.
Can you point me to some threads discussing the technical picture post-5.6 update? I have read a lot about how it is pretty hopeless, but haven't found the technical reasons behind this lament.

Unfortunately for the OP - I was also hit by the silent upgrade and have found that PW2s from Best Buy & Fry's were already upgraded to 5.6+, I'd assume that AMZN direct would be current.
leroti is offline   Reply With Quote
Old 06-17-2015, 08:03 PM   #6
knc1
Helpdesk Junkie
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 7,828
Karma: 6975338
Join Date: Feb 2012
Device: Too many.
Quote:
Originally Posted by leroti View Post
Can you point me to some threads discussing the technical picture post-5.6 update?

I have read a lot about how it is pretty hopeless, but haven't found the technical reasons behind this lament.

- - - -
Not really, there wasn't much discussion, just the presentation of the accomplishment.

The most details are to be found in the jail breaks themselves.
None of them are "binary without source", in fact, I don't think any of them have been "binaries".

The one jail break that targets the greatest number of devices and firmware versions ...
Ah, now there is an embarrassment to the "old hands" of the CS field (myself included - it put to shame my 50+ years in the field).

It used (uses) a system vulnerability well known to K&R (the developers of Unix - Linux is a " *nix like " system) -
That was (is) the use of a "poison filename".
I'll save you looking at the jb code - - -
That is when a filename is carefully crafted in such a way that the system executes the filename as if it was a system command line.
Makes for a really funny looking filename, but that is what it was (is).

Why the shame attached?
Nobody (myself included) thought to try such a well known system vulnerability several years earlier in the history of Kindle jail breaking.
(Super Duh...)

- - - - - -

The difficulty since Lab126 fixed the above major "oops" in their implementation are all based in the ownership and permission system that is part of all *nix-like systems.

Short of a major brain-fart on the part of the implementers, it is pretty secure (except for the case when there is physical access to the system operator's console - which is why computer systems lived (still live) in physically secure rooms).

Amazon has built/shipped some kernels with SE-Linux - - but they have never used those features that I know of.

You will have to web-search that term for the gory details, but briefly ....
SE-Linux puts the standard ownership and permission system on super steroids -
It is what NSA (the developers) think *nix-like system security should be like.

- - - -

NSA: USA's National Security Agency - -
These people take the security and access control of their own computer systems **SERIOUSLY**.

And yes, they run Linux - just like your e-book reader does.
knc1 is online now   Reply With Quote
Old 06-17-2015, 08:07 PM   #7
NiLuJe
BLAM!
NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.
 
NiLuJe's Avatar
 
Posts: 5,807
Karma: 5565083
Join Date: Jun 2010
Location: Paris, France
Device: Kindle 2i, 3g, 4, 5w, PW & PW2; Kobo H2O
Note that said poison filename worked because there is (was?) indeed a shiny system() call at some point of the various checks done by the support library used by the OTA updater.

That was 'fixed' by renaming all incoming .bin file w/ a random uuid in the 'update_<uuid>.bin' form, and that before said step.

----

We've (mostly) always used some kind of logic flaw in the OTA updater, because it started as (again, mostly) a simple shell script, and with most of the rest of the system being obfuscated java, that made it an obvious attack vector.

The fact that more recently, parts of its job have been off-loaded to C libraries put a serious dent in those kind of shenanigans, since none of us have any real skill in ARM assembly, which becomes kind of a basic requirement to look into things further.

Same with the other slightly less obvious attack vectors, they kind of require more specialized skills than simply poking at things with a stick for fun (which is basically where I sit, personally ^^).

Last edited by NiLuJe; 06-17-2015 at 08:17 PM.
NiLuJe is offline   Reply With Quote
Old 06-18-2015, 02:31 AM   #8
leroti
Junior Member
leroti began at the beginning.
 
Posts: 2
Karma: 10
Join Date: Jun 2015
Device: Kindle Paperwhite 2
Ah. Thank you for your explanation - you have clarified the situation for me. I, too, am of the poking with a stick persuasion, so I shall have to hope and wait for another mistake to be made.
leroti is offline   Reply With Quote
Old 06-18-2015, 07:33 AM   #9
knc1
Helpdesk Junkie
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 7,828
Karma: 6975338
Join Date: Feb 2012
Device: Too many.
That is a good summary - we are just waiting for another Lab126 mistake to be made.

And that may be a long wait, now that Amazon/Lab126 has started hiring professionals that know what they are doing.

In the early days (prior to ownership by Amazon), Lab126 would hire contractors from the pool of anyone who claimed they could type.
You know the sort -

You can find them on nearly any street corner holding a sign that reads:
"Will program for food."

To which this forum's answer was Geekmaster -
Who had **both** the technical training/professional experience and a very large collection of sharp sticks.
(Geekmaster has since gone on to other interests.)

Last edited by knc1; 06-18-2015 at 07:42 AM.
knc1 is online now   Reply With Quote
Old 06-18-2015, 10:07 AM   #10
dhdurgee
Zealot
dhdurgee knows what's going on.dhdurgee knows what's going on.dhdurgee knows what's going on.dhdurgee knows what's going on.dhdurgee knows what's going on.dhdurgee knows what's going on.dhdurgee knows what's going on.dhdurgee knows what's going on.dhdurgee knows what's going on.dhdurgee knows what's going on.dhdurgee knows what's going on.
 
Posts: 124
Karma: 25692
Join Date: Jun 2010
Device: Palm m500, Kindle 3 WiFi
Quote:
Originally Posted by knc1 View Post
To which this forum's answer was Geekmaster -
Who had **both** the technical training/professional experience and a very large collection of sharp sticks.
(Geekmaster has since gone on to other interests.)
Any possibility that he could be lured back, either by the challenge or other incentives?

Dave
dhdurgee is offline   Reply With Quote
Old 06-18-2015, 02:08 PM   #11
knc1
Helpdesk Junkie
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 7,828
Karma: 6975338
Join Date: Feb 2012
Device: Too many.
Offer a set of 64 K4 devices for his virtual Kindle wall.
knc1 is online now   Reply With Quote
Old 06-24-2015, 10:52 AM   #12
bulsa
Enthusiast
bulsa began at the beginning.
 
Posts: 28
Karma: 13
Join Date: Apr 2014
Device: Kindle PW
Do the new Kindles still ship this "who knows where they fetched this from" hacked together WebKit browser? It always looked to me like remote code execution just waiting to happen...

I just looked it up, the release they ship on the newest Kindle is four years old (1.4.2), there have to be some known bugs in there I think?
bulsa is offline   Reply With Quote
Old 06-24-2015, 12:53 PM   #13
knc1
Helpdesk Junkie
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 7,828
Karma: 6975338
Join Date: Feb 2012
Device: Too many.
Quote:
Originally Posted by bulsa View Post
Do the new Kindles still ship this "who knows where they fetched this from" hacked together WebKit browser? It always looked to me like remote code execution just waiting to happen...
- - - -
There used to be one, which allowed you to access a carefully crafted site and jail break your Kindle.

We did do our "responsible party" thing and notified Amazon of the security exception.
Amazon fixed that one in a hurry.

That was several years ago (the KT? maybe back then).
Which doesn't mean there aren't more to find.
knc1 is online now   Reply With Quote
Old 06-24-2015, 01:02 PM   #14
JSWolf
Resident Curmudgeon
JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.
 
JSWolf's Avatar
 
Posts: 40,738
Karma: 22931175
Join Date: Nov 2006
Location: Roslindale, Massachusetts
Device: Kobo Aura H2O, Sony PRS-650, Sony PRS-T1, nook STR, iPad 4, iPhone 5
Quote:
Originally Posted by therful View Post
I'm debating of whether to buy a PW2 or a Kobo ereader. Whether I can jailbreak the kindle is a big factor in my decision. Does anyone know what firmware a brand new PW2 ships with?
If your getting a Kindle is based on jailbreaking, then forget it. Since Kobo is your other choice, then go with Kobo. You can custom patch the Kobo firmware.
JSWolf is offline   Reply With Quote
Old 06-24-2015, 01:09 PM   #15
knc1
Helpdesk Junkie
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 7,828
Karma: 6975338
Join Date: Feb 2012
Device: Too many.
The PW2 is no longer shipping (at least in the US).

Will have to wait until next week to know what the PW3 ships with.
knc1 is online now   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Could not register Kindle PW2. (Firmware: 5.6.1.0.6 Serial: B0D4) Lenorav Amazon Kindle 12 04-27-2015 02:44 PM
Which one are you ordering: PW2 wifi or PW2 3G jocampo Amazon Kindle 37 08-18-2014 10:48 AM
Troubleshooting PW2, firmware 5.4.3.2, and Goodreads irandamay Amazon Kindle 0 06-02-2014 11:34 AM
Can PW2 update the official firmware after jal-break? lesca Kindle Developer's Corner 18 03-14-2014 09:05 AM
Firmware Update PW2: x-ray no longer available after firmware update 5.4.3? Cuchulainn Amazon Kindle 1 03-08-2014 03:16 AM


All times are GMT -4. The time now is 11:27 AM.


MobileRead.com is a privately owned, operated and funded community.