JAILBREAK FOR THE KINDLE PAPERWHITE2, BY YOSSARIAN17
====================================================

NOTE: THIS SCRIPT IS FOR HACKERS. IF YOU DON'T UNDERSTAND WHAT YOU
ARE DOING DON'T USE IT AND USE THE K5+PW1+PW2 JAILBREAK INSTEAD.

This script installs a jailbreak script in the kindle user directory.
The jailbreak script will be run automatically 2 minutes after the kindle
is ejected or can be started manually with:

    [Menu] -> Settings -> [Menu] -> Update Your Kindle

This script must be run in a terminal on a linux system. If you don't
have a linux installed you could use a live cd (Ubuntu, Knoppix, etc.)

The script can be used for three different types of jailbreak:

    1) open a root shell on the kindle
    2) run an arbitrary user script
    3) install the new K5+PW1+PW2 jailbreak by NiLuJe

The root shell jailbreak is the safest mode since it doesn't change anything
on the kindle (but it gives you enough rope to shoot yourself in the foot).

The Paperwhite1 jailbreak doesn't work out of the box on the Paperwhite2,
you should use the jailbreak script for K5+PW1+PW2 by NiLuJe which can be
downloaded from:

    http://www.mobileread.com/forums/showthread.php?t=186645

If you are on a windows pc you should download and use that jailbreak
script instead of my script.


USAGE
=====

    pw2-jailbreak [-k <kindle_dir>] [-u <update_bin>] [-j <kpw_jb_zip>]
    pw2-jailbreak [-k <kindle_dir>] [-u <update_bin>] -u <user_script>
    pw2-jailbreak [-k <kindle_dir>] [-u <update_bin>] -r <host> <port>

where:

    kindle_dir		is the directory where the kindle is mounted in linux.
    			If omitted the script will try to find the kindle in
			/proc/mounts.

    update_bin		is an optional kindle update file. If omitted the
    			script will use a fake ota update file, courtesy
			of NiLuJe.

    kpw_jb_zip		is the Paperwhite jailbreak by NiLuJe. If omitted
    			the script will try to download it.

    user_script		is a /bin/sh script which you want to run on the kindle

    host		is the ipaddr of your linux box where the kindle will
    			try to open a reverse shell

    port		is the port on your linux box for the reverse shell

If run without parameters the script will try to download and install the
Paperwhite1 jailbreak.

Note that there is a 2-3 minutes delay between the moment when you suspend
the kindle with the power button and the moment when the jailbreak script
is started. It is quite annoying but there is no way to avoid it. Please
be patient and don't resume the kindle before at least 3 minutes have passed
if there are no signs of activity on the screen.


OPENING A ROOT SHELL
====================

For this jailbreak you need nc (and rlwrap) installed on your linux system
and the kindle must be able to connect to linux over wifi. You should also
check that the listen port on linux is not blocked by some firewall.

1)  mount the kindle on your linux box

2)  run the command:

      pw2-jailbreak -r <host> <port>

    where host is the ip address of your linux as seen by the kinle
    and port is a non privileged port not in use. For example:

      pw2-jailbreak -r 192.168.1.13 8000

    After the jailbreak installation on the kindle the script will start
    a reverse shell server on linux and wait for a shell connection from
    the kindle.

3)  eject the kindle

4)  on the kindle disable Airplane Mode (enable wifi)

5)  press the power button and suspend the kindle

6)  wait 2-3 minutes until the kindle decides to run the jailbreak script
    or use the menu: [Menu] -> Settings -> [Menu] -> Update Your Kindle.
    After some time a kindle shell prompt should appear and you should be
    able to issue commands on the kindle and see output in the terminal.


RUNNING A USER SCRIPT
=====================

With this command you can run an arbitrary shell script on the kindle.

1)  mount the kindle on your linux box

2)  run the command:

      pw2-jailbreak -u <script>

    where script is a script file on linux which will be copied on the
    kindle and later run by the jailbreak.

3)  eject the kindle

4)  press the power button and suspend the kindle

5)  wait 2-3 minutes until the kindle decides to run the jailbreak script
    or use the menu: [Menu] -> Settings -> [Menu] -> Update Your Kindle.
    After some time the kindle should flash some messages on the screen to
    indicate that the script is running. There is no visible output from
    the script except a message that the script is started.


INSTALLING THE PW1 JAILBREAK
============================

With this command you can install the Paperwhite1 jailbreak on a Paperwhite2.
For more information on the PW1 jailbreak see the README file contained in
the kpw_jb.zip file.

1)  mount the kindle on your linux box

2)  run the command:

      pw2-jailbreak

    or

      pw2-jailbreak -j <kpw_jb_zip>

    where kpw_jb_zip is the path of kpw_jb.zip already downloaded on your
    linux.

3)  change the settings in the jailbreak.sh on the kindle if you want

4)  eject the kindle

5)  press the power button and suspend the kindle

6)  wait 2-3 minutes until the kindle decides to run the jailbreak script
    or use the menu: [Menu] -> Settings -> [Menu] -> Update Your Kindle.
    After some time the kindle should flash some messages on the screen to
    indicate that the script is running.


NOTES
=====

1)  This jailbreak script uses an ota update package created by NiLuJe
    and his jailbreak package.

2)  The jailbreak script is run on the kindle in the directory /mnt/us/.

3)  There is no console output but the script will write output to the log
    file /mnt/us/documents/jb-sh.txt which can be opened also on the kindle.

4)  This jailbreak should also work on the Paperwhite1, even with firmware
    versions where the previous kpw_jb.zip is no more working.

5)  This script is a proof of concept and a tool for experimenting with
    shell on the kindle. If you only need a jailbreak use the K5+PW1+PW2
    jailbreak by NiLuJe.

