FW 5.10.2-5.13.3 Software Jailbreak for PW4
 

:thanks: to coplate, knc1, NiLuJe, Branch Delay, SenorClean, hius07, et. al. without whom this wouldn't be possible.

This jailbreak method only works for PW4/Paperwhite 4/Paperwhite (2018)/Paperwhite (10th generation) Waterproof running firmware 5.13.3 or older.

This does NOT work on firmware 5.13.4 or newer. Make sure to skip wi-fi setup or go on airplane mode to prevent automatic updates.

This does NOT work on any Kindle aside from the PW4.

Note, for extracting the packages on Windows, I recommend 7-Zip.

This method has been tested working on new PW4 running stock firmware 5.12.4 or older and OTA updated PW4 running firmware 5.13.3 or older.

There is always a chance that you could brick your device. Use at your own risk.


Instructions

Steps:

1. Recommended: Do a factory reset on the PW4 if it's not fresh out of the box. This is more best practice and doesn't appear to be strictly necessary.
2. The latest FW 5.13.4 blocks this method. Make sure to skip wi-fi setup or go on airplane mode to prevent automatic updates.
3. Download the following diags update, connect the PW4 to PC via USB and copy the file to Kindle root, e.g. F:
   
   FW 5.10.1.3 Diags (this allows downgrading)
   https://mega.nz/file/fjYCAbxC#qGYDDn...lppriic_CB6oio
   
   md5: 5c777039919a95ff1c80c33a1e2c936b
   sha1: c1c612794851d103029bca4de65c3d7292a43ad8
   sha256: a24389861760522dd5803b641d561524ab051977c6c78c6e7e f4f013c4af204d
4. Install diags using Update your Kindle.
   Home -> Menu -> Settings -> Menu -> Update Your Kindle
5. After the PW4 reboots in diags mode, connect the PW4 to USB and copy the following factory firmware update to Kindle root.
   
   FW 5.10.1.3 Factory
   https://mega.nz/#!C2x3BATJ!qrjmx6KI1...N3JHaaw-da0VXQ
   
   md5: 538d939c2cb4f05c7952d33d5348f010
   sha1: 1cbe605b99d85b92031a9ce6fdd3a6f080489cbe
   sha256: 52e0a9067bf58ba835a4200f29560652b0ada9778a538ea433 d2e44a2a26755c
   
   *Note: USB mount fails on some Macs when running diags firmware. If this happens, please switch to a Windows or Linux PC for this step.
6. Safely disconnect the PW4 from USB and install the factory firmware by rebooting (long press power button until it reboots).
   *Note: This may take a long while. Just make sure battery has plenty of charge or plug it into USB power (DON'T use a PC; use a power brick instead).
   
7. After factory firmware is installed, you can now install the actual jailbreak. I attached a copy of the file to this post but to be safe, use the latest version of K5 Factory JailBreak (Factory FW) from NiLuJe's Snapshots thread.
   
   On Windows, you'll probably first need to extract kindle-jb-factory-*.tar.xz to get the tar file and then extract the resulting kindle-jb-factory-*.tar to get the main-htmlviewer.tar.gz file.
   Note: You'll probably need to do this double extraction for all packages from NiLuJe's Snapshots referenced later in this post.
   
   1. Copy the main-htmlviewer.tar.gz file as-is (i.e., don't unpack it) to the top level of the visible USB storage, and then eject & unplug your Kindle.
   2. In the search bar, type ;installHtml and press return.
   3. The device should then reboot automatically.
   4. A You are Jailbroken document will appear if the process was successful.
   5. If everything went according to plan, you can now safely delete both that document and the main-htmlviewer.tar.gz file
8. Download and install the current 'hotfix' (K5 JailBreak Hotfix from NiLuJe's Snapshots)
   1. Unarchive the release archive package.
   2. Connect Kindle to PC with the USB cable.
   3. Place the Update_jailbreak_hotfix_*_install.bin in the topmost, visible level of USB storage (alongside of /documents).
   4. Safely disconnect the PW4 from USB
   5. Home -> Menu -> Settings -> Menu -> Update Your Kindle
   6. Confirm
   7. Wait
9. You can now install "customer" firmware and the jailbreak will survive (up to 5.13.3 at least).
   *Note: You can use the KUAL Helper+ add-on to create update blockers that will work up to FW 5.11.x. Sadly, FW 5.12 and newer require more drastic methods so unless there's a feature on FW 5.12/13 you absolutely must have, I'd advise sticking to FW 5.11.x or lower.
   
   Here are links to some older firmwares.
   • https://s3.amazonaws.com/firmwaredow...2_5.10.1.3.bin (does not require downgrade step for re-jailbreak)
   • https://s3.amazonaws.com/firmwaredow..._v2_5.10.3.bin
   • https://s3.amazonaws.com/firmwaredow..._v2_5.11.2.bin
   • https://s3.amazonaws.com/firmwaredow..._v2_5.12.5.bin
   • https://s3.amazonaws.com/firmwaredow..._v2_5.13.3.bin
   Note: No need to install all of the above, just choose one.
10. Install MRPI and KUAL.
    
    1. Download the latest MR Package Installer from NiLuJe's Snapshots thread and (double) extract.
    2. Copy the extensions and mrpackages folders to the Kindle root (alongside the documents folder).
    3. Download the latest KUAL (coplate) from NiLuJe's Snapshots thread and (double) extract.
       
    4. Copy Update_KUALBooklet_44a61b6_install.bin (or whatever the latest version is) to the mrpackages folder on the Kindle.
    5. (Optional) You can also copy the various update*.bin KUAL Add-On packages to the mrpackages folder for installation at this point (e.g. python, linkss/screensaver, etc).
    6. Eject and unplug the Kindle.
    7. Enter ;log mrpi in the Homescreen's searchbar (in a similar fashion as what you had to do during the Jailbreak), and wait for MRPI to do its thing.

It's been a great time, more than one thousand instructions have been sent by my side to make users happier.
Thank you very much ilovejedd for your efforts! Life goes on!

OK,Pw 4 (FW 5.13.2) jailbreak successfully!

but until last week it was not a state secret closed by oath? Maybe as soon as a new firmware update comes out, the veils fall

I arrived to install Kual, Kual Helper, USB-Network and other packages and I don't remember if I installed the Hotfix, if I install it twice now, does something happen?

Hotfix is safe to install any time.

(Updated Sticky ;)).

Given that Amazon has now closed the loophole used by the jailbreak—you did notice that 5.13.4 is not jailbreakable by this method—the secrecy that attempted to extend the lifespan of this loophole is no longer necessary.

The *real* reason for the cloak and daggers is and always has been that having an *easy* method waiting in the wings is always a good thing to have when someone contacts us to start working on attempting to dig into punching a hole somewhere applicable for something more wide-release.

Obviously, that hasn't actually happened in a while, though ;).

(By which I mean, there's not been any actual attempts at anything since @BD. That was your usual reminder that if you want control over your device, don't get a Kindle.).

The problem (IMHO) is that while the loophole was kept secret, the fact the PW4 was able to be jailbroken was not kept secret and so Lab26 finally found the loophole and closed it. I think if the fact that the PW4 was able to be jailbroken, the loophole may not ha=ve bee fixed in 5.13.4.

The loophole wasn't actually kept secret at all, because there's no actual loophole.

Someone just happened to get a Kindle that slipped a QA step and knew what do to with that fact ;). And we got extremely lucky with the way that QA image was packaged (which may, in fact, have been a quick shortcut to make the QA process more streamlined at the time, e.g., release crunch).

It's entirely plausible that this happened to get fixed just because someone at lab126 was in the vicinity of the updater's code for whatever reason, looked at it and went: "well, that's dumb".

Incidentally, I think the Kindle that had it (a refurb) actually went through the QA process while most others didn't. :p

Interestingly enough, the diags firmware still passes initial version check so it's not automatically deleted on copy and still allows us to use Update Your Kindle via menu. I'm guessing there's a second verification check (at least as of 5.13.4) during the actual update install process which results in UPDATE ERROR: 12.

I tried installing the diags first on a jailbroken PW4 with 5.13.4 which had the PRE_GM_DEBUGGING_FEATURES_ENABLED__REMOVE_AT_GMC file and downgrade worked on that. Factory reset followed by upgrade to 5.13.4 removed JB and hotfix and after that, diags firmware would no longer install.

On a different note, there are several references to platform bellatrix on 5.13.4 so I do wonder if we're getting new Kindles soon.

Oh, yeah, means they only fixed the initrd updater, which is admittedly the only one that matters nowadays ;).

thank you very much!

Could this method be utilized for other kindle jailbreaking. I have two voyage I’d like to hack.