View Single Post
Old 02-19-2012, 10:04 PM   #1
Carpe diem, c'est la vie.
geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.
geekmaster's Avatar
Posts: 6,433
Karma: 10764602
Join Date: Nov 2011
Location: Multiverse 6627A
Device: K1 to PW3
Select Boot for K4 and Touch

UPDATE: Touch diags with SSH pre-installed! Download below. Fastboot for Windows, and Fastboot for Mac are now available in addition to the original Fastboot for Linux (download links below).

NOTE: This is not that difficult if you are careful. The following warning is not intended to strike fear into the hearts of mere mortals. Go ahead and use it if it will help you repair your bricked kindle. Just do not try things in fastboot or diagnostics that you do not understand, unless you are instructed to use them. For those who may find all the following English text difficult, here are step-by-step pictures showing how to install and use this tool:

CAUTION: Diagnostic mode and fastboot mode give you a lot of power to repair your kindle from otherwise unrepairable conditions, but they also allow you to do things that can make it worse. With great power comes great responsibility, so please be very careful when you are in fastboot mode or in diagnostics mode. When we provide step-by-step instructions, follow them carefully.

The following text describes a little about how to boot your kindle touch or k4nt into recovery mode, and from there to diagnostics or fastboot mode. You can also use this "Select Boot" tool to boot back to the main mode.

I will update this post as I get more tools ready.

Attached are links to the Freescale MfgTool for Windows, needed to download custom code over USB port into kindle RAM memory and run it in the kindle, while in USB Recovery (USB HID / USB Dowload) mode.

After unzipping the MfgTool into a folder of your choice, delete the folders from inside the Profiles folder, and copy the folders from inside the file into Profiles folder inside the MfgTool folder.

To get your kindle touch or k4nt into USB Recovery mode, plug in the USB cable, the press and hold the power switch until the power LED turns off, then press and hold the "Magic Key", then release the power switch, then release the "Magic Key". The "Magic Key" is a special button that is different on each model of kindle, and is used to enter USB Recovery mode.

Kindle Model, Magic Key:
Touch, Home button
K4NT, Five-Way Down button
K3, Volume Down button (different VID/PID).

When your kindle is in USB Recovery mode the first time, Windows will detect new hardware, and it should automatically install USB/HID device drivers. The Windows device drivers and other unused files were removed from the previously posted downloads, to reduce the download size from about 70 MB to 0.5 MB. If your version of Windows does not install USB/HID device drivers automatically, you can request them here.

Then start MfgTool.exe, select a bootmode Profile from the drop-down menu (diags, fastboot, or main), and press the Start button in MfgTool. If all goes well, your kindle should boot into the mode that you selected, where you can repair your kindle.

From diagnostics (diags mode), you can export your USB Drive so that you can add files to it to repair your kindle, such as data.tar.gz and a special file. If you have a K4NT, you can start SSH, and repair your kindle from a linux command shell. For a touch, I will provide additional tools and instructions. I recommend pushing a "reverse shell" using netcat (nc) to your host PC (similar to SSH), or crafting a special, to assist.

I will provide additional tools and instructions, but what I have attached is enough for developers to assist you. I have supplied 3 additional methods to get root shell on a kindle to various developers, none of which have been published yet.

If you boot to fastboot mode, you can use yifanlu's kindle fastboot tool to flash the diags partition with a copy of mmcblk0p2_ssh. Then boot to diags and use SSH to flash the main partition with mmcblk0p1. Please see the "simple debricking" sticky thread for details.

Good luck. So far, I have provided a way that requires familiarity with linux shell commands. Additional tools will be provided soon to simplify this, and minimize the risk.

Again, this will get simpler and safer in the future.


UPDATE: I have added a universal payload that should work with multiple kindles, if installed at /var/local/system/mntus.params, using whatever method is available for that device. For the K4NT and Touch, I have provided a data.tar.gz that contains my "universal" payload which launches on the USB drive if it exists and there is not a RUNME.done file. The launcher creates a RUNME.done file before starting, so that it will only run one time. To activate it so it can run again, delete RUNME.done from the USB Drive.

From the diagnostics menu, active USB Device Mode from the menu. Then copy (from the zip file) and data.tar.gz onto the kindle USB drive.

This just displays stuff on the screen to show that it works. Because this can be launched from main or diags mode, the script does not know which partition is root, so to copy files between them (like dropbear SSH) I recommend this:
mntroot rw
mkdir -p /mnt/main
mkdir -p /mnt/diag
mntroot ro
mount /dev/mmcblk0p1 /mnt/main
mount /dev/mmcblk0p2 /mnt/diag
*** copy stuff between /mnt/main/ and /mnt/diag/ as needed ***
umount /mnt/main
umount /mnt/diag
mntroot rw
rm -f /mnt/main
rm -f /mnt/diag
mntroot ro
If you have the USBnetwork (dropbear SSH) files on your touch main partition, you can copy them to diags above. Or if not installed yet, you can extract them using yifanlu's installer, and copy them where they belong on /mnt/main or /mnt/diag.

I was not able to test this version on my Touch, but it should work.

REMINDER: To launch again, you need to delete RUNME.done from the USB drive.

Please post your results.

Fastboot for Windows:

Fastboot for Mac:

Russian translation of my work:

Read the "simple debricking" thread too:

Kindle touch diags partition image (mmcblk0p2_ssh.img.gz) with pre-installed SSH: You should extract this partition image and install to the diags partition with fastboot. To use SSH, boot to diags and select menu options N) U) Z) X) then wait about 20 seconds for dropbear to start up. Then SSH in. The root password is mario.
Attached Files
File Type: zip (508.5 KB, 21089 views)
File Type: gz data.tar.gz (796 Bytes, 7475 views)
File Type: zip (249 Bytes, 5766 views)

Last edited by geekmaster; 07-12-2012 at 09:54 AM.
geekmaster is offline   Reply With Quote