My recovered kindle touch registered with amazon, and now it has special offers again. I suppose I need to erase my mmc when I do the step-by-step documentary video...
The keys are MfgTool to get to fastboot, fastboot to flash all but mmcblk0p1, diags to export USB drive and add ENABLE_DIAGS and other recovery files, data.tar.gz to get to RUNME.sh (after rebooting), and RUNME.sh in diags mode (after rebooting again) to copy mmcblk0p1.img from usb drive to UNMOUNTED main partition.
The real secret to success is NOT writing data to a partition with open files (i.e. not booted). And not trusting fastboot that says it truncated the "too big" partition 1 image and still returns "success" (quickly)...
The first boot installs the data.tar.gz payload. The second reboot runs RUNME.sh. Not too difficult. I will try to automate most stuff by preinstalling it in image files. Jailbreak and developer keys will already be in the main boot image. dropbear will already be in both main and diags boot images. The root password will be set to a safe default (or an identical no-salt DES like the original will be computed and updated during the RUNME.sh phase).
At some point, when the overlay file system is ready for "prime time", we can have that preinstalled to.
What other hacks should come preinstalled in our image files? Of course, the hack parts that go on the usb drive will be put there during the RUNME.sh phase. And the data.tar.gz can probably put all the files on the usb drive except itself. RUNME.sh can change bootmode and reboot automatically as needed. Because writing the main boot partition can take up to a half hour (like mine did, probably because the battery was low), I thing a background process keeping a progress bar active on the display would be good too -- it could be a simple countdown timer based on estimated time (30 minutes?).
Last edited by geekmaster; 02-28-2012 at 04:25 AM.