MobileRead Forums - View Single Post - Un-Demo Kindle Paperwhite

tommytomtom · 02-13-2014, 08:57 AM

I am stuck...

I was playing way too much around with it already! Still I unfortunately think a great hacker could do it! I will tell you guys what it did so far and I will try not to waste too much more time unless somebody gives me some ideas or hints or understanding of the kindle itself.

This is what I "accomplished"/found so far:

-Search Bar Shortcuts work (;311, ;411, ...), so one can get all kind of information like the kindle is running 5.2.0, stop the screensavers (~ds), but shipping mode does not work "Unable to enter shipping mode due to missing dictionary files", even though I downloaded them all, are there other dictionary files I should know about???
-Accessing the browser (searching wikipedia and NOT clicking "cancel" but just somewhere to get rid of the message that the browser is not part of this demo kindle, but then one can use the browser, connect to wifi and download .txt, .prc, .mobi and .azw files, also with "../test.txt" into the directory /mnt/us/. Furthermore one can see all files in the directory /mnt/us/ and its subdirectories with "file:///mnt/us"
-restart/reset the kindle: just use ;411 and then use the menu, this gets also rid of the stupid ads (maybe because I do not live in the us, maybe because I used different language that english in the beginning)
-almost access the settings menu: ;311 and there is the settings menu in the background. I imagine one could maybe click cancel and be lucky enough to click something in the settings menu right after
-files survive reboot/long idle/... this happened somehow, probably because the screensavers etc. are gone, however, I cannot switch it off other than making it restart

Well that is all I could figure out. What I want is to use some security hole in the kindle, more specifically the 5.2.0 firmware in order to download update*.bin as a bin and not as a .txt, restart and voilà! maybe somehow one could download a file with some javascript exploit with a different ending, use code injection or a too long filename in order to get a .bin file. Also, maybe one can put some script or something inside a .mobi, .prc or .azw file to manipulate something. Unfortunately I cannot create a MOBI8_DEBUG without one of those stupid file-type-endings that the browser want to handle.
Anyway, the device can be used to download mobi and one can read them on there...

Any idea is greatly appreciated!!! Thank you sooo much in advance

02-13-2014, 08:57 AM	#9
tommytomtom Enthusiast Posts: 49 Karma: 59420 Join Date: Feb 2012 Device: Kindle Touch	I am stuck... I was playing way too much around with it already! Still I unfortunately think a great hacker could do it! I will tell you guys what it did so far and I will try not to waste too much more time unless somebody gives me some ideas or hints or understanding of the kindle itself. This is what I "accomplished"/found so far: -Search Bar Shortcuts work (;311, ;411, ...), so one can get all kind of information like the kindle is running 5.2.0, stop the screensavers (~ds), but shipping mode does not work "Unable to enter shipping mode due to missing dictionary files", even though I downloaded them all, are there other dictionary files I should know about??? -Accessing the browser (searching wikipedia and NOT clicking "cancel" but just somewhere to get rid of the message that the browser is not part of this demo kindle, but then one can use the browser, connect to wifi and download .txt, .prc, .mobi and .azw files, also with "../test.txt" into the directory /mnt/us/. Furthermore one can see all files in the directory /mnt/us/ and its subdirectories with "file:///mnt/us" -restart/reset the kindle: just use ;411 and then use the menu, this gets also rid of the stupid ads (maybe because I do not live in the us, maybe because I used different language that english in the beginning) -almost access the settings menu: ;311 and there is the settings menu in the background. I imagine one could maybe click cancel and be lucky enough to click something in the settings menu right after -files survive reboot/long idle/... this happened somehow, probably because the screensavers etc. are gone, however, I cannot switch it off other than making it restart Well that is all I could figure out. What I want is to use some security hole in the kindle, more specifically the 5.2.0 firmware in order to download update*.bin as a bin and not as a .txt, restart and voilà! maybe somehow one could download a file with some javascript exploit with a different ending, use code injection or a too long filename in order to get a .bin file. Also, maybe one can put some script or something inside a .mobi, .prc or .azw file to manipulate something. Unfortunately I cannot create a MOBI8_DEBUG without one of those stupid file-type-endings that the browser want to handle. Anyway, the device can be used to download mobi and one can read them on there... Any idea is greatly appreciated!!! Thank you sooo much in advance