Quote:
Originally Posted by tommytomtom
one more update...
My heart was close to getting an attack when I saw the message: "Download update.bin?" Unfortunately it didn't download it as update.bin, showed it being successfully downloaded as "update.bin%3Ctest.mobi" because I tried to download update.bin<test.mobi, but actually I couldn't find a file being downloaded at all. Any idea what happens if the browser "thinks" it actually downloaded something but it did not save it anywhere? Anyhow, so it looks like some kind of code injection works in the browser, unfortunately, I tried a lot and still didn't succeed  Maybe somebody else has an idea? maybe the browser has some kind of download command?
Another idea I have (I unfortunately have no knowledge in that field) is to push an update directly to the kindle by rerouting the connection to the amazon server and make the kindle auto update. It is intresting anyhow way the kindle things it has the current firmware version wit 5.2.0 (1750160011). |
And package up a 5.2.2 version update package with "poison" in its file name?
It will not "update" - since it will not be signed by Amazon's key, but the system will have to open it to find that out.
And doing a system function such as "open" on the poison name is all that should be required.