View Single Post
Old 06-30-2015, 05:12 PM   #1
knc1
Going Viral
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
PW3 - First Look

Model: G090 G090 G1 : Wifi Only : USA (No, I did not typo that first character, it is "G")
Firmware: 5.6.1.1

The following is written for the Linux command line.

People with Windows can use Win32 Disk Imager to create a raw image file of USB storage.
https://sourceforge.net/projects/win32diskimager/
For people using that disk imager, the following step-by-step is just FYI.

A computer with MacOSx on it can not be used because Spotlight will write metadata index files on the Kindle's USB storage as soon as it is attached.


If submitting this image for study by our developers, please include:
Firmware version number shown in 'device info'
First six characters of the device's serial number (which encodes the model number only).
Something like this:
<nickname_here>_<firmware_version>_<first_six_char acters>.raw
Then compress that file (zip, gzip, etc) and post where a copy can be downloaded.
  1. Ensure your WiFi AP is off
    It is going to try to call home.
  2. Connect USB cable from PC
    Would probably have been better if I had waited until later.
    But this is the way I did it this time.
  3. Wake with right corner magnet
    Should be same as waking with power button.
  4. Device comes on
    Just wait while it does its "run once" things.
  5. Pick language panel
    touch your language
    touch next
  6. Introduction panel
    touch get started
  7. Wifi connection panel
    touch Complete Kindle setup later (lower right corner)
    touch Confirm setup later
  8. Check dmesg
    Code:
    [1568595.764022] usb 1-2: new high speed USB device number 13 using ehci_hcd
    [1568595.905367] scsi15 : usb-storage 1-2:1.0
    [1568596.905277] scsi 15:0:0:0: Direct-Access     Kindle   Internal Storage 0100 PQ: 0 ANSI: 2
    [1568596.911991] sd 15:0:0:0: Attached scsi generic sg5 type 0
    [1568596.919365] sd 15:0:0:0: [sde] Attached SCSI removable disk
    When (re-)starting with the cable connected to pc, only discovery and hot-plug runs.
    Notice that the file system level never was triggered (no report on partition table).
  9. Check mounts
    Not mounted;
    The storage area copy-out could probably be done at this point, but I did not do it.
  10. Remove cable, re-connect cable
    Now the complete discover, attach, and mount appears to have run.
    PC's automation puts up a file browser on the new Kindle device.
  11. Check dmesg.
    Just to be certain the device is in the expected state.
    Code:
    [1569527.184998] usb 1-2: USB disconnect, device number 13
    [1569548.420016] usb 1-2: new high speed USB device number 14 using ehci_hcd
    [1569548.561239] scsi16 : usb-storage 1-2:1.0
    [1569549.561243] scsi 16:0:0:0: Direct-Access     Kindle   Internal Storage 0100 PQ: 0 ANSI: 2
    [1569549.564685] sd 16:0:0:0: Attached scsi generic sg5 type 0
    The discovery and hot-plug attachment part.
    Code:
    [1569549.568855] sd 16:0:0:0: [sde] 6385664 512-byte logical blocks: (3.26 GB/3.04 GiB)
    [1569549.675743] sd 16:0:0:0: [sde] Write Protect is off
    [1569549.675747] sd 16:0:0:0: [sde] Mode Sense: 0f 00 00 00
    [1569549.785754] sd 16:0:0:0: [sde] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
    [1569550.008455]  sde: sde1
    [1569550.225786] sd 16:0:0:0: [sde] Attached SCSI removable disk
    Immediately followed by the file system layer being run and partition(s) being auto-mounted.
  12. Get pop-up (on your PC)
    right click "Kindle"
    click unmount
    This leaves the Kindle storage still attached but the file system layer removed.
    That is, the storage is attached to the hardware system but is not in-use.
  13. Copy the USB user storage, backing store.
    Code:
     
    core2quad pw3 $ sudo dd if=/dev/sde bs=4096 of=pw3-20150630.bin
    798208+0 records in
    798208+0 records out
    3269459968 bytes (3.3 GB) copied, 330.758 s, 9.9 MB/s
    Notice that the copy is made from the raw device. This is intentional, since we want a copy of the complete backing store, storage area.
    I.E: Including the MBR, partition table, partitioned area and any non-partitioned areas.
  14. Check the result
    Code:
    core2quad pw3 $ file pw3-20150630.bin
    pw3-20150630.bin: x86 boot sector; partition 1: ID=0xb, starthead 1, startsector 16, 6385648 sectors, extended partition table (last)\011, code offset 0x0
  15. Eject removable media
    Either from a GUI file browser or with a umount command from a terminal
  16. Check that Kindle survived
    touch top of screen to bring up menu bar
    touch Search
    enter: ;dm
    Yes Virginia, that command's first character is semi-colon.
    Expect the Kindle's logs to appear as four new documents.
  17. Done with the Kindle
    You can shut down the Kindle or use it however at this point.

    Make a compressed backup copy of the storage area image
    Code:
    core2quad pw3 $ sudo cp -a pw3-20150630.bin pw3-20150630.bak
    core2quad pw3 $ gzip pw3-20150630.bak
    core2quad pw3 $ ls -l pw3-*
    -rw-r--r-- 1 mszick mszick 1370901300 2015-06-30 23:59 pw3-20150630.bak.gz
    -rw-r--r-- 1 root   root   3269459968 2015-06-30 23:59 pw3-20150630.bin
*** Forensics Section ***

This section may be used as a guide to recoverying a damaged USB storage area.
This section uses the "testdisk" recovery utility.
Home site: http://www.cgsecurity.org/wiki/TestDisk

Now, back to our storage image file.

Note the relatively large size of the gzip'd backup file.
The gzip compression is better than that at compressing zeros.
So there are things written to the storage area that might be of interest.
  1. Find first available loop device.
    Code:
    core2quad pw3 $ sudo losetup -f
    /dev/loop0
  2. Access image as a file system.
    To mount this raw image as a file system, the command needs to skip the MBR area.
    From the output of the 'file' command above, we know that is 16 sectors (8192 bytes).
    Code:
    core2quad pw3 $ sudo losetup -o 8192 /dev/loop0 pw3-20150630.bin
    core2quad pw3 $ sudo mount /dev/loop0 /mnt/kpw
    core2quad pw3 $ ls /mnt/kpw/*
    
    /mnt/kpw/documents:
    dictionaries  Kindle_Users_Guide.azw3
    
    /mnt/kpw/system:
    acw  fonts  kll  readingstreams  Search Indexes  startactions  thumbnails  version.txt
    The testdisk utility can use an image file as input, but here we will setup the image file as the surface of a raw device.
  3. Undo the file system view setup
    Code:
    core2quad pw3 $ sudo umount /mnt/kpw
    core2quad pw3 $ sudo losetup -d /dev/loop0
  4. Turn image file into a raw disk surface
    Code:
    core2quad pw3 $ sudo losetup  /dev/loop0 pw3-20150630.bin
  5. Get current version of testdisk (for your machine)
    Ref: http://www.cgsecurity.org/wiki/TestDisk_Download
    Code:
    core2quad pw3 $ wget http://www.cgsecurity.org/testdisk-7.0.linux26.tar.bz2
    - - - -
    core2quad pw3 $ tar -xf testdisk-7.0.linux26.tar.bz2
    core2quad pw3 $ ls
    HowTo-Post.txt  pw3-20150630.bak.gz  pw3-20150630.bin  testdisk-7.0  testdisk-7.0.linux26.tar.bz2
    core2quad pw3 $ ls testdisk-7.0
    Android.mk  ChangeLog  documentation.html  fidentify_static  INFO  
    photorec.8       qphotorec.8  readme.txt  testdisk_static  VERSION
    AUTHORS     COPYING    fidentify.8         icons             jni   
    NEWS  photorec_static  README       testdisk.8  THANKS
    
    core2quad pw3 $ ln -s testdisk-7.0/testdisk_static testdisk
  6. Find what can be found
    Giving testdisk the raw device created above.
    Ref: http://www.cgsecurity.org/wiki/TestD...e_file_for_FAT
    Code:
    core2quad pw3 $ sudo ./testdisk /dev/loop0
    TestDisk 7.0, Data Recovery Utility, April 2015
    Christophe GRENIER <grenier@cgsecurity.org>
    http://www.cgsecurity.org
  7. Now comes the fun, just follow the directions at the link given above.
    When you reach the: "is this a Vista format partition table" question, answer: yes
    Example result:
    Code:
    TestDisk 7.0, Data Recovery Utility, April 2015
    Christophe GRENIER <grenier@cgsecurity.org>
    http://www.cgsecurity.org
         FAT32 LBA                     16    6385663    6385648 [Kindle]
    Directory /
    
    >drwxr-xr-x     0     0         0 15-Jan-2015 17:17 system
     drwxr-xr-x     0     0         0 15-Jan-2015 17:16 documents
     -rwxr-xr-x     0     0         0 15-Jan-2015 17:17 testWrite.txt
     drwxr-xr-x     0     0         0  1-Jan-2000 00:25 _IAGNO~1
     -rwxr-xr-x     0     0         0 31-Dec-2014 23:07 testWrite.txt
     -rwxr-xr-x     0     0 621690031 16-Jun-2015 15:54 _PDATE~1.BIN
     -rwxr-xr-x     0     0 373060162  1-Jan-2000 00:23 data.stgz
Nice of Amazon/Lab126 that they are shipping the results of the hardware tests and the initial factory firmware install.

For how to take UPDATE~1.BIN apart, see the procedure used here:
https://www.mobileread.com/forums/sh...d.php?t=262234

Thanks Lab126!

Last edited by knc1; 11-11-2017 at 03:53 AM.
knc1 is offline   Reply With Quote