Thread: Font, ScreenSaver & USBNetwork Hacks for Kindle 2.x, 3.x & 4.x
View Single Post
Old 07-16-2015, 02:54 PM   #3568
knc1
Going Viral
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
I was wrong about the alternate browsers, none of them work on a (physical) keyboard device.

Do you have a few more example urls that do not work?
One is a sort of small sample.

I suspect the problem isn't usage of SSLv3, the only way that would fail is if the client (on DX) claimed to support **ONLY** SSLv3.
And since the built-in browser is a web-kit based browser, the chances of that are slim to none.

Note: The url in the post is http:// - - (port 80) which requires the browser to follow a redirect to https:// - - (port 443)
And the K2/DX/DXG browser has always had trouble with some redirects.

= = = = =
The following **is not** from a K2/DX/DXG -

Not working (limited to SSLv3 **only**):
Note: This may well be a IIS server (not Apache).

Code:
core2quad ~ $ openssl s_client -showcerts -ssl3 -connect www.m.wikipedia.org:443
CONNECTED(00000003)
3078097048:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1199:SSL alert number 40
3078097048:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:595:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : SSLv3
    Cipher    : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1437074016
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---
Works (TLSv1/SSLv3 - client specifies TLSv1):
Code:
core2quad ~ $ openssl s_client -showcerts -tls1 -connect www.m.wikipedia.org:443
CONNECTED(00000003)
depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization Validation CA - SHA256 - G2
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/C=US/ST=California/L=San Francisco/O=Wikimedia Foundation, Inc./CN=*.wikipedia.org
   i:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - SHA256 - G2

Spoiler: 



-----BEGIN CERTIFICATE-----
MIIHCzCCBfOgAwIBAgISESHn39nPHF6a1Z9BX22pH+JLMA0GCSqGSIb3DQEBCwUA
MGYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYD
VQQDEzNHbG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hB
MjU2IC0gRzIwHhcNMTUwNjIzMTgzNzA3WhcNMTcwMjE5MTIwMDAwWjB5MQswCQYD
VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5j
aXNjbzEjMCEGA1UEChMaV2lraW1lZGlhIEZvdW5kYXRpb24sIEluYy4xGDAWBgNV
BAMMDyoud2lraXBlZGlhLm9yZzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGs/
rQfolc/wmijswt03f30w2MaDcXO03N/FgJhKozJd2/XxFzJfDMC+lYrMFKBObLJN
mGWLafhF4+eSeAUlGtKjggRpMIIEZTAOBgNVHQ8BAf8EBAMCBaAwSQYDVR0gBEIw
QDA+BgZngQwBAgIwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2ln
bi5jb20vcmVwb3NpdG9yeS8wggKuBgNVHREEggKlMIICoYIPKi53aWtpcGVkaWEu
b3Jngg8qLm1lZGlhd2lraS5vcmeCDyoud2lraWJvb2tzLm9yZ4IOKi53aWtpZGF0
YS5vcmeCDyoud2lraW1lZGlhLm9yZ4IZKi53aWtpbWVkaWFmb3VuZGF0aW9uLm9y
Z4IOKi53aWtpbmV3cy5vcmeCDyoud2lraXF1b3RlLm9yZ4IQKi53aWtpc291cmNl
Lm9yZ4IRKi53aWtpdmVyc2l0eS5vcmeCECoud2lraXZveWFnZS5vcmeCECoud2lr
dGlvbmFyeS5vcmeCESoubS5tZWRpYXdpa2kub3JnghEqLm0ud2lraXBlZGlhLm9y
Z4IRKi5tLndpa2lib29rcy5vcmeCECoubS53aWtpZGF0YS5vcmeCESoubS53aWtp
bWVkaWEub3JnghsqLm0ud2lraW1lZGlhZm91bmRhdGlvbi5vcmeCECoubS53aWtp
bmV3cy5vcmeCESoubS53aWtpcXVvdGUub3JnghIqLm0ud2lraXNvdXJjZS5vcmeC
EyoubS53aWtpdmVyc2l0eS5vcmeCEioubS53aWtpdm95YWdlLm9yZ4ISKi5tLndp
a3Rpb25hcnkub3JnghQqLnplcm8ud2lraXBlZGlhLm9yZ4INbWVkaWF3aWtpLm9y
Z4INd2lraWJvb2tzLm9yZ4IMd2lraWRhdGEub3Jngg13aWtpbWVkaWEub3Jnghd3
aWtpbWVkaWFmb3VuZGF0aW9uLm9yZ4IMd2lraW5ld3Mub3Jngg13aWtpcXVvdGUu
b3Jngg53aWtpc291cmNlLm9yZ4IPd2lraXZlcnNpdHkub3Jngg53aWtpdm95YWdl
Lm9yZ4IOd2lrdGlvbmFyeS5vcmeCDXdpa2lwZWRpYS5vcmcwCQYDVR0TBAIwADAd
BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwSQYDVR0fBEIwQDA+oDygOoY4
aHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc29yZ2FuaXphdGlvbnZhbHNo
YTJnMi5jcmwwgaAGCCsGAQUFBwEBBIGTMIGQME0GCCsGAQUFBzAChkFodHRwOi8v
c2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc29yZ2FuaXphdGlvbnZhbHNo
YTJnMnIxLmNydDA/BggrBgEFBQcwAYYzaHR0cDovL29jc3AyLmdsb2JhbHNpZ24u
Y29tL2dzb3JnYW5pemF0aW9udmFsc2hhMmcyMB0GA1UdDgQWBBQIv82p7g/qMNMy
ay3f/2SkzIsj9zAfBgNVHSMEGDAWgBSW3mHxvRwWKVMcwMx9O4MAQOYafDANBgkq
hkiG9w0BAQsFAAOCAQEAA3V77aY1cA+RdRiC2Z+nZDYwF2VIDth/u1fAy2/46hzK
JvfP6UqvQW3ET1k/STKiFrLUdGht++PwxyN7JU2tPl4AbiY1c4x/zvUeY+s/vS2k
+ylBNyD0D+CO1w+RSUMla2VAZCpG+rdw0YLE9MOuB6lPDWRDnwBAIE0DyEXiy4EZ
f/cdExNQD9tegzQgLxMlgBZvxrSaIMkI3PcbVKEXrmPReGRxYavSppP/ep59rdCw
zm3/xJ+UrnPplc6BaiYwFr6Kcsv8FblQguqjjIXE+alriol94AddVB99ztUmgDNW
lH1Ofu1m2VAcAVZlTbxEodI0dT8qgFET7Zlvh6ic8Q==
-----END CERTIFICATE-----




In readable form:

Spoiler: 





	
Code:

	
core2quad KDX $ cat cert0.txt | openssl x509 -inform pem -noout -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:21:e7:df:d9:cf:1c:5e:9a:d5:9f:41:5f:6d:a9:1f:e2:4b
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2
        Validity
            Not Before: Jun 23 18:37:07 2015 GMT
            Not After : Feb 19 12:00:00 2017 GMT
        Subject: C=US, ST=California, L=San Francisco, O=Wikimedia Foundation, Inc., CN=*.wikipedia.org
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub: 
                    04:6b:3f:ad:07:e8:95:cf:f0:9a:28:ec:c2:dd:37:
                    7f:7d:30:d8:c6:83:71:73:b4:dc:df:c5:80:98:4a:
                    a3:32:5d:db:f5:f1:17:32:5f:0c:c0:be:95:8a:cc:
                    14:a0:4e:6c:b2:4d:98:65:8b:69:f8:45:e3:e7:92:
                    78:05:25:1a:d2
                ASN1 OID: prime256v1
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.2
                  CPS: https://www.globalsign.com/repository/

            X509v3 Subject Alternative Name: 
                DNS:*.wikipedia.org, DNS:*.mediawiki.org, DNS:*.wikibooks.org, \
                DNS:*.wikidata.org, DNS:*.wikimedia.org, DNS:*.wikimediafoundation.org, \
                DNS:*.wikinews.org, DNS:*.wikiquote.org, DNS:*.wikisource.org, \
                DNS:*.wikiversity.org, DNS:*.wikivoyage.org, DNS:*.wiktionary.org, \
                DNS:*.m.mediawiki.org, DNS:*.m.wikipedia.org, DNS:*.m.wikibooks.org, \
                DNS:*.m.wikidata.org, DNS:*.m.wikimedia.org, DNS:*.m.wikimediafoundation.org, \
                DNS:*.m.wikinews.org, DNS:*.m.wikiquote.org, DNS:*.m.wikisource.org, \
                DNS:*.m.wikiversity.org, DNS:*.m.wikivoyage.org, DNS:*.m.wiktionary.org, \
                DNS:*.zero.wikipedia.org, DNS:mediawiki.org, DNS:wikibooks.org, \
                DNS:wikidata.org, DNS:wikimedia.org, DNS:wikimediafoundation.org, \
                DNS:wikinews.org, DNS:wikiquote.org, DNS:wikisource.org, \
                DNS:wikiversity.org, DNS:wikivoyage.org, DNS:wiktionary.org, DNS:wikipedia.org
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl

            Authority Information Access: 
                CA Issuers - URI:http://secure.globalsign.com/cacert/gsorganizationvalsha2g2r1.crt
                OCSP - URI:http://ocsp2.globalsign.com/gsorganizationvalsha2g2

            X509v3 Subject Key Identifier: 
                08:BF:CD:A9:EE:0F:EA:30:D3:32:6B:2D:DF:FF:64:A4:CC:8B:23:F7
            X509v3 Authority Key Identifier: 
                keyid:96:DE:61:F1:BD:1C:16:29:53:1C:C0:CC:7D:3B:83:00:40:E6:1A:7C

    Signature Algorithm: sha256WithRSAEncryption
        03:75:7b:ed:a6:35:70:0f:91:75:18:82:d9:9f:a7:64:36:30:
        17:65:48:0e:d8:7f:bb:57:c0:cb:6f:f8:ea:1c:ca:26:f7:cf:
        e9:4a:af:41:6d:c4:4f:59:3f:49:32:a2:16:b2:d4:74:68:6d:
        fb:e3:f0:c7:23:7b:25:4d:ad:3e:5e:00:6e:26:35:73:8c:7f:
        ce:f5:1e:63:eb:3f:bd:2d:a4:fb:29:41:37:20:f4:0f:e0:8e:
        d7:0f:91:49:43:25:6b:65:40:64:2a:46:fa:b7:70:d1:82:c4:
        f4:c3:ae:07:a9:4f:0d:64:43:9f:00:40:20:4d:03:c8:45:e2:
        cb:81:19:7f:f7:1d:13:13:50:0f:db:5e:83:34:20:2f:13:25:
        80:16:6f:c6:b4:9a:20:c9:08:dc:f7:1b:54:a1:17:ae:63:d1:
        78:64:71:61:ab:d2:a6:93:ff:7a:9e:7d:ad:d0:b0:ce:6d:ff:
        c4:9f:94:ae:73:e9:95:ce:81:6a:26:30:16:be:8a:72:cb:fc:
        15:b9:50:82:ea:a3:8c:85:c4:f9:a9:6b:8a:89:7d:e0:07:5d:
        54:1f:7d:ce:d5:26:80:33:56:94:7d:4e:7e:ed:66:d9:50:1c:
        01:56:65:4d:bc:44:a1:d2:34:75:3f:2a:80:51:13:ed:99:6f:
        87:a8:9c:f1





1) elliptical curve (prime256v1) public key
2) TLS only

 1 s:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - SHA256 - G2
   i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA

Spoiler: 



-----BEGIN CERTIFICATE-----
MIIEaTCCA1GgAwIBAgILBAAAAAABRE7wQkcwDQYJKoZIhvcNAQELBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNDAyMjAxMDAw
MDBaFw0yNDAyMjAxMDAwMDBaMGYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
YWxTaWduIG52LXNhMTwwOgYDVQQDEzNHbG9iYWxTaWduIE9yZ2FuaXphdGlvbiBW
YWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDHDmw/I5N/zHClnSDDDlM/fsBOwphJykfVI+8DNIV0yKMCLkZc
C33JiJ1Pi/D4nGyMVTXbv/Kz6vvjVudKRtkTIso21ZvBqOOWQ5PyDLzm+ebomchj
SHh/VzZpGhkdWtHUfcKc1H/hgBKueuqI6lfYygoKOhJJomIZeg0k9zfrtHOSewUj
mxK1zusp36QUArkBpdSmnENkiN74fv7j9R7l/tyjqORmMdlMJekYuYlZCa7pnRxt
Nw9KHjUgKOKv1CGLAcRFrW4rY6uSa2EKTSDtc7p8zv4WtdufgPDWi2zZCHlKT3hl
2pK8vjX5s8T5J4BO/5ZS5gIg4Qdz6V0rvbLxAgMBAAGjggElMIIBITAOBgNVHQ8B
Af8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUlt5h8b0cFilT
HMDMfTuDAEDmGnwwRwYDVR0gBEAwPjA8BgRVHSAAMDQwMgYIKwYBBQUHAgEWJmh0
dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMDMGA1UdHwQsMCow
KKAmoCSGImh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5uZXQvcm9vdC5jcmwwPQYIKwYB
BQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNv
bS9yb290cjEwHwYDVR0jBBgwFoAUYHtmGkUNl8qJUC99BM00qP/8/UswDQYJKoZI
hvcNAQELBQADggEBAEYq7l69rgFgNzERhnF0tkZJyBAW/i9iIxerH4f4gu3K3w4s
32R1juUYcqeMOovJrKV3UPfvnqTgoI8UV6MqX+x+bRDmuo2wCId2Dkyy2VG7EQLy
XN0cvfNVlg/UBsD84iOKJHDTu/B5GqdhcIOKrwbFINihY9Bsrk8y1658GEV1BSl3
30JAZGSGvip2CTFvHST0mdCF/vIhCPnG9vHQWe3WVjwIKANnuvD58ZAWR65n5ryA
SOlCdjSXVWkkDoPWoC209fN5ikkodBpBocLTJIg1MGCUF7ThBCIxPTsvFwayuJ2G
K1pp74P1S8SqtCr4fKGxhZSM9AyHDPSsQPhZSZg=
-----END CERTIFICATE-----




---
Server certificate
subject=/C=US/ST=California/L=San Francisco/O=Wikimedia Foundation, Inc./CN=*.wikipedia.org
issuer=/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - SHA256 - G2
---
No client certificate CA names sent
---
SSL handshake has read 3270 bytes and written 343 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-ECDSA-AES128-SHA
Server public key is 256 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : ECDHE-ECDSA-AES128-SHA
    Session-ID: 7CA2E0E040F3E49C218B80DEF26F048C1331240C0C56F27CB14CDE4EAB7DC0C2
    Session-ID-ctx: 
    Master-Key: BA7721F5DA578363DDE1A3EBDBC44A5DDF52F5DDB282B3A0B8D6B830FCFAA174DAF0348F97C237D3E5BB1606DDFB5438
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1437074083
    Timeout   : 7200 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---
^C
Last edited by knc1; 07-17-2015 at 07:40 AM.
knc1 is offline   Reply With Quote