MobileRead Forums - View Single Post - Which hacks for a Kindle DX with a 3.2.1 firmware?

newman · 08-09-2015, 03:55 AM

knc1: I followed this http://source.netsurf-browser.org/ne...cs/QUICK-START guide, so I built 3.4-DEV from git. But my target site (instapaper.com) was not usable at all. Of course developers of NetSurf may fix it some day but I'd concentrate on paths I now find more viable (and SkipStone is not the case, thanks NiLuJe

).

To summarize, I started my "research" with 3.2.1 firmware on DXi, then easily updated to 3.3, so my current hope is to be able to update to 3.4 and then to 3.4.[1,2] where I believe TLS was enabled because I went through Amazon-published sources and a diffed libsoup sources between 3.4 and 3.4.1 (3.4.2 has no changes in all FOSS sources) and found this:

diff -pruN libsoup-3.4/libsoup/soup-gnutls.c libsoup-3.4.1/libsoup/soup-gnutls.c
--- libsoup-3.4/libsoup/soup-gnutls.c 2012-09-07 17:39:32.000000000 +0200
+++ libsoup-3.4.1/libsoup/soup-gnutls.c 2015-01-10 13:14:17.000000000 +0100
@@ -486,8 +486,8 @@ soup_ssl_wrap_iochannel (GIOChannel *soc
if (ret)
goto THROW_CREATE_ERROR;

- /* See http://bugzilla.gnome.org/show_bug.cgi?id=581342 */
- if (gnutls_priority_set_direct (session, "NORMAL:!VERS-TLS1.1:!VERS-TLS1.0", NULL) != 0)
+ /* Disabling SSL3 due to poodle vulnerability */
+ if (gnutls_priority_set_direct (session, "NORMAL:-VERS-SSL3.0", NULL) != 0)
goto THROW_CREATE_ERROR;

if (gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE,

They disabled SSL 3.0 but enabled TLS 1.0 and TLS 1.1 in priority list therefore I believe TLS 1.0 and TLS 1.1 were present in the library but effectively disabled by !VERS-TLS1.1:!VERS-TLS1.0 in the past. I am not sure about TLS 1.2, it may not be compiled in at all. WRT gnutls_priority_set_direct() content, it's the same from 3.0.1 to 3.4. (Thou, I still have no direct proof TLS works since no one with a K3 with 3.4.1+ verified that..)

If I was able to update to 3.4.1 the same way I did with 3.2.1→3.3 the problem for me would be fixed, I believe. However, when I try to update with 3.4, e.g. Update_kindle_3.4_B006.bin with byte at 0xC offset changed to 0x05, it proceeds to about 15 % and spits error with U006 code (What the code means? Filesystem hacked?) and then restarts.

I suspect it's because binary patching fails but I won't sure unless I am able to get the log which Kindle's update script from that .bin file creates. E.g.:

logmsg "C" "patch" "patchinfo=\"/usr/bin/pango-querymodules\"" "patch failure"

Does anyone know how to get to the log which is being filled in by logmsg()? Is there a way to write it to /mnt/us/ or at display at least?

08-09-2015, 03:55 AM	#18
newman homo viator Posts: 78 Karma: 252594 Join Date: May 2010 Device: Kindle DXi with 3.4.2 firmware, Kobo Glo HD	knc1: I followed this http://source.netsurf-browser.org/ne...cs/QUICK-START guide, so I built 3.4-DEV from git. But my target site (instapaper.com) was not usable at all. Of course developers of NetSurf may fix it some day but I'd concentrate on paths I now find more viable (and SkipStone is not the case, thanks NiLuJe ). To summarize, I started my "research" with 3.2.1 firmware on DXi, then easily updated to 3.3, so my current hope is to be able to update to 3.4 and then to 3.4.[1,2] where I believe TLS was enabled because I went through Amazon-published sources and a diffed libsoup sources between 3.4 and 3.4.1 (3.4.2 has no changes in all FOSS sources) and found this: diff -pruN libsoup-3.4/libsoup/soup-gnutls.c libsoup-3.4.1/libsoup/soup-gnutls.c --- libsoup-3.4/libsoup/soup-gnutls.c 2012-09-07 17:39:32.000000000 +0200 +++ libsoup-3.4.1/libsoup/soup-gnutls.c 2015-01-10 13:14:17.000000000 +0100 @@ -486,8 +486,8 @@ soup_ssl_wrap_iochannel (GIOChannel soc if (ret) goto THROW_CREATE_ERROR; - / See http://bugzilla.gnome.org/show_bug.cgi?id=581342 / - if (gnutls_priority_set_direct (session, "NORMAL:!VERS-TLS1.1:!VERS-TLS1.0", NULL) != 0) + / Disabling SSL3 due to poodle vulnerability */ + if (gnutls_priority_set_direct (session, "NORMAL:-VERS-SSL3.0", NULL) != 0) goto THROW_CREATE_ERROR; if (gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, They disabled SSL 3.0 but enabled TLS 1.0 and TLS 1.1 in priority list therefore I believe TLS 1.0 and TLS 1.1 were present in the library but effectively disabled by !VERS-TLS1.1:!VERS-TLS1.0 in the past. I am not sure about TLS 1.2, it may not be compiled in at all. WRT gnutls_priority_set_direct() content, it's the same from 3.0.1 to 3.4. (Thou, I still have no direct proof TLS works since no one with a K3 with 3.4.1+ verified that..) If I was able to update to 3.4.1 the same way I did with 3.2.1→3.3 the problem for me would be fixed, I believe. However, when I try to update with 3.4, e.g. Update_kindle_3.4_B006.bin with byte at 0xC offset changed to 0x05, it proceeds to about 15 % and spits error with U006 code (What the code means? Filesystem hacked?) and then restarts. I suspect it's because binary patching fails but I won't sure unless I am able to get the log which Kindle's update script from that .bin file creates. E.g.: logmsg "C" "patch" "patchinfo=\"/usr/bin/pango-querymodules\"" "patch failure" Does anyone know how to get to the log which is being filled in by logmsg()? Is there a way to write it to /mnt/us/ or at display at least?