Thread: Development support hardware
View Single Post
Old 05-20-2016, 11:04 PM   #56
Branch Delay
Connoisseur
Branch Delay ought to be getting tired of karma fortunes by now.Branch Delay ought to be getting tired of karma fortunes by now.Branch Delay ought to be getting tired of karma fortunes by now.Branch Delay ought to be getting tired of karma fortunes by now.Branch Delay ought to be getting tired of karma fortunes by now.Branch Delay ought to be getting tired of karma fortunes by now.Branch Delay ought to be getting tired of karma fortunes by now.Branch Delay ought to be getting tired of karma fortunes by now.Branch Delay ought to be getting tired of karma fortunes by now.Branch Delay ought to be getting tired of karma fortunes by now.Branch Delay ought to be getting tired of karma fortunes by now.
 
Posts: 95
Karma: 1699999
Join Date: Aug 2015
Device: Voyage
Quote:
Originally Posted by geekmaster View Post
I am in my 60's (which until recently I thought of as "approaching middle age") and I do not collect disability even though I have been eligible for it for decades. I have always been proud of my ability to support myself. Though these days daily life is a challenge, and little hope of keeping any sort of "normal job" for long. Though I can certainly accomplish great things, but in my own time as my health allows, not on somebody else's schedule. I really should dedicate my waking hours to ignoring medical advice and rebuilding my body and mind despite the roadblocks the doctors place in my way... But then when would I have time for studying "heap spraying" and ASLR (address space layout randomization) defeats, which are increasingly more necessary for recent kindle jailbreaks (making me think that lab126 finally hired and aspie to fix their firmware security holes), eh?
ASLR bypass/heap spraying is part of the exploitation process. Exploitation is relatively easy in the case of the kindle (for now) -- the difficulty lies in finding unique & exploitable crashes. Ideally we need fuzzers targeting neglected subsystems that can be triggered by a user. The Kindle being written mostly in Java makes that difficult for me as I have no desire to reverse engineer obfuscated Java for free, but that's a promising target. A good place to start would be by diffing 5.6.5 and the latest firmware version.

If you look at the history of various Kindle jailbreaks, you'll note they start off relatively simple and are getting a bit more complicated. There's still value in looking through the regular OS dumps for simple mistakes that can be abused, but we're approaching a state where the Kindle is slightly more secure than it used to be.

Anyone is free to private message me if you need help with any of the aspects, i.e. fuzzing, reverse engineering, exploitation, debugging, etc. Always happy to teach.

Working on a write-up for the 5.6.5 jailbreak, probably will publish that sometime next week. I'll start looking at the new firmware sometime after that.
Last edited by Branch Delay; 05-20-2016 at 11:20 PM.
Branch Delay is offline   Reply With Quote