Thread: Development support hardware
View Single Post
Old 05-21-2016, 06:39 AM   #58
geekmaster
Carpe diem, c'est la vie.
geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.
 
geekmaster's Avatar
 
Posts: 6,433
Karma: 10773670
Join Date: Nov 2011
Location: Multiverse 6627A
Device: K1 to PW3
Quote:
Originally Posted by Branch Delay View Post
ASLR bypass/heap spraying is part of the exploitation process. Exploitation is relatively easy in the case of the kindle (for now) -- the difficulty lies in finding unique & exploitable crashes. Ideally we need fuzzers targeting neglected subsystems that can be triggered by a user. The Kindle being written mostly in Java makes that difficult for me as I have no desire to reverse engineer obfuscated Java for free, but that's a promising target. A good place to start would be by diffing 5.6.5 and the latest firmware version.

If you look at the history of various Kindle jailbreaks, you'll note they start off relatively simple and are getting a bit more complicated. There's still value in looking through the regular OS dumps for simple mistakes that can be abused, but we're approaching a state where the Kindle is slightly more secure than it used to be.

Anyone is free to private message me if you need help with any of the aspects, i.e. fuzzing, reverse engineering, exploitation, debugging, etc. Always happy to teach.

Working on a write-up for the 5.6.5 jailbreak, probably will publish that sometime next week. I'll start looking at the new firmware sometime after that.
Thanks. I need a modern crash course. I was once considered will versed in this stuff (decades ago). I had KALI linux running on my Raspbery Pi. AFAIK the best place to start would be studying the metasploit attacks for known linux flaws, and going deeper from there. My attention has stayed away from hacking since the Patriot act (and DMCA) put teeth in the laws (but worse, in the minds of the public). I do not wish to follow in the footsteps of Aaron Swartz.

Likewise, I never became a fan of managed or interpreted languages like Java -- my closest attempt was bending ash scripts on the kindles to do eink "animation" using only built-in tools. I prefer avoiding sandboxed environments, prefering crafting on the bare bedrock of the CPU and its I/O peripherals -- even working at system call level gets you in battles with ABI inconsistencies even within the kindle series (as seen recently in my K1 toolchain "fun").

So where I am really happy is playing in custom bootloader code (like the custom u-boots that set the idme bootmode variable, as used in my "Select Boot" thread, and later in the Kubrick wrapper around my debricking methods). And thumbs up to kubrick to wrap my "dangerous" methods in a soft user friendly bootable automated environment. But even kubrick needs a fresh maintenance release with new firmwares (easily "borrowed" from new firmware downloads). With ixtab too busy to hang out here these days, perhaps I should add that to me "to do" list.

But really, getting a variant of your "more sophsticated" jailbreak that works on the latest firmware going would be a useful educational experience for me, but not a way to get my growing debts (painful after so many years of NO debts) under control. I need income -- perhaps I need to setup a patreon account and hope I can get enough to live on (as liitle as $1K/month would be "mostly" enough). And I would certainly allow my sponsors to have a great say in which projects I should work on next.

Though really, jailbreak methods are fascinating to me at this time, but a source of income that does not require me to follow somebody else's daily schedule is even more important. Sorry for the rambling, but my growing debts are getting scary, and where I spend my time in the near future must adapt to stemming that cancerous financial negative growth. (Yeah, I mentioned cancer didn't I -- oops -- time to decide what to do with the REST of my life, in a personally rewarding and FINANCIALLY productive way -- and yes, time to take money seriously for once in my life, and stop making OTHER people filthy rich at my expense)...

EDIT: Though my doctors assure me that despite my health concerns, my plans to live another 60 years are viable if I really DO have the required level of self-control (extremely rare in America), but my friends tell me to "get real" and make every moment count. Apparently, I can no longer trust my muse to guide my way, eh? So really, what should I do with the rest of my life (in a way that is finacially sound)? Kindle hacking is on the list, obviously (but where is a "living wage" in that?), and so is Virtual Reality development (especially great experiences on meager hardware, which MIGHT be able to produce a useful income), plus a gazillion other interests... Though at the moment porting selected portions of the Metasploit Framework to the kindle has crossed my mind.
Last edited by geekmaster; 05-21-2016 at 11:24 PM.
geekmaster is offline   Reply With Quote