Thread: 5.6.5 Jailbreak (closed-kindle) -- released!
View Single Post
Old 04-22-2017, 02:33 PM   #1221
Cinisajoy
Just a Yellow Smiley.
Cinisajoy ought to be getting tired of karma fortunes by now.Cinisajoy ought to be getting tired of karma fortunes by now.Cinisajoy ought to be getting tired of karma fortunes by now.Cinisajoy ought to be getting tired of karma fortunes by now.Cinisajoy ought to be getting tired of karma fortunes by now.Cinisajoy ought to be getting tired of karma fortunes by now.Cinisajoy ought to be getting tired of karma fortunes by now.Cinisajoy ought to be getting tired of karma fortunes by now.Cinisajoy ought to be getting tired of karma fortunes by now.Cinisajoy ought to be getting tired of karma fortunes by now.Cinisajoy ought to be getting tired of karma fortunes by now.
 
Cinisajoy's Avatar
 
Posts: 19,161
Karma: 83862859
Join Date: Jul 2015
Location: Texas
Device: K4, K5, fire, kobo, galaxy
Quote:
Originally Posted by gabbia View Post
in reply to both you and knc1:
personally i donn't see the issue with sharing details with amazon.
1- you guys waited like 40 days (15 wouldve been fine by me for a billion dollar company but whatever i didnt make the exploit) so that you could report the exploit. ususally exploits are reported with a technical description and if they're good reports even a working program and also a suggestion on how to fix it.
so im not too sure the developer would be against exposing technical aid

2- the amazon dev team does not need any explanation on the exploit i imagine they have their best security engineers looking at the code and reversing it if necessary (binary is not really the case though..). pretty sure they stopped looking at this exploit and thread a long time ago

3- ive no issue with the dev team. an exploit is an exploit and making exploits does not mean trying to undermine the future of a product (the opposiite to me, actually). sometimes it does some other times it doesn't. since the code is not obfuscated and you guys did report it, in this case it doesn't.
having said that, those who want to jailbreak the device are not going to want amazon to fix the exploit.
my primary interest is in exploitation, not modding (though i do want to install some modded apps aftwerwards, i guess i might make like an rss or reddit app or something) and i believe it should be amazon's discretion to allow users to install 3rd party apps. clearly vulnerabilities are not the right way to enrich a platform..
you could say im mostly interested in a small hacking project, which i might follow up with a modding project to easy my life on the kindle (i want to underline and scribble pdfs, browse rss and reddit and maybe play some lichess. seems pretty doable to me since the calc app is pure python+pygtk)

3.5- im not too sure the amazon dev team is too focused on the security of their platform seeing as injections and shell scripting is pretty simple. of course so far nobody's proven there is a working remote exploit (=no obvious user interaction like ";fc-cache") so that doesn't really undermine the security of the platform under real circumstances i guess, so amazon shouldn't take too much of an interest...anyway if they were so interested in all this i imagine these exploits would be on a whole another level (not saying the exploit is bad it's clearly good, it's just not dirtycow type of stuff)
I didn't see where either me or knc1 mentioned the A word.

I wasn't even thinking of them actually.
I was thinking of others who might want to exploit BD's exploits for their own financial gains.

Oh and since you mentioned the A-team at least 5 times in your post and what they probably are or are not doing, that raised a flag even higher.

My opinion on that is which is less time consuming, reading certain forum posts or trying to figure it out myself?
Cat and mouse.

Oh and just for fun, my time line for an unbreakable firmware was only off by a month.
Cinisajoy is offline   Reply With Quote