Thread: Kindle Paperwhite 3 (fw 5.9.2.0.1) Jailbreaking Questions
View Single Post
Old 02-21-2018, 08:13 PM   #8
knc1
Going Viral
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
Quote:
Originally Posted by Gatoecampo View Post
any firmware?
I have the KT3, with 5.9.2.0.1 running and i have no luck.
Quote:
Originally Posted by coplate View Post
I think he is referencing the fact that you can definitely jailbreak it with the serial port - 100%.

Other than that, I think the KT3 are the ones that still allow you to downgrade, but I cannot remember the thread. when you said " i have no luck" what specifically have you tried that didn't work - and what did it do instead of working.
More than anyone every wanted to know about the prior jail break:

Amazon/Lab126 added protection against a "downgrade attack" to firmware versions more recent than those subject to this jb:
https://www.mobileread.com/forums/sh...d.php?t=275877

But they, like all too many readers, got it wrong -
The significant part of the process was to install a firmware version that was never intended to reach the customer.
It was intended to be restricted to use only in the factory's production process.
That is where the word: factory in the image name originates.

Believe it or not, every single Kindle produced has its operation tested while still on the production line.
Done before the firmware version intended for use outside of the factory production environment (that is; by the customer) is installed.
This operational testing firmware is the first* firmware the device runs.
That is where the word: initial in the image name originates.

The first and last word (and some punctuation) is required by the Kindle system to recognize a file as something intended to be installed.
That is where the: Update_*.bin in the image name originates. Here the '*' means any sequence of (printable, seven bit, ASCII) characters.

The legacy markup language for HTML has two fields for a network link - the one displayed to the reader and the one used by the networking function.

Put all of that together and you have:
Code:
Human readable name          Machine usable name
factory_PW3_5.7.4_initial    update_PW3_5.7.4_initial.bin
People with a PW3 would look at their device info panel and see that firmware version 5.8.7.0.1 was installed.
Correctly noticing that 5.8.7.0.1 indicates a more recent version than 5.7.4
And 99 44/100% (tm) of the people leaped to the conclusion: Oh, look, the firmware has to be 'downgraded' (since that is what such a change is usually called in the human world - rather than the geek world).

Even more surprising is that leap to an apparently significant assumption was not limited to non-technical people.
(although I sometimes wonder about the people Lab126 hires) it is P.C. to refer to them as paid, professional, computer science types (a.k.a: geeks).
It took them nearly 18 months to figure out that it WAS NOT the change to firmware of an earlier version number that was significant.

What is significant is the change from running customer firmware to running the production testing (factory) firmware. The version number in the filename is just noise.

The Kindles run Amazon/Linux (with the possibility of running Google/Linux (a.k.a: Android) hanging on the horizon like a heavy, gray cloud).
Linux, as common in Unix-like systems (*nix), do not identify a file's type by the name extension.
Their files use a 'magic number' written into the file's binary contents.
In the case of Kindle image files, the first four bytes have an ascii character type identifier.

Now the hidden part of all of this -
The type identifier for factory-use-only image files is not the same as the type identifier for released-to-customer image files.
Once this Epiphany ** struck the highly paid professionals at Lab126, they disallowed the factory-use-only type identifier from being installed by released-to-customer image files.

End of our all-model jail break method.
Although the internal error message is still "downgrade attack". Another Lab126

(*) Not quite so, all of the dual system boot Kindles have the "diags" system written to the flash storage chip before the chip is soldered to the board. So technically, 'diags' is the first thing run on a Kindle when it first has power applied in the assembly process.

(**) With the oversight that the VoiceView capable Kindles can have their VoiceView files destroyed by the customer pressing "Reset (to factory defaults)"
So Amazon has to distribute those VoiceView install images to the customers, so they can 'fix' their Kindles after a "Reset".
The oversight was (is) that the VoiceView install images use the same type indicator as the factory-use-only image files we use to jail break the Kindles with.
Q.E.D: VoiceView capable devices do not have "downgrade attack" protection enabled ***. If they did, the customer could not 'fix' their broken VoiceView feature.

(***) With the observation that Amazon/Lab126 isn't very consistent from firmware version to firmware version for those devices.
Some can load the "factory (and VV)" images, some can not.

The KT3, with VV/over Bluetooth is one of those which (most often) has the "downgrade attack" protection removed.
Plus a scattering here and there of other model/firmware versions also have that protection (erroneously) left out.
Yeah Lab126 - Thanks again for keeping this all so simple.
Last edited by knc1; 02-21-2018 at 08:18 PM.
knc1 is offline   Reply With Quote