MobileRead Forums - View Single Post - Tools Serial Jailbreaking your fw >= 5.6.x Kindle for Dummies

fitz0303 · 02-17-2019, 01:12 PM

Sorry this is so long but I wanted to be thorough, unfortunately I have come to the conclusion that it is not possible to jailbreak an OTA updated Kindle 4 Paperwhite using the Serial Bus.

There is no Diag partition on the new Paperwhites (Androidized) which limits the options available.

There are two times during the boot process that the boot can be interrupted (you need to be quick, neither will wait for long) :

The first is in response to the following prompt

secure_cpu: 1, production: 1, unlocked: 0
Boot mode is 0
Hit any key to stop autoboot: 0

in previous versions this would allow you to get to a login prompt, this is no longer the case and execution continues into a loop with the following prompt:

Enter fastboot mode, use Ctrl+C to exit.

I couldn't get the Kindle version of fastboot to work on my W7 PC (the kindle presents itself as a "USB Download gadget" and I couldn't find a driver for this device on the PC), Fortunately linux/unix does recognize it and the kindle specific fastboot program works, unfortunately most of the useful fastboot commands are locked out or not implemented.

fastboot setvar bootmode returns - FAILED (remote: Variable not implemented)

fastboot flash system rootfs.img gives
.................................................. ........................
.
.
.................................................. ........................
.....................................
downloading of 460800000 bytes finished
locked command: flash:system.

To exit from the fastboot loop you can use "fastboot reboot" or hold the kindle power button through the amber flashing leds and release.

If you let the boot sequence run through the above option without stopping it runs into a recovery menu with a short countdown,

Menu
====
3. Load MMC over USB storage
E. Export FAT partition
U. Update using update*.bin file on FAT partition
D. dmesg / kernel printk ring buffer.
Q. quit
Choose: 3 |

typing Upper Case E will halt the countdown and allow the usb connection in storage mode, you can then install an update...bin file on the kindle.

[FAT32]
1. done
R. Reboot

Typing 1 will return to the recovery menu and then rapidly typing U will initiate an update.

Unfortunately you cannot use this path to downgrade the version as it is downgrade protected, dmesg shows the following :

<12>[ 98.806642] ERROR:bundle/unbundle_common.c:351:valid_version_to_update():OT A version is less then current device version
<12>[ 98.806665] ERROR:bundle/unbundle_cognac.c:1636:do_unbundle():do_unbundle: validate_version failed.
.
.
<12>[ 98.815014] ERROR:update.c:262:update_os():Could not unbundle /mnt/us/update_kindle_all_new_paperwhite_v2_5.10.0.2_facto ry.bin,error_code=12

This will work if the version of the update is >= to the currently installed version so could be used to recover from a partialy bricked kindle.

Out of desperation I tried typing 3 as a recovery option, and the kindle replies "unkown option 3"

for info; the factory updates contain a populated /usr/local/bin directory, which includes the "installHtml" and the "usbnetwork" shell commands amongst many others, the OTA updates do not, in fact there is no /usr/local directory at all in the normal updates.

I briefly looked at using MfgTool, but couldn't get it to connect, I beleive the kindle usb connection needs to be in a different mode for MfgTool to see it and I don't know how to put the kindle into that mode.

In conclusion, if anyone has any ideas on what else can done I am certainly willing to give them a try and lastly if anyone is thinking about investing in a usb to serial converter in order to jailbreak their OTA updated Kindle 4 Paperwhite, you might want to think again until a clear route forward is available.

Regards to everyone

fitz

02-17-2019, 01:12 PM	#434
fitz0303 Member Posts: 11 Karma: 100150 Join Date: Jan 2019 Device: Kindle Paperwhite KPW4	Sorry this is so long but I wanted to be thorough, unfortunately I have come to the conclusion that it is not possible to jailbreak an OTA updated Kindle 4 Paperwhite using the Serial Bus. There is no Diag partition on the new Paperwhites (Androidized) which limits the options available. There are two times during the boot process that the boot can be interrupted (you need to be quick, neither will wait for long) : The first is in response to the following prompt secure_cpu: 1, production: 1, unlocked: 0 Boot mode is 0 Hit any key to stop autoboot: 0 in previous versions this would allow you to get to a login prompt, this is no longer the case and execution continues into a loop with the following prompt: Enter fastboot mode, use Ctrl+C to exit. I couldn't get the Kindle version of fastboot to work on my W7 PC (the kindle presents itself as a "USB Download gadget" and I couldn't find a driver for this device on the PC), Fortunately linux/unix does recognize it and the kindle specific fastboot program works, unfortunately most of the useful fastboot commands are locked out or not implemented. fastboot setvar bootmode returns - FAILED (remote: Variable not implemented) fastboot flash system rootfs.img gives .................................................. ........................ . . .................................................. ........................ ..................................... downloading of 460800000 bytes finished locked command: flash:system. To exit from the fastboot loop you can use "fastboot reboot" or hold the kindle power button through the amber flashing leds and release. If you let the boot sequence run through the above option without stopping it runs into a recovery menu with a short countdown, Menu ==== 3. Load MMC over USB storage E. Export FAT partition U. Update using update*.bin file on FAT partition D. dmesg / kernel printk ring buffer. Q. quit Choose: 3 \| typing Upper Case E will halt the countdown and allow the usb connection in storage mode, you can then install an update...bin file on the kindle. [FAT32] 1. done R. Reboot Typing 1 will return to the recovery menu and then rapidly typing U will initiate an update. Unfortunately you cannot use this path to downgrade the version as it is downgrade protected, dmesg shows the following : <12>[ 98.806642] ERROR:bundle/unbundle_common.c:351:valid_version_to_update():OT A version is less then current device version <12>[ 98.806665] ERROR:bundle/unbundle_cognac.c:1636:do_unbundle():do_unbundle: validate_version failed. . . <12>[ 98.815014] ERROR:update.c:262:update_os():Could not unbundle /mnt/us/update_kindle_all_new_paperwhite_v2_5.10.0.2_facto ry.bin,error_code=12 This will work if the version of the update is >= to the currently installed version so could be used to recover from a partialy bricked kindle. Out of desperation I tried typing 3 as a recovery option, and the kindle replies "unkown option 3" for info; the factory updates contain a populated /usr/local/bin directory, which includes the "installHtml" and the "usbnetwork" shell commands amongst many others, the OTA updates do not, in fact there is no /usr/local directory at all in the normal updates. I briefly looked at using MfgTool, but couldn't get it to connect, I beleive the kindle usb connection needs to be in a different mode for MfgTool to see it and I don't know how to put the kindle into that mode. In conclusion, if anyone has any ideas on what else can done I am certainly willing to give them a try and lastly if anyone is thinking about investing in a usb to serial converter in order to jailbreak their OTA updated Kindle 4 Paperwhite, you might want to think again until a clear route forward is available. Regards to everyone fitz