Quote:
Originally Posted by WaseemAlkurdi
So upon finding a certain updater package on a certain device, the firmware would burn (as in "destroy") the first 8 KB, which is the header? Pretty neat. A sort of blacklist.
To counter that, and provided that U-Boot isn't checking signatures or anything fancy, a single Kindle has to be manually flashed (aka write to eMMC) with manually jailbroken firmware to see what are system daemons, etc doing. Now, who's going to donate their Kindle?
|
Kindle not required.
Cliff's Notes version:
- Get Amazon update of your choice.
- Unpackage (to standard archive) using KindleTool
- From that archive, copy out the rootfs.img file
- Under Linux, create mount point of your choice.
- Mount the rootfs.img under that mount point.
- Add qemu static to the top layer (mnt point level) of the rootfs.img.
- chroot to the mnt point.
- Your X86/AMD64 will, with some Linux kernel magic, (see: bin-format-misc setup) run the ARM code.
- Which you can diddle with as you want.
Note: You often have to add-in the QEMU package provided by your distribution to get the above to work.
Note: It is also possible to run the Kindle kernel, on the Kindle, but referring to a network boot of that file system image. This note can remain as a student exercise (you will be the first to post the details here).