Thread: PB62x/740: root + sshd, ftpd, smbd, iptables, usbnet (needs testers)
View Single Post
Old 11-29-2019, 01:40 PM   #1
ezdiy
Zealot
ezdiy can grok the meaning of the universe.ezdiy can grok the meaning of the universe.ezdiy can grok the meaning of the universe.ezdiy can grok the meaning of the universe.ezdiy can grok the meaning of the universe.ezdiy can grok the meaning of the universe.ezdiy can grok the meaning of the universe.ezdiy can grok the meaning of the universe.ezdiy can grok the meaning of the universe.ezdiy can grok the meaning of the universe.ezdiy can grok the meaning of the universe.
 
Posts: 121
Karma: 156515
Join Date: Oct 2019
Device: KT, KPW4, PB740-2
PB6xx/7xx/8xx: root + sshd, ftpd, smbd, iptables, usbnet, fw fixes (needs testers)
This tutorial & tools is meant for power users who can make use of configuring the device in fancy ways, such as running custom stuff for linux, development and troubleshooting. Note that you DON'T need root just for *running* standard apps such as coolreader or koreader.

As of v8, this package does:
  • install public su binary
  • install iptables binary, and script to load firewall rules on startup
  • install ssh, smb, ftp, http services and launch those at boot
  • on newer firmwares (FW6.0+) adds kernel support for cifs, nfs, tuntap etc
  • permanetly enable usbnet (even when mass storage is on, usbnet runs alongside)
  • configure all services for file transfer - sftp (ssh), ftp, webdav, smb
  • forbid wifi suspends when something is connected to service, ie transfer in progress
  • provide some misc utilities for QoL - lftp, htop, powertop, ssh/scp client, nano, rsync
  • some other minor tweaks, such as cpu scaling or working terminfo and loopback

Devices supported
Known to work on/tested by users in this thread:
  • InkPad 2, 3, Pro - PB840, PB740, PB740-2
  • Touch HD2, HD 3 - PB631, PB632
  • Lux 3, 4, 5 - PB626, PB627, PB628
  • Color - PB633
+ if you have other device it works on please report.

Essentially if your firmware version ends like 5.xx.yyyy (FW5) or 6.xx.yyyy (FW6), *it should run* - these images are all nearly identical. However I have no way to verify that for a fact, other people should just try it. The kit takes a lot of effort to fail as gracefully as possible, but you might want to start slowly only with jailbreak su and nothing else on older devices, as bugs in older kernels can introduce nasty boot crashes, especially when configuring for combined usbnet.

How to install

Extract the 2 app files from pbjb*.zip release on github into applications folder of your device.

Then from app menu:

* Launch @Jailbreak. If it succeeds, it will install root su. It does nothing else. Running it again will undo root.
* Launch @Services. This will install the system services, kernel modules, settings menus etc. su must be installed. If jailbreak is missing, the app will silently fail to run. Running it again will undo the install.

Once the device boots after Services install, new menu entry 'Rooted device settings' should appear in settings menu. In it, it will show generated root password, you can change it to your own too.

With that, ssh into root@169.254.0.1 when you connect usbnet. All other services expect same root/password pair. If usbnet is not working for you for some reason, you can navigate Settings->Rooted Device Settings->System Status and it will show you current wifi ip you can use to access the device.

Samba/WebDAV share

Spoiler:

For frequent use of the device's storage from a PC, its useful to map the share permanently as:

Code:
net use p: \\169.254.0.1\uext1
Or alternatively, if CIFS doesn't work for you for some reason:
Code:
net use p: http://169.254.0.1/ext1/ 1234 /USER:root
(where 1234 is whatever password the device has)

And use that network drive instead of using the usual USB mass storage. The reason for doing this is that you can now set the device to 'charge only' mode when plugging to USB, and keep reading a book while files are copied.

The full list of the shares when you navigate to \\169.254.0.1 or via http (webdav) is:

ext1 - main storage (wifi & usbnet & webdav), passworded
ext2 - sd storage (wifi & usbnet & webdav), passworded
ext3 - sd2 storage (wifi & usbnet & webdav), passworded
uext1,uext2,uext3 (usbnet/SMB ONLY), no password
public - see below (wifi & usbnet & webdav), read only, no password

Finally, theres a hidden 'system' share exposing root of the filesystem tree (on webdav too). Use only if you know what that means. Most of it is mounted read only by default, so you need to ssh in anyway (perhaps to fix wrong permissions introduced by samba as well).

Password-less access for guests

Guest samba (\\ip\public) and http://ip/public and anonymous ftp land the visitor in 'public' folder you can create on the main storage. By pulling documents in there you can share stuff with random strangers/devices you don't trust on the LAN.


Troubleshoot
Spoiler:

Huh, I click explore network neighborhood and it shows no shares?

Go to settings->Root device settings->System status, and you should see wifi ip in there. Then nvigate to \\ip\ in explorer to see the shares over wifi.

Either passworded or unpassworded shares take forever to load, or just plain fail with some weird error
This is unfortunate peculiarity of some windows versions disabling SMB1. What this means is that you connected via usbnet (or to public via wifi) without password, and then tried passworded share from same computer. Windows is really stupid about this and will keep hammering with as a guest, "it worked the first time, right?". This is consequence of SMB2+ having no concept of per-share security, only per-user. The solution is to never introduce your computer as a guest if you want to use passworded share as well.

I'm bricked, network/usb storage fails completely now...
It's absolutely crucial to keep the original packages around - for if something goes horribly wrong, and network or storage access can become completely cut off, so you can still undo stuff.

If stuff breaks to a point not even launching any app is viable (ie frozen screen), there's a boot escape hatch: Keep rapidly pressing *any* button all the while during startup. The boot script does a tally of press events, and if count is more than 5 times over a specific window of time, the services scripts will not start at all. This way you should get functioning system again assuming it was a service script causing trouble.


Low level internals

Spoiler:

Everything of above is stored on the /mnt/secure partition - this one is ext2, and mostly left alone by firmware updates, meaning the JB has a high chance of survival across OTAs. As far as jailbreaks go, this one is fairly conservative one - it doesn't modify *any* files of currently installed fw, it simply places itself in a directory the stock firmware auto-executes stuff from (/mnt/secure/runonce). This minimizes chances of conflict with future OTA updates.

I just want root access, not all this fancy stuff...

Good! That's why its split into two packages. If you run only @Jailbreak, you can get rudimentary root ssh by opening pbterm, and typing into it:
Code:
/mnt/secure/su /sbin/dropbear -G ""
You can then log in via wifi (no usbnet here) as root with no password.
Last edited by ezdiy; 09-26-2020 at 10:48 PM. Reason: v8
ezdiy is offline   Reply With Quote