Thread: KindleDrip — From Your Kindle’s Email Address to Using Your Credit Card
View Single Post
Old 02-17-2021, 11:13 AM   #24
tryol
Warm Lighting Enthusiast
tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.
 
Posts: 91
Karma: 754136
Join Date: Dec 2020
Device: Kindle Oasis 3 (jailbroken)
Quote:
Originally Posted by fonix232 View Post
Could this be why the exploit video shows two distinct images? At least that's what it looked like to me - two separate images loaded on the same HTML page in the browser.
No, it's still 1 image but it's split into multiple tiles. I'm not sure how that works exactly, I didn't really look into how the JXR format works. I just threw this together "quickly".

I've been thinking and theorethically this exploit is doable with just 1 tile (that means 1 absolute-write primitive). Unfortunately that would only give us 15*16 (240) bytes for the shellcode... I wonder if that's enough.

If I did it with more than 1 tile, that would give us 240+(n-1)*256 bytes of space where n is the number of tiles. I don't have any experience with shellcode or kindle jailbreaking so it's hard to make a guess on how much space we need. I'd prefer if 240 bytes was enough because I'm not sure how hard it would be to make it work with multiple tiles. Does anybody have an idea?
tryol is offline   Reply With Quote