Thread: KindleDrip — From Your Kindle’s Email Address to Using Your Credit Card
View Single Post
Old 02-25-2021, 09:41 AM   #32
tryol
Warm Lighting Enthusiast
tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.
 
Posts: 91
Karma: 754136
Join Date: Dec 2020
Device: Kindle Oasis 3 (jailbroken)
Quote:
Originally Posted by jp12323 View Post
Did you need more than 1 tile/1 absolute write primitive?
Yes. 1 is needed for writing the shellcode and 1 for spraying GOT for its address. I figured out how to do that though so it's not a problem anymore. Right now i'm working with 25 tiles that allows me to completely overwite all of the GOT.


So far i've only managed to make it work with the JPEGRX reference app, not mesquite (the web browser on Kindles).
Unfortunately even though yparitcher helped me with finding the correct memory addresses, it seems like the JPEGRX library that mesquite got compiled with differs from the reference one (the one i'm using).

Right now i'm trying to make mesquite run with QEMU on my Debian VM to be able to debug the image. If anybody can help me with that I'd appreciate it!
tryol is offline   Reply With Quote