Thread: Anyone want to help make a new JB for 5.15.1.
View Single Post
Old 10-23-2023, 10:16 AM   #15
HackerDude
Kindle Bricker
HackerDude ought to be getting tired of karma fortunes by now.HackerDude ought to be getting tired of karma fortunes by now.HackerDude ought to be getting tired of karma fortunes by now.HackerDude ought to be getting tired of karma fortunes by now.HackerDude ought to be getting tired of karma fortunes by now.HackerDude ought to be getting tired of karma fortunes by now.HackerDude ought to be getting tired of karma fortunes by now.HackerDude ought to be getting tired of karma fortunes by now.HackerDude ought to be getting tired of karma fortunes by now.HackerDude ought to be getting tired of karma fortunes by now.HackerDude ought to be getting tired of karma fortunes by now.
 
HackerDude's Avatar
 
Posts: 120
Karma: 862608
Join Date: Sep 2022
Location: Why do you want to know?
Device: PW6, PW6(dead), PW5 (brick), PW5 (brick), PW4 (brick)
Quote:
Originally Posted by dcs View Post
I've done some security research on the Kindle for Amazon's bug bounty program. As you say you're not going to find any working exploits for Amazon's webkit implementation since its so old. You're better off looking into old Webkit CVEs and writing your own exploit.

I wouldn't bother emulating the device in QEMU. The kindle ships with gdb/gdbserver on the device which you can use to debug the browser, assuming you have set up telnet/ssh access.

After that you will need to escape the (relatively weak) browser sandbox and escalate to root. If you have specific questions feel free to reach out but I'm not looking into the kindle much anymore and may not be very timely to respond. Good luck!
Not just that, but Amazon's webkit also contains a ton of custom patches to mitigate a lot of webkit explits (KindleDrip, anyone?)
edit: ok fine, maybe not KindleDrip, but I've lost track of the exploits you honestly can't blame me LOL
HackerDude is offline   Reply With Quote