Progress report:
One of the things I want to do is allow the Kindle to create it's own update. So the Kindle 3 can generate the Kindle 2 update using its own files. (Otherwise, you have to copy all the files from the K3 to your computer and make an update with kindle_update_tool.py). The hard thing about creating a K3 update is Amazon's "encryption" method (left shift 4 OR right shift 4 & 0xff ^ 0x7a). Igor wrote the nice kindle_update_tool.py, but it would be stupid to port python to Kindle just for this one thing. So what I did was disassemble amazon's "dm" (decrypt update) and modified it to a new file "md" (encrypt update). Here's the changes
DM (from Amazon, comment by me):
Code:
BL getchar // get byte to modify
EOR R3, R0, #0x7A // R3 = R0 ^ 0x7A
CMN R0, #1 // if !(R0 == 1), we are at the end of the file ...
MOV R0, R3,LSR#4 // R0 = R3 >> 4
AND R0, R0, #0xF // R0 = R0 & 0xF
ORR R0, R0, R3,LSL#4 // R0 = R0 | R3 << 4
BNE loc_8470 // ... then jump to end of program
MOV R0, #0 // clear R0 register
ADD SP, SP, #4 // don't care
LDMFD SP!, {PC} // don't care
MD (by me, comment by me):
Code:
BL getchar // get byte to modify
CMN R0, #1 // if byte is 0x01, then ...
MOV R3, R0,LSR#4 // set R0 to R0 >> 0x4
AND R3, R3, #0xF // set R4 to R4 & 0xF
ORR R3, R3, R0,LSL#4 // set R3 to R3 | ( R0 << 0x4 )
EOR R0, R3, #0x7A // set R0 to R3 ^ 0x7A
BNE loc_8470 // ... exit program
MOV R0, #0 // clear register R0
ADD SP, SP, #4 // don't care
LDMFD SP!, {PC} // don't care
Now we can create updates from the Kindle directly.
If you want to try it out, here's the patch from dm to md:
http://yifan.lu/files/md.bspatch
MD5 values:
dm: 6725ac822654b97355facd138f86d438
md.bspatch: 64404f7f82b0a1ba3561cdf12e9cbd18
md: 3b650bcf4021b41d70796d93e1aad658
Usage: bspatch /path/to/dm md /path/to/md.bspatch
You can play around with encryption, decryption by:
echo 'hello world' | md > hello.bin
cat hello.bin | dm
You should see you message back.
EDIT: Here's a script that will run on the Kindle and convert a tar.gz into an update package
http://pastebin.com/2L4pqhsw