Kindle 10th Generation Research

[LakesideMiners]

I have noticed that there does not seem to be a lot of research being done on the Kindle 10th Gen. I was wondering if there was anything I could help with at all. Or, If I want to get started with poking around. What should I know to get started?
I’m on fw 5.14.1

[katadelos]

Quote:

Originally Posted by LakesideMiners

I have noticed that there does not seem to be a lot of research being done on the Kindle 10th Gen. I was wondering if there was anything I could help with at all. Or, If I want to get started with poking around. What should I know to get started?
I’m on fw 5.14.1

There's not a lot of research happening because 10th gen devices are very heavily locked down - HAB is enabled so there's not the possibility of loading a custom U-Boot or kernel build and Lab126 have added additional patches that disable access to the U-Boot prompt. They've also disabled shell access on stock firmware (though you can modify the relevant upstart job to re-enable it once jailbroken).

The only other avenue for getting root is via the user interface, as shown by the last 2 reported exploits (KindleDrip and CVE-2021-30354/CVE-2021-30355); both of them are conceptually similar in that they exploit file parsing bugs to run code as framework which is then used to trigger a privilege escalation to root.

Another limiting factor is that 10th gen devices are still a little too expensive to buy solely for research purposes. For example, I'm very curious about which debug pad does what on the newer devices but this will require desoldering every component on the PCB and I've not been able to find a busted board that can be sacrificed to the cause for a reasonable price.

A final drawback is scale - the number of people who have an interest in Kindle homebrew as well as the skillset required to exploit embedded devices is miniscule, which slows things down significantly compared with say, the iOS jailbreak community. This is partially an ecosystem thing; it's a pain to build software for Kindle, meaning that there's not many genuinely compelling applications, meaning that the incentive to jailbreak in the first place is low, meaning that the incentive to develop new jailbreaks is also low.

Knowledge of this stuff will help a lot when poking around:

• General embedded linux - why it's used, how it differs from a desktop distribution, how to cross-compile a program, how to build a simple rootfs, etc
• Boot process of embedded devices - boot ROM to bootloader to Linux to GUI
• Familiarity with the upstart jobs used on Kindle devices
• Familiarity with Java and especially with decompiled Java code

These things will give you a pretty good idea of how Kindles work and the design choices that Lab126 made when creating them.

[LakesideMiners]

got it,
any good places to start?
and, im cracking open my 10th gen now just to see what there is, I havent really seen any open ones before.

[LakesideMiners]

and I dont have the right bit.
Here is hoping I get the kit I asked for for xmas.