08-15-2022, 06:01 AM
|
#1 |
|
Junior Member
 
Posts: 3
Karma: 10
Join Date: Aug 2022
Device: PW5
|
Spitballing on future JBs
Hi all, long time listener, first time caller. I read the writeup on KindleDrip and KindleBreak which exploited a couple vulnerabilities to get root access on kindles that facilitated their jailbreaks.
I dunno if this is a dumb question, but is it possible that >=5.14.3 firmwares are running vulnerable versions of the linux kernel where there are known privilege escalation exploits? I'm on my phone right now so I only did a little poking around in the termux app, but I downloaded Kindle_src_5.14.3.0.1_3838590001.tar.gz from the GPL release page, and it appears to include linux kernel version 4.9.77, which is a pretty old release. There are a few big exploits that could get us root access if they haven't been patched. Maybe I'm just being dumb and the GPL releases aren't all that close to the linux kernel that's actually included in the Kindle firmware, but this seems like a really nice community so I thought I'd ask! |
|
|
|
08-15-2022, 03:09 PM
|
#2 |
|
BLAM!
 
Posts: 13,506
Karma: 26047202
Join Date: Jun 2010
Location: Paris, France
Device: Kindle 2i, 3g, 4, 5w, PW, PW2, PW5; Kobo H2O, Forma, Elipsa, Sage, C2E
|
The main issue is getting code execution, privilege escalation is (usually) far "easier" (once upon a time because what flaws we found were already in stuff running as a privileged user ;p).
|
|
|
|
| Advert | |
|
|
|
08-15-2022, 08:40 PM
|
#3 |
|
Member
Posts: 16
Karma: 10
Join Date: Dec 2014
Device: KW4
|
My system version is 5.14.3.0.1. how can I BJ? I seemed hopeless for a while....
|
|
|
|
|
08-16-2022, 02:40 AM
|
#4 | |
|
Junior Member
Posts: 3
Karma: 10
Join Date: Aug 2022
Device: PW5
|
Quote:
I'm going to look for stuff related to file formats, the browser, bluetooth, and email as a first pass. If there's nothing obvious then I'll have to walk all the way over to my laptop and probe for running services...  I'm not an experienced hacker and I just like making my devices work on my terms rather than someone else's, so I don't know how far I'll get. Hopefully I'm not embarrassing myself in my naivete! |
|
|
|
|
|
08-17-2022, 07:24 PM
|
#5 |
|
Junior Member
Posts: 3
Karma: 10
Join Date: Aug 2022
Device: PW5
|
WebKit seems like a good target. Maybe someone will have a POC or write-up sometime this week.
https://www.macworld.com/article/833...y-updates.html If not, I think there are still older webkit RCEs and other parts of gtk like cairo that may work. Last edited by inexplicable_ham; 08-17-2022 at 07:26 PM. Reason: typo |
|
|
|
| Advert | |
|
|
|
08-17-2022, 08:40 PM
|
#6 | |
|
Resident Curmudgeon
Posts: 80,782
Karma: 150249619
Join Date: Nov 2006
Location: Roslindale, Massachusetts
Device: Kobo Libra 2, Kobo Aura H2O, PRS-650, PRS-T1, nook STR, PW3
|
Quote:
You do not want to BJ your Kindle. Not now and not ever. |
|
|
|
|
 |
«
Previous Thread
|
Next Thread
»
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| The future | crutledge | Editor | 1 | 01-06-2014 03:47 PM |
| Seriously thoughtful Future of TV | Kumabjorn | Lounge | 0 | 08-02-2013 03:41 AM |
| The Future of Print | Crusader | General Discussions | 42 | 07-16-2012 01:25 PM |
| Think of the Future! | TGS | Apple Devices | 1 | 11-24-2010 11:53 AM |
| Classic BN future | Falcao | Barnes & Noble NOOK | 0 | 09-21-2010 01:35 PM |
All times are GMT -4. The time now is 03:26 AM.