Root password for Kindle non touch (black 2012), firmware 4.1.1 ?

[niko_gramophon]

Hello, community,

I have Kindle NT4 (black, 2012). Maybe I'm searching wrong this forum, or I'm the only one, doing the mistake to update my kindle firmware to 4.1.1. Since then the suggested root passwords "mario" and "fiona" doesn't work. I'm able to connect thru SSH thru usb0 network, but none of the passwords seems to work. Tried bruteforcing the root account with hydra like this:

hydra -t 1 -W 50 -v -l root -P wordlist.txt 192.168.15.244 ssh

but the anti-bruteforce security bans me very quickly. Any ideas how to gain again ROOT on MY OWN device?

Thanks in advance,
Niko

[andyh2000]

I've not tried it but there's info on the wiki about finding passwords. It specifically mentions the 2011 K4 but give it a try anyway...

https://wiki.mobileread.com/wiki/Kindle4NTHacking#SSH.3F step 7

Andrew

[niko_gramophon]

The password from this url doesn't work for me :/

[andyh2000]

The readme_first.txt file in the usbnetwork package tells you to use something called kindle_tool on the device itself. Or I get the impression you can telnet in with no password and change the password to something you know. Again, I've not done any of this so I may be wrong.

Andrew

[ixtab]

Install the latest version of NiLuJe's usbnetwork. It will let you ssh as root with any password.

PS: Moved thread to dev forum.

[knc1]

Quote:

Originally Posted by andyh2000

The readme_first.txt file in the usbnetwork package tells you to use something called kindle_tool on the device itself. Or I get the impression you can telnet in with no password and change the password to something you know. Again, I've not done any of this so I may be wrong.

Andrew

You are not wrong:

This order should work on all firmware versions.
Early firmwares, v-2 and v-3 may also work with the cable attached

• un-plug cable (if still plugged in)
• toggle USBnetwork ON in launcher
• plug the cable
• kill any automation (or configure yours to do: )
• sudo ip link set up dev usb0 (It may already be up)
• sudo ip address add 192.168.15.201 peer 192.168.15.244 dev usb0
• use the networking until your done (telnet 192.168.15.244)
• un-plug cable
• toggle USBnetwork OFF in launcher

Ref: https://www.mobileread.com/forums/sho...d.php?t=204450
That reference leaves you talking to the Kindle with telnet.

If not using the new launcher, then toggle USBnetwork in whatever manner your machine supports.

[NiLuJe]

Too lazy to check if they patched the shadow file like on 5.3, but, in case they did, what ixtab said, except with a recent USBNetwork package, it will let you in with anything as the password [or, nothing, even, just enter] (provided you're using the default config: no SSH over wifi). Barring that, what knc1 said, the telnet daemon will *always* get you a root shell straight away.

[niko_gramophon]

Hello, community,

thanks for the replies. Seems like I didn't managed to install the USB Network successfully.

What I'm doing:

I'm mounting the Kindle as Storage device. I create file ENABLE_DIAGS in the root of it. Then I go to Settings -> reboot. After that the kindle start in USB network mode, but seems its not from the USBNetwork package, because I can't log with no password, not even with mario, or with fiona***. When I nmap the device.. there is no 20 (telnet) port opened.

Not sure what I've done wrong. How can I check if USBnetwork package is installed OK? And how can I assure my Kindle is jailbroken?

Maybe the biggest mistake was to update to the latest firmware version from amazon :/

Thanks in advance for the answers.

[knc1]

Quote:

Originally Posted by niko_gramophon

Maybe the biggest mistake was to update to the latest firmware version from amazon :/

Thanks in advance for the answers.

ssh (and maybe telnet) was removed from the 4.1.1 diags image by Amazon.

telnet is **NOT** port 20. Sorry.

At the top of the forum you will find a "filter by prefix" thing -
Set the filter to "HowTo" , click show thread, begin reading.