Tutorial WatchThis - Software Jailbreak for any Kindle <= 5.14.2

[amriadhitya]

Quote:

Originally Posted by katadelos

AKA CVE-2022-23224, CVE-2022-23225, CVE-2022-23226 - full writeup with technical details to be released after 5.14.3 has been widely rolled out.

Thank you to NiLuJe, yparitcher and darkassassinua for adding KOReader support for PW5, repackaging all of the hacks and testing this jailbreak

This vulnerability is released in good faith and in the hope that other security researchers will utilise the access that it provides to assist Amazon/Lab126 in improving their security posture.

If you're concerned about the security of your device and do not wish to jailbreak, install firmware version 5.14.3 from this link - I've been working with Amazon to create a fix and can confirm that this version has been hardened against this vulnerability.

Additional thanks to everyone at Amazon/Lab126 who contributed towards this .

Finally, I encourage Amazon/Lab126 to provide a method of unlocking their devices that doesn't involve the need of a 0-day, both for security researchers and for technical users who are interested in modifying their devices. We know that your employees lurk here, use tools that we've created internally and that our ideas have been implemented by you more than once, so help us help you - I promise that we don't bite

Device Compatibility

Spoiler:

This jailbreak is compatible with Kindle devices running the following firmware versions:

KT3, KT4, KOA1, KOA2, KOA3, PW3, PW4, PW5:
5.14.2
5.14.1 (5.14.1.1 on PW5)
5.13.7
5.13.6
5.13.5
5.13.4

KV:
5.13.6
5.13.5
5.13.4

KT2, PW2:
5.12.2.2

You must use the exploit payload that matches your device/firmware combination exactly.

Download Link
watchthis-jailbreak-r03.zip

Installation

Setup

1. Factory reset the device Make sure to use the "en_GB" or "English (United Kingdom)" locale when setting the language.
2. Type ;enter_demo in the Kindle search bar after performing a factory reset
3. Reboot the device
4. Once in demo mode, skip setting up wifi and enter dummy values for store registration when prompted.
5. Skip searching for a demo payload
6. Select the "standard" demo type
7. Press "Done" at the prompt to sideload content. Do not sideload the jailbreak at this stage.
8. Once the demo is setup, skip the misconfiguration lockout using the "secret gesture" (double finger tap on bottom right of screen then swipe left)
9. Enter the demo configuration menu by typing ;demo into the search bar
10. Select the "Sideload Content" option

Jailbreak

1. Connect the device to a PC and:
2. Create the directory .demo at the root of the Kindle storage
3. Copy ${YOUR_DEVICE}-${YOUR_FW_VERSION}.zip to .demo/
4. Copy demo.json to .demo/
5. Create an empty folder at .demo/goodreads. Do not put any files in this folder.
6. Press "Done" at the prompt to install the jailbreak script
7. Exit the demo menu and either enter ;dsts or swipe down and select the settings icon to enter the device settings menu
8. If an application error occurs, hard reboot the device by holding the power button, enter the demo menu again and select Sideload Content -> Done once more without connecting to USB
9. Select "Help & User Guides" then "Get started"
10. If jailbreaking KT2 or PW2, select the store button instead
11. The device will reboot
12. The jailbreak script will run during the next boot

Post Jailbreak

1. After the device has rebooted, type ;uzb into the search bar
2. Connect the device to a PC and copy Update_hotfix_watchthis_custom.bin to the root of the Kindle storage
3. Eject the device and either enter ;dsts or swipe down and select the settings icon to enter the device settings menu
4. Select Update Your Kindle to install the custom hotfix
5. This will take your device out of demo mode, rebuild the application registry and clean up unneeded jailbreak files.

Troubleshooting

• Alternative Demo Mode entry method:
  • Create an empty file named DONT_CHECK_BATTERY at the root of the Kindle USB storage
  • Activate demo mode by typing ;demo into the search bar
  • Once in demo mode, skip setting up wifi and enter dummy values for store registration when prompted
• If you need to reset your device whilst in Demo Mode, enter ;uzb in the search bar to enable USB storage mode then create an empty file named "DO_FACTORY_RESTORE" at the root of the Kindle storage. Once this has been created, reboot the device.

You should now have a freshly jailbroken Kindle

Please Help me, I use PW2, and the process is stuck at point 6 of Jailbreak.
Nothing happened, with the script or the others. Or maybe because of the folder directory, .demo/goodreads. or .demo/.goodreads

And then when I pressed ;dsts it just opened the setting menu. I remember that PW2 must press store button, but the result is a notification of the disabled wifi feature.

[Gaqs]

Has anyone here seen this video?

https://www.youtube.com/watch?v=RO2zQXvVuJY

It seems to be in Vietnamese and it follows similar steps to the WatchThis jailbreak but slightly different.

[amriadhitya]

Quote:

Originally Posted by CHBMB

This worked great, thank you so much for this. Got a couple more Kindles to JB on 5.12.2.2 which should be straightforward, but the question I had is that I have two Kindle PW 5th Gen (Serial No beginning with B024) that are on firmware version 5.6.1.1, that for ${REASONS} I also need to jailbreak, the thread title is "Software Jailbreak for any Kindle <=5.14.1" but in the compatibility notes it doesn't list either that specific Kindle Paperwhite or that software version so I'm wondering whether the title is slightly misleading or whether the compatibility notes are slightly misleading. I'm edging towards the former.

If it is indeed the former, is there any kind soul that could point me to a jailbreak for the Kindle PW 5th Gen on firmware version 5.6.1.1?

I'm not completely averse to soldering but obviously would prefer a software solution if that's possible.

Can you give me a solution? I always stuck in jailbreak step especially poin 7-12. No thing happen when I press done, and the shop icon (wifi locked).

[Gaqs]

Hello everyone, I managed to jailbreak! I used a method similar to a Vietnamese video I linked in a post I thought I had previously made here, but that post still needs to be approved by a moderator I think, probably because it's a video link and I'm a new user.

If you see a post from me asking if anyone had seen a video with a YouTube link in it after this one, that's the video I'm talking about.

But basically I didn't have to follow the "setup" section much at all all I did was:
1-Factory reset with English(UK) language
2-type ;enter_demo and hit return
3-type ;demo and hit return (I didn't even need to reboot between these steps)
4-tap "sideload content"

Then I followed the "jailbreak" and "post jailbreak" sections after, no secret gesture, no skipping wifi, no dummy values for store registration or anything. I believe I've jailbroken the kindle successfully and I can see the dummy kindle feedback book in the home page(Is there any other way to check if a jailbreak is active btw?).

After doing this I applied the K5 JailBreak Hotfix as it's explained here, now I'm trying to install KUAL and use the renameotabin extension as is explained here.

Is there anything else I need to do after? I can freely turn on wifi, link my amazon account and do factory resets if I please?

[amriadhitya]

Quote:

Originally Posted by Pichael

This is fantastic. Thanks to OP and everyone else who are helping contribute to this thread.

I jailbroke my old PW2 the other day thanks to this thread.
Now I can run KOreader and use dark mode ("night mode") on my PW2. Something you are not able to normally do on this model due to how old it is. So freaking cool.

Thanks

Can you explain this step..?

1. Press "Done" at the prompt to install the jailbreak script
2. Exit the demo menu and either enter ;dsts or swipe down and select the settings icon to enter the device settings menu
3. If an application error occurs, hard reboot the device by holding the power button, enter the demo menu again and select Sideload Content -> Done once more without connecting to USB
4. Select "Help & User Guides" then "Get started"
5. If jailbreaking KT2 or PW2, select the store button instead
6. The device will reboot
7. The jailbreak script will run during the next boot

My PW2 didn't respond anythings when I press done in demo sideload. And then in the setting menu, I press store icon, it just show a notification that wifi is locked, nothing happened like resboot or instal script

[Gaqs]

Quote:

Originally Posted by Gaqs

Hello everyone, I managed to jailbreak! I used a method similar to a Vietnamese video I linked in a post I thought I had previously made here, but that post still needs to be approved by a moderator I think, probably because it's a video link and I'm a new user.

If you see a post from me asking if anyone had seen a video with a YouTube link in it after this one, that's the video I'm talking about.

But basically I didn't have to follow the "setup" section much at all all I did was:
1-Factory reset with English(UK) language
2-type ;enter_demo and hit return
3-type ;demo and hit return (I didn't even need to reboot between these steps)
4-tap "sideload content"

Then I followed the "jailbreak" and "post jailbreak" sections after, no secret gesture, no skipping wifi, no dummy values for store registration or anything. I believe I've jailbroken the kindle successfully and I can see the dummy kindle feedback book in the home page(Is there any other way to check if a jailbreak is active btw?).

After doing this I applied the K5 JailBreak Hotfix as it's explained here, now I'm trying to install KUAL and use the renameotabin extension as is explained here.

Is there anything else I need to do after? I can freely turn on wifi, link my amazon account and do factory resets if I please?

Hello again, so I finished installing KUAL and renameotabin and koreader with the help of this post, thanks @spacequince .

So now I have some questions, first, is the K5 JailBreak HotFix actually necessary after installing the jailbreak following this thread's guide? Like after using the "Update_hotfix_watchthis_custom.bin" file to reboot and everything. Second, will "renameotabin" actually keep me safe from all updates even if I leave wifi on? I'm on a KT4 at 5.14.2, after I turned wi-fi on and logged in I got the home menu change, but under device info I'm still with 5.14.2, I'm guessing the new home menu is unrelated to a new update and I'm still safe or no?

Third, is this the main master thread with links to most apps and hacks? Stuff like adding custom screensavers, fonts and other stuff?

[Sonnenfee]

For me, total newbie for jailbreaking, is this the best thing since adjustable warmlight on ebook readers were coming on the market

Since I've been using KOReader on my Kobos and PB devices again, there's been an incredible amount of development in the last years Therefore I wished I could use KOReader on Kindles as well. I love waterproof devices with a flat screen

For first testing a jailbreak I bought a KPW5, the KOA3 was too risky for me

Everything worked great and wunderful, the jailbreak and the post work for using KOReader.

A huge and very, very thank you to katadelos and his helping hands (named on the screen, when "Finished installing jailbreak") and @spacequince for the instructions to use KOReader.

so much @all!

[bookyboy]

As a Voyage owner, thank YOU so much for this jailbreak.

Being able to use night mode in KOReader on the Voyage is a dream come true!

[Abish4i]

[QUOTE=amriadhitya;4220624] Can you explain this step..?
[LIST=1, I press store icon, it just show a notification that wifi is locked, nothing happened like reboot or instal script[/QUOTE]

Did you try again after reboot and not copying files?

[windspir]

thank you so much!!!!
I successfully jailbreak my PW4!!

just one question. will this jailbreak survive after an latest firmware update ??

[mallums]

Quote:

Originally Posted by windspir

thank you so much!!!!
I successfully jailbreak my PW4!!

just one question. will this jailbreak survive after an latest firmware update ??

It is recommended by some not to let the firmware update again by installing
https://www.mobileread.com/forums/at...7&d=1651169605

But to answer your question directly, install https://storage.gra.cloud.ovh.net/v1...5.x-hotfix.zip

[imalpha]

[*] Select "Help & User Guides" then "Get started"[*] If jailbreaking KT2 or PW2, select the store button instead

Hello,
I tried both steps on my PW2, it didn't work. When pressing the store button, it says that I have to connect the Kindle to a wifi connection and when I try the first step, there isn't any "Help and user Guides" option.
What shall I do now?
thanks

[Gaqs]

Ok, sorry for making multiple replies about this but I really need to know, is my jailbreak on my KT4 safe after installing the NiJuLe K5 JailBreak Hotfix as it's explained by @re4om here?

I'm asking this because the NiJuLe hotfix says it's a "K5" jailbreak hotfix, while my kindle is a KT4, so I don't know if it doesn't really matter and it was the correct thing to install it or if I shouldn't have installed it, worrying that it overrides the "Update_hotfix_watchthis_custom.bin" from this thread and leaves my kindle open to amazon updates. Wondering if I should go back somewhere.

Oh and I've already installed the renameotabin extension and turned it on in KUAL.

[j.p.s]

Quote:

Originally Posted by Gaqs

I'm asking this because the NiJuLe hotfix says it's a "K5" jailbreak hotfix, while my kindle is a KT4,

All kindles since the first touch model are in the K5 family.

[Gaqs]

Quote:

Originally Posted by j.p.s

All kindles since the first touch model are in the K5 family.

Ohh, I see, I thought K5 was only the Kindle 5 from 2012, so this means that I'm golden with the hotfix, thanks for explaining. So whenever I see anything marked with K5 (like many applications in the master index) it means that it works with any kindle after the Kindle 5 unless stated otherwise right?