Kindle 3.1 Jailbreak - Page 18

NiLuJe · 03-15-2011, 01:16 PM

@Tanga:

;dumpMessages shouldn't cause any issue either... It might take ~30s for your Kindle to be responsive again, but that's all.

No, you have to use adq's devkeys. And, yes, they work on 3.1, there's no issue at all with these packages.

You shouldn't be missing anything from the fonts hack, but that's not what's causing updates to fail either, at worst without the folders, the hack (ss/fonts) are disabled, that's all.

But if you *are* missing the linkjail folder from my JailBreak, then, yes, that's what's causing hack updates to fail.

Again, something still sounds waaaaay fishy with your setup, and I can't tell you anymore without a log (;dumpmessage). Did you happen to do a factory reset somewhere along the way?

Tanga · 03-16-2011, 01:49 AM

Yes. Sorry, must have left that info out. When it froze I had to do a factory reset. I tried to start from scratch a couple of days ago too.

I'm missing everything except the folders that came with the kindle (ie missing all the hack folders). I deleted some to get it back to 'factory settings' so I could start again, not realising that that was impossible.

=/ - like I said, kind of an idiot when it comes to these things - just realising how much I stuffed up. Thank-you so much for talking me through it (and using easy to understand English).

Is there a way I can get those folders (and the files in them). I need the folders for your 0.6N hack, the KIF devkeys hack (file / folder / not sure what that was) and the fonts hack.

Should I do a shout-out on here?

Tanga · 03-16-2011, 05:48 AM

Ah, hi - it was ;dumpMessages. I attached it as a txt file and compressed to tar.gz - I hope that's OK I'm using ubuntu. Just in case it's not I will also upload the file as is, but just call it .gz

So the logs(lots of writing).txt.tar.gz file is actually compressed, and the logs(lots of writing).txt.gz file isn't actually compressed at all - you just need to delete the .gz extension.

Thanks again!

StuMcBill · 03-16-2011, 09:14 AM

Rightio........I am confused.

1. I had 3.0.2 installed with NiLuJe's 0.4 jailbreak and Screensaver 0.18N.
2. I uninstalled both SS hack 0.18N and NiLuJe 0.4.
3. I then updated my Kindle to 3.1 (Official Amazon Firmware)
4. I then installed yifanlu's 0.3 jailbreak and Screensaver 0.18N (as I had installed previously)
5. Everything is working fine, and I have the ENABLE_HACK_UPDATES file on the root of my device.

Is there any reason for me to update to NiLuJe 0.5 or yifanlu 0.4?

If so, what is the procedure for doing so? Uninstall old jailbreak then reinstall new jailbreak?

Leave screensaver hack intact?

Thanks

Stew

NiLuJe · 03-16-2011, 01:43 PM

@Tanga: I pretty much don't even have to check the log file, then ^^. You can get the link* folders from the zip files, in the src folder. Or you can reinstall every hack in the right order (ie. JB => others). (You'll have to reinstall adq's keys anyway).

@StuMcBill: Not really. But, yeah, you'd have to uninstall the old jeilbreak before installing the latest.

StuMcBill · 03-16-2011, 02:42 PM

Quote:

Originally Posted by NiLuJe

@StuMcBill: Not really. But, yeah, you'd have to uninstall the old jeilbreak before installing the latest.

So I wont see any benefit? I still have a copy of the uninstall file for the jailbreak though! Just in case!

Tanga · 03-17-2011, 07:40 PM

That was ridiculously easy. I am a fool. I was sure I'd tried to reinstall 0.6.N - but I must not have. >.>

The hack is working perfectly. Now all I have to do is not use the inform games to procrastinate. =)

Oh, and change those damn screen-savers =).

Thanks for your help - sorry to waste your dev time NiluJe.

yifanlu · 03-29-2011, 11:29 PM

I'm not going to start a new thread because I'm not releasing anything yet, but currently, I'm looking into the Kindle recovery script. Why? Because I accidentally deleted the "lib" folder from one of my Kindles and it refuses to boot now. (Stupid, I know). The problem is that recovery scripts are signed AND the "export MMC" feature that allows USB access to the entire NAND is password protected. I already patched the recovery script signature check with the jailbreak keys. Currently I've disassembled the recovery script and am trying to find the logic of the password check for the export MMC. I'm hoping to find a place in the code to patch where there will be the least amount of side effects. For example, I tried patching the CMP R0, #0 (check if check_pass function returned 0) with CMP R0, R0 (always return true), however, it's doing something weird by setting the Kindle into diagnostics mode.

Basically, the script isn't completely finished yet, but IF you have a bricked Kindle AND have access to the recovery port AND you know your Kindle is unrecoverable by any other means (for example, you pressed Enter on startup and choose "I" to reformat partitions or "U" to try to update and it doesn't work anymore). You can help me test by PMing me with your Kindle model and the problem. Again, it's not finished yet, but I'll be taking beta testers.

Also, if you know of a easier way to recover a Kindle that has the root partition formatted, PLEASE tell me. Anything is easier then disassembling an ARM binary.

the-equinoxe · 04-01-2011, 02:33 AM

Hi yifanlu,

This is an interesting problem.
Am I correct when I think:
>uboot ->initramfs =>rootfs ?
and the nand-password and signature keys are hardcoded into the initramfs?
If so, how can I dump the initramfs of a K3w?
Is it possible to use uboot to load an altered initramfs?

Would it be possible for us (with an non bricked device) to load ourselves an patched loader to give us the ability use our own dumped rootfs signed by ourselves?

Thanks for the info,

EqX

yifanlu · 04-01-2011, 08:04 AM

Quote:

Originally Posted by the-equinoxe

Hi yifanlu,

This is an interesting problem.
Am I correct when I think:
>uboot ->initramfs =>rootfs ?
and the nand-password and signature keys are hardcoded into the initramfs?
If so, how can I dump the initramfs of a K3w?
Is it possible to use uboot to load an altered initramfs?

Would it be possible for us (with an non bricked device) to load ourselves an patched loader to give us the ability use our own dumped rootfs signed by ourselves?

Thanks for the info,

EqX

It IS possible to load an altered initramfs. However the offsets between uboot and the kernel is different. It is much easier (but not easy) to edit the initramfs and recompile the kernel with the new initramfs and flash the new kernel (which is what I did).

Also, I'm happy to say that I have successfully recovered my Kindle, which was completely formatted and had the rootfs destroyed. What I did was extract the initramfs, open recovery-utils in IDA Pro, find the logic of the password check. Luckly, it was easy just a change from

Quote:

BL 000092DC // Jump to pass_check function
CMP R0, #0 // Compare return value with 0
...
BEQ loc_9604 // If previous instruction is true, jump to password failure

to

Quote:

NOP // no instruction
CMN R0, R0 // Negative compare a value with it's self
...
BEQ loc_9604 // If previous instruction is true, jump to password failure

(I also patched the key for update packages to the jailbreak key just in case)
Then I placed my new recovery-utils into initramfs.cpio using a hex editor and compiled a kernel with it. Then I flashed the uImage through HyperTerminal (in uboot: run prg_kernel_serial) and ran it. I was able to export MMC0 without a password. Then I used ubuntu to recreate the partitions and restore the files.

greyTraveler · 04-01-2011, 10:01 AM

yifanlu -- congratulations, and I'm quite impressed!

the-equinoxe · 04-01-2011, 04:32 PM

yifanlu
Wow, could you explain to us mere mortals in a more detailed (howto) way how you achieved this?some steps I could retrace, but with most I have no idea where to start.

Thanks for your information.

yifanlu · 04-01-2011, 04:42 PM

Quote:

Originally Posted by the-equinoxe

yifanlu
Wow, could you explain to us mere mortals in a more detailed (howto) way how you achieved this?some steps I could retrace, but with most I have no idea where to start.

Thanks for your information.

Right now, I'm trying to get the Kindle 3 firmware to work on the Kindle 2. Currently, it boots without error, but the screen doesn't show anything

. However, when I have time, I'll post my custom kernel and recovery directions. I also reverse engineered the recovery update format, so I may also release a kindle recovery update maker. However, if you have a broken Kindle and recovery port access, PM me and I'll help you recover it.

Speaking of Kindle 3.1 on K2, here's the boot log: http://pastebin.com/50ZzX5zQ
If anyone can tell me why video won't show up, I'd be happy. I see the "java.lang.IllegalStateException: Unknown Kindle device: A3UN6WX5RRO2AG", but that's not the error. I don't even see the progress bar or the "Kindle is starting up" logo. I have the correct modules loaded. (Also, 3G module is removed, so ignore those errors too).

EDIT: It works! Now testing and fixing any problems.
EDIT 2: First tests: PDF WORKS! Little slowdown, new PDF reader obviously wasn't memory constrained. Audio player works. Regular ebooks work. TTS works.
Battery status currently does not work, but I can fix that easily.
I need to plug in the 3G module to test internet browser and audible.

EDIT 3: FINALLY got 3G to work. EVERYTHING works now. I can now use Kindle 3.1 on a Kindle 2. Internet browsing works with no slowdowns on the new web browser. PDF browsing also works with the new PDF reader. Currently, the method is VERY messy. It including flashing a custom kernel, exporting MMC0 over usb and writing a custom partition table. Then using dd to copy the Kindle 3 MMC to the Kindle 2. So, I will create a easy to use package within the next week or so. I'm hoping that the upgrade process will be something like this:

1) Install a "update creator" package on the Kindle 3, which will check the FS and package everything into one file.
2) Drag that file into the Kindle 2 along with a special updater package.
3) Kindle 2 will upgrade to 3.1.

The first release will NOT support the DX. Although I think the process would be similar, I do not have a DX to test with, so I'll need to get one beforehand (if anyone has a broken one [broken screen, bricked fs, etc] and would be willing to give it to me, PM me). If you wish to beta test this, also PM me, but beware that the early beta MAY brick your Kindle and require reflashing from the recovery port and it MAY cause loss of data.

I've started working on the installer. Made a new thread. Need help.

montalex · 04-02-2011, 08:40 AM

Quote:

Originally Posted by yifanlu

Right now, I'm trying to get the Kindle 3 firmware to work on the Kindle 2. Currently, it boots without error, but the screen doesn't show anything

. However, when I have time, I'll post my custom kernel and recovery directions. I also reverse engineered the recovery update format, so I may also release a kindle recovery update maker. However, if you have a broken Kindle and recovery port access, PM me and I'll help you recover it.

Speaking of Kindle 3.1 on K2, here's the boot log: http://pastebin.com/50ZzX5zQ
If anyone can tell me why video won't show up, I'd be happy. I see the "java.lang.IllegalStateException: Unknown Kindle device: A3UN6WX5RRO2AG", but that's not the error. I don't even see the progress bar or the "Kindle is starting up" logo. I have the correct modules loaded. (Also, 3G module is removed, so ignore those errors too).

EDIT: It works! Now testing and fixing any problems.
EDIT 2: First tests: PDF WORKS! Little slowdown, new PDF reader obviously wasn't memory constrained. Audio player works. Regular ebooks work. TTS works.
Battery status currently does not work, but I can fix that easily.
I need to plug in the 3G module to test internet browser and audible.

EDIT 3: FINALLY got 3G to work. EVERYTHING works now. I can now use Kindle 3.1 on a Kindle 2. Internet browsing works with no slowdowns on the new web browser. PDF browsing also works with the new PDF reader. Currently, the method is VERY messy. It including flashing a custom kernel, exporting MMC0 over usb and writing a custom partition table. Then using dd to copy the Kindle 3 MMC to the Kindle 2. So, I will create a easy to use package within the next week or so. I'm hoping that the upgrade process will be something like this:

1) Install a "update creator" package on the Kindle 3, which will check the FS and package everything into one file.
2) Drag that file into the Kindle 2 along with a special updater package.
3) Kindle 2 will upgrade to 3.1.

The first release will NOT support the DX. Although I think the process would be similar, I do not have a DX to test with, so I'll need to get one beforehand (if anyone has a broken one [broken screen, bricked fs, etc] and would be willing to give it to me, PM me). If you wish to beta test this, also PM me, but beware that the early beta MAY brick your Kindle and require reflashing from the recovery port and it MAY cause loss of data.

I've started working on the installer. Made a new thread. Need help.

That's fantastic! I recently bought a second (reconditioned) Kindle 2, because I like the model very much (full keyboard, solid construction, etc.). It will be very cool to have page numbers and better pdf support! You are amazing!

the-equinoxe · 04-03-2011, 04:23 PM

yifanlu
First: congrats on having 3.1 running an a K2, that is great!

Regarding the restore/recovery.
Both my K3's are working (@ this moment) but because I like to mess with them I can imagine I mess one up one of these days..

That is why it would be handy to have some sort of recovery package handy.
I did create a backup of the rootfs and I did made serial connector to use with my buspirate, but a "just in case" or as a go back to square one when my efforts go to far, a way to restore to my factory rootfs would be great, but not important at this moment.
(although it would be good for me to learn how the recovery works)

But still, you letting others run 3.1 on a K2 is way cooler.
I will follow that thread, because I know I'll learn a lot from it.
Thanks for all your efforts!

03-15-2011, 01:16 PM	#256
NiLuJe BLAM! Posts: 13,506 Karma: 26047202 Join Date: Jun 2010 Location: Paris, France Device: Kindle 2i, 3g, 4, 5w, PW, PW2, PW5; Kobo H2O, Forma, Elipsa, Sage, C2E	@Tanga: ;dumpMessages shouldn't cause any issue either... It might take ~30s for your Kindle to be responsive again, but that's all. No, you have to use adq's devkeys. And, yes, they work on 3.1, there's no issue at all with these packages. You shouldn't be missing anything from the fonts hack, but that's not what's causing updates to fail either, at worst without the folders, the hack (ss/fonts) are disabled, that's all. But if you are missing the linkjail folder from my JailBreak, then, yes, that's what's causing hack updates to fail. Again, something still sounds waaaaay fishy with your setup, and I can't tell you anymore without a log (;dumpmessage). Did you happen to do a factory reset somewhere along the way? Last edited by NiLuJe; 03-16-2011 at 01:40 PM.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Kindle 3.0.3 jailbreak.	NiLuJe	Kindle Developer's Corner	23	03-07-2011 05:50 PM
Kindle jailbreak - possible problems?	Demonix	Kindle Developer's Corner	19	12-26-2010 02:40 PM
Jailbreak for a Newcomer.	RudolfFW	Introduce Yourself	10	10-25-2010 11:33 AM
Jailbreak Matrix	scottjl	Apple Devices	7	07-30-2010 01:24 AM
Question for owners of iphone with jailbreak and that use the kindle app	Mayr	Apple Devices	13	11-01-2009 11:14 PM

03-16-2011, 01:49 AM	#257
Tanga Zealot Posts: 128 Karma: 5792 Join Date: Mar 2011 Location: Australia Device: Kindle 3	Yes. Sorry, must have left that info out. When it froze I had to do a factory reset. I tried to start from scratch a couple of days ago too. I'm missing everything except the folders that came with the kindle (ie missing all the hack folders). I deleted some to get it back to 'factory settings' so I could start again, not realising that that was impossible. =/ - like I said, kind of an idiot when it comes to these things - just realising how much I stuffed up. Thank-you so much for talking me through it (and using easy to understand English). Is there a way I can get those folders (and the files in them). I need the folders for your 0.6N hack, the KIF devkeys hack (file / folder / not sure what that was) and the fonts hack. Should I do a shout-out on here?

03-16-2011, 09:14 AM	#259
StuMcBill Enthusiast Posts: 33 Karma: 10 Join Date: Jan 2011 Device: Kindle (Wi-Fi & 3G)	Rightio........I am confused. 1. I had 3.0.2 installed with NiLuJe's 0.4 jailbreak and Screensaver 0.18N. 2. I uninstalled both SS hack 0.18N and NiLuJe 0.4. 3. I then updated my Kindle to 3.1 (Official Amazon Firmware) 4. I then installed yifanlu's 0.3 jailbreak and Screensaver 0.18N (as I had installed previously) 5. Everything is working fine, and I have the ENABLE_HACK_UPDATES file on the root of my device. Is there any reason for me to update to NiLuJe 0.5 or yifanlu 0.4? If so, what is the procedure for doing so? Uninstall old jailbreak then reinstall new jailbreak? Leave screensaver hack intact? Thanks Stew

03-16-2011, 01:43 PM	#260
NiLuJe BLAM! Posts: 13,506 Karma: 26047202 Join Date: Jun 2010 Location: Paris, France Device: Kindle 2i, 3g, 4, 5w, PW, PW2, PW5; Kobo H2O, Forma, Elipsa, Sage, C2E	@Tanga: I pretty much don't even have to check the log file, then ^^. You can get the link* folders from the zip files, in the src folder. Or you can reinstall every hack in the right order (ie. JB => others). (You'll have to reinstall adq's keys anyway). @StuMcBill: Not really. But, yeah, you'd have to uninstall the old jeilbreak before installing the latest.

03-17-2011, 07:40 PM	#262
Tanga Zealot Posts: 128 Karma: 5792 Join Date: Mar 2011 Location: Australia Device: Kindle 3	That was ridiculously easy. I am a fool. I was sure I'd tried to reinstall 0.6.N - but I must not have. >.> The hack is working perfectly. Now all I have to do is not use the inform games to procrastinate. =) Oh, and change those damn screen-savers =). Thanks for your help - sorry to waste your dev time NiluJe.

03-29-2011, 11:29 PM	#263
yifanlu Kindle Dissector Posts: 662 Karma: 475607 Join Date: Jul 2010 Device: Amazon Kindle 3	I'm not going to start a new thread because I'm not releasing anything yet, but currently, I'm looking into the Kindle recovery script. Why? Because I accidentally deleted the "lib" folder from one of my Kindles and it refuses to boot now. (Stupid, I know). The problem is that recovery scripts are signed AND the "export MMC" feature that allows USB access to the entire NAND is password protected. I already patched the recovery script signature check with the jailbreak keys. Currently I've disassembled the recovery script and am trying to find the logic of the password check for the export MMC. I'm hoping to find a place in the code to patch where there will be the least amount of side effects. For example, I tried patching the CMP R0, #0 (check if check_pass function returned 0) with CMP R0, R0 (always return true), however, it's doing something weird by setting the Kindle into diagnostics mode. Basically, the script isn't completely finished yet, but IF you have a bricked Kindle AND have access to the recovery port AND you know your Kindle is unrecoverable by any other means (for example, you pressed Enter on startup and choose "I" to reformat partitions or "U" to try to update and it doesn't work anymore). You can help me test by PMing me with your Kindle model and the problem. Again, it's not finished yet, but I'll be taking beta testers. Also, if you know of a easier way to recover a Kindle that has the root partition formatted, PLEASE tell me. Anything is easier then disassembling an ARM binary.

04-01-2011, 02:33 AM	#264
the-equinoxe Hardware Tweaker Posts: 43 Karma: 28 Join Date: Oct 2010 Device: K3-Wifi	Hi yifanlu, This is an interesting problem. Am I correct when I think: >uboot ->initramfs =>rootfs ? and the nand-password and signature keys are hardcoded into the initramfs? If so, how can I dump the initramfs of a K3w? Is it possible to use uboot to load an altered initramfs? Would it be possible for us (with an non bricked device) to load ourselves an patched loader to give us the ability use our own dumped rootfs signed by ourselves? Thanks for the info, EqX

04-01-2011, 10:01 AM	#266
greyTraveler Enthusiast Posts: 28 Karma: 10 Join Date: Mar 2011 Device: Kindle 3	yifanlu -- congratulations, and I'm quite impressed!

04-01-2011, 04:32 PM	#267
the-equinoxe Hardware Tweaker Posts: 43 Karma: 28 Join Date: Oct 2010 Device: K3-Wifi	yifanlu Wow, could you explain to us mere mortals in a more detailed (howto) way how you achieved this?some steps I could retrace, but with most I have no idea where to start. Thanks for your information.

04-03-2011, 04:23 PM	#270
the-equinoxe Hardware Tweaker Posts: 43 Karma: 28 Join Date: Oct 2010 Device: K3-Wifi	yifanlu First: congrats on having 3.1 running an a K2, that is great! Regarding the restore/recovery. Both my K3's are working (@ this moment) but because I like to mess with them I can imagine I mess one up one of these days.. That is why it would be handy to have some sort of recovery package handy. I did create a backup of the rootfs and I did made serial connector to use with my buspirate, but a "just in case" or as a go back to square one when my efforts go to far, a way to restore to my factory rootfs would be great, but not important at this moment. (although it would be good for me to learn how the recovery works) But still, you letting others run 3.1 on a K2 is way cooler. I will follow that thread, because I know I'll learn a lot from it. Thanks for all your efforts!