Select Boot for K4 and Touch

[Emrexcem]

Quote:

Originally Posted by geekmaster

I finally got SSH working in diags mode on the touch. The key was that after copying all the dropbear files from /mnt/mmc/* to /* (mmcblk0p1 to mmcblk0p2), I had to reboot the kindle before I could get it to work. For some reason, starting dropbear manually from inside a reverse shell caused "dropbear permission denied (publickey)" errors during SSH logins, but after rebooting, the "Enable USBnet" menu now starts SSH after you select Exit. You cannot login for about 20 seconds while dropbear starts up. Then it logs in fine. Surprisingly, the diags login is fionaXXX on my Touch (I was expecting mario, like K4NT diags uses).

I plan to add this to the diags part of my kindle recovery package, so a menu item will let you install SSH (from yifanlu's jailbreak package). I will also add menu items to install update and developer keys. I want to make it support plugins (similar to yifanlu's launch menu), so custom packages can be added to during repair and/or installation.

Things may start out a bit complicated, but they get streamlined and simplified as progress is being made. I will post a package here when I get it together.

I plan to use the diags tar bug, with a payload in /var/local/wan/info, and the "AR 11g factory test" used to trigger it. I requested that this be kept secret by those I shared it with, but it is now public (because we need a way to run our code in diags), so go ahead and use it. I will post my code using that method, which you can use as an example.

[geekmaster]

Well... my /var/local/wan/info payload for the diags data.tar.gz exploit can only be triggered on touch, and on k4nt 4.0, but NOT on k4nt 4.0.1 (at least not from the ART 11g factory test menu)...

So... Time to use my "other" jailbreak that works on all 4.x and 5.x versions. But even more important, it will still work even with /var/local full (from indexing too many books), which will break other known jailbreak methods.

The one I will use is reliable, safe, and easy. After this, other than variations of it (which might get "fixed" at the same time as this new one), we can always use fastboot to reflash mmcblkp1 to an old firmware version, jailbreak the old version, and then update to the new version. Jailbreaks still work after firmware updates (so far).

[JustAMan]

Well, we can still use fastboot to directly place developer key (the thing JB does) even if firmware updates would purge JB I think...

[Poetcop]

Quote:

Originally Posted by geekmaster

You can recover a damaged kindle from Diagnostics mode by mounting the root partition and replacing missing or damaged files on it. You can also replace the root partition with a copy of a backup image file.

To recover from a full /var/local (collections database too large), you can delete files in /var/local, or you can copy /dev/zero onto /dev/mmcblk0p3 to destroy /var/local, and the next reboot will create a fresh empty /var/local.

Hi geekmaster, is there a Diags mode option to mount the root partition? (which I understand to mean mmcblkp1) I saw a menu item somewhere called Mount nfs but it didn't do anything. Otherwise I've only seen "USB device mode", which mounts /mnt/us. As you mention later on in the thread, and I can verify, approaches using data.tar.gz + RUNME.sh don't work if you have a full /var/local - the data.tar.gz file disappears, but the script is definitely not executed (even after I pared it down to one "touch" statement) So if I can't get into the root partition, is your new jailbreak the only way forward? Or would it be worth trying a fastboot approach?

[geekmaster]

The only reliable method that installs automatically without navigating menus and that works on all the kindles (DX, DXG, K3, K4, and K5 (touch) is being tested now. It uses a variation of the "ixtab" jailbreak that can lose all your data on the USB drive if you use a data.tar.gz for the wrong kindle model (which I think caused bricked kindles when people used a data.tar.gz for touch on a k4nt, or a data.tar.gz for a k4nt on a touch).

Because of the danger of using the wrong data.tar.gz, I am using it in a safe way that will work with all kindles, by replacing this payload file that must match the kindle model, with a "universal" payload that does different things depending on what model kindle it finds itself on when launched. When the code first begins running, any damage has already been done by replacing an important system file with the wrong version if the wrong data.tar.gz is used. By using a "universal" version, it can replace that system file for any model of kindle, which eliminates the danger from using the wrong version (as happens with current data.tar.gz installations).

I am testing my safe universal data.tar.gz payload VERY carefully. When ready to release, it will be very solid and reliable, and it will run a custom user-supplied RUNME.sh if it finds one on the USB drive.

This will install SSH into the diagnostic partition so that the diagnostics "Enable USBnet" works like it is supposed to (missing files will be replaced). It will also let you install an update key certificate (i.e. jailbreak), and developer keys (for kindlet apps). Even without installing SSH, it can push a reverse shell so you can get root access over USB to manually fix problems (similar to telnet, but with no command prompt displayed).

Because I decided to make a universal version instead of different versions for different kindle models, this has been a lot more difficult to test and to get exactly correct. I am cleaning up the code and simplifying it, and I am nearly ready to publish a preliminary version, which I hope to post to the original post in this thread later this evening.

[ernalve]

I'd like to thank you GeekMaster and everyone else that might have helped... because I recovered the kindle touch! it was quite simple in fact: I ran mfgtool into diags mode, after that I set the usb device mode and deleted a 1gb folder with music, after hesitating for a while I rebooted and... !!! the touch was back.

thanks again,


ernesto

[geekmaster]

I could really use some help here. If you can, please supply me with the USB Drive size defined as:

MNTUS_PART_SIZE=xxxxxxx

in file:

/var/local/system/mntus.params

for each model of kindle that I do not have, and verify the drive sizes that I do have:

Code:

Serial   Size   Model
------ -------  -----------------------
 B001    ???    Kindle 1 US ??? 
 B002    ???    Kindle 2 US ??? 
 B003    ???    Kindle 2 Int ??? 
 B004  3567224  Kindle DX US
 B005  3567224  Kindle DX Int ???
 B006  3205336  Kindle 3G US (Keyboard)
 B007  -------  (not used)
 B008  3205336  Kindle 3 Wifi (Keyboard)
 B009  3510232  Kindle DX Graphite
 B00A  3205336  Kindle 3G UK (Keyboard) ???
 B00B  -------  (not used)
 B00C  -------  (not used)
 B00D  -------  (not used)
 B00E  1423352  Kindle 4 Wifi (Mini)
 B00F  3377144  Kindle 5 3G (Touch)
 B010  -------  (not used)
 B011  3377144  Kindle 5 Wifi (Touch)

(In the forums, the Kindle 4 Mini is commonly called a K4NT.)

I need this information to prevent the USB Drive from getting accidentally erased when somebody puts a data.tar.gz on their USB Drive that uses a mntus.params payload destination that was designed for a different kindle model. My "universal" payload needs this information.

You can get this information from telnet or SSH into your kindle, or an onscreen terminal program on your kindle.

Thanks.

[thatworkshop]

Quote:

Originally Posted by geekmaster

B00F 3377144 Kindle 5 3G (Touch)

Verified.

Also, there is no Kindle 4 3G (Mini).

[geekmaster]

Quote:

Originally Posted by cscat

Verified.

Also, there is no Kindle 4 3G (Mini).

Thanks. I will keep the original post updated with current information. A "universal" mntus.params needs to use the actual size reported by "fdisk -l" when it is valid. Unfortunately, at some stages of main boot, fdisk reports a 0-byte drive, in which case we must use known sizes for kindle serial numbers in "/proc/cpuinfo". That is a simplified version of the method used in the startup scripts. I rely on most of the "computed values" being the same on all the kindles (but I have not checked a kindle 1 or kindle 2 yet). Returning the wrong values is NOT an option, because in many cases this will make the startup scripts ERASE the USB Drive contents, which is WHY my script either returns correct values OR uninstall itselfs and reboots (so the kindle can rebuild mntus.params with the default values for that kindle).

I plan to use mntus.params as my "master control" for a diags boot menu, and rooting/jailbreak, and recovery. For now, my mntus.params is deposited in place by data.tar.gz, but for kindles without the "tar bug" I will rely on existing known jailbreak methods where possible, to deposit my script where it is needed.

It seems to be working well on my K4NT, but I want to test it on all my kindles before I release it, to save support headaches in the future. I will also package all the SSH file in my data.tar.gz, so that the Touch diags "Enable USBnet" menu will work like it does on the K4NT. Diags with USB Drive export and SSH are all you really need to repair many problems that prevent booting to the main partition, along with the KindleSelectBoot tool to get you to diags from a bricked condition.

[murz_07]

It's so great what you are doing right now.
I know, that it is really annoying, but I have to ask.

How far are you from from enabling usbnetwork in diags mode (Kindle Touch)?
How long do we need to wait the release of tools you wrote about?

Anyway

[Handsome Bart]

Hi everyone! I'm new at posting but I´ve been following the thread about a month. First, i have to say thank you Geek Master and thanks to everyone who's working on this!
Now, I have an issue with the Mfgtool. I don't want to screw more my bricked KT so I just want to know what is the procedure after I run this tool, I mean if I need to run a script or just run the tool... I don't know, I'm not good at programming and I learned this when I bricked my KT.
Sorry if the post is too long but i hope you can give me some light in this.

[thatworkshop]

Quote:

Originally Posted by Handsome Bart

I don't want to screw more my bricked KT so I just want to know what is the procedure after I run this tool, I mean if I need to run a script or just run the tool...

My best advice would be to wait (I know it's a killing) for geekmaster to finish his universal Boot Selector Tool because right now it's not fully functional for Touch. So put your device in a shelf and don't be tempted to do stuff on it.

Quote:

Originally Posted by murz_07

How far are you from from enabling usbnetwork in diags mode (Kindle Touch)?
How long do we need to wait the release of tools you wrote about?
Anyway

He is apparently taking time to build this for the good of all of us, so it's better not to waste time and post these (I know you said you're sorry) as we're all waiting for his magic to save our Kindles. These kinds of post just pollutes the thread (including my post right now as a response) with not so much related and to-business posts. Also, hi and welcome to MobileRead my friend.
Thanks a bunch

[Handsome Bart]

Thnx a lot Cscat! So, I'll wait.

[Emrexcem]

Hi
İ accidently Broke(software not hardware) my kindle touch. And its not woking right now im in the boot logo. İ CAN acces to diags but i dont now what should i do with i want my kt as factory default and shipping code does not work .
Greetings

[murz_07]

Quote:

Originally Posted by Emrexcem

Hi
İ accidently Broke(software not hardware) my kindle touch. And its not woking right now im in the boot logo. İ CAN acces to diags but i dont now what should i do with i want my kt as factory default and shipping code does not work .
Greetings

As it was said several times, WAIT. Just wait, geekmaster will solve your problem. And mine too