Paperwhite 2nd Gen - Page 2

makeminemaudlin · 10-01-2013, 02:33 PM

Quote:

Originally Posted by knc1

On a happier note, if the Kpw2 can not be jailbroken...

You have a strange sense of "happier"

I'm already looking to trade my PW2 for a PW1. Font customization is simply necessary for me, and the old non-rooted trick is DOA.

ixtab · 10-01-2013, 02:59 PM

Quote:

Originally Posted by makeminemaudlin

You have a strange sense of "happier"

I'm already looking to trade my PW2 for a PW1. Font customization is simply necessary for me, and the old non-rooted trick is DOA.

Oh! If you are really doing this, then please let Amazon CS know as loud as you can that you are not happy with their restrictions. Complaints are the only way to make them listen.

makeminemaudlin · 10-01-2013, 03:08 PM

Quote:

Originally Posted by ixtab

Oh! If you are really doing this, then please let Amazon CS know as loud as you can that you are not happy with their restrictions. Complaints are the only way to make them listen.

Good point. How do you recommend I make that complaint? Phone? Review? Both?

ixtab · 10-01-2013, 03:48 PM

Quote:

Originally Posted by makeminemaudlin

Good point. How do you recommend I make that complaint? Phone? Review? Both?

I'm not really sure. But IMO,by phone would seem the most "natural" and direct way, because you end up with a real person, and I think that this is also the channel that Amazon pays most attention to.

Of course, the idea is not to insult or to belittle the poor phone guy, but just to state in a matter-of-fact way that you don't understand why the device doesn't let you do things the way that you want, but forces you to do it the way that Amazon wants. Like: Why can't you choose to have smaller margins? Why can't you put your favorite font on the device and then read your books using that font? Why can't you run a file manager on your own device? Why can't you export your books and collections to a USB stick? Small things like that.

knc1 · 10-01-2013, 04:01 PM

Quote:

Originally Posted by makeminemaudlin

You have a strange sense of "happier"

I'm already looking to trade my PW2 for a PW1. Font customization is simply necessary for me, and the old non-rooted trick is DOA.

If your in the USA, PM me.

npoland · 10-01-2013, 07:51 PM

So I got my PW2 today and proceeded to tear it apart. There is an accessible serial port on it. It prints out a bunch of start at bootup and lands you at a login prompt. I do not know where to go from here though :/

knc1 · 10-01-2013, 08:40 PM

Quote:

Originally Posted by npoland

So I got my PW2 today and proceeded to tear it apart. There is an accessible serial port on it. It prints out a bunch of start at bootup and lands you at a login prompt. I do not know where to go from here though :/

Attach Pictures.
At least of the serial port connections.

Set your terminal emulator to capture what is on the serial line, re-boot (hold power switch for 20+ seconds).

Attach the resulting text file.

Using the 'advanced editor' for your post, you will find a "manage attachments" panel below the text box.

npoland · 10-01-2013, 08:56 PM

Here ya go. I've been playing around and got into u boot. I am going to start looking through the boot log and look for anything interesting. I will get a log of what happens in u boot mode up soon.

npoland · 10-01-2013, 09:13 PM

Here are some more files with information in them. One is uboot and what commands can be executed (I ran a few of them). The other is the emergency boot mode. I got it to print out the kernel buffer.

knc1 · 10-01-2013, 09:13 PM

Quote:

Originally Posted by npoland

Here ya go. I've been playing around and got into u boot. I am going to start looking through the boot log and look for anything interesting. I will get a log of what happens in u boot mode up soon.

Thanks.

Gold in the second line: It is Freescale's i.MX6 application processor family.

Support for that is just now being added to Buildroot.

But if you have already gotten into the u-boot system - then the rest of the system is wide-open.

** BIG NOTE ** to casual readers: Just because we can have our way with the device over the serial port line, DOES NOT mean we can find an end-user device Jailbreak.

This is just information required to make progress in that direction.

npoland · 10-01-2013, 09:30 PM

That's good to hear. I am an EE student so I find this kind of stuff very interesting. I am just wondering where I go from here? I am not really sure how to keep toying with this device.
Also I have images of the entire teardown including what is underneath the rf shielding if anyone wants to see what is going on inside...

knc1 · 10-01-2013, 10:01 PM

Quote:

Originally Posted by npoland

That's good to hear. I am an EE student so I find this kind of stuff very interesting. I am just wondering where I go from here? I am not really sure how to keep toying with this device.
Also I have images of the entire teardown including what is underneath the rf shielding if anyone wants to see what is going on inside...

Sure we do - just attach them all to a post.

You found that right after power-on, you could reach the u-boot command line.

The (other) K5 products use a "split" u-boot - so a capture of any information you can get out of u-boot would be nice to see.

Then (you can see this in the boot log you attached), u-boot loads the kernel which includes its initial ramfs system.
That is what is issuing that "... recovery system"
See if you can get into the recovery system at that stage.
It probable just expects any character - try return/enter/escape/whatever_works

Again, capture anything you can get out of it.

Why all of the capture requests?
Comparison of the 'new' with the 'known' is a powerful forensics tool.

In the boot log you attached, you will see that the kernel, when done running the initial ramfs system, does a switch root to the final runtime system.

That is what issued the login prompt.
When all of the messages end, it is still sitting at the login prompt, waiting for you to log in.

Let's see if they changed the user 'framework' and its password:
login: framework
password: mario

The worst that can happen is it will refuse to let you in.

npoland · 10-01-2013, 10:10 PM

What do you mean by a "split" u boot?

And I guess I was referring to the recovery system as the emergency boot mode. The emergency boot mode text file from my previous post has the menu in it.
Or is that not the menu you were talking about?

And that login doesn't work. I also tried root/fionaXXX for my serial number and those didnt work either.

npoland · 10-01-2013, 10:16 PM

Here is something interesting. I got to this from uboot by typing in the bist command...

Quote:

bist > help
? - alias for 'help'
autoscr - DEPRECATED - use "source" command instead
base - print or set address offset
boot - boot default, i.e., run 'bootcmd'
bootd - boot default, i.e., run 'bootcmd'
bootm - boot application image from memory
check - perform MMC CRC32 check
clk - Clock sub system
cmp - memory compare
coninfo - print console devices and information
cp - memory copy
crc32 - checksum calculation
diag - perform board diagnostics
echo - echo args to console
fastboot- Fastboot
fsr - fsr - FSR test commands

go - start application at address 'addr'
halt - halt board
haptic - haptic - HAPTIC test commands

help - print online help
i2c - I2C sub-system
idme - idme - Set nv ram variables

iminfo - print header information for application image
imxotp - One-Time Programable sub-system
itest - return true/false on integer compare
loadb - load binary file over serial line (kermit mode)
loads - load S-Record file over serial line
loady - load binary file over serial line (ymodem mode)
loop - infinite loop on address range
loopw - infinite write loop on address range
lpm - Exercise Low Power modes in iMX6SL
md - memory display
mm - memory modify (auto-incrementing address)
mmc - MMC sub system
mmcinfo - display MMC info
mtest - simple RAM read/write test
mw - memory write (fill)
nm - memory modify (constant address)
panic - panic halt
pmic - pmic - PMIC utility commands

printenv- print environment variables
reset - Perform RESET of the CPU
run - run commands in an environment variable
setenv - set environment variables
sleep - delay execution for some time
source - run script from memory
sspi - SPI utility commands
version - print monitor version
vni - vni - vni pmic test

wan4v2 - wan4v2 - WAN module 4V2 control

bist >

npoland · 10-01-2013, 11:03 PM

So these might be developments, but I don't really know.

I managed to get into fastboot mode and the kindle fastboot tool works on it!

From there i booted to the diag system. I tried the login again using:
login: framework
password: mario
And it worked!
The fionaXXXX and mario do not work for root though.

Is having access to this filesystem of much use?
Fastboot has a bunch of interesting stuff it can do.

I am running john the ripper on the shadow file to find the root password. Hopefully that will work!

10-01-2013, 08:56 PM	#23
npoland 1st KPW2 JB Posts: 26 Karma: 133537 Join Date: Oct 2013 Device: PW2	Here ya go. I've been playing around and got into u boot. I am going to start looking through the boot log and look for anything interesting. I will get a log of what happens in u boot mode up soon. Attached Thumbnails Last edited by npoland; 10-02-2013 at 06:12 PM.

10-01-2013, 09:13 PM	#24
npoland 1st KPW2 JB Posts: 26 Karma: 133537 Join Date: Oct 2013 Device: PW2	Here are some more files with information in them. One is uboot and what commands can be executed (I ran a few of them). The other is the emergency boot mode. I got it to print out the kernel buffer. Last edited by npoland; 10-02-2013 at 06:12 PM.

10-01-2013, 11:03 PM	#30
npoland 1st KPW2 JB Posts: 26 Karma: 133537 Join Date: Oct 2013 Device: PW2	So these might be developments, but I don't really know. I managed to get into fastboot mode and the kindle fastboot tool works on it! From there i booted to the diag system. I tried the login again using: login: framework password: mario And it worked! The fionaXXXX and mario do not work for root though. Is having access to this filesystem of much use? Fastboot has a bunch of interesting stuff it can do. I am running john the ripper on the shadow file to find the root password. Hopefully that will work! Last edited by npoland; 10-01-2013 at 11:31 PM.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
second gen paperwhite in a first gen case?	BeccaPrice	Amazon Kindle	9	10-06-2013 07:05 PM
Kindle Fire (1st gen and 2nd gen) now officially CyanogenMod supported	Jessica Lares	Kindle Fire	8	04-01-2013 01:27 PM
Content PaperWhite & Fire 2nd Gen MOBIs don't need an inline TOC	alansplace	Amazon Kindle	4	01-14-2013 07:04 PM
Polarizing Filter on KF 2nd Gen (not HD)?	Doc109	Kindle Fire	0	01-06-2013 10:46 PM
Ended Irex Iliad 2nd Gen	devant	Flea Market	8	01-27-2010 12:49 AM

10-01-2013, 07:51 PM	#21
npoland 1st KPW2 JB Posts: 26 Karma: 133537 Join Date: Oct 2013 Device: PW2	So I got my PW2 today and proceeded to tear it apart. There is an accessible serial port on it. It prints out a bunch of start at bootup and lands you at a login prompt. I do not know where to go from here though :/

10-01-2013, 09:30 PM	#26
npoland 1st KPW2 JB Posts: 26 Karma: 133537 Join Date: Oct 2013 Device: PW2	That's good to hear. I am an EE student so I find this kind of stuff very interesting. I am just wondering where I go from here? I am not really sure how to keep toying with this device. Also I have images of the entire teardown including what is underneath the rf shielding if anyone wants to see what is going on inside...

10-01-2013, 10:10 PM	#28
npoland 1st KPW2 JB Posts: 26 Karma: 133537 Join Date: Oct 2013 Device: PW2	What do you mean by a "split" u boot? And I guess I was referring to the recovery system as the emergency boot mode. The emergency boot mode text file from my previous post has the menu in it. Or is that not the menu you were talking about? And that login doesn't work. I also tried root/fionaXXX for my serial number and those didnt work either.