5.6.5 Jailbreak (closed-kindle) -- released!

[Branch Delay]

Quote:

Originally Posted by astrophys

Hi Branch, thank you so much for this!

One question: I need to quit kindle USB mode when I open browser on kindle, but I can not eject kindle since the jb folder in kindle root directory is still in use (it's been serving up). I'm using OS X now.

Can I serve up jb folder which is not necessarily located in kindle root directory?

Whoops, sorry for the confusion. Just need the jb file moved to the kindle. Host the folder on your computer. Doesn't have to be on the kindle. (Probably shouldn't have put a jb file inside the jb folder. )

Also, this might work on different ports, but I'd highly recommend trying to host on port 80 instead of 8000.

[flideravi]

Quote:

Originally Posted by Branch Delay

Attached.

5.6.5 only, only tested on PW2/PW3 English firmware. Probably should hard reset before doing this. Up to you.

Copy jb to /mnt/us. (root directory mounted when attaching kindle to a computer)
Serve up jb folder on port 80 on a web server.
DNS redirect "a" to the web server via man in the middle, changing the server name on your network, adding an entry to your DNS server on your router, etc. (if you specify a wireless network and click advanced, you can put in a static DNS server)

i.e. after all of this, browsing to a should open up index.html.

Open the browser on the kindle, browse to the url "a". (with no quotes)
Read instructions.
Pray.
If it succeeds, you can then run NiLuJe's bridge update pack to complete the jailbreak. This just installs the developer key.

https://www.mobileread.com/forums/sho...postcount=1597

Will potentially put up a much easier method this weekend. Also will throw up an explanation sometime in the future.

Special thanks to Cyril for the CVE/original POC, the Gateway 3DS team for a slightly enhanced heap spray, NiLuJe for way too much, and Amazon for fixing it up.

Okay... That's a little confusing. Let me try and put it in points:

Step 1: Set up a web-server on your machine and host the JB files.
Step 2: Change the DNS settings in your network so that the address "a" points to the JB files served by your web-server.
Step 3: Point your kindle's browser to "a"
Step 4: Prey

My only confusion is if I have understood Step 1 correctly... Branch Delay, am I right?

[aceflor]

Thank you Branch Delay for all your work and for keeping your word.

[eschwartz]

@flideravi,

Step 2.5: add the "jb" file to the userstore of your Kindle.

And on what do you intend to prey, might I ask?



@Branch Delay,
I assume you mean, extract jb.zip as:

Code:

jb/jb
jb/frame.html
jb/index.html
jb/jb.html

Copy "jb/jb" to the Kindle userstore ( internally at "/mnt/us/jb", on your computer either "E:\jb" for Windows or "/media/Kindle/jb" depending on your linux distro).

Serve jb/*.html on a webserver.

DNS, etc

[Branch Delay]

yep, looks good.

[Gabbb]

How do I prevent my kindle automatically updating whilst I'm fiddling with the jail break, or am I expected to be super quick whilst the wifi is on?

[eschwartz]

The update is a few hundred megabytes, and the OTA updates take a while to roll out to all devices (~weeks/~months).

Chances are you will be fine, but Branch Delay said he will put together an easier method soon, so I will leave him to that.
It would presumably involve an easy way to temporarily cut off all internet access and/or reroute it all to the webserver.

For general reference, the Block Big Brother firewall (KUAL hack) has a list of useful IP addresses to block out just Amazon: https://www.mobileread.com/forums/sho....php?p=2425330

[flideravi]

Quote:

Originally Posted by ad1217

Worked on my Voyage.

For those who want a slightly easier method, you can use create_ap with the "--redirect-to-localhost" option, instead of setting up dns. Example command:

Code:

sudo create_ap mlan0 --redirect-to-localhost -n test

The files can then be hosted with

Code:

python2 -m SimpleHTTPServer

This hosts on port 8000 by default, so navigate to 'a:8000'.

I would agree this as the simplest method to host the files. You can host the files over the port 80, and BD suggested, simply by adding 80 as an argument.

Code:

python2 -m SimpleHTTPServer 80

[Neru]

Hello, thanks for releasing a jailbreak. I would like to ask, is this http://lifehacker.com/124212/geek-to...ome-web-server is fine for hosting files for jailbreak? For me it looks really confusing and I dont know where to start at, sorry for asking.

[ferbv]

Instructions unclear, wasted half an hour hard resetting the Kindle and trying to get past the "register your kindle" screen because I missed "step 2.5". Duh. It worked perfectly after copying the "jb" script to the Kindle's storage. Surprisingly straightforward too - just had to insert an entry into my router's hosts file.

I don't know who you are, Branch Delay, but you're awesome.

I'm hoping you'll do a writeup of how this works. WebKit exploit and fontconfig? Does fontconfig mess up the permissions on /etc/uks or something?

Edit: device is a Kindle Touch 2, language set to UK English.

[eschwartz]

@Neru,

Apache should work fine, yes.

Although it is designed to do a lot, and python's SimpleHTTPServer is definitely easier to quickly spin up. Comes preinstalled on linux and OSX, but not Windows, of course.

[flideravi]

Quote:

Originally Posted by eschwartz

Copy jb/jb to the Kindle userstore (/mnt/us/jb)

I run Ubuntu 15.10, and when I connect my kindle it is mounted to "/media/flide/Kindle" and there is no directory at all in "/mnt" folder. I think that is the reason I keep receiving the error. I have already tried putting the JB in the main Kindle directory (where you are supposed to keep all your books a.k.a "/media/flide/Kindle/").

[eschwartz]

As @Branch Delay originally said, "Copy jb to /mnt/us. (root directory mounted when attaching kindle to a computer)"

/mnt/us is the internal path (what the Kindle's OS sees) to the userstore, that is the Kindle drive.

Replace "/mnt/us" on the Kindle with "/media/flide/Kindle" on your Ubuntu box.

[youyou92]

hello I'm newbie here, but i have to ask ... if i had to host the "jb" files online does it work ??

[flideravi]

Quote:

Originally Posted by eschwartz

As @Branch Delay originally said, "Copy jb to /mnt/us. (root directory mounted when attaching kindle to a computer)"

/mnt/us is the internal path (what the Kindle's OS sees) to the userstore, that is the Kindle drive.

Replace "/mnt/us" on the Kindle with "/media/flide/Kindle" on your Ubuntu box.

Jailbreak Succeed!!!

BD... You are awesome!!