5.6.5 Jailbreak (closed-kindle) -- released! - Page 32

ikeboy · 02-06-2016, 08:31 AM

Quote:

Originally Posted by knc1

Now you should begin to see why it had to be patched by Amazon before being let loose in the world.

The above situation is the same as:
visit malicous site that loads the jscript -
tells you, you can download there a fancy font (actually any executable file to be run as 'root' on your Kindle)
gives you directions about using ;fc-cache (clear the font control cache)

Bam! Your Kindle just joined a million other Kindles in a botnet (or anything else).

But you also need to download a file with a computer.

Also, is there even significant value in a kindle botnet? Like, I wouldn't want my device on it, and I understand why Amazon wanted it patched, but it's so much easier to get computer or phone botnets that are far more powerful.

dumberock · 02-06-2016, 08:39 AM

you don't need a "powerful" device to DDOS a site, just something with a connection... millions of connected kindle would nicely do ^^

Quote:

Originally Posted by yiming

You will know you are successful if you see 2 new folders: "mkk" and "rp" in the root directory of your Kindle.

does that mean once it's done, mkk is already installed and we can install stuff like collections manager "directly" ?

also, can we downgrade to any firmware after that 5.6.5 jailbreak ? (If I read well in collections manager thread, everything after 5.4.0 doesn't make much sense to use it)

Lord Taku · 02-06-2016, 08:47 AM

kindlefere.com/jb/ method worked for me as well (KV 5.6.5, B053...)

Was only able to use "Update_jailbreak_bridge_1.14.N_install.bin" from the link on page 19 of this thread though. The same file I had already downloaded earlier this week did not give me any "update" option, even though it was the same filename and -size.

Thanks everybody!

knc1 · 02-06-2016, 09:02 AM

Quote:

Originally Posted by ikeboy

But you also need to download a file with a computer.
- - - -

You have not been keeping track -
It is demonstrated above that only one executable file needs to be on the Kindle - followed by visiting the appropriate malicious site.

Anyone can be suckered into doing those things through social engineering.

This public expolit has been reported to CERT and a CVE number requested.
Yes, this is a real hazard.

Stiehler · 02-06-2016, 09:06 AM

Quote:

You will know you are successful if you see 2 new folders: "mkk" and "rp" in the root directory of your Kindle.

then my jailbreak was successful. Kindle Paperwhite 2, Brazilian Portuguese

I can update kindle to 5.7.2 without fear now? or jailbreak will be lost ? I need to reset it ?

knc1 · 02-06-2016, 09:12 AM

Quote:

Originally Posted by knc1

The default of that set-up would be to serve the index.html file in the jb/ directory.
So the proper page would be sent.

But not named as a domain - which as you noted, was not supposed to work.

If somebody else wants to test for this - do

Ensure your Kindle's browser has Internet access (however is normal for yourself)
Put the jb file from the jb.zip archive in the root of user storage (alongside the 'document' folder)
Note: If you intend to do a 'factory reset' - put the file in-place AFTER doing the 'reset'.
(Some people have reported that the 'factory reset' is not required.)
Do the 'eject/safely remove', un-plug cable dance
in the Kindle's browser go-to openplayer.org
You will get the same starting page that you would when accessing that public server by IP address

The question is if it will jailbreak your Kindle this way.

If that fails, then try the domain/jb url given in the post above.

Please report on what happens in both cases.

I have received private news that my public server is also working to jailbreak Kindles.
See:
https://www.mobileread.com/forums/sho...&postcount=355

So I expect this version (with a domain name, not an ip address) will also work, but have not had confirmation.

aceflor · 02-06-2016, 09:27 AM

I confirm that your domain works since I used it .
And I agree fully (and yes, pigs fly today) with you regarding the hazardous aspect of it (the hack) all. I used your domain because I needed it (using a windows tablet kind of sucks sometimes, I have no access to a PC anymore, and could not redirect the way I could have on my old linux machine), and because I trust you, but overall do not feel very comfortable about the ways, and now understand very well why you guys decided to pull the brakes a few months ago.

Anyone could post here and give a domain name, and I am afraid that the majority will just go for it. It is scary.

knc1 · 02-06-2016, 09:32 AM

You still would need the 'jb' file on the root of the kindle.

Ah, but anybody could write a file named 'jb' and sucker a person into putting it on their Kindle.

The CERT/CVE thing is be sure all Kindle owners hear that they need to install 5.7.2 or not use the Kindle's browser for anything.

Yup.
Those 4 months of painful waiting by the Kindle owners was required.

Note: my site is an 8-core machine connected to 10G/S backbone - it can jb a whole lot of kindles in a very short time.
Ah, and I can disable it within seconds of knowing that is needed.

aceflor · 02-06-2016, 09:36 AM

Quote:

Originally Posted by knc1

You still would need the 'jb' file on the root of the kindle.

Ah, but anybody could write a file named 'jb' and sucker a person into putting it on their Kindle.

The CERT/CVE thing is be sure all Kindle owners hear that they need to install 5.7.2 or not use the Kindle's browser for anything.

Yup.
Those 4 months of painful waiting by the Kindle owners was required.

And you cannot imagine how it pains me to have to publicly aknowledge you were right..

.

NiLuJe · 02-06-2016, 09:38 AM

Yep, the various security concerns are also part of why @BD himself distributed it that way, and not already hosted

.

Speaking of, since I don't remember if @BD mentioned it here, I personally used this shiny Python DNS 'server' to handle the 'a' pointer, with the following config:

Code:

A ^a.$ 192.168.0.25

That obviously implies setting up the WiFi connection the 'advanced' way on the Kindle to set a custom DNS server (here, 192.168.0.25, which happened to be the local IP of my desktop at the time, which was also serving the directory over HTTP through Python [sudo python -m SimpleHTTPServer 80]).

NOTE: I don't remember which domains OTAs are pushed through, but that could also be a roundabout way to blackhole them.

aceflor · 02-06-2016, 09:42 AM

Quote:

Originally Posted by NiLuJe

Yep, the various security concerns is also part of why @BD himself dsitributed it that way, and not already-hosted

.

Speaking of, since I don't remember if @BD mentioned it here, I personally used this shiny Python DNS 'server' to handle the 'a' thing, with the following config:

Code:

A ^a.$ 192.168.0.25

That obviously implies setting up the WiFi connection the 'advanced' way on the Kindle to set a custom DNS server (here, 192.168.0.25, which happened to be the local IP of my desktop at the time).

NOTE: I don't remember which domains OTAs are pushed through, but that could also be a roundabout way to blackhole them.

Keep that thought !!!!

knc1 · 02-06-2016, 09:45 AM

Quote:

Originally Posted by aceflor

Keep that thought !!!!

There is a link above to a China jb server.
If you trust the Chinese.
Go Doukan!

NiLuJe · 02-06-2016, 09:45 AM

You get to see the DNS queries live on the console with this, so it's just a matter of being quick enough to nix it ;p.

aceflor · 02-06-2016, 09:47 AM

Quote:

Originally Posted by knc1

There is a link above to a China jb server.
If you trust the Chinese.
Go Doukan!

Get out of my head !

ikeboy · 02-06-2016, 10:06 AM

Quote:

Originally Posted by knc1

You have not been keeping track -
It is demonstrated above that only one executable file needs to be on the Kindle - followed by visiting the appropriate malicious site.

Anyone can be suckered into doing those things through social engineering.

This public expolit has been reported to CERT and a CVE number requested.
Yes, this is a real hazard.

That's exactly what I said. You need to download an executable and copy it to the device.

My point was that it didn't seem to be a lucrative target for a botnet operator. It takes more steps to socially engineer, and has less power.

Something can both be a hazard and yet not cost effective to deploy a botnet with. Still should be fixed, obviously.

(It might work better as a targeted attack stealing browser cookies or something.)

02-06-2016, 09:32 AM	#473
knc1 Going Viral Posts: 17,212 Karma: 18210809 Join Date: Feb 2012 Location: Central Texas Device: No K1, PW2, KV, KOA	You still would need the 'jb' file on the root of the kindle. Ah, but anybody could write a file named 'jb' and sucker a person into putting it on their Kindle. The CERT/CVE thing is be sure all Kindle owners hear that they need to install 5.7.2 or not use the Kindle's browser for anything. Yup. Those 4 months of painful waiting by the Kindle owners was required. Note: my site is an 8-core machine connected to 10G/S backbone - it can jb a whole lot of kindles in a very short time. Ah, and I can disable it within seconds of knowing that is needed. Last edited by knc1; 02-06-2016 at 09:39 AM.

02-06-2016, 09:38 AM	#475
NiLuJe BLAM! Posts: 13,506 Karma: 26047202 Join Date: Jun 2010 Location: Paris, France Device: Kindle 2i, 3g, 4, 5w, PW, PW2, PW5; Kobo H2O, Forma, Elipsa, Sage, C2E	Yep, the various security concerns are also part of why @BD himself distributed it that way, and not already hosted . Speaking of, since I don't remember if @BD mentioned it here, I personally used this shiny Python DNS 'server' to handle the 'a' pointer, with the following config: Code: A ^a.$ 192.168.0.25 That obviously implies setting up the WiFi connection the 'advanced' way on the Kindle to set a custom DNS server (here, 192.168.0.25, which happened to be the local IP of my desktop at the time, which was also serving the directory over HTTP through Python [sudo python -m SimpleHTTPServer 80]). NOTE: I don't remember which domains OTAs are pushed through, but that could also be a roundabout way to blackhole them. Last edited by NiLuJe; 02-06-2016 at 01:11 PM.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
KINDLE DEAL: Released: A Story of God’s Power Released in Pro Baseball ($	gospelebooks	Deals and Resources (No Self-Promotion or Affiliate Links)	0	07-14-2011 09:12 PM
iPad iPad jailbreak released	scottjl	Apple Devices	25	05-08-2010 02:20 PM

02-06-2016, 08:47 AM	#468
Lord Taku Junior Member Posts: 3 Karma: 10 Join Date: Feb 2016 Device: K2, DX, PW, PW2, KV	kindlefere.com/jb/ method worked for me as well (KV 5.6.5, B053...) Was only able to use "Update_jailbreak_bridge_1.14.N_install.bin" from the link on page 19 of this thread though. The same file I had already downloaded earlier this week did not give me any "update" option, even though it was the same filename and -size. Thanks everybody!

02-06-2016, 09:27 AM	#472
aceflor Wizard Posts: 3,472 Karma: 48036360 Join Date: Aug 2009 Location: where the sun lives, or so they say Device: Pocketbook Era, Pocketbook Inkpad 4, Kobo Libra 2, Kindle Scribe	I confirm that your domain works since I used it . And I agree fully (and yes, pigs fly today) with you regarding the hazardous aspect of it (the hack) all. I used your domain because I needed it (using a windows tablet kind of sucks sometimes, I have no access to a PC anymore, and could not redirect the way I could have on my old linux machine), and because I trust you, but overall do not feel very comfortable about the ways, and now understand very well why you guys decided to pull the brakes a few months ago. Anyone could post here and give a domain name, and I am afraid that the majority will just go for it. It is scary.

02-06-2016, 09:45 AM	#478
NiLuJe BLAM! Posts: 13,506 Karma: 26047202 Join Date: Jun 2010 Location: Paris, France Device: Kindle 2i, 3g, 4, 5w, PW, PW2, PW5; Kobo H2O, Forma, Elipsa, Sage, C2E	You get to see the DNS queries live on the console with this, so it's just a matter of being quick enough to nix it ;p.