Tools Software Jailbreak for PW2, PW3, PW3W, KT2, KV, KOA and KT3

[Iceyz]

God damnit, bought new kindle pw3 for my partner, shipped with 5.8.2.1. Started to do the jailbreak procedure, registered the kindle, disconnected from the wifi straight away. Put it down to get dinner, came back and it had auto updated somehow to 5.8.9!!! Spewing. Never seen it do a backdoor update that quickly.

[baalajimaestro]

Quote:

Originally Posted by Iceyz

God damnit, bought new kindle pw3 for my partner, shipped with 5.8.2.1. Started to do the jailbreak procedure, registered the kindle, disconnected from the wifi straight away. Put it down to get dinner, came back and it had auto updated somehow to 5.8.9!!! Spewing. Never seen it do a backdoor update that quickly.

I dont think you can jailbreak with the curreny methods(a software jb cannot be done) however you can open up the kindle to do a serial jb.

[Antinoos]

As discussed above in this thread, for newer Kindle models it isn't really necessary to register with Amazon first. The "Update Your Kindle" menu entry needed for the downgrade to the initial factory build is there already right out of the box. No need to ever once connecting a brand new Kindle to Wifi before jailbreaking... You see: Shit happens...

BTW: My friend just confirmed that on his KT3 the jailbreak survived the 5.8.9.2 update without any trouble...

[knc1]

Quote:

Originally Posted by baalajimaestro

Sorry if my answer was very harsh on words. Just that you mentioned in spoiler tags that if KUAL 'install mrpackages' works and ;log mrpi doesnt then my JB survival code is missing or damaged. It was with caution that I dont ever want Amazon to poke in through any holes present in present Jailbreak. and then ending up bricking my Kindle PW2. Actually it doesnt matter for me if the ;log mrpi command doesnt work, but what if Amazon uses my damaged JB survival code to do something to the JB. As of now, i cannot JB again if my JB is lost(except serialport and i am very afraid of doing electronic surgeries). Because Hotfix keeps on being destroyed by MrPI and Update Your Kindle is grayed out if Hotfix is put in to /mnt/us.

The Dummy test update generates a log file to /mnt/us


Thank You,
B.Baalaji

I changed the offending sentence.
I.E to: only expect ;log mrpi to work on the devices it was intended for.

But still, people should not be surprised if it does work on other model/firmware combinations than intended.

Much, much easier than testing all devices and all firmware version combinations released over the last year.

[baalajimaestro]

Quote:

Originally Posted by knc1

I changed the offending sentence.
I.E to: only expect ;log mrpi to work on the devices it was intended for.

But still, people should not be surprised if it does work on other model/firmware combinations than intended.

Much, much easier than testing all devices and all firmware version combinations released over the last year.

@knc1: Thank you so much for your help and assistance. So how can i make sure if my jailbreak is all good sound health?
Only by that dummy update eh?

A Humble request to edit the first post of this thread so that people like me dont get confused with these things(;log mrpi stuff)

---------OFF TOPIC----------
BTW Can I chat through IRC Client. Accidental IRC crashed just upon opening.


Thank You,
B.Baalaji

[knc1]

Quote:

Originally Posted by baalajimaestro

@knc1: Thank you so much for your help and assistance. So how can i make sure if my jailbreak is all good sound health?
Only by that dummy update eh?

A Humble request to edit the first post of this thread so that people like me dont get confused with these things

---------OFF TOPIC----------
BTW Can I chat through IRC Client. Accidental IRC crashed just upon opening.


Thank You,
B.Baalaji

If one of our update_*.bin name format packages will install, the "jailbreak" (our signature certificate) is installed.

Which makes the following part of the test report redundant, since the package would not have been installed to print the information if our key was missing, but . . . .

Code:

** /etc/uks/pubdevkey01.pem **
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJn1jWU+xxVv/eRKfCPR9e47lP
WN2rH33z9QbfnqmCxBRLP6mMjGy6APyycQXg3nPi5fcb75alZo+Oh012HpMe9Lnp
eEgloIdm1E4LOsyrz4kttQtGRlzCErmBGt6+cAVEV86y2phOJ3mLk0Ek9UQXbIUf
rvyJnS2MKLG2cczjlQIDAQAB
-----END PUBLIC KEY-----

** /etc/uks/pubprodkey01.pem **
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxfpiZ1dbdSOgrikqXD6lESUrD
5l52nN50iMh2vDcmW/FzkPDv0eRf1ci6w3ifhmHwqDK9OYNnowPapzUHAiHukXjW
rOC3fZYzgAxzIPN4NyUw369zFK2AALZnXptc68D/xxtZ94porf+kLtw/4vF2NhHs
XtchrpvID+Jhkor8MQIDAQAB
-----END PUBLIC KEY-----

** /etc/uks/pubprodkey02.pem **
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsPdLjgYnOfFpEIquwD5Y
Qg/loxAJoVU+AQaZ3Wm8b7u3lf0TmKL/8RXz2VrXdrFGefiExM60PGELcajanhRy
1lJn0ZjP/s9Ez6E2H0sdPzz9aUomHkcvOWQux+MoYRInonwhsff1wmNd5mOhoc0i
M7d18WsuPbj4fzqb7hnZndwAD0moK2gpmeOByCJB+ovC7w2NYpjCXHHdsFyatV4r
YeAVT0pUfVXnkzFBTj3xxrdvLNIgpl38KqT8UGtivoD1Isx/KlbVT+Rg5q5K/SHm
TmGgixhq008QxVBJQfPGZ67/F4XVZ20/qnp0DK/vt/AHwMYMI+ECi43fm1PrH9d2
hwIDAQAB
-----END PUBLIC KEY-----

The first one is ours (the actual "jailbreak") the next two are Amazon's.

If you want those in human readable format, there are any number of tools available to decode them (including your browser).
Of course that includes the copy of OpenSSL that is installed on the Kindle.

= = = =

Sure you can, just use it on one of the device/firmware combinations it was intended for (KT or PW1).
Your welcome to re-build it for the other devices and 5.8.x series firmware.

[baalajimaestro]

Quote:

Originally Posted by knc1

If one of our update_*.bin name format packages will install, the "jailbreak" (our signature certificate) is installed.

Which makes the following part of the test report redundant, since the package would not have been installed to print the information if our key was missing, but . . . .

Code:

** /etc/uks/pubdevkey01.pem **
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJn1jWU+xxVv/eRKfCPR9e47lP
WN2rH33z9QbfnqmCxBRLP6mMjGy6APyycQXg3nPi5fcb75alZo+Oh012HpMe9Lnp
eEgloIdm1E4LOsyrz4kttQtGRlzCErmBGt6+cAVEV86y2phOJ3mLk0Ek9UQXbIUf
rvyJnS2MKLG2cczjlQIDAQAB
-----END PUBLIC KEY-----

** /etc/uks/pubprodkey01.pem **
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxfpiZ1dbdSOgrikqXD6lESUrD
5l52nN50iMh2vDcmW/FzkPDv0eRf1ci6w3ifhmHwqDK9OYNnowPapzUHAiHukXjW
rOC3fZYzgAxzIPN4NyUw369zFK2AALZnXptc68D/xxtZ94porf+kLtw/4vF2NhHs
XtchrpvID+Jhkor8MQIDAQAB
-----END PUBLIC KEY-----

** /etc/uks/pubprodkey02.pem **
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsPdLjgYnOfFpEIquwD5Y
Qg/loxAJoVU+AQaZ3Wm8b7u3lf0TmKL/8RXz2VrXdrFGefiExM60PGELcajanhRy
1lJn0ZjP/s9Ez6E2H0sdPzz9aUomHkcvOWQux+MoYRInonwhsff1wmNd5mOhoc0i
M7d18WsuPbj4fzqb7hnZndwAD0moK2gpmeOByCJB+ovC7w2NYpjCXHHdsFyatV4r
YeAVT0pUfVXnkzFBTj3xxrdvLNIgpl38KqT8UGtivoD1Isx/KlbVT+Rg5q5K/SHm
TmGgixhq008QxVBJQfPGZ67/F4XVZ20/qnp0DK/vt/AHwMYMI+ECi43fm1PrH9d2
hwIDAQAB
-----END PUBLIC KEY-----

The first one is ours (the actual "jailbreak") the next two are Amazon's.

If you want those in human readable format, there are any number of tools available to decode them (including your browser).
Of course that includes the copy of OpenSSL that is installed on the Kindle.

Do you refer to the developer.keystore aT /var/local/java/keystore?
coz there were three keys in it.

[knc1]

Quote:

Originally Posted by baalajimaestro

Do you refer to the developer.keystore aT /var/local/java/keystore?
coz there were three keys in it.

Nope.
You asked about the device 'jailbreak' you did not ask about the application keys.

If you want to know about the application keys, then give us all a clue by asking about them.

[baalajimaestro]

Quote:

Originally Posted by knc1

Nope.
You asked about the device 'jailbreak' you did not ask about the application keys.

If you want to know about the application keys, then give us all a clue by asking about them.

Well sorry but I'm just a beginner at these jailbreak stuff. So I tried quoting whatever i know about this.
So basicallyh jailbreak is all about installing a signature certificate that is showed up as a dev key?
And what is this developer.keystore?
Can you please educate me on this

Thank You,
B.Baalaji

[knc1]

Quote:

Originally Posted by baalajimaestro

Well sorry but I'm just a beginner at these jailbreak stuff. So I tried quoting whatever i know about this.
So basicallyh jailbreak is all about installing a signature certificate that is showed up as a dev key?
And what is this developer.keystore?
Can you please educate me on this

Thank You,
B.Baalaji

developer.keystore is the application key(s) for the Java applications.

The package signature certificate is only used to verify installation packages.
The application keys for Java are only used by Java for ??, well, whenever Java normally uses application keys.

The only thing in common with the updater's keyset and the Java keyset is that they live on the same device.

[Antinoos]

@balaalimaestro: I recognize that your're a kind of computer nerd, though not yet familiar with the a bit tricky jb thing...

In other words, simplified: There are two keystores in connection with the Kindle jb:

1) The device keys as a prerequisite for any further action. The main MR key is the one residing in the tiny gz archive file which you install via the ;installHtml command in the special factory firmware; it's number one in the codelist mentioned above. This is needed to run all the MR tools (like especially the hotfix code, but of course, KUAL, too).

2) The application keystore. This is a relatively large file (ca. 40 kb) which is part of the "hotfix" and resides in [userspace]/mkk/developer.keystore (in binary form - in the 7bit ASCII format as used above it would be much larger...). It gets installed via the hotfix installation process, contains (nearly) all public Java developer keys for all and any Kindle tools, hacks and apps. Even for such "exotic" ones like KindCalc (which is no longer maintained, only works with low res Kindles (600*800 screen, 167 dpi), but then it really does a good job).

[baalajimaestro]

Thank you so much @Antinoos for your explainations. Amazon can never have an access to /mnt/us/documents but what about these keys which are placed in places far away from the documents folder. Cant amazon intervene to delete all of these. Is this why a jailbreak bridge is used?
And how does a factory reset clean up all these keys as it never formats the whole system AFAIK. Can anyone explain me regarding this?

B.Baalaji

[knc1]

Quote:

Originally Posted by baalajimaestro

Thank you so much @Antinoos for your explainations. Amazon can never have an access to /mnt/us/documents but what about these keys which are placed in places far away from the documents folder. Cant amazon intervene to delete all of these. Is this why a jailbreak bridge is used?
And how does a factory reset clean up all these keys as it never formats the whole system AFAIK. Can anyone explain me regarding this?

B.Baalaji

Correct, it does not.

But it does wipe the backup copies and installation scripting in the "hidden" user storage area, /var/local

Amazon uses a full image of the system partition for their update.
"That" is what over-writes the keys.

With the order of:

• Reset
• Image update

You are back to Amazon 'stock' state.

With the order of:

• Image update
• Reset

(An image update ends with a system reboot, which runs the automatic re-install code for the keys (all of them) ).
That is, the jailbreak and its supporting files makes the jailbreak "viral".
You don't install a jailbreak to a Kindle, you infect the Kindle with the jailbreak.

So once the system is back up, where you can press "Reset" the keys have already been restored.

All the above action order does is wipe everything EXCEPT the keys. So this order of actions can be recovered from.

So the simplest advice to give anyone other than a system developer is:
"Do not ever touch 'Reset', never, ever. "

[baalajimaestro]

Quote:

Originally Posted by knc1

Correct, it does not.

But it does wipe the backup copies and installation scripting in the "hidden" user storage area, /var/local

Amazon uses a full image of the system partition for their update.
"That" is what over-writes the keys.

With the order of:

• Reset
• Image update

You are back to Amazon 'stock' state.

With the order of:

• Image update
• Reset

(An image update ends with a system reboot, which runs the automatic re-install code for the keys (all of them) ).
That is, the jailbreak and its supporting files makes the jailbreak "viral".
You don't install a jailbreak to a Kindle, you infect the Kindle with the jailbreak.

So once the system is back up, where you can press "Reset" the keys have already been restored.

All the above action order does is wipe everything EXCEPT the keys. So this order of actions can be recovered from.

So the simplest advice to give anyone other than a system developer is:
"Do not ever touch 'Reset', never, ever. "

Thank you for your elaborate explainations. So a jailbreak bridge is a script that runs just after a firmware update. **---deleted for safety---**
Yes I enabled parental controls which can prevent everyone from touching that never touch button.


I WOULD RECOMMEND EVERYONE TO ENABLE PARENTAL CONTROLS ALL THE TIME LOCKING SOMETHING LIKE GOODREADS WHICH THEY NEVER USE. THIS COULD PREVENT ACCIDENTAL TOUCHES. BUT WATONLY TOUCHES MAKES YOU SOL

Thank You,
B.Baalaji

[Iceyz]

Quote:

Originally Posted by baalajimaestro

I dont think you can jailbreak with the curreny methods(a software jb cannot be done) however you can open up the kindle to do a serial jb.

These devices don't seem to go back together cleanly, I'm reluctant to crack one open. Besides, the wiki doesn't reference any serial pads for the PW3 specifically. Does anyone know if they're still there?

Quote:

Originally Posted by Antinoos

As discussed above in this thread, for newer Kindle models it isn't really necessary to register with Amazon first. The "Update Your Kindle" menu entry needed for the downgrade to the initial factory build is there already right out of the box. No need to ever once connecting a brand new Kindle to Wifi before jailbreaking... You see: Shit happens...

Well it might be in the thread's 1919 posts somewhere, but that's contrary to the instructions in step zero of the first post.

Now I just hope that someone is working on a JB for the more up to date versions. One post I read somewhere said that nobody is presently?

Quote:

Originally Posted by Antinoos

BTW: My friend just confirmed that on his KT3 the jailbreak survived the 5.8.9.2 update without any trouble...

Good, I've left mine on 5.8.7 and it seems to have some different menu options to my partners (now) 5.8.9.2. I'd be keen to upgrade but only now I know the JB survives.