Interesting Ground for a Possible Jailbreak

[tyTheDev]

I found a way to change the contents of the kindle store, and a possible new UYK method. The update may have to be crafted, but I found that by changing the contents of /mnt/us/.active_content_sandbox/store/resource/cachedResources , we can actually get an UYK package to start to sideload, but it will give an error code U007 (invalid signature), followed by U004 (about half of the time, means update missing). Could someone take a look at this?
Also, it's probably pointless unless we get the dev keys on the device using the Kindle store. I was using the 5.6.5 JB as testing in the store, and... it doesn't crash.

[knc1]

Now all you have to do is get Amazon/Lab126 to give you a copy of their private key.
Let us know if you make any progress with that. Once you have that, KindleTool will create a valid package for you.

[tyTheDev]

Quote:

Originally Posted by knc1

Now all you have to do is get Amazon/Lab126 to give you a copy of their private key.
Let us know if you make any progress with that. Once you have that, KindleTool will create a valid package for you.

That, or someone could find a way to add a Jailbreak.

[NiLuJe]

Reminder: stuff is sandboxed now, and it also probably doesn't run as root. Also, busybox has been updated, no more tarbombs.

Because pretty much anyone can craft an actual update package (or the various other things that go through a simile of the OTA updater) that goes far enough to throw a U007, nothing fancy required there .

[kdusr]

Quote:

Originally Posted by knc1

Now all you have to do is get Amazon/Lab126 to give you a copy of their private key.
Let us know if you make any progress with that. Once you have that, KindleTool will create a valid package for you.

is that possible to brute force crack the private key with a powerful machine？

[NiLuJe]

The shortest one is a 1024bits RSA key. The current one is twice that.

I *think* both of 'em currently lie in the quantum-computer realm of being breakable in human time.

[anunay]

Okay Bruteforce is running, brb with results in about a million years.

[Quoth]

https://xkcd.com/538/
and
https://www.theregister.co.uk/2020/0...sec_ksk_delay/

See also "evil maid" attacks on laptops owned by important people.

[Junket]

Quote:

Originally Posted by kdusr

is that possible to brute force crack the private key with a powerful machine

Baring a breakthrough in quantum computing or cryptography, no one is going to be brute forcing 2,048-bit keys anytime soon. Consider that there are hundreds of billions of dollars of bitcoin sitting behind 256-bit keys, and no one is walking off with those yet.

But it's not impossible either. A 1,039-bit integer was factored with the special number field sieve using 400 computers over 11 months back in 2007. Which would be roughly equivalent to breaking a 700-bit RSA key. And targeted attacks like the Logjam attack can seriously compromise key strength in certain scenarios.

Breaking 1,024-bit keys is thought to be within reach, possibly already in hand for the NSA if they have classified knowledge of algorithmic weaknesses. 2,000 qubit quantum computers are now available as well and some think this will lead to exponential gains in computational power.