Tools AdBreak - experimental JB for ad-supported devices (5.18.1-5.18.5)

[arnel]

Will this work on 5.18.5.01 ?

edit: never mind. my kindle is ads free

[hhhhhhhhh]

Quote:

Originally Posted by arnel

Will this work on 5.18.5.01 ?

I don't believe 5.18.5.0.1 patches this, since it was out before AdBreak was even released. However, this version has only been released through OTA updates so my automated firmware downloader script can't collect the required offsets.

Marek has a script for getting the OTA update URLs, assuming you're able to collect the Amazon token from /var/local/token/

So far I've only been able to collect for my own device.

Quote:

'455679': { memcpy_got: 0xbe4ac, xml_got: 0xbebd8, memcpy_offset: 0x94c00, system_offset: 0x42938 }, // kindle_basic_2024_5.18.5.0.1

TLDR: Currently no but probably possible, avoid updating.

[hhhhhhhhh]

Quote:

Originally Posted by hhhhhhhhh

So far I've only been able to collect for my own device.

Actually reading Marek's script, it may be possible to get the OTA firmware for other devices with just my own token. Thought they restricted it for some reason. Already asked Marek and I'll look into it.

[hhhhhhhhh]

Quote:

Originally Posted by hhhhhhhhh

Actually reading Marek's script, it may be possible to get the OTA firmware for other devices with just my own token. Thought they restricted it for some reason. Already asked Marek and I'll look into it.

Nevermind, apparently the OTA downloads are restricted Exploit either needs improving to not rely on an offset table or multiple people would need to collect OTA download URLs for 5.18.5.0.1.

[gt346]

Quote:

Originally Posted by hhhhhhhhh

I don't believe 5.18.5.0.1 patches this, since it was out before AdBreak was even released. However, this version has only been released through OTA updates so my automated firmware downloader script can't collect the required offsets.

I just updated to 5.18.5.0.1 and can confirm that the jailbreak does not work on this version.

As I posted earlier in the thread, I was having trouble getting it to work on 5.18.5 and realized it might be because Amazon was trying force an OTA update. My drive was already filled with only 20MB free, and yet it would still download a 300MB update file to the root directory somehow. I kept deleting it with Airplane mode turned on before trying the jailbreak, but couldn't get the hotfix to run after the jailbreak.

So I figured "Why not let it OTA update and see what happens?" Bad news is it won't jailbreak now. But it wouldn't let me run the hotfix before the OTA update, so it's just a different kind of broken.

Could the jailbreak be made to work if 15.8.5.0.1 were available for download from Amazon?

[gt346]

Nevermind, I got the jailbreak working on my PW6 running 15.8.5.0.1.

I appended the following line to the offsets definitions in adbreak.html:

Code:

'455680': { memcpy_got: 0xbe4ac, xml_got: 0xbebd8, memcpy_offset: 0x94c00, system_offset: 0x42938 }, // fs_update_kindle_all_new_paperwhite_12th_5.18.5.0.1

I got the '455680' from the popup when I ran the original jailbreak on 15.8.5.0.1, and copied everything else from the 15.8.5 firmware. Those addresses didn't change between 15.8.4 and 15.8.4.0.1, so I figured maybe they didn't change for 15.8.5.0.1 either.

It worked for me, but DYODD and all that.

[arnel]

Quote:

Originally Posted by gt346

Nevermind, I got the jailbreak working on my PW6 running 15.8.5.0.1.

I appended the following line to the offsets definitions in adbreak.html:

Code:

'455680': { memcpy_got: 0xbe4ac, xml_got: 0xbebd8, memcpy_offset: 0x94c00, system_offset: 0x42938 }, // fs_update_kindle_all_new_paperwhite_12th_5.18.5.0.1

I got the '455680' from the popup when I ran the original jailbreak on 15.8.5.0.1, and copied everything else from the 15.8.5 firmware. Those addresses didn't change between 15.8.4 and 15.8.4.0.1, so I figured maybe they didn't change for 15.8.5.0.1 either.

It worked for me, but DYODD and all that.

Never jailbroken mine before. Is there another way to get it?

[mlyxshi]

Quote:

Originally Posted by gt346

Nevermind, I got the jailbreak working on my PW6 running 15.8.5.0.1.

I appended the following line to the offsets definitions in adbreak.html:

Code:

'455680': { memcpy_got: 0xbe4ac, xml_got: 0xbebd8, memcpy_offset: 0x94c00, system_offset: 0x42938 }, // fs_update_kindle_all_new_paperwhite_12th_5.18.5.0.1

I got the '455680' from the popup when I ran the original jailbreak on 15.8.5.0.1, and copied everything else from the 15.8.5 firmware. Those addresses didn't change between 15.8.4 and 15.8.4.0.1, so I figured maybe they didn't change for 15.8.5.0.1 either.

It worked for me, but DYODD and all that.

This also works on 5.18.5.0.1 for paperwhite 11th.

Code:

  '455681': { memcpy_got: 0xac740, xml_got: 0xace88, memcpy_offset: 0x7e0c0, system_offset: 0x39b48 }, // fs_update_kindle_all_new_paperwhite_11th_5.18.5.0.1

[gt346]

Quote:

Originally Posted by mlyxshi

This also works on 5.18.5.0.1 for paperwhite 11th.

Code:

  '455681': { memcpy_got: 0xac740, xml_got: 0xace88, memcpy_offset: 0x7e0c0, system_offset: 0x39b48 }, // fs_update_kindle_all_new_paperwhite_11th_5.18.5.0.1

Awesome, thanks for sharing!

[lp1900]

dude, you're the real mvp!

[neusph]

I was able to activate the jailbreak (JB), however, I'm facing some issues proceeding with the next installations. I have a Paperwhite 12th gen (PW6) with firmware 5.18.5.0.1.

I've read that newer models only appear as MTP devices instead of UMS when plugged in via USB.

Therefore, when following the instructions for re-enabling the Store (https://kindlemodding.org/jailbreaki...ling-the-store) and installing KOReader (https://kindlemodding.org/jailbreaki...lling-koreader), I'm unable to proceed.

Does anyone know what I can do to solve this?

[Frogm4n]

You had to already be able to copy files off and on to even do the jailbreak. Just do what you already did.

[neusph]

Quote:

Originally Posted by neusph

installing KOReader (https://kindlemodding.org/jailbreaki...lling-koreader), I'm unable to proceed.

Does anyone know what I can do to solve this?

I did the 'Alternative Download Method' and worked. Only the store isn't working now.

[neusph]

Quote:

Originally Posted by Frogm4n

You had to already be able to copy files off and on to even do the jailbreak. Just do what you already did.

Oh yes, but my issue is that the folder .active_content_sandbox doesn't appears to me, so I tought that should be something related to this MTP/UMS connection.

[Tomineba]

Hi, I can't jailbreak my Kindle 10th. It's on version 5.18.1, and when I installed AdBreak and clicked "Special Offers," instead of showing "Bang!" it showed my version number (336034). After clicking "Ok," nothing else showed up. It's probably because my version number isn't in adbreak.html, but when I looked at the file, it showed my model "fs_update_kindle_10th_5.18.1" but had a different number, for some reason "441759". So I went to https://www.amazon.com/gp/help/custo...deId=200203720 and found that this version number is only in the "Kindle Paperwhite (10th Generation)" section and the "Kindle_src_5.10.1.2_3360340004.tar.gz" version, and I don't have that version, let alone the Paperwhite model.
Can anyone help me?

https://imgur.com/a/rLOjUmV
https://imgur.com/a/M8C3ywJ