Tools 5.18.6 JB for PW5/PW5SE/KT5

[hhhhhhhhh]

This is a (poorly) adapted version of the Chromium bug CVE-2020-16040 for the Kindle Browser. Hopefully it can serve as a more convenient jailbreak for these models that doesn't require registration.

Guide:

Quote:

1. Ensure your Kindle is filled and there is no space to automatically update. The jailbreak process involves connecting to the Internet.
2. Extract kindle_files.zip and copy the three files inside to the root of the Kindle
3. Visit https://kindlemodding.org/nosb using the Kindle browser and follow the instructions
4. Follow the usual steps to install the hotfix - https://kindlemodding.org/jailbreaki...eak/index.html

Before 5.19.2, Amazon used incorrect command line flags in an attempt to disable Just-in-time (JIT) compilation and make the ancient version of Chromium more secure. The PW5/KT5 both run without the Chromium sandbox enabled, meaning no sandbox escape is needed to jailbreak the device. This will not work without a sandbox escape on most other Kindles.

Credits:
Rajvardhan Agarwal (r4j) - Original CVE-2020-16040 POC
HackerDude - jb.sh script

[aaaaaaaaaagh]

Quote:

Originally Posted by hhhhhhhhh

This is a (poorly) adapted version of the Chromium bug CVE-2020-16040 for the Kindle Browser. Hopefully it can serve as a more convenient jailbreak for these models that doesn't require registration.

Think this could work with other models? Willing to test it on my KPW11SE tonight or is that a no-go? Miffed that an automatic update before I could stop it ruined my chances of jailbreaking...

[shamanNS]

"KPW11SE" is just "SE" of PW5 ( = what we here use as a name for device that Amazon calls "Kindle Paperwhite 11th Generation"). Sooo, that would be a "PW5SE" mentioned in the title. So yes, it should work.

[aaaaaaaaaagh]

Quote:

"KPW11SE" is just "SE" of PW5 ( = what we here use as a name for device that Amazon calls "Kindle Paperwhite 11th Generation"). Sooo, that would be a "PW5SE" mentioned in the title. So yes, it should work.

Thanks! I'm sooo new to this lol! didn't realise the 11th gen was PW5. I'm home now with USB into the kindle so I'll run it and let you know how it goes

[j.p.s]

Have a look at this for kindle nicknames:
https://wiki.mobileread.com/wiki/Kindle_Serial_Numbers

[aaaaaaaaaagh]

Log of how it went:
- Opened on Airplane, ensured firmware version 5.18.6
- Filled up the space, reads 0.00 GB of 27.30 GB
- Opened the website. Big picture of Jeff Bezos' face with an "L" on his forehead, tells me to press the L to jailbreak
- Pressed a few times, doesn't seem to do anything. Paused to type this and it goes back to the main menu saying"Application Error. The selected application could not be started. Please try again."
- Trying again.
- Looked like nothing happened at first but got text overlay on screen showing nosb jailbreak and a "finished jailbreak, please install HOTFIX now" message!!!!!!
- Installing hotfix:
- Put back in airplane mode
- Downloaded hotfix file
- Plugged in USB and deleted a single 10MB space-filling file to allow enough space for hotfix
- Dropped into root
- No other .bin files...
- Ejected, unplugged...
- On Kindle navigated to "Update your Kindle" and accepted update
- IT'S WORKING!
- Couple minutes later back to home screen with "Run Hotfix" book. Tapped and run!

@hhhhhhhhh a massive thank you to you and everyone else involved, fantastic effort!

[Frogm4n]

Be sure to install and activate an OTA blocker before putting it back online, esp. if you've freed up space.

[hhhhhhhhh]

I was made aware of a Reddit post that falsely claimed Nosebleed contained a backdoor. The author of the post has since deleted it and I believe they likely used an LLM to "reverse engineer" the jailbreak.

HackerDude has already reviewed the code here and confirmed it does not contain a backdoor:
https://github.com/KindleModding/kin....io/issues/130

None of the code is obfuscated and you're free to review it yourself. Obviously be careful when installing any Kindle mods from strangers, but take information with a pinch of salt.

[alllexx]

Thanks a lot, worked like a charm on my PW5SE! After amazon pushed a UI update that broke the way I was using dictionaries, I decided to jailbreak and go with Koreader, but discovered that 5.18.6 I was on was unbreakable. So, I stayed in airplane mode ever since waiting for a new exploit.

Steps that I took.
1. Unpacked kindle_files.zip to the kindle storage root.
2. Filled memory until it was 0 bites free. Used dd for this to first create a 10M file (for Update_hotfix_universal.bin later) then filled the rest with 4095M blobs (max that fat32 supports) and one smaller blob to fill the remainder.
3. Turned on WiFi, opened https://kindlemodding.org/nosb in the browser and pressed "L". The browser crashed with an error, and after a bit I got text on top of the UI saying that jailbreak was successful and prompting me to install the hotfix.
4. Installed the hotfix after removing the 10M blob (that gave enough room on the storage for it).
5. Installed KUAL and disabled OTA per https://kindlemodding.org/jailbreaki...sable-ota.html
6. Freed up the storage from those dd blobs
7. Done. Now I could finally switch to Koreader

[rantanplan]

JB went well for my PW2022. Though some of the steps are scarily slow.

[blue555]

This method doesn't seem to work on my KT5 (version 2024). After entering the URL and clicking the "L" letter, the browser doesn't crash (the system version is 5..18.6)

[hhhhhhhhh]

Quote:

Originally Posted by blue555

This method doesn't seem to work on my KT5 (version 2024). After entering the URL and clicking the "L" letter, the browser doesn't crash (the system version is 5..18.6)

Kindle 11th Generation (2024) is a KT6, not a KT5. There is no jailbreak for your device yet.