Tools Serial Jailbreaking your fw >= 5.6.x Kindle for Dummies

[knc1]

Quote:

Originally Posted by jscris

This is wonderful! Can we assume it will work the same for a Voyage with 5.6.5?

Work the same - yes
Identical physical layout - no - - but it should be close enough that you will not have any trouble.

= = = =

Just to be clear:
Any firmware version in the 5.x.y series.
Any touchscreen Kindle model (with physical layout variations).
The title is the result of the model the directions where developed on.

[angomania]

Well done! Nice tutorial. Thank you!

[DennisH]

Great job. It goes to show that anyone with a mind to do it can do so.

I have done several of these now, one by soldering and the rest with the same foam, pins and sticky tape. I have not removed the battery and cables on any of them and have had no problems. Of course, the devices were in normal power off mode while the connections were made and powered on again to install the jailbreak.

The TTL-232RG-VREG1V8-WE cable I used is powered from the usb port and has a built in 1.8v regulator so the I/O levels were set correctly and the voltage (V) lead was not required.

The Jim's microftx mode 2 has usb powered 3.3v I/O and should work safely with two silicon signal diodes in series in the transmit line. The two diodes would drop the tx signal voltage by about 1.4V. The rx side would most likely work as is. It is one way to avoid having to install a voltage connection.

[palbeda]

I have quite some experience with SMD soldering, but I would like to confirm that (should you decided to solder wires to the serial port) you should be extreemly carefull as the contacts let go very easy.

Therefore I think the suggestion to use pins instead of soldering is a very good one. Ground is easy to find on different places. Personally I have used an external 1.8V powersupply with a current limiter to feed the serial converter, to connect as little wires to the Kindle as possible.

I used a simpler converter, but I had no luck, as the level converter did not work well. So I would strongly advise to use the suggested converter (which is on order for me now)...

To the initiator for this thread:

[stupidhaiku]

Just followed your guide and I am now the proud owner of a Jailbroken Voyage.

Like many I think I was disappointed when the Jailbreak fell through as I've been hoping for one since I got my Voyage last year. I was afraid to solder the fine points on the Kindle since the only iron I own is way too big for the job and my soldering skills are rudimentary at best. The nonappearance of the JB, coupled with DennisH's solderless "pin" method and this guide showing up inspired me to take the leap, however.

I wanted to provide some Voyage-specific feedback to hopefully help anyone using a Voyage as a few things were different.

Here you can see the four attachment points on the top bezel, prying these up is the first step.



Remember if you don't have opening tools a screwdriver can do a number on the plastic -- try getting a few cheap guitar picks from a local music store as they're thin, but strong.

This shiny top plastic part is pretty thin and could probably be broken easily. There's a bit of glue to deal with on this part as well and if you pried from the top only you could be in danger of breaking or bending the plastic as most of the glue is at the bottom of the piece. If you have something you can stick in there to pry it from the middle and then the back that would be best. Here's a picture of the top bezel removed, which I think shows the glue you have to deal with and where it would be located pretty well. There's a bit on the grey metal as well.



That was actually the hardest part of disassembly. You have to remove the 4 screws on the grey metal part (keep in mind the two toward the bottom end of the kindle are different than the two on top) then slide the whole back down toward the bottom of the kindle. It will come off without any tools if you just work it.

That's it for disassembly.

The serial port is fairly easy to locate. I've marked it below.



The hard part was locating the reference voltage joint. I couldn't find anything on the forums and was actually going to post and ask when I noticed the iFixit image of the KV mainboard, specifically this:



Will post more when I'm able -- though you can probably guess most of the rest.

[big_leopard]

Can I use this board for jailbreaking?
http://www.amazon.co.uk/UART-CP2102-.../dp/B00AFRXKFU
It has 6 pins:
TXD-RXD-GND-5V-DTR-3.3V

[stupidhaiku]

So after I found the 1v8 (verified that it was 1.81v with a multimeter) the rest of the hardware side was pretty straightforward, except for one little interesting mishap. See the small copper pad labeled J1350 in this picture? (The tape is holding the power connector from the battery back.)



I was trying to take this connector off with my tweezers, but when I touched the J1350 pad I saw a small but very visible spark. Fearing that I'd bricked my favorite little gadget I immediately tried to power it on. The screen was blank for a few seconds then started booting as though I'd switched it completely off. Curious, I stuck my multimeter on it (grounded on one of the plates this time of course) and got a reading of ~4.06v. Also interestingly, when I got done taking the reading and turned the device back on, it restarted itself again. Any idea what this is or what I was doing?

Anyway, back to the productive stuff. Here's the great Cthulhu, taped down as these connections are pretty fragile since they're just wire looped into the holes on the usb board. I put tape on the wires to keep track of which is which -- something I wouldn't do in retrospect as there are only 4 of them and the tape just got in the way.



Next I looped the grounding so the exposed section was in a circle and taped it to one of the shielding plates, and twisted the rest of the wires to sewing pins. I tried using cardboard at first to place the pins in but wouldn't recommend it as it was far more finicky than foam. Also you might need to put some pressure on the bottom of whatever material you use and push the pin through a little extra while doing so, since when you push the pin the material will flex and will then pull away from the connection points when you release pressure.

Here's the final setup. White is voltage, yellow is connected to tx on the kindle and rx on the MicroFTX, red is rx - Kindle / tx - board. You can see the big "G" where the grounding wire was looped and attached. I got a really good connection on the voltage pin so I taped it down so as not to jiggle it at all.



Next was all software. Note that I had to reboot the computer to get the COM3 port to show.

Since I was using the pin method the kindle itself was face-down the whole time so I didn't get to see the screen while running through PuTTY. When I rebooted (boy was it great to see the output on the screen though!) it seemed to do just fine, with me interrupting boot then doing bootm 0xE41000. The boot then seemed to stop with the line "sock_init 1888". Note that I never got the diags menu that you show. It just sat at that line for a while. So I tried typing commands and none of them seemed to work so I tried "exit" and got the following:

Code:

get_input_from_stdin Received [EXIT]
        EXIT : command not found
        Usage:
        EXIT DISABLE
        EXIT FASTBOOT
        EXIT LOGIN
        EXIT REBOOT
        EXIT WEB

At first I rebooted, thinking that maybe a second try would do the trick but the same thing happened. This time I typed

Code:

exit login

and got the login prompt! I figured since this was the whole point anyway it would work out (and it did!).
Once logged in, I followed your instructions until editing in vi. You forgot to put :q quits the program (had to look it up) . Everything else went great though. I then followed your instructions to the letter until I got to running jb.sh -- I'm sure it should have been obvious but your instructions say

Quote:

Copy all of the files from the jailbreak .ZIP to the base directory on the kindle

and I blindly just unpacked the kindle-jailbreak-1.14.N-r12627.tar.xz to the root directory, without realizing I had to have unpacked the kindle-5.4-jailbreak.zip as well! You might want to specify that for dummies like me. Anyway, I remembered there was a bash unzipping utility so I did (after some bungling)

Code:

unzip kindle-5.4-jailbreak.zip

and was then able to do 'sh jb.sh' without a problem.

For the morbidly curious and in case it might contain some info of use to someone or you just want to laugh at me bungling at a command line, here's a pastebin of the PuTTY log.

Oh, and to you and everyone else who has done such a great job working on this stuff, including you, DennisH, knc1, NiLuJe, and everyone else who has done so much to help with the public knowledge of our devices, I just wanted to say:



(custom screensaver from the screensaver hack)

[knc1]

Quote:

Originally Posted by stupidhaiku

- - - -
When I rebooted (boy was it great to see the output on the screen though!) it seemed to do just fine, with me interrupting boot then doing bootm 0xE41000. The boot then seemed to stop with the line "sock_init 1888".
- - - -

Must be waiting for a nfs server to answer.

In one of the posts I made when 5.6 and the 2015 devices where new, I broke out the initramfs (which is GPLv2) for people to study.
There I showed that nfs client application was included.

If anyone ran that attached irfs binary through ida and learned any more about it, they certainly didn't post about it here.

[DennisH]

stupidhaiku,

If you look through your Puttylog you will find quite a number of battery voltage reports during the various reboot attempts. The battery voltages range from 4.013v to 4.030v with quite a few readings in between. So it is almost certain that there is raw battery voltage on the small copper pad you mentioned. The spark was most likely a direct short to ground which could have several effects. Two guesses of what happened might be tripping a high current thermal fuse in the battery (if this particular battery does have one) which would normally reset when the current stabilises or an induced low voltage brown out condition on the processor (caused by the temporary short to ground) which would cause the processor to reboot. I haven't looked at the specs of this particular processor but the atmega microprocessors that I normally work with have such a brown out function.

The good news is that now you have found out how easy it is to actually do the job you won't hesitate to try it again should the need arise.

What I found and you have shown also is that it is very easy to set up temporary connections with just a few wires and some tape which are plenty good enough to install the jailbreak.

[big_leopard]

Quote:

Originally Posted by big_leopard

Can I use this board for jailbreaking?
http://www.amazon.co.uk/UART-CP2102-.../dp/B00AFRXKFU
It has 6 pins:
TXD-RXD-GND-5V-DTR-3.3V

Can anybody help me?
Can I use 3.3v pin instead of 1.8v?
And all the code in this thread will work with this board?

Thanks in advance.

[knc1]

Quote:

Originally Posted by big_leopard

Can anybody help me?
Can I use 3.3v pin instead of 1.8v?
And all the code in this thread will work with this board?

Thanks in advance.

If you have to ask that, you haven't read what is posted about serial jailbreaking here (this isn't the only thread on the topic).

Jailbreaking a Kindle over the serial port requires a person who reads the directions.
Seriously, it really, really does require reading and following directions.
So don't even try this yourself.

[big_leopard]

Quote:

Originally Posted by knc1

If you have to ask that, you haven't read what is posted about serial jailbreaking here (this isn't the only thread on the topic).

Jailbreaking a Kindle over the serial port requires a person who reads the directions.
Seriously, it really, really does require reading and following directions.
So don't even try this yourself.

Thanks for your reply.
If you think I don't read this directions, you're wrong, I have read it many times, and all the relative post but I have dificulty on finding a break board mentioned in this thread.
I known the directions say that if I use 3.3v or 5v IO pin, it will destroys my chip, but in this picture, the IO pins is set in 1.8v-3.3v


and I don't know if the 3.3v signal in this board is the same as 1.8-3.3v in Jim's Board

If not, can I reduced the voltage from 3.3 to 1.8 to use (by using a diode, or...)

(Sorry for my bad English)

[knc1]

Quote:

Originally Posted by big_leopard

Thanks for your reply.
If you think I don't read this directions, you're wrong, I have read it many times, and all the relative post but I have dificulty on finding a break board mentioned in this thread.
I known the directions say that if I use 3.3v or 5v IO pin, it will destroys my chip, but in this picture, the IO pins is set in 1.8v-3.3v


and I don't know if the 3.3v signal in this board is the same as 1.8-3.3v in Jim's Board

If not, can I reduced the voltage from 3.3 to 1.8 to use (by using a diode, or...)

(Sorry for my bad English)

The highlighted pin and information is about the range of reference voltage input allowed.

For the other board, the sales link you provided did not include links to a data sheet.
So you have to ask the seller (who probably doesn't know either).

Why not just use the wire ended, 1.8 volt, interface cable that we recommend?
It is available from a number of distributors with world-wide distribution.
Just web-search the part number.
Which is: TTL-232RG-VREG1V8-WE

The manufacturers' page:
http://www.ftdichip.com/Products/Cab...BTTLSerial.htm
Check out the sales network information for a distributor near you.

[maz_net_au]

Hi,
Thanks for the consolidated guide. It was much easier than digging about the forums for small bits of info.

I had jailbroken my device a while ago but someone turned my wifi on when borrowing it and amazon hit me with a sly update (I fixed it so that won't happen again).

I just wanted to say that I have converted the python script that gets the root password into a javascript function @ http://www.hardanswers.net/amazon-kindle-root-password which saves installing python on windows.

oh, and i think :w writes out the file in vi, then needs :x to exit.
Maz

[knc1]

Quote:

Originally Posted by maz_net_au

Hi,
Thanks for the consolidated guide. It was much easier than digging about the forums for small bits of info.

I had jailbroken my device a while ago but someone turned my wifi on when borrowing it and amazon hit me with a sly update (I fixed it so that won't happen again).

I just wanted to say that I have converted the python script that gets the root password into a javascript function @ http://www.hardanswers.net/amazon-kindle-root-password which saves installing python on windows.

oh, and i think :w writes out the file in vi, then needs :x to exit.
Maz

There are several 'complete' sets of instructions here, if you look for them.
They do not all document the same procedure but get the same result.

You only need the Kindle password (to the root user's account in the diags system (Kindles are dual boot systems)) if your going to work from the diags system.
(These directions do it that way.)

KindleTool is the recommended way to get the password from the serial number - it is kept upto date with Amazon changes to the algorithum.

Set the index filter to 'tools', click 'show threads', look for NiLuJe's snapshots, the most recent KindleTool will be near the bottom of the page.
Posted as binaries for Linux, MacOSx and even for Windows.