5.6.5 Jailbreak (closed-kindle) -- released!

[Cinisajoy]

Quote:

Originally Posted by gabbia

alright illl scroll. although im not too sure scrolling 80 pages and developing exploits can be compared...two different kinds of skill

EDIT: can't find it. i searched through the original dev's posts.
all i can gather so far is that there is most probably some sort of overflow going on, and i can't understand ;fc-cache in the browser

EDIT2: also, there must be something going on with the long url @stage1, and also the main exploit is that magicfun i guess. just can't figure out how he gets "jb" script to execute...

EDIT3: also that html frame in "frame.html" makes no fucking sense to me..

EDIT4: from what i can gather:
- arbitrary bash commands can be executed on the device. root execution is left up to the exploit (i gather this from the fact you guys say only jb needs to be put into the device)
- there is probably an injection exploit in the browser's search feature ";fc-cache"
- the main concept is all about filling up the heap with memory until the bash script is able to write to /etc/uks/pubdevkey01.pem
- i still don't understand where the "jb" gets called nor how magicfun helps out with writing to that root protected file...also there are some things which _seem_ unnecessary to me. like that "magic string" that gets passed to magicfun...does it have to be weird unicode stuff or can it just be something else?

If you don't fully understand what was said, don't attempt it.
Oh and I can't answer your questions because I am not sure of the answers myself.

[gabbia]

Quote:

Originally Posted by Cinisajoy

If you don't fully understand what was said, don't attempt it.

don't attempt what? i haven't got a kindle yet so im not gonna be jailbreaking it immediatly...

i understand what was said i just don't fully understand the nature of the exploit.
- how do some parts of code get executed. is shell access actually this easy on a kindle?
- how does that memory exploit work? it's not really apparent to the untrained js eye, and also there are no comments in the code.

im trying to gather some info about the previous kindle jailbreaks because i want to have a go at it myself this summer you see...

Quote:

Originally Posted by Cinisajoy

Oh and I can't answer your questions because I am not sure of the answers myself.

that's alright, thanks for the reply.
im looking for some comunication with the other jailbreak devs on these issues...because just the technical information (as opposed to the actual binary exploits) is so hard to find

EDIT: im also available on the forum's irc #kindle-dev if someone wants to have a more technical chat

[knc1]

You really should be communicating with Branch Delay.
And best that you use the site's PM system.

These text posts and IRC are read by Lab126.

[Cinisajoy]

Quote:

Originally Posted by gabbia

don't attempt what? i haven't got a kindle yet so im not gonna be jailbreaking it immediatly...

i understand what was said i just don't fully understand the nature of the exploit.
- how do some parts of code get executed. is shell access actually this easy on a kindle?
- how does that memory exploit work? it's not really apparent to the untrained js eye, and also there are no comments in the code.

im trying to gather some info about the previous kindle jailbreaks because i want to have a go at it myself this summer you see...



that's alright, thanks for the reply.
im looking for some comunication with the other jailbreak devs on these issues...because just the technical information (as opposed to the actual binary exploits) is so hard to find

EDIT: im also available on the forum's irc #kindle-dev if someone wants to have a more technical chat

Ok, now I understand your questions.
As per getting an answer to them, well I know if I was the dev guy, I certainly wouldn't answer them publicly because I don't know who else is reading this.
I probably wouldn't answer privately because I don't know if you are just curious or if you have a specific reason for wanting to know.

Yes: I am suspicious by nature.

[gabbia]

Quote:

Originally Posted by Cinisajoy

Ok, now I understand your questions.
As per getting an answer to them, well I know if I was the dev guy, I certainly wouldn't answer them publicly because I don't know who else is reading this.
I probably wouldn't answer privately because I don't know if you are just curious or if you have a specific reason for wanting to know.

Yes: I am suspicious by nature.

in reply to both you and knc1:
personally i donn't see the issue with sharing details with amazon.
1- you guys waited like 40 days (15 wouldve been fine by me for a billion dollar company but whatever i didnt make the exploit) so that you could report the exploit. ususally exploits are reported with a technical description and if they're good reports even a working program and also a suggestion on how to fix it.
so im not too sure the developer would be against exposing technical aid

2- the amazon dev team does not need any explanation on the exploit i imagine they have their best security engineers looking at the code and reversing it if necessary (binary is not really the case though..). pretty sure they stopped looking at this exploit and thread a long time ago

3- ive no issue with the dev team. an exploit is an exploit and making exploits does not mean trying to undermine the future of a product (the opposiite to me, actually). sometimes it does some other times it doesn't. since the code is not obfuscated and you guys did report it, in this case it doesn't.
having said that, those who want to jailbreak the device are not going to want amazon to fix the exploit.
my primary interest is in exploitation, not modding (though i do want to install some modded apps aftwerwards, i guess i might make like an rss or reddit app or something) and i believe it should be amazon's discretion to allow users to install 3rd party apps. clearly vulnerabilities are not the right way to enrich a platform..
you could say im mostly interested in a small hacking project, which i might follow up with a modding project to easy my life on the kindle (i want to underline and scribble pdfs, browse rss and reddit and maybe play some lichess. seems pretty doable to me since the calc app is pure python+pygtk)

3.5- im not too sure the amazon dev team is too focused on the security of their platform seeing as injections and shell scripting is pretty simple. of course so far nobody's proven there is a working remote exploit (=no obvious user interaction like ";fc-cache") so that doesn't really undermine the security of the platform under real circumstances i guess, so amazon shouldn't take too much of an interest...anyway if they were so interested in all this i imagine these exploits would be on a whole another level (not saying the exploit is bad it's clearly good, it's just not dirtycow type of stuff)

[Cinisajoy]

Quote:

Originally Posted by gabbia

in reply to both you and knc1:
personally i donn't see the issue with sharing details with amazon.
1- you guys waited like 40 days (15 wouldve been fine by me for a billion dollar company but whatever i didnt make the exploit) so that you could report the exploit. ususally exploits are reported with a technical description and if they're good reports even a working program and also a suggestion on how to fix it.
so im not too sure the developer would be against exposing technical aid

2- the amazon dev team does not need any explanation on the exploit i imagine they have their best security engineers looking at the code and reversing it if necessary (binary is not really the case though..). pretty sure they stopped looking at this exploit and thread a long time ago

3- ive no issue with the dev team. an exploit is an exploit and making exploits does not mean trying to undermine the future of a product (the opposiite to me, actually). sometimes it does some other times it doesn't. since the code is not obfuscated and you guys did report it, in this case it doesn't.
having said that, those who want to jailbreak the device are not going to want amazon to fix the exploit.
my primary interest is in exploitation, not modding (though i do want to install some modded apps aftwerwards, i guess i might make like an rss or reddit app or something) and i believe it should be amazon's discretion to allow users to install 3rd party apps. clearly vulnerabilities are not the right way to enrich a platform..
you could say im mostly interested in a small hacking project, which i might follow up with a modding project to easy my life on the kindle (i want to underline and scribble pdfs, browse rss and reddit and maybe play some lichess. seems pretty doable to me since the calc app is pure python+pygtk)

3.5- im not too sure the amazon dev team is too focused on the security of their platform seeing as injections and shell scripting is pretty simple. of course so far nobody's proven there is a working remote exploit (=no obvious user interaction like ";fc-cache") so that doesn't really undermine the security of the platform under real circumstances i guess, so amazon shouldn't take too much of an interest...anyway if they were so interested in all this i imagine these exploits would be on a whole another level (not saying the exploit is bad it's clearly good, it's just not dirtycow type of stuff)

I didn't see where either me or knc1 mentioned the A word.

I wasn't even thinking of them actually.
I was thinking of others who might want to exploit BD's exploits for their own financial gains.

Oh and since you mentioned the A-team at least 5 times in your post and what they probably are or are not doing, that raised a flag even higher.

My opinion on that is which is less time consuming, reading certain forum posts or trying to figure it out myself?
Cat and mouse.

Oh and just for fun, my time line for an unbreakable firmware was only off by a month.

[knc1]

Quote:

Originally Posted by gabbia

- - - -
of course so far nobody's proven there is a working remote exploit (=no obvious user interaction like ";fc-cache") so that doesn't really undermine the security of the platform under real circumstances i guess, so amazon shouldn't take too much of an interest...
- - - -

Not so, read about: CVE-2012-4248
http://cve.mitre.org/cgi-bin/cvename...=CVE-2012-4248
http://www.kb.cert.org/vuls/id/122656

For a very short time, there was a kindle jailbreak public web site for 5.1.0

[gabbia]

Quote:

Originally Posted by knc1

Not so, read about: CVE-2012-4248
http://cve.mitre.org/cgi-bin/cvename...=CVE-2012-4248
http://www.kb.cert.org/vuls/id/122656

For a very short time, there was a kindle jailbreak public web site for 5.1.0

interesting thanks. this is the kind of information im looking for

[gabbia]

Quote:

Originally Posted by Cinisajoy

I didn't see where either me or knc1 mentioned the A word.

I wasn't even thinking of them actually.
I was thinking of others who might want to exploit BD's exploits for their own financial gains.

Oh and since you mentioned the A-team at least 5 times in your post and what they probably are or are not doing, that raised a flag even higher.

My opinion on that is which is less time consuming, reading certain forum posts or trying to figure it out myself?
Cat and mouse.

Oh and just for fun, my time line for an unbreakable firmware was only off by a month.

...i mean...wtf?
so lab126 whatever was mentioned like a couple of posts above and google says theyre an amazon dev team so....plus your post implies you're on the lookout for amazon dudes which makes no sense...
honestly you're being way too skeptical about this whole issue.
i mean i dont even understand what there is to worry about, i clearly stated all points in favor of dev talk in my previous post. also security through obscurity is something i don't favor.

anyway it's obvious by far that anyone who wants to exploit an exploit can do so.it's literally the job of an exploit. it's right there, literally a click away. so, again, ive no clue as to what you're referring to. i clearly stated there is no reason to worry about amazon reading these messages since you guys brought it up (at least that was my impression) and you're all like "thats suspicious" but have provided no counter argumentation to the sharing of dev talk. so....?


anyway im a dude that likes to hack and learn from hacks. thats it.
of course i can waste countless hours on this exploit and read up every single word in more than 200 posts of mainly user-centric information, but since im new to kindle and i really to play with exploits i figured i'd just ask for some pointers since that's what people do...honestly i don't see the problem but i guess that's up to the main developer at this point. i didnt figure i was going to find a dev-hostile ecosystem...

EDIT: also 'the A word' just speaks "skepticism". im not sure why theres this whole hostility to amazon, i mean they surely don't love helping out 3rd party developers but still they can't be expected to leave vulnerabilities in their systems. but saying "A word" just makes the whole problem worse!

[Cinisajoy]

Quote:

Originally Posted by gabbia

...i mean...wtf?
so lab126 whatever was mentioned like a couple of posts above and google says theyre an amazon dev team so....plus your post implies you're on the lookout for amazon dudes which makes no sense...
honestly you're being way too skeptical about this whole issue.
i mean i dont even understand what there is to worry about, i clearly stated all points in favor of dev talk in my previous post. also security through obscurity is something i don't favor.

anyway it's obvious by far that anyone who wants to exploit an exploit can do so.it's literally the job of an exploit. it's right there, literally a click away. so, again, ive no clue as to what you're referring to. i clearly stated there is no reason to worry about amazon reading these messages since you guys brought it up (at least that was my impression) and you're all like "thats suspicious" but have provided no counter argumentation to the sharing of dev talk. so....?


anyway im a dude that likes to hack and learn from hacks. thats it.
of course i can waste countless hours on this exploit and read up every single word in more than 200 posts of mainly user-centric information, but since im new to kindle and i really to play with exploits i figured i'd just ask for some pointers since that's what people do...honestly i don't see the problem but i guess that's up to the main developer at this point. i didnt figure i was going to find a dev-hostile ecosystem...

EDIT: also 'the A word' just speaks "skepticism". im not sure why theres this whole hostility to amazon, i mean they surely don't love helping out 3rd party developers but still they can't be expected to leave vulnerabilities in their systems. but saying "A word" just makes the whole problem worse!

First off I owe you an apology. I thought you were a girl.
I wasn't being hostile towards Amazon. More amused than anything that you felt the need to tell us exactly what they probably were not doing.

In my experiences, if someone repeats over and over what they are not doing, then they are usually doing exactly what they say they aren't doing and want you to look the other way.

Of course once I reread your post, I realized you couldn't possibly know what they are really doing and were just guessing.

It is no secret the big companies read the forums but they are quiet about it so as not to get harassed by customers wanting special privileges.

I said the A word because I didn't want to get caught in their boolean search. I think I spelled that word right. It would have been a waste of someone's time.

Sorry for the misunderstanding.

It isn't just the A store I don't mention. I also try not to mention W or other assorted places unless I want them to know what I said.

[knc1]

You have arrived here several years too late.
There is no longer an active 'dev team' here.
All gone or dying or dead or just not interested.

There is myself, who has never developed anything and only answers (easy) questions.

There are individuals here who have developed something for their own use and published that for others to use.
Most of those people are still around, to maintain the thing(s) they have posted.
But there is no 'dev team' to be found here any longer.

There are web-sites that specialize in the things you say you are interested in, you should join up with those sites, not this one.
There are people who do penetration testing for a living and you will find some of those people at those same web-sites.

It is just that this site is not one of those.
(Branch Delay, one such professional, was just a passing visitor.)

[gabbia]

Quote:

Originally Posted by Cinisajoy

It isn't just the A store I don't mention. I also try not to mention W or other assorted places unless I want them to know what I said.

Alright i guess i can see where you're coming from.
Just a curiosity, what does W stand for?

[gabbia]

Quote:

Originally Posted by knc1

You have arrived here several years too late.
There is no longer an active 'dev team' here.
All gone or dying or dead or just not interested.

There is myself, who has never developed anything and only answers (easy) questions.

There are individuals here who have developed something for their own use and published that for others to use.
Most of those people are still around, to maintain the thing(s) they have posted.
But there is no 'dev team' to be found here any longer.

There are web-sites that specialize in the things you say you are interested in, you should join up with those sites, not this one.
There are people who do penetration testing for a living and you will find some of those people at those same web-sites.

It is just that this site is not one of those.
(Branch Delay, one such professional, was just a passing visitor.)

aaah i see. i was under the impression the people responsible for hacking were to be found on this forum since that's where the exploits are and also all the plugins and stuff. exploit teams do have a tendency to reside in so many different places it's hard to find a one famous spot where everybody talks..

i guess im completely out of context then, sorry about that!
if anybody happens to know where kindle devs/hackers go chat or wants to start a conversation please hit me up!

(as a side note: it's quite sad to hear there is no longer an active development on these devices. the kindle is kinda like the ios but for the ereader world, so a sort of cydia thinghie with repos and updates would've been really cool.
not for diehard apps mind you but simpleish things that make sens on an ereader...so im kinda disappointed. nevertheless, i plan ill be making my own app just to get truly my money's worth of fun)

[HarryT]

Quote:

Originally Posted by knc1

You have arrived here several years too late.
There is no longer an active 'dev team' here.
All gone or dying or dead or just not interested.

Who's dead, as a matter of interest?

[Cinisajoy]

Quote:

Originally Posted by gabbia

Alright i guess i can see where you're coming from.
Just a curiosity, what does W stand for?

The big box store that sells everything.