04-22-2017, 10:55 AM | #1216 | |
Just a Yellow Smiley.
Posts: 19,161
Karma: 83862859
Join Date: Jul 2015
Location: Texas
Device: K4, K5, fire, kobo, galaxy
|
Quote:
Oh and I can't answer your questions because I am not sure of the answers myself. |
|
04-22-2017, 12:18 PM | #1217 | ||
Member
Posts: 13
Karma: 10
Join Date: Apr 2017
Device: PW3
|
Quote:
i understand what was said i just don't fully understand the nature of the exploit. - how do some parts of code get executed. is shell access actually this easy on a kindle? - how does that memory exploit work? it's not really apparent to the untrained js eye, and also there are no comments in the code. im trying to gather some info about the previous kindle jailbreaks because i want to have a go at it myself this summer you see... Quote:
im looking for some comunication with the other jailbreak devs on these issues...because just the technical information (as opposed to the actual binary exploits) is so hard to find EDIT: im also available on the forum's irc #kindle-dev if someone wants to have a more technical chat Last edited by gabbia; 04-22-2017 at 12:21 PM. |
||
Advert | |
|
04-22-2017, 01:01 PM | #1218 |
Going Viral
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
|
You really should be communicating with Branch Delay.
And best that you use the site's PM system. These text posts and IRC are read by Lab126. |
04-22-2017, 01:07 PM | #1219 | |
Just a Yellow Smiley.
Posts: 19,161
Karma: 83862859
Join Date: Jul 2015
Location: Texas
Device: K4, K5, fire, kobo, galaxy
|
Quote:
As per getting an answer to them, well I know if I was the dev guy, I certainly wouldn't answer them publicly because I don't know who else is reading this. I probably wouldn't answer privately because I don't know if you are just curious or if you have a specific reason for wanting to know. Yes: I am suspicious by nature. |
|
04-22-2017, 01:47 PM | #1220 | |
Member
Posts: 13
Karma: 10
Join Date: Apr 2017
Device: PW3
|
Quote:
personally i donn't see the issue with sharing details with amazon. 1- you guys waited like 40 days (15 wouldve been fine by me for a billion dollar company but whatever i didnt make the exploit) so that you could report the exploit. ususally exploits are reported with a technical description and if they're good reports even a working program and also a suggestion on how to fix it. so im not too sure the developer would be against exposing technical aid 2- the amazon dev team does not need any explanation on the exploit i imagine they have their best security engineers looking at the code and reversing it if necessary (binary is not really the case though..). pretty sure they stopped looking at this exploit and thread a long time ago 3- ive no issue with the dev team. an exploit is an exploit and making exploits does not mean trying to undermine the future of a product (the opposiite to me, actually). sometimes it does some other times it doesn't. since the code is not obfuscated and you guys did report it, in this case it doesn't. having said that, those who want to jailbreak the device are not going to want amazon to fix the exploit. my primary interest is in exploitation, not modding (though i do want to install some modded apps aftwerwards, i guess i might make like an rss or reddit app or something) and i believe it should be amazon's discretion to allow users to install 3rd party apps. clearly vulnerabilities are not the right way to enrich a platform.. you could say im mostly interested in a small hacking project, which i might follow up with a modding project to easy my life on the kindle (i want to underline and scribble pdfs, browse rss and reddit and maybe play some lichess. seems pretty doable to me since the calc app is pure python+pygtk) 3.5- im not too sure the amazon dev team is too focused on the security of their platform seeing as injections and shell scripting is pretty simple. of course so far nobody's proven there is a working remote exploit (=no obvious user interaction like ";fc-cache") so that doesn't really undermine the security of the platform under real circumstances i guess, so amazon shouldn't take too much of an interest...anyway if they were so interested in all this i imagine these exploits would be on a whole another level (not saying the exploit is bad it's clearly good, it's just not dirtycow type of stuff) |
|
Advert | |
|
04-22-2017, 02:33 PM | #1221 | |
Just a Yellow Smiley.
Posts: 19,161
Karma: 83862859
Join Date: Jul 2015
Location: Texas
Device: K4, K5, fire, kobo, galaxy
|
Quote:
I wasn't even thinking of them actually. I was thinking of others who might want to exploit BD's exploits for their own financial gains. Oh and since you mentioned the A-team at least 5 times in your post and what they probably are or are not doing, that raised a flag even higher. My opinion on that is which is less time consuming, reading certain forum posts or trying to figure it out myself? Cat and mouse. Oh and just for fun, my time line for an unbreakable firmware was only off by a month. |
|
04-22-2017, 03:46 PM | #1222 | |
Going Viral
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
|
Quote:
http://cve.mitre.org/cgi-bin/cvename...=CVE-2012-4248 http://www.kb.cert.org/vuls/id/122656 For a very short time, there was a kindle jailbreak public web site for 5.1.0 Last edited by knc1; 04-22-2017 at 03:49 PM. |
|
04-22-2017, 04:07 PM | #1223 | |
Member
Posts: 13
Karma: 10
Join Date: Apr 2017
Device: PW3
|
Quote:
|
|
04-22-2017, 04:18 PM | #1224 | |
Member
Posts: 13
Karma: 10
Join Date: Apr 2017
Device: PW3
|
Quote:
so lab126 whatever was mentioned like a couple of posts above and google says theyre an amazon dev team so....plus your post implies you're on the lookout for amazon dudes which makes no sense... honestly you're being way too skeptical about this whole issue. i mean i dont even understand what there is to worry about, i clearly stated all points in favor of dev talk in my previous post. also security through obscurity is something i don't favor. anyway it's obvious by far that anyone who wants to exploit an exploit can do so.it's literally the job of an exploit. it's right there, literally a click away. so, again, ive no clue as to what you're referring to. i clearly stated there is no reason to worry about amazon reading these messages since you guys brought it up (at least that was my impression) and you're all like "thats suspicious" but have provided no counter argumentation to the sharing of dev talk. so....? anyway im a dude that likes to hack and learn from hacks. thats it. of course i can waste countless hours on this exploit and read up every single word in more than 200 posts of mainly user-centric information, but since im new to kindle and i really to play with exploits i figured i'd just ask for some pointers since that's what people do...honestly i don't see the problem but i guess that's up to the main developer at this point. i didnt figure i was going to find a dev-hostile ecosystem... EDIT: also 'the A word' just speaks "skepticism". im not sure why theres this whole hostility to amazon, i mean they surely don't love helping out 3rd party developers but still they can't be expected to leave vulnerabilities in their systems. but saying "A word" just makes the whole problem worse! Last edited by gabbia; 04-22-2017 at 04:21 PM. |
|
04-22-2017, 04:48 PM | #1225 | |
Just a Yellow Smiley.
Posts: 19,161
Karma: 83862859
Join Date: Jul 2015
Location: Texas
Device: K4, K5, fire, kobo, galaxy
|
Quote:
I wasn't being hostile towards Amazon. More amused than anything that you felt the need to tell us exactly what they probably were not doing. In my experiences, if someone repeats over and over what they are not doing, then they are usually doing exactly what they say they aren't doing and want you to look the other way. Of course once I reread your post, I realized you couldn't possibly know what they are really doing and were just guessing. It is no secret the big companies read the forums but they are quiet about it so as not to get harassed by customers wanting special privileges. I said the A word because I didn't want to get caught in their boolean search. I think I spelled that word right. It would have been a waste of someone's time. Sorry for the misunderstanding. It isn't just the A store I don't mention. I also try not to mention W or other assorted places unless I want them to know what I said. Last edited by Cinisajoy; 04-22-2017 at 04:54 PM. |
|
04-22-2017, 04:54 PM | #1226 |
Going Viral
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
|
You have arrived here several years too late.
There is no longer an active 'dev team' here. All gone or dying or dead or just not interested. There is myself, who has never developed anything and only answers (easy) questions. There are individuals here who have developed something for their own use and published that for others to use. Most of those people are still around, to maintain the thing(s) they have posted. But there is no 'dev team' to be found here any longer. There are web-sites that specialize in the things you say you are interested in, you should join up with those sites, not this one. There are people who do penetration testing for a living and you will find some of those people at those same web-sites. It is just that this site is not one of those. (Branch Delay, one such professional, was just a passing visitor.) |
04-22-2017, 05:17 PM | #1227 |
Member
Posts: 13
Karma: 10
Join Date: Apr 2017
Device: PW3
|
|
04-22-2017, 05:24 PM | #1228 | |
Member
Posts: 13
Karma: 10
Join Date: Apr 2017
Device: PW3
|
Quote:
i guess im completely out of context then, sorry about that! if anybody happens to know where kindle devs/hackers go chat or wants to start a conversation please hit me up! (as a side note: it's quite sad to hear there is no longer an active development on these devices. the kindle is kinda like the ios but for the ereader world, so a sort of cydia thinghie with repos and updates would've been really cool. not for diehard apps mind you but simpleish things that make sens on an ereader...so im kinda disappointed. nevertheless, i plan ill be making my own app just to get truly my money's worth of fun) |
|
04-22-2017, 05:27 PM | #1229 |
eBook Enthusiast
Posts: 85,544
Karma: 93383043
Join Date: Nov 2006
Location: UK
Device: Kindle Oasis 2, iPad Pro 10.5", iPhone 6
|
|
04-22-2017, 05:50 PM | #1230 |
Just a Yellow Smiley.
Posts: 19,161
Karma: 83862859
Join Date: Jul 2015
Location: Texas
Device: K4, K5, fire, kobo, galaxy
|
|
Tags |
jailbreak, jailbreaking |
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
KINDLE DEAL: Released: A Story of God’s Power Released in Pro Baseball ($ | gospelebooks | Deals and Resources (No Self-Promotion or Affiliate Links) | 0 | 07-14-2011 09:12 PM |
iPad iPad jailbreak released | scottjl | Apple Devices | 25 | 05-08-2010 02:20 PM |