Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > E-Book Readers > Amazon Kindle > Kindle Developer's Corner

Notices

Reply
 
Thread Tools Search this Thread
Old 04-26-2014, 11:48 AM   #1
alberiv
Junior Member
alberiv began at the beginning.
 
Posts: 8
Karma: 10
Join Date: Apr 2014
Device: Kindle PW2
Fake Registration

Hi,
I have a pw2 with fw 5.4.2.1. I applied the following mods:
1) Jailbreak
2) Usbnet
3) prevent automatic updates by placing update.bin.tmp.partial folder on user partition
4) Fake registration /var/local/java/prefs/reginfo
5) Block Amazon's ip for fake registration

modify /etc/sysconfig/iptables

iptables -I OUTPUT -m iprange --dst-range 23.0.0.0-23.15.255.255 -j DROP
iptables -I OUTPUT -m iprange --dst-range 50.16.0.0-56.19.255.255 -j DROP
iptables -I OUTPUT -m iprange --dst-range 72.21.192.0-72.21.223.255 -j DROP
iptables -I OUTPUT -m iprange --dst-range 107.20.0.0-107.23.255.255 -j DROP
iptables -I OUTPUT -m iprange --dst-range 184.72.0-184.75.255.255 -j DROP
iptables -I OUTPUT -m iprange --dst-range 204.246.160.0-204.246.191.255 -j DROP
iptables -I OUTPUT -m iprange --dst-range 205.251.192.0-205.251.255.255 -j DROP
iptables -I OUTPUT -m iprange --dst-range 207.171.160.0-207.171.191.255 -j DROP

6) Change store button to call browser instead:
modifiy /usr/share/webkit-1.0/pillow/javascripts/search_bar.js
7) Enable native drawing app:
add /usr/bin/draw.sh
modify /usr/share/webkit-1.0/pillow/debug_cmds.json

My question is: Does mod #5 also prevent automatic updates and Big Brother, doesn't it ?? so I can remove mod #3...
I got the instructions from the fake registration thread which is for fw 5.2.0 but it's working.
I don't want to install KUAL for the moment I only want these few mods
Thanks

Last edited by alberiv; 04-26-2014 at 11:58 AM.
alberiv is offline   Reply With Quote
Old 04-26-2014, 12:10 PM   #2
knc1
Going Viral
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
Quote:
Originally Posted by alberiv View Post
Hi,
I have a pw2 with fw 5.4.2.1. I applied the following mods:
1) Jailbreak
2) Usbnet
3) prevent automatic updates by placing update.bin.tmp.partial folder on user partition
4) Fake registration /var/local/java/prefs/reginfo
5) Block Amazon's ip for fake registration

modify /etc/sysconfig/iptables

iptables -I OUTPUT -m iprange --dst-range 23.0.0.0-23.15.255.255 -j DROP
iptables -I OUTPUT -m iprange --dst-range 50.16.0.0-56.19.255.255 -j DROP
iptables -I OUTPUT -m iprange --dst-range 72.21.192.0-72.21.223.255 -j DROP
iptables -I OUTPUT -m iprange --dst-range 107.20.0.0-107.23.255.255 -j DROP
iptables -I OUTPUT -m iprange --dst-range 184.72.0-184.75.255.255 -j DROP
iptables -I OUTPUT -m iprange --dst-range 204.246.160.0-204.246.191.255 -j DROP
iptables -I OUTPUT -m iprange --dst-range 205.251.192.0-205.251.255.255 -j DROP
iptables -I OUTPUT -m iprange --dst-range 207.171.160.0-207.171.191.255 -j DROP

6) Change store button to call browser instead:
modifiy /usr/share/webkit-1.0/pillow/javascripts/search_bar.js
7) Enable native drawing app:
add /usr/bin/draw.sh
modify /usr/share/webkit-1.0/pillow/debug_cmds.json

My question is: Does mod #5 also prevent automatic updates and Big Brother, doesn't it ?? so I can remove mod #3...
I got the instructions from the fake registration thread which is for fw 5.2.0 but it's working.
I don't want to install KUAL for the moment I only want these few mods
Thanks
There is no guarantee that #5 is all-inclusive, so leave #3 in place.
knc1 is offline   Reply With Quote
Advert
Old 04-26-2014, 12:35 PM   #3
alberiv
Junior Member
alberiv began at the beginning.
 
Posts: 8
Karma: 10
Join Date: Apr 2014
Device: Kindle PW2
thank you very much knc1, I'm glad I asked before doing something wrong.
And what about BB ? Am I safe with those rules ?

Last edited by alberiv; 04-26-2014 at 12:38 PM. Reason: grammar error
alberiv is offline   Reply With Quote
Old 04-26-2014, 02:10 PM   #4
knc1
Going Viral
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
Quote:
Originally Posted by alberiv View Post
thank you very much knc1, I'm glad I asked before doing something wrong.
And what about BB ? Am I safe with those rules ?
I do not have a PW2 (or any device of very recent firmware), so I can not say if the list is complete.

If that list comes from the KUAL Firewall/BBB filter script - that is the most recent listing that I have.
knc1 is offline   Reply With Quote
Old 04-26-2014, 02:54 PM   #5
alberiv
Junior Member
alberiv began at the beginning.
 
Posts: 8
Karma: 10
Join Date: Apr 2014
Device: Kindle PW2
ok thanks so it's only a matter of blocking the right address ranges
alberiv is offline   Reply With Quote
Advert
Old 04-26-2014, 08:02 PM   #6
alberiv
Junior Member
alberiv began at the beginning.
 
Posts: 8
Karma: 10
Join Date: Apr 2014
Device: Kindle PW2
for the sake of knowledge I updated the ip list, removed the update.bin.tmp.partial folder, reset iptables counters and rebooted, because I want to get rid of version 5.4.2.1 anyway.

After keeping wireless on for 30 mins I got this:
PHP Code:
Chain OUTPUT (policy ACCEPT 543 packets70565 bytes)
    
pkts      bytes target     prot opt in     out     source               destination
    2044   622973 ACCEPT     all  
--  *      lo      0.0.0.0/0            127.0.0.1
       0        0 DROP       all  
--  *      *       0.0.0.0/0            23.0.0.0/12
     375    61500 DROP       all  
--  *      *       0.0.0.0/0            23.20.0.0/14
       0        0 DROP       all  
--  *      *       0.0.0.0/0            50.16.0.0/14
       0        0 DROP       all  
--  *      *       0.0.0.0/0            54.240.0.0/12
       0        0 DROP       all  
--  *      *       0.0.0.0/0            54.240.128.0/18
       0        0 DROP       all  
--  *      *       0.0.0.0/0            64.208.0.0/16
       0        0 DROP       all  
--  *      *       0.0.0.0/0            64.209.0.0/17
      26     1624 DROP       all  
--  *      *       0.0.0.0/0            72.21.192.0/19
       0        0 DROP       all  
--  *      *       0.0.0.0/0            107.20.0.0/14
      18     1080 DROP       all  
--  *      *       0.0.0.0/0            176.32.96.0/21
       0        0 DROP       all  
--  *      *       0.0.0.0/0            178.236.0.0/21
       0        0 DROP       all  
--  *      *       0.0.0.0/0            184.72.0.0/15
       0        0 DROP       all  
--  *      *       0.0.0.0/0            204.246.160.0/19
       4      304 DROP       all  
--  *      *       0.0.0.0/0            205.251.192.0/18
       0        0 DROP       all  
--  *      *       0.0.0.0/0            207.171.160.0/19 
Packets to 23.20.0.0/14 keep raising the others are stuck.
There are no update files in user partition, registration is ok.
I'm located in Italy.
Let's see what happens in the next few days.

Last edited by alberiv; 04-26-2014 at 09:31 PM.
alberiv is offline   Reply With Quote
Old 04-26-2014, 08:35 PM   #7
knc1
Going Viral
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
PHP Code:
NetRange:       23.20.0.0 23.23.255.255
CIDR
:           23.20.0.0/14
OriginAS
:       AS16509
NetName
:        AMAZON-EC2-USEAST-10
NetHandle
:      NET-23-20-0-0-1
Parent
:         NET-23-0-0-0-0
NetType
:        Direct Assignment
Comment
:        The activity you have detected originates from a dynamic hosting environment.
Comment:        For fastest responseplease submit abuse reports at http://aws-portal.amazon.com/gp/aws/html-forms-controller/contactus/AWSAbuse
Comment:        For more information regarding EC2 see:
Comment:        http://ec2.amazonaws.com/
- - - - -
OrgName:        Amazon.comInc.
OrgId:          AMAZO-4
Address
:        Amazon Web ServicesElastic Compute CloudEC2
Address
:        1200 12th Avenue South
City
:           Seattle
StateProv
:      WA
PostalCode
:     98144
Country
:        US
- - - - - 
knc1 is offline   Reply With Quote
Old 04-26-2014, 09:38 PM   #8
alberiv
Junior Member
alberiv began at the beginning.
 
Posts: 8
Karma: 10
Join Date: Apr 2014
Device: Kindle PW2
Quote:
Originally Posted by knc1 View Post
PHP Code:
NetRange:       23.20.0.0 23.23.255.255
CIDR
:           23.20.0.0/14
OriginAS
:       AS16509
NetName
:        AMAZON-EC2-USEAST-10
NetHandle
:      NET-23-20-0-0-1
Parent
:         NET-23-0-0-0-0
NetType
:        Direct Assignment
Comment
:        The activity you have detected originates from a dynamic hosting environment.
Comment:        For fastest responseplease submit abuse reports at http://aws-portal.amazon.com/gp/aws/html-forms-controller/contactus/AWSAbuse
Comment:        For more information regarding EC2 see:
Comment:        http://ec2.amazonaws.com/
- - - - -
OrgName:        Amazon.comInc.
OrgId:          AMAZO-4
Address
:        Amazon Web ServicesElastic Compute CloudEC2
Address
:        1200 12th Avenue South
City
:           Seattle
StateProv
:      WA
PostalCode
:     98144
Country
:        US
- - - - - 
yes of course I got the list from the BBB filter, I didn't log all the activity.
Maybe there are other addresses going through the firewall, but it seems the ones pw get updates from are among those blocked.
What I would like to know ultimately is if I can block registration, updates and bbb in one shot by simply adding some firewall rules.

Last edited by alberiv; 04-26-2014 at 10:14 PM.
alberiv is offline   Reply With Quote
Old 04-27-2014, 09:14 AM   #9
knc1
Going Viral
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
Quote:
Originally Posted by alberiv View Post

- - - -

What I would like to know ultimately is if I can block registration, updates and bbb in one shot by simply adding some firewall rules.
Short answer: In general, yes.

Longer answer:
The firmware for the Kindles is missing many of the iptable modules you would want to use.

For instance my using the "drop" target when the "reject" target would be much more appropriate (no time-out waits done by sender).
The "reject" target module is one that wasn't included with the Kindle builds.
Duh. . . . .
Thanks to Lab126, again.

I did build (nearly complete) sets of iptable modules for the common most Kindle kernels (at the time I built them).

There is a set of them attached to one of my threads somewhere here.

And more information about the process in a public repo.
(My Internet connection is semi-dead at the moment, I will add links once I can check them.)
knc1 is offline   Reply With Quote
Old 04-27-2014, 12:01 PM   #10
alberiv
Junior Member
alberiv began at the beginning.
 
Posts: 8
Karma: 10
Join Date: Apr 2014
Device: Kindle PW2
Quote:
Originally Posted by knc1 View Post
I did build (nearly complete) sets of iptable modules for the common most Kindle kernels (at the time I built them).
Very interesting, I tried to use the log feature of iptables to track all the addresses going out wlan0 but the module is missing. I'll use my router to do that...

Using only netstat I found out a strange thing: the phd and todo processes contacted a local (italian) third party server
212.52.97.15:53 phd
217.171.163.134:443 todo

I can't explain this

Last edited by alberiv; 04-27-2014 at 12:08 PM.
alberiv is offline   Reply With Quote
Old 04-27-2014, 12:33 PM   #11
knc1
Going Viral
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
Quote:
Originally Posted by alberiv View Post
Very interesting, I tried to use the log feature of iptables to track all the addresses going out wlan0 but the module is missing. I'll use my router to do that...

Using only netstat I found out a strange thing: the phd and todo processes contacted a local (italian) third party server
212.52.97.15:53 phd
217.171.163.134:443 todo

I can't explain this
Todo uses a secure connection?
Amazon must not trust us all that much.

whois -H ip
will give you the CIDR to block for your list.

The add-in modules are part of the Kual-System project.
https://bitbucket.org/twobob/kual-system/overview

The /extensions sub-tree is of the pre-built binaries (as they would appear on the Kindle in this plan).

The /tools sub-tree has supplemental files - .config files, scripts to set the environment variables for the cross-compiler that was used, etc.

There should be a thread or two around here on the "KUAL-System" project also.

**Nothing** done in the project for the PW2 kernel/firmware.

It is one of those (many) public projects that will continue when someone gets the time and interest to continue it.

twobob has approximately 0.00% hobby time now;
I have just barely enough to answer a few questions on this forum.
knc1 is offline   Reply With Quote
Old 04-27-2014, 02:58 PM   #12
alberiv
Junior Member
alberiv began at the beginning.
 
Posts: 8
Karma: 10
Join Date: Apr 2014
Device: Kindle PW2
before going through the 5.4.0 downgrade procedure I updated to 5.4.3.1 to give it a try...first impressions surely better than 5.4.2.1, I'll keep it for now.
Jailbreak survived.

After that I was able to log (and block) this bastard through my router:

after a reboot it keeps contacting the following 2 ip addresses (forever) which are third party unknown addresses (maybe amazon has some mirrors local servers housed at those providers)

PHP Code:
IN=br0 OUT=ppp0 SRC=192.168.1.106 DST=212.52.97.15 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=44201 DF PROTO=UDP SPT=36351 DPT=53 LEN=40
IN
=br0 OUT=ppp0 SRC=192.168.1.106 DST=193.70.152.15 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=44401 DF PROTO=UDP SPT=44898 DPT=53 LEN=40 
Without letting these packets through the firewall the wireless appears disconnected on the kindle (no wi-fi icon and signal bars empty)

I set the wireless off after that and kept the router drop rules, new firmware never had a chance to go out on the internet yet.

Last edited by alberiv; 04-27-2014 at 03:06 PM.
alberiv is offline   Reply With Quote
Old 04-27-2014, 04:39 PM   #13
knc1
Going Viral
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
Those are DNS requests.

Perhaps modify resolv.conf (or re-direct in router) those to your local DNS server.
knc1 is offline   Reply With Quote
Old 04-27-2014, 08:45 PM   #14
alberiv
Junior Member
alberiv began at the beginning.
 
Posts: 8
Karma: 10
Join Date: Apr 2014
Device: Kindle PW2
jesus christ I must be crazy those are my ISP's dns
I didn't realize because dhcp usually gives router's address as dns and relay queries..

Well, after letting through those 2 dns addresses things get even stranger:
I left the wireless on for 30 mins and rebooted a few times, the only traffic
generated was towards 1 of the 2 addresses and goes on and on.
Usually registration is checked on reboot
(sorry I forgot about firewall rules on kindle ) wifi icon displays correctly now...

so the BBB list is complete and I guess it should prevent registration, updates and BB

Sorry to keep this thread long you can delete some messages

Last edited by alberiv; 04-27-2014 at 09:15 PM.
alberiv is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump


All times are GMT -4. The time now is 10:32 PM.


MobileRead.com is a privately owned, operated and funded community.