02-14-2015, 10:37 AM | #1 |
Member
Posts: 12
Karma: 10
Join Date: Feb 2015
Device: Kindle Paperwhite 1st Gen
|
HELP unbrick Kindle Paperwhite 1 - NO USB
I was given an old Kindle paperwhite 1st gen with 3G, in which the screen was stuck to the boy reading under the tree.
Charged the battery for a very long period of time (24h) on the wall charger with the led on amber and tried powering it on with it connection to the pc running linux. With constant monitoring of the logs it was obvious that no storage device was found. I eventually dissasembled the device and soldered the pinouts for the usb and was able to get the boot message. with kernel checksum errors. Got into uboot->bist run fastboot on the kpw1 Got the system images from http://ixtab.tk/kindle-touch-images/...pw520_wlan+3g/ (Thanks by the way) and ran the fastboot commands from the pc. extracted the files then ran fastboot flash kernel main_kernel.img.gz after rebooting i was able to get the diag menu. Exporting USB storage now shows up the Kindle storage. I copy over the extracted pw_3g_5.2.0-mmcblk0p1.img.gz then drop to the login prompt. I Cannot get root access... Copied the serial number to the Amazon Kindle root password site https://www.sven.de/kindle/ (Also thanks for providing the service) but the resulting passwords do not work. So, I can't dd the mmcblk0p1.img without root access. Following the instruction here https://gist.github.com/TobiasWooldr...ca75190b9a473f which recomends modifying the mmcblk0p2.img diags partition and editing a upstart script for automatically dd the file does not and the fastboot flashing the file to the diags partition does not work. Would really appreciate some pointer.... Thanks. |
02-14-2015, 10:49 AM | #2 |
BLAM!
Posts: 13,496
Karma: 26047188
Join Date: Jun 2010
Location: Paris, France
Device: Kindle 2i, 3g, 4, 5w, PW, PW2, PW5; Kobo H2O, Forma, Elipsa, Sage, C2E
|
@amirseni: Did you actually flash the custom diags partition through fastboot (and not just only the kernel)?
IIRC, it should be RP-ified, meaning the password is mario. Check the manual debricking threads, but basically, the process is: Flash both kernels through fastboot, flash diags part through fastboot, dd main part through SSH in diags. (main part is too large to be flashable through fastboot). (Do double-check all this, that's OTOH, and theoretical, since I've never had to resort to this ). EDIT: Heh, my memory's not so bad after all: https://www.mobileread.com/forums/sho...d.php?t=180789 & https://www.mobileread.com/forums/sho...d.php?t=170929 . TL;DR: The gist you linked to is not completely correct, and sometimes contradicts itself (ie. it correctly tells you that you can't fastboot flash main, yet does so in its example; while it's missing the flash of the diags kernel). The tweak to the diags part to auto-dd the main part, while neat, is potentially more trouble that it's worth, since doing it manually is pretty straightforward, and you can even use netcat to avoid a copy to the userstore. The no-SSH in diags issue is moot because we're using RP-ified diags part images, which do bundle SSH. EDIT²: Except, the diags image you linked to *aren't* RP-ified, which explains pretty much everything ;p. So, yup, I'd recommend RP-ifying them manually from a Linux box w/ the RP install script from the latest snapshots. You won't even need to care about the root password at all this way. EDIT³: See attached script to rp-ify a diags part (be it vanilla or not, it's safe to run multiple times). Last edited by NiLuJe; 02-14-2015 at 11:31 AM. |
Advert | |
|
02-14-2015, 11:22 AM | #3 |
Member
Posts: 12
Karma: 10
Join Date: Feb 2015
Device: Kindle Paperwhite 1st Gen
|
Ok,
will double check and fastboot flash the main kernel and the diag kernel. I'm not familiar with the term RP-ified, what does it mean and do you have the link for the script. Thanks |
02-14-2015, 11:26 AM | #4 |
BLAM!
Posts: 13,496
Karma: 26047188
Join Date: Jun 2010
Location: Paris, France
Device: Kindle 2i, 3g, 4, 5w, PW, PW2, PW5; Kobo H2O, Forma, Elipsa, Sage, C2E
|
@amirseni: Don't worry about the terminology, that's just me pulling stuff out of my ass ^^, check my latest edits .
|
02-14-2015, 11:30 AM | #5 |
Member
Posts: 12
Karma: 10
Join Date: Feb 2015
Device: Kindle Paperwhite 1st Gen
|
Great,
took at look at the rp-ify.sh, so it basicaly replaces the /etc/shadow root has to mario and adds dropbear to the diag partition. Thanks, will give it a go tomorrow. |
Advert | |
|
02-14-2015, 11:33 AM | #6 |
BLAM!
Posts: 13,496
Karma: 26047188
Join Date: Jun 2010
Location: Paris, France
Device: Kindle 2i, 3g, 4, 5w, PW, PW2, PW5; Kobo H2O, Forma, Elipsa, Sage, C2E
|
@amirseni: Yup. The dropbear build being our usual diags-tailored custom one with all the bells & whistles (i.e., passwordless login).
|
02-14-2015, 11:33 AM | #7 |
Member
Posts: 12
Karma: 10
Join Date: Feb 2015
Device: Kindle Paperwhite 1st Gen
|
By the way,
Can someone post the compiled linux fastboot binary. I can't download from http://www.sudoforlunch.org/fastboot Keep on getting 404's |
02-14-2015, 11:36 AM | #8 |
BLAM!
Posts: 13,496
Karma: 26047188
Join Date: Jun 2010
Location: Paris, France
Device: Kindle 2i, 3g, 4, 5w, PW, PW2, PW5; Kobo H2O, Forma, Elipsa, Sage, C2E
|
@amirseni: Worst case scenario, you can pull it from the Kubrick ISO, although I'm fairly sure it's been posted standalone here multiple times. I just don't have the link on hand right now (might be linked somewhere in the Wiki index?).
EDIT: Or, better, from the Kubrick repo. EDIT²: And, in case that wasn't clear, because I'm unfamiliar with the link you mentioned: you need a *custom* fastboot build, not the Android mainline one. Last edited by NiLuJe; 02-14-2015 at 11:41 AM. |
02-14-2015, 11:50 AM | #9 |
Member
Posts: 12
Karma: 10
Join Date: Feb 2015
Device: Kindle Paperwhite 1st Gen
|
I was using a kindle fastboot compiled for windows.
Prefer to use under linux |
02-14-2015, 12:38 PM | #10 |
Member
Posts: 12
Karma: 10
Join Date: Feb 2015
Device: Kindle Paperwhite 1st Gen
|
I've compiled the fastboot from https://github.com/yifanlu/Fastboot-Kindle
and got it working ran the rp ify on the mmcblk0p2 mount and was successfull fastboot flashed the main kernel diags_kernel the diag partition rebooted into diag mode and went straight into login prompt and the root password blank or mario do no work. logged in with framework and password mario. It seems that /etc/shadow was not modified and cannot find dropbear anywhere on the filesystem. I think that the diags partition is not being written. It seems that fastboot flash diags mmcblk0p2 is over too fast. filesize is about 65MB and it is finished running after about 4-5seconds Last edited by amirseni; 02-14-2015 at 12:40 PM. |
02-14-2015, 12:58 PM | #11 |
BLAM!
Posts: 13,496
Karma: 26047188
Join Date: Jun 2010
Location: Paris, France
Device: Kindle 2i, 3g, 4, 5w, PW, PW2, PW5; Kobo H2O, Forma, Elipsa, Sage, C2E
|
@amirseni: Even though I'd agree on your conclusion, it shouldn't take much longer than a few seconds to flash the diags partition anyway (around ~3s + ~6s, apparently).
Keep in mind that the passwordless thing is only over SSH, not serial . That's the bounds of my theoretical knowledge though. I'll just add that fastboot lying and not doing what it was supposed to sounds vaguely familiar, so someone might have an inkling of what's happening. Also, and this might sound like a stupid question, but I assume you've unmounted the image after running the rp script? Last edited by NiLuJe; 02-14-2015 at 01:01 PM. |
02-14-2015, 02:49 PM | #12 |
Member
Posts: 12
Karma: 10
Join Date: Feb 2015
Device: Kindle Paperwhite 1st Gen
|
Yes, unmounted the image beforehand.
Is there someway to check the flash integrity. |
02-15-2015, 12:30 AM | #13 |
Member
Posts: 12
Karma: 10
Join Date: Feb 2015
Device: Kindle Paperwhite 1st Gen
|
Making progress,
I generated a wordlist with the prefix fiona@@@@ and got the root password with john. Now i can login to root, but the Kindle FAT drive is volatile. I can write the data, but as soon as I reboot the data is gone. Any ideas? |
02-15-2015, 12:41 AM | #14 |
Ex-Helpdesk Junkie
Posts: 19,421
Karma: 85397180
Join Date: Nov 2012
Location: The Beaten Path, USA, Roundworld, This Side of Infinity
Device: Kindle Touch fw5.3.7 (Wifi only)
|
Sounds like the flash chip may be toast. Something like this could've done it... https://www.mobileread.com/forums/sho...8&postcount=24
Did you ever actually successfully write anything to the flash memory? |
02-15-2015, 01:01 AM | #15 |
Member
Posts: 12
Karma: 10
Join Date: Feb 2015
Device: Kindle Paperwhite 1st Gen
|
I did manage to flash the main kernel and diag kernel.
on the vfat(kindle) it was always volatile. Probably thats why fastboot flies when flashing mmcblk0p1. How does one backup the serial numbers, etc. Thinking of trying eraseall |
Tags |
unbrick paperwhite |
Thread Tools | Search this Thread |
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Using phone usb cable with kindle paperwhite 2 | sunilp | Amazon Kindle | 3 | 07-29-2014 01:14 AM |
newb bricked his kindle paperwhite - usb unresponsive | kindlecrasher | Kindle Developer's Corner | 18 | 06-22-2014 11:15 PM |
Kindle Paperwhite 2 can't enter USB Drive mode until reboot | Outrager | Amazon Kindle | 40 | 12-18-2013 11:00 PM |
Kindle Paperwhite - Load Via USB or Via Email | Turt99 | Amazon Kindle | 6 | 05-31-2013 05:40 PM |
Help me : Unbrick Kindle paperwhite | fantomk | Kindle Developer's Corner | 1 | 03-30-2013 09:34 AM |