Tools Serial Jailbreaking your fw >= 5.6.x Kindle for Dummies

[rudi.jdi]

Thank you guys! I just have to thank all of you who helped me with the jailbreak!
knc1, my error was the driver. I allowed the installation through Windows Update and it happened correctly.
It was also not possible to access the Diags menu through cmd. Perform the procedure of the anhyeuviolet friend.
knc1 and anhyeuviolet, thank you very much!

[deoboy]

Thanks for so easy guide... Able to jailbreak fw 5.11.2...

Just an additional piece of information.. In absence of Jim's board people who are having any aurdino/atmega board with serial communication can be used by dropping voltage to 1.8v using mosfet/resistance/voltage controllers... It worked fine for me..

[nemiere]

I have successfully jailbroken a new (refurbished) KV shipped with fw 5.10.2.

Some particular notes:

• I've used this adapter, with jumper placed at 1.8V. I've only needed 3 cables: TX, RX and GND.
• I've managed to use the no-solder-but-pins solution:
  
  
  I've used a rigid rubber earphones case to hold pins in place.
• I've found special difficulty in closing the KV. This noismaster post has the key points to properly achieve KV closing.

Thanks to every poster in this thread, and in the KV serial jb thread.

[lrpirlet]

Ok, this is the compilation of my notes while JailBreaking my PW3... This is my experience... I know it could be better written... but I am only an old engineer talking french... However I had to search for some answer and I hope sharing the experience may help someone...

enjoy or reject, but be grateful for all the developpers...

Introduction

The software was updated from an Early 5.6.1 to 5.12.4 without ANY asking or even warning from Amazon…
Ok, this forced me to restore the content and to assign each and every of the 3600+ documents to one of the 15 collections.
So, I decided that I was to manage MY Kindle Paperwhite 3.
I want to break that device open so that
• I manage its software when and if I want… This is MY device.
• I chose the screen picture displayed (I hate those pencils and those changing pictures)
• I am able to find a way to sync the PW3 with my calibre DB without using ANY connection with Amazon (why should I share anything with Amazon?)
I have based my work on the instructions published by grant2 in https://www.mobileread.com/forums/sh...d.php?t=267541

Part 1: Get what is needed!

1. USB -> Serial converter board.
Jim’s Board (because it’s cheap & does the job) is NOT AVAILABLE in Belgium… neither those recommended elsewhere, available in France via Amazon, can’t be shipped to Belgium… [SIZE="1"]Thanks Amazon, I do appreciate… do you realize that Belgium is in Europe, next to France and that you, AMAZON, have NO Belgian URL!... (Yes, I know, use the site in France… “unintended” vicious circle I guess) … OK, ok, I stop rambling about customer care…

SO, I used some cheap Chinese item. The plan is to combine those to get a serial to TTL at 1.8v.
High Quality FT232RL FT232 FTDI USB 3.3V 5.5V to TTL Serial Adapter Module Mini Port
Mini DC-DC 12-24V To 5V 3A Step Down Power Supply Module Voltage Buck Converter Adjustable 97.5% 1.8V 2.5V 3.3V 5V 9V 12V
The USB to TTL serial adapter is powered by the USB. The USB to Serial then powers the step-down Power Supply. Believe it or not, to build a tension divisor using resistances would end up a lot more expensive than this voltage Buck Converter… (Except for the time needed to receive the order, of course). To order electronic parts in Belgium means to buy a minimum of 20€ plus shipping, and my scrap box is poor...

Now, the FT232RL specifications says about the adapter pin located between the 3.3v pin and the 5v pin: “In USB bus powered designs connect this pin to 3V3OUT pin to drive out at +3.3V levels, or connect to VCC to drive out at 5V CMOS level. This pin can also be supplied with an external +1.8V to +2.8V supply in order to drive outputs at lower levels. It should be noted that in this case this supply should originate from the same source as the supply to VCC. This means that in bus powered designs a regulator which is supplied by the +5V on the USB bus should be used.”

That said, this combo did NOT work as I expected… If the step-down power supply does keep the voltage when loaded, it does not when just wired to the pin (it drifts to 2.2 v when connected) … So, I thought of using a Zener diode and a resistance to get the 1.8v requested… except that I had NO 1.8 Zener anymore…

So, I used, between ground and plus 5 volts, an old red led and a couple of 1000 Ohm resistance in parallel. I got about 1.785 Volt between the resistance and the led, stable enough for my purpose. Lucky me...
(I could also have used the reference from the kindle… Funny how the mind gets fixed on solving failure rather than on ultimate objective… but then I would have needed to solder)

2. PuTTY software or equivalent
I use KiTTY since a long time to talk with external hardware. It is a fork of PuTTY with a few interesting capabilities, in particular see the Automatic logon script with the RuTTY patch. It allows to wait on a string and react with another… I have the KiTTY Windows Portable from fosshub

Part 2: The Physical Setup

1. Crack open the Kindle
I did put the removed black frame with the glue facing up. The idea is to stick it later against the screen so that no dirt will pollute the glue. Accessorily this will keep the screen away from the table preventing scratches (I hate scratches on a screen, they catch my eyes away from the reading…)

2. Remove the screws
There are 11 screws. The one in the middle is hidden underneath adhesive tape- I used a cuter to cut the tape and lift it to uncover the screw.

3. Access the electronic on the back of the screen
Pry the silver frame (which holds the screen) out of the black back cover. Set the screen on the frame…
When securing the foam with paint masking tape, there is no problem to stick it to the frame without damaging the screen.

4. Access to the serial debug
Peel back the tape (Yellow Kapton tape). I Glued it temporarily on the battery. Note, careful this tape seems to stick a lot to the flexible printed circuit.

5. Connect the USB converter board!
I did use the idea from Dennish connecting without any soldering (Great idea!).

I did push the pins through the foam in such a way that the points arrived at the top of the solder pads, the other side of the pins were about 1.5 cm away. Then, I pinched the pins to spread open their points and push them on either side of the pads ... The tension induced by the foam on the pins was enough to make a good contact. It was even enough to return the PW3 and read the screen without losing the contact.

Centre pin goes to the TX pin of the adapter. (green wire)
Bottom pin goes to the RX pin of the adapter (red wire)
Ground using a screw… (black wire) …
1.8-volt reference on the adapter itself

Watch out, it may look like the RX and TX contacts are ok as a character is echoed. If the ground is not secure some funny characters pops up and that can freeze the kindle (twice) or the KiTTY terminal (at least once). I ended up replacing the alligator clip on the screw with a wire tightened under the screw.

Note that I did NOT remove the battery nor the connectors to setup all that.

Part 3: Windows Computer Setup

1. Get the Kindle's password
2. Set up the COM port
3. Set up KiTTY
KiTTY has the same interface as PuTTY, I did try to use the auto answer from KiTTY without much success (but I did not realize immediately that the ground alligator clip had decided to walk away), so I just hold down a key.

Part 4: Hackery stuff

1. Get into the diagnostics boot
Turn on the kindle, and watch the blank KiTTY window. As soon as text shows up in the window, hold a key on the keyboard until the boot is interrupted.

Hint: It took me about 2 or 3 dozen tries before to hit a key at the right time… The window time is really short, also I discovered that holding down the “enter” or the space key would not work while holding down the “g” key did work…

At the prompt "uboot >", I typed this command: bootm 0xE41000

From here, I have lost the log (don’t ask, totally my fault, I did set KiTTY to always overwrite the log file…)

Anyway, the diagnostic mode ran, proposed me a menu to choose from... Timed by a countdown… at zero it exited the menu… I had even no time to read it all.

Well, time to turn the PW3 over.
On the screen I was presented with another menu…
I selected "Reboot or Disable Diags"
then "Exit to login prompt"

Back to the KiTTY console I could log in root using the fionaXXX password

2. Edit the password file
I ran those commands to edit the password file:

Code:

mkdir /tmp/main
# create /tmp/main directory as access point
mount /dev/mmcblk0p1 /tmp/main
# mount rw root device
cd /tmp/main/etc	
# default dir is /etc
cp passwd passwd.original
# save a copy of the passwd file to prevent disaster
vi passwd
# edit the password file

Use the arrow keys to move the cursor over the "x"

Press "x" for vi it means delete character under the cursor so it delete the x

Removing the "x" is telling the system that the main root account doesn't need a password.

Type <esc><esc>":wq" to save the file & exit the editor
Escape twice to exit edit command, : to switch to top command mode, w for write, q for quit

Code:

cat passwd
#verify that passwd is saved without x for root and without spurious character
"reboot"
#to restart the kindle

3. Run the jailbreak
Wait for the kindle to finish booting and shows up as a storage device on the computer.
Right click on kindle-jailbreak-1.16.N-r17396.tar.xz and activate “7zip open archive” to expose “kindle-jailbreak-1.16.N-r17396.tar” in the 7zip windows
Right click kindle-jailbreak-1.16.N-r17396.tar and activate “open inside” to expose “jailbreak”
Right click jailbreak and activate “open inside” to expose quite a few files… in particular “kindle-5.4-jailbreak.zip”
Right click kindle-5.4-jailbreak.zip… the content of that file is what I want…

Select all 7 files in this directory, drag and drop them all in a dummy directory then copy to the kindle base directory.

"Eject" the kindle from the computer (file explorer, right click on kindle(?): then press eject) and unplug the USB cable.
Warning: Leave the USB serial converter plugged in!
In the KiTTY window, issue <CR> to display the login prompt
Type root to log in (no password asked…)

Type these 3 commands:
Code:

Code:

cd /mnt/us
#get into the kindle base directory
ls
#list the file and verify that all 7 files are in there
sh jb.sh
#initiate the jb.sh procedure…

BTW: Reading the jb.sh file, I was pleasantly surprised by the use of sh functions that gets called in sequence. Quite neat and tidy…

reboot the kindle and connect the USB storage:
New directories have been made by the jailbreaking

4. Protect the jailbreak
I verified that during the reboot, a directory named: "update.bin.tmp.partial" was created.

5. Install K5 JailBreak Hotfix

• Verify that airplane mode is on (no Wireless connection possible)

• I renamed update.bin.tmp.partial directory to NOT_update.bin.tmp.partial.

• executed JB Hotfix

• After reboot rename NOT_update.bin.tmp.partial to update.bin.tmp.partial

Part 5: Install some goodies

1. Install KUAL
Read https://www.mobileread.com/forums/sh....php?p=2389078

• The xyz.azw2 file does not work anymore on 5.12.4…

• I have MKK from JB and JB hotfix

NOW, install MR Package Installer (MRPI) using 7zip, drill down kual-mrinstaller-1.7.N-r17508.tar.xz. Drag and drop both “extensions” and “mrpackages” to a dummy directory then copy to the kindle top dir.
I rebooted and connected back the PW3.

Using 7zip, drill down, KUAL-v2.7.24-g9f3694a-20200604.tar.xz to find Update_KUALBooklet_v2.7.24_install.bin. Drag and drop it to a dummy directory then copy to the kindle(?):\mrpackages\ directory.

Eject the Kindle, remove the USB cable. On the kindle touch accueil (home I guess), then rechercher (search) type “;log mrpi”, send the search ??? nothing… PW3 report cannot find… reboot... think... retry… ha-ha it works now???

Hint: to initiate the search, do NOT use the bottom ‘rechercher “;log mrpi” partout’, but rather touch the right arrows at the right end of the search box, or wait (3000 books) or reboot. (I don't know, do I care?)

I now have a KUAL entry, touch it… the PW3 displays

• KUAL <down arrow>

• Helper <down arrow>

• x Quit

Ok, KUAL does list after all my collections, I guess this is normal as I sorted by collection and ALL and every of my books are into collection… This is fine for me as I can quickly find it at the bottom of the collections…

2. Install KUAL Extensions

 KUAL-helper
Using 7zip, drill down the kual-helper-0.5.N-r17416.tar.xz and copy the extensions\helper directory to a dummy directory then copy to the kindle:\extensions. It'll create a helper subdirectory in it.
Now, the Helper section has quite a few more line to explore (ok, mobileread forum reading ahead…)

 KUAL +
Using 7zip, drill down kual-kual-plus-0.2.N-r13380.tar.xz and copy the extensions\KUAL-add-ons directory to the kindle:\extensions. It'll create a KUAL-add-ons subdirectory in it.
Now, the KUAL section has become KUAL+ with quite a few more line to explore (ok, mobileread forum reading ahead…)

 GNU Awk Installer
Using 7zip, drill down kual-gawk-1.5.N-r17508.tar.xz and copy the extensions\gawk directory to the kindle:\extensions. It'll create a KUAL-add-ons subdirectory in it. Then open KUAL, select KUAL+, select install button…

 Others
Have a look at A helpful list of Extensions for KUAL
I intend to install LibrarianSync later when I fully (or nearly…) understand it. ???It needs python 2 or 3 ???.
Ok, Thanks NiLuJe, I will install Python 2.7 and if I want it later will install 3.8… They can exist concurrently… (https://www.mobileread.com/forums/sh...245691&page=32)
First, I will install the ScreenSaver hack to verify that KUAL and MRPI works…

3. Install ScreenSaver hack
Everything is in https://www.mobileread.com/forums/sh...d.php?t=195474
I want both Python and the ScreenSaver hack

• Python: using 7zip drill down kindle-python-0.15.N-r17508.tar.xz and move Update_python_0.15.N_install_pw2_kt2_kv_pw3_koa_kt 3_koa2_pw4_kt4.bin to the mrpackages directory on the kindle

• Hack: using 7zip drill down kindle-linkss-0.25.N-r17508.tar.xz and move Update_linkss_0.25.N_install_pw2_kt2_kv_pw3_koa_kt 3_koa2_pw4_kt4.bin to the mrpackages

Eject the kindle, remove the USB cable

Open the "Kindle Launcher" (KUAL) book on the kindle
• Select "Helper+" menu option
• Select "Install MR Packages" menu option…
• wait a few seconds before screen displays progress bar… then kindle reboot… put kindle in sleep (push button) and read “The ScreenSavers Hack has been successfully installed!” along with a definition of kindl… (very nice screen saver NiLuJe)

Part 6: Credits

Thanks to the many people involved with hacking the kindle and with sharing the knowledge acquired…

Many Thanks to all those who did answer my basic questions (even those answers I got using the forum, without even asking).

I am sure that the PW would NOT have many of the features found today without those hackers… Think: font hack existed well before Amazon came out with the possibility to choose a user defined font… And so many others hacks.

Conclusions

I am happy again.

[texaspete]

I have the case open and some sewing pins touching the pads of the motherboard as per the non-soldering method. It's ready to go but I don't know how to turn it on now. I see where the power switch must be, and I see the plastic button on the case, but I don't see how it activates the power.

Is there some trick to it? If not, I'll have to just solder some wires, but I'd rather not as the soldering pads are very small and my hands are not very steady.

2015 Paperwhite 3.

Thanks!

[texaspete]

Never mind. I pushed on the small yellow spot and it clicked and powered on. I have to just secure the RX and TX connections and hopefully I'll be good to go.

[atonement]

This https://a.aliexpress.com/_mOUE9Zl can be used as an alternative to the Jim's board? 1.8V is mentioned so no need of an additional buck converter or the like?

[fonix232]

Hey all,

I'm having a little trouble after soldering the serial port wires. Followed the guide to a T, managed to get the wires on the appropriate solder pads (only RX and TX, decided to use a screw hole for ground, and didn't hook up the 1.8V one, as I would be running from battery). Serial port works fine, managed to get into diag mode, removed the password requirements for the `root` user from the main OS partition. Diag mode also works fine.

However, if I boot the PW3 in regular mode... After loading, the device is stuck on the screensaver, and does not react to the power button at all. Serial port access works, and I managed to log in as root, however after some time, the serial port stops accepting any input (TXD does not even blink on my adapter). Receiving still works, as e.g. if I force a reboot by pressing the power button for 15 seconds, I can see the logs being output.

Because of this, I can't even run the jailbreak script, as it freezes out before I even get there.

Is there any solution? I've been thinking about grabbing an older firmware and forcing an update from the recovery menu.

[lrpirlet]

You did not say, but I take for granted that BOTH kindle and adapter ground are common... and that this is NOT a permanent issue (when power off-power on it works again for a while)

This is a shot in the dark, but are you sure that running from a battery is at a correct level? I would take my multimeter and measure the voltage between the kindle ground and the signal...It should be around 1.8 volt... 1.5 v would be low and maybe too low for your kindle

good luck

[kur1977]

Hi.
Is there a way to use serail COM port in my PC?

If my PC have the COM port - can I use it to communicate to Kindle?

[j.p.s]

Quote:

Originally Posted by kur1977

Hi.
Is there a way to use serail COM port in my PC?

If my PC have the COM port - can I use it to communicate to Kindle?

The voltage levels would likely zap the port on the kindle.

[kur1977]

Quote:

Originally Posted by j.p.s

The voltage levels would likely zap the port on the kindle.

Thank you. I just did some googling and find that the voltage on the PC serial port can be from -13 to +13V.

So I'm ordering USB to serial converter from Aliexpress now )))

I think, this will be fine https://aliexpress.ru/item/4000216010101.html

And I think, that it will be not required to solder VCC wire. Just Tx, Rx and GND

[buyifan43]

I accidentally destroyed the Tx point (can't connect any cables to it anymore)
Is there any solutions? e.g solder onto the chips?
Device:Kindle 7(IDK what its offical name,resolution 167ppi and FW 5.12.2)

[katadelos]

Quote:

Originally Posted by buyifan43

I accidentally destroyed the Tx point (can't connect any cables to it anymore)
Is there any solutions? e.g solder onto the chips?
Device:Kindle 7(IDK what its offical name,resolution 167ppi and FW 5.12.2)

You'll need to use one of the test points on the back of the PCB; if Kindle 7 == KT2, you're looking for either TM800 or TM801.

[buyifan43]

Quote:

Originally Posted by katadelos

You'll need to use one of the test points on the back of the PCB; if Kindle 7 == KT2, you're looking for either TM800 or TM801.

So you mean that I need to take the pcb off and connect a cable to the other side rather than the side where serial debug points are?
If yes please do not reply