Usbnetwork/ssh on kindle 3?

[badNick]

Quote:

Originally Posted by NiLuJe

Thanks! I'll take a look at iptables to do something a bit less 'wide-open' for SSH/TelNet in the USBNet script

Hey, I already have a ssh connection via wifi. Just need to edit /etc/sysconfig/iptables and set the INPUT policy to ACCEPT (default is DROP).

Then reboot your kindle, ;debugOn and ~usbNetwork and it's done. SSH server over wifi!!

(tested on a k3wifi)

[Tiersten]

If you're going to enable incoming connections via WiFi then make sure that everything is locked down and that you've changed all the passwords.

[NiLuJe]

Meaning don't use the SSHD provided in the USBNet packages, because it bypasses the password .

[Tiersten]

Quote:

Originally Posted by NiLuJe

Meaning don't use the SSHD provided in the USBNet packages, because it bypasses the password .

LOL that as well!

[NiLuJe]

Heh. Turns out I'm not so far gone as I thought, I didn't think of that method before because it indeed couldn't work on fw 2.x... -_-".

[clarknova]

Quote:

Originally Posted by NiLuJe

Okay. I'm stupid.

Unless I'm mistaken, I've got a jailbreak working. It's even dumber than before. -_-"

EDIT: Yep, it works. >_<". And when I say that it's dumb, it's *really* dumb. So dumb I'm amazed no one tried it before o_O. And my update to the packager work, so that's nice too .

UPDATE: Oops. Figured out why no one tried it before :P. It couldn't work on FW 2.x .

Actually, this was the first jailbreak written for the k2i / 2.3.x firmware. When 2.5 came out, Amazon fixed their otaup script so that it wouldn't remount the root fs as read-write until after the update was un-tarred which is why porcupan figured out to use an existing install script to unpack the tarbomb after the fs was remounted.

Is there anything in the 3.x otaup script that would explain why they moved the remount before the initial unpack again? Or are the guys at lab126 just being nice?

[rumblpak]

hey, kinda new to the kindle and wanted to ssh over wifi but it is giving me a read-only error on the iptables file, how do I correct that?

[porkupan]

Quote:

Originally Posted by clarknova

Is there anything in the 3.x otaup script that would explain why they moved the remount before the initial unpack again? Or are the guys at lab126 just being nice?

Actually, believe it or not, I tried the exact same jailbreak on 3.0.0 about a month ago, and it didn't work. Well, the subsequent test updates bitched about file signatures being wrong, so I assumed it didn't work. I fixed the updater to calculate the checksum of the dat file, so I was pretty sure that the reason updates didn't work was that the key had not gotten installed. My understanding was that in 3.0.0 they used busybox with the fixed tar (the one that doesn't actually follow symlinks). Unless I am mistaken, for 3.0.1 update Amazon replaced this 3.0.0 busybox with the "broken" (or older version) busybox, which works like the one in 2.5 and earlier versions. Why did they do it, I cannot understand.

However, they may have moved "mntroot rw" to the beginning of the install loop for that very reason that there was no longer any danger from tar bombs. When they rolled busybox back they should have moved the mntroot rw back to where it had been in 2.5, but they did not.

The other possibility is that my testing was wrong, and jailbreak actually did work on 3.0.0. But that would mean that 3.0 was not based on 2.5, and not even on 2.3, but on even earlier version of FW. At least the parts of it that handle the update (otaup).

[NiLuJe]

Huh, weird. Thanks for the history lesson .

On a sidenote, the fairly recent busybox I have installed on my Gentoo ~x86 sytem does follow symlink by default too.

[clarknova]

Quote:

Originally Posted by NiLuJe

On a sidenote, the fairly recent busybox I have installed on my Gentoo ~x86 sytem does follow symlink by default too.

This is standard behavior for all POSIX compliant tar implementations. Unless amazon was to rewrite their busybox tar program (or simply roll their own from scratch) this should always work.

But if they move the mntroot command back below the initial unpack, then we're back to square one.

[qinbill]

Just got a Kindle DXg.
But it dose not support Chinese as Kindle 3.

I jairbreaked and tried some fonts. The problem is if I choose some better chinese fonts then the english fonts is ugly. I like the original Kindle English Fonts. But I want it support Chinese Characters.

If the Kindle 3 is support chinese. It's fonts must support chinese. So anyone got Kindle 3 jairbreaked. Please copy it's fonts out and I want to give it a try.

Thanks.

[ecostin]

Quote:

Originally Posted by clarknova

This is standard behavior for all POSIX compliant tar implementations. Unless amazon was to rewrite their busybox tar program (or simply roll their own from scratch) this should always work.

But if they move the mntroot command back below the initial unpack, then we're back to square one.

The usual tar implementations do follow symlinks, but, in order to prevent this type of exploit, they create the symlinks at the end of extraction. This means that the symlinks creation will be delayed until all the files have been extracted and there will be no directory to create the PEM file into (although the symlink will be created). It is a known issue and this is the intended functionality. This does not affect the tar archive creation. One would need a two step approach - first "extract" a tar file to create the symlink, then extract a second one to plant the file in the location pointed by the link (the ota update script does nothing like that).

The normal error tar should give is:
tar xfvz update_jailbreak_k3g_install.bin.tgz
1
1/pubhackkey01.pem
tar: 1/pubhackkey01.pem: Cannot open: Not a directory
tar: Exiting with failure status due to previous errors

And, of course, if the filesystem is read-only, there's nothing to write to

[NiLuJe]

Well, apparently, my local busybox setup (1.17.1) is still vulnerable, but, yeah, GNU tar is a bit brighter .

Thanks for the explanation .

[ile]

Hi,

I just today got a Kindle 3 and I would like to know if there is a safe way to make it do this USB networking?

For the reference, I don't really know what a jailbreak is when it comes to Kindle, and I would not like to install any hacks at this time as I'm new to Kindle. I could play with the debug mode to get usb networking to work if I can use the web browser that way. I didn't find this in FAQs so I'm asking a newbie question here.

So.. a safe way to get usbnetwork to work and use it with the web browser? :-)

Thanks.

[NiLuJe]

I haven't tested the tethering on a K3... Because it doesn't make much sense to me since every K3 model has a WiFi module .