Tutorial WatchThis - Software Jailbreak for any Kindle <= 5.14.2

[No_name]

I stucked on the step 3 of jailbreak.
Copy ${YOUR_DEVICE}-${YOUR_FW_VERSION}.zip to .demo/ - where I can get this file? I haven't seen it in archive (watchthis-jailbreak-r03)

[No_name]

My kindle stoped responding to secret gesture after I created .demo folder in root directory of my kindle. Mb there is no connection - but it doesnt react to secret gesture anymore.
Could you help me with it?

[Bedwarer]

did any of u find a jailbreak for the latest firmware? i cannot downgrade to 5.14.2 because i have the normal kindle 2022.

[BuiVanThai]

Quote:

Originally Posted by katadelos

AKA CVE-2022-23224, CVE-2022-23225, CVE-2022-23226 - full writeup with technical details to be released after 5.14.3 has been widely rolled out.

Thank you to NiLuJe, yparitcher and darkassassinua for adding KOReader support for PW5, repackaging all of the hacks and testing this jailbreak

This vulnerability is released in good faith and in the hope that other security researchers will utilise the access that it provides to assist Amazon/Lab126 in improving their security posture.

If you're concerned about the security of your device and do not wish to jailbreak, install firmware version 5.14.3 from this link - I've been working with Amazon to create a fix and can confirm that this version has been hardened against this vulnerability.

Additional thanks to everyone at Amazon/Lab126 who contributed towards this .

Finally, I encourage Amazon/Lab126 to provide a method of unlocking their devices that doesn't involve the need of a 0-day, both for security researchers and for technical users who are interested in modifying their devices. We know that your employees lurk here, use tools that we've created internally and that our ideas have been implemented by you more than once, so help us help you - I promise that we don't bite

Device Compatibility

Spoiler:

This jailbreak is compatible with Kindle devices running the following firmware versions:

KT3, KT4, KOA1, KOA2, KOA3, PW3, PW4, PW5:
5.14.2
5.14.1 (5.14.1.1 on PW5)
5.13.7
5.13.6
5.13.5
5.13.4

KV:
5.13.6
5.13.5
5.13.4

KT2, PW2:
5.12.2.2

You must use the exploit payload that matches your device/firmware combination exactly.

Download Link
watchthis-jailbreak-r03.zip


Installation
Please ensure that you have read the entirety of the instructions before proceeding.

Setup

1. Factory reset the device. Make sure to use the "en_GB" or "English (United Kingdom)" locale when setting the language.
2. Type ;enter_demo in the Kindle search bar after performing a factory reset
3. Reboot the device
4. Once in demo mode, skip setting up wifi and enter dummy values for store registration when prompted.
5. Skip searching for a demo payload
6. Select the "standard" demo type
7. Press "Done" at the prompt to sideload content. Do not sideload the jailbreak at this stage.
8. Once the demo is setup, skip the misconfiguration lockout using the "secret gesture" (double finger tap on bottom right of screen then swipe left)
9. Enter the demo configuration menu by typing ;demo into the search bar
10. Select the "Sideload Content" option

Jailbreak

1. Connect the device to a PC and:
2. Create the directory .demo at the root of the Kindle storage
3. Copy ${YOUR_DEVICE}-${YOUR_FW_VERSION}.zip to .demo/
4. Copy demo.json to .demo/
5. Create an empty folder at .demo/goodreads. Do not put any files in this folder.
6. Press "Done" at the prompt to install the jailbreak script
7. Exit the demo menu and either enter ;dsts or swipe down and select the settings icon to enter the device settings menu
8. If an application error occurs, hard reboot the device by holding the power button, enter the demo menu again and select Sideload Content -> Done once more without connecting to USB
9. Select "Help & User Guides" then "Get started"
10. If jailbreaking KT2 or PW2, select the store button instead
11. The device will reboot
12. The jailbreak script will run during the next boot

Post Jailbreak

1. After the device has rebooted, type ;uzb into the search bar
2. Connect the device to a PC and copy Update_hotfix_watchthis_custom.bin to the root of the Kindle storage
3. Eject the device and either enter ;dsts or swipe down and select the settings icon to enter the device settings menu
4. Select Update Your Kindle to install the custom hotfix
5. This will take your device out of demo mode, rebuild the application registry and clean up unneeded jailbreak files.

Troubleshooting

• Alternative Demo Mode entry method:
  • Create an empty file named DONT_CHECK_BATTERY at the root of the Kindle USB storage
  • Activate demo mode by typing ;demo into the search bar
  • Once in demo mode, skip setting up wifi and enter dummy values for store registration when prompted
• If you need to reset your device whilst in Demo Mode, enter ;uzb in the search bar to enable USB storage mode then create an empty file named "DO_FACTORY_RESTORE" at the root of the Kindle storage. Once this has been created, reboot the device.
• Video demonstration of secret gesture

You should now have a freshly jailbroken Kindle

I jailbroke my kindle oasis 10th generation version firmware 5.14.2 last night . After that, I connected to wifi, try to reinstalled some earlier versions of koreader. I want to touch words on a reflowing scanned .pdf file to look up on dictionary. Seem to be recently versions of koreader does not suitable. The version 2020.10.1 of Koreader works well in my jaibroken Kindle PW3 but does not run in this jaibroken Oasis. => I reset the Oasis with the reset_factory_file without knowing that it was already update firmware to 5.16.2.1.1.
Now I just have an original firmware 5.16.2.1.1 Kindle Oasis that I can not downgrade or jaibreak againt
In future, I hope Amazone will integrate the koreader software into Kindle devides or allow users install it.

[BuiVanThai]

Quote:

Originally Posted by spacequince

It took some digging to get KOReader and its prerequisites installed, so I’ll put the info here. All downloads besides renametobin and KOReader come from the NiLuJe's Snapshots thread.

MR Package Installer and KUAL
MR (mobileread) Package Installer
KUAL (Kindle Unified Application Launcher)
1) Extract mrpackages and extension folders from kual-mrinstaller-1.7.N-r18896.tar.xz to your Kindle’s root folder.
2) Extract Update_KUALBooklet_e3deabf_install.bin file from KUAL-e3deabf-20220213.tar.xz (coplate version of KUAL) to mrpackages folder which is in your Kindle’s root folder.
3) Eject you Kindle and open the search on it and type ;log mrpi (installs KUAL and MRInstaller).
Source: reply by FireFrog on this jailbreak thread, also see next reply by voidnull

renametobin
Prevents OTA updates from Amazon so you can make sure your Kindle doesn’t update which could blow away your jailbreak.
1) Extract renametobin folder from renameotabin.zip to the extensions folder of your Kindle.
2) Eject your Kindle and launch KUAL on it.
3) Tap “Rename OTA Binaries”, then tap “Rename” (Only tap “Restore” when you want to re-enable OTA updates or if you want manually update firmware via "Update Your Kindle" from Settings menu on Kindle)
Source: renametobin reply by re4om on this jailbreak thread

KOReader
1) Extract extensions and koreader folders from koreader-kindlepw2-v2022.03.1.zip to Kindle’s root folder.
2) Eject your Kindle and launch KUAL on it.
3) Tap “KOReader” then tap “Start KOReader”.
4) Wait ~10 seconds for KORreader to open.
Source: Installation on Kindle devices

Edit 04-29-2022: Step 3 of renameotabin update suggested by re4om and correction of MRInstaller to mrpackages folder pointed out by lovegamehp

I had read you post until my Jailbroken Oasis automatic updated firmware to version 5.16.2.1.1.
What can I do now?

[bewbsop]

I'm stuck on step 9 of the jailbreak part. It says to simply click the "Help & User Guides" and then get started, but it just opens the manual instead of restarting. Is there a way to fix this? How would I even leave demo mode if I can't progress from here. I've seen numerous people in this thread mention this same problem and not one answer.

[bewbsop]

Quote:

Originally Posted by bewbsop

I'm stuck on step 9 of the jailbreak part. It says to simply click the "Help & User Guides" and then get started, but it just opens the manual instead of restarting. Is there a way to fix this? How would I even leave demo mode if I can't progress from here. I've seen numerous people in this thread mention this same problem and not one answer.

I'm just an idiot, disregard this. You're supposed to put the whole zip in there, not whats *IN* the zip.

[mammouth]

Hi all!
I have a kindle KT3 a KOA3 too. I have succsess with the KT3 (fw5.14.2) about half a year ago, its perfect. about 1 week ago i bougth the Oasis 2019 from second hand with fw 5.14.2 and i tried 3-4 times to JB it and install the KUAL and KOreader with partially success. with the JB procedure I havent any issues, thru the tutorial i have done the JB, and i have installed the hotfix too, extracted the mrpi installer. but i cannot install the KUAL booklet anyway. i was tried, to copy the "Update_KUALBooklet_v2.7.29_install.bin" file to the "mrpackages" folder and then ";log mrpi" the installation seems finished but no KUAL "book" appears anywhere on the kindle. tried the hotfix version too, same thing. what have I made wrond?
another bad thing happens today: i have forgot to put the device to airplane mode, and it have updated itself to 5.16.2.1.1.. no comment i know!
the interesting is: ";log mrpi" running if I call it, (i have tried to install KUAL booklet again, no success) and i think jailbreak survived. but i have no KUAL icon, and in this case i cannot downgrade the device with kual downgrader.
please give me some advice/opportunity. till your helping answer I do not reset or do anything with my device, and hope there are some possibilities to downgrade, and use the KOReader later on it! i love it so much!
than you in advance!
Adam

[BuiVanThai]

Quote:

Originally Posted by No_name

My kindle stoped responding to secret gesture after I created .demo folder in root directory of my kindle. Mb there is no connection - but it doesnt react to secret gesture anymore.
Could you help me with it?

I was in this case but I try and every thing is ok.
1) The first, skip lock screen. You will see that video https://youtube.com/shorts/JzuIGbGPp...cK6-blS2s7LqhG
2) Then, in search box, you enter comman ;exit_demo
3) After that, in search box, you enter comman ;uzb
4) Download DO_FACTORY_RESTORE.zip to a computer and unzip it. Link to download here: https://drive.google.com/drive/folde...zBeA9BERQGjFCk
5) Connect Kindle and a computer by a usb cable, copy directly file DO_FACTORY_RESTORE to your kindle
6) Eject Kindle and restart Kindle (by power button or you can enter comman ;dsts in search box to go to All setting/Device Options/restart)
=> After restarting, you have kindle working.
See Mr Hai Kindle, he know it very well. I learn from his video: https://youtu.be/RO2zQXvVuJY?si=oaUh...LuOn:thumbsup:

[j.p.s]

Quote:

Originally Posted by mammouth

Hi all!
I have a kindle KT3 a KOA3 too. I have succsess with the KT3 (fw5.14.2) about half a year ago, its perfect. about 1 week ago i bougth the Oasis 2019 from second hand with fw 5.14.2 and i tried 3-4 times to JB it and install the KUAL and KOreader with partially success. with the JB procedure I havent any issues, thru the tutorial i have done the JB, and i have installed the hotfix too, extracted the mrpi installer. but i cannot install the KUAL booklet anyway. i was tried, to copy the "Update_KUALBooklet_v2.7.29_install.bin" file to the "mrpackages" folder and then ";log mrpi" the installation seems finished but no KUAL "book" appears anywhere on the kindle. tried the hotfix version too, same thing. what have I made wrond?
another bad thing happens today: i have forgot to put the device to airplane mode, and it have updated itself to 5.16.2.1.1.. no comment i know!
the interesting is: ";log mrpi" running if I call it, (i have tried to install KUAL booklet again, no success) and i think jailbreak survived. but i have no KUAL icon, and in this case i cannot downgrade the device with kual downgrader.
please give me some advice/opportunity. till your helping answer I do not reset or do anything with my device, and hope there are some possibilities to downgrade, and use the KOReader later on it! i love it so much!
than you in advance!
Adam

Thank you for listing the exact KUAL you tried to install. For KOA3 you need the coplate version from NiLuJe's snapshots page
https://www.mobileread.com/forums/sh...d.php?t=225030

I don't have personal experience with anythig over 5.12.x so you need to search around for posts that deal with 5.16.x

[mammouth]

thank you for your answer, i have tried now to install the coplate version of KUAL, unfortunately no success
are there any option to run the downgrade.sh without KUAL? any other idea?

[j.p.s]

Quote:

Originally Posted by mammouth

thank you for your answer, i have tried now to install the coplate version of KUAL, unfortunately no success
are there any option to run the downgrade.sh without KUAL? any other idea?

Unless you somehow have already installed usbnetwork and configured ssh I have no ideas for what to try.

[barleywater]

hi, just asking if kindle paperwhite (6th Generation) 5.12.2.2 is jailbreakable because I didn't see the software for this

[dkaine]

I currently have a PW4 10th Generation JB on 5.13.2. Can I update to FW 5.14.2 without having to factory reset and keep my current JB? I have KUAL and MRPI installed from when I did the original JB probably a few years ago at this point. Or do I have to factory reset, update to 5.14.2 and then go through the JB steps for this FW?

TIA!

[j.p.s]

Quote:

Originally Posted by mammouth

thank you for your answer, i have tried now to install the coplate version of KUAL, unfortunately no success
are there any option to run the downgrade.sh without KUAL? any other idea?

Quote:

Originally Posted by j.p.s

Unless you somehow have already installed usbnetwork and configured ssh I have no ideas for what to try.

I had forgotten about
;log runme
to run
RUNME.sh

https://www.mobileread.com/forums/sh...d.php?t=292382