Downgrading from 5.7.2.1 (jailbroken Kindle via diags)

[n1kk00]

So I was not completely satisfied with v5.7.2.1 and decided to downgrade and go back to version 5.4.5 (mine's a jailbroken 9017 4GB PW2 and, according to the wiki, needs this version to run KUAL). After reading a bunch of threads, posts and readmes I came up with a list of steps and decided to go ahead and do it (after verifying my list with @knc1). All went well and now I'm successfully back to v5.4.5. Here's what I did (like I said mine's a 9017 4GB PW2 device but I assume it would be applicable for other devices as well).

Important Notice: After completing this tutorial you will lose all your collections, bookmarks, book progress etc. Please consider this before continuing. Also, you do this at your own risk.

Prerequisites:

i) a jailbroken device with the latest jb version (this won't work on non-jailbroken devices as you should be able to boot into diags and ssh into the Kindle)

ii) rescue pack and coward's rescue pack installed - you can find them in NiLuJe's snapshots thread

iii) it would be a good idea to also install the USBNetwork hack (also available in NiLuJe's snapshots thread), setup ssh access (the process is described in the wiki) and try to connect to the Kindle; I used PuTTY on a Windows PC.

Steps:

1. Download the previos firmware update_... .bin you want to downgrade to. Make sure it is not older than the original firmware your device was shipped with! For my device I went with v5.4.5 linked in the wiki

2. Extract the contents of the .bin file using kindletool - you can download it from NiLuJe's snapshots thread. Run the follwing command:

kindletool.exe extract path/to/.bin path/to/output/folder

E.g. on my Windows PC i ran it like that:

Code:

kindletool.exe extract C:\kindletool\update_kindle_5.4.5.1.bin C:\kindletool\output

After extracting the firmware .bin you should be able to locate two files inside the output directory: rootfs.img.gz (the root file system) and uImage (the kernel). On my PC the uImage file was under a imx60_wario directory in the output folder.

3. Connect your Kindle to your PC and put the uImage and rootfs.img.gz files on the root of the usb storage.

4. Eject the Kindle and select Restart from the Kindle settings menu. Do not unplug the USB cable - if you installed the coward's rescue pack the Kindle will automagically enter into diags during the reboot

5. Once into diags, enable USB networking - touch on the following nemu items: N -> U -> Z -> X (as described in ixtab's readme)

6. Once USB networking is enabled you should be able to ssh into the Kindle - in PuTTY connect to 192.168.15.244 ip address, leaving the port to default (22); enter root as the username and mario as the password - you should see the root prompt

7. Clear the database to avoid potential DB schema issues (this will erase all your collections, bookmarks, book progress etc.):

Code:

rm -f /var/local/cc.db

Code:

rm -f /var/local/dcm.db

8. Install the kernel and rootfs (double check those dd commands):

Code:

dd if=/mnt/us/uImage of=/dev/mmcblk0 bs=4096 seek=65

This will copy the contents of uImage into mmcblk0 using 4 Kbyte chuncks with (4096*65=) 260 Kbytes offset

Code:

zcat /mnt/us/rootfs.img.gz | dd of=/dev/mmcblk0p1 bs=4096

This will unzip and copy the contents of rootfs.img.gz into mmcblk0p1 using 4 Kbyte chuncks (rootfs.img.gz is a larger file so it will take some time)

9. Reboot you Kindle:

Code:

idme -d --bootmode main

Code:

reboot

Unplug the USB cable from the Kindle once PuTTY reports it has lost the connection.

10. If you had the latest jb version installed the jailbreak should bridge itself during the reboot. Re-apply any .bin hacks after the device boots. You will also have to redo all your collections, bookmarks, book progress etc.

An interesting thing happened after I downgraded. I turned airplane mode off to sync my cloud collections as I had trouble recreating/viewing them on my device. The popup to register my Kindle appeared (?!) so I re-registered it. During the sync a notice file appeared on my Kindle (Test Kindle Installation Result.azw) saying

Quote:

Your Kindle is no longer a test Kindle and is unable to test items previously signed by authorized developers. If you want your device to be a test Kindle again, please contact the developer.

After that I was unable to launch KUAL (?!). Starting to sweat a little, I re-apllied the latest jailbreak - all was fine after the reboot; I also re-applied my .bin hacks just to make sure. Haven't had issues after that although I usually keep my Kindle in airplane mode.

Special thanks to @knc1, @NiLuJe, @ixtab, @dsmid and all the other guys here for providing invaluable knowedge and tools.

[shamanNS]

@knc1: Is the offset/seek value for the kernel image dd command the same for PW3?

[knc1]

The above should apply to **any** series 5 Kindle (KT, PW1, PW2, PW3, KT2, KV) and **any** current (5.x) firmware.

Just two things to be certain of:
*) You have a recent jailbreak version installed (so it will 'bridge' the main image changes).
*) You do not install a firmware **older** than the one the device shipped with when the model was introduced.
Note: The PW2 came in two types, 2Gbyte user memory and 4Gbyte user memory, an image from the earlier type (2Gbyte) will not run a 4Gbyte type. So if doing this to a PW2 device, be certain to follow the advice above.

Note:
Any change in the device's registration status will wipe the MKK keys.
To recover from that -
Either:
re-install the MKK package (if possible)
Or:
re-install the jailbreak (if possible)
Or:
use NiLuJe's 'hotfix' package (should fix anything you did to it )

[knc1]

Quote:

Originally Posted by shamanNS

@knc1: Is the offset/seek value for the kernel image dd command the same for PW3?

It has not changed (yet) on any of the series 5 devices.
See above.

[realthk]

Thank you very much indeed!

I was quite a bit upset with 5.7.2 mostly for a reason have not seen mentioned: they broke the dictionary handling in it.

On versions <5.7.x, if Kindle could not find a word in the default dictionary, it chose Wikipedia only after there was no hit in the other installed dictionaries either! But on 5.7.x, it goes straight to Wikipedia when there's no hit in the default one...
(and as our English-Hungarian dictionary is much less thorough than the Oxford English-English, it often happens. So on 5.7.x, every time you have to swipe from Wikipedia to dictionaries, select Oxford, check the word, and finally select EN-HU again: very inconvenient)

Now I've downgraded to v5.4.5.1 on my PW2 2GB, everything went fine, and dictionary works again as it did before!
(though I'll probaly upgrade to 5.6.x because of Bookerly)

[knc1]

Quote:

I was quite a bit upset with 5.7.2 mostly for a reason have not seen mentioned: they broke the dictionary handling in it.

Tell someone who can get it fixed: jeff@amazon.com

Maybe just fix the English-Hungarian dictionary?
PoP has his English-Klingon dictionary posted - it should be a worked example of creating (or fixing) a Kindle dictionary.

(or maybe just adopt Klingon as your native language)

[dhdurgee]

Quote:

Originally Posted by knc1

Tell someone who can get it fixed: jeff@amazon.com

On another topic, would this be someone who could also deal with the SSL(TLS) client problems in the browser? The support for known insecure cipher suites should really be addressed.

On this topic, given that my KT2 has the jb, rp and crp installed, should this approach be able to recover from any problem short of a factory reset or severely damaged file system? Is there a recommended method to confirm proper operation of the rp and crp?

I am keeping my KT2 in airplane mode and sideloading at the moment, as I was concerned about getting stuck in an unacceptable upgrade. I have thus far seen a number of reports here of problems with the 5.7.x series of firmware. Once a "good" release comes along I will consider an upgrade if my understanding is correct, even though a worst case scenario might lose me my jb until a method is available to revert to 5.6.5 if my jb is lost, if there are new features worth the risk. Staying in airplane mode is a bit of an annoyance, but worth it to protect what I waited over a year for in the jb.

Dave

[knc1]

Quote:

Originally Posted by dhdurgee

On another topic, would this be someone who could also deal with the SSL(TLS) client problems in the browser? The support for known insecure cipher suites should really be addressed.

Dave

Since J.B. owns the company, it might get passed down to the workers.

I have used that address myself, yesterday.
The mail did not bounce.
Did not get a response (fell into /dev/null maybe).
But I felt better.

[dhdurgee]

Quote:

Originally Posted by knc1

Since J.B. owns the company, it might get passed down to the workers.

I have used that address myself, yesterday.
The mail did not bounce.
Did not get a response (fell into /dev/null maybe).
But I felt better.

Gotcha. Didn't realize whose email address that was supposed to be. You are probably right about it winding up in the bit bucket most likely.

It would be nice if Branch Delay could share the address he has to the developers, but I can understand the need to keep that out of the forums. Perhaps there would be a way to route real security issues, like the SSL/TLS one in the browser, to them via the forum. Perhaps BD could share the address with one of the moderators and a thread could be created for such issues to be made known for them to forward? Perhaps a userid on the forums could be created that a PM to could be forwarded to them?

Dave

[knc1]

Quote:

Originally Posted by dhdurgee

Gotcha.
Didn't realize whose email address that was supposed to be.
You are probably right about it winding up in the bit bucket most likely.
- - - -

But it really did feel good to have written it.

That e-mail address either goes to a mailbox with the setting: "delete without bounce"
Or
It goes to an entire department of people to handle his junk mail.

Other products that 'stop working' get recalled.
Can we get a few million Kindles recalled?
Right! Dream on!

[mjkarma]

is it possible to downgrade without jailbreak. i jail break my kindle but after reset jailbreak was gone . so is it possible to work without jailbreak

[knc1]

Quote:

Originally Posted by mjkarma

is it possible to downgrade without jailbreak. i jail break my kindle but after reset jailbreak was gone . so is it possible to work without jailbreak

Why do you think it is gone?

Did you forget to install the 'hotfix' after installing the jailbreak?

[mjkarma]

Quote:

Originally Posted by knc1

Why do you think it is gone?

Did you forget to install the 'hotfix' after installing the jailbreak?

do you mean this link https://www.mobileread.com/forums/sho...postcount=1597
i did so is there a chance ??

[knc1]

Quote:

Originally Posted by mjkarma

hotfix . no i didnt.and after reset updated my kindle.

Your jailbreak is gone, overwritten by the update.

Using the serial port is now your only choice.

[mjkarma]

Quote:

Originally Posted by knc1

Your jailbreak is gone, overwritten by the update.

Using the serial port is now your only choice.

do you mean this link https://www.mobileread.com/forums/sho...postcount=1597
i did so is there a chance ??installed the hotfix after jailbreak . and then factory reset my device and updated to 5.7.2 is there a chance???