A hack to display/ERASE the log Amazon collects?

[abookreader]

Quote:

I think this would still work for you as the hack changes where it's sent and not disabling the send altogether or what method? Don't take my word on it though.

sorry - I was repsonding to jbcohen who was discussing his friend's firewall on the homenetwork.

I've had the "log file" hack installed for awhile now but really no way of determining what it is doing or if it is working. For all I know Yifanlu has sent my Kindle log file to his computer and now he's tracking my reading habits and location.

[FF2]

Quote:

Originally Posted by jbcohen

I don't have a Kindle but a pal of mine who does is very concerned about security of the Kindle and the ability of Amazon to look at what you are doing with your Kindle. So what he has done is a waste of the Wifi functions but he side loads all of his books never through wifi which he keep switched off. His firewall his told very specifically which software are allowed to transmit information to the internet and who is not and Amazon is not one of them that are allowed to transmit: simply the web browser and the security software are allowed to transmit. He swears that since his firewall does not permit the Kindle to transmit anything Amazon is getting nothing from him.

That is obviously one way to keep ALL communications between the kindle and the outside world from occurring. But if someone wants to use the wifi (or 3g) for downloading books or surfing the web that full-stop won't work.

Obviously, surfing the web, probably through Amazon does mean you accept the fact that they can know where you are surfing and what you are reading. Downloading books - well, they know that, too.

But what I'm actually reading and whether I'm an inept very slow reader or one who reads 12 books at once and whether I'm reading a Smashwords book or a freebie I got from Barnes and Noble and "fixed up" is not their business. And for 3g users, the gps location of where they are reading - well, why does Amazon need that info? Well, it may be their BUSINESS but I may not want to share that with them.

So, yes, a kindle with links to the outside world is definitely a compromise. The Sony with no connections besides usb would be more private.

But if we can prevent some flow of info we don't want to share, I like that prospect.

Tradeoffs.

[FF2]

Tarr:

I'd be very interested in what you learn. Someone mentioned a "sniffer" which I guess can log all traffic over wifi (3g is a separate phone system). I don't know what the logs show as far as what "home" (ip address?) they sent the log to, etc.

"To dump logs, type in ";dumpMessages" on the home screen in the search box. You need to press a letter, then backspace, then sym to get the semicolon. The logs will be in the documents folder when you plug the kindle into the computer. "

[yifanlu]

Quote:

Originally Posted by abookreader

sorry - I was repsonding to jbcohen who was discussing his friend's firewall on the homenetwork.

I've had the "log file" hack installed for awhile now but really no way of determining what it is doing or if it is working. For all I know Yifanlu has sent my Kindle log file to his computer and now he's tracking my reading habits and location.

I'm way to busy to stalk random people on the internet, lol. I always include the source so people will know exactly what the script is doing, and I advice people to always read the source before installing a hack.

Also, I would need someone knowledgeable to log overnight. It's a pretty painful process (well not really), but I don't have the time right now (busy with some other stuff), so I haven't touched the kindle in a while. If anyone with linux knowledge read this, install my script and cross-compile (or find a copy of) tcpdump for ARM and run it (log size max please) overnight. Then connect to your computer, scp the .pcap file back and either analyze it yourself (I don't know what information will be logged) or send me a copy.

[PoP]

@yifanlu

I have installed a tcpdump arm binary from http://junxian-huang.blogspot.com/20...1-android.html.

I will "[root@kindle tcpdump]# ./tcpdump-arm -s 0 -w capture.pcap" overnight and look at the trace with Wireshark.


[edit]
After two hours the capture only shows that every 27 seconds traceroute packets (UDP datagram’s with a port number of 33434) sent to 184.73.176.175 (ec2-184-73-176-175.compute-1.amazonaws.com). Guess I will have to run it longer.

[FF2]

PoP

If I only understood English, I might understand what you wrote! (g)

But looking forward to what you do discover.

[PoP]

Well I ran a 10 hour long tcpdump capture. My analysis doesn't reveal any realy interesting stuff.

Every hour:
The Kindle queries DNS for dogvgb9ujhyxbx.jfk1.cloudfront.net
and DNS answers with a series of 8 IP addresses in the range 204.246.169.XXX
The Kindle queries DNS for pins.amazon.com
and DNS answers with 184.73.176.172

Every 27 seconds:
The Kindle sends a UDP packet to 184.73.176.172

Every 30 minutes:
184.73.176.172 sends a UDP packet to the Kindle

The ports for UDP packets change every hour. The traceroute port 33434 is sometimes, but not always used. The content of the packet is *not* a trace route. I guess it is kind of a keepalive with some Kindle specific information. The Kindle UDP packet always contain the same data. The pins.amazon.com UDP packet data varies.

The UDP packets are possibly encrypted, wireshark doesn't decode the protocol, and at any rate the packet data is not otherwise human readable.

No log was ever sent to amazon, with or without the nolog hack applied.

No other traffic in the capture.

[yifanlu]

Quote:

Originally Posted by PoP

Well I ran a 10 hour long tcpdump capture. My analysis doesn't reveal any realy interesting stuff.

Every hour:
The Kindle queries DNS for dogvgb9ujhyxbx.jfk1.cloudfront.net
and DNS answers with a series of 8 IP addresses in the range 204.246.169.XXX
The Kindle queries DNS for pins.amazon.com
and DNS answers with 184.73.176.172

Every 27 seconds:
The Kindle sends a UDP packet to 184.73.176.172

Every 30 minutes:
184.73.176.172 sends a UDP packet to the Kindle

The ports for UDP packets change every hour. The traceroute port 33434 is sometimes, but not always used. The content of the packet is *not* a trace route. I guess it is kind of a keepalive with some Kindle specific information. The Kindle UDP packet always contain the same data. The pins.amazon.com UDP packet data varies.

The UDP packets are possibly encrypted, wireshark doesn't decode the protocol, and at any rate the packet data is not otherwise human readable.

No log was ever sent to amazon, with or without the nolog hack applied.

No other traffic in the capture.

I'm beginning to think Amazon doesn't send logs all that often. In my tests (1 hour), there are little to no communication. @PoP, make sure you're looking for SSL packets. Amazon encrypts all communications. For a test, choose the "sync" menu option and see what packets are generated. Other connections should look that sync packets. Where did people find that Amazon sends packets, maybe it's changed in K3? Now that I think about it, each log is around 300KB - 1MB large. If Amazon sends these every few hours for millions of Kindles, they would lose ALOT of money because of 3G.

[FF2]

I guess I will wait for someone in the know to translate that into something I can think about.

Sounds like a lot of back and forth. Every 27 seconds and Every 30 minutes...

So something is possibly encoded that conveys data to Amazon?

[PoP]

@yifanlu
1) I agree, logs are too big to be routinely transmitted.
2) Just to confirm, there was no SSL packets when leaving the Kindle idle, only the periodic DNS and UDP I described.
3) A while ago, I did trace externally when you powerup/wakeup/sync the Kindle and have seen the SSL encrypted traffic with the "todo" amazon server. Nothing such here.

@FF2
Yes, something could possibly be encoded and conveyed to Amazon, but it is so small (149 bytes), and it is always the same data from one packet to the other. Definitely no extensive logs for spying on us. I am not going to worry about it.

[yifanlu]

My theory is that amazon CAN spy on you, but are currently NOT doing so. Mainly because of the expense in sending logs all the time. I would guess the logs may be used when you have problems for debugging or something. I've looked in the kindle firmware decompiled source, and there is no function (that I can find) that routinely send logs. But I did not look deeply.

[Poetcop]

In case anyone is still subscribed to this thread, I just posted a new approach to stopping logging on the Kindle Touch that I believe to be safe, as well as an analysis of just what is logged.
https://www.mobileread.com/forums/sho...d.php?t=176972
One nice thing about this approach, in response to what abookreader wrote above, is that you can confirm that it's working by typing ;dm in the search bar, and seeing how no log messages older than 15 minutes are in the results (it stops them from being archived on the device in the first place)

[mergen3107]

Does anyone has tcpdump binary for Kindle?
Can you please share it? Links from the source in post 35 are dead

[mergen3107]

Nevermind, I found a working arm binary here: https://github.com/andrew-d/static-b...ux/arm/tcpdump