Paperwhite 2: jailbreak!

[yossarian17]

I am pleased to announce that we have a software jailbreak for the Paperwhite 2. No cables required and no need to open the device.

NOTE: THIS SCRIPT IS FOR HACKERS. IF YOU DON'T UNDERSTAND WHAT YOU ARE DOING DON'T USE IT AND USE THE K5+PW1+PW2 JAILBREAK INSTEAD.

The script in the attachment installs a jailbreak script in the kindle user directory. The jailbreak script will be run automatically after the kindle is ejected.

This script must be run in a terminal on a linux system. If you don't have a linux installed you could use a live cd (Ubuntu, Knoppix, etc.)

The script can be used for three different types of jailbreak:

1) open a root shell on the kindle
2) run an arbitrary user script
3) install the K5+PW1+PW2 jailbreak by NiLuJe

The root shell jailbreak is the safest mode since it doesn't change anything on the kindle (but it gives you enough rope to shoot yourself in the foot).

The old Paperwhite1 jailbreak doesn't work out of the on the Paperwhite2, you should use the jailbreak package for K5+PW1+PW2 by NiLuJe.

This jailbreak should work also on the Paperwhite1, even with firmware versions where the previous kpw_jb.zip is no more working.

See the README for more information.

UPDATE: new version 1.1 which uses the jailbreak package by NiLuJe.

[NiLuJe]

Yup, appears to work on 5.3.9, too... .

Will look into it a bit more tomorrow, I don't think we even need to bother with the waiting for it to run...

[knc1]

The JB script accesses the PW1 jailbreak file using an attachment ID.

That is, in general, a bad thing to do.
Because if that attachment file is ever updated or ever re-uploaded, its attachment ID will change and the script will break.

This version of the script should really be pulled until a stable URL for the PW1 jailbreak file can be used in it.

[NiLuJe]

I'll push an updated bridge tomorrow, the PW1 stuff is missing a step to be useful on the PW2 .

In the meantime, pinpointed the vector: it was staring us right in the face.... >_<"
Bold move, I'd never have assumed that we could even exploit that .

Congrats again ;-).

[eureka]

Yeah, congratulations! (Didn't test it, though, I don't have PW2013.)

God, I was like "I don't know at all how it allows to execute arbitrary user programs. Where in provided script it does the magic?" for some ashaming minutes. Script isn't pointing to jaibreak method directly, so I got lost in its structure. Then I found "the magic" and felt Zen. Uhm-m-m-m... Can't say a word. Great work!

[ixtab]

OMFG, this is AWESOME!!!

Great work, nice method And yeah,@eureka, it also took me a few minutes to understand how it really works.

I suggest two things:
- a bugfix in the script: use "wget -O " instead of plain wget. Otherwise wget will download the file as 'attachment.php?...', at least here. And FWIW, you can use http://ixtab.tk/kpw_jb.zip as a stable URL.
- a simple zip file compatible with windows users, which would include only the update* and jb.sh, and a modified README.txt with Windows Line breaks.

Congratulations again!

[mallums]

How soon to a naive user-grade JB? I may try it on my nifty new PW2-2013 US 3G model, now, but I may chicken out and wait for a self-contained version, if one is possible. How confident are we that the PW1 JB script-stuff will work on PW2? What PW2 compatible apps are already available?

I'm mostly attracted to user fonts for the PW2.

[ixtab]

Quote:

Originally Posted by mallums

How soon to a naive user-grade JB? I may try it on my nifty new PW2-2013 US 3G model, now, but I may chicken out and wait for a self-contained version, if one is possible.

Try this.

Quote:

How confident are we that the PW1 JB script-stuff will work on PW2? What PW2 compatible apps are already available?

Pretty confident. Most of the stuff has already been tested internally and seems to work. You may still have to wait for a couple of weeks for the installers to be updated, and for a few other tools to be updated to support the PW2. But it should be picking up momentum now that the door is open.

Quote:

I'm mostly attracted to user fonts for the PW2.

Hmm... no idea about that.

[mallums]

Well, I bit the bullet, and ran the PW1 {PW2 JB option 3} jailbreak. Note: I had already updated to 5.4.2!

The script ran, but I am not sure if anything actually happened. There exists a file on the home screen named jb-sh. Looking in it, I see a line:

/mnt/us/jailbreak.sh: line 409: /mnt/us/jailbreak.sh: Permission denied

Any thoughts?

[ixtab]

Quote:

Originally Posted by mallums

Well, I bit the bullet, and ran the PW1 jailbreak. Note: I had already updated to 5.4.2!

The script ran, but I am not sure if anything actually happened. There exists a file on the home screen named jb-sh. Looking in it, I see a line:

/mnt/us/jailbreak.sh: line 409: /mnt/us/jailbreak.sh: Permission denied

Any thoughts?

Hmmm... interesting. No idea what this is about, check the files and see what's going on in there and what could be causing it. Maybe it's as simple as replacing "${FILE_SELF} forked &" by "/bin/sh ${FILE_SELF} forked &" in jailbreak.sh, so try that.

I have to run to work now, so maybe someone else can jump in if that doesn't work. In any case, it's working in principle, so it will only be a matter of hours or at most days now until everything will run smoothly.

EDIT: Or rather, replace "sh /mnt/us/jailbreak.sh" in jb.sh by "sh /mnt/us/jailbreak.sh forked"

[ghostkid]

congratulation！nice work, You are great！

[CrazyCoder]

Quote:

Originally Posted by ixtab

EDIT: Or rather, replace "sh /mnt/us/jailbreak.sh" in jb.sh by "sh /mnt/us/jailbreak.sh forked"

It worked!

[mallums]

Quote:

Originally Posted by ixtab

Hmmm... interesting. No idea what this is about, check the files and see what's going on in there and what could be causing it. Maybe it's as simple as replacing "${FILE_SELF} forked &" by "/bin/sh ${FILE_SELF} forked &" in jailbreak.sh, so try that.

I have to run to work now, so maybe someone else can jump in if that doesn't work. In any case, it's working in principle, so it will only be a matter of hours or at most days now until everything will run smoothly.

EDIT: Or rather, replace "sh /mnt/us/jailbreak.sh" in jb.sh by "sh /mnt/us/jailbreak.sh forked"

Your version ran with that one change made.

I got jailbreak splash and some diagnostic comments over the splash, then the message: "Removing obsolete files" under the "CLEANING UP". It hung at that point. I waited ten minutes, then pressed the sleep button. The kindle immediately flashed the "JAILBREAK SUCEEDED" and went to sleep. Woke up normally, with standard jailbreak log, and jb-sh. I will post them in a minute.

I think the shell script jb.sh needs another tweak or two, and then Bob will be your uncle.

[dsmid]

Congratulations.
However this seems to be quite easy to fix for Lab126. Maybe you should have waited for a full update before making it public.

EDIT: 5.4.2 actually is a full update ! Nice timing

[mallums]

Here are my log files.

Note: This was on the new 5.4.2 FW, so good news there!
Note 2: The JB script left jb.sh on the root directory of the Kindle; should I look for other files left behind, and delete those?


So. Am I jailbroken, or not? jb-sh.txt seems to indicate a problem with the dev certs.