Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > E-Book Readers > Amazon Kindle > Kindle Developer's Corner

Notices

Reply
 
Thread Tools Search this Thread
Old 12-30-2015, 07:58 AM   #16
knc1
99.44/100% On Holiday
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 16,467
Karma: 17368216
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
Primary kernel.

You want:
Code:
fastboot flash kernel uimage
Then re-boot the device.
I expect it to display the recovery menu and wait for your input.

- - - - -

I got sidetracked yesterday by reading the code to see if it was possible to eliminate the limit on transfer size so we could transfer the rootfs.img with fastboot.
Sorry, I didn't have time to find that in the code.

Lets see a capture file of the device booting into the recovery menu (we might have to tweak the kernel command line in the u-boot environment).

Last edited by knc1; 12-30-2015 at 08:08 AM.
knc1 is offline   Reply With Quote
Old 12-30-2015, 10:01 AM   #17
MadMAXXX
Member
MadMAXXX began at the beginning.
 
Posts: 10
Karma: 10
Join Date: Dec 2015
Device: Kindle Paperwhite 3 (2015)
I were able to flash the kernel attached the Log File.
After Flashing the kernel I did a reboot via Fastboot so I get to a rapair screen. I did a reboot again and was able to get to the recovery menu by pressing ENTER at the right point.

Note:
I always have to restart PuTTY on reboot because of a reading error. So its hard to log from a beginning of a reboot.

Now I also remember that I brick it by erasing the MMC0 (Recovery Menu - 4. Erase MMC0)!
Attached Files
File Type: rar Recovery_Menu.rar (1,001 Bytes, 128 views)
File Type: rar Log_Flashing_uImage.rar (8.6 KB, 128 views)

Last edited by MadMAXXX; 12-30-2015 at 10:04 AM.
MadMAXXX is offline   Reply With Quote
Advert
Old 12-30-2015, 10:15 AM   #18
knc1
99.44/100% On Holiday
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 16,467
Karma: 17368216
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
Super! (en_IBM)
The recovery menu has the 'simple way' to re-install the most recent u-boot, kernel, and 'main' file system image.

(We are still stuck with not having a 'diags' kernel and 'diags' file system image - but we can deal with that later.)

This should do the trick:
Edit: The start-up log of flashing uimage shows that the system has already done the I step. You can start with the export step (E).
  • I - initialize partition table and format FAT
    It doesn't say anything about /var/local - but we know that a 'normal' start-up will re-format that if required.
  • E - export FAT partition
  • Connect Kindle to PC with the normal USB cable.
  • Copy the Amazon update package (just as you downloaded it) to the root (highest level directory shown) of user storage.
  • Safely remove
  • Disconnect USB cable to PC
  • U - update (main) system from file on user storage
  • Reboot
    It should 'just work'.

Again, capture all that you can to a log file.
We are documenting this 'invented' recovery method for future readers.

The other OS - 'diags' - that we will deal with after the above works.

But before dealing with the missing 'diags' we will try to JB the just installed 'main' system over the serial port.

Last edited by knc1; 12-30-2015 at 10:54 AM.
knc1 is offline   Reply With Quote
Old 12-30-2015, 10:35 AM   #19
knc1
99.44/100% On Holiday
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 16,467
Karma: 17368216
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
Re-read above - see the edit entry.

Edit and note to someone with time on their hands:
What we (the Kindle developer's corner) need is a "jail broken" uImage -
I.E: With our developer certificate installed in the initramfs of the uImage file.

I **think** all that fastboot checked above when flashing it was the crc32 of the file.
(Because 'secure boot' is hardcoded as set to "no".)

Then we could use fastboot to install a JB uImage - that could use its recovery menu to install a JB main image file.

Last edited by knc1; 12-30-2015 at 11:16 AM.
knc1 is offline   Reply With Quote
Old 12-30-2015, 11:15 AM   #20
MadMAXXX
Member
MadMAXXX began at the beginning.
 
Posts: 10
Karma: 10
Join Date: Dec 2015
Device: Kindle Paperwhite 3 (2015)
Great success!

The first update package we saw (update_kindle_5.6.5.bin) was the wrong one. So i took a look again and found the german update_kindle_all_new_paperwhite_5.6.5.bin
http://www.amazon.de/gp/help/custome...deId=201756220

Attached the Log of the Recovery.
Attached Files
File Type: rar Log_Recovery.rar (3.3 KB, 98 views)
MadMAXXX is offline   Reply With Quote
Advert
Old 12-30-2015, 11:20 AM   #21
knc1
99.44/100% On Holiday
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 16,467
Karma: 17368216
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
Quote:
Originally Posted by MadMAXXX View Post
Great success!

The first update package we saw (update_kindle_5.6.5.bin) was the wrong one. So i took a look again and found the german update_kindle_all_new_paperwhite_5.6.5.bin
http://www.amazon.de/gp/help/customer/display.html/ref=hp_left_cn?nodeId=201756220

Attached the Log of the Recovery.
That probably explains that 27Mbyte difference in size.
And no harm done, the recovery log shows that it replaced the uImage file that we installed with the correct one.

Note that I had a moderator prefix this thread.

I have also PM someone I think may have a PW-3 'diags' kernel and system image.
Those are both small enough that we can 'fastboot' them into the device when we get them.

I have to get on with my life today - more tomorrow (but you are back to the point where you pushed the wrong button when doing the serial JB).

Edit: Maybe not.
I think that tutorial is written to require the use of 'diags' system.
Give me 24 to think on this problem.

Last edited by knc1; 12-30-2015 at 11:38 AM.
knc1 is offline   Reply With Quote
Old 12-31-2015, 12:11 AM   #22
knc1
99.44/100% On Holiday
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 16,467
Karma: 17368216
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
Comparing GeekMaster's "getkernels" script with the log file information shows that it **should** still work with the PW-3.
https://www.mobileread.com/forums/sho...d.php?t=174674

The diags_kernel.img recovered with that script and a copy of /dev/mmcblk0p2 are the two parts that we still need to finish this job.
knc1 is offline   Reply With Quote
Old 12-31-2015, 06:46 AM   #23
MadMAXXX
Member
MadMAXXX began at the beginning.
 
Posts: 10
Karma: 10
Join Date: Dec 2015
Device: Kindle Paperwhite 3 (2015)
Quote:
Originally Posted by knc1 View Post
Comparing GeekMaster's "getkernels" script with the log file information shows that it **should** still work with the PW-3.
https://www.mobileread.com/forums/sho...d.php?t=174674

The diags_kernel.img recovered with that script and a copy of /dev/mmcblk0p2 are the two parts that we still need to finish this job.
But I cant use the script, because i erased the diags, right?

Last edited by MadMAXXX; 12-31-2015 at 07:55 AM.
MadMAXXX is offline   Reply With Quote
Old 12-31-2015, 08:54 AM   #24
knc1
99.44/100% On Holiday
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 16,467
Karma: 17368216
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
Quote:
Originally Posted by MadMAXXX View Post
But I cant use the script, because i erased the diags, right?
Correct.
We have to find someone with a serial port PW-3 that has not (yet) erased all.

But for the future reader of this thread, that is what will be used.

= = = =

PS: I do have a PW-3, (currently) without a serial port.
If we do not find someone else, I guess I will have to open mine up.

Or

Use the 'diags' kernel and file system from a KT-2 (which I already have open).

Or

I could modify the 'main' uImage file to install the Jailbreak (and probably anything in mrpackages) into the 'main' filesystem.

Note: Such a modified uImage file **would not** be flashed (it would be too big) but it could be loaded into ram and run-once from there.
(u-boot can do that, and I think fastboot can also).

= = = =

Meanwhile, we are on our own.

All we need is a way to remove a single character from the password file (or replace it with a space).
The only 'trick' in that is the 'whatever' has to be able to mount an ext2/ext3 file system.
(A newer version of u-boot might be able to do that. Something else for me to check on.)

= = = = =

Another way -
In u-boot, modify the kernel command line (getenv/setenv) to include:
rdinit=/bin/sh
Then when the (installed) kernel boots, it will jump to the busybox command shell **before** doing any system initialization.

but if you have never initialized a Linux run-time system "by hand from the shell command line" - this probably isn't the time to learn.

= = = = =

Another way -
Since I am supposing we want to (temporarily) modify the kernel command line for a single start up -
Use u-boot getenv/setenv to change that ip=0 into a valid ip address on your home network of your pc -
Then when that kernel starts up, it will mount the file system image physically provided (by a server application) on your PC rather than the one in flash.
(called: netboot(ing) if you want to google that.)

= = = = =

Translation:
Your device isn't dead, this is just a speed bump in the recovery process.

Last edited by knc1; 12-31-2015 at 09:31 AM.
knc1 is offline   Reply With Quote
Old 12-31-2015, 12:10 PM   #25
knc1
99.44/100% On Holiday
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 16,467
Karma: 17368216
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
Phooey.
I did want to own a Kindle that had never been torn open.

device_info.xml (reformatted for this post):
Code:
<!-- Info -->
<DeviceSettingInfo
    SOFTWARE_VERSION="1.1.23.266370"
    CHANGE_NUMBER="018-b5-diags_muscat_wario-266370"
    serialNumber="G090G1xxxxxxxx"
    pcbId="0670209152460FE5" 
    macAddress="747548D044AC"
    manufacturingCode="WS42BKBSQEP0P7FT34B8"
    EINK_PANEL_ID="EE3YBR401G060155GEN60F5051013234A"
    EINK_WAVEFORM="00_11_0028_00_503801_00_6a_000012e4_85"
    EMMC_NUM_BLOCK="7634944"
    EMMC_SIZE="4GB"
    BATTERY_CAPACITY="67"
    BATTERY_LMD="1408"
    Customer_Software_Version="033-juno_6011_muscat_wario-263413"
/>
Now, all I have to do is dig out the 'diags' kernel and system from it.

Edit:
One of the easiest Kindles to open yet.
Some double sided tape top and bottom edges holding the bezel -
Eleven screws and a couple of friction clips holding the MB/Screen assembly in the case -
And its apart.

Edit: (following day)
Darn but those serial port pads are tiny.
Six hours to solder one end of each of 4 wires.
And yes, these are not the first solder connections I have ever made in my life.

Edit: (another day passed)
but those connections work as if they where my first.
just love it when I have to troubleshoot my own handy work.

Last edited by knc1; 01-02-2016 at 01:10 PM.
knc1 is offline   Reply With Quote
Old 01-01-2016, 08:43 AM   #26
knc1
99.44/100% On Holiday
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 16,467
Karma: 17368216
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
JailBreak an uImage file

Here is the basic outline of what needs to happen:
http://www.isysop.com/unpacking-and-...-uimage-files/
There are some considerations to keep in mind while reading that:
  • The directions are written for FreeBSD, not Linux
  • The u-boot used by Amazon/Lab126 is probably too old to handle a mult-file uImage (at least the shipped uImages are single-file).
    Somewhere here I have posted the step-by-step of taking apart a recent Amazon uImage (fw-5.6.1.1 IIRC) and posted the initramfs as an attachment (its GPLv2).
  • In addition to adding the MR signature certificate, we would want to re-code some of the scripting (which is compiled code).
    Drat! Why don't they make this system's stuff simple?
  • The 'recovery menu' IS Linux, so no problem mounting /dev/mmcblk0p1 (or p2, p3, p4)

Anyway, there is a start towards a "Recovery Menu" with a "Jailbreak Main" selection.
(Yes, Virginia, there is a . It will fit, the current image is 2.8Mbyte in the 4.0Mbyte allocated space.)

Translation:
The Amazon/Lab126 kernel **SHOULD** be re-usable with a customized initramfs WITHOUT re-compiling.

Last edited by knc1; 01-01-2016 at 09:13 AM.
knc1 is offline   Reply With Quote
Old 01-02-2016, 10:47 AM   #27
nigredo
Member
nigredo began at the beginning.
 
nigredo's Avatar
 
Posts: 18
Karma: 10
Join Date: Dec 2015
Location: italy
Device: k4nt, voyage
maybe will be useful...

hi knc1,
I managed to extract the initramfs from the last uImage shipped in the 5.6.5 update (voyage).
Update: the uImage for the pw3 is the same...

P.S. I made a python script for it, it complains extracting the gzipped image and the cpio too seems not very good, but this uImage format is very old...
Attached Files
File Type: gz initramfs-3.0.35-lab126.tar.gz (559.0 KB, 79 views)
File Type: gz unpack_uImage.py.gz (882 Bytes, 75 views)

Last edited by nigredo; 01-02-2016 at 12:44 PM.
nigredo is offline   Reply With Quote
Old 01-02-2016, 01:08 PM   #28
knc1
99.44/100% On Holiday
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 16,467
Karma: 17368216
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
Thanks.
Maybe we can find some more people interested in helping.
knc1 is offline   Reply With Quote
Old 01-02-2016, 02:04 PM   #29
nigredo
Member
nigredo began at the beginning.
 
nigredo's Avatar
 
Posts: 18
Karma: 10
Join Date: Dec 2015
Location: italy
Device: k4nt, voyage
I'll be in the fight

hi knc1,
I'll be in the fight if possible, somehow trashed the serial jailbreak chance (ripped off the tx line... ), so now only with software...

Already searched the main partition for some trick, and will continue. Discover how to get the usb downloader mode would be great too, perhaps I'll open the voyage again for this.

I think possible lab26 used the sense pin of the usb port, reading the datasheet it is clear that only a external device could tie the boot pin in the proper state at reset.

Or there is a retriggerable monostable multivibrator secured by a watchdog issued by software. If so a way to freeze the kindle could give way.
nigredo is offline   Reply With Quote
Old 01-02-2016, 03:03 PM   #30
knc1
99.44/100% On Holiday
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 16,467
Karma: 17368216
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
There is that pad outline of a non-supplied switch that is labeled: USB Boot.
I haven't had a chance to play with that.

Look at the photos in (I forget) either my KT2 or PW3 threads for the few details I know about that.
(Should be the same on the KV)

The other two switch outline pads have been tested and they do just as labeled.
knc1 is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
PW3 - First Look knc1 Kindle Developer's Corner 23 02-03-2018 06:54 PM
PW1 vs PW3 apastuszak Amazon Kindle 8 12-10-2015 06:51 PM
Duokan on PW3? Feitosa Amazon Kindle 8 07-30-2015 11:34 AM
Firmware Update Firmware of PW3 Grey Ram Amazon Kindle 5 07-10-2015 04:25 PM
Need help to unbrick KV dhfmd Kindle Developer's Corner 5 03-04-2015 04:58 PM


All times are GMT -4. The time now is 09:18 PM.


MobileRead.com is a privately owned, operated and funded community.