KPW2 - 5.6.1.0.6 - Rooting/Jailbreaking

[raz572]

Hello, everyone!

I'm in the process of performing a hardware mod on the latest KPW2, purchased last week. I plan on rooting and jailbreak it, and I wanted to detail my progress here.

There has been a decent amount of information available, particularly from knc1, who I admire greatly for his or her hard work. I've been reading about the threads located here as well as here and definitely here and here too.

FYI, I will be using a MicroFTX RS232 to MicroUSB breakout available from http://jim.sh/ftx, ordered in configuration #3, which will allow 1.8v, unlike other boards which go ~3.3v.

Progress will be posted shortly.

[eschwartz]

Welcome!

[raz572]

Update 1
Here is the proposed plan. If there are any criticisms, please let me know, because I won't get the USB board until Tuesday.



(Original picture, with more detail, is here)

[knc1]

Nit:
Rotate the picture 180 degrees, so bottom edge of main board is on the bottom rather than the top.

- - - -

But a nice start, you might want to add a link to the post with the picture to the "hardware" prefix index, serial port section.

That setup will work with all Kindle models since (and including) the K4.
Only the pad location changes with each board.

[raz572]

Pictures have been updated and picture posted to hardware prefix index/serial port section.

[raz572]

Update 2

Preparations are well underway! I purchased three colors of wirewrap (no particular reason), the USB board is already here, and we'll be soldering soon. I get home from work when it's fairly dark, unfortunately.

Before that, I've been thinking how to make this more permanent. So, here's my solution:



(Original picture located here)

[loco]

applause for your efforts man

two thumbs up

[raz572]

Update 3

Okay. We're soldered and ready to go!

The first thing I did was grab the PW2's Serial Number (top right - device info). Hopefully that will work. Then, I went to https://www.sven.de/kindle/# and entered my PW2's Serial Number and got a few root passwords.

I then went to install the FTDI drivers for W8.1 x64. Then, I went to device manager and set COM3 (the USB Serial Adapter) to 115000, 8 Bits, 2 Stop Bits, No Parity or Flow Control. I did the same thing with Putty, saved it as a preset, then opened a connection and booted it up.

I should be able to reboot now, stop the boot, and try to see if one of the root passwords worked.

[NiLuJe]

Use a KindleTool snapshot for the passwords, the web tool doesn't handle Wario devices (i.e, >= PW2).

Alternatively, I'm fairly sure someone posted a Python snippet in one of the serial JB thread.

[raz572]

Update 4

Thanks to NiluJe, I have identified the easiest way to get a root password. The web script linked does not work, however this does:

1) Download Python 2.7
2) Navigate there with a command prompt
3) Run Python
4) Type the following:

import hashlib

then:

Code:

print("fiona%s"%hashlib.md5("YOURSERIALNOSPACES\n".encode('utf-8')).hexdigest()[13:16])

(if you see spaces above, take them out... I think it's the forum adding them in when I do a \n)

What you want to do next is restart the PW2, stop uboot by spamming keys, then going into diagnostics mode by typing bootm 0xE41000

Once you're there, look for Exit, Reboot or Disable Diags (D). If I recall, you'll want to exit to login screen. Finally, enter 'root' and your password from above, which will start with fiona. You have root now!

The next steps will be manipulating the filesystem and preparing the PW2 for jailbreaking.

[raz572]

Update 5

Here's what I did after logging in:

mount /dev/mmcblk0p1 /mnt/mmc
cd /mnt/mmc

echo 'raz572::0:0:raz572:/tmp/root:/bin/sh' >>etc/passwd
echo 'raz572:*:15826:0:99999:7:::' >>etc/shadow
echo 'raz572:*:15826:0:99999:7:::' >>etc/shadow-

cat etc/passwd
cat etc/shadow
cat etc/shadow-

Then, I restarted (power button on the bottom). Once booting finished, I did a whoami. It shows me as root. I did an 'exit' and logged in as raz572. I'm root again, in standard mode.

Success! It looks like I'm root in standard mode, so I think we're good to go for jailbreaking.

[raz572]

Update 6

Jailbreak achieved! This is pretty easy:

1) Go to https://www.mobileread.com/forums/sho...d.php?t=186645, download, and unpack on computer
2) Plug PW2 into computer and move all files from zip in #1 to root directory. Unplug PW2.
3) Login as the user in Update 5 in regular mode
4) Navigate to /mnt/us and run sh jb.sh. You should see JAILBREAK on the bottom of your screen!
5) Reboot PW2. You should have jailbreak now!

[raz572]

Update 7
Now for some packages... but first,
IMPORTANT NOTES
From this point forward, you can get packages of two types: bin files, and KUAL files.

Bin files will go into the MRPackages folder (as indicated below). Load these one at a time. Otherwise, KUAL files will go into extensions as a separate folder.

Remember to pay attention to which is which!

Packages BEGIN

1) KUAL - Drop into Documents through USB
2) KUALHelper - Drop into root
3) MRInstaller from http://www.mobileread.mobi/forums/sh...d.php?t=251143 - Drop into root
4) Run the JB through MRInstaller by dropping the JB bin into MRPackages, just in case
5) USBNetwork - Drop into MRPackages and install

That's all I've gotten for now. Looking for more cool stuff now.

[raz572]

Update 8

More cool packages:

1) Collections Manager
2) Calibre/Kindle Collections
3) BackdoorLock
4) K5 Rescue
5) PW2 Coward's Rescue Pack
6) Duokan 2014 Nope. Not working. Can't get this one to install no matter what I do.

and the final, probably my favorite one

7) KO Reader

[knc1]

Note:
1) - It will not work on 5.6.x series firmware until someone updates it for that series.
See the Librarian/LibrarianSync thread instead.

6) - Don't even try.
Duokan will not install with **our** jailbreak present - and they haven't stolen and update one of ours for manual installation of the Duokan JB.

It is also unlikely to run unless they specifically state they have a release for 5.6.x series firmware.
It might not run even if they claim it will.