Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > E-Book Readers > Amazon Kindle > Kindle Developer's Corner

Notices

Reply
 
Thread Tools Search this Thread
Old 02-12-2020, 02:45 PM   #1
tyTheDev
Junior Member
tyTheDev began at the beginning.
 
Posts: 3
Karma: 10
Join Date: Feb 2020
Device: Kindle PW4
Interesting Ground for a Possible Jailbreak

I found a way to change the contents of the kindle store, and a possible new UYK method. The update may have to be crafted, but I found that by changing the contents of /mnt/us/.active_content_sandbox/store/resource/cachedResources , we can actually get an UYK package to start to sideload, but it will give an error code U007 (invalid signature), followed by U004 (about half of the time, means update missing). Could someone take a look at this?
Also, it's probably pointless unless we get the dev keys on the device using the Kindle store. I was using the 5.6.5 JB as testing in the store, and... it doesn't crash.

Last edited by tyTheDev; 02-12-2020 at 02:47 PM. Reason: EDIT: additional content
tyTheDev is offline   Reply With Quote
Old 02-12-2020, 03:19 PM   #2
knc1
99.44/100% On Holiday
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 17,151
Karma: 18200597
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
Now all you have to do is get Amazon/Lab126 to give you a copy of their private key.
Let us know if you make any progress with that. Once you have that, KindleTool will create a valid package for you.
knc1 is offline   Reply With Quote
Old 02-12-2020, 03:44 PM   #3
tyTheDev
Junior Member
tyTheDev began at the beginning.
 
Posts: 3
Karma: 10
Join Date: Feb 2020
Device: Kindle PW4
Quote:
Originally Posted by knc1 View Post
Now all you have to do is get Amazon/Lab126 to give you a copy of their private key.
Let us know if you make any progress with that. Once you have that, KindleTool will create a valid package for you.
That, or someone could find a way to add a Jailbreak.

Last edited by tyTheDev; 02-12-2020 at 03:48 PM. Reason: idk if what was there was the right term
tyTheDev is offline   Reply With Quote
Old 02-12-2020, 04:55 PM   #4
NiLuJe
BLAM!
NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.
 
NiLuJe's Avatar
 
Posts: 9,832
Karma: 17500002
Join Date: Jun 2010
Location: Paris, France
Device: Kindle 2i, 3g, 4, 5w, (PW) & PW2; Kobo H2O & Forma
Reminder: stuff is sandboxed now, and it also probably doesn't run as root. Also, busybox has been updated, no more tarbombs.

Because pretty much anyone can craft an actual update package (or the various other things that go through a simile of the OTA updater) that goes far enough to throw a U007, nothing fancy required there .

Last edited by NiLuJe; 02-12-2020 at 04:58 PM.
NiLuJe is offline   Reply With Quote
Old 02-13-2020, 07:52 AM   #5
kdusr
Connoisseur
kdusr began at the beginning.
 
kdusr's Avatar
 
Posts: 59
Karma: 10
Join Date: Oct 2016
Location: Mars
Device: KOA, KV, KOA2,PW4
Quote:
Originally Posted by knc1 View Post
Now all you have to do is get Amazon/Lab126 to give you a copy of their private key.
Let us know if you make any progress with that. Once you have that, KindleTool will create a valid package for you.
is that possible to brute force crack the private key with a powerful machine?
kdusr is offline   Reply With Quote
Old 02-13-2020, 12:26 PM   #6
NiLuJe
BLAM!
NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.NiLuJe ought to be getting tired of karma fortunes by now.
 
NiLuJe's Avatar
 
Posts: 9,832
Karma: 17500002
Join Date: Jun 2010
Location: Paris, France
Device: Kindle 2i, 3g, 4, 5w, (PW) & PW2; Kobo H2O & Forma
The shortest one is a 1024bits RSA key. The current one is twice that.

I *think* both of 'em currently lie in the quantum-computer realm of being breakable in human time.
NiLuJe is offline   Reply With Quote
Old 02-13-2020, 01:37 PM   #7
anunay
Member
anunay began at the beginning.
 
Posts: 21
Karma: 10
Join Date: Jan 2017
Device: Kindle KT2
Okay Bruteforce is running, brb with results in about a million years.
anunay is offline   Reply With Quote
Old 02-13-2020, 01:46 PM   #8
Quoth
the rook, bossing Never.
Quoth ought to be getting tired of karma fortunes by now.Quoth ought to be getting tired of karma fortunes by now.Quoth ought to be getting tired of karma fortunes by now.Quoth ought to be getting tired of karma fortunes by now.Quoth ought to be getting tired of karma fortunes by now.Quoth ought to be getting tired of karma fortunes by now.Quoth ought to be getting tired of karma fortunes by now.Quoth ought to be getting tired of karma fortunes by now.Quoth ought to be getting tired of karma fortunes by now.Quoth ought to be getting tired of karma fortunes by now.Quoth ought to be getting tired of karma fortunes by now.
 
Quoth's Avatar
 
Posts: 1,255
Karma: 6807864
Join Date: Jun 2017
Location: Ireland
Device: Both Kinds: epub based makes and Kindle
https://xkcd.com/538/
and
https://www.theregister.co.uk/2020/0...sec_ksk_delay/

See also "evil maid" attacks on laptops owned by important people.
Quoth is offline   Reply With Quote
Old 02-13-2020, 04:47 PM   #9
Junket
Nil adsuetudine maius
Junket ought to be getting tired of karma fortunes by now.Junket ought to be getting tired of karma fortunes by now.Junket ought to be getting tired of karma fortunes by now.Junket ought to be getting tired of karma fortunes by now.Junket ought to be getting tired of karma fortunes by now.Junket ought to be getting tired of karma fortunes by now.Junket ought to be getting tired of karma fortunes by now.Junket ought to be getting tired of karma fortunes by now.Junket ought to be getting tired of karma fortunes by now.Junket ought to be getting tired of karma fortunes by now.Junket ought to be getting tired of karma fortunes by now.
 
Junket's Avatar
 
Posts: 278
Karma: 400000
Join Date: Nov 2019
Location: US
Device: PW4
Quote:
Originally Posted by kdusr View Post
is that possible to brute force crack the private key with a powerful machine

Baring a breakthrough in quantum computing or cryptography, no one is going to be brute forcing 2,048-bit keys anytime soon. Consider that there are hundreds of billions of dollars of bitcoin sitting behind 256-bit keys, and no one is walking off with those yet.

But it's not impossible either. A 1,039-bit integer was factored with the special number field sieve using 400 computers over 11 months back in 2007. Which would be roughly equivalent to breaking a 700-bit RSA key. And targeted attacks like the Logjam attack can seriously compromise key strength in certain scenarios.

Breaking 1,024-bit keys is thought to be within reach, possibly already in hand for the NSA if they have classified knowledge of algorithmic weaknesses. 2,000 qubit quantum computers are now available as well and some think this will lead to exponential gains in computational power.




Last edited by Junket; 02-14-2020 at 02:08 AM. Reason: Should have said that keys are 256 bits, not 128.
Junket is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Troubleshooting after jailbreak, my pw2 auto updated, can I re-jailbreak? duqiaochai Amazon Kindle 12 04-05-2015 08:43 AM
I am sure this is old ground... PathfinderJohn PDF 7 06-28-2011 01:53 AM
Yes, I pick up change off the ground lilac_jive Lounge 43 01-04-2009 10:47 AM
Trying to cover too much ground? Griff Feedback 7 09-08-2003 11:55 AM


All times are GMT -4. The time now is 03:07 AM.


MobileRead.com is a privately owned, operated and funded community.