Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > E-Book Readers > Amazon Kindle > Kindle Developer's Corner

Notices

Reply
 
Thread Tools Search this Thread
Old 03-23-2021, 02:12 PM   #91
tryol
Warm Lighting Enthusiast
tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.
 
tryol's Avatar
 
Posts: 89
Karma: 754120
Join Date: Dec 2020
Device: Kindle Oasis 3 (jailbroken)
Anybody with a non-jailbroken device between 5.11.1-5.13.3? I'd need one last test before publishing the thread. No risks of harming your device, I promise.

Please PM if you can help!

Edit: No need anymore!

Last edited by tryol; 03-23-2021 at 03:38 PM.
tryol is offline   Reply With Quote
Old 03-23-2021, 03:35 PM   #92
hius07
Guru
hius07 ought to be getting tired of karma fortunes by now.hius07 ought to be getting tired of karma fortunes by now.hius07 ought to be getting tired of karma fortunes by now.hius07 ought to be getting tired of karma fortunes by now.hius07 ought to be getting tired of karma fortunes by now.hius07 ought to be getting tired of karma fortunes by now.hius07 ought to be getting tired of karma fortunes by now.hius07 ought to be getting tired of karma fortunes by now.hius07 ought to be getting tired of karma fortunes by now.hius07 ought to be getting tired of karma fortunes by now.hius07 ought to be getting tired of karma fortunes by now.
 
Posts: 812
Karma: 2700075
Join Date: Sep 2014
Location: Ukraine
Device: Kindle PW2, PW3
One more version missed in the table: the latest 5.12.2.1.1 exclusive for PW2, KT2.
hius07 is offline   Reply With Quote
Old 03-23-2021, 03:38 PM   #93
tryol
Warm Lighting Enthusiast
tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.
 
tryol's Avatar
 
Posts: 89
Karma: 754120
Join Date: Dec 2020
Device: Kindle Oasis 3 (jailbroken)
Quote:
Originally Posted by hius07 View Post
One more version missed in the table: the latest 5.12.2.1.1 exclusive for PW2, KT2.
I added it to the list, ty!
tryol is offline   Reply With Quote
Old 03-23-2021, 05:03 PM   #94
tryol
Warm Lighting Enthusiast
tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.
 
tryol's Avatar
 
Posts: 89
Karma: 754120
Join Date: Dec 2020
Device: Kindle Oasis 3 (jailbroken)
Thanks to j.p.s, I found out that 5.10.3 also belongs to this first firmware group, meaning that instead of 5.11.1, now 5.10.3 is the lowest supported version.
My script that downloads and analyses the different firmware versions didn't download that version for some reason, but after I manually did, it categorized it in the first group. It's already been tested and confirmed to be working.

Now if I can fix up the jailbreak code, (which I was told is semi-outdated even though it worked for every version we've tested it on) I'll make the thread.

Last edited by tryol; 03-23-2021 at 05:32 PM. Reason: 5.12.2.1.1 is getting tested soon, removed it.
tryol is offline   Reply With Quote
Old 03-23-2021, 06:13 PM   #95
melksnor
Goodest E-Reader
melksnor ought to be getting tired of karma fortunes by now.melksnor ought to be getting tired of karma fortunes by now.melksnor ought to be getting tired of karma fortunes by now.melksnor ought to be getting tired of karma fortunes by now.melksnor ought to be getting tired of karma fortunes by now.melksnor ought to be getting tired of karma fortunes by now.melksnor ought to be getting tired of karma fortunes by now.melksnor ought to be getting tired of karma fortunes by now.melksnor ought to be getting tired of karma fortunes by now.melksnor ought to be getting tired of karma fortunes by now.melksnor ought to be getting tired of karma fortunes by now.
 
melksnor's Avatar
 
Posts: 61
Karma: 300094
Join Date: Jul 2007
Device: PRS 500 / Kindle 5th / Kindle PW4
Quote:
Originally Posted by tryol View Post
This looks promising, maybe finally a way to jailbreak KOA3?!
I hope somebody'll be able to make make some kind of an ultimate jailbreak ebook / image!
You came a long way! Will you have some snazzy name for the new jail break?
melksnor is offline   Reply With Quote
Old 03-23-2021, 06:25 PM   #96
tryol
Warm Lighting Enthusiast
tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.
 
tryol's Avatar
 
Posts: 89
Karma: 754120
Join Date: Dec 2020
Device: Kindle Oasis 3 (jailbroken)
Quote:
Originally Posted by melksnor View Post
You came a long way! Will you have some snazzy name for the new jail break?
I've been referring to it as KindleBreak, which is a big name considering that it's only of the 10s of jailbreak methods, but since almost all the devices are supported, I think it's fair.

I'm not really attached to it so I'm open to ideas. KindleBreak will remain as a project name either way because I'm not planning on touching the shellcode - which has references to the name - ever again.

Edit: Welp, seems like everything is finalized now, including the name.

Last edited by tryol; 03-23-2021 at 09:07 PM.
tryol is offline   Reply With Quote
Old 03-24-2021, 12:01 AM   #97
jp12323
Member
jp12323 began at the beginning.
 
Posts: 15
Karma: 10
Join Date: Jul 2018
Device: Kindle Oasis 2 (Jailbroken)
Quote:
Originally Posted by tryol View Post
I'm not sure what I'd write about because Yogev Bar-On's Medium post in the OP already explains how the exploit works. It only took this long to make because of my inexperience.

75% of the time I've spent on making this was basically studying stuff I didn't know. I had to learn IDA and Ghidra to reverse engineer the binaries/libraries. I had to deepen my knowledge on memory management. I also learned how to write shellcodes on different CPUs, how ELF files work, etc.

The other 25% was spent on reproducing what Yogev documented, and figuring out some of the details in the places where they - probably intentionally - left some things out.
I had a feeling that the researchers left some details out of the article, probably at Amazon's request.

I know how long it takes to just do one part of what you did (the reversing/ida part, especially if you don't know which version of the libs to reverse). But you took the time to learn about reverse engineering, elf files, writing shell code, and the overall JPEG XR reference code. Major props

Appreciate all the time and effort you put into this
jp12323 is offline   Reply With Quote
Old 03-24-2021, 09:49 AM   #98
tryol
Warm Lighting Enthusiast
tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.
 
tryol's Avatar
 
Posts: 89
Karma: 754120
Join Date: Dec 2020
Device: Kindle Oasis 3 (jailbroken)
Quote:
Originally Posted by jp12323 View Post
I had a feeling that the researchers left some details out of the article, probably at Amazon's request.

I know how long it takes to just do one part of what you did (the reversing/ida part, especially if you don't know which version of the libs to reverse). But you took the time to learn about reverse engineering, elf files, writing shell code, and the overall JPEG XR reference code. Major props

Appreciate all the time and effort you put into this
The reverse engineering part was the hardest by far. I expected the shellcode to be the most difficult but it's actually pretty easy if you have basic assembly knowledge.

The thread is up now!

I'd like to thank everybody here who helped with this. All the testers and people who contributed with tips and suggestions, you are the best!
tryol is offline   Reply With Quote
Old 03-24-2021, 10:44 AM   #99
hius07
Guru
hius07 ought to be getting tired of karma fortunes by now.hius07 ought to be getting tired of karma fortunes by now.hius07 ought to be getting tired of karma fortunes by now.hius07 ought to be getting tired of karma fortunes by now.hius07 ought to be getting tired of karma fortunes by now.hius07 ought to be getting tired of karma fortunes by now.hius07 ought to be getting tired of karma fortunes by now.hius07 ought to be getting tired of karma fortunes by now.hius07 ought to be getting tired of karma fortunes by now.hius07 ought to be getting tired of karma fortunes by now.hius07 ought to be getting tired of karma fortunes by now.
 
Posts: 812
Karma: 2700075
Join Date: Sep 2014
Location: Ukraine
Device: Kindle PW2, PW3
Thank you very much!
hius07 is offline   Reply With Quote
Old 03-25-2021, 11:21 PM   #100
katadelos
rm -rf /
katadelos rocks like Gibraltar!katadelos rocks like Gibraltar!katadelos rocks like Gibraltar!katadelos rocks like Gibraltar!katadelos rocks like Gibraltar!katadelos rocks like Gibraltar!katadelos rocks like Gibraltar!katadelos rocks like Gibraltar!katadelos rocks like Gibraltar!katadelos rocks like Gibraltar!katadelos rocks like Gibraltar!
 
Posts: 29
Karma: 100532
Join Date: Nov 2019
Location: United Kingdom
Device: K5, KT, KT2, PW3
Quote:
Originally Posted by tryol View Post
I've ran the script, rebooted, checked that both binaries are renamed and they have no processes running.

I put the update file to usb-root, the update kindle button was still grayed out.
I restarted my device and it updated itself to 5.12.4 again succesfully, so it seems like those binaries don't block updates.

Also, I answered your a PM if you didn't notice.
This behaviour is caused by recovery-util, a binary within the initramfs of stock kernels. As you've noticed, it's capable of acting as a secondary update mechanism even when the main OTA update binaries have been removed or otherwise disabled.

The nuclear option of dealing with it is to build your own kernel from the kernel sources - IIRC this doesn't have an noticeable impact on the boot process because the initramfs is optional in the first place and U-Boot passes the rootfs partition to the kernel as part of the command line parameters.

That said, recovery-util can be useful for bootstrapping a borked kindle if you have serial access so it might be worth leaving it in place and using some form of iptables based DNS blocking instead.
katadelos is offline   Reply With Quote
Old 03-26-2021, 09:37 AM   #101
tryol
Warm Lighting Enthusiast
tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.tryol ought to be getting tired of karma fortunes by now.
 
tryol's Avatar
 
Posts: 89
Karma: 754120
Join Date: Dec 2020
Device: Kindle Oasis 3 (jailbroken)
Quote:
Originally Posted by katadelos View Post
This behaviour is caused by recovery-util, a binary within the initramfs of stock kernels. As you've noticed, it's capable of acting as a secondary update mechanism even when the main OTA update binaries have been removed or otherwise disabled.

The nuclear option of dealing with it is to build your own kernel from the kernel sources - IIRC this doesn't have an noticeable impact on the boot process because the initramfs is optional in the first place and U-Boot passes the rootfs partition to the kernel as part of the command line parameters.

That said, recovery-util can be useful for bootstrapping a borked kindle if you have serial access so it might be worth leaving it in place and using some form of iptables based DNS blocking instead.
That explains things, thanks for your insight! I don't think I want to go that far, I'll just check the OTA binaries and make sure that they really are the only way for amazon to download updates.
tryol is offline   Reply With Quote
Old 03-26-2021, 12:58 PM   #102
j.p.s
Wizard
j.p.s ought to be getting tired of karma fortunes by now.j.p.s ought to be getting tired of karma fortunes by now.j.p.s ought to be getting tired of karma fortunes by now.j.p.s ought to be getting tired of karma fortunes by now.j.p.s ought to be getting tired of karma fortunes by now.j.p.s ought to be getting tired of karma fortunes by now.j.p.s ought to be getting tired of karma fortunes by now.j.p.s ought to be getting tired of karma fortunes by now.j.p.s ought to be getting tired of karma fortunes by now.j.p.s ought to be getting tired of karma fortunes by now.j.p.s ought to be getting tired of karma fortunes by now.
 
Posts: 3,492
Karma: 62027651
Join Date: Apr 2011
Device: pb360
Quote:
Originally Posted by ilovejedd View Post
I think the last 5.10 (works with update.bin.tmp.partial folder blocker), last 5.11 (works with /var/local/system/SKIP_UPDATE_CHECK file) then going straight to 5.13.3 and skipping 5.12 would be the best options to support.
Why is 5.13.3 less bad than 5.12.x WRT unwanted FW updates?
j.p.s is online now   Reply With Quote
Old 03-26-2021, 06:52 PM   #103
ilovejedd
hopeless n00b
ilovejedd ought to be getting tired of karma fortunes by now.ilovejedd ought to be getting tired of karma fortunes by now.ilovejedd ought to be getting tired of karma fortunes by now.ilovejedd ought to be getting tired of karma fortunes by now.ilovejedd ought to be getting tired of karma fortunes by now.ilovejedd ought to be getting tired of karma fortunes by now.ilovejedd ought to be getting tired of karma fortunes by now.ilovejedd ought to be getting tired of karma fortunes by now.ilovejedd ought to be getting tired of karma fortunes by now.ilovejedd ought to be getting tired of karma fortunes by now.ilovejedd ought to be getting tired of karma fortunes by now.
 
ilovejedd's Avatar
 
Posts: 4,995
Karma: 19580408
Join Date: Jan 2009
Location: in the middle of nowhere
Device: PW4, PW3, Libra H2O, iPad 9.7, iPad 10.5, iPad 12.9
Quote:
Originally Posted by j.p.s View Post
Why is 5.13.3 less bad than 5.12.x WRT unwanted FW updates?
Not less bad. OTA update issues are the same on either.

Just less work to do just in case the offsets are different for each firmware version and tryol had to check compatibility one-by-one.
ilovejedd is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Email address for Kindle ayjay3 Amazon Kindle 2 07-05-2020 04:33 AM
Adding a shortcut to [Send via email to my Kindle email address]? jteodoro Calibre 7 04-30-2020 10:55 AM
Have US address but no US issued credit card: Buy from Kindle Store? khazaddum Amazon Kindle 6 12-23-2013 10:19 PM
Sending to kindle email address cagey1953 Devices 1 11-28-2012 03:11 AM


All times are GMT -4. The time now is 12:28 PM.


MobileRead.com is a privately owned, operated and funded community.