Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > E-Book Readers > Amazon Kindle > Kindle Developer's Corner

Notices

Reply
 
Thread Tools Search this Thread
Old 04-02-2022, 03:56 PM   #1
katadelos
rm -rf /
katadelos ought to be getting tired of karma fortunes by now.katadelos ought to be getting tired of karma fortunes by now.katadelos ought to be getting tired of karma fortunes by now.katadelos ought to be getting tired of karma fortunes by now.katadelos ought to be getting tired of karma fortunes by now.katadelos ought to be getting tired of karma fortunes by now.katadelos ought to be getting tired of karma fortunes by now.katadelos ought to be getting tired of karma fortunes by now.katadelos ought to be getting tired of karma fortunes by now.katadelos ought to be getting tired of karma fortunes by now.katadelos ought to be getting tired of karma fortunes by now.
 
Posts: 219
Karma: 3333683
Join Date: Nov 2019
Location: United Kingdom
Device: K5, KT, KT2, KT3, KT4, KV, PW2, PW3, PW4, PW5
WatchThis - Software Jailbreak for any Kindle <= 5.14.2

AKA CVE-2022-23224, CVE-2022-23225, CVE-2022-23226 - full writeup with technical details to be released after 5.14.3 has been widely rolled out.

Thank you to NiLuJe, yparitcher and darkassassinua for adding KOReader support for PW5, repackaging all of the hacks and testing this jailbreak

This vulnerability is released in good faith and in the hope that other security researchers will utilise the access that it provides to assist Amazon/Lab126 in improving their security posture.

If you're concerned about the security of your device and do not wish to jailbreak, install firmware version 5.14.3 from this link - I've been working with Amazon to create a fix and can confirm that this version has been hardened against this vulnerability.

Additional thanks to everyone at Amazon/Lab126 who contributed towards this .

Finally, I encourage Amazon/Lab126 to provide a method of unlocking their devices that doesn't involve the need of a 0-day, both for security researchers and for technical users who are interested in modifying their devices. We know that your employees lurk here, use tools that we've created internally and that our ideas have been implemented by you more than once, so help us help you - I promise that we don't bite

Device Compatibility
Spoiler:

This jailbreak is compatible with Kindle devices running the following firmware versions:

KT3, KT4, KOA1, KOA2, KOA3, PW3, PW4, PW5:
5.14.2
5.14.1 (5.14.1.1 on PW5)
5.13.7
5.13.6
5.13.5
5.13.4

KV:
5.13.6
5.13.5
5.13.4

KT2, PW2:
5.12.2.2

You must use the exploit payload that matches your device/firmware combination exactly.


Download Link
watchthis-jailbreak-r03.zip


Installation
Please ensure that you have read the entirety of the instructions before proceeding.

Setup
  1. Factory reset the device. Make sure to use the "en_GB" or "English (United Kingdom)" locale when setting the language.
  2. Type ;enter_demo in the Kindle search bar after performing a factory reset
  3. Reboot the device
  4. Once in demo mode, skip setting up wifi and enter dummy values for store registration when prompted.
  5. Skip searching for a demo payload
  6. Select the "standard" demo type
  7. Press "Done" at the prompt to sideload content. Do not sideload the jailbreak at this stage.
  8. Once the demo is setup, skip the misconfiguration lockout using the "secret gesture" (double finger tap on bottom right of screen then swipe left)
  9. Enter the demo configuration menu by typing ;demo into the search bar
  10. Select the "Sideload Content" option

Jailbreak
  1. Connect the device to a PC and:
  2. Create the directory .demo at the root of the Kindle storage
  3. Copy ${YOUR_DEVICE}-${YOUR_FW_VERSION}.zip to .demo/
  4. Copy demo.json to .demo/
  5. Create an empty folder at .demo/goodreads. Do not put any files in this folder.
  6. Press "Done" at the prompt to install the jailbreak script
  7. Exit the demo menu and either enter ;dsts or swipe down and select the settings icon to enter the device settings menu
  8. If an application error occurs, hard reboot the device by holding the power button, enter the demo menu again and select Sideload Content -> Done once more without connecting to USB
  9. Select "Help & User Guides" then "Get started"
  10. If jailbreaking KT2 or PW2, select the store button instead
  11. The device will reboot
  12. The jailbreak script will run during the next boot

Post Jailbreak
  1. After the device has rebooted, type ;uzb into the search bar
  2. Connect the device to a PC and copy Update_hotfix_watchthis_custom.bin to the root of the Kindle storage
  3. Eject the device and either enter ;dsts or swipe down and select the settings icon to enter the device settings menu
  4. Select Update Your Kindle to install the custom hotfix
  5. This will take your device out of demo mode, rebuild the application registry and clean up unneeded jailbreak files.

Troubleshooting
  • Alternative Demo Mode entry method:
    • Create an empty file named DONT_CHECK_BATTERY at the root of the Kindle USB storage
    • Activate demo mode by typing ;demo into the search bar
    • Once in demo mode, skip setting up wifi and enter dummy values for store registration when prompted
  • If you need to reset your device whilst in Demo Mode, enter ;uzb in the search bar to enable USB storage mode then create an empty file named "DO_FACTORY_RESTORE" at the root of the Kindle storage. Once this has been created, reboot the device.
  • Video demonstration of secret gesture


You should now have a freshly jailbroken Kindle
Attached Thumbnails
Click image for larger version

Name:	9IsoRLg.jpg
Views:	31714
Size:	493.8 KB
ID:	193052   Click image for larger version

Name:	out.jpg
Views:	25283
Size:	404.4 KB
ID:	193491  

Last edited by katadelos; 12-03-2022 at 10:48 AM. Reason: Some people...
katadelos is offline   Reply With Quote
Old 04-02-2022, 06:51 PM   #2
darkassassinua
Kindle priest
darkassassinua is faster than a rolling 'o,' stronger than silent 'e,' and leaps capital 'T' in a single bound!darkassassinua is faster than a rolling 'o,' stronger than silent 'e,' and leaps capital 'T' in a single bound!darkassassinua is faster than a rolling 'o,' stronger than silent 'e,' and leaps capital 'T' in a single bound!darkassassinua is faster than a rolling 'o,' stronger than silent 'e,' and leaps capital 'T' in a single bound!darkassassinua is faster than a rolling 'o,' stronger than silent 'e,' and leaps capital 'T' in a single bound!darkassassinua is faster than a rolling 'o,' stronger than silent 'e,' and leaps capital 'T' in a single bound!darkassassinua is faster than a rolling 'o,' stronger than silent 'e,' and leaps capital 'T' in a single bound!darkassassinua is faster than a rolling 'o,' stronger than silent 'e,' and leaps capital 'T' in a single bound!darkassassinua is faster than a rolling 'o,' stronger than silent 'e,' and leaps capital 'T' in a single bound!darkassassinua is faster than a rolling 'o,' stronger than silent 'e,' and leaps capital 'T' in a single bound!darkassassinua is faster than a rolling 'o,' stronger than silent 'e,' and leaps capital 'T' in a single bound!
 
darkassassinua's Avatar
 
Posts: 35
Karma: 50027
Join Date: Oct 2019
Location: Kharkiv,Ukraine
Device: Kindle Paperwhite 5
Damn,updated PW5 to 5.14.2...
Any hope that this will work on PW5 5.14.2?
darkassassinua is offline   Reply With Quote
Advert
Old 04-02-2022, 08:55 PM   #3
adwait8
Member
adwait8 began at the beginning.
 
Posts: 13
Karma: 10
Join Date: Mar 2022
Device: Kindle Paperwhite 5
Yass can't wait
adwait8 is offline   Reply With Quote
Old 04-02-2022, 10:20 PM   #4
adwait8
Member
adwait8 began at the beginning.
 
Posts: 13
Karma: 10
Join Date: Mar 2022
Device: Kindle Paperwhite 5
Is this exploit patched already in 5.14.1.1?
adwait8 is offline   Reply With Quote
Old 04-03-2022, 05:53 AM   #5
katadelos
rm -rf /
katadelos ought to be getting tired of karma fortunes by now.katadelos ought to be getting tired of karma fortunes by now.katadelos ought to be getting tired of karma fortunes by now.katadelos ought to be getting tired of karma fortunes by now.katadelos ought to be getting tired of karma fortunes by now.katadelos ought to be getting tired of karma fortunes by now.katadelos ought to be getting tired of karma fortunes by now.katadelos ought to be getting tired of karma fortunes by now.katadelos ought to be getting tired of karma fortunes by now.katadelos ought to be getting tired of karma fortunes by now.katadelos ought to be getting tired of karma fortunes by now.
 
Posts: 219
Karma: 3333683
Join Date: Nov 2019
Location: United Kingdom
Device: K5, KT, KT2, KT3, KT4, KV, PW2, PW3, PW4, PW5
Quote:
Originally Posted by darkassassinua View Post
Damn,updated PW5 to 5.14.2...
Any hope that this will work on PW5 5.14.2?
Just checked, this exploit works on 5.14.2.

Quote:
Originally Posted by adwait8 View Post
Is this exploit patched already in 5.14.1.1?
Nope.
katadelos is offline   Reply With Quote
Advert
Old 04-03-2022, 06:04 AM   #6
darkassassinua
Kindle priest
darkassassinua is faster than a rolling 'o,' stronger than silent 'e,' and leaps capital 'T' in a single bound!darkassassinua is faster than a rolling 'o,' stronger than silent 'e,' and leaps capital 'T' in a single bound!darkassassinua is faster than a rolling 'o,' stronger than silent 'e,' and leaps capital 'T' in a single bound!darkassassinua is faster than a rolling 'o,' stronger than silent 'e,' and leaps capital 'T' in a single bound!darkassassinua is faster than a rolling 'o,' stronger than silent 'e,' and leaps capital 'T' in a single bound!darkassassinua is faster than a rolling 'o,' stronger than silent 'e,' and leaps capital 'T' in a single bound!darkassassinua is faster than a rolling 'o,' stronger than silent 'e,' and leaps capital 'T' in a single bound!darkassassinua is faster than a rolling 'o,' stronger than silent 'e,' and leaps capital 'T' in a single bound!darkassassinua is faster than a rolling 'o,' stronger than silent 'e,' and leaps capital 'T' in a single bound!darkassassinua is faster than a rolling 'o,' stronger than silent 'e,' and leaps capital 'T' in a single bound!darkassassinua is faster than a rolling 'o,' stronger than silent 'e,' and leaps capital 'T' in a single bound!
 
darkassassinua's Avatar
 
Posts: 35
Karma: 50027
Join Date: Oct 2019
Location: Kharkiv,Ukraine
Device: Kindle Paperwhite 5
Quote:
Originally Posted by katadelos View Post
Just checked, this exploit works on 5.14.2.
So good news!
darkassassinua is offline   Reply With Quote
Old 04-03-2022, 08:19 AM   #7
adwait8
Member
adwait8 began at the beginning.
 
Posts: 13
Karma: 10
Join Date: Mar 2022
Device: Kindle Paperwhite 5
Talking

Quote:
Originally Posted by katadelos View Post
Just checked, this exploit works on 5.14.2.
That's a great news! Thanks kataledos
adwait8 is offline   Reply With Quote
Old 04-03-2022, 09:10 AM   #8
irreld
Enthusiast
irreld began at the beginning.
 
Posts: 35
Karma: 10
Join Date: Jan 2016
Device: PW2 PW3 DPT-RP1
Next time maybe consider delaying the disclosure? At least give them some time to refresh the oasis and entry line as well
irreld is offline   Reply With Quote
Old 04-03-2022, 01:56 PM   #9
ajs256
he/him
ajs256 is on a distinguished road
 
Posts: 21
Karma: 68
Join Date: Mar 2022
Device: Jailbroken Kindle PW3 + PW5
Quote:
Originally Posted by katadelos View Post
Just checked, this exploit works on 5.14.2.
Welp, airplane mode time. Thanks for putting this together, I can't wait until this gets released.
ajs256 is offline   Reply With Quote
Old 04-03-2022, 03:30 PM   #10
luxakos
Junior Member
luxakos began at the beginning.
 
Posts: 2
Karma: 10
Join Date: Apr 2022
Device: Kindle (10th generation)
Would this work for Kindle 10th generation 5.14.2 ?

Noob here, I just want to customize my kindle screensaver.
luxakos is offline   Reply With Quote
Old 04-03-2022, 06:29 PM   #11
kdusr
Connoisseur
kdusr began at the beginning.
 
kdusr's Avatar
 
Posts: 77
Karma: 13
Join Date: Oct 2016
Location: Mars
Device: KOA, KV, KOA2,PW4,PW5
good news! can't wait !
katadelos, you are a super guy
kdusr is offline   Reply With Quote
Old 04-03-2022, 11:47 PM   #12
adwait8
Member
adwait8 began at the beginning.
 
Posts: 13
Karma: 10
Join Date: Mar 2022
Device: Kindle Paperwhite 5
Quote:
Originally Posted by luxakos View Post
Would this work for Kindle 10th generation 5.14.2 ?

Noob here, I just want to customize my kindle screensaver.
Yes mate its for ANY kindle < 5.14.2. (check his posts above). Just put your device in airplane mode until he releases this jailbreak.
adwait8 is offline   Reply With Quote
Old 04-05-2022, 11:41 AM   #13
johnnyb
Cloud Reader
johnnyb ought to be getting tired of karma fortunes by now.johnnyb ought to be getting tired of karma fortunes by now.johnnyb ought to be getting tired of karma fortunes by now.johnnyb ought to be getting tired of karma fortunes by now.johnnyb ought to be getting tired of karma fortunes by now.johnnyb ought to be getting tired of karma fortunes by now.johnnyb ought to be getting tired of karma fortunes by now.johnnyb ought to be getting tired of karma fortunes by now.johnnyb ought to be getting tired of karma fortunes by now.johnnyb ought to be getting tired of karma fortunes by now.johnnyb ought to be getting tired of karma fortunes by now.
 
Posts: 1,110
Karma: 4000066
Join Date: Aug 2010
Device: Kindle Oasis, Kindle Scribe, iPad Pro 11
Quote:
Originally Posted by ajs256 View Post
Welp, airplane mode time. Thanks for putting this together, I can't wait until this gets released.
Does the folder trick still work where you place a folder that tricks the device into thinking that an unpacked firmware is awaiting installation?
I really would prefer that to one month of airplane mode.
johnnyb is offline   Reply With Quote
Old 04-05-2022, 12:38 PM   #14
shamanNS
Guru
shamanNS ought to be getting tired of karma fortunes by now.shamanNS ought to be getting tired of karma fortunes by now.shamanNS ought to be getting tired of karma fortunes by now.shamanNS ought to be getting tired of karma fortunes by now.shamanNS ought to be getting tired of karma fortunes by now.shamanNS ought to be getting tired of karma fortunes by now.shamanNS ought to be getting tired of karma fortunes by now.shamanNS ought to be getting tired of karma fortunes by now.shamanNS ought to be getting tired of karma fortunes by now.shamanNS ought to be getting tired of karma fortunes by now.shamanNS ought to be getting tired of karma fortunes by now.
 
Posts: 876
Karma: 10113994
Join Date: Feb 2010
Location: Serbia
Device: Kindle PW5 [bricked], Kindle PW1
Nope, the folder trick hasn't worked for years now (since firmware 5.1x.y IIRC). So the choices are airplane mode or to fill almost all storage space so the OTA downloader doesn't have enough space to successfully download OTA bin file.
shamanNS is offline   Reply With Quote
Old 04-06-2022, 10:43 AM   #15
Abish4i
The Escapist
Abish4i began at the beginning.
 
Abish4i's Avatar
 
Posts: 36
Karma: 10
Join Date: May 2020
Location: Jhansi,India
Device: PW4 (10th Gen), Android, Zorin(linux)
Post

Quote:
Originally Posted by katadelos View Post
Tentative release date: 28th April (+120 days from initial disclosure), subject to change.
Fun fact: PW5 remained unjailbroken for only 56 days after release date!
Will see if its just a hoax or not

Abish4i is offline   Reply With Quote
Reply

Tags
jailbreak

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Tutorial KindleBreak - Software Jailbreak for (almost) any Kindle <= 5.13.3 tryol Kindle Developer's Corner 293 01-25-2024 06:07 PM
Is there no seamless ePub integration for newer firmwares/WatchThis jailbreak? Gaqs Kindle Developer's Corner 3 05-11-2022 10:23 AM
KOA3 Stuck with WatchThis Jailbreak Kurea Kindle Developer's Corner 2 05-03-2022 05:50 PM
KT2 Kindle 7th generation software jailbreak? WaseemAlkurdi Kindle Developer's Corner 3 09-14-2019 06:11 PM
[Kindle Keyboard 3G Vers3.4] download the latest OS, Launchpad, Jailbreak software shadows Kindle Developer's Corner 5 11-17-2012 12:33 PM


All times are GMT -4. The time now is 05:19 AM.


MobileRead.com is a privately owned, operated and funded community.