|
![]() |
|
Thread Tools | Search this Thread |
![]() |
#1 |
Member
![]() Posts: 17
Karma: 10
Join Date: Apr 2015
Location: Shanghai, China
Device: Kindle4, KT2
|
![]()
As 5.6.1.x can not do jailbreak by apply the update pack from /mnt/us/xxx.bin..
Can we set up a DNS server.. Kindle will check update, download and apply xxx.bin from the fake update server.. As amazon's file server not https.... http://s3.amazonaws.com/G7G_Firmware...le_5.4.3.2.bin |
![]() |
![]() |
![]() |
#2 |
BLAM!
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 13,501
Karma: 26047188
Join Date: Jun 2010
Location: Paris, France
Device: Kindle 2i, 3g, 4, 5w, PW, PW2, PW5; Kobo H2O, Forma, Elipsa, Sage, C2E
|
Won't make our packages magically signed by Amazon's keys
![]() |
![]() |
![]() |
Advert | |
|
![]() |
#3 |
Going Viral
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
|
Our Kindle "jail break" provides the device with **our** developer keys, we do not (because we can not) sign our update packages with Amazon's keys.
Unlike Sony, Amazon has not (yet) leaked their signing key, forcing us to use our own. |
![]() |
![]() |
![]() |
#4 |
abibliophobic
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 220
Karma: 219708
Join Date: Aug 2012
Device: KV jailbroken
|
I've been wondering, how do you decrypt the image files without the key?
I can't find any documentation about how KindleTool works. But that may be because I'm blind. I've searched this forum and the Wiki. If that info has to come via PM then fair enough. ![]() |
![]() |
![]() |
![]() |
#5 | |
Going Viral
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
|
Quote:
That is: two keys (a key pair), one public (for decrypting) present on every Kindle and one private (for encrypting) stored in Amazon's I.P. security vault. Just read the source of KindleTool for the details of how it works. It has the Amazon public keys embedded in it for handling Amazon packages and our key-pair for handling our packages. That is: no Amazon private key == can not create Amazon signed packages. Last edited by knc1; 05-07-2015 at 09:48 AM. |
|
![]() |
![]() |
Advert | |
|
![]() |
#6 |
abibliophobic
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 220
Karma: 219708
Join Date: Aug 2012
Device: KV jailbroken
|
Fair enough, I hadn't realised they used a key pair, which is why I asked.
![]() I have to deal with encryption on a daily basis in my job due to sensitive data so am fully aware of how they work. Thank you for explaining how you guys do it. Plus looking through the source, my other idea would take an eternity (brute force the key) due to the length of the key. |
![]() |
![]() |
![]() |
#7 |
Member
![]() Posts: 17
Karma: 10
Join Date: Apr 2015
Location: Shanghai, China
Device: Kindle4, KT2
|
![]() ![]() ok, ignore me.. The update package signed by the amazon private magic cert/keys.. |
![]() |
![]() |
![]() |
#8 | |
Going Viral
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
|
Quote:
If you can brute force that RSA key, then Ron Rivest, Adi Shamir, and Leonard Adleman would like to know about it. ![]() So would any number of National Governments. PS: Amazon still offers free accounts on their Super Computer (the 9th most powerful Super Computer in the world, IIRC - see top 500 list to check) - which might interest anyone serious about trying. http://en.wikipedia.org/wiki/RSA_problem - - - - - There are actually two (2) updater mechanisms in the Kindle firmware. One put there in the very early days when Amazon thought that they would support (and encourage) third party add-ins as active documents. That is the one we use for our packages here. The other one, for the OTA updates, remains the sole domain of Amazon (we haven't even tried to disturb that one). That all means that our packages can **only** be installed by owner action. No chance that they can be forced onto a Kindle via the OTA updater (which just earns you an error code 3, IIRC). Last edited by knc1; 05-07-2015 at 11:14 AM. |
|
![]() |
![]() |
![]() |
#9 |
BLAM!
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 13,501
Karma: 26047188
Join Date: Jun 2010
Location: Paris, France
Device: Kindle 2i, 3g, 4, 5w, PW, PW2, PW5; Kobo H2O, Forma, Elipsa, Sage, C2E
|
We do use the OTA updater, it's the factory one bundled in the initrd shell that we don't (since the pubkeys are buried in there too, messier to make it like ousr)
![]() |
![]() |
![]() |
![]() |
#10 | |
Going Viral
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
|
Quote:
But of course your correct. and there are links here to projects that have replaced the factory kernel (and embedded initrd) if a reader cares to dig enough. But what's the point? We don't need to disturb it, so we don't. |
|
![]() |
![]() |
![]() |
Thread Tools | Search this Thread |
|
![]() |
||||
Thread | Thread Starter | Forum | Replies | Last Post |
Calibre Content Server issue with DNS | rysktkr | Devices | 0 | 09-04-2013 11:47 AM |
[Old Thread] Remote library support (not content server) | mikew | Calibre | 18 | 05-29-2013 08:27 AM |
Porting Calibre's built-in web server to a remote server? | perryja | Related Tools | 6 | 05-02-2013 10:05 AM |
Book directory on remote server | sasilk | Library Management | 3 | 08-13-2011 12:10 PM |
Headless Calibre Server Setup | godzilla8nj | Related Tools | 4 | 03-10-2010 02:39 PM |