What firmware does the PW2 currently ship with?

[therful]

I'm debating of whether to buy a PW2 or a Kobo ereader. Whether I can jailbreak the kindle is a big factor in my decision. Does anyone know what firmware a brand new PW2 ships with?

[knc1]

Quote:

Originally Posted by therful

I'm debating of whether to buy a PW2 or a Kobo ereader. Whether I can jailbreak the kindle is a big factor in my decision. Does anyone know what firmware a brand new PW2 ships with?

Sure, the Amazon production manager does.

But you can bet it is a version in the 5.6.x firmware series.

And (so far) you can jail break **any** Amazon firmware over the serial port.

[therful]

Quote:

Originally Posted by knc1

Sure, the Amazon production manager does.

But you can bet it is a version in the 5.6.x firmware series.

And (so far) you can jail break **any** Amazon firmware over the serial port.

Thanks for the speedy reply.
Unfortunately I'm not quite comfortable opening it up and soldering.
Just out of curiosity, is there anyone working on a 'serial-less' jailbreak?

[knc1]

Quote:

Originally Posted by therful

- - - -
Just out of curiosity, is there anyone working on a 'serial-less' jailbreak?

The common practice here is to only announce results.

But I suspect not (the technical picture is pretty hopeless), although I could be wrong.

[leroti]

Quote:

Originally Posted by knc1

The common practice here is to only announce results.

But I suspect not (the technical picture is pretty hopeless), although I could be wrong.

Can you point me to some threads discussing the technical picture post-5.6 update? I have read a lot about how it is pretty hopeless, but haven't found the technical reasons behind this lament.

Unfortunately for the OP - I was also hit by the silent upgrade and have found that PW2s from Best Buy & Fry's were already upgraded to 5.6+, I'd assume that AMZN direct would be current.

[knc1]

Quote:

Originally Posted by leroti

Can you point me to some threads discussing the technical picture post-5.6 update?

I have read a lot about how it is pretty hopeless, but haven't found the technical reasons behind this lament.

- - - -

Not really, there wasn't much discussion, just the presentation of the accomplishment.

The most details are to be found in the jail breaks themselves.
None of them are "binary without source", in fact, I don't think any of them have been "binaries".

The one jail break that targets the greatest number of devices and firmware versions ...
Ah, now there is an embarrassment to the "old hands" of the CS field (myself included - it put to shame my 50+ years in the field).

It used (uses) a system vulnerability well known to K&R (the developers of Unix - Linux is a " *nix like " system) -
That was (is) the use of a "poison filename".
I'll save you looking at the jb code - - -
That is when a filename is carefully crafted in such a way that the system executes the filename as if it was a system command line.
Makes for a really funny looking filename, but that is what it was (is).

Why the shame attached?
Nobody (myself included) thought to try such a well known system vulnerability several years earlier in the history of Kindle jail breaking.
(Super Duh...)

- - - - - -

The difficulty since Lab126 fixed the above major "oops" in their implementation are all based in the ownership and permission system that is part of all *nix-like systems.

Short of a major brain-fart on the part of the implementers, it is pretty secure (except for the case when there is physical access to the system operator's console - which is why computer systems lived (still live) in physically secure rooms).

Amazon has built/shipped some kernels with SE-Linux - - but they have never used those features that I know of.

You will have to web-search that term for the gory details, but briefly ....
SE-Linux puts the standard ownership and permission system on super steroids -
It is what NSA (the developers) think *nix-like system security should be like.

- - - -

NSA: USA's National Security Agency - -
These people take the security and access control of their own computer systems **SERIOUSLY**.

And yes, they run Linux - just like your e-book reader does.

[NiLuJe]

Note that said poison filename worked because there is (was?) indeed a shiny system() call at some point of the various checks done by the support library used by the OTA updater.

That was 'fixed' by renaming all incoming .bin file w/ a random uuid in the 'update_<uuid>.bin' form, and that before said step.

----

We've (mostly) always used some kind of logic flaw in the OTA updater, because it started as (again, mostly) a simple shell script, and with most of the rest of the system being obfuscated java, that made it an obvious attack vector.

The fact that more recently, parts of its job have been off-loaded to C libraries put a serious dent in those kind of shenanigans, since none of us have any real skill in ARM assembly, which becomes kind of a basic requirement to look into things further.

Same with the other slightly less obvious attack vectors, they kind of require more specialized skills than simply poking at things with a stick for fun (which is basically where I sit, personally ^^).

[leroti]

Ah. Thank you for your explanation - you have clarified the situation for me. I, too, am of the poking with a stick persuasion, so I shall have to hope and wait for another mistake to be made.

[knc1]

That is a good summary - we are just waiting for another Lab126 mistake to be made.

And that may be a long wait, now that Amazon/Lab126 has started hiring professionals that know what they are doing.

In the early days (prior to ownership by Amazon), Lab126 would hire contractors from the pool of anyone who claimed they could type.
You know the sort -

You can find them on nearly any street corner holding a sign that reads:
"Will program for food."

To which this forum's answer was Geekmaster -
Who had **both** the technical training/professional experience and a very large collection of sharp sticks.
(Geekmaster has since gone on to other interests.)

[dhdurgee]

Quote:

Originally Posted by knc1

To which this forum's answer was Geekmaster -
Who had **both** the technical training/professional experience and a very large collection of sharp sticks.
(Geekmaster has since gone on to other interests.)

Any possibility that he could be lured back, either by the challenge or other incentives?

Dave

[knc1]

Offer a set of 64 K4 devices for his virtual Kindle wall.

[bulsa]

Do the new Kindles still ship this "who knows where they fetched this from" hacked together WebKit browser? It always looked to me like remote code execution just waiting to happen...

I just looked it up, the release they ship on the newest Kindle is four years old (1.4.2), there have to be some known bugs in there I think?

[knc1]

Quote:

Originally Posted by bulsa

Do the new Kindles still ship this "who knows where they fetched this from" hacked together WebKit browser? It always looked to me like remote code execution just waiting to happen...
- - - -

There used to be one, which allowed you to access a carefully crafted site and jail break your Kindle.

We did do our "responsible party" thing and notified Amazon of the security exception.
Amazon fixed that one in a hurry.

That was several years ago (the KT? maybe back then).
Which doesn't mean there aren't more to find.

[JSWolf]

Quote:

Originally Posted by therful

I'm debating of whether to buy a PW2 or a Kobo ereader. Whether I can jailbreak the kindle is a big factor in my decision. Does anyone know what firmware a brand new PW2 ships with?

If your getting a Kindle is based on jailbreaking, then forget it. Since Kobo is your other choice, then go with Kobo. You can custom patch the Kobo firmware.

[knc1]

The PW2 is no longer shipping (at least in the US).

Will have to wait until next week to know what the PW3 ships with.