|  01-14-2016, 11:22 AM | #1 | 
| Member  Posts: 11 Karma: 10 Join Date: Jun 2015 Device: Kindle PW1 | 
				
				Kindle PW demo: Take 2
			 
			
			While I'm studying the MADMAXXXX thread about PW3 recovery to help with my previous case https://www.mobileread.com/forums/sho...d.php?t=269757 I have another case where I could use some help... This time around it similar to my previous thread: demo unit (French), but the root password derived from the serial number does not work. But there is a twist: I can login as framework/mario. That seemingly makes life easier. I was able to look at the shadow file and use JTR to extract the real root password. DIAGS, USB mode, transfer pw52 image, exit to login, dd the image, reboot... Done this before. But this time around the Kindle does not boot up... Wrong board ID... Code: Starting kernel ...
[    0.094313] boot: C def:bcut:batterycut=1
[    0.256319] LPDDR2 MfgId: 0x1 [Samsung]
3.0.35-lab126 #1 Wed Sep 4 16:00:40 PDT 2013 armv7l
Press [ENTER] for recovery menu...       0 //dev/mmcblk0p4:
CHS=4/16/102976 size=3374317568 bytes
flag type      first       last  lba first   lba size
Partition p1:
0x00 0x0b         16 <large>            16    6590448
    CHS: 0/1/1 - <large>
Partition p2:
Partition p3:
Partition p4:
BOOTING DEFAULT.
IP-Config: no devices to configure
kinit: Mounted root (ext3 filesystem) readonly.
crit hardware:bad_id:id=02722011336705HZ:bad board ID, defaulting to yoshi !!!!!!
info system:emiting_event:mounted_proc:
info system:emiting_event:mounted_sys:
crit hardware:bad_id:id=02722011336705HZ:bad board ID, defaulting to yoshi !!!!!!
info firsttime:mount_rw:time=5710:Mounting root RW for first boot
info firsttime:mount_ro:time=5810:Mounting root RO
info system:emiting_event:mounted_dev:
info system:emiting_event:mounted_tmpfs:
modprobe: FATAL: Could not load /lib/modules/3.0.35-lab126/modules.dep: No such file or direc            tory
init.exe: system pre-start process (624) terminated with status 1
init.exe: network main process (704) killed by TERM signal
crit hardware:bad_id:id=02722011336705HZ:bad board ID, defaulting to yoshi !!!!!!
init.exe: recevent pre-start process (708) terminated with status 1
crit hardware:bad_id:id=02722011336705HZ:bad board ID, defaulting to yoshi !!!!!!
init.exe: syslog main process (719) terminated with status 2
crit hardware:bad_id:id=02722011336705HZ:bad board ID, defaulting to yoshi !!!!!!
init.exe: syslog main process ended, respawningI think the discrepancy between the S/N (and its password) could have something to do with this "bad board ID" message... Just for the record: all demo Kindles (over half a dozen) I ever dealt with were bought from this seller http://stores.ebay.ca/SurplusByDesign?_rdc=1 Thanks. | 
|   |   | 
|  01-14-2016, 01:10 PM | #2 | 
| Going Viral            Posts: 17,212 Karma: 18210809 Join Date: Feb 2012 Location: Central Texas Device: No K1, PW2, KV, KOA | 
			
			Any chance you dd 'ed something to /dev/mmcblk0 rather than /dev/mmcblk0p1 ? Any such typo in a dd command would have over-written the board ID. = = = = = Now this one: Code: modprobe: FATAL: Could not load /lib/modules/3.0.35-lab126/modules.dep: No such file or directory = = = = = I assume you have a Linux system (larger than a Kindle) available - That the system image file you are trying to boot is named: rootfs.img - Change that name to whatever you are using. Do: Code: sudo mkdir -p /mnt/tmp-p1 sudo mount rootfs.img /mnt/tmp-p1 cd /mnt/tmp-p1/lib/modules/3.0.35-lab126/ Check what files are in there: ls -la The .dep file is plain text, see what is in it: less modules.dep There is a way to do a 'make dep' on a tree of modules not in the standard location (handy for not trashing your host system). You'll have to look the directions for that one up ('man mkdep' would be a good start). = = = = = OR, better yet, use a known good rootfs.img file (like from one of your working Kindles). | 
|   |   | 
| Advert | |
|  | 
|  01-14-2016, 02:20 PM | #3 | 
| Member  Posts: 11 Karma: 10 Join Date: Jun 2015 Device: Kindle PW1 | 
			
			Thanks, knc1. I guess my weekend won't be boring...  To answer your questions: I don't think I overwrote mmcblk0. The (bad) ID it shows now is the one it had before any flashing was done. EDIT: While browsing the pw_5.2 IMG files, I noticed there are no libraries version 3.x.x, only 2.6.x... My understanding is, this is related to the Linux version. Could this mean, that the demo OS the Kindle was running retains some of its parts that are not replaced when flashing (dd) the mmcblk0p1 image file? And the demo OS was newer based on 3.x Linux... If so, what could those remnants be? What else needs to be flashed to take the Kindle back to the pw_5.2 days (OS-wise)? Or, what other IMG can try to flash that wold be based on the same Linux version as the demo OS (3.x.x)? Or am I digging in the wrong direction? Last edited by aesop; 01-14-2016 at 03:06 PM. | 
|   |   | 
|  01-14-2016, 04:27 PM | #4 | 
| Going Viral            Posts: 17,212 Karma: 18210809 Join Date: Feb 2012 Location: Central Texas Device: No K1, PW2, KV, KOA | 
			
			The 'ruminate' is the 5.6.x main kernel you are trying to get to run modules from the 5.2.x firmware (not going to happen). At least I don't see where you also flashed the 5.2.x kernel in your posts. | 
|   |   | 
|  01-14-2016, 04:44 PM | #5 | 
| Member  Posts: 11 Karma: 10 Join Date: Jun 2015 Device: Kindle PW1 | 
			
			Back to the basics... In the official_build folder on the Kindle there is just one demo.bin file (some 389K size). Presumably, the one it was running initially. What would be the way to flash it? Thanks. | 
|   |   | 
| Advert | |
|  | 
|  01-14-2016, 06:17 PM | #6 | |
| Going Viral            Posts: 17,212 Karma: 18210809 Join Date: Feb 2012 Location: Central Texas Device: No K1, PW2, KV, KOA | Quote: 
 See if KindleTool can identify it. try 'file' command on it. If that fails, try to mount it and look at it, similar to the example earlier today about rootfs.img. See if you can squeeze any more information at all out of it. = = = = = The howto recover a device (without a password to anything) is only two or three posts in that 5 (6?) page thread. I'll see if I can find them and summarize them so people only need to use that thread (and the attached log files) as reference. = = = = = I think someone is working on the low level stuff (u-boot and initial uImage) - since they don't have to be signed, only checksumed properly when installing them by fastboot. Why? Because if we can add the MR signature certificate to the initial uImage - we could use KindleTool to create our own (jailbroken) 'recovery update' packages. | |
|   |   | 
|  01-15-2016, 11:24 AM | #7 | 
| Member  Posts: 11 Karma: 10 Join Date: Jun 2015 Device: Kindle PW1 | 
			
			This one got fixed. Copied the demo.bin, extracted rootfs.img from it (using kindletool), flashed as mmcblk0p1... I thought this will take me back to square one, PW running in demo mode. But instead, it made it a "normal" Kindle... Running 5.4... Will leave it at that... Honestly, not sure how this happened. Thanks you, knc1 for all the help... EDIT: Had it connected to Wi-Fi and while browsing around (the Kindle had nothing but the User Guide on it) it got updated to 5.6.1.0.6 (2588930001). This might create problems for jailbreakint etc. but I was not planning to do anything like this with this unit... Last edited by aesop; 01-15-2016 at 12:21 PM. | 
|   |   | 
|  01-15-2016, 02:00 PM | #8 | |
| Going Viral            Posts: 17,212 Karma: 18210809 Join Date: Feb 2012 Location: Central Texas Device: No K1, PW2, KV, KOA | Quote: 
 If not, put the files of the *.zip jailbreak file (it is inside the jailbreak archive) in the root of USB storage - Then from the serial port command line (in 'main' OS) - cd /mnt/us sh jb.sh | |
|   |   | 
|  01-15-2016, 02:44 PM | #9 | 
| Member  Posts: 11 Karma: 10 Join Date: Jun 2015 Device: Kindle PW1 | 
			
			I will reserve this to a 3G model (I will exchange this one for). Now every member of my extended family has one (eight in total)...  Thanks again, knc1. I like your style: something to do with "give a fish" vs. "teach to fish"...   | 
|   |   | 
|  | 
| 
 | 
|  Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post | 
| Kindle Fire Demo Unit...Remove Demo 'Software'? | JayOf72 | Amazon Fire | 23 | 11-11-2016 09:41 PM | 
| Un-Demo Kindle | darkrandor | Kindle Developer's Corner | 1 | 02-20-2015 03:53 PM | 
| Got a Demo Kindle (k5) from work, need to remove demo software. | Stea1th | Kindle Developer's Corner | 71 | 09-02-2014 02:46 PM | 
| Demo Kindle DX | georgiworld | Kindle Developer's Corner | 3 | 05-13-2011 08:58 PM | 
| Demo: Jetbook mini official demo | bookwarm | Ectaco jetBook | 36 | 09-21-2010 12:18 PM |