Kindle firmware 3.1

I've been doing some playing about with the recent kindle 3.1 firmware release. The salient points are:

The jailbreak can no longer be installed because Amazon have patched the busybox tar exploit which allowed unrestricted writing to the root filing system. Keep an eye on this thread over at mobileread for information on 3.1 jailbreaking progress.
Homebrew can no longer be installed (or deinstalled) because Amazon have patched the /usr/sbin/otaup script to only use Amazon's keys when verifying software updates: the extra one installed by the jailbreak (and used to sign homebrew updates) is ignored.
If you installed the jailbreak and then the usbnet patches (or any other homebrew) under <= 3.0.3, and then updated to 3.1, they should be left intact.
You can't downgrade to an older firmware release since Amazon's binary patch update format does not support this (it could be done manually if you already had root shell access though).

So, as long as you installed usbnet previously, you should still be able to ssh into the kindle and gain a root shell.
If you look at a diff of the old vs the new /usr/sbin/otaup script, they have changed the line:

KEYFILES=$(ls /etc/uks/*pem)

to:

KEYFILES="/etc/uks/pubprodkey01.pem /etc/uks/pubprodkey02.pem "

The jailbreak key is called "/etc/uks/pubhackkey01.pem. Therefore, as long as you have a root shell, you can simply manually rename them. In fact, I've decided to disable the Amazon keys by default to avoid any unwanted future updates they might automatically push to me:


mntroot rw
cd /etc/uks
mkdir AMAZON
mkdir HACK
mv pubprod* AMAZON
mv pubhackkey01.pem HACK/pubprodkey01.pem
mntroot ro

Then, when you want to install/deinstall a homebrew app:


mntroot rw
cd /etc/uks
cp HACK/* .
mntroot ro

And for an Amazon firmware update (you might want to remove their keys after the update again to disable pushed auto-updates):


mntroot rw
cd /etc/uks
cp AMAZON/* .
mntroot ro

Finally, the good news is that they haven't changed the signing of Kindlets, so as long as you've got my devkeys installed, they'll work as previously.

Interestingly, they have a new Kindlet API jar, version 1.2. I'm going to analyse it and describe what is new in a later post.

Note that this all worked fine on my and another test Kindle; please don't blame me if it bricks/disables homebrew on yours.

Tags: kindle

( 5 comments — Leave a comment )

poisonduk

2011-02-16 07:36 pm (UTC)

So if I bought a kindle now would I be able to jailbreak it before it updates or will it be forced to update as soon as I switch it on?

adq

2011-02-16 07:52 pm (UTC)

I'm not sure if the upgrade is pushed or not yet; certainly it wasn't to mine or Nicola's, I downloaded it and manually copied it to it for it to install. I've heard various rumours though, so I decided to err on the side of caution.

They /will/ start shipping them with 3.1 eventually though; currently Amazon say 3.1 is a "preview" release.

Edited at 2011-02-16 07:52 pm (UTC)

2011-02-16 08:06 pm (UTC)

Forgot to mention; there's an externally accessible serial port hidden in the case which gives you access to the bootloader so you can (not tried myself yet) always hack it through that. As long as you know someone with the right hardware for it :)

Resetting?

(Anonymous)

2011-03-13 02:02 am (UTC)

Do you know if a manual reset uninstalls hacking upgrades?

My Kindle has 3.1 now (or even shipped with it, I'm not sure) and I haven't had any luck installing your dev keys. Any suggestions of how to get root access?

Re: Resetting?

2011-03-21 09:55 pm (UTC)

Manual reset should keep the upgrades.

I guess by now, you've found the new jailbreaks for 3.1?

S	M	T	W	T	F	S
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29

adq

Andrew de Quincey's livejournal

Resetting?

Re: Resetting?