Quantcast
Channel: MobileRead Forums - Kindle Developer's Corner
Viewing all 4434 articles
Browse latest View live

PW2 Disable auto usbnet - reboot loop

$
0
0
Hi! I tried to unblacklist my Kindle Paperwhite by following this tutorial http://www.mobileread.com/forums/sho...d.php?t=193260.

However, after creating the /var/local/java/prefs/reginfo file, my Kindle is stuck in a boot loop. My Kindle is jailbroken, and I want to run the following RUNME.sh script to fix the issue:

Code:

mntroot rw
chattr -i /var/local/java/prefs/reginfo
chmod 777 /var/local/java/prefs/reginfo
rm /var/local/java/prefs/reginfo
echo 0 > /var/local/upstart/lab126_gui.restarts

However, my kindle doesn't show up as a USB device at any point during the reboot, as usbnet is automatically starting due to an /usbnet/auto file being present on the Kindle.

Any ideas on how I can fix this?

Thanks!

How to Stop Paperwhite1 from Indexing Periodicals?

$
0
0
This concerns periodicals (News) gernerated by calibre recipes: "pobi"-files. I regularly delete indexes and the UserAnnotLog from my kindle. But as I never use the search function with periodicals (News), I wonder if I could stop the automatic indexing. (I presume the process uses up battery power and also clogs the memory.) - Astounding enough, I couldn't find anything on the topic in the forum or by searching the Web.

PW2 What firmware does the PW2 currently ship with?

$
0
0
I'm debating of whether to buy a PW2 or a Kobo ereader. Whether I can jailbreak the kindle is a big factor in my decision. Does anyone know what firmware a brand new PW2 ships with?

K5 USBIP - USB over IP

$
0
0
Enclosed are the kernel modules, binaries, and supporting libs to make usbip work for a Kindle Touch (2.6.31 kernel). I just made the modules and the binaries are from Debian Wheezy.

So far it doesn't work. I get this from dmesg:
usb_common_mod: version magic '2.6.31-rt11 preempt ARMv7 ' should be '2.6.31-rt11-lab126 mod_unload ARMv7'

Any ideas on what to change in the kernel .config to make this work?

edit 2:
now the version magic is OK - I turned off preempt in the kernel and turned on module unloading..

new issue: dmesg says:
usbip_common_mod: Unknown symbol _aeabi_unwind_cpp_pr0
usbip_common_mod: Unknown symbol _aeabi_unwind_cpp_pr1

Not sure what now, I'll keep looking

Attached Files
File Type: zip usbip.zip (686.7 KB)

K4 Kindle 4 Black NT waveform file

$
0
0
Hello! :help:
WANTED The waveform file for Kindle 4 Black NT.
The screen part number:
Brocken - ED060SCN (LF)-T1
New - ED060SCN (LF)-H2 - this one doesn't work properly.

K5 Kindle Paperwhite (1G) bricked. Flash drive almost full.

$
0
0
Hi.

I stupidly scanned a couple of comics and used Kindle Comic Converter to make a ~150MB .mobi file, and copied it to the documents folder. NOT THE ROOT FOLDER.

I used the USE_ALT_FONTS fonts workaround, and had version 4.3.9
installed. my kindle was non-jailbroken.

I was quite aware of the toll that fonts have on my kindle, so I had only 4 extra fonts installed. I had ~60 .mobi books, ~10 .azw3, and a 600MB PDF (which was just pictures, and ran fine). Also, I was messing with it, and had ~30 12MB .mobi files (comics converted with KCC).

After copying over the ~150 MB mobi file, I deleted all other comics, so that I had ~200 MB free space. I restarted my kindle, and it has since been stuck on the circular loading animation of the boy under the tree. I have charged it fully quite a few times, and it keeps loading (the bar never appears) until it discharges.

My computer recognizes my kindle as

"Kindle Internal Storage USB Device" in device manager, and in My Computer simply as "Removable Disk". The format option does not work, and disabling and re-enabling it has not helped.

My kindle heats up to a considerable degree, and the lower right-hand corner of the kindle seems to emit a weird beeping noise.

Also, none of my books were faulty, and had been used on the same device in the past. The large .mobi file works fine on my computer.

Is there any way I can delete those books? I can not access the drive using traditional methods. (Win 8.1 x64)

TL;DR: Filled my kindle PW so that it is stuck at the initial tree screen. Unable to access drive, unable to modify drive. Any suggestions?

I need Help!!

$
0
0
I have been rooting and jailbreaking devices for almost a decade, and this has me stumped!

I Have a Kindle Touch, FW 5.1.2. I can not get it to update (gets to the end then says issue found and stays frozen), can't get it to stay jailbroken. Every time that i restart the device it goes right back to where it was yesterday. Whether I add a simple file or delete it.

I was able to Jailbreak it where the bottome showed *** Jailbroken *** but as soon as I restarted it it wa sno longer jail broken and all the unzipped files on the root folder were missing.

if I try to "reset" the device it only restarts, does not reset.

Thoughts?!

There's a way to amplify the margin of the Kindle Touch 2014?

$
0
0
There's a way to amplify the margin of the Kindle Touch 2014? My version is 5.6.1.0.6.

Using the Kindle DX Graphite with wireless card removed

$
0
0
I am wondering if removing the wireless card from the Kindle DX (with the Pearl screen, I am assuming that version of the DX still has a separate wireless card), and then starting and using the DX will brick the DX.

Does anyone have any thoughts on this?

Thanks.

Getting around DRM, encoding?

$
0
0
DRM is a real nuisance for us paying customers. I like to curate my notes, and usually do so after reading a great book. So you can imagine my surprise when I realized 90% of my annotations had been ignored.

Fortunately the annotations are still visible in the Kindle and the location data is in tact in my clippings.txt file. This gave me the idea of taking the location information for each annotation and then extracting the appropriate text from the original mobi file via a script. My understanding is that location corresponds to 128 bytes of data, so it should be straight forward to put all this information into a file. But I'm not sure how it's encoded and when I use something like UTF it's a half garbled mess.

I'm novice programmer though so I'm wondering:

A) if this is actually feasible
B) how hard it will be to decode mid-book excerpts

As for the DRM itself, I've found tools for stripping it but I'm not sure if that will corrupt the location information. From what I can tell it doesn't.

Kindle PW2 error says Battery Invalid: -22

$
0
0
Hi guys,

I have a kindle pw2 with a broken screen. so i decided to fix it on my own and got another screen. when i assembled everything together i get the "repairing necessary" screen and at the bottom a "BATTERY INVALID: -22" message.

Things I've tried so far:
  • Hold power-button for 40 seconds, even that the screen flashes the message still reoccurs. It never comes to the tree-screen or loading screen or whatever.
  • When i plug in the usb-cable the led does not light up. Sometimes it lights up, but as soon as the device restarts and the error shows up comes, the led stops lighting.
  • The screen itself seems to work. I connected it on a pw1 and everything shows up. the only problem is, that touch is not working.

The first time, this message appeared was when I reassembled a pw1-screen with a pw2-motherboard. Since this didn't work, I decided to get a pw2-screen, but the error still exists.

is there a way to fix it?

PW2 To jailbreak a unjailbroken old-version device which being autoupdated?

$
0
0
Hello everyone,
I just buy a kindle pw2, and I didn't know 5.6.x can't be jailbroken unless you open it. It is my fault and I've learned a lesson.:(

This kindle was bought by a seller from Japan, May 2014.
And I bought it from the seller online.
The 5.6.x version was first released in Dec. 2014, right?
If I don't misunderstand, my kindle is not installed with 5.6.x., and it was auto-updated to 5.6.1.0.6 just after I turned it on.

So, please let me know:
Is it possible to jailbreak a kindle pw2 which was never jailbroken, not installed with 5.6.x but, unfortunately, autoupdated to 5.6.x?

Sorry for my poor English, and thanks in advance!:thanks:


ps. I just want to install koreader because I need to read lots of PDF files.
I dare not open it!:( :( :( With my hands messing on it, it will absolutely become a trash!

Kill the GUI ?

$
0
0
Hi,

Is it possible to kill the GUI on the K4NT? Looking at ps aux, I can't easily guess which process might be the GUI.

I've written a Weather HUD in python. A shell script puts the Kindle to sleep, and when it wakes up, the python script runs, downloading the weather info, and rendering the image to a PNG file. It then calls eips to display it.

However, when the kindle wakes from sleep, part of the GUI appears, overwriting the screen during the downloading & rendering process. I'd like to avoid this, perhaps by simply killing the GUI process.

Is this possible, and would there be any disastrous consequences if I did?

Hugo

Paperwhite 2/3 Jailbreak

$
0
0
Is there any way to garner interest in a jailbreak for the newer lines of Paperwhites? Is it a simple lack of interest and talent, or are there other limitations preventing a new Jailbreak?

If it's a matter of resources, then I'm sure that we could get something together.

I guess what I'm trying to say is... Can we like, pay someone to create a jailbreak?

K5 is it possible to backport 5.6 to KPW1

$
0
0
Just wondering if I copy all the jars in /opt from update img, is it possible to port some new features to KPW1 ?
this will not brick my KPW, am I right? just jars. not the linux system

K4 Alternative to Duokan

$
0
0
Ive recently jailbroken my old K4 and installed Duokan 2015, I like the collection interface (with book images) but the size is an issue.

Is there an alternative epub reader that has cover view and is decent? Everyone seems to suggest KOreader but that didnt seem to have a cover view which was one of the main reasons I wanted a different OS (and epub support for smaller filesizes).

Thanks in advance for any help you can provide.

Kindle PW1 - attempt to "cure" a demo unit

$
0
0
Hi Everyone,-

I was given a demo version of a Kindle PaperWhite-1.
How to deal with those - i.e. make them become full blown ereaders - is well documented.
And so I'm trying to do just that...

Surprisingly enough, what I thought to be the hard part (soldering, USB UART, etc.) turned out to be easy.
And what I thought to be a piece of cake, doesn't work.

Bottom line: I can't complete the last step - flash the IMG file.
After I enter the dd command I get gibberish on the screen and go nowhere
Here is the console (the gibberish part goes for pages and was cut here)
The IMG file is the pw_5.2.0-mmcblk0p1.img (left only the last part of the name)
Code:

U-Boot 2009.08-lab126 (Oct 05 2012 - 18:04:55)

CPU:  Freescale i.MX50 family 1.1V at 800 MHz
mx50 pll1: 800MHz
mx50 pll2: 400MHz
mx50 pll3: 216MHz
ipg clock    : 66666666Hz
ipg per clock : 66666666Hz
uart clock    : 24000000Hz
ahb clock    : 133333333Hz
axi_a clock  : 400000000Hz
axi_b clock  : 200000000Hz
weim_clock    : 100000000Hz
ddr clock    : 800000000Hz
esdhc1 clock  : 80000000Hz
esdhc2 clock  : 80000000Hz
esdhc3 clock  : 80000000Hz
esdhc4 clock  : 80000000Hz
MMC:  FSL_ESDHC: 0, FSL_ESDHC: 1
Board: Celeste (256 MB)
Boot Reason: [POR]
Boot Device: MMC
Board Id: <<removed>>
S/N: B0<<removed>>
DRAM:  256 MB
Using default environment

In:    serial
Out:  logbuff
Err:  logbuff
Quick Memory Test 0x70000000, 0xfffe000
POST done in 17 ms
Hit any key to stop autoboot:  0
## Booting kernel from Legacy Image at 70800000 ...
  Image Name:  Linux-2.6.31-rt11-lab126
  Image Type:  ARM Linux Kernel Image (uncompressed)
  Data Size:    4608576 Bytes =  4.4 MB
  Load Address: 70008000
  Entry Point:  70008000
  Verifying Checksum ... OK
  Loading Kernel Image ... OK
OK
Starting kernel ...
2.6.31-rt11-lab126 #1 Fri Oct 5 18:50:15 PDT 2012 armv7l
INFO:Loaded module /lib/modules/eink_fb_waveform.ko  (38984 bytes)
INFO:Loaded module /lib/modules/mxc_epdc_fb.ko default_panel_hw_init=1 default_update_mode=1 (51140 bytes)
INFO:eink initialized... (786432 bytes)
Press [ENTER] for recovery menu...      0 /INFO:!!! Checking MBR /dev/mmcblk0 !!!!
INFO:partition 2, start sector is 782336
INFO:partition 3, start sector is 913408
INFO:partition 4, start sector is 1044480
INFO:maximizing partition 2797568 sectors
INFO:*** Partition table verified for /dev/mmcblk0 ***
INFO:Checking for updates... (auto-pilot mode)
/dev/mmcblk0p4:
CHS=4/16/43712 size=1432354816 bytes
flag type      first      last  lba first  lba size
Partition p1:
0x00 0x0b        16 <large>            16    2797552
    CHS: 0/1/1 - <large>
Partition p2:
Partition p3:
Partition p4:
INFO:Setup loop device /dev/loop0 for /dev/mmcblk0p4 + 8192
INFO:No update*.bin found; no update needed.
INFO:no updates found.
BOOTING DEFAULT.
  argc == 11
  argv[0]: "kinit"
  argv[1]: "consoleblank=0"
  argv[2]: "rootwait"
  argv[3]: "ro"
  argv[4]: "ip=off"
  argv[5]: "root=/dev/mmcblk0p1"
  argv[6]: "quiet"
  argv[7]: "eink=fslepdc"
  argv[8]: "video=mxcepdcfb:E60,bpp=8,x_mem=4M"
  argv[9]: "mem=256M"
  argv[10]: "console=ttymxc0,115200"
  argc == 4
  argv[0]: "IP-Config"
  argv[1]: "-i"
  argv[2]: "Linux kinit"
  argv[3]: "ip=off"
IP-Config: no devices to configure
kinit: do_mounts
kinit: name_to_dev_t(/dev/mmcblk0p1) = dev(179,1)
kinit: root_dev = dev(179,1)
kinit: /dev/root appears to be a ext3 filesystem
kinit: trying to mount /dev/root on /root with type ext3
kinit: Mounted root (ext3 filesystem) readonly.
info system:emiting_event:mounted_proc:
info system:emiting_event:mounted_sys:
info system:emiting_event:mounted_dev:
info system:emiting_event:mounted_tmpfs:
info milestone:5.87:sy50:
init.exe: recevent pre-start process (497) terminated with status 1
info system:start:time=5920:
info system:config:platform=yoshime3,board=celeste,rev=21,proto=N,wifi=Y,wan=Y:
info milestone:6.15:sy51:
info milestone:6.77:sy99:
info system:done:time=6800:
info system_cramfs_loopbacks:mountingcramfs:Mounting compressed directories filesystem images:
info system_cramfs_loopbacks:mounted:Image /lib/firmware/cyttsp.cramfs.img mounted:
info system_cramfs_loopbacks:mounted:Image /usr/share/X11/xkb.cramfs.img mounted:
info system_cramfs_loopbacks:mounted:Image /usr/java/lib/fonts.cramfs.img mounted:
info system_cramfs_loopbacks:mounted:Image /etc/kdb.src.cramfs.img mounted:
info system_cramfs_loopbacks:mounted:Image /usr/lib/locale.cramfs.img mounted:
info system_cramfs_loopbacks:mounted:Image /usr/share/keyboard.cramfs.img mounted:
info system:emiting_event:mounted_cramfs_loopbacks:
info milestone:7.42:fs75:
info system:emiting_event:loaded_modules_dependencies:
info modules:modprobe:loading module g_file_storage:
info system:emiting_event:loaded_g_file_storage:
info modules:modprobe:loading module fuse:
info system:emiting_event:loaded_fuse:
info modules:modprobe:loading module mwan:
info system:emiting_event:loaded_mwan:
info milestone:7.79:fs00:
info modules:modprobe:loading module ppp_async:



Welcome to Kindle!

kindle login: info system:emiting_event:loaded_ppp_async:
info system:emiting_event:loaded_fakekey:
info system:emiting_event:mounted_varLocal:
info milestone:8.26:fs25:
info milestone:8.28:vi00:
info display:update:Displaying splash screen:
info milestone:8.70:vi99:
info display:started:time=8710:
info system:emiting_event:display_ready:
info battery:charged:cap=98,mV=4169,mAH=1213:
info userstore:run:time=8980,action=start:
info system:emiting_event:battery_ready:
info userstore:found_bootup_flag::Found BOOTUP flag file
info cyttsp:update:vendor=CANDO:
info system:emiting_event:loaded_touch:
info system:emiting_event:mounted_userstore:
info milestone:11.08:fs50:
info milestone:11.11:fs90:
info milestone:11.15:fs99:
info milestone:11.18:sys99:
info system:emiting_event:dbus_ready:
info dbus:check-update:status=2:dbus_ready sent
info wan:info:type=4,version=ELMO_04_04_00:
info wand.conf:::wan start script complete
info milestone:12.63:xx00:
info X:load:time=12680:
info X:xorg.conf:Generating xorg.conf:
info X:makexconfig:Celeste Input device detection status:
info X:makexconfig:Touch device: OK:
info X:makexconfig:Accelerometer device: N/A !!:
info X:xorg.conf:xorg.conf generated:
info milestone:13.76:xx50:
info X:starting:time=13800:
info milestone:19.07:xx99:
info X:started:time=19090:
info system:emiting_event:x_setup_ready:
info locale:read:lang=en_GB.utf8,lc_all=en_GB.utf8,locale=en-CA:Retrieved Language
info system:emiting_event:langpicker_ready:
info blanket_f:module already loaded:splash:
info milestone:19.92:pi00:
info milestone:19.93:fr00:
info milestone:20.47:fr50:
info milestone:20.48:pi99:
info milestone:20.51:fr51:
info framework:starting:time=20590:
info wifim:enablediv:enabling antenna diversity for wifi...:
MAC from kernel xx:xx:xx:xx:B9:F7
wmi_control_rx() : Unknown id 0x101e
boot: I def:rbt:reset=user_reboot,version=175654:
info milestone:55.94:fr99:
info framework:started:time=56210,delta=35730:
info blanket_f:loading blanket module:usb:
info blanket_f:unloading blanket module:screensaver:
info blanket_f:module already unloaded:ad_screensaver:
info blanket_f:module already unloaded:ad_screensaver_active:
info blanket_f:loading blanket module:screensaver:
info blanket_f:unloading blanket module:splash:
info system:emiting_event:framework_ready:
Retrieved 171 keys for system/daemon/pmond/



Welcome to Kindle!

kindle login: root
Password:
#################################################
#  N O T I C E  *  N O T I C E  *  N O T I C E  #
#################################################
Rootfs is mounted read-only. Invoke mntroot rw to
switch back to a writable rootfs.
#################################################
[root@kindle root]# mntroot rw
system: I mntroot:def:Making root filesystem writeable
[root@kindle root]# cd /mnt/us
[root@kindle us]# ls -la
drwxr-xr-x    7 root    root          8192 Jun 26 09:43 .
drwxrwxr-x    8 root    root          1024 Oct  5  2012 ..
drwxr-xr-x  14 root    root          8192 Feb  4  2013 .active_content_sandbox
drwxr-xr-x  11 root    root          8192 Jun 30  2012 cc_factory
drwxr-xr-x    2 root    root          8192 Jun 26 09:37 diagnostic_logs
drwxr-xr-x    5 root    root          8192 Jan  1  2014 documents
-rwxr-xr-x    1 root    root    367001600 Jun 26 04:28 mmcblk0p1.img
drwxr-xr-x    7 root    root          8192 Jun 26 09:39 system
[root@kindle us]# dd if=mmcblk0p1.img
X,0W\D?»JÐ*ÈO£ÈOÿÿSï7IP
                      8
                        *µÀG
                            ??YêZê[ê\ê]ê^ê_ê`êaêbêcêdêeêf멲
ÔÕÖª
¤?¥?¦?æ¢t_u_v_Û
              DEF

þþþ)              Fä¾å¾æ¾¡´ÞµÞ¶Þ3
    TUVì$>%>&>p
              ô]õ]ö]Á
                      Ä}Å}Æ}RÂd½e½f½°
ÔÕÖs6Ý]
    ¤<¥<¦<      \u\v\E
ä»å»æ»´ÛµÛ¶Û²        D|E|F|oR
ûûû

T
$;%;&;9«        ôZõZöZÄzÅzÆz°
udºeºfºQ4Ú5Ú6ÚÁ úúúh
¤9¥9¦9YuYvYÜDyEyFyx ÔÕÖI

Can't really see what the reason is (tried different terminal packages, different file names downloaded from different places).

Any hint/advice/pointers would be appreciated.

K5 (PW-1) Attacked by Lab126

$
0
0
Yes, the first generation Paperwhite is now subject to an OTA update to the dreaded 5.6.x series firmware.

See:
http://www.amazon.com/gp/help/custom...deId=201064850

Quote:

Originally Posted by Amazon.com
We have a new, free software update available for your Kindle Paperwhite 1st Generation.

This update automatically downloads and installs on your Kindle Paperwhite when connected wirelessly;

However, you can also manually download the software and transfer the update to your device via USB cable.


Reported by: oumlaut
Who also reported that the 'bridge' did not appear to have worked.

- - - - -

*) Disable your wireless (put in airplane mode) ;
*) Install the Backdoor lock and lock it ;
*) DO THIS NOW!

Keep it locked and/or in airplane mode until the PW-1 jailbreak can be confirmed (by Niluje) as able to survive the update to 5.6.x on a PW-1 !

K5 Inside PW1-5.6.1.1

$
0
0
The following done on a Linux system. MacOSx should be similar.
Windows users, you will have to translate the following to whatever works. ;)
  1. Make a work place
    The naming conventions of this pathname are just mine, they really don't matter.
    Use whatever fits your own work habits.
    Code:

    core2quad ~ $ mkdir -p /var1/Kindle/kpw/pw-fw5.6
    core2quad ~ $ cd /var1/Kindle/kpw/pw-fw5.6
    core2quad pw-fw5.6 $

  2. Get update package
    Official released pw1-5.6.1.1 is at:
    https://s3.amazonaws.com/G7G_Firmwar...le_5.6.1.1.bin
  3. Get current KindleTool
    Since the PW-1 at this point is running a firmware prior to the 5.6.x series, even an 'old' KindleTool should work just fine for unpacking the update.
    But use the most recent version anyway, from:
    http://www.mobileread.com/forums/sho...d.php?t=225030
  4. Starting workplace
    core2quad pw-fw5.6 $ ls -l
    total 212940
    -rw-rw-r-- 1 mszick mszick 302561 2015-06-27 07:04 kindletool-v1.6.4-linux-i686.tar.gz
    -rw-rw-r-- 1 mszick mszick 217523739 2015-06-27 06:51 update_kindle_5.6.1.1.bin
  5. Keep a copy
    KindleTool's default is to delete the input file, unless you specify --keep
    So make a copy of the update now, for when you fat finger the KindleTool command later. ;)
    Code:

    core2quad pw-fw5.6 $ cp -a update_kindle_5.6.1.1.bin update_kindle_5.6.1.1.bin-bk
  6. Unpack KindleTool
    Note that I give the package its own sub-directory of the work place:
    Code:

    core2quad pw-fw5.6 $ mkdir kt
    core2quad pw-fw5.6 $ tar -C kt --extract --gzip --file=kindletool-v1.6.4-linux-i686.tar.gz
    core2quad pw-fw5.6 $ ls -l kt
    total 832
    -rw-r--r-- 1 mszick mszick 309303 2015-05-07 15:09 ChangeLog
    -rw-r--r-- 1 mszick mszick    839 2015-05-07 15:09 CREDITS
    -rwxr-xr-x 1 mszick mszick 502496 2015-05-07 15:09 kindletool
    -rw-r--r-- 1 mszick mszick  8115 2015-05-07 15:09 kindletool.1
    -rw-r--r-- 1 mszick mszick  10929 2015-05-07 15:09 README
    -rw-r--r-- 1 mszick mszick      7 2015-05-07 15:09 VERSION

  7. Check KindleTool
    If you have the one that matches your system, this should just display a help message:
    Code:

    core2quad pw-fw5.6 $ kt/kindletool
    No command was specified!

    usage:
    --- a whole lot of output snipped ---

  8. List package info
    Notice the use of option "--keep"
    Code:

    core2quad pw-fw5.6 $ kt/kindletool convert --info --keep update_kindle_5.6.1.1.bin
    Checking update package 'update_kindle_5.6.1.1.bin'.
    Bundle        SP01 (Signing Envelope)
    Cert number    2
    Cert file      pubprodkey02.pem (Official 2K)
    Bundle        FB03 (Fullbin [OTA?, fwo?])
    Bundle Type    Recovery V2
    Target OTA    2689890035
    MD5 Hash      b7b666b5600a1c34a45d54eb523570f1
    Magic 1        2048630901
    Magic 2        1897089723
    Minor          1
    Platform      Yoshime (Yoshime3)
    Header Rev    0
    Board          Unspecified
    Devices        6
    Device        Kindle PaperWhite Wifi
    Device        Kindle PaperWhite Wifi+3G Brazil
    Device        Kindle PaperWhite Wifi+3G Japan
    Device        Kindle PaperWhite Wifi+3G Europe
    Device        Kindle PaperWhite Wifi+3G Canada
    Device        Kindle PaperWhite Wifi+3G

    Looks like it should work.
  9. Extract package
    Make a sub-directory for the root of the package tree and extract.
    Code:

    core2quad pw-fw5.6 $ mkdir package
    core2quad pw-fw5.6 $ kt/kindletool extract update_kindle_5.6.1.1.bin package
    Extracting update package 'update_kindle_5.6.1.1.bin' to 'package'.
    Bundle        SP01 (Signing Envelope)
    Cert number    2
    Cert file      pubprodkey02.pem (Official 2K)
    Bundle        FB03 (Fullbin [OTA?, fwo?])
    Bundle Type    Recovery V2
    Target OTA    2689890035
    MD5 Hash      b7b666b5600a1c34a45d54eb523570f1
    Magic 1        2048630901
    Magic 2        1897089723
    Minor          1
    Platform      Yoshime (Yoshime3)
    Header Rev    0
    Board          Unspecified
    Devices        6
    Device        Kindle PaperWhite Wifi
    Device        Kindle PaperWhite Wifi+3G Brazil
    Device        Kindle PaperWhite Wifi+3G Japan
    Device        Kindle PaperWhite Wifi+3G Europe
    Device        Kindle PaperWhite Wifi+3G Canada
    Device        Kindle PaperWhite Wifi+3G
    x update-payload.dat
    x imx50_yoshime/uImage
    x imx50_yoshime/uImage.sig
    x rootfs.img.gz
    x rootfs.img.gz.sig
    x update-payload.dat.sig

  10. See what that got us
    Note: this is ls option -one, not -ell
    Code:

    core2quad pw-fw5.6 $ ls -1 package/*
    package/rootfs.img.gz
    package/rootfs.img.gz.sig
    package/update-payload.dat
    package/update-payload.dat.sig

    package/imx50_yoshime:
    uImage
    uImage.sig

    Note that each part is signed.
  11. Update Payload
    Code:

    core2quad pw-fw5.6 $ cd package
    core2quad package $ cat update-payload.dat
    1 898a5d0d2c0903643b1149c1f134be89 imx50_yoshime/uImage 37 main_kernel
    128 fdbd14b1c79e12fba0ba2c9bb618955a rootfs.img.gz 1645 update_image_rootfs
    core2quad package $ cd -
    /var1/Kindle/kpw/pw-fw5.6
    core2quad pw-fw5.6 $

  12. Uncompress the rootfs
    Code:

    core2quad pw-fw5.6 $ cd package
    core2quad package $ gunzip rootfs.img.gz
    core2quad package $ file rootfs.img
    rootfs.img: Linux rev 1.0 ext3 filesystem data, UUID=380c7f4e-6e00-41a1-a03f-9af1686e2334

    As expected.
  13. Make a mount point and mount
    Code:

    core2quad package $ sudo mkdir -p /mnt/kpw
    core2quad package $ sudo mount rootfs.img /mnt/kpw
    core2quad package $ ls /mnt/kpw
    bin  dev  etc  lib  lost+found  mnt  opt  proc  sbin  sys  usr  var

    That is the tree **before** it is mounted and running by the Kindle.
  14. Check the logins
    I'll spoiler the outputs for this section.
    Code:

    core2quad package $ cd /mnt/kpw/etc
    core2quad etc $ cat inittab

    Spoiler:

    # /etc/inittab: init(8) configuration.
    # $Id: inittab,v 1.91 2002/01/25 13:35:21 miquels Exp $

    # The default runlevel.
    id:2:initdefault:

    # Boot-time system configuration/initialization script.
    # This is run first except when booting in emergency (-b) mode.
    si::sysinit:/etc/init.d/rcS
    #si::sysinit:/bin/sh

    # What to do in single-user mode.
    ~~:S:wait:/sbin/getty -L 115200 ttymxc0 -l /bin/login
    #~~:S:wait:/sbin/getty -L 115200 ttymxc0 -l /bin/sh

    # /etc/init.d executes the S and K scripts upon change
    # of runlevel.
    #
    # Runlevel 0 is halt.
    # Runlevel 1 is single-user.
    # Runlevels 2-5 are multi-user.
    # Runlevel 6 is reboot.

    l0:0:wait:/etc/init.d/rc 0
    l1:1:wait:/etc/init.d/rc 1
    l2:2:wait:/etc/init.d/rc 2
    l3:3:wait:/etc/init.d/rc 3
    l4:4:wait:/etc/init.d/rc 4
    l5:5:wait:/etc/init.d/rc 5
    l6:6:wait:/etc/init.d/rc 6

    # Normally not reached, but fallthrough in case of emergency.
    #z6:6:respawn:/sbin/halt -d -f -p

    mxc0:2345:respawn:/sbin/getty -L 115200 ttymxc0 -l /bin/login
    #mxc0:2345:respawn:/sbin/getty -L 115200 ttymxc0 -l /bin/sh

    So login will be running on the serial port.
    Code:

    core2quad etc $ cat passwd
    Spoiler:

    root:x:0:0:root:/tmp/root:/bin/sh
    daemon:x:1:1:daemon:/usr/sbin:/bin/sh
    bin:x:2:2:bin:/bin:/bin/sh
    sys:x:3:3:sys:/dev:/bin/sh
    sync:x:4:100:sync:/bin:/bin/sync
    operator:x:37:37:Operator:/var:/bin/sh
    sshd:x:103:99:Operator:/var:/bin/sh
    messagebus:x:92:92:messagebus:/bin/false
    nobody:x:99:99:nobody:/tmp:/bin/sh
    default:x:1000:1000:Default non-root user:/dev/null:/bin/sh
    framework:x:9000:150:Framework User:/tmp/framework:/bin/sh

    And password table references the shadow table.
    Code:

    core2quad etc $ cat shadow
    Spoiler:

    root:!:10933:0:99999:7:::
    daemon:*:10933:0:99999:7:::
    bin:*:10933:0:99999:7:::
    sys:*:10933:0:99999:7:::
    sync:*:10933:0:99999:7:::
    operator:*:10933:0:99999:7:::
    sshd:*:10933:0:99999:7:::
    messagebus:*:10933:0:99999:7:::
    nobody:*:10933:0:99999:7:::
    default:!:10933:0:99999:7:::
    framework:!:14033:0:99999:7:::

    Users root, default and framework do not accept passwords of any sort.
    Other users are disabled.

    Ref: http://www.tldp.org/LDP/lame/LAME/li...e-formats.html
  15. Return to package
    Code:

    core2quad etc $ cd /var1/Kindle/kpw/pw-fw5.6/
    Then into the kernel part of the package.
    Code:

    core2quad pw-fw5.6 $ cd package/imx50_yoshime
  16. uImage file
    The kernel in u-boot, bootable format.
  17. Remove kernel from header
    Code:

    core2quad imx50_yoshime $ dd if=uImage ibs=64 skip=1 of=raw_image
    75775+0 records in
    9471+1 records out
    4849600 bytes (4.8 MB) copied, 0.0878131 s, 55.2 MB/s
    core2quad imx50_yoshime $ ls -l
    total 14252
    -rw-rw-r-- 1 mszick mszick 4849600 2015-06-27 09:50 Image
    -rw-rw-r-- 1 mszick mszick 4849600 2015-06-27 10:45 raw_image
    -rw-r--r-- 1 mszick mszick 4849664 2015-06-23 06:29 uImage
    -rw-rw-r-- 1 mszick mszick    256 2015-06-23 07:33 uImage.sig

    Either way works for a Kindle uImage, since they don't use the 8 byte ARM specific header option.
  18. Kernel's InitRamFS
    For more descriptive text on what I am doing here than anyone can stand, see the thread:
    http://www.mobileread.com/forums/sho...d.php?t=206188
    Lots of examples there of taking apart kernel images.

    Code:

    core2quad imx50_yoshime $ od -A d -t x1 raw_image | grep '30 37 30 37 30 31'
    0102688 30 37 30 37 30 31 30 30 30 30 30 32 44 31 30 30
    - - - lots of output snipped here - - -

    core2quad imx50_yoshime $ dd if=raw_image bs=1 skip=102688 of=kpw-trim-00.cpio
    4746912+0 records in
    4746912+0 records out
    4746912 bytes (4.7 MB) copied, 13.6347 s, 348 kB/s

    core2quad imx50_yoshime $ file kpw-trim-00.cpio
    kpw-trim-00.cpio: ASCII cpio archive (SVR4 with no CRC)

    core2quad imx50_yoshime $ mkdir cpio
    core2quad imx50_yoshime $ cd cpio
    core2quad cpio $ sudo cpio -i -d -m  --no-absolute-filenames -I ../kpw-trim-00.cpio
    cpio: Removing leading `/' from member names
    2017 blocks

    core2quad cpio $ ls -l
    total 28
    drwxr-xr-x 2 root root 4096 2015-06-27 11:14 bin
    drwxr-xr-x 7 root root 4096 2015-06-27 11:14 dev
    lrwxrwxrwx 1 root root  18 2015-06-27 11:14 init -> /bin/recovery-util
    drwxr-xr-x 3 root root 4096 2015-06-27 11:14 lib
    drwxr-xr-x 3 root root 4096 2015-06-27 11:14 mnt
    drwxr-xr-x 2 root root 4096 2015-06-23 06:28 proc
    drwx------ 2 root root 4096 2015-06-23 06:28 root
    drwxr-xr-x 2 root root 4096 2015-06-23 06:28 sys

  19. Looking a bit deeper
    Code:

    core2quad cpio $ cd bin
    core2quad bin $ ls -l
    total 800
    -rwxr-xr-x 1 root root  24398 2015-06-23 06:27 hotplug
    -rwxr-xr-x 1 root root  13240 2015-06-23 06:04 ipconfig
    -rwxr-xr-x 1 root root  76392 2015-06-23 06:04 kinit
    -rwxr-xr-x 1 root root  30707 2015-06-23 06:28 mkdosfs
    -rwxr-xr-x 1 root root  7644 2015-06-23 06:04 nfsmount
    -rwxr-xr-x 1 root root 571603 2015-06-23 06:27 recovery-util
    -rwxr-xr-x 1 root root  2116 2015-06-23 06:04 run-init
    -rwxr-xr-x 1 root root  66224 2015-06-23 06:04 sh

    core2quad bin $ file *
    hotplug:      ELF 32-bit LSB executable, ARM, version 1 (SYSV), dynamically linked (uses shared libs), not stripped
    ipconfig:      ELF 32-bit LSB executable, ARM, version 1 (SYSV), statically linked (uses shared libs), stripped
    kinit:        ELF 32-bit LSB executable, ARM, version 1 (SYSV), statically linked, stripped
    mkdosfs:      ELF 32-bit LSB executable, ARM, version 1 (SYSV), statically linked (uses shared libs), not stripped
    nfsmount:      ELF 32-bit LSB executable, ARM, version 1 (SYSV), statically linked (uses shared libs), stripped
    recovery-util: ELF 32-bit LSB executable, ARM, version 1 (SYSV), dynamically linked (uses shared libs), not stripped
    run-init:      ELF 32-bit LSB executable, ARM, version 1 (SYSV), statically linked (uses shared libs), stripped
    sh:            ELF 32-bit LSB executable, ARM, version 1 (SYSV), statically linked (uses shared libs), stripped

    All compiled code, but they left us some of the symbol tables.

    Note the really interesting one: nfsmount (in the initramfs system?).
    That will make for some interesting nights work for someone.
  20. Misc. Strings
    This is just a quick and dirty use of:
    Code:

    core2quad bin $ od --strings=16 recovery-util | less
    Like I wrote, quick and dirty.
    Code:

    0332340 nfs_boot_default
    0332370  Make sure the Ethernet interface is configured on your host machine.
    0332477 ipconfig -d nfsaddrs=%s:%s:%s:%s:%s:%s
    0332715 nfsmount -o v3,tcp %s:%s /root

    Well, that sort of makes it look like nfsmount is there for a reason. ;)
    Code:

    0334360 /proc/sys/vm/drop_caches
    0334760 /mnt-us/update-failed.log
    0335643 /bin/mkdosfs -F 32 -s 16 -B 4 -P %llu -n Kindle -v %s
    0336554 %s: (%u of %u MiB)

    Parameters to rebuild your USB storage with.
    Code:

    0343154 /mnt-us/system/SKIP_BATTERY_CHECK_FOR_UPDATE
    No comment.
    Code:

    0350112 /mnt-us/data.stgz
    :D
  21. BIG NOTE:
    This initramfs is statically linked into the kernel binary (not dynamically loaded by the kernel) which makes it GPLv2 (same as the kernel).

    So disassemble and post (somewhere other than MR) to your heart's content.

Attached Files
File Type: gz cpio.tar.gz (514.6 KB)

K3 Recommended method(s) to change PATH and define aliases

$
0
0
I know about /etc/profile and I have read lots of forum posts here saying one should avoid making changes to the read-only root file system (and I understand why).

I'm wondering what the recommended and simplest methods are for changing the PATH and defining aliases when logging in to my Kindle over wifi and USBNet?

Ideally I'd like something akin to /etc/profile.d/ but it's not a firm requirement.

I know about bash for Kindle and aliases under BusyBox but I'd like to use whatever capabilities exist with a freshly jailbroken kindle and not have to install other binaries, and if possible avoid modifying the read-only root file system.
Viewing all 4434 articles
Browse latest View live