Hi all,
Here is a placeholder for notes about jailbreaking OTA updated PW4 devices
As explained in coplate's thread "Brand new PaperWhite 4 (2018) factory image JailBreaking", the software JB method does not work for devices that have been OTA updated
While the best is to prevent the device from updating from OTA and follow this thread, some unaware people (as I was) let the device do the 5.10.1.2 update. Now, the only remaining possibility seems to use the device's serial port.
This implies to open the device case. Opening this PW is rather easy (easier than I thought).
Just look at https://www.mobileread.com/forums/sh...d.php?t=312360 and watch the Pro Repair Tech's PW4 teardown vid: https://www.youtube.com/watch?v=apt9NcJvcdo
In my case, I did not use specifics tools but only 3 standard guitar picks !
The serial connector is located on the top right of the motherboard and it is branded "S700".
But as the PW4 is waterproof, the motherboard pcb is "tropicalized" (e.g. a tropicalisation coating is applied on the motherboard).
I managed to solder TX and RX pin but not the GND. In the end, I just taped the GND wire on the cpu shield. It's not very clean, but it works.
To connect it to the computer, I use a FTDI TTL-232RG-VREG1V8-WE (USB to UART cable with +1.8V TTL level UART signals)
I then rebooted the device and stopped the autoboot. But I noticed that the previous kindle serial method does not work !
Indeed, the PW4 bootloader is a U-Boot version that includes a fastboot server which is launched automatically.
So, I used a kindle specific fastboot version (https://github.com/TobiasWooldridge/Fastboot-Kindle) to try to deal with it.
Unfortunatly, the "bootmode" variable is unknown and I can't change it to diags
I also tried to download and boot on the rootfs.img extracted from 5.10.0.1 factory *.bin package. Download is OK but boot command is locked !
At this point, I did not found other ways to get further.
There is one last thing I'd like to try:
(using rootfs.img extracted from 5.10.0.1 factory package)
but this is a one-way step. If it fails, my Kindle will probably be bricked ...
If anyone have some advices, let me know here ...
Here is a placeholder for notes about jailbreaking OTA updated PW4 devices
As explained in coplate's thread "Brand new PaperWhite 4 (2018) factory image JailBreaking", the software JB method does not work for devices that have been OTA updated
While the best is to prevent the device from updating from OTA and follow this thread, some unaware people (as I was) let the device do the 5.10.1.2 update. Now, the only remaining possibility seems to use the device's serial port.
This implies to open the device case. Opening this PW is rather easy (easier than I thought).
Just look at https://www.mobileread.com/forums/sh...d.php?t=312360 and watch the Pro Repair Tech's PW4 teardown vid: https://www.youtube.com/watch?v=apt9NcJvcdo
In my case, I did not use specifics tools but only 3 standard guitar picks !
The serial connector is located on the top right of the motherboard and it is branded "S700".
But as the PW4 is waterproof, the motherboard pcb is "tropicalized" (e.g. a tropicalisation coating is applied on the motherboard).
I managed to solder TX and RX pin but not the GND. In the end, I just taped the GND wire on the cpu shield. It's not very clean, but it works.
To connect it to the computer, I use a FTDI TTL-232RG-VREG1V8-WE (USB to UART cable with +1.8V TTL level UART signals)
I then rebooted the device and stopped the autoboot. But I noticed that the previous kindle serial method does not work !
Code:
U-Boot 2016.03 (Oct 12 2018 - 17:30:31 -0700)
CPU: Freescale i.MX6SLL rev1.1 996 MHz (running at 792 MHz)
CPU: Commercial temperature grade (0C to 95C) at 50C
Reset cause: POR
Board: MX6SLL Rex
I2C: ready
DRAM: 512 MiB
entering PMIC test mode
in PMIC test mode -- apply bootup workaround
switching back to PMIC user mode
setup_pmic_mode -- make sure pmic is in user mode
MMC: FSL_SDHC: 0, FSL_SDHC: 1, FSL_SDHC: 2
idme_initialize
Idme version is 2.x and set related function to V2.x
IDME table version 2.1
hibernation: Not from hibernation
Core : f770ee83 2018/03/16 19:49:02 (Licensed to Amazon Fulfillment Services,Inc..)
SBIOS: v2.0 2018/10/16 15:53:04
TTBR:9fffc059
Platform: v2.0 2018/10/16 15:53:04
fl
*** Warning - bad CRC, using default environment
In: serial
Out: serial
Err: serial
force_idle_bus: sda=0 scl=1 sda.gp=0x1 scl.gp=0x0
force_idle_bus: failed to clear bus, sda=0 scl=1
Hardware Board: Unknown(12)
Board ID is P001************
WFO module
secure_cpu: 1, production: 1, unlocked: 0
Boot mode is 0
Hit any key to stop autoboot: 0
Enter fastboot mode, use Ctrl+C to exit.
Enter fastboot mode, use Ctrl+C to exit.So, I used a kindle specific fastboot version (https://github.com/TobiasWooldridge/Fastboot-Kindle) to try to deal with it.
Unfortunatly, the "bootmode" variable is unknown and I can't change it to diags
I also tried to download and boot on the rootfs.img extracted from 5.10.0.1 factory *.bin package. Download is OK but boot command is locked !
Code:
Starting download of 460800000 bytes
..........................................................................
.....................................
downloading of 460800000 bytes finished
locked command: bootThere is one last thing I'd like to try:
Code:
fastboot flash system rootfs.imgbut this is a one-way step. If it fails, my Kindle will probably be bricked ...
If anyone have some advices, let me know here ...