(that's Kindle-Swiss Army Knife, I literally just made it up as I'm typing this, so name change is flexible. Feel free to suggest a better name) (also, add to the title: for Kindle Touch & Kindle 4 only)
I wanted to keep this a secret until the next kindle comes out (rumors are that a backlighted kindle touch is coming in july) but after skimming through many of the bolded threads, I've found that you guys already know about the power of usb download mode but are just scratching the surface of what it can do. Using it to just load u-boot to run fastboot seems like an insult to a feature that allows R/W of all the programmable registers on the device + ability to execute ANY code. So if amazon removes it or enables HAB in the next device, they would already do so.
I usually hate "teaser" threads that talk about something but doesn't deliver any goods, so please hang with me here. I'm posting this only so potential developers can collaborate with me. More details later on. (and there are some goods)
How this came about:
Before I took (what I thought was) a short absence, I discovered mfgtools, usb downloader, and how to run custom u-boots. I made some comments in the IRC and didn't think much about them. I had an idea of something like what I'm making right now, but I didn't have the time to do it. A three weeks ago, I finally got some free time so I explored this stuff again. The first thing I did was read the giant 2000+ page manual (mostly skim, read the important stuff) on the iMX50 chipset from freescale (it's on their site). Got used to the boot process, how stuff are programmed, and so on. Then I got the mfgtools source and figured out how that worked. Then, I wrote a multi-platform library that interacts with the usb download device based on hidapi (https://github.com/yifanlu/LibiMX50USB). Finally, I read the u-boot source and figured out the boot initialization, and duplicated it using DCD commands. (You can find that here: https://github.com/yifanlu/LibiMX50U...MXUSB/imxusb.c under imx50_kindle_init(), it's pretty cool, it literally does the low level initialization for the device over usb and allows access to all 256MB of the RAM for use BEFORE bootup).
What I have done:
To summarize what I said above, we can 1) take complete control of the device BEFORE the bootloader, aka unpatchable. 2) read/write to all 256MB of the ram, allowing us to upload custom kernels and initramfs/initrd. 3) this means a) jailbreak, and b) unbricking.
The goal:
Now, I've skimmed though threads like "Simple debricking" and my own readme for the jailbreak process, and they are all extremely hard to do. Having to download random files, perform complex terminal commands and so on. Too hard to do and makes the kindle platform something that the very tech un-savvy users (there are MANY in the kindle community) can't get into. My goal is to provide a Windows/Mac/Linux tool that first shows the user through images how to get the device into usb download mode and then one button to jailbreak and one button to "restore to factory".
What I need:
So now that you have an idea of what I did and what I want to do, the main thing I would like help with is the jailbreak/recovery image itself. I'm thinking it should be either an initramfs or initrd (doesn't matter) image that we flash into memory in usb download mode. I already have a custom kernel that can load it. This image has to 1) be extremely small, aka busybox linux + tools, 2) prompt commands and such on the screen, allowing input from device, and 3) perform actions. I already have a bash script that does screen writing and option reading, but a C program or something would be cooler (I didn't write a native app because I thought it would be harder to do stuff like mount over USB through C code). Currently, I have a very stripped down version of the diags partition with most of the stuff removed only leaving busybox and some device tools along with my custom script. I hope this will work, I can PM you the image and you can add to it.
I hope that by posting this publicly, I would be more motivated to code quickly and release quickly. Maybe before the next kindle comes out. :P
I wanted to keep this a secret until the next kindle comes out (rumors are that a backlighted kindle touch is coming in july) but after skimming through many of the bolded threads, I've found that you guys already know about the power of usb download mode but are just scratching the surface of what it can do. Using it to just load u-boot to run fastboot seems like an insult to a feature that allows R/W of all the programmable registers on the device + ability to execute ANY code. So if amazon removes it or enables HAB in the next device, they would already do so.
I usually hate "teaser" threads that talk about something but doesn't deliver any goods, so please hang with me here. I'm posting this only so potential developers can collaborate with me. More details later on. (and there are some goods)
How this came about:
Before I took (what I thought was) a short absence, I discovered mfgtools, usb downloader, and how to run custom u-boots. I made some comments in the IRC and didn't think much about them. I had an idea of something like what I'm making right now, but I didn't have the time to do it. A three weeks ago, I finally got some free time so I explored this stuff again. The first thing I did was read the giant 2000+ page manual (mostly skim, read the important stuff) on the iMX50 chipset from freescale (it's on their site). Got used to the boot process, how stuff are programmed, and so on. Then I got the mfgtools source and figured out how that worked. Then, I wrote a multi-platform library that interacts with the usb download device based on hidapi (https://github.com/yifanlu/LibiMX50USB). Finally, I read the u-boot source and figured out the boot initialization, and duplicated it using DCD commands. (You can find that here: https://github.com/yifanlu/LibiMX50U...MXUSB/imxusb.c under imx50_kindle_init(), it's pretty cool, it literally does the low level initialization for the device over usb and allows access to all 256MB of the RAM for use BEFORE bootup).
What I have done:
To summarize what I said above, we can 1) take complete control of the device BEFORE the bootloader, aka unpatchable. 2) read/write to all 256MB of the ram, allowing us to upload custom kernels and initramfs/initrd. 3) this means a) jailbreak, and b) unbricking.
The goal:
Now, I've skimmed though threads like "Simple debricking" and my own readme for the jailbreak process, and they are all extremely hard to do. Having to download random files, perform complex terminal commands and so on. Too hard to do and makes the kindle platform something that the very tech un-savvy users (there are MANY in the kindle community) can't get into. My goal is to provide a Windows/Mac/Linux tool that first shows the user through images how to get the device into usb download mode and then one button to jailbreak and one button to "restore to factory".
What I need:
So now that you have an idea of what I did and what I want to do, the main thing I would like help with is the jailbreak/recovery image itself. I'm thinking it should be either an initramfs or initrd (doesn't matter) image that we flash into memory in usb download mode. I already have a custom kernel that can load it. This image has to 1) be extremely small, aka busybox linux + tools, 2) prompt commands and such on the screen, allowing input from device, and 3) perform actions. I already have a bash script that does screen writing and option reading, but a C program or something would be cooler (I didn't write a native app because I thought it would be harder to do stuff like mount over USB through C code). Currently, I have a very stripped down version of the diags partition with most of the stuff removed only leaving busybox and some device tools along with my custom script. I hope this will work, I can PM you the image and you can add to it.
I hope that by posting this publicly, I would be more motivated to code quickly and release quickly. Maybe before the next kindle comes out. :P