
Jailbreaking the Kindle - bdelay
https://github.com/sgayou/kindle-5.6.5-jailbreak/blob/master/doc/README.md
======
mintplant
I wouldn't use my Kindle half as much if it weren't for KOReader [0].
Ironically enough for a dedicated reading device, Amazon's built-in reader app
pales in comparison to this third-party tool. The killer feature for me is on-
the-fly column splitting and text reflow, with the ability to flip to the
original page view by tapping a corner -- this is critical for reading
academic papers, which tend to be two-column PDFs. It also features contrast
adjustment, more fonts, stylesheets, wireless syncing with Calibre, and
support for many more file formats including ePub.

There's also a Gargoyle [1] port for interactive fiction on the go. It's less
practical due to the input lag on the Kindle keyboard, but I still pull it out
every now and again.

[0]
[https://github.com/koreader/koreader](https://github.com/koreader/koreader)

[1] [http://www.fabiszewski.net/kindle-
gargoyle/](http://www.fabiszewski.net/kindle-gargoyle/)

~~~
josteink
> \- this is critical for reading academic papers, which tend to be two-column
> PDFs

Kindle's and PDFs goes together badly. This is common knowledge.

My solution is only using web-pages based formats like mobi or epub based
books.

The rest... Let's say they don't get in my reading list.

Just like the web is nicer without flash, ebooks are just nicer without
publishing formats like PDFs which natively can't support reflow or anything
super basic required for easy reading.

~~~
throwawayIndian
> Just like the web is nicer without flash, ebooks are just nicer without
> publishing formats like PDFs.

Web is nice _because_ of flash. The video tag in HTML5 happened only after
successes of services like Youtube and Vimeo and hundreds of others after they
set off on their paths with Macromedia flash. Stop fooling yourself with that
kool-aid against flash in recent years.

It's dated for sure, but credit be given where credit is due.

~~~
yabatopia
People tend to forget what a blessing Flash was when it first arrived on the
web, how horrible other plugins were, like the awful Java mess. Everytime a
Java-applet tried to run, you could only pray it wouldn't crash your browser
and take your whole system down. Or the terrible experience called RealPlayer!
Sure, Flash has a bad security reputation, for good reason, but it made the
web more beautiful, interactive,fun and usable at the beginning of the new
century. All you had to do was click on "Skip website intro".

~~~
lj3
I haven't forgotten. Even today, creating dynamic apps in flex using xml and
actionscript is easier, more performant and saner than using HTML5. If only
the flash player wasn't a minefield of bugs and security vulnerabilities. :(

------
david-given
I did some playing with a Kindle 3 a few years back --- I was writing programs
that integrated into the native UI. I built an app which was a Javascript
interpreter bolted onto a VT52 terminal emulator. You could type in programs
and run them! Using the K3's fiddly little keyboard! Um, awesome.
[http://cowlark.com/kindle/javascript.html](http://cowlark.com/kindle/javascript.html)

This was on the 3.1 firmware, so it's likely all completely obsolete on modern
devices.

...the 3.1 firmware was terrible. It was all Java based, but Java 1.4. No
generics! No autoboxing! No foreach! People forget just how _awful_ early
versions of Java were in comparison to what we have today. I ended up building
a toolchain using RetroWeaver to convert modern Java bytecode into something
that would run on the Kindle.

Also, the firmware was based on the Personal Basis Profile 1.1. Think back,
way into the past, before there were smartphones and Android and iOS... back
to the heyday of the downloadable Java applet for your T9-based phone. Yup,
that. Kindle apps were midlets, and anyone who remembers writing programs for
midlets will be shuddering by now.

And it gets worse! The Kindle ran the entire UI, third-party applications
included, in a single Java VM. It was as fragile as hell, and it tended to
silt up with un-garbagecollectable data until it crashed and rebooted. If you
left a thread running on application exit, it would crash and reboot. If your
app hung you had to power cycle the device. I believe that the reason why
Amazon never really opened up the Kindle to large-scale third party apps was
mainly embarrassment.

Good times. Good times...

~~~
esrauch
I was an intern on a team that did some Kindle work in 2010 and the Java
limitations at that time were definitely a very real annoyance for internal
code: they didn't do anything like you are describing for Java bytecode
conversion for 1p development to make it less annoying. The issue was maybe
even deeper than you noticed, core parts of the API like String.substring()
weren't implemented and would just throw a runtime exception.

~~~
david-given
You mean... you wrote Java 1.4 _by hand_?

I'm so, so sorry.

------
jonahx
Could anyone knowledgeable about this explain what you can do with a
jailbroken kindle that you cannot do with a locked one?

~~~
semi-extrinsic
I've jailbroken mine to have custom covers. Instead of famous dead American
authors I've never read, I have famous dead physicists whom I've actually read
and whom I admire.

~~~
chadgeidel
I'd love to do this using "pulp" science fiction book covers. I assumed that
there was already a tutorial for this, but my Google-fu is weak. Did you use a
guide or just DIY? What size/resolution image does the Kindle expect? Is there
a filename format or a directory structure to use?

~~~
DanBC
I think you want screensaver hacks. Here's one example, but there are others.

[http://wiki.mobileread.com/wiki/Kindle_Screen_Saver_Hack_for...](http://wiki.mobileread.com/wiki/Kindle_Screen_Saver_Hack_for_all_2.x,_3.x_%26_4.x_Kindles)

Some people add their contact details to the screensaver images, so if you
lose your kindle your contact details are the first thing someone who finds it
will see.

~~~
rsync
Maybe a better hack would be to disable screensavers since they serve no
purpose on an e-paper display and actually _cost battery_ to switch from text
-> screensaver -> text.

The better behavior would be to not flip the screen at all and keep it static,
using no battery.

------
Zombieball
Not sure if you are the author or just sharing. If you authored this I would
highly recommend mentioning which "kindle" this is applicable to as the first
topic. There are multiple generations of kindle e-readers and kindle tablets.
It's not readily apparent up front as to which this is applicable to.

~~~
david-given
Just to clarify: this is referring to the e-ink Kindles, not the Kindle Fire
Android tablets. The post could definitely be clearer.

All the e-ink Kindles have basically the same architecture and run basically
the same firmware, so the exploit should run on any device with that model of
firmware.

~~~
dexterdog
So even the older kindles like the DX?

------
criddell
All I want is an e-ink device that I can use with books purchased from Amazon,
Apple, Google, B&N, and other vendors.

Why is that so hard?

~~~
ArtDev
Check out the Kobo.

~~~
criddell
I have. Last time I checked, the Kobo couldn't open DRM protected books from
Amazon.

~~~
dublinben
It can if you remove the DRM from them. Amazon is selling you a broken
product, so I don't recommend buying books from them anyway.

~~~
criddell
True, but I wouldn't care about DRM if I could still buy books at any
bookstore.

DVD's and Blueray disks have DRM, but I can buy one from any store and it will
work with my player and my TV. It doesn't seem like a lot to ask for.

------
Steeeve
The more I see writeups like this, the more I wonder if the effort being laid
out by the people doing the work is compensated appropriately.

I'm not sure what Amazon pays for identifying a security flaw, but I imagine
it's somewhere between $5 and $15k.

Having success monthly might yield reasonable compensation, but companies only
pay when a flaw is identified, which means you don't get paid for your work,
you get paid for your successful work. And you don't get to define what is
successful, nor is there usually a clear definition of what successful
actually means.

I understand that many people do this to get a job in security / security
research, but it just seems like the effort-to-payoff ratio still favors
people using their found exploits for evil dramatically.

There really should be a different pricing model around security exploits -
one that encourages responsible disclosure more heavily.

~~~
bdelay
I don't believe Amazon officially pays for security flaws. They ended up
sending me a free Kindle (pretty funny) and got an interview out of it. That
didn't end up going anywhere, but I got a heck of a lot further than the black
hole that is most job application processes these days. Seemed like a fair
trade considering the market for Kindle 0days is somewhere near $0.

It's a neat project to talk about during interviews. Nothing more.

------
enthdegree
How do you get the background to pursue this sort of thing?

I've programmed and used Linux for a little while and I've done some simple
things in assembly language (although not in much depth), but all the
technical things past the __CVE-2013-2842 __section are impenetrable to me.

~~~
bdelay
Started out cracking software on embedded systems a long time ago. That led to
an understanding of ASM and reverse engineering. Going from there to
exploitation isn't a giant leap.

There's quite a few books on the subject. Hacking: The Art of Exploitation is
a decent hello world introduction to the subject. Reading CTF practice problem
writeups and then trying easier ones yourself are also good experiences.

For REing, [http://crackmes.de](http://crackmes.de) is a blast. The entry
level challenges should be easy to grasp after reading a few tutorials. Would
recommend running everything in a Windows VM. ;)

Good luck!

------
pavanlimo
I was recently researching ebook readers and found Kobo devices way better
than Kindle (and cheaper too). Especially for somebody who is a power user of
devices. Without getting into specifities, I found that in general Kobo is
more open.

------
wineisfine
Btw here is a webservice that converts and sends ePub's to your kindle,
without having to use Calibre yourself
[http://www.sendepubtokindle.com](http://www.sendepubtokindle.com)

------
shostack
All I want is to invert colors on my Paperwhite for easier reading with the
lights off. Why is that so hard?

------
geniium
Maybe that'll make Amazon update their Kindle's experimental browser. It has
an underestimated potential.

Will keep an eye on this, even if am now using a Kobo H20.

~~~
geniium
Update: the conclusion of the article mentioned :

"For the fix, Amazon did quite a few things. They sandboxed the browser, fixed
the permissions issue, removed fc-cache.sh, and most likely patched Webkit.
Webkit still crashes when executing the PoC. Unsure if that's because of the
process running out of memory or some other issue."

