About

On this blog we will track down the latest Amazon Kindle news. We will keep you up to date with whats hot in the bestsellers section, including books, ebooks and blogs... and we will also bring you great Kindle3 tips and tricks along with reviews for the latest KindleDX accessories.

Recent Comments

September 2016
M T W T F S S
« Oct    
 1234
567891011
12131415161718
19202122232425
2627282930  

Updating Kindle DX or Kindle 2 to Kindle 3.x Firmware

Having discovered an already functional jailbreak for the Kindle Touch recently thanks to independent developer Yifan Lu, I was also pleased to note that there is a way to get your older Kindle devices somewhat more up to date.  It turns out that the hardware improvements in the Kindle 3 as compared to the Kindle 2 and Kindle DX, particularly the processors, were not significant enough to make it impossible to run the newer version.

To get this update installed, you will need a few things.  The most important, and possibly the hardest to get in some cases, is a working Kindle 3 (Kindle Keyboard) that has been jailbroken.  Assuming you have a spare Kindle 3 laying around, the same site linked in the instructions to follow contains detailed instructions on the jailbreaking process under the “Projects” tab.  You will also need a minimum of 900mb free on your Kindle 2/Kindle DX and 720mb free on your Kindle 3.  Naturally a USB transfer cable will be important as well.

Assuming you have all of these things, check out this page on Yifan Lu’s site.  The included instructions are simple to follow and while it will probably take you anywhere from one to three hours to complete the entire process, there is little room for error if you follow the order of operations correctly.

There are several things that you must be aware of before starting in on this:

  • Should you allow either of your Kindles to lose power while they are in use, it is likely to cause some major problems.  Charge them before you begin.
  • Once completed, you will have to repeat the process for any future firmware updates.  The Kindle 2 or Kindle DX will not be able to automatically access the files released for the Kindle 3.
  • While the hardware difference between these Kindles is not large enough to make the process inadvisable, as it would be if going from the Kindle 4 to the Kindle 3, there is a difference.  You will experience slight lag as the downside of your improved functionality.
  • Active content such as Kindle games will not work as a result of the update.  The developer of this update process doesn’t know exactly why, nor does there seem to be any major fix for this.  Be aware.
  • Sound/Music playback on the newly updated device will be flawed.  Since it will have been jailbroken it is possible to install an alternate music player to fix this, but it is an additional step for people who make much use of the eReader’s audio playback abilities.
  • There have been some unconfirmed reports that extremely large PDF files have issues on devices updated in this fashion.  This is likely the result of slightly inferior hardware and will probably not be an issue compared to the greatly improved PDF handling, but it is worth noting.

We can’t quite say why Amazon chose not to update these older Kindles, although it has been speculated that they were consciously abandoned to drum up business for the Kindle 3.  Also possible is the idea that faster processing simply opens more doors to new features that couldn’t be productively implemented otherwise.  Either way, at least now it is possible for owners of older Kindles to get the most out of their devices.

While the newer Kindle 4 and Kindle Touch are great, eReaders are made to last and there is no reason for a satisfied owner to throw away their perfectly good Kindle 2.  With the Kindle DX it’s an even more obvious choice, since there is yet to be a hardware update to the larger form and it looks increasingly like there never will be.  This update makes it even more desirable for those who need the 9.7″ screen.

Simple Kindle Touch Jailbreak Released Using MP3

The Kindle Touch may not be running Android like its tablet counterpart, but it also doesn’t run the operating system found in previous models of the Kindle eReader line.  The focus is now on HTML5 and Javascript interfaces rather than the previous Java implementations.  This means that pretty much none of the old hacks and mods that have been released for the Kindle line will be of any use to customers this time.  Of course that was bound to be addressed fairly quickly.

Yifan Lu, a freelance developer, has found an exploit in the way the Kindle Touch handles MP3s which will allow people to easily jailbreak their new eReader.  Along with that discovery, he revealed that the majority of the device’s interface is simply HTML pages in disguise.  This alone means that coming up with interesting mods will be significantly easier than was previously the case, unless I miss my guess.  It implies a greater degree of system control through Javascript than is normally possible.  For now there isn’t much for an end-user to work with, but there is every reason to believe that you will find modules for adding EPUB support and any number of other fun extra functions in the months to come.

In order to attempt this Jailbreak (Which neither I nor this site recommend or take any responsibility for as it voids the warranty and may render your Kindle unusable if something goes wrong), head to this site and follow the instructions included in the Zip Archive’s README file.  This involves nothing more than connecting your Kindle to a computer, copying a .mp3 file to your music folder, disconnecting from the computer, and running the music player.  A button pops up labeled “Press to Jailbreak!” and you’re done.

My trial of this process went smoothly and did pretty much nothing.  It is definitely anything but an urgent need or an inherently beneficial act for most people.  All you are doing is enabling root access to your device, which means that among other things installing third party software will be possible. Chances are good that even with this it will not be possible to open up general 3G internet access, use of neglected hardware like the internal mic, or removal of advertising, but other than that there shouldn’t be many limits.

If you are interested in the potential that the process opens up, I would recommend both acquiring your Kindle Touch in the near future and making sure not to allow any software updates on the device until it is certain that the changes will be kept around.  While Amazon has been incredibly open in their lack of interest in securing the Kindle Fire in any significant way, they have a history of being somewhat more closed with their eReaders.  Not the least important reason for this is the heavy investment the company has made in their proprietary format, the evasion of which would likely be the first thing that customers use their new found freedom to achieve.

Jailbreaking the International Kindle

I was quite close to publishing similar findings myself but Jean-Yves Avenard beat me to it. It is now possible to create custom updates for International Kindle that runs firmware 2.2.* Fortunately there is no need for hardware changes

A little background information first. A while back Igor Skochinsky found serial console connector on Kindle 1 and reverse engineered scripts that Kindle uses to update it’s firmware. Since Amazon is paying for it’s wireless traffic they don’t push full firmware dumps as updates but rather compressed linux patches that only change the things that need to be changed and are relatively small. In Kindle 2 same scripts were used. The only thing that changed was device ID. This was to safeguard against installing update for wrong Kindle device rather than to prevent custom update installation altogether. Kindle DX was a similar story.

However it all changed when Kindle 2 International came out. There was a device ID change as well but updates still failed to install. Using debug commands that still worked (you need to type then in the home screen search box – they are quite harmless will not break your Kindle):

  • ;debugOn
  • ;dumpMessages

Amonng other housekeeping messages it returned the folloing lines:

091021:102422 EXT3 FS on mmcblk0p1, internal journal
091021:102422 system: I _otaupexec:def:processing update /mnt/us/update_tool.bin
091021:102422 system: I _otaupexec:def:version is “FC02″
091021:102422 system: I _otaupexec:def:update image checksum OK
091021:102422 system: E _otaupexec:def:signature does not exist for “tool.sh”
091021:102422 system: E _otaupexec:def:signature verification failed

So it looked like Amazon was signing update packages now. Worst case scenario would have been usage of asymmetric encryption keys like RSA that would be impossible to break until we have working full-scale quantum computers. Best case would be Amazon using something simple – like tar file scrambling that they are using to “encrypt” the whole update file.

I was trying to break into the Kindle via serial console that can be exposed by sliding the top plastic cover off the device but fried my Kindle in the process.

While I was waiting for the new device to arrive, mobileread.com member clarknova suggested using a tarbomb to break into the new Kindle. He assumed that new Kindle would still use the old code to extract files from the update before verifying the signatures. It proved to be true. A tarbomb exploits the fact that linux tar would extract anything that is given to it and might put it somewhere where package receiver didn’t intent it to go. For example older versions would honor relative paths, so if tarball contained file ../../etc/rc5.d/S00kill-code and most likely user would try to unpack the file in /home/username, the malicious file would go into /etc/rc5.d/ and get executed on the startup. While version of tar that is installed on Kindle discards parent directory references, it allows to unpack a symlink that points anywhere in the filesystem. This allowed to craft an update that would still fail to install but in the process would deposit a startup script that would unlock further access to Kindle internals.

Unfortunately Amazon did use the asymmetric encryption to sign the packages. Fortunately there is a very nice way around. Kindle doesn’t use just one key to verify the signature – it enumerates all key files in /etc/uks directory and if any of the keys yields a positive signature validation – the file passes the test. So Jean-Yves Avenard created a tarbomb that would add extra public key to that directory. He also modified Igor’s script to use corresponding private key to sign all the files in the package.

Nice thing about this mod is that it doesn’t change any files in Kindle filesystem, it just adds. So it will not cause checksum conflicts when installing official Amazon updates in the future. However if you use this jailbreak mod to install other updates like Unicode Font Hack, screensaver, savory, etc that DO change files then standard rules apply – official updates will fail and you’ll need to revert the hacks, install official update manually and then reinstall the hacks. Although I doubt that we’ll see many official Amazon updates anytime soon. I’ll make a separate post on this topic at some other time.

I’m pretty sure that in the next version of the device (International Kindle DX perhaps or whatever comes next), Amazon will fix this vulnerability and serial console might be required to install things on Kindle or perhaps some other security exploit. But for now here are specifics:

You can download the “jailbreak” update here. I’ve tested it on my Kindle and it works perfectly. It also contains the updated script to create your own packages. However I would strongly advise you to do it only if you really-really need to, really-really know that you are doing and are willing to brick your device. Several people were known to irreversible brick their Kindle eBook readers by experimenting with them. I bricked two so far trying to create unicode font hack – one US Kindle 2 a while back another Kindle 2 International recently.

So if you are not sure about what are you doing – stick to pre-canned hacks from verified sources that have been tested to work and have uninstallers available. These are relatively safe though again there is always a chance of something going wrong and hacking the Kindle absolutely does void the warranty.

I’ve tested the pre-canned screensaver hack that can be downloaded here and it does work perfectly.

To avoid having to jailbreak Kindle multiple times and creating potentially conflicting hacks I recommend to all Kindle modders out there to use Jean-Yves Avenard’s packager and private/public key pair for creating Internaional Kindle hacks. I’m going to use it for Unicode Font Hack myself.

Right after publishing this post I’m going to reorganize the Unicode Font Hack a bit and release a new version for all Kindle versions including the international one. Stay tuned!