Kindle 3 hacking

My latest gadget is a kindle 3, and of course I want to hack it.

It has already been jailbroken using an exploit in busybox’s tar command symlink handling. See here for details and updates. I installed the kindle-jailbreak-0.3.N.zip and kindle-usbnetwork-0.20.N.zip updates to let me ssh in.  To enable usbnetwork, go to the "Search" screen and type ";debugOn" followed by enter, and then "~usbNetwork" followed by enter. "~help" gives the complete command list.

There’s an iptables firewall on the kindle by default preventing access to kindle-local servers from outside. However I hacked the usbnetwork scripts installed by the above to disable the inbound ssh firewall so I could just ssh into it over WIFI.

It seems to be a remarkably straightforward linux install. The main kindle applications are all implemented using a normal Java VM (Sun’s "C" Virtual Machine (CVM).

Anyway, I want to write my own kindle apps, Kindlets, as they’re called. Amazon have announced and released a closed beta of the KDK. I’ve applied for this, but never heard anything back. Some other resources are: the API docs, someone else (who has the KDK)’s open source kindlet project, and finally, a KDK emulator. Oh, the Kindle uses (wait for it…) Java CDC Personal Basis Profile (PBP) 1.1, or JSR 217. Javadocs for that are here.

I’m not willing to wait: so I’ve been exploring the system. My first discovery was how to enable full debug logging:

cp /opt/amazon/ebook/bin/start.sh /mnt/us
Edit the start.sh script, and look for the line -Ddebug=1, and change it to -Ddebug=-1 /etc/init.d/framework stop
/mnt/us/start.sh

The kindle framework should start up as normal, but if you tail -f /var/log/messages, it should be far more verbose.

From here, I knew that kindlets were just jar files with an extension of ".azw2". A bit of poking about in the emulator and filing system, I knew that the Kindlet API I want to link against is "/opt/amazon/ebook/lib/Kindlet-1.1.jar". So I copied that off, and built a simple "Hello World kindlet" using eclipse and copied it on the device into /mnt/us/documents. The source is here.

The debug logs showed I was missing some entries from the manifest file for that azw2 file. After some fiddling, I figured out a working manifest for my developer application is:
Manifest-Version: 1.0
Main-Class: net.lidskialf.ktest.ktest
Implementation-Title: ktest
Implementation-Version: 0.1
Implementation-Vendor: Andrew de Quincey

Another cycle of Rebuilding/copying/restarting framework and I now have a "ktest" entry on the main screen with "dev" next to it!  However, clicking on it says "The device is not registered as a Test Kindle to run this title. Please ask the developer to add this device to the list of registered Test Kindles.". A bit more grepping in the logs shows that its looking for a developer keystore in /var/local/java/keystore/developer.keystore which is not present.

So, the next step is to determine what should be in that. All the keystores/signing appear to be standard java, so I assume it is just a matter of finding the correct entries to use.

UPDATED: The source to my "ktest" app is here. Also, the jars in /opt/amazon/ebook/sdk/lib/ are also valid to link against for KDK apps; I just pulled them off the device too.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: