Kindle firmware 3.1

Posted byadqPosted inUncategorizedTags:

I’ve been doing some playing about with the recent kindle 3.1 firmware release. The salient points are:

  1. The jailbreak can no longer be installed because Amazon have patched the busybox tar exploit which allowed unrestricted writing to the root filing system. Keep an eye on this thread over at mobileread for information on 3.1 jailbreaking progress.
  2. Homebrew can no longer be installed (or deinstalled) because Amazon have patched the  /usr/sbin/otaup script to only use Amazon’s keys when verifying software updates: the extra one installed by the jailbreak (and used to sign homebrew updates) is ignored.
  3. If you installed the jailbreak and then the usbnet patches (or any other homebrew) under <= 3.0.3, and then updated to 3.1, they should be left intact.
  4. You can’t downgrade to an older firmware release since Amazon’s binary patch update format does not support this (it could be done manually if you already had root shell access though).

So, as long as you installed usbnet previously, you should still be able to ssh into the kindle and gain a root shell.
If you look at a diff of the old vs the new /usr/sbin/otaup script, they have changed the line:

KEYFILES=$(ls /etc/uks/*pem)

to:

KEYFILES="/etc/uks/pubprodkey01.pem /etc/uks/pubprodkey02.pem "

The jailbreak key is called "/etc/uks/pubhackkey01.pem. Therefore, as long as you have a root shell, you can simply manually rename them. In fact, I’ve decided to disable the Amazon keys by default to avoid any unwanted future updates they might automatically push to me:


mntroot rw
cd /etc/uks
mkdir AMAZON
mkdir HACK
mv pubprod* AMAZON
mv pubhackkey01.pem HACK/pubprodkey01.pem
mntroot ro

Then, when you want to install/deinstall a homebrew app:


mntroot rw
cd /etc/uks
cp HACK/* .
mntroot ro

And for an Amazon firmware update (you might want to remove their keys after the update again to  disable pushed auto-updates):


mntroot rw
cd /etc/uks
cp AMAZON/* .
mntroot ro

Finally, the good news is that they haven’t changed the signing of Kindlets, so as long as you’ve got my devkeys installed, they’ll work as previously.

Interestingly, they have a new Kindlet API jar, version 1.2. I’m going to analyse it and describe what is new in a later post.

Note that this all worked fine on my and another test Kindle; please don’t blame me if it bricks/disables homebrew on yours.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: