Kindle 3.2.1 Jailbreak

UPDATE: Serge A. Levin has kindly modified my “temporary” jailbreak into a more permanent solution. The information below is now considered old and should be disregarded. Link to jailbreak for all devices on all versions.

 

So I never intended to release a jailbreak for Kindle 3.2.1 because 1) people who got a discount for their Kindles should stick by their commitment and keep the ads and 2) this was an update made purely to disable jailbreaks, so there are no new features. However, from what I heard, more and more people are receiving 3.2.1 as stock firmware (not just ad-supported Kindles) and that people who exchanged their broken Kindles also have 3.2.1. I don’t want to reveal the exploit I found yet (I’m saving it for the next big update), but thankfully, after half an hour of digging, I’ve found another glitch that I can use. The bad news is that this isn’t an “easy one click” jailbreak, it will actually take some effort as some precise timing needs to be correct in order to work.

Technical Details

What is this new glitch you ask? It’s pretty simple and pretty stupid and I feel almost embarrassed to use it (that’s why I’m not even using the word exploit). First of all, the last bug I found was fixed by a regex name check that prevent spaces in names. Now, whenever the Kindle gets an update, before doing anything, it looks for the signature of every file in the update (minus the signature files themselves). They do this by using the “find” command to get a file list and piping the output to “read” where “read” feeds each data (separated by a whitespace) into the signature check function where the function proceeds to use OpenSSL to check the signature. Simple enough. Well, what I want to do is make the signature check ignore a file, and to do it, I make a blank file called “\” (literally a backslash). Now it’s hard to explain what happens, so I’ll show you.

Here’s the output of the find command usually:

$ find /tmp/update

/tmp/update/file.ext

/tmp/update/file2.ext

Now, when I insert my slash-file:

$ find /tmp/update

/tmp/update/file.ext

/tmp/update//tmp/update/file2.ext

What happened? The backslash is used in Linux as an escape character. Basically it says to treat the next character as not-special. Remember that “read” splits the data to be read using whitespace (in this case a new line character), so by escaping the whitespace, I can get the system to ignore /tmp/update/file2.ext, and instead get it to read /tmp/update/tmp/update/file2.ext. In that file, I will include an already signed file from an old Amazon update, and when the updater runs, it ignores the extra files and reads the unsigned file. But we’re not done yet. Amazon doesn’t extract the update to a set folder, it extracts it to /tmp/.update-tmp.$$ where $$ means the process id of the script running. This can be any number from 1 to 32768. So what’s the elegant solution to this problem? I don’t know yet. Until someone can come up with a better idea, I’m going to include PIDs 5000-7000. From my tests, if you run it immediately after a reboot, it will be 64xx, so it’s a test of how bad you want to jailbreak ;)

Installation

Since this jailbreak is time and luck based, I’ve included very detailed directions on the exact timing for doing things in the readme. I suggest reading over the directions before starting, because timing is everything. It works only in a certain window of time after startup, so if it doesn’t work you need to restart and try again. If it doesn’t work after three or more tries, it’s mostly my fault as I only tested it with a Kindle 2 so the timing might be different on the Kindle 3. If you have serial port access on your Kindle 3, send me the otaup log and I’ll change the pid set.

Download

Since this is a temporary fix, I’m not going to add this to my projects list.

Download source and binaries here

EDIT: I’ve heard from some users that you have more chance of succeeding if you don’t have any books to load. So, before doing anything, rename the documents folder to documents.bak and the system folder to system.bak, install the jailbreak, and rename everything back. This should allow more chance of succeeding.

EDIT 2: Some people report turning the wireless off before starting also increases success rates.

197 thoughts on “Kindle 3.2.1 Jailbreak

  1. UPDATE for those still having problems

    This did not show up when I tried to post the first time, but since it is important, I will repost

    Kindle 3.2.1 (576290015) special offers works but still might have ! instead of check mark.

    If your error report says U007 at the bottom left of the Kindle, there is a good chance your jailbreak might have worked. Mine did.

    Try installing Duokon or the screensaver thing. If you read PDFs, you should definitely consider Duokon for the text reflow and manual trimming funtctions.

    If you have tried this jailbreak over and over and got it to work this time, I recommend backing your Kindle up, doing a factory reset, and then reapplying the jailbreak. You can then copy your documents back over. This shouldn’t hurt, and will help assure that you didn’t do any damage while tampering with it trying to get the jailbreak to work.

    Also, I think it is worth mentioning on here: if you use your kindle to browse, you may have noticed links that or set to open in a new window do not work. There is a fix for this at http://www.mobileread.com/forums/showthread.php?t=110818&page=3. Grab readability.zip at post number 43 and follow the instructions on post 46. This redirects links set to open in a new window so that they can open in the same window. Thanks to kindle3zeng for the mod. Also, if anyone knows where I can get that libwebkit file (different mod for the same purpose) please share! I’d like to try it out, but I could not find it on the link given in the thread: http://www.mobileread.com/forums/showthread.php?t=135011 I do not know Chinese, but I tried clicking several of the links, and none of them seemed to have opened a download for libwebkit-1.0.so.2.5.0. I would really appreciate it! I think this mod might suit my need better.

    Thanks Yifan Lu for the awesome jailbreak! I now have Duokon and working weblinks which are really making things much better for browsing and pdfs.

  2. finally worked when i followed the “Exact Steps For Success” just above BRAVO AND THANX ALL!!!

  3. I received also with 3.2.1 my new standard Kindle WIFI, so it seems to be the basic firmware for the future.

  4. Tried this quite a few times on my UK Kindle 3.2.1 WiFi, which is a replacement for a broken one. No joy so far, despite being super-speedy with copying over the file :-(

  5. hey,
    thank you very much! the jailbreak went great. I had a 3.1 one that broke and got the 3.2.1 and was upset about the jailbreak not working. now all is well again in the world. keep on doing what you’re doing, it’s much appreciated!

  6. Thank you very much. It worked well on the second try and finally I get rid of that creepy screensaver.
    It was most helpful to follow suggestions 1 and 2 by Charlie (#post 38). Do not forget to change directory to the one where update_jailbreak_0.5_k3w_install.bin file is before you run a script.

    Awesome, Thanks again guys!!!!

  7. I had a kindle 3 with version 3.1 on it and I had to send it back because of the screen freeze failure. Now the new one they have shipped me as a replacement is 3.2.1 (576290015).

    I really want to be able to customize the screensaver, but I can’t get the jb to work.

    I have tried renaming the documents and system folders with the wireless turned off. I do a restart, hook it to the usb while its booting up, copy over the bin file, disconnect. In my menus the option to update is always grayed out, so I have restarted it. I was getting an error 3 or nothing happened at all. Either way, its not working.

    Suggestions?

  8. I intalled this jalbreak, but does it supposed to solve the “create a new collection” problem? Because mine still stayed gray after this process. I did everything as told I got the thick at the end of install. I think mine is blacklisted because my girlfriend ordered one from amazon and they sent her two, but we could only register one of them… I was trying to find the solution to solve the grayed out options problem but still nothing… Anybody ANY ideas??????

  9. Jailbreak worked great. Installed ss update, still showing dreams ss. How do I kill that?

  10. Thank you so much!! I have a Kindle 3 with wifi and 3G(international), the no advertisement version and the jailbreak worked like a charm. It took my a while to set it up from the lack of experience doing this sort of thing but I eventually was able to do everything on time and can can now have my beautiful personal screensavers! :)

  11. I ordered one for my mother after I successfully jailbroke the first one, but it always gave U007. After like 15 tries I tried to install usbnetwork hack and it worked! Can it be so that it is just giving the error, but it actually works?

  12. I have the Kindle 3.2 with special offers, and I successfully got the jailbreak to upgrade and I also I did a SS upgrade… but I still see the ad boxes. Will they still still be there or will they go away after I put my own screensavers on there?

  13. Great! I’ve jailbreak-ed it with:
    1. Restart kindle
    2. Rename the documents folder to document.bak and add a new empty documents folder
    3. In window explorer, eject the kindle drive
    4. unplug the usb cable
    5. [menu] -> settings -> [menu] -> upgrade kindle

    I’ve tried it ~10 times and success finally~!

    Thanks~!

  14. I intalled this jalbreak, but does it supposed to solve the “create a new collection” problem? Because mine still stayed gray after this process. I did everything as told I got the thick at the end of install. I think mine is blacklisted because my girlfriend ordered one from amazon and they sent her two, but we could only register one of them… I was trying to find the solution to solve the grayed out options problem but still nothing… Anybody ANY ideas??????

    Yifan Lu please help me!!!

  15. Pingback: Jailbreaking my Kindle 3 WiFi « Life Outside My Cube

  16. Hi. First of all, I would like to thank you for everything you’ve done for all of us here. :) You’ve dedicated your time and effort to create this programs/codes for everyone. I wish I was as savvy with codes as you are so I could also do the same thing. :) By the way, is there any way that you’ll release a jailbreaker for those Kindle with special offers? I bought one without special offers for $145 but when it broke, the new one they sent as replacement was a Kindle with special offers. >.< I couldn't bring myself to call them again and complain since they already replaced it so I'm trying other options. Sorry if I'm pushing my luck a bit by posting this. I hope I don't offend you or anything. Thank you and God bless!

  17. The jailbreak may be for the Kindle with special offers but it doesn’t seem to work on my 3 day old Kindle Keyboard (3) 3.2.1 WiFi/3G reader. I run the correct break according to your docs and am told the install is successful but the ads stay there. I also tried running a screensaver hack after the break but it fails and the ads are still there. Any ideas? (beside telling me where to stick my Kindle, I mean) :-)

    I really don’t mind the adverts but thought it might be nice to put my own custom screensaver on board, just for a wheeze.

    Thanks for your time and efforts on behalf of we Kindle owners.

  18. I said this literally 17 times now. Jailbreak does NOT (I repeat: NOT) remove ads. If you want to remove ads, jailbreak is not what you’re looking for.

  19. AND I QUOTE:

    This jailbreak is for kindle with special offers.

    Comment by Yifan Lu — October 13, 2011 @ 3:47 pm

    Which I took to mean it removes ads. Sorry you were so unclear about it. Maybe you should strive to make yourself understood instead of getting bent at people. :-)

  20. So please read comments 180 and 181 again and tell me if it sounds like the person in 180 was upset about ads and your answer in 181 says the jailbreak IS for Kindles with ads……….. Think it would sound that way to most people.

  21. Again, you misunderstood the word “jailbreak”. It has nothing to do with removing ads. It allows you to run custom software on your ad supported kindle. I’m not mad at you, but at the fact that so many people do not read. You don’t have to get all passive aggressive with me, I’m not your mother.

  22. COMMENT 186 – 10/14/2011 Yifan Lu: “I’m not mad at you, but at the fact that so many people do not read. You don’t have to get all passive aggressive with me, I’m not your mother.”

    Active aggression is more than possible, but I’d rather not waste time schooling the verbally challenged. I DO read and when writing is done in a clear, concise manner there is no misunderstanding. You need to stop being snotty and simply cope with the fact some will seek further clarification due to your obtuse writing style.

  23. Pingback: Mi Kindle 2.0. « Estación Xolomo 2.0.

  24. Tell me please, where I can find an ‘uninstall’ to this version of jailbreak? Because my HDD is dead now, so uninstall too. So, I can remove it from my device. Thank you.

  25. I cannot update my kindle 3.2.1 to 3.3, it fails after showing “successful” once, I guess its trying to update via wifi and is eating my monthly traffic. I guess it’s because of modifications I’ve made. how can I restore the original files and try to update it. (not factory settings)
    thanks

  26. Pingback: Kindle 3 jailbreak + usbNetwork 破解流程 – babykick – 博客园 | Qq Blog :)

  27. Pingback: Jailbreaking your kindle | LIDERCorp Labs

  28. Hello, I am having trouble with my kindle 3g+wifi 3.2.1 us

    After much reading I feel like my problem is from trying to jailbreak too many times. I have had this kindle for around a year, when i first got it I jailbroke it very simply and installed the screensaver hack so i could get my own screensavers. It was all soooo easy. Now today I decided to download a book off of amazon.com and registered my kindle, downloaded my book, and then found along with my book and registration I got a bunch of annoying Adds. Proceeded to look online for a fix. Used this http://blog.the-ebook-reader.com/2011/11/30/how-to-get-rid-of-kindle-ads-and-special-offers-without-paying-extra/ and it seemed to work, although I never could find the system folder so i just added the .assets part to the root. And it removed the adds YEAH!… then my problems began.

    So at this point I have restored to factory,got rid of the adds, and now want to reinstall my screen saver hack. Alas to no avail. Tried to instal jailbreak, failed with error u006, ok expected that, but then get error u007 when trying to instal ss hack. after many other jailbreak attempts and restores and restarts, nothing I am trying to install works. Reading has only led me to believe I should have at some point uninstalled the updates to bring me back to somewhere that I am now unable to find. If anyone can help me reset my kindle to back in the box settings I would greatly appreciate it. Also I hope this can be a warning for someone who unknowingly might end up here. ONE great news though is my although my kindle is no longer jailbroke, I can still restore to factory settings and get boring lame screensavers and it still works. I’ll end in saying Thank you in advance for all the help I hope I may receive and beware if fooling with things you dont understand lol.

Leave a Reply