Update Kindle 5.0.3 has fixed the hole to allow for jailbreak. Upgrading an already jailbroken Kindle Touch is fine as the update does not remove the custom key to allow custom packages. If you on 5.0.3 and have not already installed the key, there is a new jailbreak.
So long story short, we can run custom code on the Kindle Touch now but because the operating system has changed so much from Kindle 3, most Kindle modifications will not run without changes. I hope developers will jump to this device now that it’s unlocked. See the bottom of the post for download links. The directions for using are in the readme. Keep reading for technical details on how this came about.
Obtaining the root image Before we can look for vulnerabilities in the system that would allow us to break in, we need to break into the system and obtain the files that might contain vulnerabilities. Yes, this is a chicken-and-egg problem, but fortunately Amazon is nice enough to help us with this. On every Kindle device is a TTL serial port. I found this port on the bottom of the device when the cover is opened. Fortunately, I did not even have to mess with it, as hondamarlboro and **ramirami **both managed to get the dump before me. Once we have the root image, it was only a matter of painstakingly looking through all the files to see possible injection vectors.
Looking for the needle
At first, I was digging deep into the system, disassembling and maping out various native libraries, looking for stack overflows (I found a couple but none could be accessed efficiently). I found the bootloader was unlocked but it would be a pain and danger for users (and even developers) to flash custom kernels and such. I also found that the Java code (the Kindle’s entire GUI is written in Java) is NOT obfuscated (which means it would be easier to reverse and later modify) and Amazon has left in many places to place plugins. For example, once someone has the time to figure things out, it would be very possible to write a EPUB extension to read EPUBs from the native reader. There are some other hidden secrets in the device too. The Kindle Touch has an accelerometer and proximity sensor (and a mic, but we know that) but they aren’t used in the software (yet). The more I looked into the system, I was aware that because it was such a huge rewrite, I had misjudged when I assumed that it would be harder to break as Amazon had years to fix the holes now. In fact, I would say that the Kindle 4 is more secure until I found out that Amazon left in SSH in diagnostics mode. Anyways, as I searched up the complexity chain from the bootloader to the kernel to the libraries to the Java interface, I found something very curious. Much of the operating system is no longer written in Java, but are now in HTML5 and Javascript. In fact, many of the interfaces on the Touch are actually web pages in disguise. For example: the password entry screen, the search bar, the browser (is just an HTML page with a frame), the Wifi selection screen, and even the music player. Obviously, these can’t all run natively in HTML and JS, or the device will be even slower (and it is pretty damn slow). What Amazon did is write a couple of Javascript hooks that are implemented by native libraries and events are read by these libraries and they perform actions accordantly. In short, Javascript will run native code. This is a goldmine, there could be many possible ways of using this to our advantage. There could be buffer overflows, heap overflows, string formatting bugs, etc. However, I didn’t have to look though much before I found a curious function: nativeBridge.dbgCmd();. It seems too good to be true. This function takes any shell command, and runs it (as root). Yup. The web browser will run as root, any command given to it. Don’t go looking for remote code execution yet (although it is highly possible), as the native bridge seems to be disabled when in web browser mode (it may be able to be bypassed, but I haven’t looked into it).
Calling the debug function
So the normal browser (as the one you can enter URLs into) can’t make use of this native bridge. However, as I’ve mentioned, a large part of the GUI in the Kindle Touch is HTML and JavaScript. All we need to do is inject some HTML into one of these and we would be all set. We need something that takes input and displays it to the user. The first thing I thought of was the media player. The Kindle displays the song title, artist, and album name in the music player, so what if we put some HTML into the ID3 tag? Yup, it works. How about some javascript? Running. Let’s try to call the debug function. It works. Well, that was a freebie.
Having some fun
That was a bit too easy and I was disappointed that I didn’t get to talk about how I whipped out IDA Pro and did some master debugging. So, let’s make things harder. We can use a MP3 with custom ID3 tags to execute any command, but how can we make this into a cool one-click solution? First of all, we should limit ourselves to one file to copy. Why make the user keep track of MP3s and shell scripts and where to put them? I took the shell script payload (which installs a developer key into the device so custom packages can be installed) and placed it into the comments section of the ID3 tag in the MP3. Then I used “dd” to extract the script, chmod it, and execute it. Now, another problem in terms of user friendliness is how to let the user know that the process was successful? I quickly whipped up an awesome looking “splash screen” and planned on displaying it while the magic is taking place. At first I tried to encode it into a variable in the shell script payload and extract it, but it was too slow and memory intensive. Instead, I took the image, raw, and appended it into the end of the MP3 (after all, the file was a bit too small). You can see the result in the video attached.
What’s next?
Just because the device is jailbroken does not mean it can now magically do anything you want. What needs to happen first is that developers need to take the device and write some code for it. This first jailbreak is really for these developers. For regular users, the only use is to preemptively unlock your device now in case the method is patched in an update or something. No mods for older Kindles will work as-is on the Touch. I’ve included a VERY basic usbnetwork package that will allow you to have SSH access to the device. I think that’s as good of a starting point as anything. From there, developers should be able to rip the root filesystem, test modifications, and write useful tweaks. (And in case of a brick, read my previous post on the bootloader access). Some things I would have to see or do is GUI plugins in the device’s operating system. The Java code is easy to decompile and read as the variable names have not been stripped out (like previous models). Hopefully people can write some reader plugins (like X-Ray) or even format plugins for other ebook formats. Being a touch screen device, one could also write games or useful apps (although the speed and eink are limiting). I need to finish writing the update creation tool so developers can package their modifications.
Download
Simple usbnet update (supports wifi ssh and resetting root password)
GUI menu launcher and screen rotation hack
**Demonstration **
[…] enterprising young man by the name of yifanlu recently developed a new solution for the Amazon Kindle Touch that Jailbreaks it. The new Kindle […]
[…] enterprising young man by the name of yifanlu recently developed a new solution for the Amazon Kindle Touch that Jailbreaks it. The new Kindle […]
Sentence fragment:
“The Kindle displays the song title, artist, and album name in the music player, so what if we put some HTML into the ID3 tag? Yup, it works. How about a”
Great work!
Niubility!
[…] hacker by the name of Yifan Lu has just posted a jailbreak for the K5/Kindle Touch, and I just used it on my […]
@Nate, thanks. That’s what I get for trying to write something past midnight.
hello,
just a feedback.
i tried on the kindle touch with ads and no luck.
regards.
[…] Yifan Lu has figured out how to jailbreak the Kindle Touch simply by downloading an MP3 file and playing it on the eReader. Seriously, it’s that […]
i should add that the screensaver went up (i think that the adds in it are the cause of the bug)
[…] Lu oggi ha annunciato di aver jailbreccato Kindle Touch facendogli “suonare” un mp3. Share Nessun […]
[…] yifanlu的博客上介绍了破解的原理,想详细了解的同学可以去这里看看 […]
[…] Lu, Kindle Touch (5.0) Jailbreak/Root and SSH, […]
[…] Link: http://yifan.lu/2011/12/10/kindle-touch-5-0-jailbreakroot-and-ssh/ […]
@pportnawak: it DID work on my ad-supported kindle touch. (screensaver kicked in but that didn’t cause any problem apparently
I’m just wondering if the new normal Kindle without keyboard and without touch has a similar OS. This is interesting because it’s cheaper and also available in a lot more countries and so become more widely spread. This might evoke an even bigger jailbreak community.
@wefeffe
I’ve asked a few programmers about this. Nope.
The K4 is running Kindle OS4, which is largely the same OS as the previous Kindles. The Kindle Touch/K5 is running Kindle OS5, and that is completely different.
Isn’t this a little dangerous for the users? like “Hey, listen to this mp3!!” BOOM ROOT ACCESS TO YOUR DEVICE.
@Nate
Thank you. That’s quite sad. So buying a normal Kindle also means getting an old OS …
[…] http://yifan.lu/2011/12/10/kindle-touch-5-0-jailbreakroot-and-ssh/ […]
where is kindle 4????????????????????????????
Why not jailbreak the NOOK Tablet instead? Much better hardware, with more memory and the microSD slot so you can actually store big video on it, not just stream.
If you buy me a nook tablet, I’ll try to jailbreak it ;)
Thanks for the hard work, but now my kindle is a brick. Is there an undo.mp3?
I’m really not joking or trolling… is there a way to undo this?? Tried rebooting. Displays screensaver, but when I wake it up the screensaver remains on the screen with only the menu bar appearing. The menu bar does absolutely nothing. Pressing the home button causes the loading icon in the top left to spin and the page refreshes but nothing happens.
Update:
After modifying the bootlogger8ad7.krn file to float a static boolean, I set the status updater to null and reformatted the RAM conduit.
All good now.
Actually it just started working after a couple hard resets… Sorry, I was just freaking out.
[…] para realizar el proceso, sin embargo, el proceso está explicado en vídeo, además de contar la especificaciones y soluciones por si el Kindle termina quedando como […]
[…] 根据 The Verge 的消 息,通过一个 MP3 文件,Kindle Touch 就能够完成越狱,这种方式令人惊奇。成功越狱 Kindle Touch 的是开发者 Yifan Lu。 […]
[…] para realizar el proceso, sin embargo, el proceso está explicado en video, además de contar las especificaciones y soluciones por si el Kindle termina quedando como un pisapapeles después de un […]
Sorry for being slow, but after jailbreaking how do you install/run the screensaver mod? (I’m trying this on OS X but can switch to Win if need be). I see a Python script there but unclear to me what the process is. Sorry for being an annoying nube…
[…] recently release Kindle Touch has been freed. Yifan Lu, freelance developer, has dug down and posted details on an exploit used to jailbreak Kindle OS […]
Wow, did the same guys do security for this as for Internet Explorer? HTML injection via MP3 = rooted, that’s just nuts.
[…] Come spiega lo sviluppatore, questo jailbreak è solo il primo passo verso la libertà di esecuzione di app di terze parti. Questo sblocco è riservato all’utilizzo da parte dei developers interessati, che possono ora scrivere ed eseguire stringhe di codice sul Kindle Touch. Gli utenti possono comunque eseguirlo pur non ricevendo immediati vantaggi, se non la possibilità di mantenere sbloccato il proprio terminale in vista dell’ipotetico rilascio di una patch dell’exploit da parte di Amazon. […]
[…] So what do you get if you root your Kindle Touch? Right now, with the root, you only get a new “jailbreak” splash screen with a chance to modify the screensaver. But since there is a root now, developers may start wiring apps for the device, meaning you will have more productivity to it. Are you interested? Follow the source link after the video for more info. [Source: Yifan Lu] […]
this is astonishing news. cant wait to see epub available to the KTouch. Also jailbreaking 3G webbrowsing would be a neat one.
[…] right now. But for those who care more about reading than watching YouTube, here’s how to start customising your Kindle Touch. […]
[…] Source *{margin:0; padding:0;} #socialbuttonnav li{background:none;overflow:hidden;width:65px; height:80px; line-height:30px; margin-right:2px; float:left; text-align:center;} #fb { text-align:center;border:none; } […]
Wow, thanks so much for your effort! Can’t wait to see Sudoku on the Touch ;-)
[…] right now. But for those who care more about reading than watching YouTube, here’s how to start customising your Kindle Touch. […]
[…] right now. But for those who care more about reading than watching YouTube, here’s how to start customising your Kindle Touch. […]
[…] Fire right now. But for those who care more about reading than watching YouTube, here's how to start customising your Kindle Touch. […]
[…] right now. But for those who care more about reading than watching YouTube, here’s how to start customising your Kindle Touch. […]
[…] Touch? Not much, at the moment, although you can already download a custom screensaver mod from Lu’s website. In the future, Lu expects developers to write apps for the device, tweak the interface and add […]
[…] right now. But for those who care more about reading than watching YouTube, here’s how to start customising your Kindle Touch. […]
[…] their attention to the Kindle Touch. It’s not based on Android, but it can be rooted. Now someone has figured out how to do just that.Apparently it wasn’t that hard, since the Touch’s operating system uses a lot of […]
[…] Touch? Not much, at the moment, although you can already download a custom screensaver mod from Lu’s website. In the future, Lu expects developers to write apps for the device, tweak the interface and add […]
Awesome work! Just in time for xmas when these devices will flood homes. It’s always great to see the hard working developers at their prime. A handwriting notepad app would do wonders for this device and trigger countless jailbreaks!
[…] Touch? Not much, at the moment, although you can already download a custom screensaver mod from Lu’s website. In the future, Lu expects developers to write apps for the device, tweak the interface and add […]
[…] Touch? Not much, at the moment, although you can already download a custom screensaver mod from Lu’s website. In the future, Lu expects developers to write apps for the device, tweak the interface and add […]
@LittleLui and the group :
feddback :
i tried again - after redowlading the zip and still no sucess. perhaps, it’s because i’m not in the u.s. ? I tried more than 5 times and even done it after rebooting the device. i got the screensaver and that all. no reboot message nor reboot.
regards.
[…] Kindle, mais espère bien que les développeurs vont se saisir de sa découverte, dont le code est disponible sur son blog, pour publier de nouvelles applications et pousser l’appareil au delà de ce qu’il […]
[…] Digital Reader Yifan Lu Email […]
AWESOME!
Thanks a ton – you guys all rock! I’m anxious to try it out on my K-Touch which should arrive a few days from now.
Again, great work!
[…] jailbreak is surprisingly simple to find, build and use, according to developer and Kindle expert Yifan Lu, who has jailbroken several previous versions of the device as […]
Congrads Yifan Lu, you’re on Lifehacker ;)
http://lifehacker.com/5867183/kindle-touch-jailbroken-with-an-mp3
[…] Sure, everyone can’t stop talking about rooting the Kindle Fire right now. But for those who care more about reading than watching YouTube, here’s how to start customising your Kindle Touch. […]
Hello, is there a way to run usbnet on Mac OS X?
[…] jailbreak is surprisingly simple to find, build and use, according to developer and Kindle expert Yifan Lu, who has jailbroken several previous versions of the device as […]
Hi, can anyone please tell me what happens after the root: will the kindle lose any autoupdate of the firmware? Will it be more prone to security problems?
thanks, and compliments to the original poster – jailbreaker
There should be no side effects. It does not modify any system files, just adds a new one.
Is there any place already for sharing knowledge about further hacking? I’d have some stuff to share :)
Check the irc. (irc://irc.efnet.net:6667/kindle)
@LittleLui There’s a wiki and forums at mobilereads.com you should check out
@jason thanks, i’ll check that out. almost dropping out of my chair now, but i’ve already managed to get some interesting error messages from my code. (which is good, because this means that it runs AND i can log output to /var/log/messages)
[…] You already know that you can root your Kindle Fire. Rooting has its own benefits. But if you are more interested in reading than watching videos, it is possible to start customising your Kindle Touch. […]
[…] it out, for more on how it works check out this article regarding Jailbreaking your Kindle Touch HERE. Follow @Govinda_NYC 0.000000 0.000000 LD_AddCustomAttr("AdOpt", "1"); […]
[…] Plus d’infos swfobject.embedSWF("http://www.youtube.com/v/HMyv6nSAOU0&rel=0&fs=1&showsearch=0&showinfo=0", "vvq-13403-youtube-1", "500", "405", "10", vvqexpressinstall, vvqflashvars, vvqparams, vvqattributes); […]
[…] Theo Yifan Lu […]
[…] Para más detalles de cómo funciona esta solución puede visitar la página de Yifan Lu. […]
On ad-supported kindle touch, the jailbreak does NOT work.
Would it be possible to change the default font after rooting?
@rubin: it did for me. on the other hand, @pportnawak also had troubles on his ad-supported KT. maybe i just have a special one :)
@rubin, I have an ad supported touch as you can see from the video
[…] Yifan Lu Segui […]
[…] e tutti i dettagli sono qui nel suo […]
Greaaatt!!!! Thank you very much! next step: install mc :D Worked well for my Kindle Touch (dumb-ads free ver) :)
@Yifan Lu
i copied the mp3 to the music. clicked the jaibreak button, saw the jaibreak in progress screen, had the screensaver and that all.. even if i waited 1 hour or tried multiples times. preharps i should try from a hard reset i.e. erase all and retry. any suggestion ?
by the way, how to compile the sources ? I can try without the screensaver line.
[…] The Kindle Touch has been rooted! There’s a proof video embedded after the break, but the best part about this discovery is that [Yifan Lu] wrote in-depth about how he discovered and exploited a security hole in the device. […]
[…] The Kindle Touch has been rooted! There’s a proof video embedded after the break, but the best part about this discovery is that [Yifan Lu] wrote in-depth about how he discovered and exploited a security hole in the device. […]
[…] The Kindle Touch has been rooted! There’s a proof video embedded after the break, but the best part about this discovery is that [Yifan Lu] wrote in-depth about how he discovered and exploited a security hole in the device. […]
[…] The Kindle Touch has been rooted! There’s a proof video embedded after the break, but the best part about this discovery is that [Yifan Lu] wrote in-depth about how he discovered and exploited a security hole in the device. […]
[…] The Kindle Touch has been rooted! There’s a proof video embedded after the break, but the best part about this discovery is that [Yifan Lu] wrote in-depth about how he discovered and exploited a security hole in the device. […]
[…] The Kindle Touch has been rooted! There’s a proof video embedded after the break, but the best part about this discovery is that [Yifan Lu] wrote in-depth about how he discovered and exploited a security hole in the device. […]
I installed the jailbreak, but when I open a pdf file, it instantly goes to landscape mode. How can I do to it does not do this automatically? How do I return to kindle before the jailbreak?
Thank you for you amazing work. Wondering if your looking into a ad havoc network solution
Do you think this will eventually allow unrestricted browser access via the 3G network on the kindle touch 3G device?
I’d really like an E-Ink e-reader with a mobile browser without a monthly fee for the network connection. But if it’s not going to happen, I’d rather save the $50 and just get the wifi version. Thanks.
Thnx for landscape mode man!
It really would be nice to see if someone was working on a unrestricted web browser; are there any in progress
Yes! That is the thing which pissed me totally off. I have been surprised that 3G is not working only after I opened the box. And I guess I am not alone.
Your screensaver mod ‘by design’ does not work for the ad sponsored Kindle. I purchased a Kindle outside USA and Amazon does not allow me to pay the extra to remove ads (even though I am more than happy to). Are you planning to release a screen saver mod to work on all Kindle touch?
No, sorry. If I do, people will abuse it.
Is there a way to read pdf files in landscape mode after jailbreaking?
does this work for kt 5.0.3?
does this work for kt 5.0.3? If so, does this include screen rotation? Is there an easy way to get landscape mode on latest software?
A screen saver mod? just learn about Linux file system and permissions, and you’ll figure out what files and permissions to change to get rid of ads.
K-Man, if you have been clever enough to obtain a Touch with ads outside of USA, then you are clever enough to work out how to pay to remove them legally.
@people who want a hack to remove the ads:
Pay the damn $40.
You promised Amazon that you would look at their ads for a lower price. Amazon doesn’t have to offer the lower price. I’m hoping that they bill anyone who removes the ads themselves.
In player, instead of a button inscription:” <button type="button style=widt… "
Kindle touch wi-fi, firmware 5.0.3
@K-Man: I actually had the same problem. I just chatted with Amazon support and they were able to do it for me (charging my debit card, of course).
@neuro: Helpful advice - thanks. I will try support. Will yifan’s screensaver mod now work on yours? @carol: harsh!
Thank you very much! Love to have better screensavers!!!
Hi - this is probably an uncommon request to a hacker, but I know that there are many parents concerned about lack of parental controls on kindle wifi (i have the $79 version). Any simple hack to disable wifi or experimental browser? Thanks!
Why not just don’t connect to wifi? Or on your wifi router, block the kindle’s mac address.
Having a router password or blocking the mac address works well for at home, however not for public hotspots (or neighbor’s signals).
Thank for all your information… I’m not a tech expert by any means but this has helped a lot. I was wondering, I just today made the upgrade to 5.0.3 and it required me to move a file directly to the “root”? not within any folders. Is there a way to downgrade to 5.0.1? How would I go about this? Thank you!
SO with the usbnet ssh hack you can use the experimental web browser over 3g?
No. The usbnet ssh hack allows you to connect to a computer through a usb cord.
So, correct me if I’m wrong, but I just want to clarify; when you have a computer that is connected to the internet, with the usbnet ssh hack you can plug the Kindle into the computer and get a connection through the usb cord? If so, wouldn’t that be much slower?
A similar question, enterprise and peer-to-peer networks. Is there any way to connect to those? Would that be how the usbnet ssh hack is used?
Thanks, and sorry for the load of questions
@Parker: No. You would be able to control your kindle with the computer its plugged into.
As for the enterprise and p2p networks: i really don’t know. :P
[…] Kindle Touch (5.0) Jailbreak/Root and SSH […]
Thanks for your effort. How do I install the screen-savers? You give the format but no instruction on what to do next.
Will there be a homebrew appstore for the kindle touch?
Also im ready to start coding apps but i need to know how to install/run HTML/JS/CSS documents all help would be appreciated.
the mp3 file exploite how do i make my own?
im kinof scared i got a kindle jan.25th and i want some books that are not on the store already so i found it on epub but im worried if its gonna work because all my previous hack attempts (wii psp ipod) failed miserably and i have the kindle touch with adds do i need to cancel adds first most of all is it safe can i still get books from the store and finally can amazon find out and can i get in trouble
Hi, in a few hours we will get our new KT3G. I think it will have the FW 5.0.1. Did I understand right, the recommended process would be:
Sorry I’m not able to edit my last post. Now I have updated the KT3G to 5.0.3 and tried the kt-jailbreak-503.zip, by copying the data.tar.gz directly into the root directory + 2 restarts, but I can’t see the jailbreak screen. Is there any other (safe) possibility to check whether it is jailbreaked or not? MJ
I used kt-jailbreak-503.zip on my new kindle touch. but I cannot figure out how to “install” kindle_launcher_1.0.1.zip. all I want is screen rotation for pdf file. Anyone could help? thanks in advance.
Yifan, Anything on custom fonts ?
Hi Yifan, thanks for your work. I installed jailbraker and launcher to be able to rotate to landscape view. all is working great. I realise however that my wi-fi is no longer working since. I have a network and password, but while it finds the network, the password is not accepted as valid, hence I remain disconnected. Could this be attributed to the install I did? Any idea how to fix it?
Yifan–Thanks for your work! The screensaver is great, but how can I get the pictures to cycle every few minutes? Any help would be greatly appreciated!
Great work.
I’m looking into removing the ads from my new Kindle Touch.
Not because they annoy me so much or because I want to rob Amazon - just cause it can be done.
I recommend doing it legally. $40 isn’t really that much.
In case of custom screen saver installation will I have only my pictures appear or the native Kindle pictures will also appear? Thanks!
I too am looking to delete the web browser or remove the wifi connection as a form of parental control. The internet connection at home isn’t a problem, but I would like to let my daughter take it to school again. I hesitate to manually remove any hardware - any ideas for how to disable web browsing?
[…] Kindle Touch (5.0) Jailbreak/Root and SSH […]
How do I see which version of kindle I have?
Software version I mean.
@daryle b: Press ‘Menu’ Press ‘Settings’ Press ‘Menu’ Press ‘Device Info’ And look at firmware version.
is there any way to get MP3 player with playlist\songlist in Kindle Touch? Standard MP3 player doesnt show the songs - only allows to click Next :( thanks
[…] Kindle Touch (5.0) Jailbreak/Root and SSH […]
[…] the Kindle’s Linux operating system, you’ll have to Jailbreak the device. I’ve researched how to do that. My touch is running version 5.0 and you will probably want to use the newest jailbreak he talks […]
When i read my ebooks in landscape mode, the right side of the margins have a extra ‘blank space’ which cuts the last word of each sentence. Anyone else have the same issue? and any idea how to correct it?
hi everyone! I just used the 5.0.3 jailbreak on my new KT and I’m now trying to use the usbnetwork to get my hands on an ssh session. I followed the readme filebut when it says “The IP for the Kindle will always be 192.168.15.244”, well I just couldn’t ping any device on that IP. So what I checked out the logs on my wifi router and discovered that my dhcp gave the kindle the ip 192.168.1.2 (the .1 being my router and the kindle being the only device actually connected). So I went on doing the ;un password myrootpassword and tried an ssh root@192.168.1.2 but the ssh server keeps telling me “Permission denied” when I enter myrootpassword…
Am I doing it wrong ?
My bad, it’s actually working fine…
S.O.S. I Copy the file into my touch,but mp3 player show sth. like <button type-"button style="width…"..I tried again and again,even I Reset to Fcatory Defaults ,but it show the same~ How to sovle it?help pls~
27/2/2012. file mp3 xoay ngang màn hình không còn hoạt động được nữa. Chán thật.
Brilliant. While the Kindle Touch screensavers are an order of magnitude better than the creepy dead authors, it still feels great to have a bit of customization! The jailbreak went perfectly (5.0.1) and the screensaver hack also went perfectly! Thanks so much! You ROCK!
[…] qui di seguito riportiamo il sito di Yifan Lu e la sua descrizione dell’intera procedura (Yifan Lu). Al momento però, i vantaggi derivati da questo jailbreak sono ancora limitati; infatti il […]
so what about my mp3 player question? any chance to see\edit play list?
Hi! your modification worked perfectly on my Kindle touch but I’m trying to customize screensavers on my kindle 4.0.1 now and was wondering if the simple custom screensaver mod works on it. I can’t seem to get it to but that is after uninstalling it a few times and accidently installing the touch mod on it first so I’m thinking of restoring factory settings and trying from scratch again but am wondering if it works at all? I follwed the three essential steps and everything but no luck :(
My kindle after i restarted got frozen and never got up again i am gonna sue you if it doesnt get unfrozen im suirous freeking retard :( never should have done it
Thank you very much, for the jailbrake. I installed it, and everything is perfect!…thanks again!
how do you unjailbreak kindle? PLEASE HELP ME!!!
Lols stupid Mud Saad, yah you sure are a “suirous freeking retard” :p pls threaten to sue a developer who is contributing this free of charge, and did u not read that it is primarily meant for developers, why is a “suirous freeking retard” doing playing arnd wif it…
[…] a Kindle is a simple matter thanks to Yifan Lu, who has developed several hacks and posted them, along with observations, on his blog. You simply download a tar file, move it to the root directory via USB, dismount the device and […]
Would this jailbreak allow me to use my Kindle Touch as a PDA to store my 3000+ addresses and calendar entries?
I think the potential of the Kindle as a simple business “Rolodex” machine has been oversighted. The fantastic screen, the lightning fast boot time, the phenomenal battery life, the simple (almost crash-free) operating system, could make it the #1 PDA, even it had to be read-only.
Currently, I am able to convert my contacts into .txt and read them as a book on the Kindle; but the search function makes it impossible to find anything. Converting into an ebook via Calibre doesn’t help.
I wasn’t able to read my calendar in html or csv or ical either - at least not in a usable way.
Hi, can u help me with stepwise and detailed instructions on how to remove ads from kindle keyboard as well as change the screen saver? I hope to hear from you soon.
[…] 越狱: http://yifan.lu/2011/12/10/kindle-touch-5-0-jailbreakroot-and-ssh/ […]
Thank you Andrew for commenting about Mud Saad. I could do better.
I meant to say I couldn’t better.
I just want to know if this works with Kindle Touch 5.0.4??? I need to rotate screen to read pdf and i’m trying everything, but until now nothing works.
Hi, Amazon released a new software version 5.1.0. Is your hack is working with this version ? I will like to update for the FRENCH language ;o)
Thanks.
The Jailbreak is not working with the new version 5.1.0. plz fix!
[…] khi đọc pdf). Mình ko hướng dẫn cụ thể vì việc đó cũng ko khó khăn lắm. http://yifan.lu/2011/12/10/kindle-touch-5-0-jailbreakroot-and-ssh/Trong tinhte có người đã hướng dẫn: […]
a quick question, it seems to me that the guy was using a kindle touch with color display. so my question is that how did that guy do it? does it comes with kindle touch or does it have to bejail breaked first? and if so how to do it after wards.
Who are you talking about?
Yifan Lu: how long do you think it will be bfore the new jailbreak comes out?
Well, personally, I’m working more on the vita so I don’t have time for the kindle. However, hopefully, I’m not the only one working on the kindle.
Hi, your jailbreak worked perfectly for my Kindle 4NT. Thanks. Now I’m trying to install the usbnetwork util. Though the Kindle ‘UPDATED’ fine, I cant seem to ssh or use the ; commands from the kindle… was that meant only for the Touch, or will it work for the K4 as well? Thanks.
My device is running version 5.1 - it is the newly released Kindle Touch in the UK. I copy the data.tar.gz file to the root directory, restart the device and… nothing - the file is still there, the locale is still set to en-uk. Any ideas?
Can you disable the browser and mp3 player using this hack? I am trying to find a way to enable parental control on a 14 yr old boy
Hi everyone, I succeded to jailbroken my K touch version 5.1 (just bought here in Italy) using method 3 and after a 10 minutes of PANIC because I could not exit from Diags mode (device_info.xml file problem). Anyway I was not able to make screensaver app working, K just freezes the screen… and nothing else. TNX to Yifan for all this nice work.
Is thre any hack throuh which i can download pdf files(or any file as a matter of fact) with kindle touch experimental browser?
Hello
I’ve tried the jailbreak using the data.tar.gz file that I’ve copied at root’s Kindle After rebooting, the jailbreak’s process was going on, but last very much After 1 hour, no change in the progress bar I turn my KT off and since that moment, it always go on reboot without any error message
Using hard reset don’t work Using diags mode allows me to access KT in USB mode
I’ve tried again the data.tar.gz jailbreak, but it doesn’t work any more. Idem for trying to uninstall jailbreak using update_jailbreak_1.1_k5_uninstall.bin
No result, my KT keeps on rebooting
Have you some idea to reset my KT or anything else so I can use it again
Thanks
@RObert: http://wiki.mobileread.com/wiki/Kindle_Touch_Hacking#Unbricking
Thanks, Eric, for your answer and URL
But I did that already many times :
Any other idea ?
hello,I had try your program to jailbreak my kindle.But when I try to update my kindle from 5.0.0 to 5.0.3,I forget to return my kindle. There are something wrong with my kindle.It stoped at Diags Modle. When I choose D)、D)、Q) to restart my kindle,it will stop at the home page of Diags Modle. What can i do with it?
@Tom: I know it’s been a little while, but if you’re still having the problem, maybe this can help.
I had the exact same issue. Once you’ve done everything you need to in Diags Mode, hook your kindle up to your computer (I believe there’s an option in the Diags menu to have it act as a USB.) Simply delete the .txt that you used to set it to Diags Mode in the first place. Restart your kindle, and voila.
Linux/arm device running some modified Linux? Is there any way to set HOSTS rights to read/write and edit/save this file? =)
the possibility of blocking as many companies as I can from spying; as well as No ad’s on or cheaper systems sounds nice.
[…] para lanzar productos que puedan resistir los ataques que pueden aparecer. Por eso recomiendo leer: Kindle Touch (5.0) Jailbreak/Root and SSH donde se cuentan los detalles para el aparato de […]
Could you please write a post on how to type in a keyboard in a linux PC and watch things show-up on my kindle via ssh? Much appreciated
I did the ENABLE_DIAGS thing, and I couldnt get my Kindle out of diagnostics. It is now frozen and i cannot do ANYTHING.It wont even light up when I push the power button. Plz help.(it said device_info.xml not found when I tryed to disable diagnostics.)0-o
(I also tryed what Jake said to do. It did not work. :P)
[…] Background information on how it works […]
For the 5.1 people.
“But after running one of the tests (I ran a few without checking so I don’t know which one exactly) the xml is created and you can exit diagnostics. If you want, I can enter diagnostics and try the tests one by one to see which one creates the file.
I also deleted the ENABLE_DIAGS file in USB mode while experimenting how to disable diagnostics but I believe that is optional. “
http://www.mobileread.com/forums/showthread.php?t=175182&page=3
or just http://wiki.mobileread.com/wiki/Kindle_Touch_Hacking#data.tar.gz_method
[…] Proceso: Realizando el Jailbrake (Método creado por Yifan Lu) […]
[…] Kindle Touch (5.0) Jailbreak/Root and SSH […]
In my opinion one of the most important options the kindle doesn´t have is the possibility to create subfolders, or to exchange folders via your explorer directly (and keep the folders on your kindle)… Is there a way to do that? Any USB Stick can do that, why doesn´t the Kindle? I have to arrange about 400 PDF Files and with the ordinary “collections” it absolutely doesn´t work… Thanks for any help!
I know this is no Kindle Touch Forum for ordinary questions, but i thought i might just ask the developers :)
[…] 30. JSON-based XSS exploitation 31. Java Applet Same-Origin Policy Bypass via HTTP Redirect 32. Kindle Touch (5.0) Jailbreak/Root and SSH 33. Launch any file path from web page 34. Lotus Notes Formula Injection 35. Multiple […]
I don’t get it it isn’t working for my if someone can email me a detailed video that would be great my email is dominick1096@yahoo.com please and thank you
[…] to your Kindle as “screensaver.png”. Now what we need to do is to jailbreak your KT. Yifan Lu was gracious enough to provide us with a jailbreak a couple of days ago. I won’t dive too far […]
[…] Kindle Touch (5.0) Jailbreak/Root and SSH […]
[…] Kindle Touch (5.0) Jailbreak/Root and SSH […]
[…] Kindle Touch (5.0) Jailbreak/Root and SSH – Non poteva mancare il modo di sbloccare il nuovo ebook reader di Amazon, il Kindle (non il Fire), arrivato ormai alla sua quinta versione. L’analisi dettagliata del sistema operativo equipaggiato a bordo, inotre, rivela ampio spazio alla personalizzazione e alle possibili, future, modifiche. […]
USBNet on my Kindle Touch 3G doesn’t reset password for root. Frimware 5.3.7.2
I have a kindle touch with 5.3.7.3 firmware (The last one). Is there a way to continue using text to speech?
I had use it in spanish for long time thanks to jailbreak software, but now with the new firmware i don´t find the way.
Thank you very mach for your answers