Thursday, August 27, 2015

Kindle paperwhite 2015 full jailbreak writeup

This is a post I've been meaning to write for a while now, a complete writeup for how to jailbreak the kindle paperwhite 2015. Credit for figuring out the serial connection details and the debug password goes to hondamarlboro and credit for the original jailbreak goes to NiLuJe.


In the newer models, Amazon has removed the ability to jailbreak easily via .bin files. The method I used to hack mine involves using the built in serial port, so if you don't feel comfortable soldering to the board of your new kindle, this probably isn't for you.

The front panel of the kindle is glued on, I used a guitar pick to peel it off from the edges. The back is held on by small star-head screws.

Taken apart kindle
Once you have the kindle apart find the area on the board where it says 'SERIAL DEBUG'. Beneath it are three contacts, Tx, Rx, and GND from left to right.

Orange:Tx White:Rx Green:GND

I used an Adafruit FTDI Serial to USB cable to connect to the kindle.

Next you'll need to go under settings, then device info on the kindle to find your serial number. The root password for debug mode can be found with the following python script:

python2 -c 'import hashlib,sys;print "fiona%s" % hashlib.md5("%s\n" % sys.argv[1]).hexdigest()[13:16]' YOUR_SERIAL_NUMBER

Connect to the kindle at 115200 baud and reboot it. When it says 'Hit any key to stop autoboot:' hit a key. At the uboot> prompt, enter 'bootm 0xE41000'.


On the screen that pops up, tap (o)-Reboot or Disable Diags Then on the next screen tap (EXIT LOGIN) Log in using the login: root and the password you got earlier.


The next step is to set a normal root password so you can log in normal, non-debug mode. Run the following commands to do that:

# mount /dev/mmcblk0p1 /mnt/mmc
# chroot /mnt/mmc
# /usr/bin/passwd
# exit
# reboot

Once the kindle boots you can login as root using the password you just set. Plug the kindle in via USB and copy this jailbreak package to the root of the device, then eject the kindle. Now from the serial connection, run the following:

# mntroot rw 
# mkdir /tmp/jailbreak
# cp /mnt/us/kindle2015_jailbreak.zip /tmp/jailbreak/
# cd /tmp/jailbreak
# unzip kindle2015_jailbreak.zip
# chmod a+x install.sh
# ./install.sh

It'll spew a lot of output and take a little bit, but after that, you're entirely  jailbroken! I now suggest grabbing a copy of KUAL and seeing what your newly freed little Linux machine can do.

**EDIT: If you're having trouble getting kterm to start, copy this package to the USB root of the kindle and run the following:

# mntroot rw
# cp /mnt/us/libpng.tar /libpng.tar
# cd /
# tar -xvf libpng.tar
# rm libpng.tar
Posted by at 1 comment:
Subscribe to: Posts (Atom)