Jailbreaking the Kindle Paperwhite

The Kindle Paperwhite, Amazon’s newest e-ink reader featuring a touch interface with a higher contrast display, is now officially jailbroken.

[geekmaster], the geek master behind this hack, based his jailbreak off [Yifan]’s previous hack  to jailbreak the Kindle Touch. Installation is a snap, and only requires you to upload the data.stgz file to the root directory of the Paperwhite and restart the device. On the next boot, the Paperwhite will be jailbroken, allowing you to do tons of cool stuff with a tiny Linux device connected to an e-ink screen.

We’ve already seen a few really cool uses for jailbroken Kindles including a weather station display and a serial terminal for your Raspberry Pi. Cracking the newer and better Kindle Paperwhite means those e-ink projects you’ve been thinking about building just became much more attractive.

One word of warning from [geekmaster], though: USB downloader mode isn’t yet enabled. If you brick your device, you’ll need to connect your Kindle to a serial port. This shouldn’t be a problem for Hackaday readers, but it is something to watch out for.

Turning a Kindle into a weather display

Since the first time [Matt] saw an e-paper display, the idea of using it as a regularly updated, non real-time display consumed him. It really is the perfect platform for very readable calendars, agendas or, as [Matt] found out, a weather display.

[Matt]’s build uses a server to fetch and parse weather data and forecasts from NOAA. This data is then inserted into an SVG file, rendered, converted into a PNG, and finally converted into a grayscale, no transparency image required by the Kindle.

After the image is crafted by [Matt]’s server, a small script running on the Kindle fetches the image, clears the screen, and displays the image. This entire process happens twice a day, often enough for [Matt] to get a good idea of the weather outside without having to look out a window.

The really striking feature of [Matt]’s build is how good his weather display looks. The wonderful iconography of this weather display comes partly from graphics found on The Noun Project, with a few weather conditions drawn by [Matt] himself. It looks great, and is an awesome example of an excellent use of e-paper.

Tethering a Kindle for free 3G

[Excelangue] just posted a guide to using the free 3G connection in your Amazon Kindle to browse the Internet on your computer.

The hack requires a Kindle Keyboard 3G and the free worldwide Internet access that comes along with the purchase price. After jailbreaking the Kindle and applying a USB network hack, [Excelangue] managed to connect his laptop to the Internet through his computer. The process of tethering the Kindle’s 3G is remarkably easy, but we expect a one-click solution will pop up on the web sometime this week.

Of course we have to note here that tethering a Kindle is against the Amazon terms & conditions, and the data going through your Kindle is tied to a unique ID. If you do this, Amazon knows who you are and is more than likely willing to brick your device. [Excelangue] is looking into tethering to the Kindle over WiFi so Android and iOS devices can get in on the action, but he’s still in the process of experimenting with his build.

Custom screensaver on the non-touch Kindle 4

[Kubbur87] put together a guide to replacing the Non-touch Kindle 4 screensavers with your own images. We’ve already seen a way to remove the Special Offers banners from the newest version of Kindle Hardware, this hack lets you use your own 600×800 Portable Network Graphics (.png) file instead of the images pushed to the device by Amazon.

Frankly, we’re shocked at how easy this hack is. [Kubbur87] puts the device into developer mode, enables SSH, and then goes to work on the Linux shell within. It seems the only line of protection is the root password which he somehow acquired.

After the break you’ll find his videos which show how to enable developer mode and how to perform this hack. By putting a file named “ENABLE_DIAGS” with no extension on the device when it is recognized as a USB storage device you’ll gain access to the diagnostic menu system. From there it’s just a matter of cruising that menu to get SSH access. Like we said, you’ll need the root password, that that’s as easy as naming your favorite video game character from the 1980’s.

Continue reading “Custom screensaver on the non-touch Kindle 4″

Hack removes ads from Kindle ‘Special Offers’ hardware

We figured it wouldn’t be long before someone figured out how to remove the ads from the ‘Special Offers’ versions of the Amazon Kindle hardware. There are two things that made this obvious to us, the huge flaw that lets code be easily run as root, and the MP3 tag forming that makes it possible to unlock the device.

[Pat Hartl] knows his way around a *nix shell, so once he gained SSH access to the device he started a search for the ad images that make up the special offers feature. He found them in a few different places, making backups of the files in an alternate location, then removing them with some simple commands. He even rolled the process into a one-click installer like the Jailbreak package. It makes us wonder if Amazon has a way to tell if your device is not longer pulling down content for these offers?

At risk of sounding preachy, Amazon does offer this hardware without ads for a one-time fee. Circumventing the unobtrusive ads may lead to higher hardware prices in the future, and [Pat] mentions that. He pulled off this hack to show the holes in Amazon’s security, and hitting them in the pocketbook is a powerful way to do it.

Hackaday itself is ad-supported. We run advertisements that do not use sound, popups, or flashing video effects. Remember to turn off your ad-block for our site in order to show your support. Thanks!

How the Kindle Touch jailbreak was discovered

The Kindle Touch has been rooted! There’s a proof video embedded after the break, but the best part about this discovery is that [Yifan Lu] wrote in-depth about how he discovered and exploited a security hole in the device.

The process begins by getting a dump of the firmware. If you remove the case it’s not hard to find the serial port on the board, which he did. But by that time someone else had already dumped the image and uploaded it. We guess you could say that [Yifan] was shocked by what he found in the disassembly. This a ground-up rewrite compared to past Kindle devices and it seems there’s a lot to be hacked. The bootloader is not locked, but messing around with that is a good way to brick the device. The Javascript, which is the language used for the UI, is not obfuscated and Amazon included many hooks for later plugins. Long story short, hacks for previous Kindles won’t work here, but it should be easy to reverse engineer the software and write new ones.

Gaining access to the device is as easy as injecting some HTML code into the UI. It is then run by the device as root (no kidding!). [Yifan] grabbed an MP3 file, changed its tag information to the HTML attack code, then played the file on the device to exploit the flaw. How long before malicious data from illegally downloaded MP3 files ends up blanking the root file system on one of these?

Continue reading “How the Kindle Touch jailbreak was discovered”

Kindle Fire cover from a Moleskine journal

[Kevin Haw] is the proud owner of a brand new Kindle Fire. But to protect the investment he wanted a nice looking case and decided that DIY was the way to go. He ended up repurposing a Moleskine journal as a table cover.

You can do this one yourself in under an hour. Most of the pages in these journals are sewn in place and [Kevin] started by cutting the strings with a hobby knife. Once removed, he used a utility knife to separate the pages that were glued to the cover; this leaves you in the state seen above.

Obviously this unfinished look just won’t do. [Kevin] used some red duct tape duct tape to cover the unsightly spine. This adds strength, and does the job of cleaning up the area, but we might have also applied felt (or microfiber cloth) to the entire inside area for a bit more finished look. The final part is mounting the tablet which was accomplished with adhesive Velcro strips. These can be removed from the back of the Kindle Fire later on if you decided to use a different enclosure.