jailbreak

45 Articles

How The Kindle Touch Jailbreak Was Discovered

December 14, 2011 by 15 Comments

The Kindle Touch has been rooted! There’s a proof video embedded after the break, but the best part about this discovery is that [Yifan Lu] wrote in-depth about how he discovered and exploited a security hole in the device.

The process begins by getting a dump of the firmware. If you remove the case it’s not hard to find the serial port on the board, which he did. But by that time someone else had already dumped the image and uploaded it. We guess you could say that [Yifan] was shocked by what he found in the disassembly. This a ground-up rewrite compared to past Kindle devices and it seems there’s a lot to be hacked. The bootloader is not locked, but messing around with that is a good way to brick the device. The Javascript, which is the language used for the UI, is not obfuscated and Amazon included many hooks for later plugins. Long story short, hacks for previous Kindles won’t work here, but it should be easy to reverse engineer the software and write new ones.

Gaining access to the device is as easy as injecting some HTML code into the UI. It is then run by the device as root (no kidding!). [Yifan] grabbed an MP3 file, changed its tag information to the HTML attack code, then played the file on the device to exploit the flaw. How long before malicious data from illegally downloaded MP3 files ends up blanking the root file system on one of these?

Continue reading “How The Kindle Touch Jailbreak Was Discovered”

Wii Homebrew Hack – No Game Discs Required

August 12, 2011 by 50 Comments

Jailbreaking hacks have come and gone for the Wii, ever changing as Nintendo tweaks their software to prevent homebrew from running. Piracy concerns aside, there is a legitimate Wii homebrew scene, and a  new, easy to use tool has been released for those looking to give it a try.

Many of the previous jailbreaks relied on bugs found within official Wii games, but there’s a new kid on the block that requires nothing more than an Internet connection and an SD card. LetterBomb is the latest jailbreaking tool, which was created by an individual named [blasty]. It seems incredibly easy to use, requiring little more than entering your Wii’s MAC address into a web form. The site generates a customized jailbreak file, which your run on your Wii via the SD card – that’s all there is to it!

If I had a Wii, I would be hesitant to enter any sort of globally-unique number that could identify my console into a random web site, but perhaps I am being overly paranoid. Either way, it would be great to see an open-source version of this tool released so that jailbreaks could be done offline, without any risk of having your MAC address recorded.

[Thanks, blurry]

netcast_hack

Hacking LG’s Netcast

April 26, 2011 by 13 Comments

LG released a line of Internet-connected TVs in both the US and Europe that utilize Yahoo TV widgets to bring interactive content to the living room. While it sounds like a great idea in theory, users have been disappointed to find that LG has approved a measly 15 widgets since the TVs were released.

OpenLGTV.org.ru user [xeros] has started working on a project that aims to enable more useful content as well as homebrew widgets. The project is known as OpenLGTV BCM, and not only covers LG television sets, but all sets based on the Broadcom platform.

A ton of progress has been made already, as they have been able to install their own busybox environment as well as open the sets to accept more widgets via some clever signature spoofing. The ultimate goal for the project is to completely divorce the sets from the Yahoo platform and replace it with their own open marketplace.

It’s a great start, and we can’t wait to see what sort of progress they make as time goes on.

[Thanks, T]

Sony Ericsson Promotes Android Bootloader Unlocking

April 14, 2011 by 42 Comments

Sony Ericsson recently added a new section to their developer world portal called Unlocking the boot loader. They provide all the information and tools needed to root some of their newer Android phones.

Of course, this information comes from Sony Ericsson dripping with warnings, disclaimers and warranty-voiding rhetoric. Once you’ve waded through all of that, you’ll have to enter your phone’s IMEI number, your name and email address in order to get your phone’s unique bootloader unlock key. Here’s hoping they don’t use the form information to instantly void warranties.

Unlocking doesn’t come without consequences, but from UI tweaks and performance improvements to custom apps and tethering, there are probably more reasons to unlock your Android device than there are reasons to leave it alone. In an age where people are making a fuss about companies adding stumbling blocks for would-be jailbreakers, it’s good to see that at least one of them is doing what they can to help hackers take the plunge. Anyone want to clear up why Sony Ericsson feels like supporting hackers but Sony sues people for doing similar things on the ps3?

Thanks to [flip] | remixed image credit (cc by-sa 2.0): [taka@p.p.r.s]

Kindle 3.1 Jailbreak

February 23, 2011 by 15 Comments

kindle_3_1_jailbreak

In the constant battle of manufacturers vs. jailbreakers, the turnaround time between a new software release and a new jailbreak seems to be getting shorter and shorter. [Yifan] noticed that a recent Kindle update broke a previous method of running unsigned code and started the search for a new workaround.

He eventually found a way to force the Kindle to run unsigned code based upon how the software update checked for digitally signed files. With that knowledge in hand, he discovered that he could trick the updater to run any file he wanted by exploiting the standard functionality found in the Unix ‘cat’ command.

On his site, [Yifan] provides more details, source code, and a compiled update file that performs the jailbreak for you. Much like the previous jailbreaks we have featured, it is perfectly legal to do, but you do risk voiding your warranty during the process.

[Picture via Amazon.com]

Nook Color Gets Honeycomb

February 1, 2011 by 18 Comments

[Deeper-blue] has released all the files necessary to get Android honeycomb working on your nook color. We had a chance to play with the nook color for a bit, but ours was only on Android version 2.1. It seems like they’ve come a long way with the capabilities of this simple e-reader since then.  While he’s built out the majority of the features, it is still lacking some fundamentals, like sound. As you can see in the video after the break, the scrolling is a tiny bit choppy but the applications themselves see to be fairly snappy. We can’t wait to see how this works after a little improvement.

 

Continue reading “Nook Color Gets Honeycomb”

Permanent Root Exploit Found For G2

November 10, 2010 by 9 Comments

The g2 has finally been rooted. Even though a temporary root exploit was found shortly after the phones release, a NAND lock prevented modifying the non-volatile RAM for a permanent root. Some controversy surrounded the g2 when it was erroneously thought to have a rootkit protecting the OS.  Supposedly the rootkit would watch for changes to the file system and then reset the phone to default settings when any unauthorized changes were made.  On the other hand a NAND lock functions by fooling the operating system into thinking there isn’t any memory available, essentially “locking” the memory in key areas.  Once it was discovered to have the NAND lock it was only a matter of time before the g2 was permanently rooted.  NAND locks have become a popular (and unsuccessful) deterrent employed by device makers to stop the jailbreaking comunity.  While this exploit is nothing groundbreaking it is another notch in the belt for the jailbreaking community and a welcome benefit to g2 users.