Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Books Handhelds Hardware Hacking Build

Kindle Touch Gets World's Simplest Jailbreak 161

Nate the greatest writes "Can you play an MP3 file? Then you can jailbreak the new Kindle Touch. A new hack was posted this morning that roots the Kindle Touch/K5 and opens the way for future hacks. The hacker also reveals that the K5 runs on HTML5, which should make it a lot easier to come up with new apps. Epub, anyone?"
This discussion has been archived. No new comments can be posted.

Kindle Touch Gets World's Simplest Jailbreak

Comments Filter:
  • World's simplest? (Score:5, Informative)

    by subreality ( 157447 ) on Saturday December 10, 2011 @05:05PM (#38329444)

    By what metric?

    For the user, rooting the iPhone was pretty easy with jailbreakme.com. Go there, click the button.

    Or do you mean easy for the developer? On HTC phones you basically say "Jailbreak please" and it says "OK."

    • by Anonymous Coward on Saturday December 10, 2011 @05:24PM (#38329616)

      It has the shortest name.

      "Jail ... break .. me ... dot ... com ... this is really complicated."

      "MP3 ?? ooh snazzy"

    • Re:World's simplest? (Score:4, Interesting)

      by ClintJCL ( 264898 ) <clintjcl+slashdot@ g m a i l . com> on Saturday December 10, 2011 @06:26PM (#38330176) Homepage Journal
      That assumes you know jailbreakme is the right site with the right kind of jailbrake. I spent about 3-5 hours trying to figure out how to jailbrake my iPhone (given to me; I'd never buy one) and having gone through several different jailbrake methods before I got one that worked right. And I'm not somebody who doesn't know how to do things. I ultimately had to pop in an IRC channel and speak to actual people. There was a site - jailbrakematrix - which helped explain which jailbrakes work for which versions. Mine was a 2G/iPhone Original. And the jailbrake only worked with the latest firmware, which I had to update.

      So uh, yeah. Playing an mp3 is easier than that.

    • Re:World's simplest? (Score:4, Informative)

      by Atzanteol ( 99067 ) on Saturday December 10, 2011 @06:36PM (#38330282) Homepage

      http://unrevoked.com/ [unrevoked.com]

      Plug in phone. Run app. Make tea. Really the last part was the difficult step.

    • I think there should be more devices like that where you don't have to go through hoops to make changes to your own devices.
    • by tixxit ( 1107127 )
      More examples: To soft mod my Wii, I just viewed a JPEG. For my phone I installed an app then clicked the "root" button.
    • by Kozz ( 7764 )

      On HTC phones you basically say "Jailbreak please" and it says "OK."

      Actually if that's true, I'd like to know. It seems there are plenty of HTC phones mentioned in forums and there are dozens of jailbreak methods listed, and they don't all seem entirely "simple" (certainly far from a one-click).

      • It's not simple for the end user, but it's officially supported on their new phones: http://htcdev.com/bootloader/ [htcdev.com]

        Most of the older ones can be easily rooted by the usual shenanigans; then once you install Cyanogenmod it's yours for life. It's much more pleasant than Apple's obsession with keeping you locked out.

    • by makomk ( 752139 )

      jailbreakme.com was quite complicated behind the scenes; IIRC it had a very carefully implemented exploit for a kernel-mode vulnerability that had to be crafted so as not to crash anything.

  • Doubleplusgood! (Score:5, Interesting)

    by PopeAlien ( 164869 ) on Saturday December 10, 2011 @05:08PM (#38329470) Homepage Journal

    Could this hack be used to protect your ebook purchases so they can't be revoked after the fact 1984 style?

    • by durrr ( 1316311 )
      I find it moderately unlikely that amazon would start revoking your/mine ebooks.
      If you however absolutely need your books free then it shouldn't be all that hard to use the kindle-for-pc version and OCR software to pull them out of the proprietary format. See it as a coding challenge.
      • Re:Doubleplusgood! (Score:5, Informative)

        by subreality ( 157447 ) on Saturday December 10, 2011 @05:23PM (#38329604)

        When the GP said "1984 style", they were referring to the fact that Amazon actually revoked some copies of 1984 in a flash of brilliant irony.

      • ...it shouldn't be all that hard to use the kindle-for-pc version and OCR software to pull them out of the proprietary format...

        Actually, that sounds kinda hard to me :P

      • I find it moderately unlikely that amazon would start revoking your/mine ebooks.

        They pulled/deleted 1984 [pocket-lint.com]

    • by artor3 ( 1344997 )

      First of all, it is highly unlikely that Amazon would ever make that mistake again. But if you're really worried, and not just pandering for karma, then simply copy the ebooks to your computer via USB. Ta-da! You've got a back up. For bonus points, use Calibre to break the (trivial) DRM and convert to your file format of choice.

    • by caseih ( 160668 )

      Backing up your kindle purchases and storing them in a way that Amazon cannot control is easy I've been told, and doesn't depend on any particular Kindle.

  • XSS (Score:3, Interesting)

    by Anonymous Coward on Saturday December 10, 2011 @05:19PM (#38329564)

    So the Kindle was jailbroken by a XSS vulnerability?
    That's cool

    • Re:XSS (Score:5, Insightful)

      by hey! ( 33014 ) on Saturday December 10, 2011 @05:44PM (#38329776) Homepage Journal

      Pretty much. The hack was simply embedding javascript in an MP3 id3 tag.

      While I'm in favor of jail breaking devices, this does NOT make me want to rush out and buy a Kindle Touch (although I was considering it before), because it reveals a flaw in the the device's basic use. Short of restricting myself to Amazon content, I'd have to check every file I use on it for malware.

  • Garden Picnic (Score:5, Insightful)

    by mugnyte ( 203225 ) on Saturday December 10, 2011 @05:20PM (#38329576) Journal

    The walled gardens are full of splendor, as we pay the entrance fee for a reason. Bringing your own picnic, despite the guards, will never be prevented.

  • by mshenrick ( 1874438 ) on Saturday December 10, 2011 @05:28PM (#38329650) Homepage
    for the lazy, the title just contains HTML code to create a button, which runs DD to the MP3 (minus the title tag) to a script, as the author tag is the script source, which is then executed. If you open the properties of the MP3 (OS X's 'get info' works, or you could cat it) the source is pretty well commented
  • by geekprime ( 969454 ) on Saturday December 10, 2011 @05:35PM (#38329716)

    It dosen't disturb anyone that an mp3 can be used to crash this thing and run arbitrary code on it?

    It seems like the fact that everyone "knows" that mp3's are safe and can not give you a virus is not at all true for this device.

    • by izomiac ( 815208 ) on Saturday December 10, 2011 @06:09PM (#38330008) Homepage
      It disturbs me that Amazon would include a javascript command to execute arbitrary native code as root, and doesn't sanitize input. An ID3 tag should not be rendered, especially not with javascript, and especially not in the privileged mode the GUI is given. Making any one of those mistakes is amateurish and indicates that whoever designed this system knows absolutely nothing about security. Beyond that, obviously that person/team was given the autonomy to do this without any kind of oversight, so the device is surely riddled with such defects!

      IMHO, most likely some web developer came up with that idea and is unused to even considering security issues. While you can write a GUI in DHTML and its ilk, it's not necessarily a good idea. When they ran into the easily predicted performance issues, this was their solution. Suddenly, they're no longer playing in the sandbox, but apparently they weren't quite cognizant of the implications.
    • I once downloaded some MP3 files (about 4 years ago) and one of the files puzzled me.

      I had gotten into the habit of deleting all the metadata (and replacing it with my own in order to standardize all my MP3 files). When I deleted the metadata and replaced it with my own, this certain file went from roughly 25kb in size down to 15kb. Of the 14-15 or so files in that group, only one file acted in this manner. The rest in the group either registered no change or 1kb less in size. I actually downloaded the enti

      • Re: (Score:2, Interesting)

        by Anonymous Coward

        You can stick album art in the id3 tag if you want; that could easily be several kb in size. Nowadays people put the cover art in every track: the redundant data isn't half as annoying as trying to manage it separately.

      • by maeka ( 518272 )

        Most likely you cleared album art (as the poster above mentioned) or your tagger was set to remove padding.

        With ID3 tags residing at the start of the file it is common to pad the tags with blank space so that future (longer) edits don't necessitate the rewriting of the entire file. Too Many shitty taggers remove padding by default.

    • It doesen't disturb anyone that an mp3 can be used to crash this thing and run arbitrary code on it?

      Not really. MP3's have been rooting Windows for years now. Ooh, gotta go. Just downloaded Pamela_Anderson_Naked_jpg.exe .

    • One of the first exploits for OS X back in the day was actually malware dressed up as an MP3 with the appropriate headers. It took advantage of a flaw in the header reading code of iTunes to buffer overflow and then use the iTunes memory space to escalate privilege.

      Of course, the flaw in the library was patched pretty quickly, and nobody's tried it again since, but mp3s have been attack vectors for at least 10 years.

    • ...with your ebook reader.

      Not because a browser is included means it's a good idea to do so.

      • by Nimey ( 114278 )

        The newer e-Ink Kindles are limited to only visiting Amazon and Wikipedia, IIRC. Don't have that limitation with the old keyboard versions or the Fire.

    • This isn't a buffer overflow, it's a XSS scripting attack. The mp3's meta data is inserted into a HTML document without cleansing it.

The IQ of the group is the lowest IQ of a member of the group divided by the number of people in the group.