Sunday, October 13, 2013

Kindle, jailbreak, ads and custom screensavers!

I said I was thinking about buying an ereader but I had some other financial priorities... Well, my sister was going to spend a week in the USA and I asked her to bring me a Kindle Paperwhite (the old one, not the recently launched one).It's great. It's VERY comfortable reading on it, whether with natural lighting or using the built in LEDs. I ended up also getting the official Amazon cover, although I did find it very expensive. The Kindle PW's price is US$ 120,00 (ad supported, no 3G) and the cover costs US$ 40,00, one third of the price of the Kindle! Anyway, the whole toy ended up costing US$ 160,00.

The first thing I did when I got my hands on it was to load some books with Calibre. It was very straightforward, no problems there. But searching around the web, I started reading about jailbraking and some nice programs you can run on your Kindle once it's jailbroken. So, I absolutely had to jailbreak it! My first goal was to run the custom screensaver hack, which enables you to use custom screensavers (duh!).

I'll post all the stuff I did to my Kindle PW (KPW for now on, OK?), some kind of "tutorial". Bear in mind that I do not guarantee this will work on any other KPW. If you try to follow these steps and your Kindle ends up bricked or screwed up in anyway, it was your own fault (not mine, your fault)! All the steps were done on a Linux box (Arch Linux box!). Oh, and an advice one should always follow: read the readme files for everything you want to install on your Kindle!

So, the first thing was to downgrade the firmware. It's only possible (at the moment, at least) to jailbreak a KPW on the following firmware versions: 5.2.0 - 5.3.1, 5.3.4 and 5.3.5.  Mine came with the version 5.3.6 so I had to downgrade it to 5.3.5, at least. So that's what I did, downgraded the firmware to version 5.3.5. To check the firmware version on a KPW, just go to Settings -> Device Info. One can google for links to the firmware files, but I got mine here. I just downloaded the update_kindle_5.3.5.bin file, placed it the "root" (see note 1 below) directory and went to Settings -> Update Your Kindle. After a few minutes the KPW restarts and one can check (as already mentioned) that it's running the older firmware. A few notes on the procedure I just described:

1) What I meant but "root" was the root directory when one plugs the KPW on a usb port. The KPW is recognized as a disk so the file update_kindle_5.3.5.bin should be put on this root dir, but it's not the root dir of the KPW (if you follow this "tutorial", you'll be able SSH or telnet into the Kindle and you'll be able see the actual root :P).

2) It's a good idea to turn on the Air Plane mode while updating/hacking your Kindle. You never know when Amazon is going to try to push an update on your device (there's a easy way of blocking this, which I'll get to later) or what the hell your Kindle is going to download from Amazon's servers at a random time (ads, special offers, etc.).

3) I searched the web but I couldn't find the md5sum of the file (or any other), so in case anyone is interested:

$ md5sum update_kindle_5.3.5.bin 
b1b4b304fa0751c9b00f826a10af2e6f  update_kindle_5.3.5.bin

$ sha256sum update_kindle_5.3.5.bin
4b4d4af9ac88244bae1ae0a8d256431b951f74df069829ed3bbe9c2a880ef5aa  update_kindle_5.3.5.bin

This post has the files for the jailbreaking and all the info on how to do it. It's quick, easy and painless. What the jailbreak actually does is enable your Kindle to run code that is not signed by Amazon. The jailbreak installs:

1) The jailbreak itself;
2) The jailbreak bridge (to allow your device to keep jailbroken after and update);
3) Kindlet dev certs (certificates of developers from http://www.mobileread.com) (Kindlet = Kindle apps);
4) The Rescue Pack (this allows one to SSH to the Kindle on diagnostics mode);

Anytime one updates the firmware, it's necessary to install the dev certs and the rescue pack again (the rescue pack is optional, but the developers highly recommend to install it). The standalone versions of these apps are on the jailbreak post I linked above.

Next I installed KUAL, the Kindle Unified Application Launcher. This is an application that launches other applications (Kindlets). This post has all the files and details needed. Again, easy and quick to install. Read the instructions and the readme files.

Next, I wanted to install the screensaver hack, but there was a problem: my KPW is ad supported. What this means is that the screensavers always show Amazon ads and the screensaver hack does not overcome theses ads. So I had to disable them. Searched the web and found this. To disable the ads, I had to install USBNetwork, which enables one to SSH into the Kindle. Download the Kindlet from this post and read the readme (and I mean really read it!).

After installing it, I plugged my KPW on the usb port and copied my authorized_keys file from my desktop to the usbnet/etc/ dir on the KPW. Now my I can use my RSA key to SSH into the Kindle. Then I had to actually login to the KPW. So I ejected it and typed the following on the KPW search field to start the USBNetwork:

;un

On KUAL, I checked the USBNetworking status and indeed it was on. Now I had to "give" an IP address to the KPW's usb interface. To find out it's name, simply do a dmesg | tail:

[  985.062730] sd 6:0:0:0: [sde] Synchronizing SCSI cache
[  985.062814] sd 6:0:0:0: [sde]
[  985.062817] Result: hostbyte=0x01 driverbyte=0x00
[ 1051.320899] usb 5-1.3: new high-speed USB device number 7 using ehci-pci
[ 1051.422464] cdc_subset: probe of 5-1.3:1.0 failed with error -22
[ 1051.423861] cdc_subset 5-1.3:1.1 usb0: register 'cdc_subset' at usb-0000:00:1a.0-1.3, Linux Device, 16:5e:0f:19:78:6a
[ 1051.423891] usbcore: registered new interface driver cdc_subset
[ 1051.423935] cdc_ether: probe of 5-1.3:1.0 failed with error -16
[ 1051.423980] usbcore: registered new interface driver cdc_ether
[ 1051.442298] systemd-udevd[8832]: renamed network interface usb0 to enp0s26u1u3i1

Okay, here's the KPW: cdc_subset 5-1.3:1.1 usb0: register 'cdc_subset' at usb-0000:00:1a.0-1.3, Linux Device, 16:5e:0f:19:78:6a

And the name of the usb interface: systemd-udevd[8832]: renamed network interface usb0 to enp0s26u1u3i1

OK, now let's give and IP address to the interface:

sudo ifconfig enp0s26u1u3i1 192.168.15.201

Now to SSH to the KPW:

ssh root@192.168.15.244

Or, you can telnet into the KPW with telnet 192.168.15.244. Telnet logs you in as root and will ask for no passwords. It's best to make sure SSH works, so that one can later enable SSH over Wifi and disable the telnet daemon for good (read the f***ing readme file!!!!).

Now that SSH works, to set up my public key on the SSH server, I simply copied my ~/.ssh/authorized_keys on my desktop to usbnet/etc/authorized_keys directory on the Kindle (path relative to mounting the Kindle as a mass storage device). The authorized_keys is just a text file that lists the public keys allowed to be used on authenticating incoming connections. Although, remember that the public key stays on the server and the private with the client. Also, keep your private key safe and change your key pairs periodically.

All right, at this point, I was able to SSH to my jailbroken KPW running firmware 5.3.5 with my RSA key through the usb interface. Now it was time to see if the ad disable hack would actually work, because only then I would be able to use custom screensavers. After SSHing to the KPW I did the following commands (in parenthesis is the description of each command):

mntroot rw (to make the filesystem writable, just like the big notice says);
cd /var/local (change dir to /var/local :P);
ls -l (just a ls... :P);
stop framework (this stops the Kindle framework!);
mv adunits adunits.bak (renames the directory adunits to adunits.bak);
touch adunits (creates a file named adunits);
chmod 000 adunits (makes the file adunits unreadable, unwritable and unexecutable to every user);
start framework (restarts the framework);
exit (closes SSH connection :P)

So what was actually done? The dir adunits was renamed (in case one wants to undo the deed) and a unreadable, unwritable and unexecutable file named adunits takes its place. Now, the ads were over (except for the one in the bottom of the home screen, but as far as I know, every Kindle has this, even the ones that are not ad supported).

OK, now that the ads are gone and the regular screensavers appear, it's time for the custom screensaver hack! This post has everything needed to install the custom screensaver hack, the files and the instructions. It's pretty straightforward.

Anyway, this is written on the readme:

One the PaperWhite: PNG files, 758x1024. Grayscale if possible, but color works too (you can even play with an alpha channel if you like).

I wanted to use Escher's drawings as my screensavers, as he's drawings are fantastic and most of them are grayscale! So I went to google images and got some Escher's drawings (actually I got them all from here). The problem was that they were all jpeg files and none matched the desired resolution (one has to read the readme files!). So, I had to convert them. To do this, I used imagemagick. I already talked (briefly) about it on some other post, I don't recall which. Anyway, I simply put all the .jpg files on a directory (~/test), created a dir name resized inside the ~/test dir and did the following command inside ~/test:

for i in $(ls *.jpg); do convert $i -resize 758x1024\! ./resized/$i.png; done

OK, so this does is a for loop and runs the command "convert $i -resize 758x1024\! ./resized/$i.png" where $i is each file that ends with a .jpg (see the ls *.jpg). This program "convert" comes with imagemagick and it converts each .jpg file to a .png file with the 758x1024 resolution and places the new png files on the resized dir. The \! after the 758x1024 resolution tells convert to ignore the aspect ratio, so yes, some files are kinda distorted but nothing too drastic.

Now I had the .png files I wanted on the correct resolution, but there was still something that irritated me: the files names were something.jpg.png, and I wanted to get rid of the .jpg in the middle of them! So had to do the following inside the ~/test/resized dir:

for i in $(ls *.png); do mv $i ${i/.jpg/}; done

This does is a for loop and renames the something.jpg.png files to something.png files, it simply replaces the .jpg with nothing (it dumps the .jpg string). For more information, check the String Replacement topic here.

Now I had to simply plug my KPW on the usb port and copy the .png files with the correct resolution on the linkss/screensavers folder. In case anyone wants my converted Escher's drawings, they are here (some are colored, but they do work). They're already on the correct format and resolution.

Great, now I had the custom screensavers and I wanted to test if the ads hack indeed worked. So I turned on the Wifi (remember, leave the Airplane Mode on when hacking/updating the Kindle!) and left it alone for a few minutes. The KPW downloaded the usual ads (those on the bottom of the home screen) but not the screensaver ones. Great, it had worked!

So I left the KPW alone (with the Wifi on) and had dinner with my wife. After the dinner, I noticed that I couldn't get into KUAL. When I checked the firmware version, I found out it had been updated to version 5.3.8. F***ing Amazon! This is what I see when I do a ls -l on the /var/local dir of the KPW:

drwxr-xr-x    X root     root          XXXX Month  X ZZ:ZZ adunits
drwxr-xr-x   XX root     root          XXXX Month  X ZZ:ZZ adunits.bak
and some other stuff...

The file adunits was removed and the adunits dir is there again (see the d in drwxr-xr-x for adunits?). So, I had to downgrade the firmware again and reinstall pretty much everything, but this time I also installed the BackDoorLock hack to prevent Amazon's silent firmware upgrade pushes. Since I had to downgrade, I went to firmware version 5.3.4 in order to try JBPatch. This program enhances the Kindle experience enabling hyphenation and other cool features Amazon doesn't enable with their firmware. Again, I couldn't find the md5sum (or any other) of the 5.3.4 firmware update. In case anyone is interested:

$ md5sum update_kindle_5.3.4.bin
579c8d8f6f38111e1e02105349505b42  update_kindle_5.3.4.bin

$ sha256sum update_kindle_5.3.4.bin
0ae75cb10e29f288d3244a8a0619b31a2fa59eef3cf30cdca3fdfdc2ee33201d  update_kindle_5.3.4.bin

Anyway, after downgrading to 5.3.4, I installed JBPatch, and I have to say it rocks! For now I only fiddled with the hyphenation patch and it works great.

Also, after looking some more about removing ads, I saw some posts (this and this) about the .assets directory under the system dir when you plug the KPW on the usb port (full path: /mnt/us/system). So I SSHed into the KPW and renamed the .assets dir to assets.bak and created a .assets file to take it's place. I turned the Wifi on for a few hours and so far no ads whatsoever, even the ones on the bottom of the home screen are gone (there's just that message "make sure your kindle is connected to the internet", or something like that)! So, considering the 5.3.4 firmware version, apparently, doing these two things (/var/local/adunits chmodding and /mnt/us/system/.assets replacement) make all ads disappear.

So, I guess that's it. I spent too much time hacking the KPW, time to do some actual reading!

Edit1: Forgot to mention how I set up my public key on the SSH server on the Kindle PW.
Edit2: Since md5 is broken (for some time already), I also posted the sha256 sums of the two firmware files I used.