knc1 Going Viral



Posts: 17,212 Karma: 18210797 Join Date: Feb 2012 Location: Central Texas Device: No K1, PW2, KV, KOA

Software Jailbreak for PW2, PW3, PW3W, KT2, KV, KOA and KT3 This post is horribly out-of-date.

The dozens of copies and re-writes of this post, posted on the Internet are no better, usually much worse.



The most up-to-date version of these directions should be here:

https://wiki.mobileread.com/wiki/5_x_Jailbreak

Any user of the directions (does not require a membership in this forum or the wiki) can bring it up-to-date when they find something that needs to be changed.

Any user - there is no single person in charge of keeping it up-to-date.



Of course, anything in the Wiki might disappear without warning, discussion, or consultation at the whim of the Wiki moderator(s).

https://www.mobileread.com/forums/sh...d.php?t=293647



Spoiler:

Software jail break for the 6th, 7th, and 8th generation devices listed in the title.

Software jail break for the 9th generation device (KOA2) still requires some work.

The KOA2 "hotfix" package does not auto-reinstall the jail break. No ETA on a resolution.



Step #1 below describes how to learn what nickname your device has here based on its serial number.



Will this jail break work on my current firmware?

If the third field of your firmware version number: 5.8. 7 .0.1 is larger than 7 this jail break will not work on your device.

That means it will not work on: 5.8.8, 5.8.9, 5.8.10, ..., 5.8.99999999.

Please do not even think of asking if this message still means what is written. The message is kept current.



There is a single, complex, special case for 5.8.9.0.1 firmware version. If you get a Kindle with that firmware version, please just post in this thread before you do anything to it, your device **might** be one of the rare exceptions.



If jailbroken on an earlier firmware version, the jailbreak is known to survive the update to either 5.8.8, 5.8.9, 5.8.9.2, 5.8.10, 5.8.11.

Untested with an update to 5.9.2

It should survive an update to any firmware version. It is designed to be viral.



None of our add-ins are protected across updates, you must always re-install them.



The G090LK, G090LL (Black and White, PW-3, 32GB, Wifi only) models along with the corresponding two Wifi+3G versions are partially supported.

See:



Testing (touchscreen devices listed in title):

Attached below is a "Dummy" installation package which will test the jail break installed on your device.

If it runs, your JB is complete. If it fails to run, your JB is missing or damaged.

This dummy install package will not install anything, only write a report document in the top level of visible USB storage (dummy_updatetest.log, example attached below).

If this test package fails to write its report, follow these directions exactly and completely Step #0 to and including Step #8.

Spoiler: Download the attached archive. Open the archive.

The archive contains a single directory, "Dummy", all contents are in that directory. From the archive contents in the "Dummy" directory, move the file: Update_dummy_0.0.N.bin to the /mrpackages directory of your Kindle.

If you do not have a /mrpackages on the visible root of your kindle, you either have a damaged JB or the JB was never installed. Trigger the test package installation either from KUAL or from the main search bar: Code: ;log mrpi



PW-2 users running firmware 5.4.4.2 or older, go directly to:

PW-2 Early firmware versions, jail break



For prior (grayscale) Kindle models, see:

Legacy devices, jail breaks



Credits:

Spoiler: NiLuJe - for discovering the initial factory update could be recovered. PW-2

knc1 - for posting the 'HowTo' and recovering the KT-2 and PW-3 initial updates.

Forum members - several members who recovered and provided initial update images for the KV.

knc1 - recognition that the factory initial update could be re-installed on any (matching) customer model.

Branch Delay - the original software jb for version 5.6.5 and the generic jb for initial factory images.

Branch Delay, NiLuJe, Geekmaster - initial testing of the method.

Geekmaster - archivist of the off-site Kindle recovery resources.

knc1, Geekmaster, NiLuJe, kindlefere - server resources.

NiLuJe, Ryccardo, eschwartz - recognizing and testing of the source of the hung Kindles problem.

Forum member - who recovered the image required to create Oasis support.

eeeee - who recovered the image required to create updated, PW-3 and PW-3W support.

ktwombley - who recovered the image required to create KT3 support.

eschwartz - now the maintainer of Branch Delay's factory image jail break.

eschwartz, NiLuJe, others - New menu launcher for Oasis (KOA) and other models.

The first public announcement was made by Hackaday, see:

https://hackaday.com/2016/07/09/a-ja...-every-kindle/

Which can take credit for many of this thread's views. A long list of a lot of work done over a period of more than a year. Work that is continuing.

This downgrade attack did not happen over-night nor was it the work of any one person.

A long list of a lot of work done over a period of more than a year. Work that is continuing.This downgrade attack did not happen over-night nor was it the work of any one person.

Release Policy:

It is our policy to use a 'single point of maintenance' model for our released items, with one exception: NiLuJe's snapshots, use: (filter prefix: tools, show threads).

Users should always check the snapshot thread for the most recent build of our after-market add-ins. Make Ready:

Consider the following bullet list a "Step #0" that can be done in any order. For some firmware versions, your Kindle must be registered with Amazon to access the required menus. The general rule to cover all versions, is: If not yet registered, do that now.

Read the rest of this specific section before connecting to the Internet. Some of the more recent firmware versions are very aggressive about doing an OTA (Over The Air) update.

Which will currently update to a version that can not be jail broken. Currently the best way to avoid OTA updates is to add the OTA blocker directory (folder) name to the top level of visible USB storage.

The blocker directory is named: update.bin.tmp.partial

Use that exact name, no additional extension, no contents.

be registered with Amazon to access the required menus. Remove any device passcode or parental control passcode you may have set.

If you have an ad supported (Special Offers) model consider unsubscribing it at your Kindle account.

If you do unsubscribe from special offers, be sure to give your Kindle enough time on-line for Amazon's servers to update its local status files.

If you do unsubscribe from special offers, be sure to give your Kindle enough time on-line for Amazon's servers to update its local status files. Is your Kindle fully charged?

Get started with that now, put it on a wall charger to be certain.

Get started with that now, put it on a wall charger to be certain. Only do one step at a time.

They are intended and designed to be done one at a time.

At the completion of a step, if the file you previously put at the top level of visible USB storage is still there, remove it.

They are intended and designed to be done one at a time. At the completion of a step, if the file you previously put at the top level of visible USB storage is still there, remove it. Your Kindle should remain off-line (in airplane mode) during this procedure. Step-by-Step: Positively identify the nickname of your Kindle model from the serial number.

Use four of the first six characters, older Kindles: xxxx xx, newer Kindles: xx xxxx in this table:

Serial Number Nicknames

The factory images **are not** model locked, your care taken with this step is your Kindle's only protection! If not found in the table, STOP HERE and tell us. Prepare your Kindle for running an earlier version of the firmware.

The Kindles have two user storage areas, the one seen over the USB cable and a hidden one.

The process that wipes the hidden one will also wipe what can be seen over the USB cable.

Spoiler: Make backup copies of the contents of /documents

You are about to wipe them all out, if you have them pushed to your Kindle's cloud, you should be covered.

You should not need copies of the contents of /system - the 'system' should re-build them for you.

You are about to wipe them all out, if you have them pushed to your Kindle's cloud, you should be covered. You should not need copies of the contents of /system - the 'system' should re-build them for you. Do not copy the contents of /documents back to the Kindle until after you have returned to the same firmware version that you copied them from.

The indexer might go crazy if you try anything else than 'back to same place, with same version running'.

The indexer might go crazy if you try anything else than 'back to same place, with same version running'. You are about to lose all personalization of your kindle.

You can't reach that hidden directory they are stored in and it is this database that causes most of the problems, so it MUST go.

You can't reach that hidden directory they are stored in and it is this database that causes most of the problems, so it MUST go. Home -> Menu -> Settings -> Menu -> Reset

Or whatever the path is on your current firmware version.

This is the infamous "Reset (to factory defaults)" menu choice, but in this case it is a requirement, a must use entry.



This is the ONLY TIME you should ever use the Reset menu entry in the lifetime of the device because it wipes out the jail break survival code that is about to be added in step 6 below.

NEVER AGAIN USE THE "Reset" MENU ENTRY.

Never, ever, unless you intended to wipe out the jailbreak survival code. Which you really, really, need.



If you should happen to trigger the "Reset" action by accident (nobody does it intentionally after reading the above), you can find a package on coplate's snapshots thread that will restore the jailbreak survival code you just destroyed.

The special purpose package linked above is placed in the root of visible USB storage and run using UYK menu entry.

It is intended to install without MrPI even on customer firmware builds as recent as the 5.8.10 version.

Download your model's initial factory firmware image to your computer from one of these (IPv4 only) links.

The *.md5 validation file may be used to confirm that the download was complete and correct. Primary (Confirmation panel but no wait delay.)

Spoiler : KOA

factory_KOA_5.7.4_initial

factory_KOA_5.7.4_md5 KV

factory_KV_5.5.0_initial

factory_KV_5.5.0_md5 KT3

factory_KT3_5.8.0_initial

factory_KT3_5.8.0_md5

KT2

factory_KT2_5.6.0_initial

factory_KT2_5.6.0_md5 PW3

factory_PW3_5.7.4_initial

factory_PW3_5.7.4_md5 PW2

factory_PW2_5.4.3.2_initial

factory_PW2_5.4.3.2_md5

(Confirmation panel but no wait delay.) Secondary

Spoiler : KOA

factory_KOA_5.7.4_initial

factory_KOA_5.7.4_md5 KV

factory_KV_5.5.0_initial

factory_KV_5.5.0_md5 KT3

factory_KT3_5.8.0_initial

factory_KT3_5.8.0_md5

KT2

factory_KT2_5.6.0_initial

factory_KT2_5.6.0_md5 PW3

factory_PW3_5.7.4_initial

factory_PW3_5.7.4_md5 PW2

factory_PW2_5.4.3.2_initial

factory_PW2_5.4.3.2_md5

After validating the downloaded file, transfer the initial factory image from your computer to your Kindle.

Do not panic if the update is not immediate, it usually takes 10 minutes or longer.

If there is not a very noticeable delay and when you check USB storage the file has disappeared, that means this method will not work on the firmware version currently installed on your Kindle.

Spoiler: Connect Kindle to PC with the USB cable. Place the downloaded update_*.bin file in the topmost, visible level of USB storage (alongside of /documents). Eject and/or Safely Remove (term depends on OS) the Kindle, USB storage. Remove the USB cable. Home -> Menu -> Settings -> Menu -> Update Your Kindle Confirm Wait

** The PW-2 is a special case at this point in the directions ** Use the prior 'universal jailbreak' from this post:

Old Universal Jail Break After completing those directions, skip the next two steps here and continue with Steps #7 and #8 below. Download and install the current version of Branch Delay's factory firmware jail break. This step installs two files, our signature certificate and a 'Jail Broken' document.

If the 'Jail Broken' document is not on your Kindle in the /documents folder after the completion of this step, then the certificate is not on it either!

If this happens to you, stop here and post about the problem, there is no reason to continue if the JB is now missing.

The current version is attached to its release post, see:

Factory Image Jail Break

Spoiler: Connect Kindle to PC with the USB cable. Place the downloaded file (an archive - as is) in the topmost, visible level of USB storage (alongside of /documents). Eject and/or Safely Remove (term depends on OS) the Kindle, USB storage. Remove the USB cable. Home Search bar, enter:

Code: ;installHtml

Yes, the semi-colon is part of the search bar command string. Download and install the current 'hotfix'

The current version is attached to its release post, see:

Jail Break Survival Code

Spoiler: Unarchive the release archive package. Connect Kindle to PC with the USB cable. Place the Update_jailbreak_hotfix_*_install.bin in the topmost, visible level of USB storage (alongside of /documents). Eject and/or Safely Remove (term depends on OS) the Kindle, USB storage. Remove the USB cable. Home -> Menu -> Settings -> Menu -> Update Your Kindle Confirm Wait You can now update your Kindle to a newer firmware version, the jailbreak will survive. Current firmware version by OTA:

Allow the Kindle to connect to the Internet and wait.

It will update over the air to the current firmware version

OR:

Allow the Kindle to connect to the Internet and wait. It will update over the air to the current firmware version Manual download from Amazon and install a selected firmware version. To prevent OTA updates, add the OTA blocker directory (folder) name to the top level of visible USB storage.

The blocker directory is named: update.bin.tmp.partial

Use that exact name, no additional extension, no contents. You can get any released firmware version from the Amazon download server.

The following gives direct links to the Amazon USA download server for selected firmware versions.



Note that older versions in some countries, such as Germany, use different builds than the ones in this list.

In those cases, use instead the download link(s) you would normally use.

The technique of only changing the numerical version in those URLs to select older versions is expected to work the same as on the USA servers.



It has also been discovered that most recent versions are no longer geographically different.

The change **might** have happened at about the same time Amazon changed their download organization (@ fw-5.8.5 in this list).

Amazon

Spoiler : KOA

customer_KOA_5.7.4_update

customer_KOA_5.8.1_update

customer_KOA_5.8.2_update

customer_KOA_5.8.5_update

customer_KOA_5.8.7.0.1_update KV

customer_KV_5.7.4_update

customer_KV_5.8.1_update

customer_KV_5.8.2_update

customer_KV_5.8.5_update

customer_KV_5.8.7.0.1_update KT3

customer_KT3_5.8.1.1_update

customer_KT3_5.8.2_update

customer_KT3_5.8.5_update

customer_KT3_5.8.7.0.1_update KT2

customer_KT2_5.7.4_update

customer_KT2_5.8.1_update

customer_KT2_5.8.2_update

customer_KT2_5.8.5_update

customer_KT2_5.8.7.0.1_update PW3

customer_PW3_5.7.4.1_update

customer_PW3_5.8.1_update

customer_PW3_5.8.2_update

customer_PW3_5.8.5_update

customer_PW3_5.8.7.0.1_update PW2

customer_PW2_5.7.4_update

customer_PW2_5.8.1_update

customer_PW2_5.8.2_update

customer_PW2_5.8.5_update

customer_PW2_5.8.7.0.1_update

All of the models covered in this thread must use one of the two following installation methods for update_*.bin name format packages.

The KOA and KT3 owners must use the new installation methods.

The other device models may use either the old or the new installation methods.

Spoiler: Any of our after-market add-ins, with an update_*.bin format filename requires the use of the Mobileread Package Installer (MrPI). Get the MR Package Installer from the KUAL and KUAL extensions section of:

https://www.mobileread.com/forums/sh...d.php?t=225030

from the KUAL and KUAL extensions section of: https://www.mobileread.com/forums/sh...d.php?t=225030 This is an "un-archive to top level of visible USB storage" package.

Be sure that the un-archive tool you use has options set to create directories.

Be sure that the un-archive tool you use has options set to create directories. KOA and KT3 owners:

You must run the installer with your new, search bar command: ;log mrpi

Other models covered in this thread may do the same or may run it from KUAL. Nearly all of our after-market add-ins require an application launcher. Get the KUAL package from the KUAL and KUAL extensions section of:

https://www.mobileread.com/forums/sh...d.php?t=225030

package from the KUAL and KUAL extensions section of: https://www.mobileread.com/forums/sh...d.php?t=225030 Beginning with version 2.6.40 of the release, the archive contains three (3) different builds of KUAL.

The 'keyboard' version, the '(old) touchscreen' version, and the new 'KOA, KT3' version.

The 'keyboard' version, the '(old) touchscreen' version, and the new 'KOA, KT3' version. This is not a substitute for reading the README.txt file included in the archive bundle, but ... KOA and KT3 owners:

You must use the update_*.bin format package of KUAL and you must use the MrPi installer to install it. Other devices:

The archive still contains the previous 'document' style of KUAL, used by just placing the (correct) KUAL document into the /documents folder of USB storage.

Note: The new (update_*.bin format KUAL) will run on all touchscreen devices running firmware 5.1.2 or newer.

"Nearly all applications require an application launcher" - I was expecting someone to ask . . . .

KUAL is one of the applications that does not required an application launcher.

It has a mime type associated with it that tells the system how to run it, when it is selected.

These update_*.bin package name format packages must be re-installed after each firmware update.

The MrPI application can handle multiple update_*.bin packages at the same time, just put them all in /mrpackages and trigger MrPI. Software jail break for the 6th, 7th, and 8th generation devices listed in the title.Software jail break for the 9th generation device (KOA2) still requires some work.Step #1 below describes how to learn what nickname your device has here based on its serial number.That meanson: 5.8.8, 5.8.9, 5.8.10, ..., 5.8.99999999.Please do not even think of asking if this message still means what is written. The message is kept current.There is a single, complex, special case for 5.8.9.0.1 firmware version., your device **might** be one of the rare exceptions.If jailbroken on an earlier firmware version, the jailbreak is known to survive the update to either 5.8.8, 5.8.9, 5.8.9.2, 5.8.10, 5.8.11.It should survive an update tofirmware version. It is designed to be viral.See: https://www.mobileread.com/forums/sh...d.php?t=291336 Attached below is a "Dummy" installation package which will test the jail break installed on your device.If it runs, your JB is complete. If it fails to run, your JB is missing or damaged.This dummy install package will not install anything, only write a report document in the top level of visible USB storage (dummy_updatetest.log, example attached below).If this test package fails to write its report, follow these directionsStep #0 to and including Step #8.It is our policy to use a 'single point of maintenance' model for our released items, with one exception:Consider the following bullet list a "Step #0" that can be done in any order. This post is horribly out-of-date.The dozens of copies and re-writes of this post, posted on the Internet are no better, usually much worse.The most up-to-date version of these directions should be here:Any user of the directions (does not require a membership in this forum or the wiki) can bring it up-to-date when they find something that needs to be changed.- there is no single person in charge of keeping it up-to-date.Of course, anything in the Wiki might disappear without warning, discussion, or consultation at the whim of the Wiki moderator(s). Attached Files install_test_dummy.zip (11.9 KB, 7301 views) dummy_testupdate.txt (13.5 KB, 5643 views) adrive_md5_all.zip (1.6 KB, 2637 views) Last edited by knc1; 01-05-2018 at 10:53 AM . Reason: post status