Branch Delay Connoisseur

Posts: 93 Karma: 1699999 Join Date: Aug 2015 Device: Voyage





5.6.5 only, only tested on PW2/PW3 English firmware. Probably should hard reset before doing this. Up to you.



Copy jb to /mnt/us. (root directory mounted when attaching kindle to a computer)

Serve up jb folder on port 80 on a web server.

DNS redirect "a" to the web server via man in the middle, changing the server name on your network, adding an entry to your DNS server on your router, etc. (if you specify a wireless network and click advanced, you can put in a static DNS server)



i.e. after all of this, browsing to a should open up index.html.



Open the browser on the kindle, browse to the url "a". (with no quotes)

Read instructions.

Pray.

If it succeeds, you can then run NiLuJe's bridge update pack to complete the jailbreak. This just installs the developer key.



https://www.mobileread.com/forums/sho...postcount=1597



Will potentially put up a much easier method this weekend. Also will throw up an explanation sometime in the future.



Special thanks to Cyril for the CVE/original POC, the Gateway 3DS team for a slightly enhanced heap spray, NiLuJe for way too much, and Amazon for fixing it up. Attached.5.6.5 only, only tested on PW2/PW3 English firmware. Probably should hard reset before doing this. Up to you.Copy jb to /mnt/us. (root directory mounted when attaching kindle to a computer)Serve up jb folder on port 80 on a web server.DNS redirect "a" to the web server via man in the middle, changing the server name on your network, adding an entry to your DNS server on your router, etc. (if you specify a wireless network and click advanced, you can put in a static DNS server)i.e. after all of this, browsing to a should open up index.html.Open the browser on the kindle, browse to the url "a". (with no quotes)Read instructions.Pray.If it succeeds, you can then run NiLuJe's bridge update pack to complete the jailbreak. This just installs the developer key.Will potentially put up a much easier method this weekend. Also will throw up an explanation sometime in the future.Special thanks to Cyril for the CVE/original POC, the Gateway 3DS team for a slightly enhanced heap spray, NiLuJe for way too much, and Amazon for fixing it up. Attached Files jb.zip (3.4 KB, 8255 views) Last edited by Branch Delay; 02-05-2016 at 10:55 AM .