Kindle

Author: Alberto Bertogli (albertito@blitiri.com.ar)

Contents

Introduction

I recently bought an Amazon Kindle 4 NT (No-Touch), the most basic Kindle as of the end of 2012.

I wanted to use it for reading random articles from the internet, not ebooks, so I'm not interested in having my device talk to Amazon's services.

Note that I don't have anything in particular against Amazon, but for the way I intend to use the Kindle, I don't need their services.

Most of the information contained here are not original findings but were collected from various sites, mainly the MobileRead Wiki. I tried referencing the sources whenever they were available, please let me know if I missed anything.

This is a summary of what I did. Some of it will be specific to my particular device (Kindle 4 NT with firmware 4.1.0), but some may not. I have only tried this on that kind of device.

Thanks a lot to Amazon for making the device and software reasonably sane and straightforward to modify, that was my main reason to buy it.

Installing external keys

This is commonly known as "jailbreak", but what it does is mostly just adding another public key to the ring used to allow to install firmware updates.

Written by NiLuJe and yifanlu, I found it quite clean and nicely done, and it does not touch Kindle's software in any significant way. It comes with full sources and is very well documented.

You can get it from the mobileread jailbreak article:

name: kindle-jailbreak-k4-1.5.N.zip
size: 83279
sha1: 7fbf0e7aaac4838b2d3a6696f43f6cbc36825ed5

Unzip-it, then the README file contains very good documentation and instructions. You can also find the source in the different directories.

A summary of what I did, for reference purposes (please read the README file and not follow this blindly):

USB networking

The next step is to install and enable USB networking. Some Kindles come with ssh already built in, and you can enable usb networking without any changes to the firmware. See the Kindle 4 NT Hacking article to find out. Mine was not, so I had to install something external.

There is a very nice package for that, which allows us to ssh into the device via an usb cable (among other things, but that's the only one I used).

Also published by user NiLuJe, it contains many useful utilities such as sshd, rsync, and mosh.

Installing

First, get the file from the mobileread custom hacks article:

name: kindle-usbnetwork-0.45.N.zip
size: 14520517
sha1sum: a0fa0241f5072b690e6b050b2df676c9e4146b68

Once we have downloaded and unzipped the file, copy the corresponding .bin file to your kindle, in my case:

cp update_usbnetwork_0.45.N_k4_install.bin /mnt/kindle/
umount /mnt/kindle

and then go to Menu > Settings > Menu > Update your Kindle to install it.

Using

Once the package has been installed, USB networking is disabled by default, so you can continue to use the USB cable to put files to it.

To enable, unplug your Kindle, go to the home page and press the keyboard key, then type:

;debugOn

and after that:

~usbNetwork

This will enable USB networking. Note it's not persistent across reboots. Now plug the Kindle and run:

sudo ip addr add dev usb0 192.168.2.1/24
sudo ip link set usb0 up

Now you can ssh as root, using any password:

ssh root@192.168.2.2

Custom screensavers

To use your own screensavers and be able to easily change them, run the following from the Kindle:

mkdir /mnt/base-us/screen_savers
mntroot rw
mv /opt/amazon/screen_saver/600x800/ /mnt/base-us/screen_savers/
ln -s /mnt/base-us/screen_savers/600x800/ /opt/amazon/screen_savers/
mntroot ro

Then, once you mount the Kindle normally (to put ebooks, etc.) you will see a new screen_savers/ directory, and you can put your own files there. They should be 600x800 greyscale PNGs.

After you change the files, you need to reboot the device for it to notice them.

Prevent the Kindle from "phoning home" to Amazon

To prevent the Kindle from talking to Amazon, we do a variety of things, although probably not all of them are needed. Just in case, nothing here alters the original software, these are all configuration changes:

# We're going to be making changes to the root partition, so remount rw.
mntroot rw

# Override /usr/bin/process_update, to prevent firmware updates.
mv /usr/bin/process_update /usr/bin/ex-process_update
chmod -x /usr/bin/ex-process_update
cat <<EOF > /usr/bin/process_update
#!/bin/sh

exit 0;
EOF

# Remove the firmware update keys just in case. This leaves the development
# keys that the jailbreak installs untouched.
mv /etc/uks/pubprodkey01.pem /etc/uks/ex-pubprodkey01
mv /etc/uks/pubprodkey02.pem /etc/uks/ex-pubprodkey02

# Remove the ca certificates, that most standard libraries and utilities
# use. This is overkill, we could just remove the top 4 which are
# Amazon-specific, but this is safer.
mv /etc/ssl/certs/ca-certificates.crt \
                       /etc/ssl/certs/ex-ca-certificates

# And some java-specific certs, including client-side ones.
mv /usr/java/lib/security/cacerts \
                       /usr/java/lib/security/ex-cacerts
mv /var/local/java/prefs/certs/ \
                       /var/local/java/prefs/ex-certs/
mkdir /var/local/java/prefs/certs/

# Should not be needed but can't hurt: change the ebook app configs to use
# other servers.
for i in /opt/amazon/ebook/config/*; do
      echo $i; sed -i "s/amazon.co/does-not-exist-amazon.co/g" $i; done

# Forbid outgoing UDP to high ports; this is not needed by any normal
# application, but it is used by one of Kindle's, with an
# unidentified (but non-trivial) payload. We send them to QUEUE because DROP
# causes the send() to fail and the application gets annoyed and retries,
# while QUEUE silently drops them.
sed -i '/UDP Handling/ a\
-A OUTPUT -o ppp0 -p udp -m udp --dport 30000:65535 -j QUEUE' /etc/sysconfig/iptables
sed -i '/UDP Handling/ a\
-A OUTPUT -o wlan0 -p udp -m udp --dport 30000:65535 -j QUEUE' /etc/sysconfig/iptables

cat /etc/sysconfig/iptables | iptables-restore

# Do not allow incoming tcp connections to port 40317 over ppp0.
sed -i '/40317/d' /etc/sysconfig/iptables

# We are done, move back to ro.
mntroot ro

Afterwards, reboot your Kindle.

Syncing with your own software

I wrote a small web-based utility, called urraka, to manage ebook files.

It exports the ebooks in a secret directory. To make the Kindle sync those ebooks every 15 minutes, you can copy the kindle/urraka-kindle-sync script to the Kindle and then add it to the crontab:

kindle# mkdir -p /mnt/us/urraka/
host# scp kindle/urraka-kindle-sync root@192.168.2.2:/mnt/us/urraka/

# Implement syncing on the kindle. Replace the url with your secret URL.
kindle# mntroot rw
kindle# echo "*/15 * * * * /mnt/us/urraka/urraka-kindle-sync SECRETURL" >> /etc/crontab/root
kindle# mntroot ro
kindle# /etc/init.d/cron restart

Note that you should replace SECRETURL with an URL pointing to your own installation of urraka and the secret corresponding to your user (should look like http://yourdomain/urraka/index.cgi/b/YOURSECRET/). See the urraka documentation for more details.

Note this approach doesn't have any security, and all content is sent unencrypted.