I wouldn't use my Kindle half as much if it weren't for KOReader [0]. Ironically enough for a dedicated reading device, Amazon's built-in reader app pales in comparison to this third-party tool. The killer feature for me is on-the-fly column splitting and text reflow, with the ability to flip to the original page view by tapping a corner -- this is critical for reading academic papers, which tend to be two-column PDFs. It also features contrast adjustment, more fonts, stylesheets, wireless syncing with Calibre, and support for many more file formats including ePub.
There's also a Gargoyle [1] port for interactive fiction on the go. It's less practical due to the input lag on the Kindle keyboard, but I still pull it out every now and again.
> - this is critical for reading academic papers, which tend to be two-column PDFs
Kindle's and PDFs goes together badly. This is common knowledge.
My solution is only using web-pages based formats like mobi or epub based books.
The rest... Let's say they don't get in my reading list.
Just like the web is nicer without flash, ebooks are just nicer without publishing formats like PDFs which natively can't support reflow or anything super basic required for easy reading.
> Just like the web is nicer without flash, ebooks are just nicer without publishing formats like PDFs.
Web is nice because of flash. The video tag in HTML5 happened only after successes of services like Youtube and Vimeo and hundreds of others after they set off on their paths with Macromedia flash. Stop fooling yourself with that kool-aid against flash in recent years.
It's dated for sure, but credit be given where credit is due.
People tend to forget what a blessing Flash was when it first arrived on the web, how horrible other plugins were, like the awful Java mess. Everytime a Java-applet tried to run, you could only pray it wouldn't crash your browser and take your whole system down. Or the terrible experience called RealPlayer!
Sure, Flash has a bad security reputation, for good reason, but it made the web more beautiful, interactive,fun and usable at the beginning of the new century. All you had to do was click on "Skip website intro".
I haven't forgotten. Even today, creating dynamic apps in flex using xml and actionscript is easier, more performant and saner than using HTML5. If only the flash player wasn't a minefield of bugs and security vulnerabilities. :(
I highly doubt Flash did anything to significantly change this. After images and audio, the web was screaming for video. If it weren't for flash, perhaps we'd instead have links that opened up native video players, or whatever, and we'd be better off for it.
In short: YouTube would have been a success even in the alternate universe where Flash never existed.
Steam engines were an amazing innovation as well. They brought countless improvements to society, and were a precursor to true internal combustion. However, no one relies on them in normal daily life anymore as there are much better alternatives. We can move on from a technology and still honor what it brought to the world.
I rarely use my Kindle specifically because of the PDF problem. This also means I'm quite the novice when it comes to the entire ecosystem. Is KOReader compatible with the slightly older Kindle 4? If not, how do you get to know those things?
I did some playing with a Kindle 3 a few years back --- I was writing programs that integrated into the native UI. I built an app which was a Javascript interpreter bolted onto a VT52 terminal emulator. You could type in programs and run them! Using the K3's fiddly little keyboard! Um, awesome. http://cowlark.com/kindle/javascript.html
This was on the 3.1 firmware, so it's likely all completely obsolete on modern devices.
...the 3.1 firmware was terrible. It was all Java based, but Java 1.4. No generics! No autoboxing! No foreach! People forget just how awful early versions of Java were in comparison to what we have today. I ended up building a toolchain using RetroWeaver to convert modern Java bytecode into something that would run on the Kindle.
Also, the firmware was based on the Personal Basis Profile 1.1. Think back, way into the past, before there were smartphones and Android and iOS... back to the heyday of the downloadable Java applet for your T9-based phone. Yup, that. Kindle apps were midlets, and anyone who remembers writing programs for midlets will be shuddering by now.
And it gets worse! The Kindle ran the entire UI, third-party applications included, in a single Java VM. It was as fragile as hell, and it tended to silt up with un-garbagecollectable data until it crashed and rebooted. If you left a thread running on application exit, it would crash and reboot. If your app hung you had to power cycle the device. I believe that the reason why Amazon never really opened up the Kindle to large-scale third party apps was mainly embarrassment.
I was an intern on a team that did some Kindle work in 2010 and the Java limitations at that time were definitely a very real annoyance for internal code: they didn't do anything like you are describing for Java bytecode conversion for 1p development to make it less annoying. The issue was maybe even deeper than you noticed, core parts of the API like String.substring() weren't implemented and would just throw a runtime exception.
People forget just how awful early versions of Java were in comparison to what we have today.
Old school Smalltalkers don't. Especially when the CEO of the major Smalltalk vendor at the time decided to try and turn the company into a Java company. (This basically resulted in revolt and implosion of the company.)
I like to be able to read books in other formats (FB2 is a prime example) and use custom readers (e.g., I like coolreader for its configurability). I think neither is an option with Kindle, so I use a rooted Nook.
However, I like Kindle hardware a bit more, so I would probably switch if it can be unstuck from using the Amazon default software choices.
I've jailbroken mine to have custom covers. Instead of famous dead American authors I've never read, I have famous dead physicists whom I've actually read and whom I admire.
I'd love to do this using "pulp" science fiction book covers. I assumed that there was already a tutorial for this, but my Google-fu is weak. Did you use a guide or just DIY? What size/resolution image does the Kindle expect? Is there a filename format or a directory structure to use?
Image format is grayscale 800x600 (bigger for Kindle DX) png or jpg. For best quality I recommend fiddling a bit with the color to grayscale work in Gimp or Photoshop, especially if the image has large areas with soft gradients. IIRC, running a selective Gaussian blur after grayscaling, and/or working the curves tool a bit before grayscaling, will improve problematic images quite a bit. Early models had only 4 grayscales, now they have 16. "Posterize" to 4 or 16 colors after grayscale in Gimp will give you a good idea of how the end result looks.
Some people add their contact details to the screensaver images, so if you lose your kindle your contact details are the first thing someone who finds it will see.
Maybe a better hack would be to disable screensavers since they serve no purpose on an e-paper display and actually cost battery to switch from text -> screensaver -> text.
The better behavior would be to not flip the screen at all and keep it static, using no battery.
As mentioned, I think the most popular use is for custom covers. Recent firmware versions show that Amazon might be slowly working towards this as a feature.
As the guy who wrote this, I don't use any of the addons. Just did it for fun.
Well, the kindle runs essentially Linux so by jailbreaking it you gain the ability to launch arbitrary code! Eg alternate pdf readers, games, ssh, vim and a lot more which can be very useful (especially the off reader KOreader)!
check out mobilereads forums if you want to know more about that, it's a vibrant community.
What I'd like to see is someone get xterm in Tektronix 4014 emulation mode with $EDITOR to run on the Kindle Keyboard. Because e-ink screens are exactly like the old Tektronix vector displays, in that adding a character/line/dot to the screen is much faster than repainting the whole screen. Should make for a much more useable experience.
You can left-justify text, just like in actual books. That alone is reason enough to jailbreak, it baffles me why amazon are so tone-deaf regarding this.
Nice. I wonder if you could do away with the laptop altogether, and just use your phone with the Kindle, maybe with a bluetooth keyboard for the kindle (for some light work on a beach).
Or if there are any other e-ink tablets that run a full linux (cli) or Android?
There are eink readers that are easier to hack, like the Kobo, but they're all limited in that they're e-readers and have the minimal processing power to match. The only full on eink tablet I know of is this one[0] which technically doesn't exist yet. It's fully funded, though, so I'm excited to see if it actually ships.
That's a limitation of e-ink that has yet to be explored. The Dasung paperlike[0] is a usb driven eink screen. From what I've seen of it so far, the refresh rate is on par with other usb-driven monitors I've used. It's about good enough for editing text, but anything more gets old fast. I wonder how fast that monitor could be pushed if used displayport instead of USB.
I've been tempted to buy an eink dev kit and see how fast I can push the refresh rate without consideration for battery life. Alas, I can't justify the cost. Oh, and I've never done embedded programming or driver development before. I suspect that might be an issue. :D
Using vim in 'noredraw' mode you don't need high refresh rate, 9600 baud is fine.
Well, I'd say even more - these days when usual attention span is like, I don't know, 5 seconds? having a device which is restrictive in this regard, might be a very positive experience.
> having a device which is restrictive in this regard, might be a very positive experience.
It's funny you should say that. A guy I know hired some programmers to come up with custom software for a hacked Boox. It was a universal inbox for twitter, reddit, facebook and email conversations. The idea was that it purposely forced him to focus on only one thing at a time to increase his attention span and reduce the "instant thrill" of web browsing.
He has this entire theory of 'low reward lifestyle' I find intriguing.
Then again, he didn't try to do any programming on it. I'm a big fan of keeping the write -> compile loop as small as possible.
Well, write-compile loop depends on language and what you do. Of course it would be horrible experience to e.g. hack some mostly undocumented record format in Lisp REPL into ad-hoc parser routine on the screen with 1Hz refresh rate.
But we may find some activities almost opposite to that example. Like, write a code (in literate programming style preferably) of some sophisticated algorithm, well-thought before, especially in language that doesn't support REPL-style well - e.g. C, where you know the tests wouldn't help you much and accuracy (and focus) is a king.
And we don't have a need to strictly oppose those both activities to each other actually. Playing with REPL at home, done this part of work ('the quick part'), then take an eInk and go out to the park to slow down and think about that part ('the slow and focused part') - that sounds good for me.
The 'universal conversation app' is would be great to have on its own merit.
I can tell you what I'd like to do with my Kindle, that's absolutely worth jailbreaking it.
I use it for my own .mobi files from a variety of sources, including books I wrote myself. I purchased mine and paid to have no advertising on it.
I would roll back to the previous operating system, which did not have advertisements on the homescreen and did not make me navigate two levels deep just to get past subfolders and a 'downloaded' option hiding my own books from me by default, and I would remove its ability to update itself or do anything via wi-fi.
I would just connect it via USB for all file management, and that would be perfect for me.
Needless to say, I'm really frustrated with the 'update' I never asked for OR installed, which has screwed up these things. I am very, very interested in what can be done with this jailbreaking. All the more as I don't wish ever to purchase a book through Amazon again, if this is the direction they're going. And they are, they obviously are.
One nifty trick that I found few people know about, is that you can upload your own .mobi books into the Kindle cloud. Just use the email that they provide to upload PDFs and the like.
Once the books are there, they show in your cloud collection and are available for download, same as Amazon-purchased books. Better yet, you will also get cloud sync across devices for current location, bookmarks etc - probably the most enticing reason to go down this route.
(Not sure if this is helpful to you, if you really prefer to manage files directly via USB. But might be helpful to someone else.)
The first thing I did was to turn off the wifi on my kindle, so I don't have to deal with upgrades or ads. And somehow I can add my own .mobi file to my kindle via usb. I added pdfs I converted to .mobi that way (with some software I found through a google search).
I turned mine into a little status display, showing today's weather (and a few other geeky things, but that's the main one). The combination of very low power usage and readable e-Ink display is great. Also older models are very cheap -- mine was £50 including delivery.
You can find tutorials for doing this all over the place, eg https://www.youtube.com/watch?v=Oel08SDFyIY (not the particular one I used, but he's done a very similar job to mine).
Afaict, it's entirely a technical writeup about how to jailbreak. From the intro: "This document details the steps and thought processes I went through when developing the jailbreak. Ideally this will be a useful map or starting point for anyone looking at the system in the future".
I didn't find any information aimed at users of the Kindle about why they'd want to jailbreak.
I assume gp was talking about the 7th paragraph mentioning "whys" such as epub, fonts, screensavers:
>The mobileread community has done a great job developing extended functionality of the readers. Some of the more popular packages involve an open-source alternative reader with ePub support, a plugin to change fonts, and another addon to enable custom screensaver images.
Not related to this hack, but I did see a post from a guy once that hacked his girlfriend's kindle so the screen saver showed the cover of "Mein Kampf" as a prank.
I was thinking the same thing... I can only think of "bragging rights" or a learning experience.
Although I think this is what makes the (internet) world awesome at the moment. The author sounds like they were mucking around to see how far they could get. Put some thoughts down for others to read and who knows?
Whenever we're recruiting, we always look for interesting things a candidate has done. Something like this will easily get you a first interview...
On stock (and jailbroken) Kindles you can send PDFs or MOBIs to username@kindle.com and have them auto-downloaded to your Kindle. Many people use Calibre[1] (FOSS, win/mac/linux) to sync/manage their ebook collection using this feature. You could easily couple it with Dropbox.
You can also use Calibre to have newspapers/magazines sent to your Kindle every morning. There's tons of recipes for scraping BBC, NYTimes, WaPo or $local_paper, rendering with custom CSS to get readable ad-free version, converting to MOBI and sending to Kindle. There has even been SaaS offerings running hosted Calibre cronjobs with user-provided recipes. Not sure if any still exist.
> On stock (and jailbroken) Kindles you can send PDFs or MOBIs to username@kindle.com and have them auto-downloaded to your Kindle.
That's no good for me because I tend to do a lot of random edits of my epub collection to fix editing errors, replace cover images with better ones, etc. The reason I want Dropbox is to automatically propagate changes like that, not just to transfer files over.
Upstream comment recommends running KOreader on jailbroken Kindle for (amongst other things) syncing with Calibre. I'm assuming this is two-way sync, but I don't know.
Not sure if you are the author or just sharing. If you authored this I would highly recommend mentioning which "kindle" this is applicable to as the first topic. There are multiple generations of kindle e-readers and kindle tablets. It's not readily apparent up front as to which this is applicable to.
Just to clarify: this is referring to the e-ink Kindles, not the Kindle Fire Android tablets. The post could definitely be clearer.
All the e-ink Kindles have basically the same architecture and run basically the same firmware, so the exploit should run on any device with that model of firmware.
The first paragraph says "This is a write-up on the development of the Kindle 5.6.5 Webkit based jailbreak released in February 2016. At the time, the jailbreak opened up every Kindle with a 5.6.5 firmware release."
I read this. Which meant nothing to me. Kindle e-reader? Do all e-readers have the same OS?
Granted I may not be the target audience. Presumably some one looking to jailbreak their e-reader may have recognized this right off the bat. As someone who recently purchased a cheap kindle fire tablet, and was interested in the possibility of jail breaking, I was confused.
Edit: great post though! I researched previously in jail breaking kindle e-readers with not so much luck. Ever since I saw AWS use them as displays for snowball devices I started to see potential for other uses. Will have to try this out.
Since this targets vulnerability system, providing system version is more valuable than what model of kindle readers are vulnerable. Especially that Amazon either already patched this or surely will do it very soon.
Given that it said "every Kindle with a 5.6.5" I would assume that most likely it was every kindle at the time the exploit was written.
Correct. At the time, this worked on the Paperwhite 2, 3, Voyage, and Touch. Forgot which version of the touch, they update that one a lot. I'll try to clarify that a bit better when I get some time.
While this exploit is obviously closed, Kindles can still be jailbroken via a new method. See the mobileread forums.
The more I see writeups like this, the more I wonder if the effort being laid out by the people doing the work is compensated appropriately.
I'm not sure what Amazon pays for identifying a security flaw, but I imagine it's somewhere between $5 and $15k.
Having success monthly might yield reasonable compensation, but companies only pay when a flaw is identified, which means you don't get paid for your work, you get paid for your successful work. And you don't get to define what is successful, nor is there usually a clear definition of what successful actually means.
I understand that many people do this to get a job in security / security research, but it just seems like the effort-to-payoff ratio still favors people using their found exploits for evil dramatically.
There really should be a different pricing model around security exploits - one that encourages responsible disclosure more heavily.
I don't believe Amazon officially pays for security flaws. They ended up sending me a free Kindle (pretty funny) and got an interview out of it. That didn't end up going anywhere, but I got a heck of a lot further than the black hole that is most job application processes these days. Seemed like a fair trade considering the market for Kindle 0days is somewhere near $0.
It's a neat project to talk about during interviews. Nothing more.
How do you get the background to pursue this sort of thing?
I've programmed and used Linux for a little while and I've done some simple things in assembly language (although not in much depth), but all the technical things past the CVE-2013-2842 section are impenetrable to me.
Started out cracking software on embedded systems a long time ago. That led to an understanding of ASM and reverse engineering. Going from there to exploitation isn't a giant leap.
There's quite a few books on the subject. Hacking: The Art of Exploitation is a decent hello world introduction to the subject. Reading CTF practice problem writeups and then trying easier ones yourself are also good experiences.
For REing, http://crackmes.de is a blast. The entry level challenges should be easy to grasp after reading a few tutorials. Would recommend running everything in a Windows VM. ;)
I was recently researching ebook readers and found Kobo devices way better than Kindle (and cheaper too). Especially for somebody who is a power user of devices. Without getting into specifities, I found that in general Kobo is more open.
"For the fix, Amazon did quite a few things. They sandboxed the browser, fixed the permissions issue, removed fc-cache.sh, and most likely patched Webkit. Webkit still crashes when executing the PoC. Unsure if that's because of the process running out of memory or some other issue."
There's also a Gargoyle [1] port for interactive fiction on the go. It's less practical due to the input lag on the Kindle keyboard, but I still pull it out every now and again.
[0] https://github.com/koreader/koreader
[1] http://www.fabiszewski.net/kindle-gargoyle/