Hi there.
Finally got it working.
As you may (or may not) ; loading software on the Kindle 2 International didn't work.
Using ;debugOn and ;dumpMessages ; I looked at what was going on:
The difference with earlier Kindle is that now each file in the package must be signed.
The signature is then checked against the RSA key installed in the ROM.
Unfortunately, there's no way to bypass that check .
So what we first do is install an extra RSA key in the device.
that's what the update file update_freekindle.bin is for.
update_freekindle.bin uses a "feature" (some would call it a flaw) of the tar compressor. Kindle binary package are just gzipped tar files slightly encrypted as discovered by Igor Skochinsky. When extracting the content of the update, the Kindle simply call tar on it.
Tar follows simlinks ; and we use this to write where we're not supposed to.
Copy the file update_freekindle.bin on the Kindle USB disk ; then:
go to HOME
MENU -> Settings
MENU -> Update Your Kindle
DO NOT SELECT RESTART, or you will brick your Kindle (though there's a way to get out of that infinite reboot)
That update will fail ! (Error 004). This is normal.
What this package does is add our key to the list of keys available. So next time the Kindle will check the signatures of the files we are installing, the verification process will succeed.
You only have to do this once...
In the future, installing packages will be just like with previous version of the Kindle.
Attached is the new Kindle packager kindle_update_tool.py. It has one extra flag for generating Kindle 2 International packages: -k2i. When creating an update file for the Kindle 2 International, now it will create the appropriate signatures.
Important points:
OpenSSL must be installed ; and the openssl binary must be in your path (This is the default on Linux or MacOS).
The file freekindle.pem is the RSA key used to sign and check the validity of the packages. Do not modify it. The file must be present in your current directory, along with the kindle_update_tool.py file.
(That's until I find a way to generate all the internal signature files within python rather than calling openssl directly.)
For safety purposes, here is the MD5 checksum of the keys, and of the package installing the keys:
MD5 (freekindle.pem) = ce9584e222f0f910d15b7b20bbaa6a34
MD5 (update_freekindle-k2i.bin) = f1da587b3f4b7feafbc2785f0b022620
Only packages signed with the freekindle.pem RSA key will work with the update_freekindle-k2i package.
If you look at this site:
http://www.avenard.org/kindle2/
You'll see some programs I've repackaged for the Kindle 2 International:
-usbnetwork tool, compiled for Kindle 2, Kindle DX and Kindle International... The source code also shows how to easily make such packages. This tool let you connect to your kindle via telnet or ssh, as well as tether the PC internet connection from the Kindle (check my previous blog entry to know more)
-The screen saver hack ; replace the default screen saver images with your own.
-Savory ; a program allowing you to read PDF file natively on your Kindle (make sure you read the author web page: http://blog.fsck.com/2009/04/savory.html)
Hope you like it, that was exciting !
Finally got it working.
As you may (or may not) ; loading software on the Kindle 2 International didn't work.
Using ;debugOn and ;dumpMessages ; I looked at what was going on:
091024:105149 EXT3 FS on mmcblk0p1, internal journal
091024:105150 system: I _otaupexec:def:processing update /mnt/us/update_test-k2i.bin
091024:105150 system: I _otaupexec:def:version is "FC02"
091024:105150 system: I _otaupexec:def:update image checksum OK
091024:105150 system: E _otaupexec:def:signature does not exist for "install.sh"
091024:105150 system: E _otaupexec:def:signature verification failed
The difference with earlier Kindle is that now each file in the package must be signed.
The signature is then checked against the RSA key installed in the ROM.
Unfortunately, there's no way to bypass that check .
So what we first do is install an extra RSA key in the device.
that's what the update file update_freekindle.bin is for.
update_freekindle.bin uses a "feature" (some would call it a flaw) of the tar compressor. Kindle binary package are just gzipped tar files slightly encrypted as discovered by Igor Skochinsky. When extracting the content of the update, the Kindle simply call tar on it.
Tar follows simlinks ; and we use this to write where we're not supposed to.
Copy the file update_freekindle.bin on the Kindle USB disk ; then:
go to HOME
MENU -> Settings
MENU -> Update Your Kindle
DO NOT SELECT RESTART, or you will brick your Kindle (though there's a way to get out of that infinite reboot)
That update will fail ! (Error 004). This is normal.
What this package does is add our key to the list of keys available. So next time the Kindle will check the signatures of the files we are installing, the verification process will succeed.
You only have to do this once...
In the future, installing packages will be just like with previous version of the Kindle.
Attached is the new Kindle packager kindle_update_tool.py. It has one extra flag for generating Kindle 2 International packages: -k2i. When creating an update file for the Kindle 2 International, now it will create the appropriate signatures.
Important points:
OpenSSL must be installed ; and the openssl binary must be in your path (This is the default on Linux or MacOS).
The file freekindle.pem is the RSA key used to sign and check the validity of the packages. Do not modify it. The file must be present in your current directory, along with the kindle_update_tool.py file.
(That's until I find a way to generate all the internal signature files within python rather than calling openssl directly.)
For safety purposes, here is the MD5 checksum of the keys, and of the package installing the keys:
MD5 (freekindle.pem) = ce9584e222f0f910d15b7b20bbaa6a34
MD5 (update_freekindle-k2i.bin) = f1da587b3f4b7feafbc2785f0b022620
Only packages signed with the freekindle.pem RSA key will work with the update_freekindle-k2i package.
If you look at this site:
http://www.avenard.org/kindle2/
You'll see some programs I've repackaged for the Kindle 2 International:
-usbnetwork tool, compiled for Kindle 2, Kindle DX and Kindle International... The source code also shows how to easily make such packages. This tool let you connect to your kindle via telnet or ssh, as well as tether the PC internet connection from the Kindle (check my previous blog entry to know more)
-The screen saver hack ; replace the default screen saver images with your own.
-Savory ; a program allowing you to read PDF file natively on your Kindle (make sure you read the author web page: http://blog.fsck.com/2009/04/savory.html)
Hope you like it, that was exciting !
This comment has been removed by the author.
ReplyDeleteThis comment has been removed by the author.
ReplyDelete