Kindle Touch Gets World’s Simplest JailBreak (And It Runs HTML5)

click to enlarge

What would you think if I told you that jailbreaking the Kindle Touch/K5 was as easy as playing an mp3 file? I hope you're sitting down, because it really is that simple.

A hacker by the name of Yifan Lu has just posted a jailbreak for the K5/Kindle Touch, and I just used it on my K5.

Update: A reader commented that he was confused by my calling the Kindle Touch the K5. I use this term because the Kindle Touch is running Kindle OS5, while the other new Kindle is running Kindle OS4.  That makes the Kindle Touch the fifth generation Kindle, aka K5.

How T0

I'm covering this first because it's easy.

  1. Download this zip file.
  2. Copy the mp3 over to the music folder on your K5.
  3. Play the mp3 (from the experimental menu).

If you see the screenshot at right then congratulations. You now have a hacked Kindle Touch.

The Technical Explanation

clic to enlarge

I told you earlier this week that the K5 (Kindle Touch) was based on a completely different code base from previous Kindles, and that turns out to be more true than I realized.

Yifan  discovered that the software running on the Kindle Touch is written mostly in HTML5 and JavaScript, not the Java that all the other Kindles use.  In fact, the menus can be thought of as webpages in disguise. Pretty cool, huh? I think so, because this means that it won't take long for hackers to release custom menus and spice things up.

That HTML5 base is also the security hole that Yifan exploited. He assembled an mp3 with his hack buried in the ID3 tags. The Kindle displays the tag info while playing the mp3, and it will also execute the code in the tag.

This hack is quite simple. All it does is install a key to root the K5 and allow you to install other hacks. It's really just for developers at this point.

The Future

I've now hacked my K5, but that doesn't mean much at the moment.

Yifan reports that none of the existing hacks for previous Kindles will work on the K5. He also didn't add any amazing new features with his hack; he just wanted to show that it could be done and thus open the door so everyone else could get started. We're going to have to wait a while for new hacks.

On the upside, the K5 is written in HTML5 and its Java code is not disguised. It shouldn't be too hard for just about anyone to release a hack that adds a new feature. I myself am hoping we'll see an Epub reader.  I'm also looking forward to HTML5 sketchpad apps.

In any case, I'm glad I kept my K5. It's going to get a whole lot more useful in the near future.

via Yifan Lu

For more ebook news, subscribe to the RSS feed or the daily email newsletter. You can also follow me on Twitter: @thDigitalReader or find me on FaceBook.

40 thoughts on “Kindle Touch Gets World’s Simplest JailBreak (And It Runs HTML5)

      1. Yes, HTML5, JavaScript, and CSS. Aside from things like games, that require native code. But most everything else is HTML5/JScript/CSS. That was the big selling point to devs at the original webOS intro.

        So… is KTouch still Linux at the core? Is the Kindle “app” running in WebKit?

        1. While both the Kindle OS and webOS are based on Linux, the Kindle does not run webOS.

          Also, webOS applications are no more “written in HTML and JavaScript” than any other OS’. It comes with a browser, but so does every other OS these days. webOS has its own native executable format and can also run some applications compiled for Palm devices (through a built-in emulator).

          1. >>>the Kindle does not run webOS.

            Where the hell did anyone WRITE that? So intent on showing how “smart” you are, you come off dumb.

            And do you really know ANYTHING about webOS?

    1. The Kindle Touch is the 5th generation Kindle. It’s running Kindle OS5, while the trimmed down basic Kindle (that was launched the same day) is running Kindle OS4. They are clearly not the same generation, even though they were launched the same day.

      1. I see a problem in your answer. Kindle Fire runs fw 6.xx, so it would be considered as a K6? Then the future Kindle should be called K7?!? And if new tablets appears with 8.xx or 9.xx firmware?!

        That´s the reason because Amazon just calls its new model like Kindle without numbers. Sorry, it’s only my point of view.

        1. I wouldn’t include the Kindle Fire in the numbering system any more than i would include the Kindle DX.

          And the Kindle Fire runs Android 2.3 Gingerbread, not the Kindle OS. It’s an Android tablet running Amazon apps, not a Kindle.

  1. “Yifan discovered that the Kindle Touch is written mostly in HTML5 and JavaScript” Huh? The reader ITSELF is an app? This means it doesn’t really exist?

    Oh, you mean the **OS** on the Kindle Touch is a web app. I get it!

    1. The OS is *not* a web app,but the *reader* app that runs on the OS very likely is. Probably a close relative of the Kindle Cloud reader.

  2. The fact that you can jailbreak it so easily is interesting.

    What is much, *much* more interesting is fact that the new Kindle is unbelievably insecure. If somebody asked me yesterday I would have claimed that just playing an mp3 from an unknown source is extremely unlikely to damage the device. Any device.

    One has to wonder, what else can carry malicious payload?
    Can e-book metadata carry an instruction for the library window to execute any arbitrary command on device as root?

    Scary. EXTREMELY scary.

    1. 1- It’s been pretty clear that the K5 is a rushed product.
      2- The exploit sounds like it uses a buffer overflow exploit, which have been found (and continue to show up) everywhere. Everybody looks for them, most still miss them.
      3- Expect a fix any moment now.
      4- It takes a specially crafted mp3.
      5- You *do* know where your mp3s come from, right? You rip’em yourself or buy from reputable sources, right? Then you’re safe.
      6- Just use it to read. 😉

      Again, expect a fix real soon.

      1. Frankly, I don’t want any fast fix for this. Let’s see what can be done with it first. Ibis Reader is an HTML5 web app that reads ePub. Could it be an app on the KTouch and give it DRM-free ePub?

        1. The problem is: if it is a Buffer Overrun, it will be trivially easy to fix. So anybody looking to exploit the bug had better hurry.

  3. Hi, can anyone please tell me what happens after the root?
    Will the kindle lose any autoupdate of the firmware?
    Will it be more prone to security problems?

    thanks, and compliments to the original poster – jailbreaker

  4. USB network was quite limiting, so I just did this to get SSH working over Wifi.

    iptables -A INPUT -p tcp –dport 80 -j ACCEPT

  5. Help! I downloaded the mp3 file, it went to the screensaver and back to the menu but never did that reset like in the movie? what other files do i need to put in?

  6. The 4th generation of Kindles include the Kindle4, Kindle Touch and Kindle Fire, according to Amazon’s own terminology and press releases. I see your point that the Kindle Touch seems sort of more advanced than a Kindle4 but that doesn’t make it a 5th generation Kindle. You’re confusing this corner of the internets, I think you should stop!

    1. The Kindle Touch’s own specs show it is running KindleOS 5. And the Kindle Fire is not a Kindle. It is functionally an Android tablet that runs a unique version of the Kindel app.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>