News Ticker

Kindle Touch Gets World’s Simplest JailBreak (And It Runs HTML5)

click to enlarge

What would you think if I told you that jailbreaking the Kindle Touch/K5 was as easy as playing an mp3 file? I hope you're sitting down, because it really is that simple. A hacker by the name of Yifan Lu has just posted a jailbreak for the K5/Kindle Touch, and I just used it on my K5. Update: A reader commented that he was confused by my calling the Kindle Touch the K5. I use this term because the Kindle Touch is running Kindle OS5, while the other new Kindle is running Kindle OS4.  That makes the Kindle Touch the fifth generation Kindle, aka K5.

How T0

I'm covering this first because it's easy.

  1. Download this zip file.
  2. Copy the mp3 over to the music folder on your K5.
  3. Play the mp3 (from the experimental menu).

If you see the screenshot at right then congratulations. You now have a hacked Kindle Touch.

The Technical Explanation

clic to enlarge

I told you earlier this week that the K5 (Kindle Touch) was based on a completely different code base from previous Kindles, and that turns out to be more true than I realized.

Yifan  discovered that the software running on the Kindle Touch is written mostly in HTML5 and JavaScript, not the Java that all the other Kindles use.  In fact, the menus can be thought of as webpages in disguise. Pretty cool, huh? I think so, because this means that it won't take long for hackers to release custom menus and spice things up.

That HTML5 base is also the security hole that Yifan exploited. He assembled an mp3 with his hack buried in the ID3 tags. The Kindle displays the tag info while playing the mp3, and it will also execute the code in the tag.

This hack is quite simple. All it does is install a key to root the K5 and allow you to install other hacks. It's really just for developers at this point.

The Future

I've now hacked my K5, but that doesn't mean much at the moment.

Yifan reports that none of the existing hacks for previous Kindles will work on the K5. He also didn't add any amazing new features with his hack; he just wanted to show that it could be done and thus open the door so everyone else could get started. We're going to have to wait a while for new hacks.

On the upside, the K5 is written in HTML5 and its Java code is not disguised. It shouldn't be too hard for just about anyone to release a hack that adds a new feature. I myself am hoping we'll see an Epub reader.  I'm also looking forward to HTML5 sketchpad apps.

In any case, I'm glad I kept my K5. It's going to get a whole lot more useful in the near future.

via Yifan Lu

For more ebook news, subscribe to the RSS feed or the daily email newsletter. You can also follow me on Twitter: @thDigitalReader or find me on FaceBook.

About Nate Hoffelder (11131 Articles)
Nate Hoffelder is the founder and editor of The Digital Reader: "I've been into reading ebooks since forever, but I only got my first ereader in July 2007. Everything quickly spiraled out of control from there. Before I started this blog in January 2010 I covered ebooks, ebook readers, and digital publishing for about 2 years as a part of MobileRead Forums. It's a great community, and being a member is a joy. But I thought I could make something out of how I covered the news for MobileRead, so I started this blog."

34 Comments on Kindle Touch Gets World’s Simplest JailBreak (And It Runs HTML5)

  1. Cool! Now, I have to get a Kindle Touch!



  2. >>>the K5 is written in HTML5 and its Java code is not disguised

    So wait. The KTouch is just a big webOS app?!!?

  3. It’s a big web app, yes. Wait, are webOS apps mainly written in HTML5? I didn’t know that.

  4. Yes, HTML5, JavaScript, and CSS. Aside from things like games, that require native code. But most everything else is HTML5/JScript/CSS. That was the big selling point to devs at the original webOS intro.

    So… is KTouch still Linux at the core? Is the Kindle “app” running in WebKit?

  5. Where have you heard of K5? There is no such thing as Kindle 5th generation, the 4th generation is the latest. It might be the case that speaking about html5 confuses people and they put a 5 at the end of everything …


  6. The Kindle Touch is the 5th generation Kindle. It’s running Kindle OS5, while the trimmed down basic Kindle (that was launched the same day) is running Kindle OS4. They are clearly not the same generation, even though they were launched the same day.

  7. At first sight it looks like a simple MP3 file could infect my Kindle device with viruses (or jailbreaks ;)).

  8. While both the Kindle OS and webOS are based on Linux, the Kindle does not run webOS.

    Also, webOS applications are no more “written in HTML and JavaScript” than any other OS’. It comes with a browser, but so does every other OS these days. webOS has its own native executable format and can also run some applications compiled for Palm devices (through a built-in emulator).

  9. And thanks for pointing out the Wikipedia article. I corrected it.

  10. “Yifan discovered that the Kindle Touch is written mostly in HTML5 and JavaScript” Huh? The reader ITSELF is an app? This means it doesn’t really exist?

    Oh, you mean the **OS** on the Kindle Touch is a web app. I get it!

  11. Dude from Slovakia // 10 December, 2011 at 9:21 pm //

    The fact that you can jailbreak it so easily is interesting.

    What is much, *much* more interesting is fact that the new Kindle is unbelievably insecure. If somebody asked me yesterday I would have claimed that just playing an mp3 from an unknown source is extremely unlikely to damage the device. Any device.

    One has to wonder, what else can carry malicious payload?
    Can e-book metadata carry an instruction for the library window to execute any arbitrary command on device as root?

    Scary. EXTREMELY scary.

  12. The OS is *not* a web app,but the *reader* app that runs on the OS very likely is. Probably a close relative of the Kindle Cloud reader.

  13. 1- It’s been pretty clear that the K5 is a rushed product.
    2- The exploit sounds like it uses a buffer overflow exploit, which have been found (and continue to show up) everywhere. Everybody looks for them, most still miss them.
    3- Expect a fix any moment now.
    4- It takes a specially crafted mp3.
    5- You *do* know where your mp3s come from, right? You rip’em yourself or buy from reputable sources, right? Then you’re safe.
    6- Just use it to read. 😉

    Again, expect a fix real soon.

  14. >>>the Kindle does not run webOS.

    Where the hell did anyone WRITE that? So intent on showing how “smart” you are, you come off dumb.

    And do you really know ANYTHING about webOS?

  15. >>>And thanks for pointing out the Wikipedia article. I corrected it.


  16. Frankly, I don’t want any fast fix for this. Let’s see what can be done with it first. Ibis Reader is an HTML5 web app that reads ePub. Could it be an app on the KTouch and give it DRM-free ePub?

  17. I see a problem in your answer. Kindle Fire runs fw 6.xx, so it would be considered as a K6? Then the future Kindle should be called K7?!? And if new tablets appears with 8.xx or 9.xx firmware?!

    That´s the reason because Amazon just calls its new model like Kindle without numbers. Sorry, it’s only my point of view.

  18. I wouldn’t include the Kindle Fire in the numbering system any more than i would include the Kindle DX.

    And the Kindle Fire runs Android 2.3 Gingerbread, not the Kindle OS. It’s an Android tablet running Amazon apps, not a Kindle.

  19. The problem is: if it is a Buffer Overrun, it will be trivially easy to fix. So anybody looking to exploit the bug had better hurry.

  20. Did you drop your K5?
    I can see two areas with burst capsules, mid-right.

  21. Nope. I didn’t drop it. When I’m not using them they stay in their boxes.

    Thanks for pointing that out; I was wondering what the marks were from.

  22. Yes, KF runs Android 2.3 but the device has its own software. In this case called 6.xx

  23. Very funny :-)))))

  24. Hi, can anyone please tell me what happens after the root?
    Will the kindle lose any autoupdate of the firmware?
    Will it be more prone to security problems?

    thanks, and compliments to the original poster – jailbreaker

  25. There should be no side effects. It does not modify any system files, just adds a new one.

  26. USB network was quite limiting, so I just did this to get SSH working over Wifi.

    iptables -A INPUT -p tcp –dport 80 -j ACCEPT

  27. Help! I downloaded the mp3 file, it went to the screensaver and back to the menu but never did that reset like in the movie? what other files do i need to put in?

  28. Help! I downloaded the file, but when I try to click on the “Press to Jailbreak” button, it doesn’t do anything…

  29. i dont know how to download the file

  30. will this A. warranty or B. screw anything up?

1 2

6 Trackbacks & Pingbacks

  1. Kindle Touch is jailbroken, can run custom code - Liliputing
  2. How to Jailbreak Your Kindle Touch for Future Customization | Techland |
  3. Cómo hacer el jailbreak al Kindle Touch con sólo reproducir un archivo MP3 |
  4. Kindle Touch: Hacen jailbreak por medio de un archivo MP3
  5. Better Business Bureau Thinks an Ebook Could Steal Your CC Info - The Digital Reader
  6. Under Fire, Amazon Says Kindle Fire Is Getting An Update Within Two Weeks — paidContent

Leave a comment

Your email address will not be published.