Kindle Touch Gets World’s Simplest JailBreak (And It Runs HTML5)

click to enlarge

What would you think if I told you that jailbreaking the Kindle Touch/K5 was as easy as playing an mp3 file? I hope you're sitting down, because it really is that simple. A hacker by the name of Yifan Lu has just posted a jailbreak for the K5/Kindle Touch, and I just used it on my K5. Update: A reader commented that he was confused by my calling the Kindle Touch the K5. I use this term because the Kindle Touch is running Kindle OS5, while the other new Kindle is running Kindle OS4.  That makes the Kindle Touch the fifth generation Kindle, aka K5.

How T0

I'm covering this first because it's easy.

  1. Download this zip file.
  2. Copy the mp3 over to the music folder on your K5.
  3. Play the mp3 (from the experimental menu).

If you see the screenshot at right then congratulations. You now have a hacked Kindle Touch.

The Technical Explanation

clic to enlarge

I told you earlier this week that the K5 (Kindle Touch) was based on a completely different code base from previous Kindles, and that turns out to be more true than I realized.

Yifan  discovered that the software running on the Kindle Touch is written mostly in HTML5 and JavaScript, not the Java that all the other Kindles use.  In fact, the menus can be thought of as webpages in disguise. Pretty cool, huh? I think so, because this means that it won't take long for hackers to release custom menus and spice things up.

That HTML5 base is also the security hole that Yifan exploited. He assembled an mp3 with his hack buried in the ID3 tags. The Kindle displays the tag info while playing the mp3, and it will also execute the code in the tag.

This hack is quite simple. All it does is install a key to root the K5 and allow you to install other hacks. It's really just for developers at this point.

The Future

I've now hacked my K5, but that doesn't mean much at the moment.

Yifan reports that none of the existing hacks for previous Kindles will work on the K5. He also didn't add any amazing new features with his hack; he just wanted to show that it could be done and thus open the door so everyone else could get started. We're going to have to wait a while for new hacks.

On the upside, the K5 is written in HTML5 and its Java code is not disguised. It shouldn't be too hard for just about anyone to release a hack that adds a new feature. I myself am hoping we'll see an Epub reader.  I'm also looking forward to HTML5 sketchpad apps.

In any case, I'm glad I kept my K5. It's going to get a whole lot more useful in the near future.

via Yifan Lu

--
For more ebook news, subscribe to the RSS feed or the daily email newsletter. You can also follow me on Twitter: @thDigitalReader or find me on FaceBook.

About Nate Hoffelder (10953 Articles)
Nate Hoffelder is the founder and editor of The Digital Reader: "I've been into reading ebooks since forever, but I only got my first ereader in July 2007. Everything quickly spiraled out of control from there. Before I started this blog in January 2010 I covered ebooks, ebook readers, and digital publishing for about 2 years as a part of MobileRead Forums. It's a great community, and being a member is a joy. But I thought I could make something out of how I covered the news for MobileRead, so I started this blog."

34 Comments on Kindle Touch Gets World’s Simplest JailBreak (And It Runs HTML5)

  1. Cool! Now, I have to get a Kindle Touch!

    Thanks!

    😉

  2. >>>the K5 is written in HTML5 and its Java code is not disguised

    So wait. The KTouch is just a big webOS app?!!?

    • It’s a big web app, yes. Wait, are webOS apps mainly written in HTML5? I didn’t know that.

      • Yes, HTML5, JavaScript, and CSS. Aside from things like games, that require native code. But most everything else is HTML5/JScript/CSS. That was the big selling point to devs at the original webOS intro.

        So… is KTouch still Linux at the core? Is the Kindle “app” running in WebKit?

        • While both the Kindle OS and webOS are based on Linux, the Kindle does not run webOS.

          Also, webOS applications are no more “written in HTML and JavaScript” than any other OS’. It comes with a browser, but so does every other OS these days. webOS has its own native executable format and can also run some applications compiled for Palm devices (through a built-in emulator).

          • >>>the Kindle does not run webOS.

            Where the hell did anyone WRITE that? So intent on showing how “smart” you are, you come off dumb.

            And do you really know ANYTHING about webOS?

  3. Where have you heard of K5? There is no such thing as Kindle 5th generation, the 4th generation is the latest. It might be the case that speaking about html5 confuses people and they put a 5 at the end of everything …

    See http://en.wikipedia.org/wiki/Amazon_Kindle

  4. At first sight it looks like a simple MP3 file could infect my Kindle device with viruses (or jailbreaks ;)).

  5. “Yifan discovered that the Kindle Touch is written mostly in HTML5 and JavaScript” Huh? The reader ITSELF is an app? This means it doesn’t really exist?

    Oh, you mean the **OS** on the Kindle Touch is a web app. I get it!

    • The OS is *not* a web app,but the *reader* app that runs on the OS very likely is. Probably a close relative of the Kindle Cloud reader.

  6. Dude from Slovakia // 10 December, 2011 at 9:21 pm // Reply

    The fact that you can jailbreak it so easily is interesting.

    What is much, *much* more interesting is fact that the new Kindle is unbelievably insecure. If somebody asked me yesterday I would have claimed that just playing an mp3 from an unknown source is extremely unlikely to damage the device. Any device.

    One has to wonder, what else can carry malicious payload?
    Can e-book metadata carry an instruction for the library window to execute any arbitrary command on device as root?

    Scary. EXTREMELY scary.

    • 1- It’s been pretty clear that the K5 is a rushed product.
      2- The exploit sounds like it uses a buffer overflow exploit, which have been found (and continue to show up) everywhere. Everybody looks for them, most still miss them.
      3- Expect a fix any moment now.
      4- It takes a specially crafted mp3.
      5- You *do* know where your mp3s come from, right? You rip’em yourself or buy from reputable sources, right? Then you’re safe.
      6- Just use it to read. 😉

      Again, expect a fix real soon.

      • Frankly, I don’t want any fast fix for this. Let’s see what can be done with it first. Ibis Reader is an HTML5 web app that reads ePub. Could it be an app on the KTouch and give it DRM-free ePub?

        • The problem is: if it is a Buffer Overrun, it will be trivially easy to fix. So anybody looking to exploit the bug had better hurry.

  7. Did you drop your K5?
    I can see two areas with burst capsules, mid-right.

  8. Hi, can anyone please tell me what happens after the root?
    Will the kindle lose any autoupdate of the firmware?
    Will it be more prone to security problems?

    thanks, and compliments to the original poster – jailbreaker

  9. USB network was quite limiting, so I just did this to get SSH working over Wifi.

    iptables -A INPUT -p tcp –dport 80 -j ACCEPT

  10. Help! I downloaded the mp3 file, it went to the screensaver and back to the menu but never did that reset like in the movie? what other files do i need to put in?

  11. Help! I downloaded the file, but when I try to click on the “Press to Jailbreak” button, it doesn’t do anything…

  12. i dont know how to download the file

  13. will this A. void.my warranty or B. screw anything up?

  14. The 4th generation of Kindles include the Kindle4, Kindle Touch and Kindle Fire, according to Amazon’s own terminology and press releases. I see your point that the Kindle Touch seems sort of more advanced than a Kindle4 but that doesn’t make it a 5th generation Kindle. You’re confusing this corner of the internets, I think you should stop!

    • The Kindle Touch’s own specs show it is running KindleOS 5. And the Kindle Fire is not a Kindle. It is functionally an Android tablet that runs a unique version of the Kindel app.

  15. Will jail breaking my kindle allow me to keep my book and read my friends without loosing any of them?

6 Trackbacks & Pingbacks

  1. Kindle Touch is jailbroken, can run custom code - Liliputing
  2. How to Jailbreak Your Kindle Touch for Future Customization | Techland | TIME.com
  3. Cómo hacer el jailbreak al Kindle Touch con sólo reproducir un archivo MP3 |
  4. Kindle Touch: Hacen jailbreak por medio de un archivo MP3
  5. Better Business Bureau Thinks an Ebook Could Steal Your CC Info - The Digital Reader
  6. Under Fire, Amazon Says Kindle Fire Is Getting An Update Within Two Weeks — paidContent

Leave a comment

Your email address will not be published.


*