Kindle Touch Gets World’s Simplest JailBreak (And It Runs HTML5)

click to enlarge

What would you think if I told you that jailbreaking the Kindle Touch/K5 was as easy as playing an mp3 file? I hope you're sitting down, because it really is that simple.

A hacker by the name of Yifan Lu has just posted a jailbreak for the K5/Kindle Touch, and I just used it on my K5.

Update: A reader commented that he was confused by my calling the Kindle Touch the K5. I use this term because the Kindle Touch is running Kindle OS5, while the other new Kindle is running Kindle OS4.  That makes the Kindle Touch the fifth generation Kindle, aka K5.

How T0

I'm covering this first because it's easy.

  1. Download this zip file.
  2. Copy the mp3 over to the music folder on your K5.
  3. Play the mp3 (from the experimental menu).

If you see the screenshot at right then congratulations. You now have a hacked Kindle Touch.

The Technical Explanation

clic to enlarge

I told you earlier this week that the K5 (Kindle Touch) was based on a completely different code base from previous Kindles, and that turns out to be more true than I realized.

Yifan  discovered that the software running on the Kindle Touch is written mostly in HTML5 and JavaScript, not the Java that all the other Kindles use.  In fact, the menus can be thought of as webpages in disguise. Pretty cool, huh? I think so, because this means that it won't take long for hackers to release custom menus and spice things up.

That HTML5 base is also the security hole that Yifan exploited. He assembled an mp3 with his hack buried in the ID3 tags. The Kindle displays the tag info while playing the mp3, and it will also execute the code in the tag.

This hack is quite simple. All it does is install a key to root the K5 and allow you to install other hacks. It's really just for developers at this point.

The Future

I've now hacked my K5, but that doesn't mean much at the moment.

Yifan reports that none of the existing hacks for previous Kindles will work on the K5. He also didn't add any amazing new features with his hack; he just wanted to show that it could be done and thus open the door so everyone else could get started. We're going to have to wait a while for new hacks.

On the upside, the K5 is written in HTML5 and its Java code is not disguised. It shouldn't be too hard for just about anyone to release a hack that adds a new feature. I myself am hoping we'll see an Epub reader.  I'm also looking forward to HTML5 sketchpad apps.

In any case, I'm glad I kept my K5. It's going to get a whole lot more useful in the near future.

via Yifan Lu

--
For more ebook news, subscribe to the RSS feed or the daily email newsletter. You can also follow me on Twitter: @thDigitalReader or find me on FaceBook.

Nate Hoffelder

View posts by Nate Hoffelder
Nate Hoffelder is the founder and editor of The Digital Reader: He's here to chew bubble gum and fix broken websites, and he is all out of bubble gum. He has been blogging about indie authors since 2010 while learning new tech skills at the drop of a hat. He fixes author sites, and shares what he learns on The Digital Reader's blog. In his spare time, he fosters dogs for A Forever Home, a local rescue group.

40 Comments

  1. Leslie Day.10 December, 2011

    Cool! Now, I have to get a Kindle Touch!

    Thanks!

    😉

    Reply
  2. Mike Cane10 December, 2011

    >>>the K5 is written in HTML5 and its Java code is not disguised

    So wait. The KTouch is just a big webOS app?!!?

    Reply
    1. Nate Hoffelder10 December, 2011

      It’s a big web app, yes. Wait, are webOS apps mainly written in HTML5? I didn’t know that.

      Reply
      1. Mike Cane10 December, 2011

        Yes, HTML5, JavaScript, and CSS. Aside from things like games, that require native code. But most everything else is HTML5/JScript/CSS. That was the big selling point to devs at the original webOS intro.

        So… is KTouch still Linux at the core? Is the Kindle “app” running in WebKit?

        Reply
        1. Peter Roberts10 December, 2011

          While both the Kindle OS and webOS are based on Linux, the Kindle does not run webOS.

          Also, webOS applications are no more “written in HTML and JavaScript” than any other OS’. It comes with a browser, but so does every other OS these days. webOS has its own native executable format and can also run some applications compiled for Palm devices (through a built-in emulator).

          Reply
          1. Mike Cane11 December, 2011

            >>>the Kindle does not run webOS.

            Where the hell did anyone WRITE that? So intent on showing how “smart” you are, you come off dumb.

            And do you really know ANYTHING about webOS?

            Reply
  3. […] The Digital Reader If you're new here, you may want to subscribe to our RSS feed, follow us on Twitter, or "like" […]

    Reply
  4. Anon10 December, 2011

    Where have you heard of K5? There is no such thing as Kindle 5th generation, the 4th generation is the latest. It might be the case that speaking about html5 confuses people and they put a 5 at the end of everything …

    See http://en.wikipedia.org/wiki/Amazon_Kindle

    Reply
    1. Nate Hoffelder10 December, 2011

      The Kindle Touch is the 5th generation Kindle. It’s running Kindle OS5, while the trimmed down basic Kindle (that was launched the same day) is running Kindle OS4. They are clearly not the same generation, even though they were launched the same day.

      Reply
      1. Jaxs11 December, 2011

        I see a problem in your answer. Kindle Fire runs fw 6.xx, so it would be considered as a K6? Then the future Kindle should be called K7?!? And if new tablets appears with 8.xx or 9.xx firmware?!

        That´s the reason because Amazon just calls its new model like Kindle without numbers. Sorry, it’s only my point of view.

        Reply
        1. Nate Hoffelder11 December, 2011

          I wouldn’t include the Kindle Fire in the numbering system any more than i would include the Kindle DX.

          And the Kindle Fire runs Android 2.3 Gingerbread, not the Kindle OS. It’s an Android tablet running Amazon apps, not a Kindle.

          Reply
          1. Jaxs12 December, 2011

            Yes, KF runs Android 2.3 but the device has its own software. In this case called 6.xx
            http://www.amazon.com/gp/help/customer/display.html/?ie=UTF8&tag=kwab-20&nodeId=200790620

            Reply
    2. Nate Hoffelder10 December, 2011

      And thanks for pointing out the Wikipedia article. I corrected it.

      Reply
      1. Mike Cane11 December, 2011

        >>>And thanks for pointing out the Wikipedia article. I corrected it.

        HAHAHAHAHAHAHAHAHA

        Reply
      2. gianni12 December, 2011

        Very funny :-)))))

        Reply
  5. Name10 December, 2011

    At first sight it looks like a simple MP3 file could infect my Kindle device with viruses (or jailbreaks ;)).

    Reply
  6. Doc10 December, 2011

    “Yifan discovered that the Kindle Touch is written mostly in HTML5 and JavaScript” Huh? The reader ITSELF is an app? This means it doesn’t really exist?

    Oh, you mean the **OS** on the Kindle Touch is a web app. I get it!

    Reply
    1. fjtorres10 December, 2011

      The OS is *not* a web app,but the *reader* app that runs on the OS very likely is. Probably a close relative of the Kindle Cloud reader.

      Reply
  7. Dude from Slovakia10 December, 2011

    The fact that you can jailbreak it so easily is interesting.

    What is much, *much* more interesting is fact that the new Kindle is unbelievably insecure. If somebody asked me yesterday I would have claimed that just playing an mp3 from an unknown source is extremely unlikely to damage the device. Any device.

    One has to wonder, what else can carry malicious payload?
    Can e-book metadata carry an instruction for the library window to execute any arbitrary command on device as root?

    Scary. EXTREMELY scary.

    Reply
    1. fjtorres10 December, 2011

      1- It’s been pretty clear that the K5 is a rushed product.
      2- The exploit sounds like it uses a buffer overflow exploit, which have been found (and continue to show up) everywhere. Everybody looks for them, most still miss them.
      3- Expect a fix any moment now.
      4- It takes a specially crafted mp3.
      5- You *do* know where your mp3s come from, right? You rip’em yourself or buy from reputable sources, right? Then you’re safe.
      6- Just use it to read. 😉

      Again, expect a fix real soon.

      Reply
      1. Mike Cane11 December, 2011

        Frankly, I don’t want any fast fix for this. Let’s see what can be done with it first. Ibis Reader is an HTML5 web app that reads ePub. Could it be an app on the KTouch and give it DRM-free ePub?

        Reply
        1. fjtorres11 December, 2011

          The problem is: if it is a Buffer Overrun, it will be trivially easy to fix. So anybody looking to exploit the bug had better hurry.

          Reply
  8. Tom12 December, 2011

    Did you drop your K5?
    I can see two areas with burst capsules, mid-right.

    Reply
    1. Nate Hoffelder12 December, 2011

      Nope. I didn’t drop it. When I’m not using them they stay in their boxes.

      Thanks for pointing that out; I was wondering what the marks were from.

      Reply
  9. […] Here are the instructions, via The Digital Reader: […]

    Reply
  10. gianni12 December, 2011

    Hi, can anyone please tell me what happens after the root?
    Will the kindle lose any autoupdate of the firmware?
    Will it be more prone to security problems?

    thanks, and compliments to the original poster – jailbreaker

    Reply
    1. Nate Hoffelder12 December, 2011

      There should be no side effects. It does not modify any system files, just adds a new one.

      Reply
  11. Cómo hacer el jailbreak al Kindle Touch con sólo reproducir un archivo MP3 |13 December, 2011

    […] basado principalmente en HTML5 y JavaScript, y gracias a eso un programador identificado como Yifan Lu ya ha logrado hacerle jailbreak al dispositivo con un proceso sumamente sencillo que no requiere […]

    Reply
  12. […] The Digital Reader Noticias relacionadas:Jailbreak iOS 4.1: iPhone 3GS, 4, iPod touch 4G, 3G – […]

    Reply
  13. GhostlyDeath18 December, 2011

    USB network was quite limiting, so I just did this to get SSH working over Wifi.

    iptables -A INPUT -p tcp –dport 80 -j ACCEPT

    Reply
  14. Tanner25 December, 2011

    Help! I downloaded the mp3 file, it went to the screensaver and back to the menu but never did that reset like in the movie? what other files do i need to put in?

    Reply
  15. Geneva26 December, 2011

    Help! I downloaded the file, but when I try to click on the “Press to Jailbreak” button, it doesn’t do anything…

    Reply
  16. […] the new Kindle Touch does support some code embedded in certain places (that’s how it was hacked). This is a security hole that Amazon is working on fixing. Note that the code is not inside an […]

    Reply
  17. jada16 February, 2012

    i dont know how to download the file

    Reply
  18. somebody18 February, 2012

    will this A. void.my warranty or B. screw anything up?

    Reply
    1. Nate Hoffelder18 February, 2012

      Void, yes but I don’t think they will catch you at it.

      Screw up, probably not.

      Reply
  19. […] So far, there is nothing special that comes along with the hack that users can do, although as Digital Reader points out, it opens the door for other enterprising hackers to figure that next stage out. […]

    Reply
  20. Jed30 June, 2012

    The 4th generation of Kindles include the Kindle4, Kindle Touch and Kindle Fire, according to Amazon’s own terminology and press releases. I see your point that the Kindle Touch seems sort of more advanced than a Kindle4 but that doesn’t make it a 5th generation Kindle. You’re confusing this corner of the internets, I think you should stop!

    Reply
    1. Nate Hoffelder30 June, 2012

      The Kindle Touch’s own specs show it is running KindleOS 5. And the Kindle Fire is not a Kindle. It is functionally an Android tablet that runs a unique version of the Kindel app.

      Reply
  21. Jen25 October, 2012

    Will jail breaking my kindle allow me to keep my book and read my friends without loosing any of them?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to top
%d bloggers like this: