Skip to main content

Kindle Touch Gets World’s Simplest JailBreak (And It Runs HTML5)

click to enlarge

What would you think if I told you that jailbreaking the Kindle Touch/K5 was as easy as playing an mp3 file? I hope you’re sitting down, because it really is that simple.

A hacker by the name of Yifan Lu has just posted a jailbreak for the K5/Kindle Touch, and I just used it on my K5.

Update: A reader commented that he was confused by my calling the Kindle Touch the K5. I use this term because the Kindle Touch is running Kindle OS5, while the other new Kindle is running Kindle OS4.  That makes the Kindle Touch the fifth generation Kindle, aka K5.

How T0

I’m covering this first because it’s easy.

  1. Download this zip file.
  2. Copy the mp3 over to the music folder on your K5.
  3. Play the mp3 (from the experimental menu).

If you see the screenshot at right then congratulations. You now have a hacked Kindle Touch.

The Technical Explanation

clic to enlarge

I told you earlier this week that the K5 (Kindle Touch) was based on a completely different code base from previous Kindles, and that turns out to be more true than I realized.

Yifan  discovered that the software running on the Kindle Touch is written mostly in HTML5 and JavaScript, not the Java that all the other Kindles use.  In fact, the menus can be thought of as webpages in disguise. Pretty cool, huh? I think so, because this means that it won’t take long for hackers to release custom menus and spice things up.

That HTML5 base is also the security hole that Yifan exploited. He assembled an mp3 with his hack buried in the ID3 tags. The Kindle displays the tag info while playing the mp3, and it will also execute the code in the tag.

This hack is quite simple. All it does is install a key to root the K5 and allow you to install other hacks. It’s really just for developers at this point.

The Future

I’ve now hacked my K5, but that doesn’t mean much at the moment.

Yifan reports that none of the existing hacks for previous Kindles will work on the K5. He also didn’t add any amazing new features with his hack; he just wanted to show that it could be done and thus open the door so everyone else could get started. We’re going to have to wait a while for new hacks.

On the upside, the K5 is written in HTML5 and its Java code is not disguised. It shouldn’t be too hard for just about anyone to release a hack that adds a new feature. I myself am hoping we’ll see an Epub reader.  I’m also looking forward to HTML5 sketchpad apps.

In any case, I’m glad I kept my K5. It’s going to get a whole lot more useful in the near future.

via Yifan Lu

For more ebook news, subscribe to the RSS feed or the daily email newsletter. You can also follow me on Twitter: @thDigitalReader or find me on FaceBook.

Similar Articles


Leslie Day. December 10, 2011 um 10:01 am

Cool! Now, I have to get a Kindle Touch!



Mike Cane December 10, 2011 um 10:33 am

>>>the K5 is written in HTML5 and its Java code is not disguised

So wait. The KTouch is just a big webOS app?!!?

Nate Hoffelder December 10, 2011 um 10:43 am

It’s a big web app, yes. Wait, are webOS apps mainly written in HTML5? I didn’t know that.

Mike Cane December 10, 2011 um 1:04 pm

Yes, HTML5, JavaScript, and CSS. Aside from things like games, that require native code. But most everything else is HTML5/JScript/CSS. That was the big selling point to devs at the original webOS intro.

So… is KTouch still Linux at the core? Is the Kindle "app" running in WebKit?

Peter Roberts December 10, 2011 um 7:04 pm

While both the Kindle OS and webOS are based on Linux, the Kindle does not run webOS.

Also, webOS applications are no more "written in HTML and JavaScript" than any other OS'. It comes with a browser, but so does every other OS these days. webOS has its own native executable format and can also run some applications compiled for Palm devices (through a built-in emulator).

Mike Cane December 11, 2011 um 2:01 am

>>>the Kindle does not run webOS.

Where the hell did anyone WRITE that? So intent on showing how "smart" you are, you come off dumb.

And do you really know ANYTHING about webOS?

Kindle Touch is jailbroken, can run custom code – Liliputing December 10, 2011 um 4:04 pm

[…] The Digital Reader If you're new here, you may want to subscribe to our RSS feed, follow us on Twitter, or "like" […]

Anon December 10, 2011 um 6:22 pm

Where have you heard of K5? There is no such thing as Kindle 5th generation, the 4th generation is the latest. It might be the case that speaking about html5 confuses people and they put a 5 at the end of everything …


Nate Hoffelder December 10, 2011 um 6:32 pm

The Kindle Touch is the 5th generation Kindle. It’s running Kindle OS5, while the trimmed down basic Kindle (that was launched the same day) is running Kindle OS4. They are clearly not the same generation, even though they were launched the same day.

Jaxs December 11, 2011 um 3:22 pm

I see a problem in your answer. Kindle Fire runs fw 6.xx, so it would be considered as a K6? Then the future Kindle should be called K7?!? And if new tablets appears with 8.xx or 9.xx firmware?!

That´s the reason because Amazon just calls its new model like Kindle without numbers. Sorry, it’s only my point of view.

Nate Hoffelder December 11, 2011 um 4:20 pm

I wouldn’t include the Kindle Fire in the numbering system any more than i would include the Kindle DX.

And the Kindle Fire runs Android 2.3 Gingerbread, not the Kindle OS. It’s an Android tablet running Amazon apps, not a Kindle.

Jaxs December 12, 2011 um 2:01 pm

Yes, KF runs Android 2.3 but the device has its own software. In this case called 6.xx

Nate Hoffelder December 10, 2011 um 7:05 pm

And thanks for pointing out the Wikipedia article. I corrected it.

Mike Cane December 11, 2011 um 2:02 am

>>>And thanks for pointing out the Wikipedia article. I corrected it.


gianni December 12, 2011 um 5:58 pm

Very funny :-)))))

Name December 10, 2011 um 6:32 pm

At first sight it looks like a simple MP3 file could infect my Kindle device with viruses (or jailbreaks ;)).

Doc December 10, 2011 um 8:08 pm

"Yifan discovered that the Kindle Touch is written mostly in HTML5 and JavaScript" Huh? The reader ITSELF is an app? This means it doesn’t really exist?

Oh, you mean the **OS** on the Kindle Touch is a web app. I get it!

fjtorres December 10, 2011 um 10:47 pm

The OS is *not* a web app,but the *reader* app that runs on the OS very likely is. Probably a close relative of the Kindle Cloud reader.

Dude from Slovakia December 10, 2011 um 9:21 pm

The fact that you can jailbreak it so easily is interesting.

What is much, *much* more interesting is fact that the new Kindle is unbelievably insecure. If somebody asked me yesterday I would have claimed that just playing an mp3 from an unknown source is extremely unlikely to damage the device. Any device.

One has to wonder, what else can carry malicious payload?
Can e-book metadata carry an instruction for the library window to execute any arbitrary command on device as root?

Scary. EXTREMELY scary.

fjtorres December 10, 2011 um 10:55 pm

1- It’s been pretty clear that the K5 is a rushed product.
2- The exploit sounds like it uses a buffer overflow exploit, which have been found (and continue to show up) everywhere. Everybody looks for them, most still miss them.
3- Expect a fix any moment now.
4- It takes a specially crafted mp3.
5- You *do* know where your mp3s come from, right? You rip’em yourself or buy from reputable sources, right? Then you’re safe.
6- Just use it to read. 😉

Again, expect a fix real soon.

Mike Cane December 11, 2011 um 2:05 am

Frankly, I don’t want any fast fix for this. Let’s see what can be done with it first. Ibis Reader is an HTML5 web app that reads ePub. Could it be an app on the KTouch and give it DRM-free ePub?

fjtorres December 11, 2011 um 4:37 pm

The problem is: if it is a Buffer Overrun, it will be trivially easy to fix. So anybody looking to exploit the bug had better hurry.

Tom December 12, 2011 um 8:30 am

Did you drop your K5?
I can see two areas with burst capsules, mid-right.

Nate Hoffelder December 12, 2011 um 8:44 am

Nope. I didn’t drop it. When I’m not using them they stay in their boxes.

Thanks for pointing that out; I was wondering what the marks were from.

How to Jailbreak Your Kindle Touch for Future Customization | Techland | December 12, 2011 um 10:00 am

[…] Here are the instructions, via The Digital Reader: […]

gianni December 12, 2011 um 6:01 pm

Hi, can anyone please tell me what happens after the root?
Will the kindle lose any autoupdate of the firmware?
Will it be more prone to security problems?

thanks, and compliments to the original poster – jailbreaker

Nate Hoffelder December 12, 2011 um 6:51 pm

There should be no side effects. It does not modify any system files, just adds a new one.

Cómo hacer el jailbreak al Kindle Touch con sólo reproducir un archivo MP3 | December 13, 2011 um 11:20 am

[…] basado principalmente en HTML5 y JavaScript, y gracias a eso un programador identificado como Yifan Lu ya ha logrado hacerle jailbreak al dispositivo con un proceso sumamente sencillo que no requiere […]

Kindle Touch: Hacen jailbreak por medio de un archivo MP3 December 13, 2011 um 2:30 pm

[…] The Digital Reader Noticias relacionadas:Jailbreak iOS 4.1: iPhone 3GS, 4, iPod touch 4G, 3G – […]

GhostlyDeath December 18, 2011 um 9:31 pm

USB network was quite limiting, so I just did this to get SSH working over Wifi.

iptables -A INPUT -p tcp –dport 80 -j ACCEPT

Tanner December 25, 2011 um 8:33 pm

Help! I downloaded the mp3 file, it went to the screensaver and back to the menu but never did that reset like in the movie? what other files do i need to put in?

Geneva December 26, 2011 um 1:14 am

Help! I downloaded the file, but when I try to click on the "Press to Jailbreak" button, it doesn’t do anything…

Better Business Bureau Thinks an Ebook Could Steal Your CC Info – The Digital Reader January 23, 2012 um 8:11 pm

[…] the new Kindle Touch does support some code embedded in certain places (that’s how it was hacked). This is a security hole that Amazon is working on fixing. Note that the code is not inside an […]

jada February 16, 2012 um 2:53 pm

i dont know how to download the file

somebody February 18, 2012 um 12:39 am

will this A. warranty or B. screw anything up?

Nate Hoffelder February 18, 2012 um 12:42 am

Void, yes but I don’t think they will catch you at it.

Screw up, probably not.

Under Fire, Amazon Says Kindle Fire Is Getting An Update Within Two Weeks — paidContent April 9, 2012 um 5:40 pm

[…] So far, there is nothing special that comes along with the hack that users can do, although as Digital Reader points out, it opens the door for other enterprising hackers to figure that next stage out. […]

Jed June 30, 2012 um 7:16 pm

The 4th generation of Kindles include the Kindle4, Kindle Touch and Kindle Fire, according to Amazon’s own terminology and press releases. I see your point that the Kindle Touch seems sort of more advanced than a Kindle4 but that doesn’t make it a 5th generation Kindle. You’re confusing this corner of the internets, I think you should stop!

Nate Hoffelder June 30, 2012 um 7:44 pm

The Kindle Touch’s own specs show it is running KindleOS 5. And the Kindle Fire is not a Kindle. It is functionally an Android tablet that runs a unique version of the Kindel app.

Jen October 25, 2012 um 6:33 am

Will jail breaking my kindle allow me to keep my book and read my friends without loosing any of them?

Use Kindle Touch as secondary display for my linux PC – Mags Forum Technology August 12, 2019 um 9:08 am

[…] I can jailreak it with this:… […]

Write a Comment