Jailbreaking the International Kindle

I was quite close to publishing similar findings myself but Jean-Yves Avenard beat me to it. It is now possible to create custom updates for International Kindle that runs firmware 2.2.* Fortunately there is no need for hardware changes

A little background information first. A while back Igor Skochinsky found serial console connector on Kindle 1 and reverse engineered scripts that Kindle uses to update it’s firmware. Since Amazon is paying for it’s wireless traffic they don’t push full firmware dumps as updates but rather compressed linux patches that only change the things that need to be changed and are relatively small. In Kindle 2 same scripts were used. The only thing that changed was device ID. This was to safeguard against installing update for wrong Kindle device rather than to prevent custom update installation altogether. Kindle DX was a similar story.

However it all changed when Kindle 2 International came out. There was a device ID change as well but updates still failed to install. Using debug commands that still worked (you need to type then in the home screen search box – they are quite harmless will not break your Kindle):

  • ;debugOn
  • ;dumpMessages

Amonng other housekeeping messages it returned the folloing lines:

091021:102422 EXT3 FS on mmcblk0p1, internal journal
091021:102422 system: I _otaupexec:def:processing update /mnt/us/update_tool.bin
091021:102422 system: I _otaupexec:def:version is “FC02”
091021:102422 system: I _otaupexec:def:update image checksum OK
091021:102422 system: E _otaupexec:def:signature does not exist for “tool.sh”
091021:102422 system: E _otaupexec:def:signature verification failed

So it looked like Amazon was signing update packages now. Worst case scenario would have been usage of asymmetric encryption keys like RSA that would be impossible to break until we have working full-scale quantum computers. Best case would be Amazon using something simple – like tar file scrambling that they are using to “encrypt” the whole update file.

I was trying to break into the Kindle via serial console that can be exposed by sliding the top plastic cover off the device but fried my Kindle in the process.

While I was waiting for the new device to arrive, mobileread.com member clarknova suggested using a tarbomb to break into the new Kindle. He assumed that new Kindle would still use the old code to extract files from the update before verifying the signatures. It proved to be true. A tarbomb exploits the fact that linux tar would extract anything that is given to it and might put it somewhere where package receiver didn’t intent it to go. For example older versions would honor relative paths, so if tarball contained file ../../etc/rc5.d/S00kill-code and most likely user would try to unpack the file in /home/username, the malicious file would go into /etc/rc5.d/ and get executed on the startup. While version of tar that is installed on Kindle discards parent directory references, it allows to unpack a symlink that points anywhere in the filesystem. This allowed to craft an update that would still fail to install but in the process would deposit a startup script that would unlock further access to Kindle internals.

Unfortunately Amazon did use the asymmetric encryption to sign the packages. Fortunately there is a very nice way around. Kindle doesn’t use just one key to verify the signature – it enumerates all key files in /etc/uks directory and if any of the keys yields a positive signature validation – the file passes the test. So Jean-Yves Avenard created a tarbomb that would add extra public key to that directory. He also modified Igor’s script to use corresponding private key to sign all the files in the package.

Nice thing about this mod is that it doesn’t change any files in Kindle filesystem, it just adds. So it will not cause checksum conflicts when installing official Amazon updates in the future. However if you use this jailbreak mod to install other updates like Unicode Font Hack, screensaver, savory, etc that DO change files then standard rules apply – official updates will fail and you’ll need to revert the hacks, install official update manually and then reinstall the hacks. Although I doubt that we’ll see many official Amazon updates anytime soon. I’ll make a separate post on this topic at some other time.

I’m pretty sure that in the next version of the device (International Kindle DX perhaps or whatever comes next), Amazon will fix this vulnerability and serial console might be required to install things on Kindle or perhaps some other security exploit. But for now here are specifics:

You can download the “jailbreak” update here. I’ve tested it on my Kindle and it works perfectly. It also contains the updated script to create your own packages. However I would strongly advise you to do it only if you really-really need to, really-really know that you are doing and are willing to brick your device. Several people were known to irreversible brick their Kindle eBook readers by experimenting with them. I bricked two so far trying to create unicode font hack – one US Kindle 2 a while back another Kindle 2 International recently.

So if you are not sure about what are you doing – stick to pre-canned hacks from verified sources that have been tested to work and have uninstallers available. These are relatively safe though again there is always a chance of something going wrong and hacking the Kindle absolutely does void the warranty.

I’ve tested the pre-canned screensaver hack that can be downloaded here and it does work perfectly.

To avoid having to jailbreak Kindle multiple times and creating potentially conflicting hacks I recommend to all Kindle modders out there to use Jean-Yves Avenard’s packager and private/public key pair for creating Internaional Kindle hacks. I’m going to use it for Unicode Font Hack myself.

Right after publishing this post I’m going to reorganize the Unicode Font Hack a bit and release a new version for all Kindle versions including the international one. Stay tuned!

Solution for cracked Kindle problem

Kindle Cover Velcro Fix

Kindle Cover Velcro Fix

While there is an ongoing law suit against Amazon on the matter of Kindle leather cases causing damage to Kindle devices, a user on mobileread.com forum has proposed a simple solution. While it will not help if your Kindle is already broken it will prevent you from damaging your device by opening the cover on the wrong side.

All you need to do is stitch some velcro tape to the upper right corner of the cover like shown on the picture. If you don’t want to stitch I believe that epoxy or super-glue will also do the trick.

The original thread can be found here. Personally, opening the cover on the wrong side never was a problem for me as I always make sure that I see the logo badge before I open it. But it may be helpful to someone.

Amazon may be blocking non-US customers from buying Kindle books

The method to trick Amazon into selling you a Kindle if you live outside of US was long known. There hundreds if not thousands non-US people using Amazon Kindle nowdays. However, recently, according to this thread on mobileread.com forums, please using this method started getting the following message when trying to buy a Kindle book:
We are sorry…
We could not process your order because of geographical restrictions on the product which you were attempting to purchase. Please refer to the terms of use for this product to determine the geographical restrictions.
We apologize for any inconvenience this may have caused you.

We are sorry…

We could not process your order because of geographical restrictions on the product which you were attempting to purchase. Please refer to the terms of use for this product to determine the geographical restrictions.

We apologize for any inconvenience this may have caused you.

There could be several things that are going on:

  • Software bug. Several users have reported Amazon.com website having some glitches recently.
  • Amazon did this unintentionally. It could be that they’ve rolled out a general system for geographically targeting or restricting certain products (not just Kindle books) and this message is one of the effects of this system. Perhaps it’s related to upcoming Kindle UK release… If that were the case, based on my own experience with software industry I would estimate that UK launch to be within weeks from now since it doesn’t make sense to make changes to production website that makes millions of dollars worth of sales per day long before you plan to release something. It can be Amazons major move for this holiday season and it would totally make sense. Though this is 100% my speculation.
  • Amazon specifically targeted Kindle books. Most likely this is because one of the non-US copyright holders found out that their intellectual property is sold in their country (ex: France) and they are not getting their rightful share of profits. Then they demanded action from Amazon and Amazon blocked Kindle books for non-US IP addresses. Let’s explore this possibility in detail…

The last scenario is yet another manifestation of how complex international copyright system is. Usually different publishers have rights to the same book in different countries. This worked well for paper book publishing since few people would like to purchase foreign edition of the book due because they would rather read it in their native language. It didn’t make sense to transport books internationally since they are heavy and it’s cheaper to print them close to where they will be sold. However when books went digital this legacy system started causing a lot of grief to publishers, book sellers and most of all to the customers. This was recently demonstrated by events surrounding Orwell’s 1984. Perhaps in the future publishing industry will adapt and embrace the global economy…

In this particular matter I doubt that Amazon would go do great pains to strictly enforce geographical restrictions on Kindle books. Mostly it’s because relatively few people used this loophole and amount of money involved is not significant. If Amazon were to press the issue, it would generate bad publicity just as Orwellioan deletion did. So they’ll only do what is needed to get the particular publisher happy. So I’m sure in time people will find a workaround for this problem.

One good way to try would be to have a separate browser that uses US pusroxy for all interactions with Amazon.com website from the day you create your new account. I’d recommend using real HTTP proxy that you configure in your browser rather than anonymizer websites that load destination websites in a frame as these are prone to bugs. The following proxy list would be a good place to start.

If you are affected by this issue or can add valuable information about the topic – please post a comment.


“Many thanks to Caroline Wong from the amazon forums for giving a hint to the solution. Amazon is now checking the IP address for those without a valid one-click payment option – generally those purchasing with gift certificates. You need to do a VPN to a US ip address – just do a google on “VPN to US” and download the software. Just run the software before any amazon session. Just bought 3 kindle books of amazon using gift certificates.”

So it looks like it is IP-related. Using public US proxy or VPN should solve the problem. I’ll look into the UltraSurf software and will post a review once I’ve tested it myself.

Amazon specifically doing the check for people without one click buying option would explain why most US residents travelling abroad like me will not be affected by this change.

Update 2:

I’ve just received the following email:


I’m the guy who started the “Am I Screwed?” post on mobileread.com.

I update the thread. The problem is now over. People can buy books normally again, without needing to use a US IP. Amazon says it was a temporary glitch.

I myself (in Canada) just bought a book normally and successfully.

So it looks like this might be a side effect of upcoming international release or a simple bug.

Thanks to everyone who helped contribute information on the issue.

Kindle DX Screensaver Hack

Folks at mobileread.com have updated their screen saver hack to work with Kindle DX. It allows you to replace default screen saver images (mostly of famous writers) that appear when Kindle goes into sleep mode with any set of images of your own choosing.

You can download binaries and source code here. Installation is very similar to other Kindle “feature enhancing” hacks:

Instructions for use:

1) Plug your Kindle DX into your computer.

2) Copy “update_DX_screensaverhack-install.bin” to the root of your Kindle DX.

3) Optional Steps:

3a) Change directories to the “system” folder.

3b) Create a new folder called “screen_saver”

3c) Place any 824×1200 PNG image files into the system\screen_saver folder that you just created.

6) Unplug your Kindle DX.

7) Press the “Menu” button on your Kindle DX and select “Settings.”

8) At the Settings page press “Menu” again and select “Update Your Kindle.”

9) When the “update” is done your Kindle DX will reboot and you are done.

If you choose not to do step 3, the system will create the system\screen_saver folder for you and place the default screen savers in it. You can then remove or replace these, or mix them with your own — it’s up to you.

To go back to the default Kindle DX screen savers:

1) Plug your Kindle DX into your computer.

2) Copy “update_DX_screensaverhack-uninstall.bin” to the root of your Kindle DX.

3) Unplug your Kindle DX.

4) Press the “Menu” button on your Kindle DX and select “Settings.”

5) At the Settings page press “Menu” again and select “Update Your Kindle.”

6) When the “update” is done your Kindle DX will reboot and you are done.

More Information:

You can change images at any time, but you must reset your kindle for them to appear (press and hold the slider for 15 seconds). If there are no images then a blank screen will be shown when you go into sleep mode.

As with the K2, JPG/PNG/GIF files all work . You can use JPG, PNG, GIF, any size, although obviously 824×1200 works best. Smaller images are anchored in the upper left corner.

If you would like to restore the original screen savers without removing the hack, simply delete the screen_saver folder and reset your kindle, and the folder will be recreated with the original images in it.

Any official kindle DX updates that patch the file will fail (gracefully) if this is installed (ie. 2.1 to 2.1.1). Use the remove procedure, to restore the default screen savers, then apply the official update, and all will be well.

Read how to open KEY file and open NUMBERS file on Kindle.

This hack is compatible with Unicode Font Hack and you can install and uninstall both independently of each other.

Amazon uses DMCA against MobileRead.com for hosting DRM Python Script Instructions

Engadget reports that undisclosed law firm on behalf of Amazon.com sent cease and desist letter to MobileRead.com admins demanding pages that host instructions on how to use Python script that allows you to read legally purchased DRM protected eBooks in MobiPocket format on Kindle and Kindle 2.

My personal opinion is that it’s not as simple as Engadget and TechDirt would like to portray it. For one, Engadget’s statement that the script “script, which can’t actually be used to break Kindle DRM” is misleading. I will not elaborate why. If you research the matter yourself, you may find out what I mean. I don’t want to take sides on this particular issue, I just want to point out that there’s more to it than meets the eye or what’s written in mainstream news.

While I am personally a big supporter of open information market where content creators and distributors are fairly compensated for their work and law-abiding users are not limited by crippling DRM systems that bind them to specific hardware. But before this can happen market should get big enough. Otherwise it may collapse because of extreme competition. Amazon is currently the biggest driver or eBook market growth. Cut their profits, their eBook business may collapse and there will be no market at all. Recent release of Kindle application for iPhone and iPodTouch is a step in the right direction towards more open information market. Because it allows usage of purchased digital content to be freely used across two different software and hardware platforms. Hopefully soon more steps like this will follow.

Kindle 1 Screensaver Hack

There is a way to get custom images to display in Kindle 1 screensaver instead of standard ones that are supplied by Amazon. I found these instructions on MobileRead Wiki page:

To add your custom screen savers:

  1. Attach the Kindle to a computer using the USB cord.
  2. Using Windows Explorer (or whatever you use to see individual files/folders) , you should see a new drive called Kindle under My Computer. Go to that drive. (Or if you have an SD card in your Kindle, you can go to the SD drive.)
  3. Create a new folder called “pictures” and a subfolder called “screensavers” under it. Make sure both folder names are all lowercase.
  4. Copy your image files into the screensavers folder. Your pictures should be 600×800 pixels and black & white. I’ve only used .jpg files. Note: I’ve used .png files as well
  5. After copying is complete & it is safe, remove the Kindle from the USB connection.
  6. Go to your Home menu and press alt-z. This will create a new book called “screensavers” . Open it. You’ll see each of your pictures. You can advance through them with the prev. page and next page buttons. Note: The new book will appear at the END of your book list
  7. While viewing your pictures, look at the bottom of the Kindle screen. If you see your battery indicator & Menu prompt, press alt-F to go into Full Screen mode.
  8. On each photo, press alt-shift-0 (i.e., alt-shift-zero) . After a brief delay, you’ll get a message that your picture has been exported as screensaver. Click Close on the message.
  9. Navigate to each of the pictures you want to use and repeat the above step.
  10. When you’ve got all your pictures loaded, test them by going into & out of sleep mode. Alt-aA (i.e., alt-font size button) puts it to sleep & wakes it up again. Each time it sleeps, it should use a different image. If you see the same image all the time, relook at Step 3.

To remove your custom screen savers and restore the originals

  1. Attach the Kindle to a computer using the USB cord.
  2. Using Windows Explorer (or whatever you use to see individual files/folders) , go to your Kindle drive under My Computer.
  3. If you see a folder called system, skip this step. If you don’t see the system folder, click on the Tools menu & then Folder Options. Go to the View tab, and look at the Advanced Settings. Under Hidden Files and Folders, select Show Hidden Files and Folders. Click Apply, then OK. You should now see a system folder.
  4. Under the system folder, you’ll see a screen_saver folder. Delete all the files that are in that folder.
  5. After you disconnect from the USB, you may see your last custom screensaver one more time, but after that it will revert back to the pre-loaded Kindle screensaver images

I’ve tried these instructions on Kindle 2 with no effect other than freezing the picture viewer and having to soft reboot the device. Please read my other post on how to hack screensaver in Kindle 2.

Please realize that these hacks can potentially void your warranty.

Kindle 2 Screensaver Hack

For people who wanted to replace author pictures in Kindle 2 Screensaver with any pictures of their own there is now a solution. clarknova from MobileRead Forums created a custom update that allows you to replace Amazon-supplied pictures that are shown when Kindle 2 goes to sleep with any pictures of your own.

Before you continue with instructions below, please understand that you are doing it at your own risk and this can potentially void your warranty. On the bright side, the update seems small, straightforward and reversable and several people (myself included – see pictures below) have successfully applied it to their devices.

Important thing to remember is that this update changes some configuration files. Official Amazon updates verify file checksums before installing. So while you have this hack installed updates that would try to change the same file will fail. Solution is to reverse this hack (instructions below), apply Amazon update and then reapply the hack.

Before proceeding you may want to take a look at “Updating Kindle Software Post” and make sure that you have the most recent software on your Kindle.

To enable custom screensavers:

  1. Download kindle_screensaver_hack-0.3.zip. This seems to the latest version now and I’ll try to keep this post updated with more versions as they become available.
  2. Unpack it.
  3. Connect your Kindle to your PC via USB. Go to the Kindle drive (usually K:\)
  4. If you don’t see system folder, you need to configure Windows to show hidden files and folders. Otherwise go the next step.
  5. Go to the \system folder and create screen_saver subfolder in it.
  6. Copy all of the images you want your screensaver to randomly cycle tough. Both PNG and JPEG formats are OK. While Kindle will resize images it’s best to resize them to 600×800 beforehand. Definitely don’t try putting 10 megapixel photos from your camera there as screensaver would then take long time to load and image will not display right. Good freeware tool to edit images is Paint.NET
  7. Copy Update_kindle2_user_screen_savers.bin that you’ve unpacked in step 2 to the root directory of your Kindle 2.
  8. Unplug the USB cable.
  9. Press “Menu”, select “Settings”, press “Menu”, select “Update Your Kindle”.
  10. It normally should take under a minute to update and reboot your Kindle. And you’re done!

If you did everything right you should see the following in at the bottom of your settings screen.



To revert to standard screensavers:

  1. Connect your Kindle to your PC via USB. Go to the Kindle drive (usually K:\)
  2. Copy Update_kindle2_restore_default_screen_savers.bin to the root directory of your Kindle 2.
  3. Unplug the USB cable.
  4. Press “Menu”, select “Settings”, press “Menu”, select “Update Your Kindle”.
  5. It normally should take under a minute to update and reboot your Kindle. And you’re done!
  6. If you want to disable custom screensavers for good rather than temporarily disable the hack to install Amazon Update, you may want to delete the \system\screen_saver directory you’ve created before. Be extra careful not to delete anything else in the \system directory!

Wikimedia.org may be a good place to stock up on nice copyright-free images.

If you try this hack, please take a minute to post your experience in the comments as I”m sure most people who read this post will be interested in them.