New $114 Ad-Supported Kindle Announced!

Amazon(NASDAQ:AMZN) has just announced the newest addition to its highly successful Kindle line… kinda!  Visitors finding themselves at Amazon.com today will be seeing an announcement for a new “Kindle(with Special Offers)” being sold at a mere $114.  While it isn’t a hardware upgrade, anything to bring down the price on the Kindle is only going to help get it out there at this point.

What we’ve got is essentially just the existing Kindle WiFi that we all know and love already.  Instead of the standard “enjoyable” screen savers of author portraits and “kindle” related facts, it will display current advertisements and deals available to users.  While there will also be a small ad box at the bottom of the home screen, it is fairly unobtrusive and will not at any time appear during the act of reading.  Overall, definitely sounding like it’s worth the $25 savings so far.  Current examples being highlighted by the pre-order site include “$10 for $20 Amazon.com Gift Card” and “$1 for an album in the Amazon MP3 Store (choose from over 1 million albums)”.

In order to make these ads less painful for people to swallow, and presumably more effective in reaching a target audience at the same time, Amazon will be opening up a service called AdMash.  AdMash will allow Kindle users to preview potential Kindle advertisements and vote on which ones they would like to see.  Those that make it through this user selection process will enter into the pool and have a chance to end up on your eReader.  The plan at present is to allow users to select certain categories that they would be more or less interested in seeing on a daily basis and weighting the displayed ads based on these expressed personal preferences.

If all goes well, for example, a user will be able to decide they really love beaches and see a lot of ads displayed across beach backgrounds.  While still theoretical at this point since nothing has gone live, I can’t really imagine that there will be any shortage of interested advertisers(depending on the pricing scheme of course, since this is a fairly unproven ad medium), so there should be room for variety.  I would even imagine that at least some people, specifically thinking about coupon enthusiasts, will be more interested in the potential for sale notifications and coupons than the existing screen savers anyway.

The implementation remains to be seen, and I’m interested in seeing how a couple things are resolves.  How does Amazon plan to guarantee that users access the Kindle’s WiFi often enough to keep the ads cycling, for example?  Also, is this planned as an international project, or will the current US-only offer stand alone?  Mostly, though, I’m curious how they will address the software issues, especially hacking.  Anybody familiar with this site knows that you’ll find the occasional way to tweak your Kindle.  This is something I think many of us take advantage from time to time.  How, then, will the ads mesh with things like the popular Kindle Screensaver Hack that users developed to get around the repetitive author portraits?  Also, assuming they have managed to find an effective way, will this mean a software update that will impair the user’s ability to play with these sorts of tweaks?  Lots of questions without answers as of yet, but I’m sure it won’t be long before we know more.

Jailbreaking the International Kindle

I was quite close to publishing similar findings myself but Jean-Yves Avenard beat me to it. It is now possible to create custom updates for International Kindle that runs firmware 2.2.* Fortunately there is no need for hardware changes

A little background information first. A while back Igor Skochinsky found serial console connector on Kindle 1 and reverse engineered scripts that Kindle uses to update it’s firmware. Since Amazon is paying for it’s wireless traffic they don’t push full firmware dumps as updates but rather compressed linux patches that only change the things that need to be changed and are relatively small. In Kindle 2 same scripts were used. The only thing that changed was device ID. This was to safeguard against installing update for wrong Kindle device rather than to prevent custom update installation altogether. Kindle DX was a similar story.

However it all changed when Kindle 2 International came out. There was a device ID change as well but updates still failed to install. Using debug commands that still worked (you need to type then in the home screen search box – they are quite harmless will not break your Kindle):

  • ;debugOn
  • ;dumpMessages

Amonng other housekeeping messages it returned the folloing lines:

091021:102422 EXT3 FS on mmcblk0p1, internal journal
091021:102422 system: I _otaupexec:def:processing update /mnt/us/update_tool.bin
091021:102422 system: I _otaupexec:def:version is “FC02”
091021:102422 system: I _otaupexec:def:update image checksum OK
091021:102422 system: E _otaupexec:def:signature does not exist for “tool.sh”
091021:102422 system: E _otaupexec:def:signature verification failed

So it looked like Amazon was signing update packages now. Worst case scenario would have been usage of asymmetric encryption keys like RSA that would be impossible to break until we have working full-scale quantum computers. Best case would be Amazon using something simple – like tar file scrambling that they are using to “encrypt” the whole update file.

I was trying to break into the Kindle via serial console that can be exposed by sliding the top plastic cover off the device but fried my Kindle in the process.

While I was waiting for the new device to arrive, mobileread.com member clarknova suggested using a tarbomb to break into the new Kindle. He assumed that new Kindle would still use the old code to extract files from the update before verifying the signatures. It proved to be true. A tarbomb exploits the fact that linux tar would extract anything that is given to it and might put it somewhere where package receiver didn’t intent it to go. For example older versions would honor relative paths, so if tarball contained file ../../etc/rc5.d/S00kill-code and most likely user would try to unpack the file in /home/username, the malicious file would go into /etc/rc5.d/ and get executed on the startup. While version of tar that is installed on Kindle discards parent directory references, it allows to unpack a symlink that points anywhere in the filesystem. This allowed to craft an update that would still fail to install but in the process would deposit a startup script that would unlock further access to Kindle internals.

Unfortunately Amazon did use the asymmetric encryption to sign the packages. Fortunately there is a very nice way around. Kindle doesn’t use just one key to verify the signature – it enumerates all key files in /etc/uks directory and if any of the keys yields a positive signature validation – the file passes the test. So Jean-Yves Avenard created a tarbomb that would add extra public key to that directory. He also modified Igor’s script to use corresponding private key to sign all the files in the package.

Nice thing about this mod is that it doesn’t change any files in Kindle filesystem, it just adds. So it will not cause checksum conflicts when installing official Amazon updates in the future. However if you use this jailbreak mod to install other updates like Unicode Font Hack, screensaver, savory, etc that DO change files then standard rules apply – official updates will fail and you’ll need to revert the hacks, install official update manually and then reinstall the hacks. Although I doubt that we’ll see many official Amazon updates anytime soon. I’ll make a separate post on this topic at some other time.

I’m pretty sure that in the next version of the device (International Kindle DX perhaps or whatever comes next), Amazon will fix this vulnerability and serial console might be required to install things on Kindle or perhaps some other security exploit. But for now here are specifics:

You can download the “jailbreak” update here. I’ve tested it on my Kindle and it works perfectly. It also contains the updated script to create your own packages. However I would strongly advise you to do it only if you really-really need to, really-really know that you are doing and are willing to brick your device. Several people were known to irreversible brick their Kindle eBook readers by experimenting with them. I bricked two so far trying to create unicode font hack – one US Kindle 2 a while back another Kindle 2 International recently.

So if you are not sure about what are you doing – stick to pre-canned hacks from verified sources that have been tested to work and have uninstallers available. These are relatively safe though again there is always a chance of something going wrong and hacking the Kindle absolutely does void the warranty.

I’ve tested the pre-canned screensaver hack that can be downloaded here and it does work perfectly.

To avoid having to jailbreak Kindle multiple times and creating potentially conflicting hacks I recommend to all Kindle modders out there to use Jean-Yves Avenard’s packager and private/public key pair for creating Internaional Kindle hacks. I’m going to use it for Unicode Font Hack myself.

Right after publishing this post I’m going to reorganize the Unicode Font Hack a bit and release a new version for all Kindle versions including the international one. Stay tuned!

Kindle DX Screensaver Hack

Folks at mobileread.com have updated their screen saver hack to work with Kindle DX. It allows you to replace default screen saver images (mostly of famous writers) that appear when Kindle goes into sleep mode with any set of images of your own choosing.

You can download binaries and source code here. Installation is very similar to other Kindle “feature enhancing” hacks:

Instructions for use:

1) Plug your Kindle DX into your computer.

2) Copy “update_DX_screensaverhack-install.bin” to the root of your Kindle DX.

3) Optional Steps:

3a) Change directories to the “system” folder.

3b) Create a new folder called “screen_saver”

3c) Place any 824×1200 PNG image files into the system\screen_saver folder that you just created.

6) Unplug your Kindle DX.

7) Press the “Menu” button on your Kindle DX and select “Settings.”

8) At the Settings page press “Menu” again and select “Update Your Kindle.”

9) When the “update” is done your Kindle DX will reboot and you are done.

If you choose not to do step 3, the system will create the system\screen_saver folder for you and place the default screen savers in it. You can then remove or replace these, or mix them with your own — it’s up to you.

To go back to the default Kindle DX screen savers:

1) Plug your Kindle DX into your computer.

2) Copy “update_DX_screensaverhack-uninstall.bin” to the root of your Kindle DX.

3) Unplug your Kindle DX.

4) Press the “Menu” button on your Kindle DX and select “Settings.”

5) At the Settings page press “Menu” again and select “Update Your Kindle.”

6) When the “update” is done your Kindle DX will reboot and you are done.

More Information:

You can change images at any time, but you must reset your kindle for them to appear (press and hold the slider for 15 seconds). If there are no images then a blank screen will be shown when you go into sleep mode.

As with the K2, JPG/PNG/GIF files all work . You can use JPG, PNG, GIF, any size, although obviously 824×1200 works best. Smaller images are anchored in the upper left corner.

If you would like to restore the original screen savers without removing the hack, simply delete the screen_saver folder and reset your kindle, and the folder will be recreated with the original images in it.

Any official kindle DX updates that patch the file will fail (gracefully) if this is installed (ie. 2.1 to 2.1.1). Use the remove procedure, to restore the default screen savers, then apply the official update, and all will be well.

This hack is compatible with Unicode Font Hack and you can install and uninstall both independently of each other.

Kindle 1 Screensaver Hack

There is a way to get custom images to display in Kindle 1 screensaver instead of standard ones that are supplied by Amazon. I found these instructions on MobileRead Wiki page:

To add your custom screen savers:

  1. Attach the Kindle to a computer using the USB cord.
  2. Using Windows Explorer (or whatever you use to see individual files/folders) , you should see a new drive called Kindle under My Computer. Go to that drive. (Or if you have an SD card in your Kindle, you can go to the SD drive.)
  3. Create a new folder called “pictures” and a subfolder called “screensavers” under it. Make sure both folder names are all lowercase.
  4. Copy your image files into the screensavers folder. Your pictures should be 600×800 pixels and black & white. I’ve only used .jpg files. Note: I’ve used .png files as well
  5. After copying is complete & it is safe, remove the Kindle from the USB connection.
  6. Go to your Home menu and press alt-z. This will create a new book called “screensavers” . Open it. You’ll see each of your pictures. You can advance through them with the prev. page and next page buttons. Note: The new book will appear at the END of your book list
  7. While viewing your pictures, look at the bottom of the Kindle screen. If you see your battery indicator & Menu prompt, press alt-F to go into Full Screen mode.
  8. On each photo, press alt-shift-0 (i.e., alt-shift-zero) . After a brief delay, you’ll get a message that your picture has been exported as screensaver. Click Close on the message.
  9. Navigate to each of the pictures you want to use and repeat the above step.
  10. When you’ve got all your pictures loaded, test them by going into & out of sleep mode. Alt-aA (i.e., alt-font size button) puts it to sleep & wakes it up again. Each time it sleeps, it should use a different image. If you see the same image all the time, relook at Step 3.

To remove your custom screen savers and restore the originals

  1. Attach the Kindle to a computer using the USB cord.
  2. Using Windows Explorer (or whatever you use to see individual files/folders) , go to your Kindle drive under My Computer.
  3. If you see a folder called system, skip this step. If you don’t see the system folder, click on the Tools menu & then Folder Options. Go to the View tab, and look at the Advanced Settings. Under Hidden Files and Folders, select Show Hidden Files and Folders. Click Apply, then OK. You should now see a system folder.
  4. Under the system folder, you’ll see a screen_saver folder. Delete all the files that are in that folder.
  5. After you disconnect from the USB, you may see your last custom screensaver one more time, but after that it will revert back to the pre-loaded Kindle screensaver images

I’ve tried these instructions on Kindle 2 with no effect other than freezing the picture viewer and having to soft reboot the device. Please read my other post on how to hack screensaver in Kindle 2.

Please realize that these hacks can potentially void your warranty.

Kindle 2 Screensaver Hack

For people who wanted to replace author pictures in Kindle 2 Screensaver with any pictures of their own there is now a solution. clarknova from MobileRead Forums created a custom update that allows you to replace Amazon-supplied pictures that are shown when Kindle 2 goes to sleep with any pictures of your own.

Before you continue with instructions below, please understand that you are doing it at your own risk and this can potentially void your warranty. On the bright side, the update seems small, straightforward and reversable and several people (myself included – see pictures below) have successfully applied it to their devices.

Important thing to remember is that this update changes some configuration files. Official Amazon updates verify file checksums before installing. So while you have this hack installed updates that would try to change the same file will fail. Solution is to reverse this hack (instructions below), apply Amazon update and then reapply the hack.

Before proceeding you may want to take a look at “Updating Kindle Software Post” and make sure that you have the most recent software on your Kindle.

To enable custom screensavers:

  1. Download kindle_screensaver_hack-0.3.zip. This seems to the latest version now and I’ll try to keep this post updated with more versions as they become available.
  2. Unpack it.
  3. Connect your Kindle to your PC via USB. Go to the Kindle drive (usually K:\)
  4. If you don’t see system folder, you need to configure Windows to show hidden files and folders. Otherwise go the next step.
  5. Go to the \system folder and create screen_saver subfolder in it.
  6. Copy all of the images you want your screensaver to randomly cycle tough. Both PNG and JPEG formats are OK. While Kindle will resize images it’s best to resize them to 600×800 beforehand. Definitely don’t try putting 10 megapixel photos from your camera there as screensaver would then take long time to load and image will not display right. Good freeware tool to edit images is Paint.NET
  7. Copy Update_kindle2_user_screen_savers.bin that you’ve unpacked in step 2 to the root directory of your Kindle 2.
  8. Unplug the USB cable.
  9. Press “Menu”, select “Settings”, press “Menu”, select “Update Your Kindle”.
  10. It normally should take under a minute to update and reboot your Kindle. And you’re done!

If you did everything right you should see the following in at the bottom of your settings screen.

kindle-screensaver-hack-version

kindle-screensaver-hack

To revert to standard screensavers:

  1. Connect your Kindle to your PC via USB. Go to the Kindle drive (usually K:\)
  2. Copy Update_kindle2_restore_default_screen_savers.bin to the root directory of your Kindle 2.
  3. Unplug the USB cable.
  4. Press “Menu”, select “Settings”, press “Menu”, select “Update Your Kindle”.
  5. It normally should take under a minute to update and reboot your Kindle. And you’re done!
  6. If you want to disable custom screensavers for good rather than temporarily disable the hack to install Amazon Update, you may want to delete the \system\screen_saver directory you’ve created before. Be extra careful not to delete anything else in the \system directory!

Wikimedia.org may be a good place to stock up on nice copyright-free images.

If you try this hack, please take a minute to post your experience in the comments as I”m sure most people who read this post will be interested in them.