From Zero to Root in Sixty Minutes: Kindle Keyboard

If you ever wanted to do this, rooting is for you. This exhaustive tutorial documents the precise instructions for rooting the old e-Ink Kindles, such as Kindle Keyboard 3. A MOBI version of this tutorial is available for download, in case your Internet connection cuts out.

Photo: Kindle 3 running Pokemon Yellow

Requirements

  • Kindle Keyboard v3 or lower. Kindle Fire and other devices have their own root tutorials.
  • Kindle battery should be at least 1/2 charged, for applying updates.
  • A WiFi access point, such as a home router, for connecting to the SSH server that will run on the Kindle.
  • Desktop SSH client such as OpenSSH or PuTTY.
  • A Python installation, for running the root password recovery script.

Recommended

  • Some familiarity with running command line instructions
  • A reliable Internet connection for Googling troubleshooting articles
  • Backing up your ebooks, on your desktop computer, online, or elsewhere; in case your Kindle is bricked.

Step 1: Jailbreaking

Jailbreaking allows custom utilities to be installed on the Kindle, running as if they were officially supported background services.

  1. Download and extract the zipped jailbreak files.
  2. Write down your Kindle serial number and firmware number, available in Menu -> Settings -> Device Info.
  3. Match your serial number to your Kindle model name and version.
  4. Match your firmware version to an update… .bin file.
  5. Connect your Kindle to your desktop computer with a micro USB to USB cable.
  6. Drag & drop the update… .bin file onto the Kindle drive. The file should be placed in the main drive directory, not inside a folder.
  7. Apply the update with Menu -> Settings -> Update Your Kindle.
  8. The device will reboot and attempt to install the jailbreak update. If the update fails, double-check your firmware version and consider using a different update… .bin file.
  9. If your Kindle ever receives an official Amazon firmware update, you will need to repeat the jailbreaking process all over again.

Step 2: Install Kite

Kite is an application launcher that creates shortcuts on the Kindle home screen, used in Step 4: Install a Home Screen App (“Kindlet”).

  1. Apply the kite update just as you applied the jailbreak update.
  2. Kite will create home screen launchers for any shell scripts placed in YOURKINDLEDEVICE/kite/. Launchers will appear as ordinary PDF books, but kite will ensure that they actually open as apps.
  3. Shell scripts should be ASCII-encoded, with Unix (LF) line endings, have executable (chmod a+x somescript.sh) and prefaced with a standard shebang (#!/bin/sh).

Step 3: Setup the SSH server

An SSH server allows you to run commands and transfer files remotely onto your Kindle from another computer.

The usbnet update hack enables a secret debugging mode that treats the Search bar as a debugging console for entering commands. A brief ~usbNetwork command starts a Dropbear SSH server running on the Kindle, allowing for remote root shells. While the search bar allows root commands to be run with ~exec, typing potentially dangerous commands on an e-Ink screen is less than ideal, so we use SSH.

Note that the debugging console is mutually exclusive with the Kindle operating as a removable USB drive; you can’t do both at the same time.

  1. Apply a usbnetwork update just as you applied the jailbreak update.
  2. When the device finishes rebooting, open  YOURKINDLEDEVICE/usbnet/etc/config for editing with a text editor.
  3. Replace the line K3_WIFI=”false” with K3_WIFI=”true”. This enables the SSH server over WiFi, much easier to use than SSH over USB. Save the changes to the config file.
  4. Reboot the Kindle for the changes to take effect.

Once the SSH server is configured this way, it can be enabled and disabled at will:

Enabling the SSH Server

  1. Connect the Kindle to the same WiFi network as the SSH client will be using.
  2. Write down the Kindle’s IP address. The IP Address is listed in the secret 711 menu, accessed by Settings -> 711 (or Alt+U Alt+Q Alt+Q). The IP address is on the second page (Next Page Button).
  3. You may want to test the network connection between your desktop computer and your Kindle. The Kindle blocks ping requests, but it does respond normally to arping. For example, in Mac OS X:
    $ brew install arping
    ...
    $ sudo arping YOUR.KINDLE.IP.HERE
    60 bytes from 90:a4:de:da:18:fb (192.168.1.74): index=0 time=65.683 msec
    60 bytes from 90:a4:de:da:18:fb (192.168.1.74): index=1 time=89.113 msec
    60 bytes from 90:a4:de:da:18:fb (192.168.1.74): index=2 time=118.289 msec
    ...
  4. On the Kindle, turn on the special debug mode by typing ;debugOn in the Search box and pressing the Enter key. To confirm that everything is working at this point, you can type ~help (or `help on Kindle 2 and below) to see a list of debugging commands. Assume Kindle 2′s always use backtick (`) instead of tilde (~).
  5. Switch from USB drive mode to USB debug mode by typing ~usbNetwork and pressing Enter.
  6. Determine your root password via kindle-root-password.py. Example:
    $ python kindle-root-password.py A0A0A0A0B0B0B0B0C0C0
    fiona754b
  7. On your desktop computer, connect to the Kindle SSH server.
    $ ssh root@YOUR.KINDLE.IP.HERE
    fionaTHERESTOFYOURPASSWORDHERE
    Welcome to Kindle!
    
    #################################################
    #  N O T I C E  *  N O T I C E  *  N O T I C E  #
    #################################################
    Rootfs is mounted read-only. Invoke mntroot rw to
    switch back to a writable rootfs.
    #################################################
    
    [root@kindle root]#
  8. Enter mntroot rw to enable read-write support.
  9. Use scp or pscp to copy over apps. Kindle programs are typically installed in /mnt/us.

Disabling the SSH Server

  1. Entering ~usbNetwork in the Kindle Search bar will toggle the SSH server back off, as well as restoring normal USB file transfer ability.
  2. Enter ;debugOff to turn off the debugging commands for now.

Step 4: Install a Home Screen App (“Kindlet”)

Once kite and usbnet/ssh are setup, installing a new application and configuring a home screen shortcut are as easy as editing shell script files.

  1. For example, use scp to copy fbgnuboy into /mnt/us/.
  2. Copy a rom such as pokemon-yellow.gb (you’re on your own) to /mnt/us/.
  3. Create a shell script pokemon-yellow.sh with executable permissions and either drag & drop into the kite/ folder (remember to toggle ~usbNetwork back off to restore USB file transfer).
    #!/bin/sh
    
    /usr/bin/killall -stop cvm
    /mnt/us/fbgnuboy /mnt/us/pokemon-yellow.gb
    /usr/bin/killall -cont cvm
  4. kite will automatically create a dummy PDF book called pokemon-yellow.sh.pdf on the home screen. When opened, the “book” automatically runs the shell script, starting Pokemon Yellow.

Photo: Kindle 3 running Pokemon Yellow

Currently, there is no sound support in the emulator. But it’s still pretty amazing that this is even possible. Feel free to reply to the MobileRead Game Boy forum thread if you have any questions or comments.

About these ads

2 responses to “From Zero to Root in Sixty Minutes: Kindle Keyboard

  1. Your link for kindle-root-password.py appears broken.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s