Kindle Touch Hax #1: Personalised USB-connect Screen

Behold, my new Kindle Touch, an extremely kind gift from my family to me:

A picture of a Kindle Touch showing a watermark under the usual "USB Drive Mode" display. The watermark warns that the device is the property of Cathal Garvey and was not sold or given, and asks the reader to return it via contact details given.

But what is this? At the bottom of the screen, there’s a message declaring my ownership! That’s not normal for Kindle Touches. It’s a little trick I’ve pulled off thanks to Yifan Lu’s awesome work towards Jailbreaking the Kindle Touch.

Essentially, Lu discovered that the Kindle executes native code embedded in the metadata of mp3 files, and used this fact to install a developer’s key and a basic SSH server on the Kindle Touch. His hack allows you to log into what is basically a small linux device and change the system at will.

If you want a jailbroken Kindle Touch, simply follow Lu’s instructions; download the mp3, and then play it using the mp3 player found under the “Experimental” section of the Kindle Touch menu. Playing the mp3 will install the jailbreak, SSH, and remove the mp3. From there, you have all the power in the world to improve, modify or ruin your Kindle using SSH to login as “root”, the super-user at the core of every Linux distribution.

To merely create an ownership notice of your own, follow the enumerated instructions below on a Jailbroken Kindle Touch. I could make these instructions far smaller by getting the relevant file for you, but then you wouldn’t be learning the how and why of SSH, would you? ;) Perhaps someday I’ll repackage this as a friendly mp3 file or shell script you can execute mindlessly, but for now I have more exploring/modding to do..

  1. Prepare a password for SSH by tapping the search bar on the main screen and typing (without quotes) “;un password PASSWORD”, where “PASSWORD” is the password you want. i.e. if you want your password to be “SunshineBananasWensleydale” then you should type “;un password SunshineBananasWensleydale
  2. Enable usbnetwork on your Kindle by tapping the search bar on the main screen and typing (without the quotes) “;un
  3. Using a linux computer (use an Ubuntu livecd if you use another system), plug the kindle into the USB drive. With usbnetwork enabled, the kindle should appear as an automatic network connection*.
  4. Open up terminal and type “ssh root@192.168.15.244” . When asked if you trust the server/device, type “yes” or whatever it suggests to accept. When prompted for a password, provide the password you set in step 1.
  5. You will be logged in as “root” in an empty folder. For rewrite access, you will need to type “mntroot rw”; do this now, and be careful what you type afterwards or you may brick your device (worst case scenario, but possible).
  6. The USB-connected image is located in_ /usr/share/blanket/usb/_, and it is called “_bg_xsmallusbconnect.png”. The part of the kindle that you can access freely by USB (where you load books/music etc.) is at_ /mnt/base-us/_. So, to get a copy of the file you can work with, type (without quotes): “_cp /usr/share/blanket/usb/bg_xsmall_usbconnect.png /mnt/base-us/bg_xsmallusbconnect.png
  7. This has copied the “USB connected” screen to the folder you see when you mount the kindle for document loading/removal. So, to access this with an image editor, type “exit” to close the SSH session, unplug the kindle, and in the search bar at the main screen type “;un” to disable usb networking.
  8. Now that usb networking is disabled, you can plug the Kindle back into the USB drive again and it should appear as a drive as it normally does. There in the root directory should be the “_bg_xsmallusbconnect.png” image.
  9. Edit this file using an image editor, but bear in mind the following:
    1. Do not change the resolution
    2. Only use black and white
    3. Some text and a battery icon is displayed by the kindle; keep your text at the bottom, and keep it small. You have about an eighth of the screen to work with.
  10. When the image is ready, save it under the same name, and dismount/safely remove and unplug the kindle.
  11. Re-enable usb networking by typing “;un” into the search bar in the main screen, then plug back into the linux PC.
  12. Re-connect via SSH as in step 4, and remount the file system as writable as in step 5.
  13. Back up the original file by typing “mv /usr/share/blanket/usb/bg_xsmall_usbconnect.png /usr/share/blanket/usb/backup_bg_xsmall_usbconnect.png”
  14. Copy over the new file by typing “cp /mnt/base-us/bg_xsmall_usbconnect.png /usr/share/blanket/usb/bg_xsmall_usbconnect.png”
  15. Type “exit” to close the SSH session, unplug, type “;un” in the search bar at the main screen to disable usb networking, and plug back in. When the screen for “USB Drive Mode” appears, your new image should appear!

*Alternative networking route: If you can’t get the USB connection to work, USBnetwork also enables WiFi login for SSH. However, to get the IP address for your Kindle, you’ll need to consult the client list on your home wifi router and compare the MAC addresses of the clients connected to the MAC address of your Kindle, accessible from Menu->Settings->Menu(Again)->Device Info. Then connect to “root@www.xxx.yyy.zzz”, substituting the IP address for wxyz.