←back to thread

Let's put Tailscale on a jailbroken Kindle

(tailscale.com)
327 points Quizzical4230 | 1 comments | 08 Dec 25 16:34 UTC | HN request time: 0s | source
Show context
Havoc ◴[08 Dec 25 16:56 UTC] No.46194646[source]
> is available for all but the most up-to-date Kindles

Bought one from eBay to try it out. Silly me connected it to wifi and suddenly it’s up to date and no longer breakable

replies(6): >>46194904 #>>46197074 #>>46197742 #>>46198837 #>>46199395 #>>46205470 #
jsheard ◴[08 Dec 25 17:17 UTC] No.46194904[source]
If you want a cheap rooted eReader I think you're better off getting a Kobo instead, they don't officially support rooting but AFAICT they make basically no effort to prevent it.
replies(7): >>46195120 #>>46195628 #>>46195935 #>>46196824 #>>46197561 #>>46198264 #>>46198713 #
enthdegree ◴[08 Dec 25 19:58 UTC] No.46196824[source]
The latest Kobos use MediaTek SoCs with locked bootloaders. The Kobo Clara BW's MT8113, for example. As far as I know, one of the early bootloaders it, BL1, refuses to execute the next bootloader (BL2) unless its signature is valid. We can get the device into a mode where BL1 waits for upload of a BL2 via USB using an exploit called Kamakiri, but in public there is neither an exploit to get BL1 to boot an arbitrary BL2, nor an authorized BL2 image to upload. See here: https://github.com/bkerler/mtkclient/issues/1332

Kobo devices have root exposed but don't let users boot their own kernels (and the kernel they ship was not compiled with kexec either).

I really don't know the reason so many devices these days don't have an unlock method. It seems predatory. Who knows where in the chain this happens... maybe it's Kobo, or maybe MediaTek won't sell you their SoCs for mass-market devices unless you lock them.

replies(4): >>46197163 #>>46197491 #>>46199272 #>>46209618 #
1. enthdegree ◴[09 Dec 25 19:43 UTC] No.46209618[source]
The details in this comment are messed up and shouldn't be taken as authoritative.

- Getting the device's BL1/BROM into download mode (where it waits for an upload of a Preloader/BL2 from outside), for these devices itself does not involve exploits. Kamakiri is an exploit in the upload process that gives an execution point at that stage.

- The BROM on Kobos (at least the old ones, P365's) don't have security enabled as far as I know. (Unless somehow they are lying to us when we ask, which there is no evidence of). They only do some integrity checks (header magic #s, checksums).

- Security on Kobos happens down the chain, starting at the Little Kernel apparently jumped to from the Preloader. I am still learning about the Clara BW's boot process.