Introduction

I’ve just received my first E-reader – a new Kindle Touch (5th generation) – and of course the first thing I’m going to do is hack it. Perhaps this can serve as a guide for anyone else who wants to do the same (but don’t expect support when you’ve turned your Kindle into a brick).

Objectives

• Get shell access to the Kindle
• Permanently allow SSH access over wireless
• Disable “big brother” features (transferring of logs to Amazon)
• Install custom screensaver images
• Have fun

Some of these hacks are specifically written about earlier versions of the Kindle, but with some tweaking we should be able to get most of them working on the Kindle Touch.

First thing’s first: Let’s get shell access.

Thanks to Yifan Lu and others, this part is easy. Use their “jailbreak” and USB networking updates to get shell access. After downloading and extracting the jailbreak and USBnet archives, it’s as simple as this:

1. Connect your Kindle Touch to your PC

2. Copy jailbreak.mp3 to the ‘music’ folder, and copy update_simple_usbnet_1.1_install.bin to the root (top) folder.

3. Eject the Kindle Touch from your PC

4. Play the jailbreak.mp3 file by going to Menu -> Experimental -> MP3 Player -> Press to Jailbreak!

5. After rebooting, find the “tap to search” box at the top of the home page, and type ;un password PASSWORD_HERE and press enter (where PASSWORD_HERE is your new root password).

6. Connect via SSH as root (if you’re on Windows, use a tool like PuTTY). You can now connect in either of two ways:

   1. USB networking: Set your computer’s IP to 192.168.15.1 and connect to the Kindle using the IP address 192.168.15.244.
   2. Wireless: I opted to just connect over wireless, and was able to find the Kindle’s IP address (which was assigned by DHCP) in my router’s device list page.

If everything has gone as it should have, you will now have root access to your hardware.

Note: After starting USB networking, you will not be able to use the Kindle as a USB drive until you turn off USB networking. To toggle USB networking, type ;un in the “tap to search” box.

Making it permanent

The only thing limiting you from permanent SSH access now is the iptables firewall. If you’d like root SSH access even after you reboot the Kindle, you can change the firewall configuration to allow incoming SSH connections. Be sure that you have a secure root password.

Firstly, you must make the root filesystem writable. You can do this by using mntroot rw. On to the firewall rule: make a backup of /etc/sysconfig/iptables and then add these two lines to the bottom of the original:

# Allow incoming SSH connections over wifi
-A INPUT -i wlan0 -p tcp --dport ssh -j ACCEPT

Finally, you can make the root filesystem read-only with mntroot ro. At this point, you may want to reboot your Kindle and double check that this has succeeded (do this by typing reboot at the shell).

Removing big brother features

We can now start modifying the behavior of our Kindle. I’m going to start by disabling certain functionality: according to this thread on the MobileRead forums, the Kindle sends verbose logs to Amazon, including what books you’re reading, what Kindle features you’re using, and even where you are. I’ve looked on the logs on my Kindle and even found wireless connection information including the SSID and MAC address of the wireless access point I’m connected to.

Fortunately, fixing this was very easy. Follow these steps:

1. Connect via SSH and run mntroot rw to allow you to overwrite files.
2. Download (via any SCP client, such as WinSCP), the file /usr/bin/showlog.
3. Open this file in a text editor and find all locations where OUTFILE is set. Search for the term OUTFILE=, and for each of them, change the value to /dev/null.
4. Send the showlog file back, overwriting the old file.
5. Finally, make the filesystem read-only with mntroot ro.

For me, I had to make 4 changes:

line 121 OUTFILE=/dev/null
line 174 OUTFILE=/dev/null
line 184 OUTFILE=/dev/null
line 193 OUTFILE=/dev/null

Note that it may be different on your Kindle (depending on the version; my Kindle is currently running 5.0.0).

Custom screensaver images

On a Kindle Touch without special offers, you can use any grayscale 600x800 PNG image as your screensaver.

1. Ensure that the images follow the correct naming convention (bg_xsmall_ss##.png where ## is a number 00 to 99. Start at 00 and increment the number.)
2. Run mntroot rw
3. Copy images (using an SCP client) to /usr/share/blanket/screensaver/. You can move, rename, or delete existing images.
4. Run mntroot ro
5. Reboot the Kindle (by running reboot) – you should then see your own screensaver images.

A good source for Kindle screensavers is the Kindle Wallpapers tumblr – note that I had to convert the images to PNG in order to use them.

Other possibilities

Many other hacks are possible now that you have USB networking as well as root access to your Kindle. Check the comprehensive list of Kindle hacks and modifications for some inspiration.

Resources

• Kindle Touch (5.0) Jailbreak/Root and SSH
• for KSO: remove ADs and change screen saver
• Fonts & ScreenSavers Hacks for Kindles
• Kindle Touch 5.0 Jailbreak
• Disable BigBrother features
• Kindle wallpapers
• Comprehensive List of Kindle Hacks/Modifications
• Installing Luigi Rizzo’s Standalone Kindle Terminal
• enable SSH via Wifi
• Hack removes ads from Kindle ‘Special Offers’ hardware