Thursday, December 24 2009
Tuesday, December 22 2009
This is for educational purposes only! I just did this to get it working not for
abusing the Kindle's Internet capabilities.
First enable USB networking, if you have firmware 2.3 than see my
older post here. Now you can login to your Kindle 2 via SSH.
Copy tcpdump to your Kindle 2. Login to the Kindle and run tcpdump -nAi ppp0 -s0
than browse the web using your Kindle's web browser. Search the output of tcpdump for the x-fsn header. The x-fsn header seems to be used for authenticating to the Kindle HTTP proxy (fints-g7g.amazon.com).
HTTP header as sent to the proxy by the Kindle's browser (NetFront):
GET http://www.heise.de HTTP/1.1
Accept: image/png, image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
User-Agent: Mozilla/4.0 (compatible; Linux 2.6.22) NetFront/3.4 Kindle/2.3 (screen 600x800; rotate)
Accept-Encoding: deflate, gzip
Install the Modify Headers Firefox plugin. The plugin allows to add arbitrary HTTP headers to
Firefox. Now add the x-fsn header with the value observed through looking at your own traffic.
Finally login and port forward a local port on your computer to Amazon's Kindle proxy (fints-g7g.amazon.com = 8099:126.96.36.199). Do this via:
ssh -L 8099:188.8.131.52:80 email@example.com. Now configure a HTTP proxy in your Firefox preferences (127.0.0.1 at 8099).
Now you should be able to browse the web using your Kindle's 3G connecting. Of course you shouldn't do this regularly, just once for the fun.
Friday, December 18 2009
Monday, December 07 2009
Today I've done some hacking on my Kindle 2. I have done this and that nothing really cool yet. The first thing I needed to do was to re-enable USB networking since this is disabled in 2.3. The link below enables SSH and telnet on the 2.3 firmware. The second link
is a presentation from OSCON, the interesting things are the infos about the framebuffer and the keyboard. Have fun!
Re-enable usbNetwork on Kindle 2 firmware 2.3 usbnetwork23-0.10.tar.gz
Hacking your Kindle a talk from OSCON.
so I was quite busy with various projects therefore this update
is really really late.
The most interesting thing that happened recently was the
jailbroken iPhone SSH fuck up. See: 1 and 2. There are many other stories on this all over the net, also
by now this is kind of old. The interesting thing actually is that I investigated
this jailbroken iPhone SSH problem in August of this year. Including a nice statistic and some measurement. I'm planning to show this stuff together with
some other work at some conference (academic and hacker) next year (talks/papers are submitted).
Conferences, I attended DeepSec in mid November, this was great fun. Including some good mobile phone security talks. At the upcoming 26C3 there will also be a bunch of talks on mobile phone security. Location tracking does scale up, GSM: SRSLY?, Playing with the GSM RF Interface, Using OpenBSC for fuzzing of GSM handsets, and SCCP hacking, attacking the SS7 & SIGTRAN applications one step further and mapping the phone system.
I actually planed to not attend 26C3 because last year kind of sucked, especially because there were way too many people. So this year I will go to some talks but not hangout at the conference. If you want to hangout during CCC give me a call or write me an email. Although my talk on SMS fuzzing was rejected I recently was asked if I would do it if they find a spot in the schedule. Of course, I would do it.
Recent papers: iPhonePrivacy.pdf shows some privacy issue with the iPhone platform. Nothing really surprising, but a good read.
I know I missed several things in this post but I kind of have info overkill in the last weeks. Please send me hints hints hints!!!