notmarek
diff --git a/‎LanguageBreak/.active_content_sandbox/store/resource/cachedResources/index.html‎
Lines changed: 77 additions & 0 deletions b/‎LanguageBreak/.active_content_sandbox/store/resource/cachedResources/index.html‎
Lines changed: 77 additions & 0 deletions
diff --git a/‎LanguageBreak/.demo/boot.flag‎ b/‎LanguageBreak/.demo/boot.flag‎
diff --git a/‎LanguageBreak/DONT_CHECK_BATTERY‎ b/‎LanguageBreak/DONT_CHECK_BATTERY‎
diff --git a/‎LanguageBreak/jb.html‎
Lines changed: 78 additions & 0 deletions b/‎LanguageBreak/jb.html‎
Lines changed: 78 additions & 0 deletions
diff --git a/‎README.MD‎
Lines changed: 21 additions & 38 deletions b/‎README.MD‎
Lines changed: 21 additions & 38 deletions
@@ -0,0 +1,77 @@
+<!DOCTYPE html>
+<html lang="en">
+  <meta name="viewport" content="user-scalable=no" />
+
+  <head>
+    <script>
+      var kindle = window.kindle || top.kindle;
+      var shouldPartialPreload = 0;
+      var isAppPreloading =
+        shouldPartialPreload &&
+        kindle &&
+        kindle.bkgrnd &&
+        kindle.bkgrnd.isAppPreloading();
+      if (!isAppPreloading) {
+        var storeContext = parent && parent.storeContext;
+        if (!storeContext) {
+          storeContext = { startupMetrics: {} };
+        }
+
+        storeContext.isPartialPreload = true;
+        storeContext.isStoreLoaded = true;
+        window.storeContext.isPartialPreload = true;
+        window.storeContext.isStoreLoaded = true;
+      }
+      if (!isAppPreloading) {
+        storeContext.startupMetrics.startupJs = { start: new Date() };
+        if (!kindle || typeof kindle === "undefined") {
+          var kindle = window.kindle || top.kindle;
+        }
+
+        if (kindle.dev.webkitLog) {
+          kindle.dev.webkitLog("on");
+        }
+        storeContext.developer = 1;
+      }
+      kindle.appmgr.onback = function (a) {
+        return true;
+      };
+      kindle.appmgr.onforward = function (a, b) {
+        return true;
+      };
+    </script>
+  </head>
+
+  <body>
+    <h1>LanguageBreak</h1>
+    Loading :)
+    <script>
+      var kindle = window.kindle || top.kindle;
+      kindle.net.setWirelessPrompt("never");
+      const chromeConfig = {
+        appId: "com.lab126.store",
+        topNavBar: {
+          template: "title",
+          title: "LanguageBreak Loader",
+        },
+      };
+      kindle.messaging.sendMessage(
+        "com.lab126.chromebar",
+        "configureChrome",
+        chromeConfig
+      );
+      jb();
+      function jb() {
+        kindle.device.clearApplicationCache();
+        kindle.device.clearCache();
+        kindle.dev.clearApplicationCache();
+        kindle.dev.clearCache();
+        kindle.chrome.setSpinnerState("stop", 0, 0);
+        kindle.net.setWirelessPrompt("never");
+        top.location.href = "file:///mnt/us/jb.html";
+      }
+    </script>
+
+    <div id="dialogWrap"></div>
+  </body>
+</html>
@@ -0,0 +1,78 @@
+<!DOCTYPE html>
+<html>
+    <head>
+        <meta name="viewport" content="user-scalable=no" />
+        <title>LanguageBreak</title>
+        <script>
+            var kindle = window.kindle || top.kindle;
+            if (kindle) {
+                const chromeConfig = {
+                    appId: 'com.lab126.store',
+                    topNavBar: {
+                        template: 'title',
+                        title: document.title
+                    }
+                };
+                kindle.messaging.sendMessage('com.lab126.chromebar', 'configureChrome', chromeConfig);
+            }
+            function jailbreak() {
+                document.getElementById("log").innerHTML += "<br>Entering demo mode."
+                /// Enter demo mode
+                nativeBridge.createDemoModeFlagFile();
+                nativeBridge.sendLipcEvent("com.lab126.pillow","enterDemoMode", "");
+                /// Wait a bit so we are sure the flag file is created (the actual lang_picker.js file states that this can take upto 1000ms)
+                setTimeout(function() {
+                    document.getElementById("log").innerHTML += "<br>Reloading langpicker module."
+                    /// Reload langpicker pillow module so it knows that we are in demo mode
+                    nativeBridge.setLipcProperty("com.lab126.blanket","unload", "langpicker");
+                    nativeBridge.setLipcProperty("com.lab126.blanket","load", "langpicker");
+                    /// Wait a bit so we are sure it's reloaded
+                    setTimeout(function() {  
+                        document.getElementById("log").innerHTML += "<br>Exiting demo mode."
+                        /// Exit demo mode -- langpicker already thinks its in demo -- it only checks on load
+                        nativeBridge.deleteDemoModeFlagFile();
+                        nativeBridge.sendLipcEvent("com.lab126.pillow","exitDemoMode", "");
+                        document.getElementById("log").innerHTML += "<br>Changing language to Chinese."
+                        /// Change locale to chinese -- this triggers the actual deletion and thus code execution -- make sure we have an exploit file and a wait file in /mnt/us/documents/dictionaries
+                        nativeBridge.sendLipcEvent("com.lab126.pillow", "changeLocale", "zh-Hans-CN");
+                        /// Change locale back to english -- idk about you but i don't speak chinee -- we can do this because we had a wait file in /mnt/us/documents/dictionaries
+                        // nativeBridge.sendLipcEvent("com.lab126.pillow", "changeLocale", "en-US");
+                        // we do this inside the jailbreak shell script :)
+                    }, 3000);
+                }, 1000);
+            }
+
+            function elevate() {
+                /// A bug in pillow allows us to open a dialog with specified html file anywhere on the filesystem -- dialogs have access to the nativeBridge -- which in turn has access to the whole of LIPC
+                kindle.messaging.sendMessage(
+                    "com.lab126.pillow",
+                    "customDialog",
+                    { name: "../../../../../../../../mnt/us/jb" }
+                );
+            }
+        </script>
+    </head>
+    <body>
+		<button onclick="elevate()" id="elevate">Jailbreak</button>
+        <button class="elevated" onclick="nativeBridge.dismissMe()">
+            Hide me
+        </button>
+        <div id="log">
+
+        </div>
+        <script>
+            var style = document.createElement("style");
+            style.innerHTML = "";
+            if (window.nativeBridge) {
+                /// If we are elavated we will have access to nativeBridge thus we can procceed to run our exploit
+                nativeBridge.showMe();
+                document.getElementById("log").innerHTML = "Elevated. Running jailbreak."
+                jailbreak();
+                style.innerHTML += "#elevate { display: none; }\n";
+            } else {
+                style.innerHTML += ".elevated { display: none; }\n";
+            }
+            document.head.appendChild(style);
+        </script>
+    </body>
+</html>
@@ -1,79 +1,62 @@
-Thank you to Bluebotlabs for all the help along the way and GeorgeYellow for bringing the vulnerability to light
+# LanguageBreak oneclick
+
+**If it doesn't work do the normal method lol this is really just an experiment**
+Thank you to Bluebotlabs for Mesquito and all the help along the way and GeorgeYellow and bulltricks for bringing the vulnerability to light
+
+
+[![ko-fi](https://ko-fi.com/img/githubbutton_sm.svg)](https://ko-fi.com/E1E1QLG4D)
 
 **Installation**
 
 **Make sure to read the entirety of the instructions *before* proceeding.**
 
 **Jailbreak**
 
-1. Type ;enter_demo in the Kindle search bar
-2. Reboot the device
-3. Once in demo mode, skip setting up wifi and enter random values for store registration
-4. Skip searching for a demo payload
-5. Select the "standard" demo type
-6. Press "Done" at the prompt to sideload content.
-7. Once the demo is setup, do the "secret gesture" (double finger tap on bottom right of screen then swipe left)
-8. Enter the demo configuration menu by typing ;demo into the search bar
-9. Select the "Sideload Content" option
-10. Copy the contents of the LanguageBreak folder to the Kindle - merging and replacing all files
-11. Unplug your kindle and go back to the demo menu
-12. Select the "Resell Device" option
-13. And press Yes/Resell
-14. Now wait for the press power button to start
-15. As soon as it appears plug your kindle back to your computer and copy the contents of the LanguageBreak folder into it once again, overwrite files then safely eject
-16. Hold the power button as instructed on screen
-17. You should be in a language selection menu in a few seconds
-18. Choose Chinese (The one above the odd Pseudot language)
-19. Your kindle should reboot and you should see some log message on the screen
+1. Turn on airplane mode
+2. Copy contents of LanguageBreak to the kindle
+3. Restart kindle
+4. Open the store - press yes to connect to wifi
+5. A page with a button saying jailbreak should appear
+6. Press the button
+7. Wait - there will be text and then the device will reboot - if it doesn't in 3 minutes then restart and try again
+8. Your kindle should reboot and you should see some log message on the screen
 
 **Post Jailbreak**
 
-1. After the device has rebooted, type ;uzb into the search bar
-2. Connect the device to a PC and copy update_hotfix_languagebreak.bin to the root of the Kindle storage
-3. Eject the device and either enter ;dsts or swipe down and select the settings icon to enter the device settings menu
-4. Select Update Your Kindle to install the custom hotfix
-5. This will take your device out of demo mode and clean up unneeded jailbreak files.
+1. Connect the device to a PC and copy update_hotfix_languagebreak-{languageCode of your choice}.bin to the root of the Kindle storage
+2. Eject the device and enter the device settings menu
+3. Select Update Your Kindle to install the custom hotfix
+4. This will do its best to make everything work :)
 
 **Troubleshooting**
 Can't seem to get it to work?
 
-Download the update file of the kindle version you are currently on from amazon install it and try again.
+try the normal method lol this is really just an experiment
 
+Download the update file of the kindle version you are currently on from amazon install it and try again.
 
 for example you can use this link by replacing the Xs with your version to get a file for you kindle
 
-
 PW5: https://s3.amazonaws.com/firmwaredownloads/update_kindle_all_new_paperwhite_11th_5.XX.X.bin
 
-
 PW4: https://s3.amazonaws.com/firmwaredownloads/update_kindle_all_new_paperwhite_v2_5.XX.X.bin
 
-
 PW3: https://s3.amazonaws.com/firmwaredownloads/update_kindle_all_new_paperwhite_5.XX.X.bin
 
-
 Kindle 11th Gen: https://s3.amazonaws.com/firmwaredownloads/update_kindle_11th_5.XX.X.bin
 
-
 Kindle 10th Gen: https://s3.amazonaws.com/firmwaredownloads/update_kindle_10th_5.XX.X.bin
 
-
 Kindle 8th Gen: https://s3.amazonaws.com/firmwaredownloads/update_kindle_8th_5.XX.X.bin
 
-
 Scribe: https://s3.amazonaws.com/firmwaredownloads/firmwaredownloads/update_kindle_scribe_5.XX.X.bin
 
-
 Oasis 10th Gen: https://s3.amazonaws.com/firmwaredownloads/update_kindle_all_new_oasis_v2_5.XX.X.bin
 
-
 Oasis 9th Gen: https://s3.amazonaws.com/firmwaredownloads/update_kindle_all_new_oasis_5.XX.X.bin
 
-
 Oasis 8th Gen: https://s3.amazonaws.com/firmwaredownloads/update_kindle_oasis_5.XX.X.bin
 
-
 eg version 5.16.2.1.1 for PW4 would be https://s3.amazonaws.com/firmwaredownloads/update_kindle_all_new_paperwhite_v2_5.16.2.1.1.bin
 
-
 [![ko-fi](https://ko-fi.com/img/githubbutton_sm.svg)](https://ko-fi.com/E1E1QLG4D)