Kindle PPW11 Jailbreak
I had a Kindle 4 non-touch (2011) and since I wanted to read BW comics on it I bought a used Kindle Paperwhite 11th gen (2021, model M2L3EK),8GB of ROM.
I've started this project with the idea of jailbreaking it and using KOreader for my books and comics.
The advantages over the older kindle:
- bigger resolution (600x800 167ppi vs 1246x1648 300ppi)
- touchscreen
- overall snappines
- frontlight with temperature control
The big downside of this device is only 8GB of storage, but you can find versions with 16 and 32GB of ROM.
If I only read books that would be sufficient, reading also comics the space is very snug..
To jailbreak it I've followed this guide: https://kindlemodding.org/jailbreaking/ using Spring Break since I am on firmware 5.19.2
then I've manually installed KUAL and KOreader.
An important note:
this kindle is ARMHF, so some old software packages you find online might not work because are built for the older kindles.
If in doubt, download the armhf version.
a note on firmwares: #
If you are buying a new or used kindle you have some resources to better understand the chances of getting a jailbreakable device:
- https://www.amazon.com/gp/help/customer/display.html?nodeId=GKMQC26VQQMM8XSW here you can check the latest firmware available for the device
- https://kindlemodding.org/kindle-models.html here you can check the jailbreakable versions
For example the latest firmware available for a Kindle Scribe - 2022 Release is version 5.19.5,
the jailbreakable versions are:
- < 5.6.14 with Winterbreak2
- < 5.18.1 with Winterbreak
- from 5.18.1 to 5.18.5.0.1 with AdBreak
so buying it new or used you might get an updated firmware you'll not be able to jailbreak
on the contrary a Kindle (10th Generation) latest available version is 5.18.1.1.1,
the available jailbreakes are for many versions including Springbreak 5.18.1.1.1,
so you are sure you'll get a jailbreakable device
unfortunately you cannot downgrade your Kindle's firmware: https://kindlemodding.org/firmware-and-flashing/downgrading/
other software I've installed on my kindle and my experience installing/compiling it:
A Terminal: kterm #
I want a terminal on the kindle to be able to ssh around if needed,
this started a journey lasting almost 2 to try to understand how to be able to run SSH with ssh-keys support.
I've chosen kterm https://github.com/bfabiszewski/kterm
mainly because it was the "easy" choice.
The alternative could have been Alpine Kindle,
but unfortunately it wants circa 2GB of storage space which I don't have on my 8GB kindle: https://github.com/schuhumi/alpine_kindle
The issue is that ssh does not come pre-packaged and kterm does not have a package manager,
so I've compiled it myself:
SSH client #
I've started trying zroa66f's suggested approach from here: https://www.answeroverflow.com/m/1359264824898621685
which is installing compiling openssh-portable for the kindle,
but unfortunately it took time and multiple errors to understand I would need to compile for armhf:
Cross compilation #
These are the correct instruction to retrieve the correct kindle armhf toolchain and to compile openssh-portable:
move to a folder where you'll have about 400MB of available space:
cd /mnt
from the releases of koxtoolchain (https://github.com/koreader/koxtoolchain/releases) download the latest prepackaged amrhf toolchain:
wget https://github.com/koreader/koxtoolchain/releases/download/2025.05/kindlehf.tar.gz
tar -xvzf kindlehf.tar.gz
ll x-tools
install the prerequisites:
apt-get install build-essential autoconf automake bison flex gawk libtool libtool-bin libncurses-dev curl file git gperf help2man texinfo unzip wget
clone openssh-portable:
git clone https://github.com/openssh/openssh-portable
cd openssh-portable/
reconf and compile openssh-portable,
NB: you'll need to provide the absolute path for the toolchain in che configure command otherwise you'll necounter some strange issues like I did:
autoreconf
./configure CC=/mnt/x-tools/arm-kindlehf-linux-gnueabihf/bin/arm-kindlehf-linux-gnueabihf-cc --host=armv7a --with-cpu=cortex-a7 --with-mode=arm --with-float=hard --with-fpu=vfp --with-float=hard --disable-multilib --without-zlib --without-openssl
make
now you'll have all your nice executables ready in the folder you are in,
we can check the filetype so we can confirm that the files have been correctly compiled for arm:
#[/mnt/openssh-portable]:#file ssh
ssh: ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-armhf.so.3, for GNU/Linux 4.1.0, with debug_info, not stripped
then you'll think it's the moment to move the compiled binary in our kterm folder and use it!
WRONG!
well, kinda wrong:
More issues, ssh private key permission this time #
The ssh binary works!
But I am needy and I want to be able to use ssh keys for my connections,
unfortunately the kindle only supports a hardcoded and fixed 777 as a permission,
so ssh gets super mad about the private key permission:
#ssh -i ~/.ssh/myprivatekey user@remotemachine
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0777 for '~/.ssh/myprivatekey' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "~/.ssh/myprivatekey": bad permissions
user@remotemachine: Permission denied (publickey).
since the specifics of the private key file are:
#ls -lahs ~/.ssh/myprivatekey
8 -rwxrwxrwx 1 root root 444 Jul 12 22:43 .ssh/myprivatekey
since there are no parameters/options/workarounds to skip the check as it's baked in the ssh binary,
we'll need to edit the source and recompile it (god bless open source):
Modifing openssh-portable to exclude ssh-key permission check #
in your openssh-portable folder, edit authfile.c and remove the lines from 96 to 106,
which match this codeblock:
if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) {
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @");
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
error("Permissions 0%3.3o for '%s' are too open.",
(u_int)st.st_mode & 0777, filename);
error("It is required that your private key files are NOT accessible by others.");
error("This private key will be ignored.");
return SSH_ERR_KEY_BAD_PERMISSIONS;
}
return 0;
now we have removed the check and we can recompile the software
but before that we'll need to clean the previous compilation:
make clean
make
now our binary should work as expected, at least it did for me!
I've worked on a Debian 13 virtual machine with abit of disk and 2GB ram.
Kwordle: #
Wordle for Kindle
https://github.com/crizmo/KWordle
Leafpad #
a simple text editor,
the updated (armhf) version is here: https://www.mobileread.com/forums/showthread.php?t=366397
based on the original work of baf: https://www.fabiszewski.net/kindle-notepad/
usbnet-lite #
to connect to your kindle via ssh you can install usbnet-lite which activates a usb-network interface accessibile via cable,
this allows you to connect your kindle to a pc, see a new usb-network interface, set an ip for your pc on that interface and connect to the kindle via ssh:
default kindle ip: 192.168.15.244
default kindle user: root
default kindle password: kindle
source: https://github.com/notmarek/kindle-usbnetlite
debug commands #
https://kindlemodding.org/kindle-hacking/debug-commands.html
sources #
https://www.answeroverflow.com/m/1359264824898621685
https://github.com/openssh/openssh-portable
https://github.com/koreader/koxtoolchain/blob/master/refs/x-compile.sh
https://newlib.sourceware.narkive.com/dr1FJGQj/arm-toolchain-with-gcc-vfp-hard-float-can-it-be-done
https://gist.github.com/tautologico/3db84cf76fb85e9e3da8024251530d67
- Previous: pfSense wireguard VPN with Mullvad