Skip to content

Instantly share code, notes, and snippets.

@TobiasWooldridge
Last active November 13, 2024 20:47
Show Gist options
  • Save TobiasWooldridge/22f0cdca75190b9a473f to your computer and use it in GitHub Desktop.
Save TobiasWooldridge/22f0cdca75190b9a473f to your computer and use it in GitHub Desktop.
How to Unbrick a Kindle Paperwhite

How to unbrick an Amazon Kindle Paperwhite™

This guide instructs you in how to unbrick an Amazon Kindle Paperwhite. The consequences of following it are your own responsibility. This method (opening the Kindle and using the serial interface) should be a last resort and should only be considered if other methods fail

The Guide

  1. Pry open Kindle using a prying tool
  2. Unscrew the screen and remove it from the base. Note that there's a screw hidden under the adhesive at the top in the middle
  3. Solder tin wire to serial ports on the bottom
  4. Attach tin wire to USB TTY device (order is ground, RX, TX, from the kindle's perspective, where GND is the smallest pad) and plug USB TTY device into your computer
  5. Open Putty on your computer in serial mode, with the serial port specified as your USB device and baud configured to 115200
  6. Reboot kindle
  7. When the kindle is booting, there exists a brief window where sending data to it over the serial line will cause it to enter it's bootloader. To achieved this I repeatedly pressed enter on my computer's keyboard as my kindle started booting
  8. Now that we're in the bootloader, run 'bist fastboot' to put your Kindle into fastboot mode
  9. On a Mac, build https://github.com/TobiasWooldridge/Fastboot-Kindle -- if you get this building on anything else, please send me a pull request :)
  10. Download Paperwhite images from http://ixtab.tk/kindle-touch-images/PaperWhite/
    wget http://ixtab.tk/kindle-touch-images/PaperWhite/pw_5.2.0-diags_kernel.img.gz
    wget http://ixtab.tk/kindle-touch-images/PaperWhite/pw_5.2.0-main_kernel.img.gz
    wget http://ixtab.tk/kindle-touch-images/PaperWhite/pw_5.2.0-mmcblk0p1.img.gz
    wget http://ixtab.tk/kindle-touch-images/PaperWhite/pw_5.2.0-mmcblk0p2.img.gz
    gunzip pw_5.2.0-*.img.gz
  1. Modify the pw_5.2.0-mmcblk0p2.img on something which can mount ext3 using the guide below
  2. In bist, run 'fastboot' (if it isn't running already)
  3. Make sure Kindle Paperwhite is plugged in to your Mac by USB as well
  4. On your Mac, run ./fastboot (Be careful not to run fastboot, as that may use an installed Android fastboot binary). This will list the paritions on your Kindle Paperwhite
  5. We want to overwrite diags_kernel, main_kernel, system and diags
  6. We now want to run
    ./fastboot flash system pw_5.2.0-mmcblk0p1.img
    ./fastboot flash kernel pw_5.2.0-main_kernel.img
    ./fastboot flash diags pw_5.2.0-mmcblk0p2.img

to flash all of our images to the Kindle Paperwhite EXCEPT for the main system image

  1. Run the following to reboot your Kindle and get into Diags mode
    ./fastboot setvar bootmode diags
    ./fastboot reboot
  1. Once your kindle's booted to diags mode, start USB mode

  2. Rename pw_5.2.0-mmcblk0p1.img to mmcblk0p1.img and copy it to your kindle

  3. Safely unmount your kindle

  4. Reboot your kindle into diagnostics mode again from the "Exit, Reboot or Disable Diags" menu

  5. If you're watching your Kindle's serial output as it boots, you should see something like

    /dev/loop/0: 84 files, 44940/174079 clusters
    info filesystems:installdata:KINDLEFIX looking for /mnt/us/mmcblk0p1.img ...:
    info filesystems:installdata:KINDLEFIX found mmcblk0p1.img, trying to install:I
  1. This indicates that it's flashing the system partition. It will take a while, during which the Kindle will only show the Amazon Kindle screen

  2. Once diags mode has booted, open "Exit, Reboot or Disable Diags", hit disable diagnostics, then hit continue. This will reboot your kindle.

  3. Hooray! Your kindle is now unbricked.

  4. Optionally delete the mmcblk0p1.img on your Kindle over USB. If you leave it there, every time the diags tool is run, it'll flash it to the system partition.

How to modify pw_5.2.0-mmcblk0p2 to automatically dd pw_5.2.0-mmcblk0p1 to the system partition

Unfortunately pw_5.2.0-mmcblk0p1 is too big for fastboot (or, fastboot doesn't like it for some reason). This causes us a little bit of grief because we need to use some other means to get it onto our kindle

We'd usually use the 'dd' tool on the kindle over ssh to copy this file to its respective partition; however, Amazon has removed the diagnostic partition's ssh application, so we can't use that to copy the file to the kindle and dd it.

Instead, we'll just mangle the diagnostic image to 'dd' the file after it's done initializing filesystems.

To do this,

  1. Back up then mount the diagnostic image to some directory
    cp pw_5.2.0-mmcblk0p2.img pw_5.2.0-mmcblk0p2.img.bak
    mkdir mmcblk0p2
    root@debian:~# mount -t ext3 pw_5.2.0-mmcblk0p2.img mmcblk0p2/
  1. Open its /etc/upstart/diags file (the diagnostics boot script)
    vim mmcblk0p2/etc/upstart/diags
  1. At the end of init_filesystems function, before the "#end script" comment, add
    # INSTALL MAIN PARTITION FROM USERSTORE
    f_log I filesystems installdata "KINDLEFIX looking for /mnt/us/mmcblk0p1.img ..."
    if [ -e /mnt/us/mmcblk0p1.img ] ; then
      f_log I filesystems installdata "KINDLEFIX found mmcblk0p1.img, trying to install" I
      dd if=/mnt/us/mmcblk0p1.img of=/dev/mmcblk0p1 bs=4K
      f_log I filesystems installdata "KINDLEFIX Install successful" I
    fi
  1. Unmount mmcblk0p2
    umount mmcblk0p2/
  1. Now when we flash pw_5.2.0-mmcblk0p2.img, it'll automatically check the userstore directory for a file named 'mmcblk0p1.img' and flash it to the system partition

Misc

If you find this useful or find an error, feel welcome to leave a comment below or email [email protected] - thanks!

@ERROR-404-NULL-NOT-FOUND

The connection is because, I assume, the device only sends boot logs over serial when entering the bootloader

@Mateus-66
Copy link

Hello, everyone! I’m currently trying to unbrick my 11th-generation Kindle, but I’m not sure what I did wrong. In the terminal, only strange characters keep appearing every time I try to boot, and nothing else happens.
image

@ERROR-404-NULL-NOT-FOUND

It looks like you have your baud rate set wrong

@Mateus-66
Copy link

Mateus-66 commented Nov 9, 2024

It looks like you have your baud rate set wrong

This is the problem, i'm using 115200, Check and recheck the orientation as well of TX and RX, maybe it's dead
OBS: My kindle is a basic 11 gen

@Mateus-66
Copy link

I was able to talk with this person only by email, hope i can get an answer

i will try(although i dont see the connection as i should be seeing the boot log regardless). thanks i ill update

@Ph1syc
Copy link

Ph1syc commented Nov 12, 2024

Hello, everyone! I’m currently trying to unbrick my 11th-generation Kindle, but I’m not sure what I did wrong. In the terminal, only strange characters keep appearing every time I try to boot, and nothing else happens. image

Hey! Sorry, idk how to help with the issue, but i do have a bricked 11th gen, the thing is i didn’t find any serial pins on it, where were they on yours?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment