This tutorial & tools is meant for power users who can make use of configuring the device in fancy ways, such as running custom stuff for linux, development and troubleshooting. Note that you DON'T need root just for *running* standard apps such as coolreader or koreader.

As of v8, this package does:

• install public su binary
• install iptables binary, and script to load firewall rules on startup
• install ssh, smb, ftp, http services and launch those at boot
• on newer firmwares (FW6.0+) adds kernel support for cifs, nfs, tuntap etc
• permanetly enable usbnet (even when mass storage is on, usbnet runs alongside)
• configure all services for file transfer - sftp (ssh), ftp, webdav, smb
• forbid wifi suspends when something is connected to service, ie transfer in progress
• provide some misc utilities for QoL - lftp, htop, powertop, ssh/scp client, nano, rsync
• some other minor tweaks, such as cpu scaling or working terminfo and loopback

Devices supported
Known to work on/tested by users in this thread:

• InkPad 2, 3, Pro - PB840, PB740, PB740-2
• Touch HD2, HD 3 - PB631, PB632
• Lux 3, 4, 5 - PB626, PB627, PB628
• Color - PB633

+ if you have other device it works on please report.

Essentially if your firmware version ends like 5.xx.yyyy (FW5) or 6.xx.yyyy (FW6), *it should run* - these images are all nearly identical. However I have no way to verify that for a fact, other people should just try it. The kit takes a lot of effort to fail as gracefully as possible, but you might want to start slowly only with jailbreak su and nothing else on older devices, as bugs in older kernels can introduce nasty boot crashes, especially when configuring for combined usbnet.

How to install

Extract the 2 app files from pbjb*.zip release on github into applications folder of your device.

Then from app menu:

* Launch @Jailbreak. If it succeeds, it will install root su. It does nothing else. Running it again will undo root.
* Launch @Services. This will install the system services, kernel modules, settings menus etc. su must be installed. If jailbreak is missing, the app will silently fail to run. Running it again will undo the install.

Once the device boots after Services install, new menu entry 'Rooted device settings' should appear in settings menu. In it, it will show generated root password, you can change it to your own too.

With that, ssh into root@169.254.0.1 when you connect usbnet. All other services expect same root/password pair. If usbnet is not working for you for some reason, you can navigate Settings->Rooted Device Settings->System Status and it will show you current wifi ip you can use to access the device.

Samba/WebDAV share








For frequent use of the device's storage from a PC, its useful to map the share permanently as:

Or alternatively, if CIFS doesn't work for you for some reason:
(where 1234 is whatever password the device has)

And use that network drive instead of using the usual USB mass storage. The reason for doing this is that you can now set the device to 'charge only' mode when plugging to USB, and keep reading a book while files are copied.

The full list of the shares when you navigate to \\169.254.0.1 or via http (webdav) is:

ext1 - main storage (wifi & usbnet & webdav), passworded
ext2 - sd storage (wifi & usbnet & webdav), passworded
ext3 - sd2 storage (wifi & usbnet & webdav), passworded
uext1,uext2,uext3 (usbnet/SMB ONLY), no password
public - see below (wifi & usbnet & webdav), read only, no password

Finally, theres a hidden 'system' share exposing root of the filesystem tree (on webdav too). Use only if you know what that means. Most of it is mounted read only by default, so you need to ssh in anyway (perhaps to fix wrong permissions introduced by samba as well).

Password-less access for guests

Guest samba (\\ip\public) and http://ip/public and anonymous ftp land the visitor in 'public' folder you can create on the main storage. By pulling documents in there you can share stuff with random strangers/devices you don't trust on the LAN.


Troubleshoot







Huh, I click explore network neighborhood and it shows no shares?

Go to settings->Root device settings->System status, and you should see wifi ip in there. Then nvigate to \\ip\ in explorer to see the shares over wifi.

Either passworded or unpassworded shares take forever to load, or just plain fail with some weird error
This is unfortunate peculiarity of some windows versions disabling SMB1. What this means is that you connected via usbnet (or to public via wifi) without password, and then tried passworded share from same computer. Windows is really stupid about this and will keep hammering with as a guest, "it worked the first time, right?". This is consequence of SMB2+ having no concept of per-share security, only per-user. The solution is to never introduce your computer as a guest if you want to use passworded share as well.

I'm bricked, network/usb storage fails completely now...
It's absolutely crucial to keep the original packages around - for if something goes horribly wrong, and network or storage access can become completely cut off, so you can still undo stuff.

If stuff breaks to a point not even launching any app is viable (ie frozen screen), there's a boot escape hatch: Keep rapidly pressing *any* button all the while during startup. The boot script does a tally of press events, and if count is more than 5 times over a specific window of time, the services scripts will not start at all. This way you should get functioning system again assuming it was a service script causing trouble.


Low level internals








Everything of above is stored on the /mnt/secure partition - this one is ext2, and mostly left alone by firmware updates, meaning the JB has a high chance of survival across OTAs. As far as jailbreaks go, this one is fairly conservative one - it doesn't modify *any* files of currently installed fw, it simply places itself in a directory the stock firmware auto-executes stuff from (/mnt/secure/runonce). This minimizes chances of conflict with future OTA updates.

I just want root access, not all this fancy stuff...

Good! That's why its split into two packages. If you run only @Jailbreak, you can get rudimentary root ssh by opening pbterm, and typing into it: You can then log in via wifi (no usbnet here) as root with no password.

Thank you for including the source code. This will save me so much time! I am looking forward to reading the code.
Released v3
Changes from v1:
* Samba shares are now network neighborhood discoverable (added nmbd)
* Added packet filter if you need to firewall something (iptables)
* A lot of cosmetics for source code because people are apparently looking at it (eep)
* Added frequency scaling

When updating from past versions, simply run Services.app from the zip file, it will just copy over the past one.

I've cleaned up the Makefile to be slightly more humane, and added the output binaries of cross compile if you don't want to go through that (make clean will wipe em and go through cross compiler though).
Nice!

Yes, I remember setting up cross-compilation for the Kobo with arm hard float cross compiler. It was quite a job.

Could you give me a few pointers/links for the setup of the cross-compilation?
I installed your apps on my PB740-2. Ran them and after that they disappeared from the app section. Using pbterm I see 'su' in /mnt/secure.

However, cannot connect to it yet using USBnet. 'ip link' does register a extra connection. Gnome keeps complaining that the connection failed. Connecting to the PC, choosing PC-link, disconnecting, connecting, choosing Charging, disconnecting, etc.: dmesg.log

So something failed, could be my Arch Linux setup: I sometimes have trouble with USBnet on my Kobo H2O, too.

The pocketbook also doesn't register with my router when I use the WiFi, so I can't try it through that IP, too.

EDIT:
arp-scan found it! It's working:
================================================== ==
PocketBook services v2, http://github.com/ezdiy/pbjb
================================================== ==
root password can be set by saving password.txt
in top folder of storage (/mnt/ext1/password.txt)
root@192.168.2.47's password:

I looked the password up by using pbterm and the command cat /mnt/ext1/password.txt.
Quite an improvement in typing in the ssh shell instead of using pbterm!
This is because the usbnet packet transport side is configured rndis (windows thing), not cdc (native linux thing). Pocketbook pretends as if it were tethered android phone.

The reason why it's done like this is that on windows it works out of the box (it automatically enables the ethernet interface, configures ip on it...), while on linux you have to add custom udev rule: https://wiki.archlinux.org/index.php/Android_tethering#USB_tethering

Within same udev rule you can also add script to auto-mount the samba share, so you can get rid of hogging mass storage.

The idea is that password.txt shows as a book in front explorer just after the reboot. If you have pbterm, you can also just type /sbin/ifconfig to see your wifi ip.
Hi ezdiy,
I'm ABSOLUTELY baffled as to how sending a buffer to a seemingly random IPC queue can grant you root privesc! ▄█▀█●

My config (OS is Win10 1809):
Observations:
- about the jailbreak process, I like the fact it doesn't mandate using /mnt/ext1/applications
- SSH USBnet works like a charm
- USBnet Samba shares are fine
- but the passworded shares take awfully long to show the credential prompt, causing the action to sometimes time out in Explorer

I haven't tried via wifi yet,do you have a sample iptables ruleset we can use to prevent communication with obreey/pocketbook?

- Not sure if it's possible, can you keep the device alive (prevent sleep) while there's activity in the services?

- This one is a quality-of-life convenience, can you create /mnt/ext1/.ssh if it doesn't exist? Also, I'm trying to get dropbear to accept pubkey authentication to no avail

- scp works fine, not sftp (probably a dropbar limitation). If it's not too complicated, can you include rsync as well?

- Generally in PBTerm /mnt/secure/su command works, any idea why /bin/sh doesn't return control?

Great work mate
v4 released:

image »

• Added GUI for whole installation process, each app shows wizard-like dialogs asking about stuff to do. as well as settings menu in screenshot above to enable/disable stuff, and change/view root password. To hide the password from there, simply erase it and it will become "(keep unchanged)" from then on until new one is set.
• fixed bugs with USB storage killing services, hopefuly for real this time
• wifi disconnects are no longer flatly rejected - we allow disconnect only if no services are in use, and there are no network sessions. The old style of wifi on no matter what drained battery in sleep.
• added rsync, though not sure if it works as expected
• scripts can now be put into (Main Memory)/system/init.d to be run at startup

PocketBook is full of this stuff, it's the 90s nostalgia over there, none of this modern amazon/apple fascism.

Disable timed shutdown in power menu, but keep wifi or bt on when USB is plugged in. If sessions are in place (shell with a terminal, tcp connections), wifi never suspends, and whole reader stays alive in turn. Not a good idea to do without USB, as it will kill battery charge in 2 days or so.

It might either not like the symlink, or the silly permissions on the fat partition. To figure out what dropbear doesn't like, just launch another instance via /mnt/secure/bin/dropbear -F -p 33 -m -B -Y somepassword -H /mnt/secure in foreground, and it should jabber about what it does not like.

Done.

Not sure what you mean.

Thanks for testing.
Hmm, I had to uninstall the kit for now.
Not too sure why, it prevented showing micro-sd contents (ext2) in PC link mode.
Drive would appear in explorer, but not browseable (like an SD card reader when no card is inserted)
whereas the internal storage's letter was fine.

Edit: will try with v4

Edit2: OK, after the 'Rooted device settings' reboot in v4, selecting "PC Link", the problem is still there.
I turned USBnet off, rebooted, plugged USB back in, PC Link, SD contents show up again