AKA CVE-2022-23224, CVE-2022-23225, CVE-2022-23226 - full writeup with technical details to be released after 5.14.3 has been widely rolled out.

Thank you to NiLuJe, yparitcher and darkassassinua for adding KOReader support for PW5, repackaging all of the hacks and testing this jailbreak

This vulnerability is released in good faith and in the hope that other security researchers will utilise the access that it provides to assist Amazon/Lab126 in improving their security posture.

If you're concerned about the security of your device and do not wish to jailbreak, install firmware version 5.14.3 from this link - I've been working with Amazon to create a fix and can confirm that this version has been hardened against this vulnerability.

Additional thanks to everyone at Amazon/Lab126 who contributed towards this .

Finally, I encourage Amazon/Lab126 to provide a method of unlocking their devices that doesn't involve the need of a 0-day, both for security researchers and for technical users who are interested in modifying their devices. We know that your employees lurk here, use tools that we've created internally and that our ideas have been implemented by you more than once, so help us help you - I promise that we don't bite

Device Compatibility







This jailbreak is compatible with Kindle devices running the following firmware versions:

KT3, KT4, KOA1, KOA2, KOA3, PW3, PW4, PW5:
5.14.2
5.14.1 (5.14.1.1 on PW5)
5.13.7
5.13.6
5.13.5
5.13.4

KV:
5.13.6
5.13.5
5.13.4

KT2, PW2:
5.12.2.2

You must use the exploit payload that matches your device/firmware combination exactly.


Download Link
watchthis-jailbreak-r03.zip


Installation
Please ensure that you have read the entirety of the instructions before proceeding.

Setup

1. Factory reset the device. Make sure to use the "en_GB" or "English (United Kingdom)" locale when setting the language.
2. Type ;enter_demo in the Kindle search bar after performing a factory reset
3. Reboot the device
4. Once in demo mode, skip setting up wifi and enter dummy values for store registration when prompted.
5. Skip searching for a demo payload
6. Select the "standard" demo type
7. Press "Done" at the prompt to sideload content. Do not sideload the jailbreak at this stage.
8. Once the demo is setup, skip the misconfiguration lockout using the "secret gesture" (double finger tap on bottom right of screen then swipe left)
9. Enter the demo configuration menu by typing ;demo into the search bar
10. Select the "Sideload Content" option

Jailbreak

1. Connect the device to a PC and:
2. Create the directory .demo at the root of the Kindle storage
3. Copy ${YOUR_DEVICE}-${YOUR_FW_VERSION}.zip to .demo/
4. Copy demo.json to .demo/
5. Create an empty folder at .demo/goodreads. Do not put any files in this folder.
6. Press "Done" at the prompt to install the jailbreak script
7. Exit the demo menu and either enter ;dsts or swipe down and select the settings icon to enter the device settings menu
8. If an application error occurs, hard reboot the device by holding the power button, enter the demo menu again and select Sideload Content -> Done once more without connecting to USB
9. Select "Help & User Guides" then "Get started"
10. If jailbreaking KT2 or PW2, select the store button instead
11. The device will reboot
12. The jailbreak script will run during the next boot

Post Jailbreak

1. After the device has rebooted, type ;uzb into the search bar
2. Connect the device to a PC and copy Update_hotfix_watchthis_custom.bin to the root of the Kindle storage
3. Eject the device and either enter ;dsts or swipe down and select the settings icon to enter the device settings menu
4. Select Update Your Kindle to install the custom hotfix
5. This will take your device out of demo mode, rebuild the application registry and clean up unneeded jailbreak files.

Troubleshooting

• Alternative Demo Mode entry method:
  • Create an empty file named DONT_CHECK_BATTERY at the root of the Kindle USB storage
  • Activate demo mode by typing ;demo into the search bar
  • Once in demo mode, skip setting up wifi and enter dummy values for store registration when prompted
• If you need to reset your device whilst in Demo Mode, enter ;uzb in the search bar to enable USB storage mode then create an empty file named "DO_FACTORY_RESTORE" at the root of the Kindle storage. Once this has been created, reboot the device.
• Video demonstration of secret gesture

You should now have a freshly jailbroken Kindle
Damn,updated PW5 to 5.14.2...
Any hope that this will work on PW5 5.14.2?
Yass can't wait
Is this exploit patched already in 5.14.1.1?
Just checked, this exploit works on 5.14.2.

Nope.
So good news!
That's a great news! Thanks kataledos
Next time maybe consider delaying the disclosure? At least give them some time to refresh the oasis and entry line as well
Welp, airplane mode time. Thanks for putting this together, I can't wait until this gets released.
Would this work for Kindle 10th generation 5.14.2 ?

Noob here, I just want to customize my kindle screensaver.