Hi,
is anyone here who still uses old 4.x PocketBooks?

The following approach can be used to get root user permissions on the PocketBooks with FW 4.x and Wi-Fi. Executing code with elevated rights requires to use some Wi-Fi router or other device that can set up a wireless network.

Tested on

1. PocketBook 622 FW D622.4.4.565

Instruction

1. Download the archive: link
2. Unzip the release archive to the reader internal memory via USB.
3. Setup the wireless network on other device. Set the following SSID:
   Code

   a";"/mnt/ext1/root.sh

   The network must be secured with WPA2 encryption. You can use eg. the phone's hotspot feature.
4. Make sure your reader is not connected to any network.
5. Run PB4root application on the PocketBook.
6. When the "Select network" screen appears, try to connect to the prepared network. Provide correct password for the network.
7. Wait for some time. The PB should reboot if the hack succeeded. You should then have the su binary placed in /mnt/secure/ folder.
8. If the reader didn't reboot, try to press Home button or repeat points 4-7.

How does it work?
This approach to get root access uses vulnerable netagent binary, which does not escape SSID, allowing to perform the remote command execution attack with privileged user.