Jimmy Theis

SEP 12, 2012

Saying Goodbye to Kindle Touch Ads (How I Hacked My Kindle Touch)

This post is a promised follow-up to a previous post, and in it I will explain the steps I took with my Kindle Touch (4th Generation Kindle) and MacBook Pro to remove the screensaver (and banner) ads that now come standard with Kindles.

This isn't intended necessarily to be a guide for others, because I'm no expert, have only done it once, and can't possibly account for any problems that may arise in someone else's attempt to do the same. However, I've found posts like this to be really helpful in my own experimenting. All I aim to do here is to record the steps I took, in order, to accomplish a really specific goal: get rid of the ads. I've embedded any files I used here, just in case they happen to be unavailable at a future date. Hopefully this will serve as a second reference for anyone who gets stuck following an official guide, or who's unsure of where to start in all of this.

So that's what this post is. It's a long one, and I'll randomly be switching between narrating and instructing, and I'm sorry for that, but it's just easier to write that way. This post specifically applies to Kindle Touch (4th Generation Kindle) with firmware version 5.1.2. Anything after that I can make no promises for (heck, I can't make promises for this), but hopefully it's still in some way helpful. If you're interested, read on.

First, how I got started. I found seriously every bit of the information I needed to accomplish this ad removal on this MobileRead page, though I've taken some of the steps that involve installing lots of packages replaced them with doing the same things the packages do by hand. Please please please start there. It's very likely you'll also find everything you need on that page, and it's obviously kept much more up-to-date than this post ever will be. Before you do anything, though, make sure you read all you can. If you're using a MacBook (or a Linux machine, or anything really), you'll hopefully get some benefit reading this post before you start. I'm not trying to scare you into reading my ramblings or anything, but I really would like to encourage you to get as much input as possible before you go doing things you can't undo. Also before using any files hosted here, make sure you check for a newer version on the wiki page.

Step 1: The Jailbreak

The actual jailbreaking of the Kindle is about the simplest thing in the world. I just plugged the Kindle into my MacBook with the MicroUSB cable, putting it in USB Drive Mode, then copied data.stgz into the root of the Kindle:

After that, I ejected the Kindle, unplugged it from the computer, then selected Menu -> Settings -> Menu -> Restart. While the Kindle was restarting, this new loading screen was visible:

After the Kindle was finished restarting, I saw the confirmation placeholder book, which I deleted (and you can too):

And... that's it. We're jailbroken.

Step 2: Connecting

Alright, now the Kindle's jailbroken. That's all well and good, but what does that actually get us? Well, jailbreaking simply installs another developer key that can be used to put custom apps on the Kindle. We're going to use it to install a package that enables USB Networking, a service that allows us to connect directly to the Kindle through a command line.

To do this, I copied update_simple_usbnet_1.1_install.bin into the root of the Kindle:

Then I ejected the Kindle, unplugged it, and installed the update by choosing Menu -> Settings -> Menu -> Update Your Kindle from the Kindle.

Once the Kindle has finished updating, I set the password (needed for login) by entering the following in the search bar:

;un password somepassword

Obviously using something besides somepassword for the password. Then I turned on USB Networking by entering the following in the search bar:


Now, before you do anything else, open up Terminal.app (under "Utilities" in the Applications folder), and enter the following command (without the $):

$ ifconfig | egrep -o "^[[:alnum:]]+"

Leave the results of that command on the screen. Those are the networking devices your MacBook can currently see. Now connect the MacBook to the Kindle with the MicroUSB cable. It shouldn't go into USB Drive Mode like it usually does. If that's the case, we're in business. If not, eject the Kindle, enter ;un again, and try again.

Now for a slightly complicated part. We need to figure out which device the MacBook thinks the Kindle is. Run the previous command again (by hitting the up arrow, then Enter), and compare the results. There should be one extra device listed (probably at the bottom). In my case, this device was en3.

Once you've figured out the name of your Kindle (maybe it's the same one), run the following command to configure it (you'll be prompted for your computer's administrative password):

$ sudo ifconfig en3

Obviously use something besides en3 if you found your Kindle to have a different name, but make sure you use the same IP address. The Kindle relies on a really specific IP address belonging to it (, so we configure it to have one somewhat close to that.

If all went well, we should be able to connect to the Kindle now. Enter the following command:

$ ssh root@

You'll be prompted for a password. This time, it'll be the one you set up in the search bar of the Kindle. If your login succeeds, you should see a notice and prompt like this:

#  N O T I C E  *  N O T I C E  *  N O T I C E  # 
Rootfs is mounted read-only. Invoke mntroot rw to
switch back to a writable rootfs.
[root@kindle root]# 

That's the command line prompt of the Kindle, and that means we're in.

Step 3: Breaking The Ads

Now that we've got administrator command line access to the Kindle, all we need to do is disrupt the way the Kindle downloads and stores its ads enough that it will fail back to just displaying the standard screensavers. To do this, we'll first do exactly what the giant notice says, remount the root file system (just like the $s, don't type the #):

# mntroot rw

Now let's go find those ads.

# cd /var/local
# ls adunits

You should see something like this:

1314512564245     4947350798237     7905915218628     8863644723128 9772216502999
2248931205866     5179523322443     8060227834200     8982827228459 admgr.json
3254245097874     5480504762067     8565874945799     9114782852577 admgr.seenactive

Those are all the sub-folders within the adunits folder, and that's where each ad's data is (for the most part), stored. What we're going to do, simply put, is turn off the main Java framework, rename the adunits folder (in case we ever want to restore it), replace it with just an empty file, remove all permissions to that file, then restart the main Java framework again. This way, adunits still exists if the framework checks for it (and all folders are really just special kinds of files), but the Kindle will fail to read or write any information to or from it, causing it to fail back to regular screensavers. Anyway, here we go. Careful not to mess these up.

# stop framework
# mv adunits adunits.bkp
# touch adunits
# chmod 000 adunits
# start framework

That's it; we're done. If you're interested in unjailbreaking your Kindle but leaving the ads turned off, skip down to the next section.

Otherwise, exit the shell with the exit command (you should see your prompt return to the one from your MacBook (ending in a $)), then restart your Kindle for posterity's sake. At this point, our mission is complete. No more ads.

Step 4: Covering Our Tracks

Now, even though we've managed to disable the Kindle ads, our Kindle is in sort of a weird state. There's an extra developer key installed, a set of applications that allows direct connection and command line access, and the ad storage files and folders mixed around. We can actually undo all but the last one to put our Kindle back in a sort of a non-jailbroken but still ad-free state, and that's exactly what I did with mine (though I actually left the USB Networking stuff in just in case I wanted access later the first time).

These steps are entirely optional, but they do provide a little peace of mind in our knowing that our Kindle is nearly normal after its surgery.

Removing USB Networking

This is the step I didn't actually do at first, but then thought better of it. To remove USB Networking, exit the Kindle shell with the exit command, unplug it, run the ;un command in the search bar to turn off USB Networking, then plug it back in to enter USB Drive Mode. Copy update_simple_usbnet_1.1_uninstall.bin into the root of the Kindle:

Eject it, unplug it, then from the Kindle select Menu -> Settings -> Menu -> Update Your Kindle. If the update is successful, USB Networking has been uninstalled. To test it, no amount of entering ;un at the search bar should be able to prevent the Kindle from going into USB Drive Mode when plugged in.


To unjailbreak the Kindle, we just need to delete the new developer key. We can do this by hand (if you haven't logged out of your Kindle shell yet and uninstalled USB Networking), or by running the uninstaller. To do it by hand, just run the following commands:

# cd /etc/uks
# ls

You should see the following:

pubdevkey01.pem   pubprodkey01.pem  pubprodkey02.pem

The first one is the new developer key. Just delete it:

# rm -f pubdevkey01.pem
# ls

You should now see it missing from the list.

If you'd rather (or must because you've removed USB Networking) do it with the official uninstaller (that does the same thing, just with a fancy status bar), exit the shell, turn off USB Networking with ;un in the search bar, then plug the Kindle back in so it goes into USB Drive Mode. Copy update_jailbreak_1.2.N_uninstall.bin into the root of the Kindle:

Eject it, then from the Kindle select Menu -> Settings -> Menu -> Update Your Kindle. If the update was successful, your Kindle is unjailbroken.

I'm quite happy with my ad-free, unjailbroken, inaccessible-through-command-line-interface Kindle Touch. I hope this post was helpful to you; I enjoyed writing it.