Using Amazon Kindle-3G internet connection on a (Linux) PC
and some generally applicable tips and tricks concerning IP traffic tunneling
NEW: Amazon started to limit the external kindle-3G traffic to 50MB/month
Obviously too many people started to use this hack and the 3G bills of Amazon started to grow,
so they striked back...
I thus stopped further efforts with Kindle.
However, the general TCP/UDP tunneling tips and tricks on this page remain perfectly valid.
NOTE: The new Kindle-touch-3G does NOT offer 3G internet access except to Amazon and Wikipedia at all
How to surf web pages on a PC employing Kindle-3G tethering
First of all, notice that this can work only in the
countries, where Amazon does not restrict web browsing
from Kindle-3g when connected over the GSM/UMTS network.
I found an inspiration for the Kindle tethering on a
blog of some Russian guy .
I tried to write a note on this topic myself in order (1) to try to give some commands here in a more explicit form
and (2) to go a step further and combine this trick with tunneling of ssh and openvpn traffic.
As a technical remark, notice that Kindle-3g has an ARM-Cortex CPU, which is binary compatible to the one employed in
Nokia N900, so you can use the scratchbox toolchain environment for Maemo also for cross-compilation of any tools
you like to have in Kindle! BTW you might be interested also in
my notes about Nokia N900.
As a philosophical remark I would add that if too many people start to use this hack too frequently, it will not make Amazon happy :-). They could even try
to bill you for the data (if you registered your Kindle on your own name and gave them your credit card number), cut the 3G connection completely
for units which exhibit enormous amount of traffic, or they could
limit the so far complimentary service to fewer countries, lower the speed etc.
Also notice that by deep inspection of the HTTP packets (DPI) Amazon could find out that they are not regular web browsing
- ssh and proxytunnel employs cryptography but not steganography.
So be reasonable, use it as an internet connection of the last resort if you do not have anything else available, but do not employ it as your default connection for bittorrent ;-).
0. Prerequisites: Jail-break your Kindle and get a root shell via USB networking
The instructions and update files can be found on many places, google is your friend.
I found it on
this page.
Do not forget to change the root password. For comfort, I have changed the default behavior
of Kindle from mass storage to USB network by editing /mnt/us/usbnet/auto file and I have installed
.ssh/authorized_keys to be able to login without password.
In the following we will assume that you configured Kindle to have IP address 192.168.22.2 and on your PC you have
ifconfig usb0 192.168.22.1 netmask 255.255.255.0 up
You can use scp rather than mass storage to get your books into the reader.
To refresh the book list after that, issue the command:
dbus-send --system /default com.lab126.powerd.resuming int32:1
as root@kindle
1. Install tcpdump on the kindle.
You can cross-compile it yourself (using options to configure or in the scratchbox environment) or download binary from the blog mentioned above.
2. Get the x-fsn authentication string and check IP of the Amazon proxy
Start the 3g-networking on Kindle
kindle# tcpdump -nAi ppp0 -s0 |grep x-fsn
open some web page in the Kindle browser
find out the x-fsn header
You may also check by tcpdump that in your location Kindle uses the same IP of the Amazon proxy
as for me: 72.21.206.113
3. Open ssh connection with port forwarding
PC user> ssh -L 8080:72.21.206.113:80 root@192.168.22.2
If this fails, instead telnet 192.168.22.2
kindle# ssh -R 8080:72.21.206.113:80 user@192.168.22.1
4. Configure the browser
Install "Modify-headers" plug-in to Mozilla; configure it to add the x-fsn header
and possibly also to change the User-agent to
User-Agent: Mozilla/5.0 (Linux; U; en-US) AppleWebKit/528.5+ (KHTML, like Gecko, Safari/528.5+) Version/4.0 Kindle/3.0 (screen 600x800; rotate)
(Do not forget to finally click on "Start").
Set localhost:8080 as http proxy in the browser and enjoy.
Notice also that when surfing according to this method, Amazon
watches over your shoulder. So it is better to use a ssh tunnel which
provides a socks proxy for your browser and AMZN will see only encrypted data.
UPDATE: I tried this recently (2013) and it did not work, I got a message "there is a problem with your kindle account",
while the Kindle browser worked. Amazon must have improved their proxy servers to check on some other aspect
of the data sent from the browser. I did not have the patience to find out which one, but in principle it could be done
using tcpdump.
How to tunnel ssh via a HTTP-only filtering proxy
You might wish to do more than web browsing when connected via Kindle,
or in general when you are on some network behind a firewall which allows only HTTP
and you need to use other protocols you have to bypass that firewall.
You can tunnel a ssh connection through a http proxy. The prerequisite is that
you have your own server on free internet, which has an open port 80 running apache2
(or a dedicated tunneling program). A hosted virtual server can be obtained very cheaply.
1. Install and configure Apache2 on the server
Here is a sample configuration of default from /etc/apache2/sites-available.
For some reason it did not work when it was not the default but another site - I gave up searching why.
Since the tunnel should be password-protected against unauthorized use, put username and password on two lines of the
password file specified in the config. (It is transmitted in HTTP plaintext, but as this just protects your tunnel from unauthorized use,
it is not critical, just change it time to time.)
2.a Establish the tunneled ssh connection - on a general network
ssh -o 'ProxyCommand proxytunnel -p tunnel.example.com:80 -P user:password -d target.com:22' target.com
or using corkscrew
ssh -o 'ProxyCommand corkscrew tunnel.tunnel.com 80 %h %p ~/.ssh/proxyauth' target.com
and put a line user:password into ~/.ssh/proxyauth
2.b Establish the tunneled ssh connection - using Kindle networking
ssh -L 8080:72.21.206.113:80 root@192.168.22.2
ssh -o 'ProxyCommand proxytunnel -H "x-fsn: what-you-got-from-tcpdump-here" -p localhost:8080 -r tunnel.example.com:80 -R user:password -d target.com:22' -D 1080 target.com
The user:password here are the ones of your apache2 tunneling site.
The -D 1080 option opens a socks proxy at port 1080, which you can set as a socks proxy in your browser
to allow to tunnel your http browsing via the ssh channel, so that Amazon will not be able to watch
what you are doing.
How to tunnel openvpn via a ssh channel
Once you are able to get a ssh connection through, you can use it to tunnel arbitrary TCP ports.
In particular, you can use the http proxying or socks proxying to tunnel openvpn.
I have written some notes about using openvpn, particularly in connection with encryption of VoIP phone calls
here. You can find there also sample configuration files. However, for this purpose switch from UDP
to TCP port 1194 in the openvpn server configuration.
A sample openvpn client configuration file which uses the socks proxy at 1080 opened by the previous instructions
is
here.
So now you should have a full-blown VPN - you can route all your traffic through it and do whatever you like ... enjoy.
Electronics page
Hobby page
My main page
TOP of family pages