Using Amazon Kindle-3G internet connection on a (Linux) PC and some generally applicable tips and tricks concerning IP traffic tunneling



NEW: Amazon started to limit the external kindle-3G traffic to 50MB/month



Obviously too many people started to use this hack and the 3G bills of Amazon started to grow, so they striked back... I thus stopped further efforts with Kindle.

However, the general TCP/UDP tunneling tips and tricks on this page remain perfectly valid.





NOTE: The new Kindle-touch-3G does NOT offer 3G internet access except to Amazon and Wikipedia at all



How to surf web pages on a PC employing Kindle-3G tethering

First of all, notice that this can work only in the countries, where Amazon does not restrict web browsing from Kindle-3g when connected over the GSM/UMTS network.

I found an inspiration for the Kindle tethering on a blog of some Russian guy . I tried to write a note on this topic myself in order (1) to try to give some commands here in a more explicit form and (2) to go a step further and combine this trick with tunneling of ssh and openvpn traffic. As a technical remark, notice that Kindle-3g has an ARM-Cortex CPU, which is binary compatible to the one employed in Nokia N900, so you can use the scratchbox toolchain environment for Maemo also for cross-compilation of any tools you like to have in Kindle! BTW you might be interested also in my notes about Nokia N900. As a philosophical remark I would add that if too many people start to use this hack too frequently, it will not make Amazon happy :-). They could even try to bill you for the data (if you registered your Kindle on your own name and gave them your credit card number), cut the 3G connection completely for units which exhibit enormous amount of traffic, or they could limit the so far complimentary service to fewer countries, lower the speed etc. Also notice that by deep inspection of the HTTP packets (DPI) Amazon could find out that they are not regular web browsing - ssh and proxytunnel employs cryptography but not steganography. So be reasonable, use it as an internet connection of the last resort if you do not have anything else available, but do not employ it as your default connection for bittorrent ;-).

0. Prerequisites: Jail-break your Kindle and get a root shell via USB networking

The instructions and update files can be found on many places, google is your friend. I found it on this page. Do not forget to change the root password. For comfort, I have changed the default behavior of Kindle from mass storage to USB network by editing /mnt/us/usbnet/auto file and I have installed .ssh/authorized_keys to be able to login without password. In the following we will assume that you configured Kindle to have IP address 192.168.22.2 and on your PC you have
ifconfig usb0 192.168.22.1 netmask 255.255.255.0 up
You can use scp rather than mass storage to get your books into the reader. To refresh the book list after that, issue the command:
dbus-send --system /default com.lab126.powerd.resuming int32:1
as root@kindle

1. Install tcpdump on the kindle.


You can cross-compile it yourself (using options to configure or in the scratchbox environment) or download binary from the blog mentioned above.

2. Get the x-fsn authentication string and check IP of the Amazon proxy


Start the 3g-networking on Kindle
kindle# tcpdump -nAi ppp0 -s0 |grep x-fsn
open some web page in the Kindle browser
find out the x-fsn header
You may also check by tcpdump that in your location Kindle uses the same IP of the Amazon proxy as for me: 72.21.206.113

3. Open ssh connection with port forwarding

PC user> ssh -L 8080:72.21.206.113:80 root@192.168.22.2

If this fails, instead telnet 192.168.22.2 kindle# ssh -R 8080:72.21.206.113:80 user@192.168.22.1

4. Configure the browser

Install "Modify-headers" plug-in to Mozilla; configure it to add the x-fsn header and possibly also to change the User-agent to
User-Agent: Mozilla/5.0 (Linux; U; en-US) AppleWebKit/528.5+ (KHTML, like Gecko, Safari/528.5+) Version/4.0 Kindle/3.0 (screen 600x800; rotate)
(Do not forget to finally click on "Start"). Set localhost:8080 as http proxy in the browser and enjoy.

Notice also that when surfing according to this method, Amazon watches over your shoulder. So it is better to use a ssh tunnel which provides a socks proxy for your browser and AMZN will see only encrypted data.

UPDATE: I tried this recently (2013) and it did not work, I got a message "there is a problem with your kindle account", while the Kindle browser worked. Amazon must have improved their proxy servers to check on some other aspect of the data sent from the browser. I did not have the patience to find out which one, but in principle it could be done using tcpdump.

How to tunnel ssh via a HTTP-only filtering proxy

You might wish to do more than web browsing when connected via Kindle, or in general when you are on some network behind a firewall which allows only HTTP and you need to use other protocols you have to bypass that firewall. You can tunnel a ssh connection through a http proxy. The prerequisite is that you have your own server on free internet, which has an open port 80 running apache2 (or a dedicated tunneling program). A hosted virtual server can be obtained very cheaply.

1. Install and configure Apache2 on the server


Here is a sample configuration of default from /etc/apache2/sites-available. For some reason it did not work when it was not the default but another site - I gave up searching why. Since the tunnel should be password-protected against unauthorized use, put username and password on two lines of the password file specified in the config. (It is transmitted in HTTP plaintext, but as this just protects your tunnel from unauthorized use, it is not critical, just change it time to time.)

2.a Establish the tunneled ssh connection - on a general network


ssh -o 'ProxyCommand proxytunnel -p tunnel.example.com:80 -P user:password -d target.com:22' target.com
or using corkscrew

ssh -o 'ProxyCommand corkscrew tunnel.tunnel.com 80 %h %p ~/.ssh/proxyauth' target.com
and put a line user:password into ~/.ssh/proxyauth

2.b Establish the tunneled ssh connection - using Kindle networking


ssh -L 8080:72.21.206.113:80 root@192.168.22.2
ssh -o 'ProxyCommand proxytunnel -H "x-fsn: what-you-got-from-tcpdump-here" -p localhost:8080 -r tunnel.example.com:80 -R user:password -d target.com:22' -D 1080 target.com
The user:password here are the ones of your apache2 tunneling site.

The -D 1080 option opens a socks proxy at port 1080, which you can set as a socks proxy in your browser to allow to tunnel your http browsing via the ssh channel, so that Amazon will not be able to watch what you are doing.

How to tunnel openvpn via a ssh channel

Once you are able to get a ssh connection through, you can use it to tunnel arbitrary TCP ports. In particular, you can use the http proxying or socks proxying to tunnel openvpn. I have written some notes about using openvpn, particularly in connection with encryption of VoIP phone calls here. You can find there also sample configuration files. However, for this purpose switch from UDP to TCP port 1194 in the openvpn server configuration. A sample openvpn client configuration file which uses the socks proxy at 1080 opened by the previous instructions is here. So now you should have a full-blown VPN - you can route all your traffic through it and do whatever you like ... enjoy.

Electronics page


Hobby page


My main page


TOP of family pages