Kindle Fire HD 8.9" bootloader bug fixed

Search This thread

verygreen

Senior Member
Feb 13, 2011
1,305
2,637
TN
linuxhacker.ru
Hi! Hope everybody is having a nice Thanksgiving (slowly transitioning to Black Friday).

I brought a piece of great news, Kindle Fire HD 8.9" (and HD 7", but I don't have a device to test) locked bootloader bug has been fixed.
All hail to sloppy programmers (as if there were any other kinds, right?)


Thanks to: fattire for noticing a bit of unverified user input, Hashcode for doing some prototype testing on other Kindle devices before we got our hands on actual Kindle HD and a bit of source code.
 
Last edited:

bodi524

Senior Member
Apr 10, 2010
470
448
Google Pixel 3 XL
Looking forward to development opening up with the bootloader cracked! Great news and good work.



Sent from my Galaxy Nexus using xda app-developers app
 

jcotterman

Senior Member
Apr 5, 2007
130
31
Largo, FL
I bought this bad boy (8.9) one week ago. Rooted, added GApps with Nova and was crossing my fingers on this happening.

Great news indeed!
 

Huuthaolove

Member
Oct 4, 2012
38
4
KFTT 7

Hi! Hope everybody is having a nice Thanksgiving (slowly transitioning to Black Friday).

I brought a piece of great news, Kindle Fire HD 8.9" (and HD 7", but I don't have a device to test) bootloader has been broken.
All hail to sloppy programmers (as if there were any other kinds, right?)


Thanks to: fattire for noticing a bit of unverified user input, Hashcode for doing some prototype testing on other Kindle devices before we got our hands on actual Kindle HD and a bit of source code.

kindle fire HD 7?? can you tell me about way to unlock bootloader???,can i do it?i has Kdff 7, i hope rom cook for it..
 

pegachu

Member
Feb 3, 2012
5
0
Copenhagen
Yes, please give us details. Do not tease us this way? :)

Are we talking Hashcode's Safestrap or something else?

/peter

Sent from my KFTT using xda premium
 

timnan

Senior Member
Aug 31, 2008
76
7
He broke NOOK HD+ bootloadr as well elsewhere in xda.



Sent from my SGH-I777 using Tapatalk 2
 

craby1925

Senior Member
Nov 17, 2010
337
33
What exactly was your method? I don't want a how-to but I am more curious of your exploit.

Sent from my EVO using Tapatalk 2
 

verygreen

Senior Member
Feb 13, 2011
1,305
2,637
TN
linuxhacker.ru
What exactly was your method? I don't want a how-to but I am more curious of your exploit.
Just as fattire highlighted in this other thread, there's an unchecked length parameter in boot image, so you just make it really long and overwrite the stack of the bootloader, allowing you to transfer control to your code (another copy of uboot in my case).

It seems there are a lot of misunderstandings about how these bootloader fixes work, so we are preparing a document laying it in some more details. It currently only covers Nook Tablet (of Bauwks fame) and just needs to be expanded a bit.
 
Last edited:

fmkilo

Senior Member
Oct 8, 2012
289
189
Cedar Rapids, IA,USA
any word on if this will cover the kf2 the non hd one? I can't wait to get my hands on mine in a couple days. But I like the look and feel of cm10. ( I have the latest nightly on my sgs3. ) also, is there any word on actually unlocking the bootloader?
 

ZilverZurfarn

Senior Member
Feb 11, 2009
970
23
Göteborg
any word on if this will cover the kf2 the non hd one? I can't wait to get my hands on mine in a couple days. But I like the look and feel of cm10. ( I have the latest nightly on my sgs3. ) also, is there any word on actually unlocking the bootloader?
I think there's quite some distance to cover between "Bootloader cracked" and "CyanogenMod 10 running". CM really only works with source code, and I really can't see Amazon releasing all their source.
 

fattire

Inactive Recognized Developer
Oct 11, 2010
2,281
6,473
www.eff.org
I think there's quite some distance to cover between "Bootloader cracked" and "CyanogenMod 10 running". CM really only works with source code, and I really can't see Amazon releasing all their source.

There is some distance to cover, it's true. But much of that has been covered. CM10 is already running, albeit w/o sound for the moment. And speaking generally, the source for CM10 is available.

Also, it may be wiser in general to get a Nexus 7 or Nexus 10 or something similar if simply to support the hardware manufacturers who make it very easy for you to unlock to install your own operating system.
 
Last edited:

ZilverZurfarn

Senior Member
Feb 11, 2009
970
23
Göteborg
CM10 is already running, albeit w/o sound for the moment. And speaking generally, the source for CM10 is available.
Sounds reassuring that CM 10 is already up & running.
Yes, I'm aware of that CM sources are available - but it was Amazons source code I was referring to. I doubt they (Amazon) will release drivers & cetera to facilitate the creation of third party ROMs.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 15
    Hi! Hope everybody is having a nice Thanksgiving (slowly transitioning to Black Friday).

    I brought a piece of great news, Kindle Fire HD 8.9" (and HD 7", but I don't have a device to test) locked bootloader bug has been fixed.
    All hail to sloppy programmers (as if there were any other kinds, right?)


    Thanks to: fattire for noticing a bit of unverified user input, Hashcode for doing some prototype testing on other Kindle devices before we got our hands on actual Kindle HD and a bit of source code.
    6
    title of the thread has changed to " Kindle Fire HD 8.9" bootloader bug fixed "
    What's this bug? are we still gonna get any custom ROM?
    The locked bootloader is a bug, that prevents you from fully taking advantage of your hardware.
    We have fixed the said bug now. Just wanted to better express our position on the topic.
    You will still get custom ROMs assuming people will be developing them.
    I am sorting out my device tree in preparations to make it public soon and then hopefully interested parties would start adding to that.
    2
    What exactly was your method? I don't want a how-to but I am more curious of your exploit.
    Just as fattire highlighted in this other thread, there's an unchecked length parameter in boot image, so you just make it really long and overwrite the stack of the bootloader, allowing you to transfer control to your code (another copy of uboot in my case).

    It seems there are a lot of misunderstandings about how these bootloader fixes work, so we are preparing a document laying it in some more details. It currently only covers Nook Tablet (of Bauwks fame) and just needs to be expanded a bit.
    1

    CM10 repo with stuff you see in the video is now available, details are in Kindle HD 8.9" development subforum.
    1
    ok so i keep seeing that this is possible, however no how to. am i missing something or has this not been released

    This it what you are missing, but be warned it's not very friendly to novices or people on Windows.