[GUIDE] Hardware root via emmc chip (requires soldering!)

[skyball2]

That's a good question. I have no idea. If it uses the EXACT same system partition then no problems, but if it's different than we'll need a different pre-rooted image. Maybe rbox knows if the non US models are different. There really isn't an easy way to check that I know of besides MD5SUM the partition which requires at least restricted root access.

Thanks again! So I hope that rbox will know an answer to that. I'll receive my Fire TV today and I'd be willing to experiment a bit but wouldn't want to take the risk of bricking my device.

Greets, Christian

 

[Calibaan]

For the 1st gen FireTV there were no differences between US or EU/UK/GER devices despite the power supply adaptor. So identically hardware and software. It´s very likely that´s still the same for the 2nd gen aTV.

 

[zeroepoch]

Thanks again! So I hope that rbox will know an answer to that. I'll receive my Fire TV today and I'd be willing to experiment a bit but wouldn't want to take the risk of bricking my device.

Greets, Christian

I've attached the /system/build.prop file from my device. If there was some sort of difference it would probably need to be in that file since that defines a lot of version and device name variables. If you can attach yours or just diff the two that would give some strong confidence in them being the same or not.

 

[zeroepoch]

I've finally had some time to put together a new thread for rooting here, http://xdaforums.com/fire-tv/general/root-amazon-fire-tv-gen-2-4k-t3245407. Please move any further discussions regarding rooting the amazon fire tv 2 to that thread. It will make it easier to track and collaborate

 

[kilumnati]

hey guys i recently bricked my firetv1 using KINGROOT, then using super sume, and now firetv is stuck on boot color logo, i ordered the E-MMC chip, waiting for it in the mail, want to ask is how do i get it back to rooted or even non rooted as i just want it to boot again. what do i flash to it. it was on frimware 5.0.5 and its non rooted now as i still can ADB to it for a while before it reboots after like 5 min. please help thanks..

 

[superkoal]

hey guys i recently bricked my firetv1 using KINGROOT, then using super sume, and now firetv is stuck on boot color logo, i ordered the E-MMC chip, waiting for it in the mail, want to ask is how do i get it back to rooted or even non rooted as i just want it to boot again. what do i flash to it. it was on frimware 5.0.5 and its non rooted now as i still can ADB to it for a while before it reboots after like 5 min. please help thanks..

Tried this?
http://www.aftvnews.com/how-to-unbrick-by-entering-recovery-mode-and-factory-reset-the-amazon-fire-tv/

 

[kilumnati]

Tried this?
http://www.aftvnews.com/how-to-unbr...ry-mode-and-factory-reset-the-amazon-fire-tv/

yes i have i get to this screen thats it..

http://imgur.com/xsPvta0

 

[papars]

Does this method works with 5.0.5?
Any suggestion of a linux LiveCD I can use, since all my PCs run windows?

 

[superkoal]

Does this method works with 5.0.5?
Any suggestion of a linux LiveCD I can use, since all my PCs run windows?

You can use kingroot for 5.0.5.
I booted Ubuntu from a Flash drive.

 

[papars]

I hate kingroot and what it does to the system files. I have bad experience with this and some mobile phones. It does root but ...
Unless there is another way, say to root by kingroot and then flash an image with supersu ...
In any case I have the emmc adaptor so I can hardware root, thus I wonder if there is a change in the procedure in the latest s/w versions.

 

[CrashInc]

Can anyone help??

Hi can anyone confirm if this still works on AFTV 5.0.5.1?
I only ask as I have done this before on an older firmware however when trying to gain root access on newer FW I have no luck?
The SU file is in the xbin folder and can even be seen from es file explorer but still no root?

I have tried this about 9 times today following different guides, different versions of SU and it still just doesn't work.

Any help from anyone would be greatly appreciated.

 

[xafsinut]

Still works ?

Hi,

Also interested in knowing if still works ?
Thanks,

Xafs

 

[pwntrik]

That's interesting... screw up or on purpose... But it looks like the OTA updates are patch updates and the kernel file is a patch also. So someone will need to extract the image from the actual device. Although it's curious that you feed it image.gz. I would imagine it'd need a regular ANDROID! image style file. Either way, once you do have a bootable kernel, all you need to do is replace adbd with one that can start as root.

But I must caution. Whatever you do, DO NOT MODIFY /system before making a FULL image with dd and VERIFYING it is 100% perfect. Because the updates are patch updates, there is no way to apply the updates without a pristine version of the /system. And there is no way to fix /system with an OTA once it's been modified.

Will this work...

dd if=/dev/sdb20 of=system.img

Then later do the inverse?

About to solder again. I'd love to just take my TWRP backup or at least your prerooted image and use dd, rather than deal with setting up a custom recovery.

 

[walkabouts]

Does anyone know if its possible to reflash the emmc, in order to recover a bricked fire TV 1, that is in Qualcomm qdloader 9008 state (in this state I have no access to fastboot, recovery, adb, or even the partitions). Thanks!

 

[maleclub]

Could it be that the electrical current wich comes from the reader (pc) is to low?
Because it have to supplied the whole fire tv

Sent from my Nexus 4 using XDA Free mobile app

i am sure that the electrical current wich comes from the reader (pc) is to low

 

[fifo209]

So I just opened my fire TV 4K and my chips look different then the one in the guid. Any idea where to solder wires for the 4K version? The one I have has the MediaTek chip along side 2 Elpida RAM chips under the main shield and my eMMC has a diff "R" arey between it and the main shield Anyone know where to solder the wires on this?

https://ibb.co/bsW3Sa

 

[elektrinis]

Anyone tried to get away without level converter? I mean add a series resistor, like 1k, on all data lines? This is sometimes used as lever converter, as 3.3V receiver will still accept 1.8V as logic one, and 1.8V receiver will clamp 3.3V signal on internal diode.
Would this work?

 

[unforsaken]

So I just opened my fire TV 4K and my chips look different then the one in the guid. Any idea where to solder wires for the 4K version? The one I have has the MediaTek chip along side 2 Elpida RAM chips under the main shield and my eMMC has a diff "R" arey between it and the main shield Anyone know where to solder the wires on this?

https://ibb.co/bsW3Sa

I'll keep watching this topic for the answer to this as well. I'm also interested in doing to this to my FTV2.

Let me know if you found any information.

Thanks

 

[rdpdo]

Hello all,

I am from France and I use a Fire TV Basic edition.

I will unsolder the BGA eMMC to get pinout and do a hardware rooting.

Can I use the root files for v1 or v2 on the FireTV bsic edition ?

Thanks !

 

[iLLNiSS]

Hello all,

I am from France and I use a Fire TV Basic edition.

I will unsolder the BGA eMMC to get pinout and do a hardware rooting.

Can I use the root files for v1 or v2 on the FireTV bsic edition ?

Thanks !

Did you ever lift the BGA to check pinout? I have a post with what I believe to be are the schematics of the chip (https://xdaforums.com/showpost.php?p=74681052&postcount=5) if you were looking to find the CMD/CLK/RST/DAT[0-7]/VCC/VSS pads elsewhere on the board.