FORUMS
Remove All Ads from XDA

[ROOT] Rooting the FireTV Cube and Pendant with FireFU

61 posts
Thanks Meter: 63
 
By xXhighpowerXx, Member on 1st November 2018, 09:20 AM
Post Reply Email Thread
Today we’re excited to be bringing you something we’ve been working on for the last few months. Today, we’re introducing you to FireFU. FireFU is an exploit chain we’ve created to allow users to unlock (and root) their FireTV Cube and FireTV Pendant.

FireFU picture

https://blog.exploitee.rs/2018/rooti...t-with-firefu/

Exploit package
This download is intended for users who are only seeking the binaries to perform the exploit.
https://download.exploitee.rs/file/a...eFU/FireFU.tgz

Source Code
This is for the users who are needing to recompile the exploit or are just curious about the process.
https://gitlab.com/Exploiteers/FireFU_Exploit
https://gitlab.com/Exploiteers/amlogic_usb_mmc
The Following 8 Users Say Thank You to xXhighpowerXx For This Useful Post: [ View ] Gift xXhighpowerXx Ad-Free
1st November 2018, 02:50 PM |#2  
Senior Member
Thanks Meter: 776
 
More
This is nowhere near achievable for most XDA users though.
1st November 2018, 09:18 PM |#3  
Senior Member
Thanks Meter: 29
 
More
This is amazing. Thanks a lot.
I'm completely newbie but look forward testing this.
Can this exploit be eventually patched by Amazon so it's better to block updates if you don't use it immediately?
EDIT: I just read they can but I meant if they can patch with future updates so that the process is defeated and can't be used anymore.

Regards and congratulations.
Pino.
2nd November 2018, 08:30 AM |#4  
OP Member
Thanks Meter: 63
 
More
Quote:
Originally Posted by puppinoo

This is amazing. Thanks a lot.
I'm completely newbie but look forward testing this.
Can this exploit be eventually patched by Amazon so it's better to block updates if you don't use it immediately?
EDIT: I just read they can but I meant if they can patch with future updates so that the process is defeated and can't be used anymore.

Regards and congratulations.
Pino.

Yes the exploit is patchable. Amazon will probably patch it in the next firmware release. I'm not sure how long this exploit will last. Make sure to disable OTA update after you rooted it. This exploit also allow you to run custom roms too since it bypass the signature check in uboot SoC is similar to Odroid C2 board so you might able to run it image on the FireTV with little/no modifications.
The Following User Says Thank You to xXhighpowerXx For This Useful Post: [ View ] Gift xXhighpowerXx Ad-Free
2nd November 2018, 09:21 PM |#5  
Senior Member
Thanks Meter: 29
 
More
Quote:
Originally Posted by xXhighpowerXx

Yes the exploit is patchable. Amazon will probably patch it in the next firmware release. I'm not sure how long this exploit will last. Make sure to disable OTA update after you rooted it. This exploit also allow you to run custom roms too since it bypass the signature check in uboot SoC is similar to Odroid C2 board so you might able to run it image on the FireTV with little/no modifications.

Thanks for precious info,
I already blocked URLs from Amazon on my LEDE router in dnsmasq.conf.
Really interesting. I have LibreElec installed on my Odroid C2 and the idea of installing a Linux distro on the pendant is also interesting.

BTW I stress my gratitude cause your work is amazing.
Pino.
4th November 2018, 11:34 PM |#6  
Senior Member
Thanks Meter: 75
 
More
Quote:
Originally Posted by xXhighpowerXx

.

Is the HDMI breakout adapter linked in the wiki the correct one that would be needed for this project?

https://www.amazon.com/Adapter-signa...fb94f55bfd7ebe

From what I can tell from the pictures, that breakout board has a male adapter, but you would need a female adapter to plug the Fire TV into, correct?

Also, would it be possible to provide a little more detail on the command line steps needed? I'm a Linux novice so I'm having a little difficulty trying to figure out how to execute some of these steps. The exact commands for each step would be great. Thanks for your work!
4th November 2018, 11:55 PM |#7  
Senior Member
Flag Central FL
Thanks Meter: 278
 
More
Quote:
Originally Posted by AZImmortal

Is the HDMI breakout adapter linked in the wiki the correct one that would be needed for this project?

https://www.amazon.com/Adapter-signa...fb94f55bfd7ebe

From what I can tell from the pictures, that breakout board has a male adapter, but you would need a female adapter to plug the Fire TV into, correct?

Correct. Something like this is what you need. This looks like the one used in the wiki.

IMO, putting the device into DFU mode is the bottleneck. You will have to set up the correct udev rules to get the Amlogic side recognized through the HDMI breakout.

(The Linux rooting commands are in the video.)
5th November 2018, 02:27 AM |#8  
Senior Member
Thanks Meter: 75
 
More
Quote:
Originally Posted by retyre

Correct. Something like this is what you need. This looks like the one used in the wiki.

IMO, putting the device into DFU mode is the bottleneck. You will have to set up the correct udev rules to get the Amlogic side recognized through the HDMI breakout.

(The Linux rooting commands are in the video.)

Thanks for confirming about the HDMI breakout. I found this on AliExpress for the cheapest option (but longest delivery time). Can you explain what you mean by the DFU mode bottleneck? I know that the Fire TV has to be put into DFU mode, but I wasn't sure if you meant that it's trickier than it seems (like maybe some computers don't have the right chipset or something along those lines). Also, I saw the video but it seems to start at step 7, which is basically where the easy parts of the process start, haha. I need more details on the earlier steps.
5th November 2018, 05:37 PM |#9  
Senior Member
Flag Central FL
Thanks Meter: 278
 
More
Quote:
Originally Posted by AZImmortal

Can you explain what you mean by the DFU mode bottleneck? I know that the Fire TV has to be put into DFU mode, but I wasn't sure if you meant that it's trickier than it seems (like maybe some computers don't have the right chipset or something along those lines).

There are so many variables here: genuine Arduino vs. counterfeit, quality of the HDMI breakout board, USB 3.0 vs. 2.0, Linux box with proper udev rules, ...

Take a look at something like this if you want to automate the last part (udev).
6th November 2018, 02:11 AM |#10  
Senior Member
Thanks Meter: 75
 
More
Quote:
Originally Posted by retyre

There are so many variables here: genuine Arduino vs. counterfeit, quality of the HDMI breakout board, USB 3.0 vs. 2.0, Linux box with proper udev rules, ...

I have an Arduino clone but I've never actually used it for real (other than flashing sketches to it to make sure that it works), but assuming that the clone is functional, then what kind of issues might prevent it from working for this project? I guess same question goes for the breakout board and USB 3.0 vs 2.0. Just trying to figure out what kind of obstacles I might encounter if I decide to try this.

Quote:
Originally Posted by retyre

Take a look at something like this if you want to automate the last part (udev).

This helps put things a little more together for me (at least I know which libusb I'd need to install). I'm still not sure that I understand how to execute step 1 or step 6 under the Rooting Process instructions though.

Thanks for the help so far.
The Following User Says Thank You to AZImmortal For This Useful Post: [ View ] Gift AZImmortal Ad-Free
6th November 2018, 04:19 AM |#11  
Senior Member
Flag Central FL
Thanks Meter: 278
 
More
Quote:
Originally Posted by AZImmortal

his helps put things a little more together for me (at least I know which libusb I'd need to install). I'm still not sure that I understand how to execute step 1 or step 6 under the Rooting Process instructions though.

Depending on the Linux distro, libusb may already be installed. Run dpkg -l libusb* to check.

Step 1: udev rules are set up in /etc/udev/rules.d/. You will have to create a file (e.g., 90-usb-serial.rules) with the information (usually, the subsystem, vendor-product attributes as mentioned in the wiki, name, symlink, etc.). Syntax varies by distro. You should test your rule with a less tricky device that's guaranteed to show up (e.g., a common peripheral) and see whether the name or symlink in the rule was picked up properly.

Step 6: In general, lsusb lists the USB devices connected to the Linux box. For example, if you connect just the Arduino and run lsusb, you should see the Due show up as, say, 2341:003d. If everything works as planned (i.e., the AFTV3 gets into DFU mode), you should see the correct device show up when you run lsusb (1b8e:c003). If it does not, you now have to check all the failure points: whether the sketch was flashed properly, whether the Arduino's or breakout's SCL and SDA pins are working properly, whether the USB port is the issue, whether the jumper wire or cable is the issue, and whether your udev rule was set up properly. In the event of an unsuccessful outcome (i.e., Amlogic doesn't show up in lsusb), isolating the issue can be a bear.

There's only one way to find out. Gather the paraphernalia, test it out, and post here!
The Following User Says Thank You to retyre For This Useful Post: [ View ] Gift retyre Ad-Free
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes