FORUMS
Remove All Ads from XDA

[UNLOCK][ROOT][TWRP][UNBRICK] Fire TV Stick 4K (mantis)

1,149 posts
Thanks Meter: 1,360
 
By k4y0z, Senior Member on 5th October 2019, 08:55 PM
Post Reply Email Thread
After the old bootrom-exploit (amonet) we've been using for unlocking all these Fire-gadgets is closed in more recent Mediatek SOCs like the one used in the FireTV Stick 4K, @xyz` has done it again and found another bootrom-exploit.
Together we proudly present kamakiri for the FireTV Stick 4K.

Before proceeding make sure to read and understand this entire post.

Running this exploit requires a patched linux-kernel on the PC you are using.
We have put together a Live-ISO that already contains all prerequisites required for running kamakiri.
You can find the current version of the ISO at:
https://github.com/amonet-kamakiri/fireiso/releases

It can be burned to a CD or to a USB-flashdrive.

Current Version: kamakiri-mantis-v1.0.zip

You will need to open the device and remove the heatshield on the side without the antennas (2 square bricks).
NOTE:It is not required to desolder or force the shield off, it is just clipped onto a frame. (The attached picture may be a bit misleading, since it also has the frame removed)

You will need something for shorting (wire, aluminum foil etc.)
  1. Boot the ISO
  2. Download and extract the exploit package.
  3. Open a terminal in the kamakiri directory
  4. Run
    Code:
    ./bootrom-step.sh
  5. Short one of the points in the attached photo to ground (the cage of the shielding).
    Ideally you want to use DAT0, since that is tiny it might be easier to short the point marked CLK instead.
    It is very important that you use a piece of soft wire or aluminum foil or something similar for shorting. Don't use tweezers as that makes it incredibly easy to knock of the capacitor off the PCB and kill the board!
  6. Connect the stick to your computer (while keeping it shorted)
  7. The script should tell you to release the short and hit enter
  8. Once finished run
    Code:
    ./fastboot-step.sh
  9. Your device will now reboot into TWRP

Important information

Don't flash boot/recovery images from FireOS (FlashFire, MagiskManager etc.)

TWRP will prevent updates from overwriting LK/Preloader/TZ, so generally installing an update should work without issues (only full updates, incremental updates won't work).

For ROM developers there is still an option to overwrite these, which should only be done after thorough testing and if needed (LK should never be updated).

It is still advised to disable OTA.

thanks to @hwmod for the picture
thanks to @Sus_i for providing an update.bin
thanks to @zeroepoch for developing aftv2-tools

XDA:DevDB Information
kamakiri, Tool/Utility for the Amazon Fire TV

Contributors
k4y0z, xyz`
Source Code: https://github.com/amonet-kamakiri/


Version Information
Status: Stable
Current Stable Version: 1.0.0
Stable Release Date: 2019-10-05

Created 2019-10-05
Last Updated 2019-10-14
Attached Thumbnails
Click image for larger version

Name:	FireTVStick_4k.jpg
Views:	3778
Size:	192.9 KB
ID:	4836291  
Attached Files
File Type: zip kamakiri-mantis-v1.0.zip - [Click for QR Code] (14.50 MB, 988 views)
The Following 30 Users Say Thank You to k4y0z For This Useful Post: [ View ] Gift k4y0z Ad-Free
5th October 2019, 08:57 PM |#2  
OP Senior Member
Thanks Meter: 1,360
 
Donate to Me
More
There are three options for interacting with TWRP:
  1. A mouse via USB-OTG
  2. TWRP commandline via adb: https://twrp.me/faq/openrecoveryscript.html
  3. Via /cache/recovery/command

Example for /cache/recovery/command:
Code:
echo "--update_package=/path/to/zipfile" > /cache/recovery/command
echo "--wipe_cache" >> /cache/recovery/command
reboot recovery
Should you somehow end in a bootloop, TWRP contains a special boot menu that will be displayed when you boot the stick with an OTG-cable connected.
It will give you 5 seconds to hit cancel and stay in TWRP or reboot into the OS otherwise.

NOTE:This will only work if the boot-exploit is still there.
The Following 8 Users Say Thank You to k4y0z For This Useful Post: [ View ] Gift k4y0z Ad-Free
5th October 2019, 08:57 PM |#3  
OP Senior Member
Thanks Meter: 1,360
 
Donate to Me
More
Reserved #2
The Following 4 Users Say Thank You to k4y0z For This Useful Post: [ View ] Gift k4y0z Ad-Free
5th October 2019, 10:29 PM |#5  
Brun0ls's Avatar
Member
Flag Balneário Camboriú
Thanks Meter: 37
 
More
Mother of GOD.

Can't believe.

And can't wait for a clean Android TV Rom.
It will be amazing since I need to use an American account to use this fire stick 4k in my country.
5th October 2019, 10:40 PM |#6  
Complete, no issues... Great job! Thanks for the live USB, could not have made this easier!
The Following 3 Users Say Thank You to Michajin For This Useful Post: [ View ] Gift Michajin Ad-Free
5th October 2019, 11:04 PM |#7  
@k4y0z I wonder why this cannot be done in Ubuntu?
I'm able to install pyusb with:
Code:
sudo apt-get install python-usb python3-usb
And then the scripts start. Is due the kernel patch?
BTW: good work I still looking at the exploit in github and looks awesome lol.
The Following User Says Thank You to Rortiz2 For This Useful Post: [ View ] Gift Rortiz2 Ad-Free
5th October 2019, 11:19 PM |#8  
OP Senior Member
Thanks Meter: 1,360
 
Donate to Me
More
Quote:
Originally Posted by Rortiz2

@k4y0z I wonder why this cannot be done in Ubuntu?

Quote:
Originally Posted by k4y0z

Running this exploit requires a patched linux-kernel on the PC you are using.

If you patch your kernel, there is no reason it wouldn't work on ubuntu.
The Following User Says Thank You to k4y0z For This Useful Post: [ View ] Gift k4y0z Ad-Free
6th October 2019, 12:42 AM |#10  
Member
Thanks Meter: 15
 
More
Thanks to everyone involved. So happy to get some control over the 4k!
6th October 2019, 12:42 AM |#11  
Recognized Developer
Thanks Meter: 2,430
 
Donate to Me
More
Can someone explain how to get the shield off?
The Following User Says Thank You to rbox For This Useful Post: [ View ]
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread