FORUMS
Remove All Ads from XDA

[UNLOCK][ROOT][TWRP][UNBRICK] Fire HD 8 2018 (karnak) amonet-3

1,216 posts
Thanks Meter: 1,468
 
By k4y0z, Senior Member on 1st September 2019, 04:30 PM
Post Reply Email Thread
Read this whole guide before starting.

This is for the 8th gen Fire HD8 (karnak).

Current version: amonet-karnak-v3.0.1.zip

This is based on @xyz`s original work, but adds some features such as reboot to hacked BL.
It also intends to simplify the installation process.
If you are already unlocked you can simply update by flashing the ZIP-file in TWRP.


NOTE: If you are on a firmware lower than 6.3.1.2 this process does not require you to open your device, but should something go horribly wrong, be prepared to do so.


What you need:
  • A Linux installation or live-system
  • A micro-USB cable

Install python3, PySerial, adb, fastboot dos2unix. For Debian/Ubuntu something like this should work:
Code:
sudo apt update
sudo add-apt-repository universe
sudo apt install python3 python3-serial adb fastboot dos2unix
1. Extract the attached zip-file "amonet-karnak-v3.0.1.zip" and open a terminal in that directory.


NOTE: If you are already rooted, continue with the next step, otherwise get mtk-su by @diplomatic from here and place (the unpacked binary) into amonet/bin folder


2. Enable ADB in Developer Settings

3. Start the script:
Code:
sudo ./fireos-step.sh

NOTE: If you are on a firmware newer than 6.3.0.1, a downgrade is necessary, this requires bricking the device temporarily. (The screen won't come on at all)


To brick firmware 6.3.1.2 use the attached brick-karnak.zip, boot into fastboot
Code:
adb reboot bootloader
and run
Code:
./brick-6312.sh
Make sure ModemManager is disabled or uninstalled:
Code:
sudo systemctl stop ModemManager
sudo systemctl disable ModemManager
After you have confirmed the bricking by typing "YES", you will need disconnect the device and run
Code:
sudo ./bootrom-step-minimal.sh
Then plug the device back in.

The device will reboot into TWRP.

You can now install Magisk from there.


Going back to stock

Extract the attached zip-file "amonet-karnak-return-to-stock.zip" into the same folder where you extracted "amonet-karnak-v3.0.1.zip" and open a terminal in that directory.

Then run:
Code:
sudo ./return-to-stock.sh
Your device should reboot into Amazon Recovery. Use adb sideload to install stock image from there. (Make sure to use FireOS 6.3.0.0 or newer, otherwise you may brick your device)

Important information


Don't flash boot/recovery images from FireOS (FlashFire, MagiskManager etc.)

TWRP will prevent updates from overwriting LK/Preloader/TZ, so generally installing an update should work without issues (only full updates, incremental updates won't work).

For ROM developers there is still an option to overwrite these, which should only be done after thorough testing and if needed (LK should never be updated).

It is still advised to disable OTA.

Very special thanks to @xyz` for making all this possible and putting up with the countless questions I have asked, helping me finish this.
Special thanks also to @diplomatic for his wonderfull mtk-su, allowing you to unlock without opening the device.
Thanks to @Kaijones23 for testing.
Attached Files
File Type: zip amonet-karnak-v3.0.zip - [Click for QR Code] (17.05 MB, 1022 views)
File Type: zip amonet-karnak-return-to-stock.zip - [Click for QR Code] (17.62 MB, 1100 views)
File Type: zip amonet-karnak-v3.0.1.zip - [Click for QR Code] (17.05 MB, 3998 views)
File Type: zip brick-karnak.zip - [Click for QR Code] (4.32 MB, 1452 views)
The Following 19 Users Say Thank You to k4y0z For This Useful Post: [ View ] Gift k4y0z Ad-Free
1st September 2019, 04:30 PM |#2  
OP Senior Member
Thanks Meter: 1,468
 
Donate to Me
More
Unbricking / Unlocking with Firmware 6.3.1.2+

If Recovery OR FireOS are still accessible (or your firmware is below 6.3.1.2) there are other means of recovery, don't continue.

If your device shows one of the following symptoms:
  1. It doesn't show any life (screen stays dark)
  2. You see the white amazon logo, but cannot access Recovery or FireOS.

If you have a Type 1 brick, you may not have to open the device, if your device comes up in bootrom-mode (See Checking USB connection below).
  1. Make sure the device is powered off, by holding the power-button for 20+ seconds
  2. Start bootrom-step.sh
  3. Plug in USB

In all other cases you will have to open the device.

Make sure ModemManager is disabled or uninstalled:
Code:
sudo systemctl stop ModemManager
sudo systemctl disable ModemManager

NOTE: If you have issues running the scripts, you might have to run them using sudo.
Also try using different USB-ports (preferably USB-2.0-ports)


Open the device and short the pin marked in the attached photo to ground while plugging in.
1. Extract the attached zip-file "amonet-karnak-v3.0.zip" and open a terminal in that directory.

2. start the script:
Code:
sudo ./bootrom-step.sh
It should now say Waiting for bootrom.

3. Short the device according to the attached photo and plug it in.

4. When the script asks you to remove the short, remove the short and press enter.

5. Wait for the script to finish.
If it stalls at some point, stop it and restart the process from step 2.

6. Your device should now reboot into unlocked fastboot state.

7. Run
Code:
sudo ./fastboot-step.sh
8. Wait for the device to reboot into TWRP.

9. Use TWRP to flash custom ROM, Magisk or SuperSU

Checking USB connection
In lsusb the boot-rom shows up as:
Code:
Bus 002 Device 013: ID 0e8d:0003 MediaTek Inc. MT6227 phone
If it shows up as:
Code:
Bus 002 Device 014: ID 0e8d:2000 MediaTek Inc. MT65xx Preloader
instead, you are in preloader-mode, try again.

dmesg lists the correct device as:
Code:
[ 6383.962057] usb 2-2: New USB device found, idVendor=0e8d, idProduct=0003, bcdDevice= 1.00
Attached Thumbnails
Click image for larger version

Name:	karnak-bootrom.jpg
Views:	1586
Size:	143.0 KB
ID:	4815105  
The Following 8 Users Say Thank You to k4y0z For This Useful Post: [ View ] Gift k4y0z Ad-Free
1st September 2019, 04:31 PM |#3  
OP Senior Member
Thanks Meter: 1,468
 
Donate to Me
More
Reserved #2
The Following 2 Users Say Thank You to k4y0z For This Useful Post: [ View ] Gift k4y0z Ad-Free
1st September 2019, 04:31 PM |#4  
OP Senior Member
Thanks Meter: 1,468
 
Donate to Me
More
Reserved #3
The Following 2 Users Say Thank You to k4y0z For This Useful Post: [ View ] Gift k4y0z Ad-Free
1st September 2019, 08:52 PM |#6  
OP Senior Member
Thanks Meter: 1,468
 
Donate to Me
More
Quote:
Originally Posted by Rortiz2

This is very cool @k4y0z!
Now we can use boot-recovery.sh & boot-fastboot no?
Regards!

Yes, that is also supported.
The Following User Says Thank You to k4y0z For This Useful Post: [ View ] Gift k4y0z Ad-Free
1st September 2019, 11:59 PM |#7  
Senior Member
Thanks Meter: 61
 
More
Quote:
Originally Posted by k4y0z


NOTE: If you are on a firmware lower than 6.3.1.2 this process does not require you to open your device, but should something go horribly wrong, be prepared to do so.


NOTE: If you are on a firmware newer than 6.3.0.1, a downgrade is necessary, this requires bricking the device temporarily. (The screen won't come on at all)[/COLOR]

So do you need to open the case to run this exploit on the newest firmware, or can you just brick to install older lk/preloader, and go from there?
2nd September 2019, 01:25 AM |#8  
OP Senior Member
Thanks Meter: 1,468
 
Donate to Me
More
Quote:
Originally Posted by Kctucka

So do you need to open the case to run this exploit on the newest firmware, or can you just brick to install older lk/preloader, and go from there?

On 6.3.1.2 mtk-su has been fixed, so unless you already have root (or another way to get temp-root is found), bricking isn't an option and you will have to open the case.
If you do have root the script will do the bricking for you.
The Following 2 Users Say Thank You to k4y0z For This Useful Post: [ View ] Gift k4y0z Ad-Free
2nd September 2019, 06:19 AM |#9  
Senior Member
Thanks Meter: 93
 
More
@k4y0z For people who already used the steps in xyz's thread and are running your TWRP and LineageOS, is there anything here that we're missing? Or is this just a new method to arrive at the same results?
2nd September 2019, 01:40 PM |#10  
OP Senior Member
Thanks Meter: 1,468
 
Donate to Me
More
Quote:
Originally Posted by jibgilmon

@k4y0z For people who already used the steps in xyz's thread and are running your TWRP and LineageOS, is there anything here that we're missing? Or is this just a new method to arrive at the same results?

Quote:
Originally Posted by k4y0z

This is based on @xyz`s original work, but adds some features such as reboot to hacked BL.
It also intends to simplify the installation process.
If you are already unlocked you can simply update by flashing the ZIP-file in TWRP.

Additionally it adds support for the boot-recovery and boot-fastboot scripts.
And a script to enable UART output for the kernel.
So nothing essential if you are already using the updated TWRP.
The Following User Says Thank You to k4y0z For This Useful Post: [ View ] Gift k4y0z Ad-Free
3rd September 2019, 03:28 PM |#11  
DB126's Avatar
Senior Member
Thanks Meter: 9,511
 
More
Ran this pup on a unit that I was keeping unrooted (aside from occational temp root via mtk-su) as a control but was becoming painful to use/maintain. Also missed TWRP. Worked like a champ with zero issues ... aside from stumbling over my own stupidity. Used Lubuntu live 18.04 and Magisk 19.3/7.3.2. Staying on FireOS 6.3.0.1 (w/hijacks) for now until a fully vetted custom ROM becomes available.

Thanks for the great tool and accompanying guidance.
The Following 2 Users Say Thank You to DB126 For This Useful Post: [ View ] Gift DB126 Ad-Free
Post Reply Subscribe to Thread

Tags
root, twrp, unbrick, unlock

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes