FORUMS
Remove All Ads from XDA

Multi-platform 1-Click bootloader unlock for *ANY* 3rd Gen HDX (with VirtualBox)

481 posts
Thanks Meter: 463
 
By draxie, XDA Ad-Free Senior Member on 4th November 2015, 06:43 PM
Post Reply Email Thread
Big thanks to all the testers who helped find some of the last bugs!

1-Click is now ready for release. The reason I won't post a link here is
to save careless Windows users from shooting themselves in the foot.
  1. No prerequisites on the device side
    • no root needed
    • full stock is OK
    • stuck in fastboot is fine
    • heck, it even works with _some_ soft-bricks
  2. Does NOT work on Windows, only Mac and Linux
    1-Click is a virtual machine and a script that starts the VM in VirtualBox.
    Unfortunately, VirtualBox in Windows fails to pass certain USB devices
    including the HDX in bulk mode from your regular operating system
    (i.e. the one your computer starts when you turn it on) to the VM.
  3. Network access required to grab the right aboot + TWRP for your device
  4. Optional TWRP magic to auto-install ROM.zip, GAPPS.zip, and SU.zip from /sdcard

PM me for a personal link and please state your regular HOST operating system.
Running 1-Click inside another VM is almost guaranteed NOT to work.

Requests without HOST OS information will be deleted without further ado.

UPDATE (2019-01-30)
My hosting provider recently upgraded to a new OpenSSL version
that is incompatible with older 1-Click builds, resulting in the error
Code:
1-Click needs network access!
in the web UI during start-up. If you experience this, request a link
to the latest build that fixes the issue.
The Following 113 Users Say Thank You to draxie For This Useful Post: [ View ] Gift draxie Ad-Free
 
 
4th November 2015, 08:16 PM |#2  
DB126's Avatar
Senior Member
Thanks Meter: 9,294
 
More
Quote:
Originally Posted by draxie

Title says it all..

(Well, almost: you need a vulnerable bootloader,
i.e. 3.2.3.2 or earlier, that foolishly accepts forged
signatures...)

Download and unpack the attached zip file.
Run the right '1-Click' script for your platform
(that is, '1-Click.bat' for Windows users,
and '1-Click' on OS X and Linux).

Simply clicking on the script works in Windows and OS X.
On these more "one-size fits all" operating systems, the scripts
-modulo network connectivity- will also download and install
VirtualBox, if it's not already installed.


Linux users need either VirtualBox or QEMU installed.
There are simply too many variants to automate this
for all the different distros. Sorry...

On some Linux variants, instead of launching the script
the click action opens the script in editor... YMMV
This may, in fact, be very useful, since on some of the same
Linux variants the script has to be run as root to avoid
automounters taking precedence; in which case, you're
well advised to make sure you read and understand what
the script is doing before you run it as root
, because I take no
-that is: ZERO- responsibility for any damage that may result
.


I personally tested the scripts on

  • Linux: Mint 17.2 (both 32-bit and 64-bit versions)
  • OS X: Mountain Lion, Yosemite, El Capitan
  • Windows: 7, 8.1, 10


The 1-Click VM runs a minimal Linux system with adb/fastboot
and a pure C "cuber" using OpenSSL's BigNum library.

No need to download adb/fastboot, python, or worry about
drivers on your host system.

Good luck!


Very cool! Will be interesting to try this out (have to wait for a someone with an eligible device that is willing to give it a whirl).
The Following 3 Users Say Thank You to DB126 For This Useful Post: [ View ] Gift DB126 Ad-Free
5th November 2015, 05:00 AM |#3  
OP Senior Member
Thanks Meter: 463
 
Donate to Me
More
Any takers?
Quote:
Originally Posted by Davey126

Very cool! Will be interesting to try this out (have to wait for a someone with an eligible device that is willing to give it a whirl).

BTW, this works with already unlocked devices also,
if anyone is willing to do some independent testing.
This is how I tested also... should be completely harmless.
The Following 3 Users Say Thank You to draxie For This Useful Post: [ View ] Gift draxie Ad-Free
8th November 2015, 01:17 AM |#4  
Junior Member
Thanks Meter: 4
 
More
Ran this against my HDX 7
Puttytel reported an 'error reading from serial device', but after it had initiated device shutdown so just a gui annoyance (I'm on windows, so commonplace.) It seemed to work, but I haven't verified yet..

> fastboot -i 0x1949 oem device-info

kindle fire [fastboot]
oem device-info...Device tampered: false
Ok.

I'll do some more testing later.
The Following User Says Thank You to codeshane For This Useful Post: [ View ] Gift codeshane Ad-Free
8th November 2015, 08:25 AM |#5  
OP Senior Member
Thanks Meter: 463
 
Donate to Me
More
Quote:
Originally Posted by codeshane

Puttytel reported an 'error reading from serial device', but after it had initiated device shutdown so just a gui annoyance (I'm on windows, so commonplace.) It seemed to work, but I haven't verified yet..

> fastboot -i 0x1949 oem device-info

kindle fire [fastboot]
oem device-info...Device tampered: false
Ok.

I'll do some more testing later.

Thanks for reporting back!
The puttytel message is normal: the serial port it's talking to
disappears when the VM shuts down.

If/when you test again do check your Kindle after the fastboot prompt
appears but **before** you hit [Enter] in the puttytel window!
You should see "Unlock code correct" in green,
if the unlock worked...

Other than that, since you seem to have fastboot working, you can use
Code:
fastboot -i 0x1949 oem idme ?
to see if your device is unlocked (see here for a list of commands).
The Following 3 Users Say Thank You to draxie For This Useful Post: [ View ] Gift draxie Ad-Free
9th November 2015, 01:06 AM |#6  
Junior Member
Thanks Meter: 4
 
More
Quote:
Originally Posted by draxie

Other than that, since you seem to have fastboot working, you can use

Code:
fastboot -i 0x1949 oem idme ?
to see if your device is unlocked (see here for a list of commands).

C:\>fastboot -i 0x1949 oem idme ?
...
(bootloader) board_id: 0c0400
(bootloader) serial: xxxxxxxxxxxxxxxx
(bootloader) mac_addr: 00BB3Axxxxxx
(bootloader) bt_mac_addr: 00BB3Axxxxxx
(bootloader) productid: 0
(bootloader) productid2: 0
(bootloader) bootmode: 1
(bootloader) postmode: 0
(bootloader) bootcount: 203
(bootloader) panelcal:
(bootloader) time_offset: 0
(bootloader) signature:
(bootloader) idme done
OKAY [ 0.359s]
finished. total time: 0.361s

I feel rusty, haven't done any android dev in two years.. never tried to unlock a bootloader beyond 'fastboot oem unlock' before, but I really don't want them re-locking this one (they've taken root from me twice before.) I verified I have root still, but some apps are reporting that I don't. lame. more tests when I have some time, thanks for your time and effort!

Update:
Successfully flashed twrp recovery image recovery-twrp-recovery-2-8-1-0-apollo-t2991155

Happily considering ROMs to blow-away Amazon's 'os' with
The Following User Says Thank You to codeshane For This Useful Post: [ View ] Gift codeshane Ad-Free
9th November 2015, 03:06 AM |#7  
DB126's Avatar
Senior Member
Thanks Meter: 9,294
 
More
Quote:
Originally Posted by codeshane

C:\>fastboot -i 0x1949 oem idme ?
...
(bootloader) board_id: 0c0400
(bootloader) serial: xxxxxxxxxxxxxxxx
(bootloader) mac_addr: 00BB3Axxxxxx
(bootloader) bt_mac_addr: 00BB3Axxxxxx
(bootloader) productid: 0
(bootloader) productid2: 0
(bootloader) bootmode: 1
(bootloader) postmode: 0
(bootloader) bootcount: 203
(bootloader) panelcal:
(bootloader) time_offset: 0
(bootloader) signature:
(bootloader) idme done
OKAY [ 0.359s]
finished. total time: 0.361s

Quote:
Originally Posted by codeshane

I feel rusty, haven't done any android dev in two years.. never tried to unlock a bootloader beyond 'fastboot oem unlock' before, but I really don't want them re-locking this one (they've taken root from me twice before.) I verified I have root still, but some apps are reporting that I don't. lame. more tests when I have some time, thanks for your time and effort!

Update:
Successfully flashed twrp recovery image recovery-twrp-recovery-2-8-1-0-apollo-t2991155

Happily considering ROMs to blow-away Amazon's 'os' with

Thoughts:
- take a backup of your current rom before flashing; leave it on the device until the new rom is stable (simplifies recovery)
- if you get a response from 'fastboot -i 0x1949 oem idme' your bootloader is unlocked!
- once you overwrite FireOS there is no chance of loosing root due to Amazon actions. OTA capability is baked into FireOS - not the device firmware.
- If you like AOSP go with Nexus v4. Any of the other HDX roms (CM11, CM12, SlimLP) are also fine choices. Each has a few minor quirks but no major 'gotchas'.
The Following 2 Users Say Thank You to DB126 For This Useful Post: [ View ] Gift DB126 Ad-Free
11th November 2015, 12:35 AM |#8  
Junior Member
Thanks Meter: 4
 
More
Sorry for the delay, wrote back a while ago but I guess it didn't post (cellular, pfft.)

Went for the Nexus v4 rom, which is running great so far. Thanks again for such a brilliantly simple unlock utility!
The Following User Says Thank You to codeshane For This Useful Post: [ View ] Gift codeshane Ad-Free
17th November 2015, 12:19 AM |#9  
Member
Thanks Meter: 3
 
More
I have a few questions.

1. How can I tell I have a vulnerable bootloader?
I've been on Safestrap 3.7 and one of the early 4.2.2 Android Roms since the December after the HDX's release. My stock slot Fire OS hasn't been updated either. So am I on a vulnerable bootloader? How do I check?
2. Where do I start with this?
Is there anything I need to remove? Do I need to be on the stock Fire OS slot? Or do I simply run it as you stated.
3. After the unlock where do I go from there?
I'm so out of the loop I don't know what's the ideal stable rom to use .

Thanks, I'd appreciate any help .
17th November 2015, 02:40 AM |#10  
DB126's Avatar
Senior Member
Thanks Meter: 9,294
 
More
Quote:
Originally Posted by zXiC

I have a few questions.

1. How can I tell I have a vulnerable bootloader?
I've been on Safestrap 3.7 and one of the early 4.2.2 Android Roms since the December after the HDX's release. My stock slot Fire OS hasn't been updated either. So am I on a vulnerable bootloader? How do I check?
2. Where do I start with this?
Is there anything I need to remove? Do I need to be on the stock Fire OS slot? Or do I simply run it as you stated.
3. After the unlock where do I go from there?
I'm so out of the loop I don't know what's the ideal stable rom to use .

Thanks, I'd appreciate any help .

Check your FireOS version in the stock slot. If 3.2.6 or below you can unlock the bootloader. The rollback procedure depends on the current version of FireOS. Report back and we'll go from there.
17th November 2015, 10:31 AM |#11  
Senior Member
Thanks Meter: 192
 
More
Just a little add-on to @Davey126's info:
3.2.3.2 and lower can unlock, 3.2.4 - 3.2.6 must downgrade first.
Once on 3.2.8 or higher you can NOT downgrade anymore due to rollback protection by Amazon, attempting would brick the device! So if you're on 3.2.6 or lower do NOT update!
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes