• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!
  • Fill out your device list and let everyone know which phones you have!    Edit Your Device Inventory

Search results

  1. K

    Post New Fire HD10 2019 Bootless Root Method + Bootloader Unlock Brainstorming

    Then you killed the GPT and part of kb partition. Try running the gpt-fix.sh script in kamakiri to repair the GPT.
  2. K

    Post [UNLOCK][ROOT][TWRP][UNBRICK] Fire TV Stick 4K (mantis)

    Can you add a warning, that people who have installed this version at one point should refrain from installing any stock >= 6.2.8.0 if they want to keep their efuse?
  3. K

    Post New Fire HD10 2019 Bootless Root Method + Bootloader Unlock Brainstorming

    The latest kamakiri version that I posted somewhere here in this thread, should flash all the partitions, that can't be flashed using SPFT.
  4. K

    Post New Fire HD10 2019 Bootless Root Method + Bootloader Unlock Brainstorming

    Try selecting USB mode instead of Serial if you're on Windows. Also you won't be able to flash all of the partitions using SPFT, the ones that don't work will need to be flashed using kamakiri. You'll have to rerun the bypass after every action in SPFT.
  5. K

    Post [MOD][DEV] MediaTek / MTK - Auth Bypass (SLA/DAA) - Utility

    I was trying to help you. You keep ignoring the information I give you. Good luck, I'm done.
  6. K

    Post [MOD][DEV] MediaTek / MTK - Auth Bypass (SLA/DAA) - Utility

    There are few devices with no security, Amazon's aren't among them. Just for reference this is mustang: [2021-06-23 21:50:10.588856] Device hw code: 0x8163 [2021-06-23 21:50:10.588976] Device hw sub code: 0x8a00 [2021-06-23 21:50:10.589027] Device hw version: 0xcb00 [2021-06-23...
  7. K

    Post [MOD][DEV] MediaTek / MTK - Auth Bypass (SLA/DAA) - Utility

    Theoretically amonet could disable secure-boot just like bypass-utility does, it typically works by exploiting LK (and then modifying it in memory) though. It could probably also be modified to load a modified LK after LK has been exploited. I'm not familiar with the amonet-fork for m5c...
  8. K

    Post [MOD][DEV] MediaTek / MTK - Auth Bypass (SLA/DAA) - Utility

    :rolleyes: If it did start with preloader i.e. secure boot being disabled, you could simply flash a modified preloader and do whatever you want. That sounds like a lot of BS... DAA = Download Agent Authentication. Disabling it allows booting unsigned images, such as a generic DA, which has...
  9. K

    Post [MOD][DEV] MediaTek / MTK - Auth Bypass (SLA/DAA) - Utility

    No, it starts at bootrom. Which is precisely what the bypass-utility does. Using a generic DA also requires DAA to be disabled. SBC does not need to be disabled for SPFT, which is why the utility will only disable security if DAA or SLA are detected (unless you use the --force option)...
  10. K

    Post [MOD][DEV] MediaTek / MTK - Auth Bypass (SLA/DAA) - Utility

    The bypass utility can already disable all of these security featuers, so not sure what modification would be needed. You won't be able to boot a modified preloader with security enabled. Again, you won't be able to load a modified preloader with security enabled. You could probably use a...
  11. K

    Post [MOD][DEV] MediaTek / MTK - Auth Bypass (SLA/DAA) - Utility

    Any USB-UART adapter (ftdi) should work fine. If your device is fused (DL Mode disabled) then bypass cannot work either. Bypass disables DAA and SLA, which allows using generic download agent without authentication. To unbrick you'll probably have to access the EMMC directly using the...
  12. K

    Post [UNLOCK][ROOT][TWRP][UNBRICK][DOWNGRADE] Fire 7 (ford and austin).

    Yes, I would suggest you read the OP.
  13. K

    Post [UNLOCK][ROOT][TWRP][UNBRICK][DOWNGRADE] Fire 7 (ford and austin).

    Yes, it's all described in the OP.
  14. K

    Post [MOD][DEV] MediaTek / MTK - Auth Bypass (SLA/DAA) - Utility

    Not really sure what you're asking. As long as brom dl-mode isn't fused on your device, check this thread to recover: https://forum.xda-developers.com/t/fire-7-2019-mustang-unbrick-downgrade-unlock-root.3944365/ Baudrates for UART are 115200 for bootrom and 921600 for the rest.
  15. K

    Post [MOD][DEV] MediaTek / MTK - Auth Bypass (SLA/DAA) - Utility

    Try using USB instead of UART and DON'T RUN the bypass-utility.
  16. K

    Post [MOD][DEV] MediaTek / MTK - Auth Bypass (SLA/DAA) - Utility

    What's the issue? This device doesn't have any security enabled, so there's nothing to bypass.
  17. K

    Post Fire TV Stick 4K Firmware and apps. Official Cloud Front direct links

    As @rbox already noted 6.2.8.0 adds the efuse_write to the efuse_check.sh: The downgrade issue is probably just incompatibility with userdata. A factory reset would probably fix that.
  18. K

    Post Fire TV Stick 4K Firmware and apps. Official Cloud Front direct links

    TWRP will prevent tz from being updated and for burning the fuse tz >= 6.2.7.7 is needed. If you don't want to factory reset, the alternative is to upgrade again to newer firmware via TWRP.
  19. K

    Post Fire TV Stick 4K Firmware and apps. Official Cloud Front direct links

    Not as far as I know, I haven't specifically checked though. Could be a testrun on mantis before they do it on other devices. If they do, they'll likely only do it on devices that are still being sold. That sounds like something that should be fixable with a factory reset. If the device was...
  20. K

    Post Fire TV Stick 4K Firmware and apps. Official Cloud Front direct links

    Was this on a locked or unlocked device? Did you try factory-reset after downgrade? If it does show the logo it doesn't sound like RPMB Anti-rollback. As long as tz stays at 6.2.7.6 or below, writing the efuse shouldn't work. 6.2.7.7 was the first that introduced the efuse read/write in tz and...
  21. K

    Post New Fire HD10 2019 Bootless Root Method + Bootloader Unlock Brainstorming

    Might want to give @diplomatic a ping. If you see "Mediatek Phone" your device is vulnerable. Testpoint for suez is well-known and documented. I am not aware of any button combination to enter bootrom on suez.
  22. K

    Post [UNLOCK][ROOT][TWRP][UNBRICK] FireTV 2 (sloane)

    I did miss that, thanks for clarifying. However even if you want to go back to stock, I would suggest leaving GPT untouched which will make it easier should you decide to unlock again. boot_x and recovery_x will just remain unused on a locked device.
  23. K

    Post [UNLOCK][ROOT][TWRP][UNBRICK] FireTV 2 (sloane)

    I'm still not sure what you're trying to achieve. In locked fastboot you cannot flash any images. If you flashed the stock boot.img as I described earlier your device should be locked and TWRP replaced with stock recovery, is that not the case? No need to install pre-rooted if you want to...
  24. K

    Post [UNLOCK][ROOT][TWRP][UNBRICK] FireTV 2 (sloane)

    Not sure what version 36.6.5.9 is supposed to be, maybe @Sus_i or @Rortiz2 can confirm which is the latest version. The procedure I described should result in a locked device with stock OS + recovery. Was TWRP not replaced with stock recovery after reboot? I don't know if or how you blocked...
  25. K

    Post [UNLOCK][ROOT][TWRP][UNBRICK] FireTV 2 (sloane)

    Did you install the OTA first and then flashed the boot.img from that same OTA? After reboot to FireOS it should restore stock recovery. What do you mean, it still doesn't update?
  26. K

    Post [UNLOCK][ROOT][TWRP][UNBRICK] FireTV 2 (sloane)

    Apparently flashing boot.img using fastboot causes issues on sloane, use dd from TWRP commandline instead: adb push boot.img /sdcard/ adb shell dd if=/sdcard/boot.img of=/dev/block/platform/mtk-msdc.0/by-name/boot_amonet
  27. K

    Post [UNLOCK][ROOT][TWRP][UNBRICK] FireTV 2 (sloane)

    Boot into hacked fastboot and flash the boot.img fastboot flash boot boot.img EDIT: Apparently this causes issues on sloane you can use dd from TWRP commandline instead: adb push boot.img /sdcard/ adb shell dd if=/sdcard/boot.img of=/dev/block/platform/mtk-msdc.0/by-name/boot_amonet May...
  28. K

    Post [UNLOCK][ROOT][TWRP][UNBRICK] FireTV 2 (sloane)

    Installing OTA will not remove TWRP. You will have to manually flash boot.img to the boot partition (not boot_x) using hacked fastboot. Flash stock image first using TWRP, then use the boot.img from the same stock image. After rebooting FireOS it will restore stock recovery.
  29. K

    Post Repair DEAD(HARD BRICKED) Realme 3 | 3i Tutorial

    You can link to the github releases https://github.com/MTK-bypass/bypass_utility/releases/latest and https://github.com/MTK-bypass/exploits_collection/releases/latest It shouldn't be too difficult to extract both into the same directory.
  30. K

    Post Repair DEAD(HARD BRICKED) Realme 3 | 3i Tutorial

    The link to mega is still in the OP...
  31. K

    Post [MOD][DEV] MediaTek / MTK - Auth Bypass (SLA/DAA) - Utility

    Compare the hw_codes in the default_config to see if it's supported. Mt6753 would be 0x337 I believe, which is not currently supported.
  32. K

    Post [MOD][DEV] MediaTek / MTK - Auth Bypass (SLA/DAA) - Utility

    This is not related to BROM authentication, make sure you are using the right images for your device or try using manual write mode. AFAIK begonia uses mt6785, which is already supported. This is a limitation of SP Flash Tool. 0x766 is mt6765 which is already supported. mt6762 should be the...
  33. K

    Post New Fire HD10 2019 Bootless Root Method + Bootloader Unlock Brainstorming

    You need a patched linux-kernel for kamakiri to work. You can either patch your own, use one of the prebuilt kernels or use FireISO. I have never tested kamakiri on Windows, so I don't know if it will work on Windows.
  34. K

    Post Repair DEAD(HARD BRICKED) Realme 3 | 3i Tutorial

    @ATDteam I just saw your thread, and it's great that you're helping people to unbrick phones. I would like to ask you however to remove the mega-link to the bypass-utility and link to our thread instead. Alternatively you can link to the github-releases. Also there is no need to use an...
  35. K

    Post New Fire HD10 2019 Bootless Root Method + Bootloader Unlock Brainstorming

    These look a lot, like they could be year and week of production. I.E J939 being 39th week of 2019. J035 being 35th week of 2020 etc.
  36. K

    Post New Fire HD10 2019 Bootless Root Method + Bootloader Unlock Brainstorming

    The Volume-Button access is implemented in Preloader not in Bootrom. Bootrom is HW and can't be changed, but it can be configured via efuses, these are one-time-programmable and once set cannot be reversed. Disabling BROM-Access is not really a fix of the vulnerability, but more of a mitigation...
  37. K

    Post New Fire HD10 2019 Bootless Root Method + Bootloader Unlock Brainstorming

    It's very likely just an efuse for disabling brom-mode that is burned during manufacturing. On mantis (Fire TV Stick 4K) the latest firmware actually looks like they're preparing to burn the fuse with a future update.
  38. K

    Post New Fire HD10 2019 Bootless Root Method + Bootloader Unlock Brainstorming

    To further confirm @bibikalkas color-theory, is your device a different color than black or plumb? (Since it's neither 1J nor 2C, but 2D) Most of these (besides serial and possibly PSN, FSN) shouldn't be device-specific.
  39. K

    Post New Fire HD10 2019 Bootless Root Method + Bootloader Unlock Brainstorming

    You will need to wipe preloader in SP Flash (or enter BROM by shorting) for mmc-write to work in kamakiri. Then use the attached kamakiri, which instead of just clearing RPMB will flash the missing partitions that couldn't be flashed with SP Flash (Unfortunately it's quite slow compared to...
  40. K

    Post New Fire HD10 2019 Bootless Root Method + Bootloader Unlock Brainstorming

    What would be the point of that? You need bootrom access or an already rooted device to achieve that anyway. Yes, wiping preloader will get you into bootrom on a device that doesn't have bootrom mode disabled. On a device, that has it disabled this would lead to a permanent brick (as happened...
  41. K

    Post [MOD][DEV] MediaTek / MTK - Auth Bypass (SLA/DAA) - Utility

    With an appropriate Scatter File, the preloader can be selected in the Download Tab. For further generic questions regarding SP I suggest you create a new thread.
  42. K

    Post [MOD][DEV] MediaTek / MTK - Auth Bypass (SLA/DAA) - Utility

    On some devices/newer SP versions, you need a compatible preloader for DRAM configuration, you might be able to use a preloader from a similar device for Readback.
  43. K

    Post New Fire HD10 2019 Bootless Root Method + Bootloader Unlock Brainstorming

    What happens, if you press only the vol + button without shorting anything (with battery disconnected)?
  44. K

    Post New Fire HD10 2019 Bootless Root Method + Bootloader Unlock Brainstorming

    If I understood correctly, the trick was to have the battery disconnected and hold volume up while plugging in. Then again, there should also be a way to short EMMC, and if that hasn't worked for you it's possible BROM-DL-Mode is disabled on yours. EDIT: @StonedEngineer97 you also mentioned...
  45. K

    Post [UNLOCK][ROOT][TWRP][UNBRICK] Fire TV Stick 4K (mantis)

    I've never experienced any considerable lag, but then again I mostly use TWRP over adb. The ZIP is already flashable for updating, that won't help for the unlock though...
  46. K

    Post [UNLOCK][ROOT][TWRP][UNBRICK] Fire TV Stick 4K (mantis)

    I'll look into that, may just remove the system and vendor options completely from the backup list. What bugs? And not sure what you mean with being flash compatible?
  47. K

    Post New Fire HD10 2019 Bootless Root Method + Bootloader Unlock Brainstorming

    That picture is from karnak (Amazon Fire HD 8 - 2018). Unfortunately one of the few Amazon devices, that have labeled testpoints. The blogpost you linked to is a different (and rather sophisticated) attack on the bootrom.
  48. K

    Post New Fire HD10 2019 Bootless Root Method + Bootloader Unlock Brainstorming

    Not sure, but it's probably best to unplug before testing a new point. Yeah, it's likely the tablet will not fully boot without a battery attached. For accessing bootrom that shouldn't matter though. Probably antenna-connectors.
  49. K

    Post [UNLOCK][ROOT][TWRP][UNBRICK] Fire TV Stick 4K (mantis)

    Glad to hear you were able to get it fixed :) I'm not sure how that could happen during twrp backup/restore, since KB and DKB aren't included in the backup 🤔 I think just wiping them would also work, since FireOS will restore them from idme if they are empty IIRC.
  50. K

    Post New Fire HD10 2019 Bootless Root Method + Bootloader Unlock Brainstorming

    Usually one should be enough. Did you unplug the battery as @Michajin suggested? And what about the pins on the front? Status 7024 is DAA_SIG_VERIFY_FAILED, that's because you're in preloader. It always says false there (in preloader) for SBC/SLA/DAA on amazon-devices.