Rapid Temporary Root for HD 8 & HD 10

Search This thread

kquade

Member
Jun 21, 2010
19
0
1. I've got a Fire HD 8 8th generation ... among many others ... that happens to be running Fire OS 6.3.1.2. It's the only one. How can I get this same result?

2. Did this on my Fire HD 8 8th generation running Fire OS 6.3.0.0. After all of the disabling, when I go to set the Accessibility services for "to detect home button press" and "Nova launcher," they both have nothing listed. All others showed Nova Launcher as a choice. Any ideas?

2b. Same tablet: Google Family Link for Children keeps "Checking for updates ..." during setup. Is a Google service missing or what?
 

Mr Bigglesworth

Senior Member
Jul 23, 2013
293
42
I am looking to do this on my HD8 7th Gen, but it is on software ending 9920. Is there an update to being able to use this on that Kindle Fire? Thanks
 

DB126

Senior Member
Oct 15, 2013
15,355
10,162
I am looking to do this on my HD8 7th Gen, but it is on software ending 9920. Is there an update to being able to use this on that Kindle Fire? Thanks
It is very unlikely this tool will be updated once the MTK vulnerability has been patched by the vendor (after all that's what the patch does). You'll have to use one of the other methods for downgrading and rooting/unlocking your device.
 
Last edited:
  • Like
Reactions: diplomatic

Mr Bigglesworth

Senior Member
Jul 23, 2013
293
42
It is very unlikely this tool will be updated one the MTK vulnerability has been patched by the vendor (after all that's what the patch does). You'll have to use one of the other methods for downgrading and rooting/unlocking your device.

I don't know if the update to the firmware was aimed to patch this. If I try the instructions on the front page, is it a case if they will just likely fail, or is it a case that it will likely brick the device?
 

Mr Bigglesworth

Senior Member
Jul 23, 2013
293
42
So I tried it and hopefully I followed the instructions ok, but I got "Failed critical init step 4 This platform is not supported message"
 

RagManX

Senior Member
Sep 11, 2010
84
20
Memphis
securitytools.wiki
Man, I haven't been to this forum in quite a few weeks. Came by today and saw this thread about rooting the Fire HD 8 (2017), only to discover that the stupid Amazon update 5.6.4.0 (636559920) which automatically installed Saturday night is not supported by this tool. My own fault for not visiting more often. Hopefully someone can come up with another method of gaining temporary root. Thanks to all who provide support in the thread. I'll be back in hopes of a 9920 root soon.
 

smashedpumpkins

Senior Member
Mar 12, 2009
63
5
Man, I haven't been to this forum in quite a few weeks. Came by today and saw this thread about rooting the Fire HD 8 (2017), only to discover that the stupid Amazon update 5.6.4.0 (636559920) which automatically installed Saturday night is not supported by this tool. My own fault for not visiting more often. Hopefully someone can come up with another method of gaining temporary root. Thanks to all who provide support in the thread. I'll be back in hopes of a 9920 root soon.

I'm on the same update 636559920. I should have rooted sooner. All these updates have turned my HD 10 7th generation into garbage.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    Hey, the link is dead. I'm stuck in the middle of the process
    Download from here: https://xdaforums.com/t/amazing-temp-root-for-mediatek-armv8-2020-08-24.3922213/

    I did it also with this, I think it is the same file
  • 153
    Software root method for Mediatek MT816x, MT817x and MT67xx!
    A tool that gives you a temporary root shell with Selinux permissive to do with as you please​

    STATUS
    Confirmed Working
    Fire HD 8 8th gen (2018) (thanks @xyz`) -- up to Fire OS 6.3.0.1 only
    Fire HD 8 7th gen (2017) -- up to Fire OS 5.6.4.0 build 636558520 only
    Fire HD 8 6th gen (2016) (thanks @bibikalka) -- up to Fire OS 5.3.6.4 build 626536720
    Fire HD 10 7th gen (2017) (thanks @bibikalka) -- up to Fire OS 5.6.4.0 build 636558520 only
    Fire TV 2 2015 (mt8173-based) (thanks @el7145) -- up to Fire OS 5.2.6.9 only
    Fire 7 9th gen (2019) (thanks @Michajin) -- up to Fire OS 6.3.1.2 build 0002517050244 only
    Fire HD 10 9th gen (2019) -- up to Fire OS 7.3.1.0 only
    Various phones and tablets up to Android 9.x (see link below for full list)
    Note that for Fire OS 5, OS version 5.3.x.x is newer than 5.6.x.x.

    Amazing Temp Root for MediaTek ARMv8: expanded thread covering all compatible MTK devices

    DISCLAIMER
    Anything you do that is described in this thread is at your own risk. No one else is responsible for any data loss, corruption or damage of your device, including that which results from bugs in this software.

    REQUIREMENTS
    Proficiency with the Thanks button under XDA posts
    A Fire HD tablet based on mt8163 or mt8173 (or another MTK ARMv8 device)
    Either:
    • A PC with ADB installed to interact with your device, or
    • A terminal emulator app
    Familiarity with ADB (if using PC) and basic Linux shell commands

    INSTRUCTIONS
    1. Download the current mtk-su zip file to your PC and unzip it. Inside will be 2 directories: 'arm' & 'arm64' with an 'mtk-su' binary in each. Pick one for your device. Differences between the flavors:
      arm64: 64-bit kernel and userspace
      arm: 32-bit userspace on a 64-bit or 32-bit kernel (will also work in 64-bit userspace)
      The arm64 one is suitable for most devices. The notable devices that need the arm version are the Fire HD 8 2018, Fire 7, and Fire HD 10 2019.
    2. Connect your device to ADB and push mtk-su to your /data/local/tmp folder
      Code:
      adb push path/to/mtk-su /data/local/tmp/
    3. Open an adb shell
      Code:
      adb shell
    4. Change to your tmp directory
      Code:
      cd /data/local/tmp
    5. Add executable permissions to the binary
      Code:
      chmod 755 mtk-su
    6. At this point keep your tablet screen on and don't let it go to sleep. Run the program
      Code:
      ./mtk-su
      If the program gets stuck for more than a few seconds, press Ctrl+C to close it.
      The -v option turns on verbose printing, which is necessary for me to debug any problems.
      It will take several seconds, but using the -v option, you should see output similar to this (with id command added):
      Code:
      $ ./mtk-su -v
      param1: 0x3000, param2: 0x18040, type: 2
      Building symbol table
      kallsyms_addresses pa 0x40bdd500
      kallsyms_num_syms 70337, addr_count 70337
      kallsyms_names pa 0x40c66d00, size 862960
      kallsyms_markers pa 0x40d39800
      kallsyms_token_table pa 0x40d3a100
      kallsyms_token_index pa 0x40d3a500
      Patching credentials
      Parsing current_is_single_threaded
      ffffffc000354868+50: ADRP x0, 0xffffffc000fa2000
      ffffffc000354868+54: ADD xd, x0, 2592
      init_task VA: 0xffffffc000fa2a20
      Potential list_head tasks at offset 0x340
      comm swapper/0 at offset 0x5c0
      Found own task_struct at node 1
      cred VA: 0xffffffc0358ac0c0
      Parsing avc_denied
      ffffffc0002f13bc+24: ADRP x0, 0xffffffc001113000
      ffffffc0002f13bc+28: LDR [x0, 404]
      selinux_enforcing VA: 0xffffffc001113194
      Setting selinux_enforcing
      Switched selinux to permissive
      starting /system/bin/sh
      UID: 0  cap: 3fffffffff  selinux: permissive
      #
      Some other options:
      mtk-su -c <command>: Runs <command> as root. Default command is /system/bin/sh.​
      mtk-su -s: Prints the kernel symbol table​
      If you see any errors other than about unsupported or incompatible platform or don't get a root shell, report it here.

      Important: in rare cases, it may be necessary to run the tool multiple times before you hit UID 0 and get selinux permissive. If you don't achieve root on a particular run, the "UID: N cap: xxxxx...." line will reflect that. If it doesn't say "UID: 0 cap: 3fffffffff selinux: permissive", type exit to close the subshell and try mtk-su again.

    If you succeed in getting temporary root, at that point you might want to install SuperSU for a more permanent root solution. Here is the official guide on which files should be present to kickstart SuperSU from temporary root. They are available in the latest SuperSU zip file. Remember that this only applies to Fire OS 5.

    FIRE OS 5 AND ANDROID 5 USERS: There's an automated SuperSU loader by @Rortiz2 that makes jumpstarting SuperSU quick and easy.

    WARNING FOR FIRE HD 8 2018 AND OTHER FIRE OS 6 DEVICES: If you have achieved root on such a device, do not remount the system partition as read/write. The remount command will probably not work. But forcing it will trigger dm-verity, which will result in a very bad day. Your tablet will become inoperable until you restore the stock system partition. You can accomplish a lot without modifying /system. But if you would like to get persistent root with Magisk by unlocking the bootloader, head on over to @bibikalka's outstanding Unlock/Magisk/TWRP Tutorial.

    DOWNLOAD
    Current Version
    Release 23

    Past releases & change log live at Amazing Temp Root for MediaTek ARMv8

    FAQ
    I got the error, "This firmware cannot be supported". What do I do?
    This means that your device's firmware is not prone to the mechanism used by mtk-su. Check the firmware version and build number of the OS on your device. If your version is higher than that next to your device on the list above, then mtk-su will no longer work on your device. There may be other ways to achieve root. Check elsewhere on the forum.

    Will this work on the Fire 7?
    No, it is very doubtful this method can be used on the MT8127 chipset. The same also goes for the Fire TV stick.

    After getting a root shell I'm still getting 'permission denied' errors. WTH?
    It may be that selinux is still being enforced. Having root with selinux enabled is somehow more restrictive than a normal shell user. First, check that mtk-su succeeded in setting selinux to permissive by running getenforce. If it says Enforcing, then exit your shell and run mtk-su again.

    Does this thing unlock the bootloader?
    No, it does nothing to unlock the bootloader. But after running mtk-su, you may be able to use @xyz`'s revolutionary LK exploit or derivative works to achieve what is effectively an unlocked bootloader on some devices. Namely, you should be able to flash the specially crafted TWRP image using dd from Android.

    How does this tool work?
    It overwrites the process's credentials & capabilities in the kernel in order to gain privileges. It also turns off selinux enforcement by overwriting the kernel's selinux_enforcing variable. As for how it accesses that memory, I don't think I should discuss that as of yet.

    Will this work on the Fire TV Stick 4K?
    Unfortunately, no. While it has a 64-bit chip, the required vulnerabilities are not present in its OS.

    Can I include mtk-su in my app or meta-tool?
    Generally speaking, you may not distribute any mtk-su zip or binaries with your software. That includes doing any automatic download of those files into your app. You can still use it with your tools. But you should ask your users to visit this thread and download the current release zip themselves. No apps have been permitted to bundle or auto-download mtk-su.

    Why don't you reply to my post?
    I read every post in this thread, and respond to practically every post that warrants a response. Sometimes I will only click a Thanks as an acknowledgement. The reasons I may not answer your question are:
    • It has already been answered in the FAQ or multiple times in the thread.
    • Your post is unrelated to this project. It may be specific to your device, which would make it off topic for this thread.
    • Your question is extremely vague and you appear to be intentionally leaving out basic information (e.g. fishing).
    CREDITS
    • @Supersonic27543 for helping me port it to Fire OS 5 and namely the HD 8 7th gen
    • Thank you to everyone who has donated. You're the best!
    41
    Awesome! I just rooted my HD8 2017

    Try the automated script by @Rortiz2

    Previous instructions:

    For anyone that is confused by the process of manually installing SuperSu, I did the following...

    IMPORTANT: This is for FireOS 5 devices such as HD8 2017. Do not attempt this on HD8 2018

    1. Install SuperSu from Playstore
    2. Download SuperSu and unzip somewhere
    3. adb push arm64/su arm64/supolicy arm64/libsupol.so /data/local/tmp
    4. Follow directions from OP to get a root shell. You should not get permission denied when running ls. If you see permission denied, run exit and try again. Took me a few tries
    5. mount -o remount -rw /system
    6. cp /data/local/tmp/su /system/xbin/su
    7. cp /data/local/tmp/su /system/xbin/daemonsu
    8. cp /data/local/tmp/supolicy /system/xbin/
    9. cp /data/local/tmp/libsupol.so /system/lib/
    10. cp /data/local/tmp/libsupol.so /system/lib64/
    11. chmod 0755 /system/xbin/su
    12. chcon u:eek:bject_r:system_file:s0 /system/xbin/su
    13. chmod 0755 /system/xbin/daemonsu
    14. chcon u:eek:bject_r:system_file:s0 /system/xbin/daemonsu
    15. at this point, running su should work and show a root shell
    16. daemonsu --auto-daemon
    17. Open SuperSu app and allow it to update the su binary

    My tablet hung at the boot logo when I manually installed SuperSu via the linked instructions. Installing the bare minimum and letting the SuperSu app do the rest seems less error-prone