[ROOT][WIP] root 6.2.1 / install TWRP / unbrick any ROM

Search This thread
By:
Advanced…
P

pokey9000

Senior Member
Apr 17, 2007
767
396
Austin
kfuller said:
Great work pokey9000! Very interesting what you are doing.

A couple of questions if you can spare the time.
1) What bootmode is it that shorting the pin enables?
2) As I have a factory cable, would this do the same without popping the case?
Click to expand...
Click to collapse

Thanks. This bootmode isn't the same as you set with "idme". This boot mode (called SYS_BOOT) tells the CPU what kind of device to boot from. Stock bootmode is SYS_BOOT[5:0]=0b110110 which equates to MMC2(1)->USB->UART->MMC1. That is, it will try to find a valid bootloader on internal flash, then try USB, UART, and (nonexistant) second eMMC/SD slot. This must be for factory programming, where the Fire is assembled with a blank flash, and the first boot allows them to do a USB boot to shoehorn in the flash contents.

In correction to what I said earlier, this SYS_BOOT is one bit away from having USB boot first, then MMC2(1) boot last. If we could identify SYS_BOOT[5] and short it low permanently (remove/replace a resistor) then this would boot up just like the Nooks, where USB is tried before the internal flash. So it still needs soldering, but only a little once we find the correct signal.

The factory cable doesn't do the same thing. Amazon's version of the bootloader is rigged to look for the fastboot cable's presence. If it sees the ID pin tied to 5V, it will go into fastboot mode.

Since the fastboot cable behavior is in the bootloader, and Amazon can update the bootloader with an update (and has in 6.2 and 6.2.1), they can potentially lock out the fastboot cable method. I very much doubt this will happen since I think Amazon uses the fastboot cable for in-factory software updates and diagnostics.

The fastboot cable is definitely safer as long as you don't try to format everything or flash any untested bootloaders.

Also, and this is off topic and possibly already asked and answered, but I'm curious of your thoughts of the possibility to just select boot from usb on power up from the device, maybe through a utility such as TWRP or some other. Seems that if that could be done, one could greatly increase the size of storage, effectively circumventing the current internal storage limitation. And since the usb is removable and rewritable, you could revert to an earlier version archived on a pc if any updates get pushed that break something.
Click to expand...
Click to collapse

USB in this case has the Fire acting as a USB device to a host PC. It won't boot off of a thumb drive or whatever. It would be great if that were the case...
 
Last edited:
I

iDylan1357

Senior Member
Dec 24, 2010
114
63
thanks so much man. I was switching between CM7 and Stock for a while, but I think I'm sticking with CM7 for now on, til ICS alpha of course ;)
 
K

kfuller

Member
Dec 6, 2011
19
3
pokey9000 said:
Thanks. This bootmode isn't the same as you set with "idme". This boot mode (called SYS_BOOT) tells the CPU what kind of device to boot from. Stock bootmode is SYS_BOOT[5:0]=0b110110 which equates to MMC2(1)->USB->UART->MMC1. That is, it will try to find a valid bootloader on internal flash, then try USB, UART, and (nonexistant) second eMMC/SD slot. This must be for factory programming, where the Fire is assembled with a blank flash, and the first boot allows them to do a USB boot to shoehorn in the flash contents.

In correction to what I said earlier, this SYS_BOOT is one bit away from having USB boot first, then MMC2(1) boot last. If we could identify SYS_BOOT[5] and short it low permanently (remove/replace a resistor) then this would boot up just like the Nooks, where USB is tried before the internal flash. So it still needs soldering, but only a little once we find the correct signal.

The factory cable doesn't do the same thing. Amazon's version of the bootloader is rigged to look for the fastboot cable's presence. If it sees the ID pin tied to 5V, it will go into fastboot mode.

Since the fastboot cable behavior is in the bootloader, and Amazon can update the bootloader with an update (and has in 6.2 and 6.2.1), they can potentially lock out the fastboot cable method. I very much doubt this will happen since I think Amazon uses the fastboot cable for in-factory software updates and diagnostics.

The fastboot cable is definitely safer as long as you don't try to format everything or flash any untested bootloaders.



USB in this case has the Fire acting as a USB device to a host PC. It won't boot off of a thumb drive or whatever. It would be great if that were the case...
Click to expand...
Click to collapse

I appreciate the reply. Its tough to stay current and these days seems most everything is software. I hesitate to ask questions here as I'm not code level, though I have surface knowledge due to management of a custom integration project with linux and asterisk at work. My forte and training is more on the hardware side, so no problem with SMD (other than needing magnification and hands less steady as I've gotten older ). Sounds like you have that covered but if I can help let me know.

Your original post and your reply both have piqued my curiosity. Ubuntu 11.10 on a stick is sweet by the way! Makes me wonder why windows at all. And, this may be the answer to finally de-bricking my Fire - just as soon as I get all the presents wrapped :).

As for needing a usb host, check out this link: http://www.talkandroid.com/73692-an...oid-2-3-squeezed-onto-usb-stick/#.TvUHXXqQJIw

Thanks again and have a merry Christmas.
 
P

pokey9000

Senior Member
Apr 17, 2007
767
396
Austin
kfuller said:
I appreciate the reply. Its tough to stay current and these days seems most everything is software. I hesitate to ask questions here as I'm not code level, though I have surface knowledge due to management of a custom integration project with linux and asterisk at work. My forte and training is more on the hardware side, so no problem with SMD (other than needing magnification and hands less steady as I've gotten older ). Sounds like you have that covered but if I can help let me know.
Click to expand...
Click to collapse
Thanks, I'm all set on the SMD front. I've got access to some nice rework equipment at work if I need it. It looks like each signal to strap the CPU into a different boot mode is flanked by pads for either pullup or pulldown, so to change the value you just move the resistor (or wire jumper) from one side to the other.

Your original post and your reply both have piqued my curiosity. Ubuntu 11.10 on a stick is sweet by the way! Makes me wonder why windows at all. And, this may be the answer to finally de-bricking my Fire - just as soon as I get all the presents wrapped :).

As for needing a usb host, check out this link: http://www.talkandroid.com/73692-an...oid-2-3-squeezed-onto-usb-stick/#.TvUHXXqQJIw
Click to expand...
Click to collapse

If only it were that easy... The stage of the boot that's being controlled by shorting the pin is managed by software permanently baked into the CPU. We get a selection of boot sources (various flash, external SD card, USB device mode, serial) but we can't add a new one after the fact. Because this is hardcoded into the CPU, Amazon can't take this boot & install scheme from us unless they start making Fires with the relevant signals buried in the PCB.

The hardware is there to do USB host, but it's not really possible to boot from it.
 
Last edited:
M

mrpaint

Member
Dec 22, 2010
21
1
Sorry for replying to this old thread but I couldn't find a more relevant thread so please bear with me (and help me!).

So today I stupidly flashed .zip as the bootloader so the KF has become a brick. I remove the back cover wanting to try the shorting trick but there no usbboot for Mac OSX so I cloned your repo and pulled this commit (https://github.com/cfriedt/omap4boot/commit/7e6ccff81be0171c651595ce5c69b9571f3a133a) and successfully compiled for darwin. Then I tried

Code: 
./usbboot aboot.bin u-boot.bin

usbboot and aboot.bin is my compiled version
u-boot.bin is the one in this thread's first post .zip package

This is the output

Code: 
waiting for OMAP44xx device...
sending 2ndstage to target...
waiting for 2ndstage response...
sending image to target...

I also noticed the power led flashed green once. Then I tried fastboot to no avail... Can you help? I did the shorting trick for 5 times and it all ended up the same way.

Thank you.
 
P

pokey9000

Senior Member
Apr 17, 2007
767
396
Austin
mrpaint said:
Sorry for replying to this old thread but I couldn't find a more relevant thread so please bear with me (and help me!).

So today I stupidly flashed .zip as the bootloader so the KF has become a brick. I remove the back cover wanting to try the shorting trick but there no usbboot for Mac OSX so I cloned your repo and pulled this commit (https://github.com/cfriedt/omap4boot/commit/7e6ccff81be0171c651595ce5c69b9571f3a133a) and successfully compiled for darwin. Then I tried

Code: 
./usbboot aboot.bin u-boot.bin

usbboot and aboot.bin is my compiled version
u-boot.bin is the one in this thread's first post .zip package

This is the output

Code: 
waiting for OMAP44xx device...
sending 2ndstage to target...
waiting for 2ndstage response...
sending image to target...

I also noticed the power led flashed green once. Then I tried fastboot to no avail... Can you help? I did the shorting trick for 5 times and it all ended up the same way.

Thank you.
Click to expand...
Click to collapse

Use the usbboot you compiled with my aboot. aboot contains device specific memory and I/O setup.
 
bsoplinger

bsoplinger

Senior Member
Jan 17, 2011
1,477
338
mrpaint said:
Sorry for replying to this old thread but I couldn't find a more relevant thread so please bear with me (and help me!).
...
I remove the back cover wanting to try the shorting trick but there no usbboot for Mac OSX so I cloned your repo and pulled this commit (https://github.com/cfriedt/omap4boot/commit/7e6ccff81be0171c651595ce5c69b9571f3a133a) and successfully compiled for darwin.
Click to expand...
Click to collapse
If you get this working with the help suggested, would you please post the Mac OSX usbboot you're created? Then I won't need to get Linux working to try to fix my bricked Kindle.


Sent from my Sprint Evo View 4G (PG41200) using Xparent Purple Tapatalk 2
 
M

mrpaint

Member
Dec 22, 2010
21
1
pokey9000 said:
Use the usbboot you compiled with my aboot. aboot contains device specific memory and I/O setup.
Click to expand...
Click to collapse
Thank you for your reply. I have been away for the last few days so I couldn't response earlier.

Anyway, I tried with your aboot.bin and got the same "sending image to target" message. After that, I tried "fastboot boot twrp-blaze-2.0.0RC0.img" to no avail (I have fastboot in my PATH). The power led shines for 1 seconds (when the usbboot connects to it I think) before turning off...

Do you have any idea?

---------- Post added at 04:52 PM ---------- Previous post was at 04:42 PM ----------
bsoplinger said:
If you get this working with the help suggested, would you please post the Mac OSX usbboot you're created? Then I won't need to get Linux working to try to fix my bricked Kindle.


Sent from my Sprint Evo View 4G (PG41200) using Xparent Purple Tapatalk 2
Click to expand...
Click to collapse
It doesn't work for me yet but you can get my compiled version here

https://github.com/downloads/daohoangson/omap4boot/usbboot

Good luck.
 
  • Like
Reactions: bsoplinger
bsoplinger

bsoplinger

Senior Member
Jan 17, 2011
1,477
338
If you get that MacOS port working I'll be all over it.

But until then, can this be done with a live CD vs. a full blown Linux install?

Sent from my Sprint Evo View 4G (PG41200) using Xparent Purple Tapatalk 2
 
lovejoy777

lovejoy777

Inactive Recognized Developer
Dec 30, 2011
3,725
4,541
Nottingham
i tried allsorts and now find it easy i've done it so many times. lol

follow the steps exactly

download pendrive installer
follow instructions to install livecd onto pendrive (i tried this so much with my ubuntu desktop, it did not work)
extract the fk script to the pen drive
boot pc of usbpen

make sure your kindle is off (hold power for 30 seconds)
make sure usb A (big end) plugged into pc
make sure usb b (small end) is not plugged into kindle)
open terminal and type
sudo /cdrom/fk and press enter.
select option from list ie. usb_fix press tab
then press enter
it should say waiting for omap device

short out pin and frame and keep it shorted as you plug in your kindle (i found i had to hold the pin shorted all the time it was running script).


hope this is usefull

steve
 
  • Like
Reactions: bsoplinger
W

westlandnick

Member
Jan 27, 2011
39
6
Ogden
So I also made the mistake of flashing the firefirefire as a zip and bricked my kf. I have a adb to kindle working ubuntu computer, I have tried shorting the pin several times and I'm getting nothing... In my terminal I have:


nick@ftp:~/rekindle$ sudo ./usbboot aboot.bin u-boot.bin; ./fastboot boot twrp.img
[sudo] password for nick:
?
waiting for OMAP44xx device...
^C< waiting for device >

When I short the pin and plug it in I get nothing... I've tried holding the pin for several seconds after plugged in.. I'm getting nothing. After I bricked the KF I left it sitting for about a week. Is it possible I drained the battery? Will it not charge when its bricked? I plugged it in for a few hours, tried again, still nothing.

Any suggestions??

---Edit---
I finally got the usb-shorting trick to work with the fire kit, For anyone else in this situation just keep trying. I probably shorted mine at least 50 times before it finally worked.
 
Last edited:
A

assasukasse

Senior Member
Dec 14, 2011
74
8
insted of opening the difficult case what about drilling a small hole that allows a tool to get tru and short?
Does anyone have a case open to take precise measurements?
 
soupmagnet

soupmagnet

Retired Forum Moderator
Jan 7, 2012
3,990
2,587
Austin, TX
Google Pixel 6
assasukasse said:
insted of opening the difficult case what about drilling a small hole that allows a tool to get tru and short?
Does anyone have a case open to take precise measurements?
Click to expand...
Click to collapse
Bad idea. It's too easy to create an ESD and ruin some component. Then you would have to deal with dust, dirt, and possibly even moisture getting in. It's best to just open the case.

Oh, and use a safety pin for the short ;)
 
Sblood86

Sblood86

Inactive Recognized Developer
Apr 18, 2011
415
407
Middle of nowhere, Texas
assasukasse said:
insted of opening the difficult case what about drilling a small hole that allows a tool to get tru and short?
Does anyone have a case open to take precise measurements?
Click to expand...
Click to collapse

soupmagnet said:
Bad idea. It's too easy to create an ESD and ruin some component. Then you would have to deal with dust, dirt, and possibly even moisture getting in. It's best to just open the case.

Oh, and use a safety pin for the short ;)
Click to expand...
Click to collapse

Just thought I'd mention (in case someone hasn't) guitar picks are particularly helpful when opening cases.
 
  • Like
Reactions: soupmagnet
P

piercedfreak

Senior Member
Jun 20, 2009
60
2
ok, so i finally got it to work, but cant seem to install anything. twrp is installed via fastboot, and the kindle is in recovery, so fastboot will not work, and when i try to install a rom via the booted twrp it fails. what should i do?
 
Last edited:
sd_shadow

sd_shadow

Recognized Contributor / XDA Welcome Team
Sep 21, 2011
18,989
2
10,019
South Dakota
goo.gl
Motorola Droid X
Amazon Fire
hairy_testicles said:
when i try this i get nothing on the screen, after shorting it 5-6 times, but the cpu chip gets warm, so i know its turning on, do i need to just keep trying, or is my kindle fire first gen dead as dead can get?
Click to expand...
Click to collapse
Think you just need a fastboot cable, and a pc with drivers installed properly
Or use soupkit on a linux system

Sent from my XT894 using Tapatalk
 
P

poshat

Member
Jul 10, 2014
18
0
quits.ru
Same problem with Huawei U9500 (omap4440)

Have same problem with Huawei Ascend D1 (U9500) - OMAP4440 SoC. I lost bootloader, can't boot and flash firmware. May be somebody advice me something about way to repair bootloader? I tried find "short the point" on motherboard (look in attach), but didn't find it.
 

Attachments

  • 111.jpg
    111.jpg
    171.2 KB · Views: 331
M

maheboi

Senior Member
Mar 10, 2014
202
31
OnePlus 8
Is there anyway to do this with the kindle fire 2? i dont have the fastboot cable and im trying to short it into fastboot with this method. i already had twrp installed, just acidentally wiped internal storage and im now in boot loop with no adb connection.
 
koop1955

koop1955

Senior Member
Mar 17, 2011
1,853
1,969
Las Vegas
www.larrykuperman.com
Moto G 5G
You must log in or register to reply here.

Similar threads

V
  • Locked
[Root][TWRP][FFF][CWM]Kindle Fire Utility v0.9.6 (5/09/12) [First Gen Only]
Replies
2K
Views
2M
Moscow Desire
Moscow Desire
awidawad
[Root][TWRP][COTR][BOOTLOADERS]Kindle Fire Utility v0.9.9 (4/5/13) [1st Gen Only!]
Replies
512
Views
600K
sd_shadow
sd_shadow
bl1nkk
[ROM][24 Feb] IceCreamSandwich Development/Discussion Thread
Replies
3K
Views
1M
H
heyjoe66
Hashcode
[ROM/KERNEL] OFFICIAL CM11.0 + 3.0.72 Kernel for Kindle Fire [NIGHTLIES]
Replies
3K
Views
1M
M
mikeataol
sd_shadow
[How To][Root] Kindle Fire 1 update 6.3.3/6.3.4 and Flashing FFF/TWRP [2015]
Replies
215
Views
338K
kazoe
kazoe

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 18
    P
    pokey9000
    A while back, I posted about forcing the Fire to boot over USB instead of from the internal memory. This trick requires you to open the back of your Fire, but after that the only tool you need is a pair of tweezers, sharp scissors, bent paperclip, or anything else with a fine point that can short two things together. After that, it's all cake to boot FIREFIREFIRE, then TWRP, then adb in and have your way with the Fire's memory.

    Now that 6.2.1 is here ruining our party, it's time to package this up for anyone to use.

    As useful as they are now, fastboot cables may not work in the future. They rely on the bootloader to work, and it's possible that a future OTA could disable fastboot.

    For the adventurous. This is mostly untested by me, and runs a good risk of fuglifying or permanently breaking your Kindle. If you haven't voided your warranty yet, this will.


    Install TWRP over USB

    0) You will need a PC with Linux and working adb, the .zip attached to this post, and the installer version of TWRP[/URL]. Also a microUSB cable. And something to short the contact like tweezers or a bent paperclip.

    1) Unpack the rekindle .zip and copy TWRP into the directory it creates. Change directories into rekindle/

    2) Open a terminal and sudo or su to root. It's easier that way.

    3) Unplug the USB or AC adapter if it's plugged into the KF. But have the USB cable's A end plugged into the PC. This is very important.

    4) Turn the power completely off. Do a shutdown if actually running Android, or hold the power button until there's no LED or backlight.

    5) Pry open the back cover. The iFixit teardown (Google it) gives some ideas on how to do it, but be really careful because it's easy to snap the tabs along the long sides.

    6) The power must still be off. If you accidentally powered it back on, turn it back off.

    7) Run:

    Code: 
    ./usbboot aboot.bin u-boot.bin; ./fastboot boot twrp-blaze-2.0.0RC0.img

    This will chain load aboot, FIREFIREFIRE, then TWRP.

    8) Short the point shown here to the metal frame around the CPU area using your paperclip or whatever. While keeping it shorted, plug in the USB cable. This will power up the Fire with the CPU in USB boot mode.

    9) If it works, you'll see some text fly by in the terminal, and you'll see the yellow triangle hopefully followed by TWRP starting up. You can follow the instructions in the TWRP post on completing the install.


    Rooting 6.2.1

    ***This likely won't work***
    There are reports of problems booting after applying this bootimage. Try the TWRP install above and one of the root update.zips instead.

    0) You must already be running 6.2.1. Otherwise try a safer method.

    1) Get the rooted 6.2.1 bootroot .img from here..

    2) Follow the procedure to install TWRP above, but stop before step 7 (the usbboot command). You can skip downloading TWRP.

    3) Run this command instead:

    Code: 
    ./usbboot aboot.bin u-boot.bin; ./fastboot flash boot 6_2_1rootboot.img

    4) Then continue at step 8 until the fastboot flash command finishes.

    5) Hold down the power button until it powers off (~15 seconds), and press it again to power it back up.


    Windows & OSX support

    Currently usbboot is built for Linux only. I had experimented with building it against libusb for Windows and OSX. Unfortunately the window to make the connection before the CPU resets again is about 2 seconds, and Windows takes a lot longer than that to enumerate new USB devices. I don't know about OSX, but I guess a libusb version (usbboot's USB code is Linux-centric) would work fine. Github is here if you want to take a crack at porting it.

    Successes? Failures? Smoking hole in the ground that used to be your Kindle? Post here.
    View
    4
    P
    pokey9000
    foxdog66 said:
    how about a quick run down on how to do this now? :p I have some time and really want to mess with this thing :cool:
    Click to expand...
    Click to collapse

    Moved into the main post.
    View
    4
    drowningchild
    drowningchild
    EDIT
    1st borked usb ports, then i got it to work :)

    !CONFIRMED WORKING!
    View
    2
    beepFTW
    beepFTW
    Cool! Thanks man, the whole community thanks you. Any chance of a youtube tutorial? I think many of us will need it. Haha
    View
    1
    Sblood86
    Sblood86
    assasukasse said:
    insted of opening the difficult case what about drilling a small hole that allows a tool to get tru and short?
    Does anyone have a case open to take precise measurements?
    Click to expand...
    Click to collapse

    soupmagnet said:
    Bad idea. It's too easy to create an ESD and ruin some component. Then you would have to deal with dust, dirt, and possibly even moisture getting in. It's best to just open the case.

    Oh, and use a safety pin for the short ;)
    Click to expand...
    Click to collapse

    Just thought I'd mention (in case someone hasn't) guitar picks are particularly helpful when opening cases.
    View

New posts