THIS IS NOT FOR KINDLE FIRE 2 USERS WHO HAVE BRICKED IN SOME WAY. THIS IS FOR KINDLE FIRE 1ST GEN USERS WHO EXPERIENCED MMC CORRUPTION DUE TO UNFORSEEN CHANGES IN THE EARLY DEVELOPMENT OF THE 3.0 KERNEL.
So, yesterday I was in IRC and @Entropy512 mentioned they had found a leaked moviNAND spec sheet. This is some of the technical data for the mmc chip in our Kindle Fires:
In that spec sheet he pointed out CMD62 which is used to resize the boot0/boot1 partitions and a quote from the following paragraph (on page 11 of the PDF, section 4.1.3)
After setting the boot partition size, all of data in the moviNAND is removed. And the value of EXT_CSD [227:226] and SEC_COUNT is automatically changing. So user should be careful changing boot partition size.
I forked this over to:
Then, added a new variant to the command:
mmc_utils vendor <size> <device>
This implements CMD62 using the techsheet's instructions. And when run, it COMPLETELY ERASES the mmc chip. Everything goes. The partition tables, the boot0/boot1 contents and everything in your partitions. This should only be used if you have EMMC corruption caused by the early versions of the 3.0 kernel (You know if you have it).
Before using this, you want to backup your boot0/boot1 blocks if you can access them. They contain the MAC address info and serial #'s for your device. If you cannot access them, just know that you will need to generate a new mac and use idme to set it later, or you will have wifi issues. And you will never be able to use the Amazon OS due to security checks against the original serial # / MAC.
I'm going to paraphrase very loosely how I restored my Kindle using Ubuntu with adb already installed and configured (not going to cover that here):
- Download all the files here and place them in 1 directory:
(NOTE: I've included 2 files created by @pokey9000 in this folder: aboot.bin and usbboot. He built them for use w/ Firekit. He's an awesome dev and deserves the credit for these files.)
- [optional] You may or may not be able to boot to recovery depending on the emmc damage / current state of your Kindle. I recommend you try and adb pull as many of your partitions as you can for backup. To help you reboot successfully, I recommend trying the following at the very least from recovery (if you can get there):
- adb pull /dev/block/mmcblk0boot0
- adb pull /dev/block/mmcblk0boot1
- Download TWRP for Kindle Fire 1st Gen and place this in the same directory (used with usbboot to enter recovery when there's no recovery on the device):
To use usbboot to load recovery from USB go into the directory where you downloaded everything and run the following command:
Now you need to take the cover of the device off and short the test point located here to the surrounding metal wall (using a paper clip or some other metal object):
This should trigger usbboot and it will attempt to load to recovery.
Once recovery is loaded:
(WARNING THE COMMANDS BELOW WILL COMPLETELY RESET YOUR EMMC CHIP. BE SURE YOU TRIED TO BACKUP BOOT0/BOOT1 ABOVE)
adb push mmc_utils /sbin adb shell mmc_utils vendor 0 /dev/block/mmcblk0 # (wait about a minute) mmc_utils vendor 4 /dev/block/mmcblk0 # (wait another minute)
Now, once back in recovery, the first thing you'll want to do is reformat the "media" partition:
- Using TWRP go into "Wipe" -> "Advanced Wipe" -> checkbox "sdcard" and "Swipe to Wipe"
To format the "cache" partition as ext4 via adb:
adb shell mke2fs -t ext4 /dev/block/platform/omap/omap_hsmmc.1/by-name/cache mount /cache exit
If you were able to backup the boot0/boot1 blocks above use this step. If not, skip this part and goto the next step.
adb push mmcblk0boot0 /sdcard adb push mmcblk0boot1 /sdcard adb shell cd /sys/block/mmcblk0boot0 echo 0 > force_ro cd /sys/block/mmcblk0boot1 echo 0 > force_ro dd if=/sdcard/mmcblk0boot0 of=/dev/block/mmcblk0boot0 dd if=/sdcard/mmcblk0boot1 of=/dev/block/mmcblk0boot1 exit
adb push mmcblk0p1 /sdcard adb push mmcblk0p2 /sdcard adb push openrecovery-twrp-188.8.131.52-otter.img /sdcard adb shell dd if=/sdcard/mmcblk0p1 of=/dev/block/platform/omap/omap_hsmmc.1/by-name/xloader dd if=/sdcard/mmcblk0p2 of=/dev/block/platform/omap/omap_hsmmc.1/by-name/bootloader dd if=/sdcard/openrecovery-twrp-184.108.40.206-otter.img of=/dev/block/platform/omap/omap_hsmmc.1/by-name/recovery exit
To complete your device recovery you need to find your preferred ROM (or download from http://get.cm/?device=otter), and place that on your sdcard and flash w/ gapps like any normal ROM install.
For those who couldn't restore the boot0/boot1 partitions, you will want to use the "idme" command to reset the following field, or else wifi will probably have issues.:
idme mac <a random MAC addr>
PS. The instructions above were completely written from memory AFTER I had fixed my device. I'm looking for any comments / cleanup you might experience if you try these instructions.