2017 Fire HD 10: Unbricking from anti-rollback
- Thread starter retyre
- Start date
"Check Gpt"
Why do i keep getting roadblocked at the "Check GPT" point no matter which script I run!? What could possibly be the problem? Can someone with knowledge and expertise shine some light on this problem, please?!
-Thanks
---------- Post added at 04:07 PM ---------- Previous post was at 03:46 PM ----------
@coliny59 That's interesting. Could you please expand on this topic of "commented out" lines. Do you believe this would also work for various other errors as well?
Why do i keep getting roadblocked at the "Check GPT" point no matter which script I run!? What could possibly be the problem? Can someone with knowledge and expertise shine some light on this problem, please?!
-Thanks
---------- Post added at 04:07 PM ---------- Previous post was at 03:46 PM ----------
@coliny59 That's interesting. Could you please expand on this topic of "commented out" lines. Do you believe this would also work for various other errors as well?
Last edited:
I am trying to carry out the instructions with VirtualBox. Unfortunately, the script always stops at waiting for Bootrom. Can this be due to the virtual machine?
Still getting Serial protocol mismatch
I have everything disassembled and have been trying to short my fire hd 10. Here is what I get every time:
Battery is disconnected, ModemManager is disabled, and I have tried both USB ports. Not sure what to try next.
Does anyone have any ideas as to how to fix this?
Thank you!
I have everything disassembled and have been trying to short my fire hd 10. Here is what I get every time:
Code:
[2020-03-24 15:30:59.801978] Waiting for bootrom
[2020-03-24 15:31:21.396052] Found port = /dev/ttyACM0
[2020-03-24 15:31:21.435498] Handshake
[2020-03-24 15:31:21.456238] Disable watchdog
b''
b'\x00\x01'
Traceback (most recent call last):
File "main.py", line 92, in <module>
main()
File "main.py", line 54, in main
handshake(dev)
File "/home/XXXXXXX/Documents/HD 10/unbrick_suez/modules/handshake.py", line 11, in handshake
dev.write32(0x10007000, 0x22000000)
File "/home/XXXXXXX/Documents/HD 10/unbrick_suez/modules/common.py", line 150, in write32
self.check(self.dev.read(2), b'\x00\x01') # arg check
File "/home/XXXXXXX/Documents/HD 10/unbrick_suez/modules/common.py", line 87, in check
raise RuntimeError("ERROR: Serial protocol mismatch")
RuntimeError: ERROR: Serial protocol mismatchBattery is disconnected, ModemManager is disabled, and I have tried both USB ports. Not sure what to try next.
Does anyone have any ideas as to how to fix this?
Thank you!
serial protocol mismatch here, too
similar problem (same?) here on Ubuntu 19.10, adb and fastboot enabled, modemmanager removed and disabled...
I have the fire hd10 open and shorted but the script throws:
so I went to line 87 and commended out the in common.py but I don't think I know what I am doing at this point
and now it stops here:
anyone can point in the right direction?
I tried using bootable USB of ubuntu 18.04LTS and 16..04LTS - same same. so back on 19.10 now. did something change to cause this to fail?
Can I run the script in verbose to help // troubleshoot?
thanks
Andreas
similar problem (same?) here on Ubuntu 19.10, adb and fastboot enabled, modemmanager removed and disabled...
I have the fire hd10 open and shorted but the script throws:
Code:
[2020-04-05 22:42:37.014509] Waiting for bootrom
[2020-04-05 22:42:45.335053] Found port = /dev/ttyACM0
[2020-04-05 22:42:45.374266] Handshake
[2020-04-05 22:42:45.396024] Disable watchdog
b''
b'\x00\x01'
Traceback (most recent call last):
File "main.py", line 92, in <module>
main()
File "main.py", line 54, in main
handshake(dev)
File "/home/xxx/Downloads/unbrick/modules/handshake.py", line 11, in handshake
dev.write32(0x10007000, 0x22000000)
File "/home/xxx/Downloads/unbrick/modules/common.py", line 150, in write32
self.check(self.dev.read(2), b'\x00\x01') # arg check
File "/home/xxx/Downloads/unbrick/modules/common.py", line 87, in check
raise RuntimeError("ERROR: Serial protocol mismatch")
RuntimeError: ERROR: Serial protocol mismatchso I went to line 87 and commended out the in common.py but I don't think I know what I am doing at this point
Code:
def check(self, test, gold):
if test != gold:
print(test)
print(gold)
print("ERROR: Serial protocol mismatch") <--- uncommented
#raise RuntimeError("ERROR: Serial protocol mismatch") <---- commented outand now it stops here:
Code:
[2020-04-05 22:22:58.368021] Waiting for bootrom
[2020-04-05 22:23:40.592908] Found port = /dev/ttyACM0
[2020-04-05 22:23:40.631312] Handshake
[2020-04-05 22:23:40.652038] Disable watchdog
b''
b'\x00\x01'
ERROR: Serial protocol mismatch
b''
b'\x00\x01'
ERROR: Serial protocol mismatch
* * * Remove the short and press Enter * * *
[2020-04-05 22:24:00.674653] Init crypto engine
b''
b'\x00\x01'
ERROR: Serial protocol mismatch
b''
[SNIP - removed ~30 iterations of this]
b'\x00\x01'
ERROR: Serial protocol mismatch
b''
b'\x00\x00'
ERROR: Serial protocol mismatch
Traceback (most recent call last):
File "main.py", line 92, in <module>
main()
File "main.py", line 57, in main
load_payload(dev, "../brom-payload/build/payload.bin")
File "/home/xxx/Downloads/unbrick/modules/load_payload.py", line 113, in load_payload
hw_acquire(dev)
File "/home/xxx/Downloads/unbrick/modules/load_payload.py", line 25, in hw_acquire
dev.write32(CRYPTO_BASE, dev.read32(CRYPTO_BASE) & 0xFFFFFFF0)
File "/home/xxx/Downloads/unbrick/modules/common.py", line 125, in read32
data = struct.unpack('>I', self.dev.read(4))[0]
struct.error: unpack requires a buffer of 4 bytesanyone can point in the right direction?
I tried using bootable USB of ubuntu 18.04LTS and 16..04LTS - same same. so back on 19.10 now. did something change to cause this to fail?
Can I run the script in verbose to help // troubleshoot?
thanks
Andreas
USB2 ports?
Are you using USB2 ports?
I am looking for an old laptop to prove this... only USB3 ports here...
good luck
Are you using USB2 ports?
I am looking for an old laptop to prove this... only USB3 ports here...
good luck
tried a different laptop - no joy
it was not the laptop. can someone tell me what the script is checking at line 87 (when it throws the error?)
Apparently it expects \x00\x01 but gets .. nothing? but this is where my code skill stops :/
also I seem to be stuck in preloader... any clues?
connecting usb cable (tried 3 now) and applying a short the device starts, when I have the script running
but I immediately get to
checked/used updated udev rules
https://github.com/M0Rf30/android-udev-rules
but still cant' get the device further than bootloader (disconnected from battery, disassembled)
tried the amonet scripts (bootrom-minimal, etc..)
but they all drop at this
it was not the laptop. can someone tell me what the script is checking at line 87 (when it throws the error?)
Apparently it expects \x00\x01 but gets .. nothing? but this is where my code skill stops :/
also I seem to be stuck in preloader... any clues?
Code:
[2020-04-10 07:34:52.475445] Waiting for bootrom
[2020-04-10 07:35:10.082899] Found port = /dev/ttyACM0
[2020-04-10 07:35:10.121918] Handshake
[2020-04-10 07:35:10.142719] Disable watchdog
b''
b'\x00\x01'
Traceback (most recent call last):
File "main.py", line 92, in <module>
main()
File "main.py", line 54, in main
handshake(dev)
File "/home/xxx/Downloads/modules/handshake.py", line 11, in handshake
dev.write32(0x10007000, 0x22000000)
File "/home/xxx/Downloads/modules/common.py", line 150, in write32
self.check(self.dev.read(2), b'\x00\x01') # arg check
File "/home/xxx/Downloads/modules/common.py", line 87, in check
raise RuntimeError("ERROR: Serial protocol mismatch")
RuntimeError: ERROR: Serial protocol mismatch
root@snowflake:/home/xxx/Downloads#connecting usb cable (tried 3 now) and applying a short the device starts, when I have the script running
but I immediately get to
Code:
Bus 003 Device 006: ID 0e8d:2000 MediaTek Inc. MT65xx Preloaderchecked/used updated udev rules
https://github.com/M0Rf30/android-udev-rules
but still cant' get the device further than bootloader (disconnected from battery, disassembled)
tried the amonet scripts (bootrom-minimal, etc..)
but they all drop at this
Code:
[2020-04-10 08:49:34.458825] Found port = /dev/ttyACM0
[2020-04-10 08:49:34.498194] Handshake
[2020-04-10 08:49:34.518900] Disable watchdog
b''
b'\x00\x01'
Traceback (most recent call last):
File "main.py", line 192, in <module>
main()
Last edited:
There is a unlock thread for hd8 (2017) Douglas. Search for it...
---------- Post added at 08:58 PM ---------- Previous post was at 08:07 PM ----------
@retyre could you lend me a hand and help me debug the script? i really can't read it with my meager skills :/
and I am stuck in preloader
amazon offered me a 15 bucks discount for a new hd10 as a workaround as it is just out of warranty
I can try and help you. There is a lot of useful info in the hd10 Suez unlock thread. Look through that. Most the answers you search for are there. If you would like more assistance send me a message and I see I can do. I'm no expert, but have some experience with unlocking/ bricking these.
---------- Post added at 09:07 PM ---------- Previous post was at 08:58 PM ----------
@retyre could you lend me a hand and help me debug the script? i really can't read it with my meager skills :/
and I am stuck in preloader
amazon offered me a 15 bucks discount for a new hd10 as a workaround as it is just out of warranty
I can try and help you. There is a lot of useful info in the hd10 Suez unlock thread. Look through that. Most the answers you search for are there. If you would like more assistance send me a message and I see I can do. I'm no expert, but have some experience with unlocking/ bricking these.
hd10 unlock follow-up
yeah.. so.,. that's how I ended up here
after I had installed TWRP I rebooted and since then I don't get any further than preloader
also took the tablet apart and tried to use the scripts used here (amonet bootrom and bootrom-step scripts)
tried with an old laptop, too. (USB2 ports) no joy
that's how I ended up here, that script is the only one that does _anything_
but my skills are not good enough to unravel what this means:
yeah.. so.,. that's how I ended up here
after I had installed TWRP I rebooted and since then I don't get any further than preloader
also took the tablet apart and tried to use the scripts used here (amonet bootrom and bootrom-step scripts)
tried with an old laptop, too. (USB2 ports) no joy
that's how I ended up here, that script is the only one that does _anything_
but my skills are not good enough to unravel what this means:
Code:
File "/home/xxx/Downloads/modules/handshake.py", line 11, in handshake
dev.write32(0x10007000, 0x22000000)
File "/home/xxx/Downloads/modules/common.py", line 150, in write32
self.check(self.dev.read(2), b'\x00\x01') # arg check
File "/home/xxx/Downloads/modules/common.py", line 87, in check
raise RuntimeError("ERROR: Serial protocol mismatch")
Last edited:
yeah.. so.,. that's how I ended up here
after I had installed TWRP I rebooted and since then I don't get any further than preloader
also took the tablet apart and tried to use the scripts used here (amonet bootrom and bootrom-step scripts)
tried with an old laptop, too. (USB2 ports) no joy
that's how I ended up here, that script is the only one that does _anything_
but my skills are not good enough to unravel what this means:
Code:File "/home/xxx/Downloads/modules/handshake.py", line 11, in handshake dev.write32(0x10007000, 0x22000000) File "/home/xxx/Downloads/modules/common.py", line 150, in write32 self.check(self.dev.read(2), b'\x00\x01') # arg check File "/home/xxx/Downloads/modules/common.py", line 87, in check raise RuntimeError("ERROR: Serial protocol mismatch")
Yes, you are in preloader to run the script, i would suggest you go over to the most current files from the unlock thread.
Try unbricking from there and see if you have the same result. Can you short the device and force bootrom?
https://forum.xda-developers.com/hd8-hd10/orig-development/unlock-fire-hd-10-2017-suez-t3913639
SUCCESS
the problem was not the procedure or the script, it was the short :/
silly me used a crocodile clamp to attach to the MicroSD cage.. and because it seemed convenient I soldered the needle for the short to the attached cable (an anti-static wristband)
now those have a resistance of 1,5M Ohms.. not suitable for a short, I guess
soldered it to a common cable > works instantly
Code:
[2020-05-09 07:35:05.401969] Waiting for bootrom
[2020-05-09 07:35:42.807252] Found port = /dev/ttyACM0
[2020-05-09 07:35:42.807947] Handshake
[2020-05-09 07:35:42.808590] Disable watchdog
* * * Remove the short and press Enter * * *
[2020-05-09 07:35:46.735715] Init crypto engine
[2020-05-09 07:35:46.766793] Disable caches
[2020-05-09 07:35:46.767285] Disable bootrom range checks
[2020-05-09 07:35:46.784772] Load payload from ../brom-payload/build/payload.bin = 0x45D0 bytes
[2020-05-09 07:35:46.786846] Send payload
[2020-05-09 07:35:47.512935] Let's rock
[2020-05-09 07:35:47.513816] Wait for the payload to come online...
[2020-05-09 07:35:52.265234] all good
[2020-05-09 07:35:52.265655] Check GPT
[2020-05-09 07:35:53.548315] gpt_parsed = {'proinfo': (1024, 6144), 'PMT': (7168, 9216), 'kb': (16384, 2048), 'dkb': (18432, 2048), 'lk': (20480, 2048), 'tee1': (22528, 10240), 'tee2': (32768, 10240), 'metadata': (43008, 80896), 'MISC': (123904, 1024), 'reserved': (124928, 16384), 'boot': (141312, 32768), 'recovery': (174080, 34816), 'system': (208896, 3306496), 'cache': (3515392, 868352), 'userdata': (4383744, 56687583), '': (0, 1)}
[2020-05-09 07:35:53.548474] Check boot0
[2020-05-09 07:35:54.749738] Check rpmb
[2020-05-09 07:35:54.956222] Downgrade rpmb
[2020-05-09 07:35:54.958394] Recheck rpmb
[2020-05-09 07:35:55.855508] rpmb downgrade oksooo... thinking helps! Thank you for helping me out. now.. where was I? rooting.. yes!
Hey guys. I bought a not working Fire HD 10 2017 because I thought it might be just a bad battery.
After trying a known working battery I tried plugging it into my PC and it seems like the PreLoader is connecting but is disconnecting right away after 1-2 seconds. Since I dont know what happened to this device is it worth trying this script on it? Or is this behavior a sign of a hardware failure?
When it is fixable I will setup a virtualbox right now
EDIT
I made a Ubuntu Live USB Stick and tried my luck. This is the outcome for now:
Im clueless what to do next...
Seems like the payload isnt going online as expected. lsusb shows the Mediatek Phone and not PreLoader
After trying a known working battery I tried plugging it into my PC and it seems like the PreLoader is connecting but is disconnecting right away after 1-2 seconds. Since I dont know what happened to this device is it worth trying this script on it? Or is this behavior a sign of a hardware failure?
When it is fixable I will setup a virtualbox right now
EDIT
I made a Ubuntu Live USB Stick and tried my luck. This is the outcome for now:
Im clueless what to do next...
Seems like the payload isnt going online as expected. lsusb shows the Mediatek Phone and not PreLoader
Last edited:
Hey guys. I bought a not working Fire HD 10 2017 because I thought it might be just a bad battery.
After trying a known working battery I tried plugging it into my PC and it seems like the PreLoader is connecting but is disconnecting right away after 1-2 seconds. Since I dont know what happened to this device is it worth trying this script on it? Or is this behavior a sign of a hardware failure?
When it is fixable I will setup a virtualbox right now
EDIT
I made a Ubuntu Live USB Stick and tried my luck. This is the outcome for now:
Im clueless what to do next...
Seems like the payload isnt going online as expected. lsusb shows the Mediatek Phone and not PreLoader
I believe that it the error related to modem manager...
sudo apt-get remove modemmanager
sudo apt-get remove --auto-remove modemmanager
sudo systemctl stop ModemManager.service
You are better off using this thread and its files.....
https://forum.xda-developers.com/hd8-hd10/orig-development/unlock-fire-hd-10-2017-suez-t3913639
question
Hello
my problem is that after a successful unbrick the tablet still won't start. I plugged the battery in and out.
jorg@jorg-ThinkPad-X250:~/Schreibtisch/boot$ sudo ./bootrom.sh
[sudo] Passwort für jorg:
[2020-06-17 22:20:30.197994] Waiting for bootrom
[2020-06-17 22:20:55.321570] Found port = /dev/ttyACM0
[2020-06-17 22:20:55.322073] Handshake
[2020-06-17 22:20:55.322675] Disable watchdog
* * * Remove the short and press Enter * * *
[2020-06-17 22:21:05.042216] Init crypto engine
[2020-06-17 22:21:05.066640] Disable caches
[2020-06-17 22:21:05.067332] Disable bootrom range checks
[2020-06-17 22:21:05.083522] Load payload from ../brom-payload/build/payload.bin = 0x45D0 bytes
[2020-06-17 22:21:05.085466] Send payload
[2020-06-17 22:21:05.634210] Let's rock
[2020-06-17 22:21:05.636187] Wait for the payload to come online...
[2020-06-17 22:21:09.240955] all good
[2020-06-17 22:21:09.241475] Check GPT
[2020-06-17 22:21:10.530568] gpt_parsed = {'proinfo': (1024, 6144), 'PMT': (7168, 9216), 'kb': (16384, 2048), 'dkb': (18432, 2048), 'lk': (20480, 2048), 'tee1': (22528, 10240), 'tee2': (32768, 10240), 'metadata': (43008, 80896), 'MISC': (123904, 1024), 'reserved': (124928, 16384), 'boot': (141312, 32768), 'recovery': (174080, 34816), 'system': (208896, 3306496), 'cache': (3515392, 868352), 'userdata': (4383744, 56687583), '': (0, 1)}
[2020-06-17 22:21:10.530913] Check boot0
[2020-06-17 22:21:11.733233] Check rpmb
[2020-06-17 22:21:11.940314] rpmb looks broken; if this is expected (i.e. you're retrying the exploit) press enter, otherwise terminate with Ctrl+C
[2020-06-17 22:21:17.995600] Downgrade rpmb
[2020-06-17 22:21:17.997851] Recheck rpmb
[2020-06-17 22:21:18.888288] rpmb downgrade ok
jorg@jorg-ThinkPad-X250:~/Schreibtisch/boot$ ^C
lsusb shows:
jorg@jorg-ThinkPad-X250:~$ lsusb
Bus 001 Device 002: ID 8087:8001 Intel Corp.
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 003 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 002 Device 003: ID 04ca:703c Lite-On Technology Corp. Integrated Camera
Bus 002 Device 002: ID 8087:0a2a Intel Corp.
Bus 002 Device 098: ID 0e8d:0003 MediaTek Inc. MT6227 phone
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
jorg@jorg-ThinkPad-X250:~$ ^C
Hello
my problem is that after a successful unbrick the tablet still won't start. I plugged the battery in and out.
jorg@jorg-ThinkPad-X250:~/Schreibtisch/boot$ sudo ./bootrom.sh
[sudo] Passwort für jorg:
[2020-06-17 22:20:30.197994] Waiting for bootrom
[2020-06-17 22:20:55.321570] Found port = /dev/ttyACM0
[2020-06-17 22:20:55.322073] Handshake
[2020-06-17 22:20:55.322675] Disable watchdog
* * * Remove the short and press Enter * * *
[2020-06-17 22:21:05.042216] Init crypto engine
[2020-06-17 22:21:05.066640] Disable caches
[2020-06-17 22:21:05.067332] Disable bootrom range checks
[2020-06-17 22:21:05.083522] Load payload from ../brom-payload/build/payload.bin = 0x45D0 bytes
[2020-06-17 22:21:05.085466] Send payload
[2020-06-17 22:21:05.634210] Let's rock
[2020-06-17 22:21:05.636187] Wait for the payload to come online...
[2020-06-17 22:21:09.240955] all good
[2020-06-17 22:21:09.241475] Check GPT
[2020-06-17 22:21:10.530568] gpt_parsed = {'proinfo': (1024, 6144), 'PMT': (7168, 9216), 'kb': (16384, 2048), 'dkb': (18432, 2048), 'lk': (20480, 2048), 'tee1': (22528, 10240), 'tee2': (32768, 10240), 'metadata': (43008, 80896), 'MISC': (123904, 1024), 'reserved': (124928, 16384), 'boot': (141312, 32768), 'recovery': (174080, 34816), 'system': (208896, 3306496), 'cache': (3515392, 868352), 'userdata': (4383744, 56687583), '': (0, 1)}
[2020-06-17 22:21:10.530913] Check boot0
[2020-06-17 22:21:11.733233] Check rpmb
[2020-06-17 22:21:11.940314] rpmb looks broken; if this is expected (i.e. you're retrying the exploit) press enter, otherwise terminate with Ctrl+C
[2020-06-17 22:21:17.995600] Downgrade rpmb
[2020-06-17 22:21:17.997851] Recheck rpmb
[2020-06-17 22:21:18.888288] rpmb downgrade ok
jorg@jorg-ThinkPad-X250:~/Schreibtisch/boot$ ^C
lsusb shows:
jorg@jorg-ThinkPad-X250:~$ lsusb
Bus 001 Device 002: ID 8087:8001 Intel Corp.
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 003 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 002 Device 003: ID 04ca:703c Lite-On Technology Corp. Integrated Camera
Bus 002 Device 002: ID 8087:0a2a Intel Corp.
Bus 002 Device 098: ID 0e8d:0003 MediaTek Inc. MT6227 phone
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
jorg@jorg-ThinkPad-X250:~$ ^C
I would suggest going to the newer unbrick and unlock thread. Use it to unlock it, since you are booting into the bootrom (that is "MediaTek Inc. MT6227 phone") you should be able the install twrp and flash a clean fireOS.
https://forum.xda-developers.com/hd8-hd10/orig-development/unlock-fire-hd-10-2017-suez-t3913639
https://forum.xda-developers.com/hd8-hd10/orig-development/unlock-fire-hd-10-2017-suez-t3913639
Similar threads
Top Liked Posts
-
There are no posts matching your filters.
-
22Disclaimer: To go through with this, you will have to open up your device to get access to the back of the PCB. This is not for everyone. If you encounter issues, I (or the others here) will try to help you, but the risk is all yours.
First, credit where credit is due. To xyz` for coming up with this and taking the time to help and to k4y0z for helping me get unstuck multiple times.
What's the purpose of this thread, you ask? It's to recover from a bricked 2017 Fire HD 10 as a result of sideloading to a lower version (from anti-rollback). This thread is not about rooting or other apps. Numerous threads of that type exist on these forums. If your device can get to the "amazon" screen or the "Fire" screen, do not waste your time here. Questions unrelated to anti-rollback unbricking will be mostly ignored.
This has only been tested on Linux (Ubuntu 16.04). In general, getting familiar with Linux (as opposed to Windows) can make all the difference in projects like these.
1. Make sure your device is powered off and disconnected from your PC.
2. Take off the back cover, remove the pieces of tape from the battery and display connectors, disconnect the battery and display cables, unscrew the PCB (11 screws), and gently lift it up. Take care not to rip the speaker wires from the board. (To unbrick, you do not have to connect the battery.)
3. Download and extract the contents of unbrick_suez.zip (attached).
4. Navigate to the root of the extracted archive and open a terminal there.
5. Optional: If you see serial port errors, disable or remove modem manager as root (command may vary with distro; try one or more of these commands in Ubuntu 16.04):
Code:sudo apt-get remove modemmanager sudo apt-get remove --auto-remove modemmanager sudo systemctl stop ModemManager.service
6. Run the unbricking script as root:
Code:sudo ./bootrom.sh
You should see it waiting for the bootrom. Let it be and do the following with the PCB.
7. Connect the microUSB end of the cable to the PCB. This is the more physically-challenging end of the connection. Leave open the PC side.
8. Short the point (highlighted in blue in the attached picture) to ground. Work with what you're comfortable with, but here's my approach (use M/M jumper wire if you have access to it):
a. Gently nudge one end of the wire into the metal case of the SD slot so that it stays in place (keyword: gently). This frees up one hand. You need just enough grip to ensure it doesn't fall off unexpectedly.
b. Hold the other tip of the jumper wire to the point highlighted in blue.
c. Connect the other end of the USB cable to your Linux box (remove the jumper wire when you're instructed to and press Enter on your keyboard).
You should see the following:
It should complete in a few seconds.
9. Unplug the USB cable after "rpmb downgrade ok" appears in the terminal.
10. Put your device back together (PCB and display/battery cables). Do not screw the PCB in or snap the back cover until you confirm your device has been unbricked.
11. Depress the power button (with your nail or a suitable tool) to turn on your device. (If it doesn't turn back on, hold it down for a few seconds. If you hear a ding, that's usually a good sign.) This can be challenging for the uninitiated, but don't complain. Obviously, it's better to verify unbricking now than after you put everything back together.
12. If the device turns back on, you can shut it down and put everything back together. If it does not turn back on, connect it to your PC and see what shows up with lsusb. Time to troubleshoot.
If you have questions, read the two linked threads above. If you cannot find the answer to your question(s), post here. If you append this entire OP to your post (instead of snipping most/all of it), I will, on general principle, ignore your post.2I just 'freed' two Fire HD 10 inch 2017 models
I used the alternate root exploit which seemed to work fine.
On the 2nd tablet however, I got stuck in bootrom-step-minimal.sh
For some reason it didn't want to read the GPT partition
After a bit of poking around, I just added a retry for that read since the first one returned with a 0 length answer.
So I changed the function from:
Python:def emmc_read(self, idx): # magic self.dev.write(p32_be(0xf00dd00d)) # cmd self.dev.write(p32_be(0x1000)) # block to read self.dev.write(p32_be(idx)) data = self.dev.read(0x200) if len(data) != 0x200: raise RuntimeError("read fail")
To:
Python:def emmc_read(self, idx): # magic self.dev.write(p32_be(0xf00dd00d)) # cmd self.dev.write(p32_be(0x1000)) # block to read self.dev.write(p32_be(idx)) data = self.dev.read(0x200) if len(data) != 0x200: data = self.dev.read(0x200) if len(data) != 0x200: raise RuntimeError("read fail")
Surprisingly that worked and I was able to continue with fastboot \o/
Just thought I'd comment because I found a few identical questions but couldn't find anyone else that figured out the workaround2
There's no need for any edit to the script. It has always included a pause for user input. In an earlier post, you told him/her to try all the six points and that you will look at one of your boards and take a picture. Why? The OP has always included a picture of the PCB with a clear marking of which point to short. There's no need for trial-and-error.
To shadowcliffs: Opening the back should not have resulted in damage to the PCB. Disconnect the battery and display cables, remove the PCB from the case, and try again. If you don't have jumper wire, use a metal clip. Get a second pair of hands to help. Tell us what you see with lsusb as you do this.1This method worked and unbricked my 2017 HD 10 after a bad firmware flash. Had to run the script twice, the first time succeeded but the tablet didn't boot up. May have been completely out of battery after running itself down in a media loader bootloop all night but after a short charge the low battery icon flashed and back in business. Also helps to have a friend ready to plug/unplug the USB and hit enter when required, it's a very small spot on the board that you're shorting.
The hardest part was getting the shell off, once you unclip the sides you'll feel it's still "stuck" because there are 3 more clips about 1.5-2" from the left side of the tablet, starting 3" from the bottom. You just have to force them and the shell will pop off. Be careful they clip back in when you reassemble or they will push against the screen and cause white spots.
Thank you retyre for your efforts amongst many posts here, without this guide I'd be stuck with a paperweight. For anyone else with a hard bricked HD 10 2017 model, you've got nothing to lose giving this a go!1I have also a Amazon fire hd 10 2017.
It is completely bricked (I have flash a false ROM. This script also not worked )
Sorry if is now 2023 but I have it since 2017. And it is now get bricked a few months ago.
I can't turn it on it can't boot and no recovery no Fastboot. It's completely black.
What can I do?
