Amazon Fire Tablet rooted

Search This thread

ldeveraux

Senior Member
Nov 20, 2008
2,544
916
Lenovo Thinkpad Tablet
Nexus Q
Not sure why no one cares about this, maybe wrong section? But here's a reply from the developer regarding using it on the fire tv:

" technically, if you have access to the original boot.img of the other FireOS device 5, can get into fastboot, and do the boot.img repacking, theoretically you can use the same method.
but, you definitely can't use this as it is..."

So do we have the correct boot.img for the device? ?
 

AFTVnews.com

Senior Member
Jul 22, 2014
481
364
www.AFTVnews.com
This rooting method relies on using a modified boot image, loaded through fastboot, to mount the system partition as writable. This will not work for the 1st-gen Fire TV or Fire TV Stick because they are hardware locked to not allow fastboot to load a boot image. Oddly, the 2nd-gen Fire TV will allow fastboot to load a boot image, so it may be possible to root the 2nd-gen Fire TV using this method. The problem is, we do not have a complete original boot image for the 2nd-gen Fire TV to use as the base for the modified boot image. The boot image is normally extracted from the software update file, but since the 2nd-gen Fire TV switched to incremental updates, its updates do not contain a complete boot image. Only patches to the boot image.
 
  • Like
Reactions: D33H

roligov

Senior Member
Dec 29, 2012
297
105
London
Oh no! Its like "Are you shure about not beeing able to enter fastboot on First-Gen-AFTV? That Thread looks like it could somehow be possible:

You may be able to enter fastboot mode but the bootloader is still locked and read-only on the AFTV 1, hence rbox developing a bootloader unlock for those of us with root.

AFTVnews.com says the AFTV2 bootloader is unlocked, which is semi good news I suppose.
 

rp201

Senior Member
Dec 18, 2010
415
51
so could someone with image lets say 5.03 perform a hardware root on the emmc of the device and then extract the boot.img be possible route?
 

roligov

Senior Member
Dec 29, 2012
297
105
London
If the emmc hardware root still works on the AFTV2, you should be able to dump the bootloader.
 
Last edited:

roligov

Senior Member
Dec 29, 2012
297
105
London
So it looks like they are using fastboot boot to boot a modified kernel image. On Fire TV, it prevents you from running fastboot boot.

Do you have an AFTV2 rbox? If not we need to get a fund going to buy you one so you can tinker.
Elias said "Oddly, the 2nd-gen Fire TV will allow fastboot to load a boot image" so it will be interesting to see if you can do anything with it.
 

rbox

Recognized Developer
Apr 22, 2011
1,776
2,607
Do you have an AFTV2 rbox? If not we need to get a fund going to buy you one so you can tinker.
Elias said "Oddly, the 2nd-gen Fire TV will allow fastboot to load a boot image" so it will be interesting to see if you can do anything with it.

I don't, and I wasn't really planning on getting one. It's still yet to be seen if it can actually load an unsigned kernel image.
 

roligov

Senior Member
Dec 29, 2012
297
105
London
Oh ok. Maybe Elias can setup a donation page on AFTVNews.com with an "Assist rbox in getting an AFTV2" with your donation link and a counter. You have done a lot for the community, I'm sure many people will donate, I would definitely donate again.
 

AFTVnews.com

Senior Member
Jul 22, 2014
481
364
www.AFTVnews.com
Oh ok. Maybe Elias can setup a donation page on AFTVNews.com with an "Assist rbox in getting an AFTV2" with your donation link and a counter. You have done a lot for the community, I'm sure many people will donate, I would definitely donate again.

I'm sure we can get enough donations, but I'll leave it up to @rbox if he wants it. I won't start a campaign and force it on him without his okay.
 

AFTVnews.com

Senior Member
Jul 22, 2014
481
364
www.AFTVnews.com
If it can be verified that unsigned kernels work, I guess I could probably work on it.

Then let's just assume it can and go ahead and get you a box ;) If not unsigned kernels, I'm sure something will come around that the community will benefit from you having a 2nd-gen Fire TV to experiment on. I'll start up a campaign on Monday.
 

rbox

Recognized Developer
Apr 22, 2011
1,776
2,607
Then let's just assume it can and go ahead and get you a box ;) If not unsigned kernels, I'm sure something will come around that the community will benefit from you having a 2nd-gen Fire TV to experiment on. I'll start up a campaign on Monday.

OK. But everyone needs to be clear that I make no promises about anything.
 

zeroepoch

Senior Member
If it can be verified that unsigned kernels work, I guess I could probably work on it.

It's definitely locked. If you look at the UART output you can see it just doesn't setup the memory mapping correctly in fastboot mode vs lk mode. I even tried to recompute the hash and update the signature and of course that failed. This was with modifying the boot partition not even using fastboot so in lk mode. We'd need some sort of unlock code like you did for the first one. That's why I gave up and went to using the preloader to modify the flash. It was a ton more work because I had to write an MMC driver for PIO mode based on the kernel sources. Potentially if you can modify lk (which is also signed) or just understand how it works an unlock code might be generated. If we could find a way to dump the preloader that would be even more helpful to potentially extract keys because then SP Flash Tool could work. Then the device would be unbrickable pretty much. I'm guessiung the boot process is all protected and they keys are store in trustzone and unobtainable.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 4
    Then let's just assume it can and go ahead and get you a box ;) If not unsigned kernels, I'm sure something will come around that the community will benefit from you having a 2nd-gen Fire TV to experiment on. I'll start up a campaign on Monday.

    OK. But everyone needs to be clear that I make no promises about anything.
    2
    If it can be verified that unsigned kernels work, I guess I could probably work on it.

    Then let's just assume it can and go ahead and get you a box ;) If not unsigned kernels, I'm sure something will come around that the community will benefit from you having a 2nd-gen Fire TV to experiment on. I'll start up a campaign on Monday.
    1
    This rooting method relies on using a modified boot image, loaded through fastboot, to mount the system partition as writable. This will not work for the 1st-gen Fire TV or Fire TV Stick because they are hardware locked to not allow fastboot to load a boot image. Oddly, the 2nd-gen Fire TV will allow fastboot to load a boot image, so it may be possible to root the 2nd-gen Fire TV using this method. The problem is, we do not have a complete original boot image for the 2nd-gen Fire TV to use as the base for the modified boot image. The boot image is normally extracted from the software update file, but since the 2nd-gen Fire TV switched to incremental updates, its updates do not contain a complete boot image. Only patches to the boot image.
    1
    OK. But everyone needs to be clear that I make no promises about anything.

    You got it. I'll make sure that's clear.