• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[BOOT] 11 Jan r2 6.2.1 - Insecure Boot Image for Kindle Fire

Search This thread

paulobrien

Senior Member
Nov 6, 2003
5,279
7,316
Norwich
www.MoDaCo.com
The first thing I generally do when I start hacking around on a device is create an insecure boot image.

The reason for this is that an insecure boot image gives you a degree of 'recoverability' at the very earliest stage of the device boot process - even if you totally screw up /system, you have a change of getting in via ADB and making things better. ;) With this in mind (and since I haven't seen one about yet?), i've created an insecure boot image for the Kindle Fire. This is the stock 6.2.1 ROM boot image with ro.secure set to 0 and busybox installed as /system/bin/sh. This is important as it means you can still 'adb shell' even with a totally unmountable system partition.

INSTALL AT YOUR OWN RISK! THIS IS ONLY TESTED ON MY 6.2.1 BUILD KINDLE FIRE, I TAKE NO RESPONSIBLITY IF YOUR DEVICE BREAKS ETC. ETC.!

To install, do the following (ADB access is required):

  • Download the zergRush binary (huge props to the Revolutionary.io team for this exploit) - DOWNLOAD - MD5: aed52dbab0e924f3e7fbef8d314da771
  • Download the insecure boot image - DOWNLOAD - MD5: 717279b84953e41856b18975a0eb2f48
  • Check the MD5 hashes of the downloaded files
  • adb push zergRush to /data/local and make executable ('adb push zergRush /data/local/ && adb shell chmod 4755 /data/local/zergRush')
  • adb push the insecure boot image ('adb push r1.6.2.1.kindlefire.boot.insecure.img /data/local/')
  • Gain temproot ('adb shell /data/local/zergRush')
  • Flash the boot image ('adb shell dd if=/data/local/r1.6.2.1.kindlefire.boot.insecure.img of=/dev/block/platform/mmci-omap-hs.1/by-name/boot')
  • Reboot the device ('adb reboot')
And that's it, you're done, you should now have root ADB access!

P
 
Last edited:

SikYou

Senior Member
Oct 18, 2010
438
77
Nice to know that you have a kindle Paul, thanks for the boot!

Sent from my Kindle Fire using Tapatalk
 

SikYou

Senior Member
Oct 18, 2010
438
77
Filesonic SUCKS! Won't let me download the boot because it thinks I am still downloading something else, which I am clearly not. Maybe I'll try this when someone uploads to a legit host.

***I added some mirror links to Pauls thread over @ Modaco

---------- Post added at 09:36 AM ---------- Previous post was at 08:47 AM ----------

Well, so far I am stuck in a bootloop. I'll let you guys know what happens
 
Last edited:

SikYou

Senior Member
Oct 18, 2010
438
77
A bootloop? Flashed over stock? That makes no sense at all.

P

Sent from my Galaxy Nexus using Tapatalk

Yep! I am a very experienced modder and I definitely followed the instructions to the T. I am not only looping but I have no access to shell so I am now in the process of trying to make a factory cable so that I can fastboot and recover from this. Not sure what went wrong :confused:
 

paulobrien

Senior Member
Nov 6, 2003
5,279
7,316
Norwich
www.MoDaCo.com
Yep! I am a very experienced modder and I definitely followed the instructions to the T. I am not only looping but I have no access to shell so I am now in the process of trying to make a factory cable so that I can fastboot and recover from this. Not sure what went wrong :confused:
Did you check the MD5s etc? I flashed it to my own Fire before uploading of course.

P

Sent from my Galaxy Nexus using Tapatalk
 

SikYou

Senior Member
Oct 18, 2010
438
77
Well I f'd up the factory cable build (I have very poor soldering skills) so I will wait for some parts to come in the mail and see if I can make it work. I wish teamblackhat still had these cables in stock :eek:

---------- Post added at 11:10 AM ---------- Previous post was at 11:03 AM ----------

Did you check the MD5s etc? I flashed it to my own Fire before uploading of course.

P

Sent from my Galaxy Nexus using Tapatalk

md5's checked and matched
 

eldarerathis

Senior Member
Jun 21, 2010
159
316
Has anyone flashed this w/ success? Also, if we already have root, do we need to do all the zerg steps?

I flashed this a few days ago and it's worked great.

@OP: How did you make your boot image, if I may ask? I tried my usual unpack->modify build.prop->repack method but my image won't actually boot. It unpacks/repacks fine and it flashes fine, but I hang at the bootloader.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 8
    The first thing I generally do when I start hacking around on a device is create an insecure boot image.

    The reason for this is that an insecure boot image gives you a degree of 'recoverability' at the very earliest stage of the device boot process - even if you totally screw up /system, you have a change of getting in via ADB and making things better. ;) With this in mind (and since I haven't seen one about yet?), i've created an insecure boot image for the Kindle Fire. This is the stock 6.2.1 ROM boot image with ro.secure set to 0 and busybox installed as /system/bin/sh. This is important as it means you can still 'adb shell' even with a totally unmountable system partition.

    INSTALL AT YOUR OWN RISK! THIS IS ONLY TESTED ON MY 6.2.1 BUILD KINDLE FIRE, I TAKE NO RESPONSIBLITY IF YOUR DEVICE BREAKS ETC. ETC.!

    To install, do the following (ADB access is required):

    • Download the zergRush binary (huge props to the Revolutionary.io team for this exploit) - DOWNLOAD - MD5: aed52dbab0e924f3e7fbef8d314da771
    • Download the insecure boot image - DOWNLOAD - MD5: 717279b84953e41856b18975a0eb2f48
    • Check the MD5 hashes of the downloaded files
    • adb push zergRush to /data/local and make executable ('adb push zergRush /data/local/ && adb shell chmod 4755 /data/local/zergRush')
    • adb push the insecure boot image ('adb push r1.6.2.1.kindlefire.boot.insecure.img /data/local/')
    • Gain temproot ('adb shell /data/local/zergRush')
    • Flash the boot image ('adb shell dd if=/data/local/r1.6.2.1.kindlefire.boot.insecure.img of=/dev/block/platform/mmci-omap-hs.1/by-name/boot')
    • Reboot the device ('adb reboot')
    And that's it, you're done, you should now have root ADB access!

    P