• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[BOOT] 11 Jan r2 6.2.1 - Insecure Boot Image for Kindle Fire

Search This thread

paulobrien

Senior Member
Nov 6, 2003
5,279
7,316
Norwich
www.MoDaCo.com
The first thing I generally do when I start hacking around on a device is create an insecure boot image.

The reason for this is that an insecure boot image gives you a degree of 'recoverability' at the very earliest stage of the device boot process - even if you totally screw up /system, you have a change of getting in via ADB and making things better. ;) With this in mind (and since I haven't seen one about yet?), i've created an insecure boot image for the Kindle Fire. This is the stock 6.2.1 ROM boot image with ro.secure set to 0 and busybox installed as /system/bin/sh. This is important as it means you can still 'adb shell' even with a totally unmountable system partition.

INSTALL AT YOUR OWN RISK! THIS IS ONLY TESTED ON MY 6.2.1 BUILD KINDLE FIRE, I TAKE NO RESPONSIBLITY IF YOUR DEVICE BREAKS ETC. ETC.!

To install, do the following (ADB access is required):

  • Download the zergRush binary (huge props to the Revolutionary.io team for this exploit) - DOWNLOAD - MD5: aed52dbab0e924f3e7fbef8d314da771
  • Download the insecure boot image - DOWNLOAD - MD5: 717279b84953e41856b18975a0eb2f48
  • Check the MD5 hashes of the downloaded files
  • adb push zergRush to /data/local and make executable ('adb push zergRush /data/local/ && adb shell chmod 4755 /data/local/zergRush')
  • adb push the insecure boot image ('adb push r1.6.2.1.kindlefire.boot.insecure.img /data/local/')
  • Gain temproot ('adb shell /data/local/zergRush')
  • Flash the boot image ('adb shell dd if=/data/local/r1.6.2.1.kindlefire.boot.insecure.img of=/dev/block/platform/mmci-omap-hs.1/by-name/boot')
  • Reboot the device ('adb reboot')
And that's it, you're done, you should now have root ADB access!

P
 
Last edited:

SikYou

Senior Member
Oct 18, 2010
438
77
Filesonic SUCKS! Won't let me download the boot because it thinks I am still downloading something else, which I am clearly not. Maybe I'll try this when someone uploads to a legit host.

***I added some mirror links to Pauls thread over @ Modaco

---------- Post added at 09:36 AM ---------- Previous post was at 08:47 AM ----------

Well, so far I am stuck in a bootloop. I'll let you guys know what happens
 
Last edited:

SikYou

Senior Member
Oct 18, 2010
438
77
A bootloop? Flashed over stock? That makes no sense at all.

P

Sent from my Galaxy Nexus using Tapatalk

Yep! I am a very experienced modder and I definitely followed the instructions to the T. I am not only looping but I have no access to shell so I am now in the process of trying to make a factory cable so that I can fastboot and recover from this. Not sure what went wrong :confused:
 

paulobrien

Senior Member
Nov 6, 2003
5,279
7,316
Norwich
www.MoDaCo.com
Yep! I am a very experienced modder and I definitely followed the instructions to the T. I am not only looping but I have no access to shell so I am now in the process of trying to make a factory cable so that I can fastboot and recover from this. Not sure what went wrong :confused:
Did you check the MD5s etc? I flashed it to my own Fire before uploading of course.

P

Sent from my Galaxy Nexus using Tapatalk
 

SikYou

Senior Member
Oct 18, 2010
438
77
Well I f'd up the factory cable build (I have very poor soldering skills) so I will wait for some parts to come in the mail and see if I can make it work. I wish teamblackhat still had these cables in stock :eek:

---------- Post added at 11:10 AM ---------- Previous post was at 11:03 AM ----------

Did you check the MD5s etc? I flashed it to my own Fire before uploading of course.

P

Sent from my Galaxy Nexus using Tapatalk

md5's checked and matched
 

eldarerathis

Senior Member
Jun 21, 2010
159
316
Has anyone flashed this w/ success? Also, if we already have root, do we need to do all the zerg steps?

I flashed this a few days ago and it's worked great.

@OP: How did you make your boot image, if I may ask? I tried my usual unpack->modify build.prop->repack method but my image won't actually boot. It unpacks/repacks fine and it flashes fine, but I hang at the bootloader.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 8
    The first thing I generally do when I start hacking around on a device is create an insecure boot image.

    The reason for this is that an insecure boot image gives you a degree of 'recoverability' at the very earliest stage of the device boot process - even if you totally screw up /system, you have a change of getting in via ADB and making things better. ;) With this in mind (and since I haven't seen one about yet?), i've created an insecure boot image for the Kindle Fire. This is the stock 6.2.1 ROM boot image with ro.secure set to 0 and busybox installed as /system/bin/sh. This is important as it means you can still 'adb shell' even with a totally unmountable system partition.

    INSTALL AT YOUR OWN RISK! THIS IS ONLY TESTED ON MY 6.2.1 BUILD KINDLE FIRE, I TAKE NO RESPONSIBLITY IF YOUR DEVICE BREAKS ETC. ETC.!

    To install, do the following (ADB access is required):

    • Download the zergRush binary (huge props to the Revolutionary.io team for this exploit) - DOWNLOAD - MD5: aed52dbab0e924f3e7fbef8d314da771
    • Download the insecure boot image - DOWNLOAD - MD5: 717279b84953e41856b18975a0eb2f48
    • Check the MD5 hashes of the downloaded files
    • adb push zergRush to /data/local and make executable ('adb push zergRush /data/local/ && adb shell chmod 4755 /data/local/zergRush')
    • adb push the insecure boot image ('adb push r1.6.2.1.kindlefire.boot.insecure.img /data/local/')
    • Gain temproot ('adb shell /data/local/zergRush')
    • Flash the boot image ('adb shell dd if=/data/local/r1.6.2.1.kindlefire.boot.insecure.img of=/dev/block/platform/mmci-omap-hs.1/by-name/boot')
    • Reboot the device ('adb reboot')
    And that's it, you're done, you should now have root ADB access!

    P