The first thing I generally do when I start hacking around on a device is create an insecure boot image.
The reason for this is that an insecure boot image gives you a degree of 'recoverability' at the very earliest stage of the device boot process - even if you totally screw up /system, you have a change of getting in via ADB and making things better. With this in mind (and since I haven't seen one about yet?), i've created an insecure boot image for the Kindle Fire. This is the stock 6.2.1 ROM boot image with ro.secure set to 0 and busybox installed as /system/bin/sh. This is important as it means you can still 'adb shell' even with a totally unmountable system partition.
INSTALL AT YOUR OWN RISK! THIS IS ONLY TESTED ON MY 6.2.1 BUILD KINDLE FIRE, I TAKE NO RESPONSIBLITY IF YOUR DEVICE BREAKS ETC. ETC.!
To install, do the following (ADB access is required):
P
The reason for this is that an insecure boot image gives you a degree of 'recoverability' at the very earliest stage of the device boot process - even if you totally screw up /system, you have a change of getting in via ADB and making things better. With this in mind (and since I haven't seen one about yet?), i've created an insecure boot image for the Kindle Fire. This is the stock 6.2.1 ROM boot image with ro.secure set to 0 and busybox installed as /system/bin/sh. This is important as it means you can still 'adb shell' even with a totally unmountable system partition.
INSTALL AT YOUR OWN RISK! THIS IS ONLY TESTED ON MY 6.2.1 BUILD KINDLE FIRE, I TAKE NO RESPONSIBLITY IF YOUR DEVICE BREAKS ETC. ETC.!
To install, do the following (ADB access is required):
- Download the zergRush binary (huge props to the Revolutionary.io team for this exploit) - DOWNLOAD - MD5: aed52dbab0e924f3e7fbef8d314da771
- Download the insecure boot image - DOWNLOAD - MD5: 717279b84953e41856b18975a0eb2f48
- Check the MD5 hashes of the downloaded files
- adb push zergRush to /data/local and make executable ('adb push zergRush /data/local/ && adb shell chmod 4755 /data/local/zergRush')
- adb push the insecure boot image ('adb push r1.6.2.1.kindlefire.boot.insecure.img /data/local/')
- Gain temproot ('adb shell /data/local/zergRush')
- Flash the boot image ('adb shell dd if=/data/local/r1.6.2.1.kindlefire.boot.insecure.img of=/dev/block/platform/mmci-omap-hs.1/by-name/boot')
- Reboot the device ('adb reboot')
P
Last edited: