[BOOT] 11 Jan r2 6.2.1 - Insecure Boot Image for Kindle Fire

Search This thread
By:
Advanced…
paulobrien

paulobrien

Senior Member
Nov 6, 2003
5,276
7,321
Norwich
www.MoDaCo.com
The first thing I generally do when I start hacking around on a device is create an insecure boot image.

The reason for this is that an insecure boot image gives you a degree of 'recoverability' at the very earliest stage of the device boot process - even if you totally screw up /system, you have a change of getting in via ADB and making things better. ;) With this in mind (and since I haven't seen one about yet?), i've created an insecure boot image for the Kindle Fire. This is the stock 6.2.1 ROM boot image with ro.secure set to 0 and busybox installed as /system/bin/sh. This is important as it means you can still 'adb shell' even with a totally unmountable system partition.

INSTALL AT YOUR OWN RISK! THIS IS ONLY TESTED ON MY 6.2.1 BUILD KINDLE FIRE, I TAKE NO RESPONSIBLITY IF YOUR DEVICE BREAKS ETC. ETC.!

To install, do the following (ADB access is required):

  • Download the zergRush binary (huge props to the Revolutionary.io team for this exploit) - DOWNLOAD - MD5: aed52dbab0e924f3e7fbef8d314da771
  • Download the insecure boot image - DOWNLOAD - MD5: 717279b84953e41856b18975a0eb2f48
  • Check the MD5 hashes of the downloaded files
  • adb push zergRush to /data/local and make executable ('adb push zergRush /data/local/ && adb shell chmod 4755 /data/local/zergRush')
  • adb push the insecure boot image ('adb push r1.6.2.1.kindlefire.boot.insecure.img /data/local/')
  • Gain temproot ('adb shell /data/local/zergRush')
  • Flash the boot image ('adb shell dd if=/data/local/r1.6.2.1.kindlefire.boot.insecure.img of=/dev/block/platform/mmci-omap-hs.1/by-name/boot')
  • Reboot the device ('adb reboot')
And that's it, you're done, you should now have root ADB access!

P
 
Last edited:
  • Like
Reactions: allofusjw, eldarerathis, riverzhou and 5 others
SikYou

SikYou

Senior Member
Oct 18, 2010
438
77
Nice to know that you have a kindle Paul, thanks for the boot!

Sent from my Kindle Fire using Tapatalk
 
SikYou

SikYou

Senior Member
Oct 18, 2010
438
77
Filesonic SUCKS! Won't let me download the boot because it thinks I am still downloading something else, which I am clearly not. Maybe I'll try this when someone uploads to a legit host.

***I added some mirror links to Pauls thread over @ Modaco

---------- Post added at 09:36 AM ---------- Previous post was at 08:47 AM ----------

Well, so far I am stuck in a bootloop. I'll let you guys know what happens
 
Last edited:
SikYou

SikYou

Senior Member
Oct 18, 2010
438
77
paulobrien said:
A bootloop? Flashed over stock? That makes no sense at all.

P

Sent from my Galaxy Nexus using Tapatalk
Click to expand...
Click to collapse

Yep! I am a very experienced modder and I definitely followed the instructions to the T. I am not only looping but I have no access to shell so I am now in the process of trying to make a factory cable so that I can fastboot and recover from this. Not sure what went wrong :confused:
 
paulobrien

paulobrien

Senior Member
Nov 6, 2003
5,276
7,321
Norwich
www.MoDaCo.com
SikYou said:
Yep! I am a very experienced modder and I definitely followed the instructions to the T. I am not only looping but I have no access to shell so I am now in the process of trying to make a factory cable so that I can fastboot and recover from this. Not sure what went wrong :confused:
Click to expand...
Click to collapse
Did you check the MD5s etc? I flashed it to my own Fire before uploading of course.

P

Sent from my Galaxy Nexus using Tapatalk
 
SikYou

SikYou

Senior Member
Oct 18, 2010
438
77
Well I f'd up the factory cable build (I have very poor soldering skills) so I will wait for some parts to come in the mail and see if I can make it work. I wish teamblackhat still had these cables in stock :eek:

---------- Post added at 11:10 AM ---------- Previous post was at 11:03 AM ----------
paulobrien said:
Did you check the MD5s etc? I flashed it to my own Fire before uploading of course.

P

Sent from my Galaxy Nexus using Tapatalk
Click to expand...
Click to collapse

md5's checked and matched
 
E

eldarerathis

Senior Member
Jun 21, 2010
159
316
cl2eep said:
Has anyone flashed this w/ success? Also, if we already have root, do we need to do all the zerg steps?
Click to expand...
Click to collapse

I flashed this a few days ago and it's worked great.

@OP: How did you make your boot image, if I may ask? I tried my usual unpack->modify build.prop->repack method but my image won't actually boot. It unpacks/repacks fine and it flashes fine, but I hang at the bootloader.
 
You must log in or register to reply here.

Similar threads

V
  • Locked
[Root][TWRP][FFF][CWM]Kindle Fire Utility v0.9.6 (5/09/12) [First Gen Only]
Replies
2K
Views
2M
Moscow Desire
Moscow Desire
Hashcode
[ROM/KERNEL] OFFICIAL CM11.0 + 3.0.72 Kernel for Kindle Fire [NIGHTLIES]
Replies
3K
Views
1M
M
mikeataol
twa_priv
[ROM] CM10/SGT7 for the Kindle Fire [20130117]
Replies
4K
Views
1M
sd_shadow
sd_shadow
Hashcode
[ROM-AOSP] [OLD] Stock Jelly Bean 4.1.2_r1 for the Kindle Fire [10-10]
Replies
887
Views
646K
S
spartan77
awidawad
[Root][TWRP][COTR][BOOTLOADERS]Kindle Fire Utility v0.9.9 (4/5/13) [1st Gen Only!]
Replies
512
Views
600K
sd_shadow
sd_shadow

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 8
    paulobrien
    paulobrien
    The first thing I generally do when I start hacking around on a device is create an insecure boot image.

    The reason for this is that an insecure boot image gives you a degree of 'recoverability' at the very earliest stage of the device boot process - even if you totally screw up /system, you have a change of getting in via ADB and making things better. ;) With this in mind (and since I haven't seen one about yet?), i've created an insecure boot image for the Kindle Fire. This is the stock 6.2.1 ROM boot image with ro.secure set to 0 and busybox installed as /system/bin/sh. This is important as it means you can still 'adb shell' even with a totally unmountable system partition.

    INSTALL AT YOUR OWN RISK! THIS IS ONLY TESTED ON MY 6.2.1 BUILD KINDLE FIRE, I TAKE NO RESPONSIBLITY IF YOUR DEVICE BREAKS ETC. ETC.!

    To install, do the following (ADB access is required):

    • Download the zergRush binary (huge props to the Revolutionary.io team for this exploit) - DOWNLOAD - MD5: aed52dbab0e924f3e7fbef8d314da771
    • Download the insecure boot image - DOWNLOAD - MD5: 717279b84953e41856b18975a0eb2f48
    • Check the MD5 hashes of the downloaded files
    • adb push zergRush to /data/local and make executable ('adb push zergRush /data/local/ && adb shell chmod 4755 /data/local/zergRush')
    • adb push the insecure boot image ('adb push r1.6.2.1.kindlefire.boot.insecure.img /data/local/')
    • Gain temproot ('adb shell /data/local/zergRush')
    • Flash the boot image ('adb shell dd if=/data/local/r1.6.2.1.kindlefire.boot.insecure.img of=/dev/block/platform/mmci-omap-hs.1/by-name/boot')
    • Reboot the device ('adb reboot')
    And that's it, you're done, you should now have root ADB access!

    P
    View

New posts