The steps described should be enough.
Perhaps later can be improved or can be added a windowa executable or apk that do all, but not now.
Okay,thanks.one more question, I'm currently running @ggow's HDX nexus ROM v2.0.4 ,do I have to roll back to Amazon fire os to do that ?or I could just do the unlock steps on currently ROM ?
Sent from my Nexus HDX 8.9 using XDA Free mobile app
I get to unlock the bootloader of my kindle hdx 8.9
Prerequisite:
- Bootloader shipped with firmwareversion 1[34].3.1.0 <= x <= 1[34].3.2.4 (as we use the rsa bug)
- Rooted kindle
adb shell
cat /sys/block/mmcblk0/device/manfid
cat /sys/block/mmcblk0/device/serial
create a file unlock.img with following content:
0xmmssssssss
where mm=manfid and ss=serial
encrypt it with my vortox fork of signing tool at
https://github.com/dpeddi/Cuber
./cuber_unlockbl --sign ./unlock.img ./unlock.signed
connect the hdx to a linux box and do following command:
./fastboot -i 0x1949 devices
./fastboot -i 0x1949 flash unlock unlock.signed
./fastboot -i 0x1949 reboot
adb shell
idme print
[...]
unlock_code: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMsv9S[...]WRUFx7FaA==
Regards and thank to all (Hashcode, Cpasjuste, Vortox...)
I get to unlock the bootloader of my kindle hdx 8.9
Prerequisite:
- Bootloader shipped with firmwareversion 1[34].3.1.0 <= x <= 1[34].3.2.4 (as we use the rsa bug)
- Rooted kindle
adb shell
cat /sys/block/mmcblk0/device/manfid
cat /sys/block/mmcblk0/device/serial
create a file unlock.img with following content:
0xmmssssssss
where mm=manfid and ss=serial
encrypt it with my vortox fork of signing tool at
https://github.com/dpeddi/Cuber
./cuber_unlockbl --sign ./unlock.img ./unlock.signed
connect the hdx to a linux box and do following command:
./fastboot -i 0x1949 devices
./fastboot -i 0x1949 flash unlock unlock.signed
./fastboot -i 0x1949 reboot
adb shell
idme print
[...]
unlock_code: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMsv9S[...]WRUFx7FaA==
Regards and thank to all (Hashcode, Cpasjuste, Vortox...)
but once unlocked u should be able to always flash any bootloader?I forgot to tell you that if you upgrade bootloader to newer image with fixed openssl you lost unlock.
Hi there,
With so many complaints about Linux dependencies,
I figured a Python-only version of cuber may be a good idea.
(Windows does have Python ports, right?
You'll still need python-gmpy2, in addition to fairly standard Python stuff.)
So, here it comes.
Both boot images and unlock codes are supported,
depending on what you pass on the command line.
For unlock codes, figure out your manfid and serial
as explained by the OP, and use the following:
And, then do the fastboot dance from the OP.Code:> python cuberHDX.py [I]mmssssssss[/I] Your unlock code is in '[I]mmssssssss[/I].unlock'.
For boot images, the procedure is fairly similar:
Code:> python cuberHDX.py [I]your-boot.img[/I] Your image '[I]your-boot.img[/I]' is now "signed".
I've downloaded and tested the new version (-v2),
and it works fine on my Apollo.
adb shell
cat /sys/block/mmcblk0/device/manfid
cat /sys/block/mmcblk0/device/serial
python.exe cuberHDX.py 0xmmssssssss
adb reboot-bootloader
fastboot -i 0x1949 devices
fastboot -i 0x1949 flash unlock 0xmmssssssss.unlock
fastboot -i 0x1949 reboot
> python cuberHDX.py [I]mmssssssss[/I]
Your unlock code is in '[I]mmssssssss[/I].unlock'.
> python cuberHDX.py [I]your-boot.img[/I]
Your image '[I]your-boot.img[/I]' is now "signed".
> python cuberHDX.py AA12345678
Your unlock code is in 'AA12345678.unlock'.
> openssl rsautl -verify -inkey unlock.crt -certin -in AA12345678.unlock -hexdump
0000 - 30 78 41 41 31 32 33 34-35 36 37 38 0a 00 00 00 0xAA12345678....
0010 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
0020 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
0030 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
0040 - 00 00 00 00 00 00 00 00-00 00 00 93 6a d2 8e da ............j...
0050 - 94 30 8b 2c 38 21 09 2e-bd e1 13 7d dd e0 ba 22 .0.,8!.....}..."
0060 - e0 1d 8d 73 8a a3 f1 ac-5b f5 3d 06 c5 95 ba 2f ...s....[.=..../
0070 - ab fe 86 7c 26 64 3d ee-47 84 1b cb 12 6a 42 27 ...|&d=.G....jB'
0080 - 53 04 14 f6 a4 17 89 fc-8c b6 96 d3 10 de 21 35 S.............!5
0090 - dc 8b c5 6e 4c ec f2 9e-c1 50 72 8a 06 ff 3b 61 ...nL....Pr...;a
00a0 - 1a a3 52 bd c3 04 13 4c-a1 2a 8f 93 88 6b 46 cf ..R....L.*...kF.
00b0 - df 1f 1b f3 a1 7a d1 9d-a2 04 77 8a a3 37 14 c5 .....z....w..7..
00c0 - 08 98 5f ac 5b d7 0f 1f-fa fe 0f e2 a4 65 5f b3 .._.[........e_.
00d0 - f7 8b 9f bf a5 b2 28 84-39 e2 0d 03 6b 82 03 f2 ......(.9...k...
00e0 - 25 dc f1 41 9d 27 75 6f-10 fe 93 0d c7 95 71 67 %..A.'uo......qg
00f0 - 54 2b T+
00f5 - <SPACES/NULS>
[COLOR="Lime"]>[/COLOR] dd if=boot.img bs=2k of=/dev/null
[COLOR="Red"]3634[/COLOR]+0 records in
3634+0 records out
7442432 bytes (7.4 MB) copied, 0.00792165 s, 940 MB/s
[COLOR="Lime"]>[/COLOR] dd if=boot.img bs=2k skip=[COLOR="Red"]3633[/COLOR] count=256 iflag=count_bytes of=sig
0+1 records in
0+1 records out
256 bytes (256 B) copied, 0.000197051 s, 1.3 MB/s
[COLOR="Lime"]>[/COLOR] openssl rsautl -verify -inkey production.crt -certin -in sig -hexdump
0000 - ad 84 84 25 a7 89 57 c3-8c 67 6a c3 25 5c b7 2e ...%..W..gj.%\..
0010 - f4 c8 90 ac a2 fb bf 36-91 3c 43 18 f4 08 c4 9e .......6.<C.....
0020 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
0030 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
0040 - 00 00 00 00 00 00 00 00-00 00 00 a4 8f 3e 09 eb .............>..
0050 - 65 3c 1b 3e de 2e b8 0b-6c 37 55 40 40 9e c0 dd e<.>....l7U@@...
0060 - f7 e0 25 7d 32 18 1b 93-dc ee 1e 9f 7c b7 1b 00 ..%}2.......|...
0070 - d8 62 ec 67 b2 46 74 e8-7f 58 3a b7 ff 22 60 cf .b.g.Ft..X:.."`.
0080 - c4 27 07 83 3f d1 01 06-f6 e6 63 b7 77 5e 45 1f .'..?.....c.w^E.
0090 - 6e 85 2f 29 4f d0 89 70-fb d7 3c e2 da 6f e3 06 n./)O..p..<..o..
00a0 - 5a f2 1f 9e ca aa 7d 84-24 f4 56 9d 8f 16 cf 9c Z.....}.$.V.....
00b0 - c1 07 74 c4 b4 1b f4 7f-04 95 cf d4 93 a1 59 e8 ..t...........Y.
00c0 - 34 a6 aa 2a 7a 39 05 50-0f bb 2d 41 71 cf 8b 47 4..*z9.P..-Aq..G
00d0 - 7a e5 70 3c 36 27 e0 c1-a6 14 2b 28 92 f9 d1 c3 z.p<6'....+(....
00e0 - ac 1e 54 05 10 49 00 6d-ed f9 8a 0b f6 e7 4a 29 ..T..I.m......J)
00f0 - 9a 74 27 10 .t'.
00f5 - <SPACES/NULS>
[COLOR="Lime"]>[/COLOR] dd if=boot.img bs=2k count=[COLOR="Red"]3633[/COLOR] | sha256sum
3633+0 records in
3633+0 records out
7440384 bytes (7.4 MB) copied, 0.0493471 s, 151 MB/s
ad848425a78957c38c676ac3255cb72ef4c890aca2fbbf36913c4318f408c49e -
Some additional tips/guidance here which complements the link in the post by @D0ubl3_X. Although there are several different BL unlock guides/tools circulating I have found the one by @cey014 works best for my limited brain power.
Note that it *IS* possible to roll back from 3.2.x to 3.1.0
at least, up to and including 3.2.6, which I had before TWRP came.
The instructions for 3.2.5 and above are at the end of the post.
The procedure is verified for 3.2.6, but f you can get root on your device,
I suspect that this might work for 3.2.7 & 3.28 as well, but I don't know
(since I happened to have 3.2.6 at the time).
If you are the adventurous type and you understand what the scripts do,
you can "extrapolate" and move to 3.2.3.2 directly (which is what I did),
but it may be both faster and easier to move to 3.1.0 first, and then use
the stock update from Amazon to upgrade to 3.2.3.2.
In either case, you'll need to fetch one of these, depending on your device:
https://kindle-fire-updates.s3.amazonaws.com/update-kindle-13.3.2.3.2_user_323001720.bin
https://kindle-fire-updates.s3.amazonaws.com/update-kindle-14.3.2.3.2_user_323001720.bin
Good luck!