• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[DISCONTINUED] TWRP Flashable .3.2.3 Bootloader Upgrade

Status
Not open for further replies.
Search This thread

ggow

Recognized Developer
Feb 28, 2014
3,893
10,558
Amazon Fire
Sony Xperia XZ1 Compact
- Discontinued.
- This was only really useful for people that unlocked on firmwares older than xx.3.2.3.2.
- It should no longer be needed


If your bootloader is not unlocked OR you are running Safestrap 4.xx, please walk away now​
Android-Phone-Rooting-qtkznc-273x3001.png

Disclaimer
Code:
[COLOR="gray"]
/*
 * I am not responsible for bricked devices, dead SD cards, thermonuclear war,
 * or you getting fired because the alarm app failed.
 * Please do some research if you have any concerns about features included
 * in the products you find here before flashing it!
 * YOU are choosing to make these modifications.
 */
[/COLOR]

Hello all,

Here are some bootloader upgrade images which allow you to upgrade your system to .3.2.3.2 without flashing the full amazon stock firmware image.
The reason you might want to do this is because a few people have reported graphical glitches/black screen issues while trying to run HDX Nexus ROM.

Updating to .3.2.3.2 seems to fix the problems.

These update images will flash the bootloaders on your system.
They will NOT flash the modem firmware, /boot , /recovery or /system partitions.

*** PLEASE CHECK THE MD5 OF THESE AFTER DOWNLOADING AND BEFORE FLASHING ***

I have tested both of them Apollo and Thor respectively.

Instructions
- Copy the file to your /sdcard on your device
- Flash the file with TWRP
- Reboot

Downloads
- Discontinued.
- This was only really useful for people that unlocked on firmwares older than xx.3.2.3.2.
- It should no longer be needed
 
Last edited:

DB126

Senior Member
Oct 15, 2013
15,269
10,044
Yup, worked great for me too. Fixed occasional gallery FCs on boot which was the only issue I was experiencing with the older bootloader.
 

Mr.Dumb

Member
Dec 19, 2014
10
0
In short, no. The exploit was patched in .3.2.4.

Sent from my Nexus 6 using Tapatalk

Okay thanks a lot for the answer, as i have root access can i downgrade by fooling system that i have a lower build (editing build prop) and then updating the lower build.

In short ill make build prop edit to a lower version than .3.2.4 or so and then sideload update the .3.2.3 Firmware. ?
 

DB126

Senior Member
Oct 15, 2013
15,269
10,044
Okay thanks a lot for the answer, as i have root access can i downgrade by fooling system that i have a lower build (editing build prop) and then updating the lower build.

In short ill make build prop edit to a lower version than .3.2.4 or so and then sideload update the .3.2.3 Firmware. ?

Err, don't think that's going to work. If it were that easy folks would be downgrading from 3.2.7/3.2.8 in droves (and certainly the devs would have supplied a tool for the masses). Best catch up by reading through the forums and learning what can and can't be done with your device given the current firmware level.
 
  • Like
Reactions: Bear6009 and jeryll

draxie

Senior Member
Apr 20, 2014
508
610
In short, no. The exploit was patched in .3.2.4.

Sent from my Nexus 6 using Tapatalk

Is there any rollback protection in place for 'aboot'?
If not (wishful thinking, I guess) flashing any valid
(i.e. Amazon-signed) 'emmc_appsboot.mbn' should work.
Do we know?

---------- Post added at 20:44 ---------- Previous post was at 20:40 ----------

@ggow Will there be any thing available for kindle with 14.3.2.8 software?

Could you post the exact version of your system software (including _user_32800XXXX)?
You'll find this under Settings/Device/System Updates/Current Version...
 

ggow

Recognized Developer
Feb 28, 2014
3,893
10,558
Amazon Fire
Sony Xperia XZ1 Compact
Is there any rollback protection in place for 'aboot'?
If not (wishful thinking, I guess) flashing any valid
(i.e. Amazon-signed) 'emmc_appsboot.mbn' should work.
Do we know?

---------- Post added at 20:44 ---------- Previous post was at 20:40 ----------



Could you post the exact version of your system software (including _user_32800XXXX)?
You'll find this under Settings/Device/System Updates/Current Version...

@draxie

It is very probable that flashing an old emmc_appsboot.mbn on .3.2.8 will trigger the rollback protection. Something else that might have changed is that the DTB table layout might have changed which would make it incompatible with any installed recovery or boot image. If someone can dump the boot partition from a device running 3.2.8 I could let you know whether that is the case.

If the above is satisfiable in our favour then we would need to check whether the same RSA signature in the .3.2.8 SBL used to check the aboot image is the same as the old SBL's RSA signature. Then there might be a chance to flash an older amazon signed aboot.img.

It's a longshot.
 
Last edited:

draxie

Senior Member
Apr 20, 2014
508
610
@draxie

It is very probable that flashing an old emmc_appsboot.mbn on .3.2.8 will trigger the rollback protection. Something else that might have changed is that the DTB table layout might have changed which would make it incompatible with any installed recovery or boot image. If someone can dump the boot partition from a device running 3.2.8 I could let you know whether that is the case.

If the above is satisfiable in our favour then we would need to check whether the same RSA signature in the .3.2.8 SBL used to check the aboot image is the same as the old SBL's RSA signature. Then there might be a chance to flash an older amazon signed aboot.img.

It's a longshot.

You are, of course, right on all counts.
Nevertheless, the 3.x.y series is basically JB, with the same DT format everywhere,
but I'd also like to double check. That's why I asked for the full version string, hoping
to find the update image on Amazon's servers.
As for the SBL, which partitions are relevant?
I know for a fact that the 4.5.2 firmware (except aboot) work fine with 3.2.3.2,
as I flashed those myself... Those included tz, rpm, sbl1, and dbi/sdi.
I'd say we may have a chance; but it IS risky.
 

AmazonLeaker

Senior Member
Nov 20, 2014
72
21
I believe this can be found in buildprop

Else contact customer care and ask them links + version strings.

They will help and that person will get a "yes" at least

Edit :

Found in build prop : 14.3.2.8_user_328003120
 
Last edited:
  • Like
Reactions: draxie

AmazonLeaker

Senior Member
Nov 20, 2014
72
21
Thanks!
Unfortunately, the OTA update with this version does not seem to be available at the usual place...

Hey [email protected] I'm sorry but i don't understand what do you want to point out ?
Do you mean to say that the file is not there ?
Well its not in the aws server anymore i believe, however I'd suggest you to contact customer care and inform them of this get a ticket raised (better possibility) and /or get this fixed on call itself (very thin chances of this).

Please note : there is some customer service team outsourced at pune & chennai they are very notorious and lie so please beware! (you can only identify them by their very odd names)
 

draxie

Senior Member
Apr 20, 2014
508
610
@draxie

It is very probable that flashing an old emmc_appsboot.mbn on .3.2.8 will trigger the rollback protection.

Actually, I have another data point here: I rolled back from 3.2.6 to 3.2.3.2
following the relatively procedure from the scripts posted here .
This involved building stock recovery from the OTA (basically the same way the shell script does).
Changing build.prop and applying the OTA straight from the /sdcard.

No real rollback protection to speak of.
I don't see why this shouldn't work on 3.2.8...

AFAICT, the recovery stuff had to be done not to trip a check in the updater-script.
Similarly, the build.prop stuff is probably needed so that the com.amazon.dcp app/library
would pick up the update.

I think I convinced myself enough that I might try flashing aboot at some point...
 
Last edited:
  • Like
Reactions: AmazonLeaker

draxie

Senior Member
Apr 20, 2014
508
610
Its updated to 4.5.3

Hey [email protected] I'm sorry but i don't understand what do you want to point out ?
Do you mean to say that the file is not there ?
Well its not in the aws server anymore i believe, however I'd suggest you to contact customer care and inform them of this get a ticket raised (better possibility) and /or get this fixed on call itself (very thin chances of this).

Please note : there is some customer service team outsourced at pune & chennai they are very notorious and lie so please beware! (you can only identify them by their very odd names)

I guess what I'm wondering is whether the update image for this version
(and 1x.3.2.7) was ever publicly released, since pretty much all earlier versions
I've tried can still be downloaded from Amazon at the URL

https://kindle-fire-updates.s3.amazonaws.com/

alternatively

https://s3.amazonaws.com/kindle-fire-updates/

followed by 'update-kindle-LONG_VERSION.bin',
which kind of makes sense considering that there
_could_ be devices out there with any version...

These "milestone" versions are all still available:

1x.3.1.0_user_310079820 (first[?] root)
1x.3.2.3.2_user_323001720 (latest with RSA bug)
1x.3.2.6_user_326001820 (latest with no rollback protection?)

SO, my question is -IF you have a 1x.3.2.8- did you receive it as normal OTA,
or are these rollback-protected images distributed only to those that didn' t
want 4.x.x... I'm just speculating here, of course.

It looks like I've gotten an answer in the meantime..
 
Last edited:

GSLEON3

Retired Senior Moderator
Err, don't think that's going to work. If it were that easy folks would be downgrading from 3.2.7/3.2.8 in droves (and certainly the devs would have supplied a tool for the masses). Best catch up by reading through the forums and learning what can and can't be done with your device given the current firmware level.

Yeah, AFAIK you can only use the build.prop edit downgrade for non-bootloader change updates. While you may be able to change from 3.2.8 to 3.2.7 (if the bootloader was not updated), you still cannot roll back any further because of the "roll back bootloader" efuse that was added, which is why Amazon won't downgrade certain people below a certain version, they simply can't do it.

However, if you have 3.2.6, then you could probably use the edited prop file & just flash the complete earlier version OTA.

I am going to have to play with this a bit, because it has me curious about what changes they have made & whether I can then get the 4.5.x kernel & system partition working with the 3.2.3 bootloader.

Speaking of which.... Have any of you that have been involved with the signing tool decompiled the various bootloader versions? How much difference did you notice? I am wondering if it's just address space & vuln patches, or if it is going to be a time consuming thing to catch up & figure out what needs to be & even can be changed to offer 4.5x features alongside the 3.2.3 bootloader...

EDIT: AND... I see ggow has been working on this...
 
Last edited:
Status
Not open for further replies.

Top Liked Posts

  • There are no posts matching your filters.
  • 16
    - Discontinued.
    - This was only really useful for people that unlocked on firmwares older than xx.3.2.3.2.
    - It should no longer be needed


    If your bootloader is not unlocked OR you are running Safestrap 4.xx, please walk away now​
    Android-Phone-Rooting-qtkznc-273x3001.png

    Disclaimer
    Code:
    [COLOR="gray"]
    /*
     * I am not responsible for bricked devices, dead SD cards, thermonuclear war,
     * or you getting fired because the alarm app failed.
     * Please do some research if you have any concerns about features included
     * in the products you find here before flashing it!
     * YOU are choosing to make these modifications.
     */
    [/COLOR]

    Hello all,

    Here are some bootloader upgrade images which allow you to upgrade your system to .3.2.3.2 without flashing the full amazon stock firmware image.
    The reason you might want to do this is because a few people have reported graphical glitches/black screen issues while trying to run HDX Nexus ROM.

    Updating to .3.2.3.2 seems to fix the problems.

    These update images will flash the bootloaders on your system.
    They will NOT flash the modem firmware, /boot , /recovery or /system partitions.

    *** PLEASE CHECK THE MD5 OF THESE AFTER DOWNLOADING AND BEFORE FLASHING ***

    I have tested both of them Apollo and Thor respectively.

    Instructions
    - Copy the file to your /sdcard on your device
    - Flash the file with TWRP
    - Reboot

    Downloads
    - Discontinued.
    - This was only really useful for people that unlocked on firmwares older than xx.3.2.3.2.
    - It should no longer be needed
    2
    Okay thanks a lot for the answer, as i have root access can i downgrade by fooling system that i have a lower build (editing build prop) and then updating the lower build.

    In short ill make build prop edit to a lower version than .3.2.4 or so and then sideload update the .3.2.3 Firmware. ?

    Err, don't think that's going to work. If it were that easy folks would be downgrading from 3.2.7/3.2.8 in droves (and certainly the devs would have supplied a tool for the masses). Best catch up by reading through the forums and learning what can and can't be done with your device given the current firmware level.
    2
    Hello!
    Could you please make the same zip, but with sbl1, tz, rpm (+ modem if it's possible) from 4.5.5.2? Leaving aboot 3.2.3 of course.
    That can be a good alternative for those who want to have all possible stuff as up to date as it's possible :)

    There is really no need to do this. The bootloaders from .3.2.3.2 have proven stable. Also this is a risky process so I won't be making such a flashable zip. I did it before because the .3.1.0 bootloaders caused WiFi and Graphical Glitches.
    2
    How can I flash modem to downgrade it to 3.2.3.3 too?
    I made that http://forum.xda-developers.com/kin...-to-unbrick-kindle-fire-hdx-firmware-t3277197 and now I want to flash the file from this thread to become more "3.2.3.2", because as ONYXis said now I've got "aboot from 3.2.3 , other components of bootchain (sbl, modem. tz, rpm) from 4.5 after that procedure."
    I've got some wi-fi issues and want to try to fix them.

    I'll look into it this week.
    1
    Thor HDX 7" bricked as well. Everything was working fine, wanted to install the KK Fire Nexus ROM but TWRP was giving me error 7, something about build dates not being able to install a newer over an older one (even after I flashed TWRP again), so i tried flashing this, rebooted, and now black screen and QSHL USB thing showing up in device manager.

    I had an unlocked bootloader completely, so that wasn't the problem.

    Last 30 posts in this thread are people saying that this bricked their devices, really makes you think huh.