• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[DONATE to k4y0z] - BL UNLOCK for HD8 (16/17) / support for HD8 (18)

With HD10 2017 unlock in progress, which is the next Fire to unlock?


  • Total voters
    41
Search This thread

bibikalka

Senior Member
May 14, 2015
1,395
1,097
Given high popular demand for Fire TV stick 4K unlock, there is now a separate thread in the appropriate FireTV location:
https://forum.xda-developers.com/fire-tv/general/please-donate-to-k4y0z-bl-unlock-twrp-t3913935

March 24th, 2019 post

The HD10 2017 fundraising effort had been a huge success, and @k4y0z had delivered an unlock for the device - link. Many thanks to everybody who contributed funds to the undertaking!!! Enjoy the unlocked device! Custom ROMs will be forthcoming!

Now, given that a few other devices don't have an unlock yet, we shall keep this thread open as a place to express those wishes. If the wishes are matched by funds, @k4y0z may spend a bit of his time to acquire the requested older device on eBay, and unlock it ;)

At present, there is quite a bit of interest to support HD8 devices. Chances are if @k4y0z acquired one of HD8 devices, he would be able to support all vintages (2016-2018). Let's make it happen!

March 5th, 2019 post

Update: We need to secure sufficient funding for @k4y0z to acquire an HD10, and work to unlock it! The donation PayPal account is in his profile. Given @k4y0z's excellent track record in unlocking, the delivery of HD10 unlock is not in question !!! :D
For my own very selfish interest, I have the oldest bootloaders known - 5.5.0.0. As such, I want a purely dd based method, where the exploit resides strictly within the official boot0 region, which would be no more than 1 Mb :D


 
Last edited:

k4y0z

Senior Member
Nov 27, 2015
1,447
1,881
For standardization, one could go with 5.5.0 bootloaders from this early ROM - update-kindle-40.5.9.1_user_591450020.bin
I would rather use the newest exploitable LK to ensure compatibility with the newest boot-images.

@k4y0z / @xyz` - what's the level of challenge for the unlock ? With another volunteer that has HD10 opened, testing can be done with imperfect versions, and BootRom access via shorting.
The HD10 forces 64-Bit kernel which makes the exploit more difficult and also requires repartitioning the device.
This would also mean decreasing the size of userdata-partition by about 110MiB and an increased boot-time of about 10 seconds.
It also requires a factory-reset since userdata needs to be reformatted.
I actually have a working exploit for another device that also forces 64 bit, so I know it's possible.
Unfortunately I don't own a Fire HD10, which I would need to work on it.
 

bibikalka

Senior Member
May 14, 2015
1,395
1,097
I would rather use the newest exploitable LK to ensure compatibility with the newest boot-images.

The HD10 forces 64-Bit kernel which makes the exploit more difficult and also requires repartitioning the device.
This would also mean decreasing the size of userdata-partition by about 110MiB and an increased boot-time of about 10 seconds.
It also requires a factory-reset since userdata needs to be reformatted.
I actually have a working exploit for another device that also forces 64 bit, so I know it's possible.
Unfortunately I don't own a Fire HD10, which I would need to work on it.

Do you care to set up an account on GoFundMe or Fundly? They will eat about ~10% of donations for processing. Once a few people pitch in a few bucks, you could purchase a device or two.

Fire HD 10 is a pretty capable device, so needs some good software as well! There are also a few Fire models that are totally unloved (HD6/7 2014, HD8/10 2015) - those could use some BootRom hacking too ! :D
 

dbnaruto

Senior Member
Feb 23, 2010
117
7
Heck, I'm so impressed with how easily for my Fire 7 unlocked, that if one of the people who got the other Fire tablets unlocked commits to getting the Fire 10 working, I'd just buy them the refurb'ed tablet to work on. It's what Amazon wish list are made for ;)
 
Last edited:
There is a German PayPal email in your profile, would you be interested to work on this if you got an HD10?

I have a few HD 10s with plans for another. I need mother nature to cooperate with me for at least two days and I can build and compile the fastboot binary for the mt8173, it at least try. Yes mediatek has their own binary, their own command line for it. The structure is not much different from ADB, and I'm not sure amazon even knows it exists. I'm not even sure if any of you knew it. If I or anyone else can build it, all we need are the mediatek drivers we use currently to get to bootrom, and the binary to run the commands and we're in.

Sent from my MotoG3 using XDA Labs
 
P.S. I have seen echos of fastboot being used to flash images. We know that's not possible as the current setup stands. So if my research in the past year was at all right, then we can use the kit I have to build and sign factory images (with official tools and official signatures included), to our hearts content. It just so happens I have the kit with everything needed to do just that, including the source code to the bootloaders and kernel (mediatek) as well as other proprietary things. We just need to get.this fastboot built.

Sent from my MotoG3 using XDA Labs
 
Having trouble compiling the binaries. This is my first time using gcc. Here is the link to the stuff the mt8173 needs that's we can build. If you click the bootloader/lk link then bootloader, lk, app and mt_boot, you'll see fastboot, mt_boot, the command lines etc. https://github.com/Goayandi/mediatek_mt8176_development

Also in the platform folder in bootloader, lk, target, whiskey, Inc, is a hex OEM public key the private key verifies. https://github.com/Goayandi/vendor_...p-7.0/bootloader/lk/target/wisky8176_tb_n/inc What do we need to don't format this key into a bin file we can flash in fastboot?

Sent from my Amazon KFSUWI using XDA Labs
 
  • Like
Reactions: rotorbudd

DB126

Senior Member
Oct 15, 2013
15,281
10,049
Although I don't (yet) use your exploits and will likely never own a HD 10 I tossed in a few shillings as a token of appreciation for all you have done. Hopefully will help close the gap on your recent Amazon acquisition. :)
 

bibikalka

Senior Member
May 14, 2015
1,395
1,097
Thanks everyone for your donations, especially @dbnaruto for your VERY generous donation!
I nearly got the funds together, so I went ahead and ordered a HD10.

Excellent!!!

I say we shall keep going ! There are other Fire devices out there that need some loving & TWRP!

Any nominations for other Fires amongst XDA frequent flyers? Shall we set up a poll? Fire stick 4K? Fire HD8/10 2015? What should the additional funds be collected for?
@k4y0z - HD10 2017 is a nice device, hopefully, you can do your hacking without opening the case! Please put exploit at 512k in boot0, this way we can dd everything in!
 
Last edited:

Top Liked Posts

  • There are no posts matching your filters.
  • 4
    P.S. I have seen echos of fastboot being used to flash images. We know that's not possible as the current setup stands. So if my research in the past year was at all right, then we can use the kit I have to build and sign factory images (with official tools and official signatures included), to our hearts content. It just so happens I have the kit with everything needed to do just that, including the source code to the bootloaders and kernel (mediatek) as well as other proprietary things. We just need to get.this fastboot built.

    Sent from my MotoG3 using XDA Labs
    4
    Hey guys, I've been looking into this for a while now and have practice in reverse engineering and have worked with lk's before. I currently own a fire HD10 (7th gen). Due to it being a personal device (and my sons) I would like to request donations to work on fresh HD's. So far I see great research and have even learned more myself. I would like to thank... @[email protected]
    For giving me a better understanding of the complexity of this process.
    Lol
    4
    I donated, so I'd clearly love to see this happen. Best of luck guys.
    3
    For standardization, one could go with 5.5.0 bootloaders from this early ROM - update-kindle-40.5.9.1_user_591450020.bin
    I would rather use the newest exploitable LK to ensure compatibility with the newest boot-images.

    @k4y0z / @xyz` - what's the level of challenge for the unlock ? With another volunteer that has HD10 opened, testing can be done with imperfect versions, and BootRom access via shorting.
    The HD10 forces 64-Bit kernel which makes the exploit more difficult and also requires repartitioning the device.
    This would also mean decreasing the size of userdata-partition by about 110MiB and an increased boot-time of about 10 seconds.
    It also requires a factory-reset since userdata needs to be reformatted.
    I actually have a working exploit for another device that also forces 64 bit, so I know it's possible.
    Unfortunately I don't own a Fire HD10, which I would need to work on it.