CFKod
Senior Member
This happened to me.. It was when I had incorrectly install pyserial when you actually need pytbon3-serial
I then changed USB port and voila.
Fire 7 (2019, mustang) unbrick, downgrade, unlock & root
- Thread starter xyz`
- Start date
This happened to me.. It was when I had incorrectly install pyserial when you actually need pytbon3-serial
I then changed USB port and voila.
CFKod
Senior Member
I've been on Lineage 16 (whatever the latest is) and WiFI keeps crapping out constantly. I've heard this is a common issue.
Is there a flashable stock ROM with root so I don't lose root?
Is there a flashable stock ROM with root so I don't lose root?
when i try to run boot tom sh on original austin it also stuck at handshake
b''
b'\x00\x01'
Traceback (most recent call last):
File "/home/cunny/Downloads/amonet/modules/main.py", line 130, in <module>
main()
File "/home/cunny/Downloads/amonet/modules/main.py", line 64, in main
handshake(dev)
File "/home/cunny/Downloads/amonet/modules/handshake.py", line 11, in handshake
dev.write32(0x10007000, 0x22000000)
File "/home/cunny/Downloads/amonet/modules/common.py", line 152, in write32
self.check(self.dev.read(2), b'\x00\x01') # arg check
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/cunny/Downloads/amonet/modules/common.py", line 89, in check
raise RuntimeError("ERROR: Serial protocol mismatch")
b''
b'\x00\x01'
Traceback (most recent call last):
File "/home/cunny/Downloads/amonet/modules/main.py", line 130, in <module>
main()
File "/home/cunny/Downloads/amonet/modules/main.py", line 64, in main
handshake(dev)
File "/home/cunny/Downloads/amonet/modules/handshake.py", line 11, in handshake
dev.write32(0x10007000, 0x22000000)
File "/home/cunny/Downloads/amonet/modules/common.py", line 152, in write32
self.check(self.dev.read(2), b'\x00\x01') # arg check
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/cunny/Downloads/amonet/modules/common.py", line 89, in check
raise RuntimeError("ERROR: Serial protocol mismatch")
lol i combed this thread a lot over the years before i flashed mine, because i was chicken opening up.
From what I read you need a one from the early batches, because Amazon locked it down late 2019. Probably hard to tell which one you got other than going off by purchase date. I remember when I got mine I prob could of done the software flash, but I was dumb and didn't know how to go past the first boot up screen and connected it to the internet and it updated it self.....
Are you getting a good connection when you are grounding the pin? Mine was like way tiny compared to the picture, like there's nothing sticking out like that one picture that shows you how to do it. Are you grounding it to the leftover shield piece that surrounds it?
Anyways hope it works for you, it would be kinda nice to have more people interested in this.
Mine was purchased new in 2021 and has fire 7. Something on it. The pin is very small yes and if i keep it grounded, it stay at waiting for bootrom but as soon as i realease the short, it starts to go but ends with port protocal mismatch or something like that. I disconnect battery and try again with same results. Ive been reading alot of threds talking about the patch being fixed on newer devices but no ones actually confirmed it as you are right, theres no way to tell if you have a pre 2019 or not or at least i haven't been able to confirm that from the tablet but again, i did get it in 2021. I have several tablets, this ones not important to me so ill keep tinkering till i find a way to unlock it or break it lol. Thanks for the reply.
In Jan 2020 the bootrom was disabled, you can also tell by the serial number. Anything that was purchased from amazon after march of 2020 had the bootrom disabled. You can only get into the preloader. There may be a rooting option with it having a mali GPU, but i cant confirm anyone is working on it or it will work on this, and this will likely be root only.Mine was purchased new in 2021 and has fire 7. Something on it. The pin is very small yes and if i keep it grounded, it stay at waiting for bootrom but as soon as i realease the short, it starts to go but ends with port protocal mismatch or something like that. I disconnect battery and try again with same results. Ive been reading alot of threds talking about the patch being fixed on newer devices but no ones actually confirmed it as you are right, theres no way to tell if you have a pre 2019 or not or at least i haven't been able to confirm that from the tablet but again, i did get it in 2021. I have several tablets, this ones not important to me so ill keep tinkering till i find a way to unlock it or break it lol. Thanks for the reply.
Tried the hardware method on mine and it said something like incorrect serial and now it wont power on anymore. Anybody know how to fix this issue or can i not use it anymore?
Edit: I just shorted it again and it turned on
Edit: I just shorted it again and it turned on
Last edited:
Similar threads
Top Liked Posts
-
There are no posts matching your filters.
-
48Make sure to read this guide completely before starting.
You will lose all data on the tablet, make a backup of important data before you start.
What you need:
- a Linux installation. Don't use a VM! Use a live USB, if you don't have Linux installed, but don't use a virtual machine.
- a microusb cable to connect your tablet to the PC
- (if you go with hw option) some way to open the tablet (pry tool, opening picks, etc)
- (if you go with hw option) something conductive (metal tweezers, a paper clip, a piece of wire, etc)
- (if you go with sw option) mtk-su from https://forum.xda-developers.com/android/development/amazing-temp-root-mediatek-armv8-t3922213
- amonet-mustang.zip from this post
- finalize.zip from this post
- update-kindle-NS6312_user_1827_0002517050244.bin: https://fireos-tablet-src.s3.amazon...ate-kindle-NS6312_user_1827_0002517050244.bin
- Magisk-v19.3.zip: https://github.com/topjohnwu/Magisk/releases/download/v19.3/Magisk-v19.3.zip
Install python3, PySerial, adb and fastboot. For Debian/Ubuntu something like this should work "sudo apt install python3 python3-serial android-tools-adb android-tools-fastboot".
0. Disconnect the tablet and all other Android devices from the PC.
1. Back up whatever important data you have on the device and perform a complete factory reset of the tablet. When going through the initial setup, don't connect to a network (see below on how to do that).
2. Disable or uninstall ModemManager from your Linux installation
3. At this point you need to get your tablet into the bootrom download mode. There are two ways it can be achieved.
a) If your tablet works, you can use the software method (which doesn't require opening the tablet) or the hardware method. Note that if something goes horribly wrong, you might still be required to open up the tablet.
b) If your tablet doesn't boot (bricked), you can only use the hardware method
----------------------------------------------------------------------------------------------------
Software method:
This will get you into bootrom mode by obtaining temporary root and temporarily bricking the device.
1. Download mtk-su from https://forum.xda-developers.com/android/development/amazing-temp-root-mediatek-armv8-t3922213
2. Enable developer mode and USB debugging on the tablet
3. Unzip the mtk-su archive
4. Transfer the executable to your tablet: "adb push arm/mtk-su /data/local/tmp"
5. Run "adb shell"
6. Keep the screen on and run the following commands in the shell on the device:
Code:cd /data/local/tmp ./mtk-su getenforce # Just to confirm it says Permissive echo 0 > /sys/block/mmcblk0boot0/force_ro dd if=/dev/zero of=/dev/block/mmcblk0boot0 bs=512 count=8
This is the sort of output you should see for that step:
Don't close the console just yet.
Hardware method:
This will get you into bootrom mode by opening up the tablet and shorting a point to the ground.
1. Shut your device down and disconnect it from USB
2. Use a pry tool to remove the back shell from the tablet. Start at the bottom and work your way up. There are no cables between the back shell and the motherboard.
3. You will need to get something conductive and temporarily connect a point to the ground. A point suggested by @ggow is: https://forum.xda-developers.com/showpost.php?p=79683131&postcount=22. You will need to pop up the metallic shield to access it. Alternatively, there are multiple points on the back of the PCB which also work (marked as CLK/CMD/DAT0).
----------------------------------------------------------------------------------------------------
4. At this point if you went with software method, you should have a root shell open, and if you went with the hardware method you should have a capacitor or a testpoint grounded to the shield.
5. Now, open another terminal on your PC, extract amonet-mustang.zip, navigate to it, and run `sudo ./bootrom-step.sh`. It should print "Waiting for the bootrom".
6.
a) For the software method, you should already have the USB cable plugged in. Type "reboot" in the first terminal (the one you that's running "adb shell"). [If you're trying this for the second time because it didn't work for the first time, you won't have an "adb shell" terminal. In that case, just plugging the USB cable in should be enough.]
b) For the hardware method, ensure the short is applied and then plug in the USB cable.
7. You should see the following device appear in your "dmesg" log:
Code:[1141765.113884] usb 3-1.4.3.1: USB disconnect, device number 59 [1141783.057101] usb 3-1.4.3.1: new full-speed USB device number 60 using xhci_hcd [1141783.226498] usb 3-1.4.3.1: New USB device found, idVendor=0e8d, idProduct=0003, bcdDevice= 1.00 [1141783.226502] usb 3-1.4.3.1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [1141783.506877] cdc_acm 3-1.4.3.1:1.0: ttyACM0: USB ACM device
This *must* be the device you see. If you see a "preloader" device instead, your short probably didn't work (for the hw method), or your system inexinexplicably didn't brick (for the sw method). Unplug everything and try again. If the tablet doesn't shut down, you might need to open it up and disconnect the battery.
8. The script should now tell you to remove the short. If you went with hardware method, you do need to remove it first. Otherwise, just press Enter.
9. The script will now proceed to downgrade your device and flash some essential files. Just let it be, it will take about 4 minutes. You should see the following output:
If the script freezes at some point, you will have to restart it. Terminate the script, then immediately run `sudo ./bootrom-step.sh` again. The exploit it set up so that after about 40 seconds of inactivity it would reboot your device and drop you back into the bootrom mode, which the script is waiting for. If you cannot restart the process, you might have to open up the tablet and replug the battery to completely power off the device.
10. You should see a success message: "Reboot to unlocked fastboot". Only proceed if you see the message.
11. Once the device boots to fastboot (check with "fastboot devices"; you should also see amazon logo on the screen.), you can run "sudo ./fastboot-step.sh".
12. At this point the device should boot into recovery, however the screen will be off. Just press the power button twice and the screen should turn on.
13. Success! You now have a custom recovery installed that can be accessed by holding down power and volume down (the leftmost) buttons. At this point if you came here from a custom ROM thread you should probably follow the ROM installation instructions. Alternatively, the next steps will detail installing a stock firmware and rooting it with Magisk.
----------------------------------------------------------------------------------------------------
14. We'll now upload required files to the recovery. On your PC, do:
adb push update-kindle-NS6312_user_1827_0002517050244.bin /sdcard/fw.zip
adb push Magisk-v19.3.zip /sdcard
adb push finalize.zip /sdcard
15. In the recovery, go to "Install", navigate to "/sdcard" and flash fw.zip
16. Go to "Wipe" and do the default wipe, then reboot
17. At the Fire setup screen, select your language. On the next screen, Wifi setup, select any password-protected network, then instead of entering the password press "cancel". Now, back at the wifi setup screen, press "Skip setup" and "Skip" in the dialog pop-up again
18. Wait for the update to finish (wait until the updating fire notification disappears)
19. Hold down the power button, press Restart and hold volume down to boot into recovery.
20. In the recovery, go to "Install", navigate to "/sdcard" and flash Magisk-v19.3.zip
21. Press back, select finalize.zip and flash it
22. Once finalize.zip is flashed, press "Reboot System"
VERY IMPORTANT STUFF:
Only ever flash boot images from TWRP. Since nothing but TWRP is aware of the exploit, if you try to flash a boot image from Android, it won't have the exploit integrated into it! This includes Magisk as well, so do NOT install or uninstall it from Magisk Manager (However, installing modules should be fine; although it depends on the specific module).
Due to how the exploit works, it takes over the first 0x400 bytes of boot.img/recovery.img. When flashing zips from the recovery, it will transparently remove and then reinstall the exploit when needed. So long as you flash zips from the recovery, you should treat the boot image normally. However, this means that you cannot use any other apps (e.g. FlashFire) to flash the boot or recovery partitions.
To uninstall the hack and revert back to stock:
Other misc information / troubleshooting:
- If you need to disconnect the battery, use a pair of tweezers to grab the wires and gently pull towards yourself. You can do bootrom-step.sh either with or without the battery connected, however fastboot-step.sh should be done with the battery connected.
- If your device is bricked (e.g. from a downgrade), just follow the steps as-is.
- If you're getting an error like "Serial protocol mismatch", or any other error in bootrom-step, try disabling or temporarily uninstalling ModemManager from your Linux
- To remount /system as rw use "mount -o rw,remount /system". ("mount -o remount,rw /system" will not work)
Thanks to: aftv2-tools contributors https://gitlab.com/zeroepoch/aftv2-tools: for an implementation of mtk download protocol, @diplomatic for mtk-su, @Michajin for testing the instructions.5They are working to port lineage OS 14.1 from the Fire 8 to it. Waiting for it too, will use my 7th gen tablet in the meantime
.
https://forum.xda-developers.com/hd...e-hd8-2018-t3936242/post79915018#post79915018
I already port it. The problem is that I don't have a good Wi-Fi since I'm not a thome this days.4Thanks for your work!
On a side note, I also had adaptive storage on during the process. I was having crashing issues after install. I re-installed the firmware-wiped and booted. I followed the steps to boot without setup. Then booted back into TWRP, flashed magisk, but did not flash finalize. I like access to some of the amazon apps. Once I rebooted (I stayed off wi-fi) I sideloaded a package disabler and disabled the OTA. I registered then disabled the amazon bloat I didn't want. I have installed my sd card as portable this time, just to be safe.
also, TWRP does not have backup and restore options, is this normal on this currently?4New TWRP for mustang (with backup-support) is now available: https://forum.xda-developers.com/am.../recovery-twrp-touch-recovery-fire-7-t3949114
