#include <std/disclaimer.h> /* * Your warranty is now void. * * I am not responsible for bricked devices, dead SD cards, * thermonuclear war, or you getting fired because the alarm app failed. Please * do some research if you have any concerns about features included in this ROM * before flashing it! YOU are choosing to make these modifications, and if * you point the finger at me for messing up your device, I will amputate it with * a piece of rusty metal. Unless it kills your cat, in which case I shall apologise * for your loss. */
First, download and extract the attachment (exploit.zip) into a folder. Then you need to download Fire OS 18.104.22.168 and SuperSU into that folder. Check the MD5 sums!
Although not recommended, if your Fire is rooted, you can enter fastboot mode without a fastboot cable. Using a fastboot cable covers you against most cases of bricking your device. Not using one increases the likelihood.
To use this totally unsupported, unsafe method of accessing fastboot mode, run
adb shell su -c "dd if=/dev/zero of=/dev/block/platform/omap_hsmmc.1/by-name/boot bs=1 count=1 seek=848" adb reboot
Make sure you have the latest version of adb and fastboot and that you have installed drivers for the Fire (if you run an inferior operating system). Boot into Fire OS and ensure you have a good charge on the device. Connect the device with a fastboot cable and enter fastboot mode.
fastboot -i 0x1949 oem format fastboot -i 0x1949 flash boot hijack.img fastboot -i 0x1949 flash system system.img fastboot -i 0x1949 continue
fastboot -i 0x1949 flash boot recovery.img fastboot -i 0x1949 oem format fastboot -i 0x1949 continue
adb sideload [B]update-kindle-22.214.171.124_user_455002120.bin[/B]
adb sideload [B]UPDATE-SuperSU-v2.46.zip[/B]
Now wait for TWRP to finish flashing, remove the fastboot cable and press Reboot System. When the device has booted, reinsert the cable and run
adb push recovery.img /sdcard/recovery.img adb shell su -c "dd if=/sdcard/recovery.img of=/dev/block/platform/omap_hsmmc.1/by-name/recovery" adb push exploit.img /sdcard/exploit.img adb shell su -c "dd if=/sdcard/exploit.img of=/dev/block/platform/omap_hsmmc.1/by-name/exploit" adb shell rm /sdcard/recovery.img /sdcard/exploit.img
To boot into recovery, power off the device and hold the volume button [ - ] then push the power button (you may need to do this more than once). When the Amazon logo appears, release the volume button.
Please could any testers report back with results, and which model they have (pictures of it running TWRP would be nice). If you have any problems, also include your entire terminal session and any errors TWRP gives when flashing. You shan't recieve help otherwise. If you are inexperienced, please wait for other testers to try this method.
Please refrain from mirroring any of the files, just link back to this post.
ROM Developers: you need to add boot.img from the files to the beginning of your ROM's boot.img
Kindle Fire HD (3rd Generation) Bootloader Unlock and TWRP, Tool/Utility for the Amazon 7" Kindle Fire HD
Last Updated 2016-01-01