[NEWBIE GUIDE] How to Unlock Bootloader/Root and install Addons FireStick 4k

Search This thread

emkorial

Senior Member
Mar 2, 2008
399
15
I am trying to get a stick I can take out of the box, set up, have the OTA update skipped on setup, and block all future OTA updates.

Do I need to flash a ROM for that? I don't care at all about being rooted, and I will never install gimmick add ons or extra or any other garbage. I just want to skip the update.

What steps do I need to follow to do that?
 

emkorial

Senior Member
Mar 2, 2008
399
15
So in this "Newbie" guide (which is not newbie friendly AT ALL) You say the following

This basically installs the pre-rooted image to your device, after the last command, you should see on your monitor the Fire Stick Reboot and boot to the Amazon GUI Splash Screen, now very important if you followed my previous instructions of deregistering your device before performing all these steps, it should bring you up to the Amazon Initial Setup Screen, now what you want to do is do the following commands before continuing on terminal:

Code:
adb devices *you should see something your screen where the FS is connected to, click accept or enter can't remember*
Now it should show you in terminal your serial number and "device" next to it, meaning you can run adb commands in which you will run the following to disable OTA updates:

How is this possible? At this point you will have flashed a new ROM, booted the stick, but NOT gone through the setup, NOT gotten to Settings, and NOT enabled USB DEBUGGING, so how are you connecting via adb to the stick?

Does the flashed ROM have USB Debugging enabled by default? If it does, that means you guide would make sense.
 
Last edited:

emkorial

Senior Member
Mar 2, 2008
399
15
, the image is larger than the available partition on this USB so this is a good time to either get a second USB or if you want to download the file to your local hdd and pull them from there its up to you

How in the WORLD do you do this?????????? This exploit is completely impossible without being able to download the ROM
 

squaleca1974

Member
Mar 8, 2022
30
1
newbie here i have 2 brand new firesticks with vm241 clearly above 190 does that mean sol or do or can i root some other way besides kamaka? any direction would be great thank you
 

Sus_i

Senior Member
Apr 9, 2013
1,659
708
newbie here i have 2 brand new firesticks with vm241 clearly above 190 does that mean sol or do or can i root some other way besides kamaka? any direction would be great thank you
As long as the sticks are not updated to 6.2.8.7, you can still use the new kamakiri called 2.0.1, released a few days ago:
Works without shorting, explained in this OP
 
  • Like
Reactions: Kramar111

squaleca1974

Member
Mar 8, 2022
30
1
As long as the sticks are not updated to 6.2.8.7, you can still use the new kamakiri called 2.0.1, released a few days ago:
Works without shorting, explained in this OP
thanks how do i burn the fire os i tried using rufus using win 11 it burns fine but when i try to boot to usb i get a a file image cannot be authenticated using mbr fat32
 

Wickie87

Senior Member
Mar 13, 2009
82
20
thanks how do i burn the fire os i tried using rufus using win 11 it burns fine but when i try to boot to usb i get a a file image cannot be authenticated using mbr fat32
I had the same problem, the issue lies within rufus for some reason. I tried the portable version of balenaEtcher instead and that allowed me to boot from usb on the first try: https://www.balena.io/etcher/
 
  • Like
Reactions: Sus_i

squaleca1974

Member
Mar 8, 2022
30
1
I had the same problem, the issue lies within rufus for some reason. I tried the portable version of balenaEtcher instead and that allowed me to boot from usb on the first try: https://www.balena.io/etcher/
to funny i just tried etcher same non authenticated error, does etcher format the drive or should i preformat it. with what file system? ill try the link u posted maybe thats the difference although i think thats the one i used cause when i click on your link it doesnt look any different from the one i already have installed
 

squaleca1974

Member
Mar 8, 2022
30
1
to funny i just tried etcher same non authenticated error, does etcher format the drive or should i preformat it. with what file system? ill try the link u posted maybe thats the difference although i think thats the one i used cause when i click on your link it doesnt look any different from the one i already have installed
also with win 11 i just click on f11 on my hp laptop wins takes me to the recovery options
see attachmen select usb then select my drive is this how you booted the fireos?
 

Attachments

  • Screenshot 2022-03-09 145027.png
    Screenshot 2022-03-09 145027.png
    140.9 KB · Views: 9

Wickie87

Senior Member
Mar 13, 2009
82
20
@squaleca1974 I just checked for you and I actually downloaded the Windows portable version v1.7.7 from their GitHub.

The tool will clone the disk image 1:1 to the USB stick, therefore overwriting any existing file system. Therefore I'm not sure if the previous file system is of any importance. If you want to ensure you start with a clean USB stick, I would format it as a GPT partition with a FAT32 file system, like @Sus_i suggested.

Have you checked the ISO was not corrupted while downloading? Assuming you use a Windows machine, you can open a PowerShell prompt and run the commands below to get the MD5 hash. The hash below is for the ISO I used, which works as described, so if it matches yours it should be okay.

Code:
PS C:\Users\your_user> cd .\Downloads\
PS C:\Users\your_user\Downloads> Get-FileHash .\fireiso-2.0.0-amd64.iso -Algorithm MD5

Algorithm       Hash                                                                   Path
---------       ----                                                                   ----
MD5             86D87CA603372033344547793BF7BB07                                       C:\Users\your_user\Download...

Finally, I just rebooted my computer and used a hotkey to boot it from the USB stick. Your way should do pretty much the same thing, but you could look up the specific hotkey for your computer and try booting from the USB stick directly like I did.
 
  • Like
Reactions: Sus_i

squaleca1974

Member
Mar 8, 2022
30
1
@squaleca1974 I just checked for you and I actually downloaded the Windows portable version v1.7.7 from their GitHub.

The tool will clone the disk image 1:1 to the USB stick, therefore overwriting any existing file system. Therefore I'm not sure if the previous file system is of any importance. If you want to ensure you start with a clean USB stick, I would format it as a GPT partition with a FAT32 file system, like @Sus_i suggested.

Have you checked the ISO was not corrupted while downloading? Assuming you use a Windows machine, you can open a PowerShell prompt and run the commands below to get the MD5 hash. The hash below is for the ISO I used, which works as described, so if it matches yours it should be okay.

Code:
PS C:\Users\your_user> cd .\Downloads\
PS C:\Users\your_user\Downloads> Get-FileHash .\fireiso-2.0.0-amd64.iso -Algorithm MD5

Algorithm       Hash                                                                   Path
---------       ----                                                                   ----
MD5             86D87CA603372033344547793BF7BB07                                       C:\Users\your_user\Download...

Finally, I just rebooted my computer and used a hotkey to boot it from the USB stick. Your way should do pretty much the same thing, but you could look up the specific hotkey for your computer and try booting from the USB stick directly like I did.
first of thanks for your help would the hash dictage a corupt iso or just verify that its the same file your using? i just used the iso posted on the guide pretty sure it was from github can you post me the exact link u used
Screenshot 2022-03-09 153047.png
 

squaleca1974

Member
Mar 8, 2022
30
1
first of thanks for your help would the hash dictage a corupt iso or just verify that its the same file your using? i just used the iso posted on the guide pretty sure it was from github can you post me the exact link u usedView attachment 5556865
ok very strange i was going to format the drive afteeer using etch successfully and it shows up in disk management as unlocatable like etch did nothing strange
 

Wickie87

Senior Member
Mar 13, 2009
82
20
first of thanks for your help would the hash dictage a corupt iso or just verify that its the same file your using? i just used the iso posted on the guide pretty sure it was from github can you post me the exact link u used
You're welcome. :) In this case I suppose the hash does both: if the hash matches mine you know the image should work (as the image with the same hash worked for me). If it differs, you know the file you downloaded is not the same as mine and therefore might be corrupted.

I used the GitHub link from the guide as well: https://github.com/amonet-kamakiri/fireiso/releases/download/v2.0.0/fireiso-2.0.0-amd64.iso

ok very strange i was going to format the drive afteeer using etch successfully and it shows up in disk management as unlocatable like etch did nothing strange
Just reconnect the drive to see if that sorts it. Or use a different USB stick. Then if you want you format the stick first and then use etcher to clone the image on it.
 
  • Like
Reactions: Sus_i

squaleca1974

Member
Mar 8, 2022
30
1
ive tried 3 different usb im going to redownload and try to format with partition assistant as fat32 gpt
 

Top Liked Posts

  • There are no posts matching your filters.
  • 13
    None of this is my work and all recognition goes to the awesome developers that made this possible, I will link their guides in here with some minor notes for newbies like me that may had some issues trying to unlock and root the Fire Stick (FS) 4K

    DISCLAIMER: BE WARNED THAT YOU HAVE TO OPEN YOUR FIRE STICK AND IT WILL VOID YOUR WARRANTY, THIS IS NOT FOR THE FAINT OF HEART AND NEITHER THE DEVELOPERS OR MYSELF ARE RESPONSIBLE IF YOU BRICK YOUR DEVICE OR VOID YOUR WARRANTY

    Ok, now let's begin:

    UPDATE: Per Sus_i, this makes perfect sense:

    "Since the exploit can't be patched, it's in my opinion the best to do the setup at the beginning, pair the remote, then update to the latest over fireOS. That way you avoid a pending update nag setup screen after doing the exploit. Then enable ADB and unknown sources. After kamakiri I would flash only magisk.zip + sideload the manager app with adb... and avoid any prerooted rom flashing until there is an update to a somewhat higher version (and the current 6.2.6.8v1 has that contact manufacturer error screen)."


    First very important, I wish I would have known this before but make sure you have a Laptop and a Monitor to Connect the FS to, so basically the USB Power cable from the FS connect it to your laptop and connect the HDMI portion to a monitor or TV
    I also strongly recommend to have your FS deregistered before continuing as this will prevent your FS from automatically updating after rooting

    In order to unlock the bootloader follow "THIS GUIDE"

    I made a quick video on how to open your device and how to Short it using Aluminum Foil:
    https://www.youtube.com/watch?v=h4I6ifBLWJ4

    Process is pretty self explanitory, make a USB ISO from the image provided on that thread, boot into it and open terminal, make sure you put the file he provides on a RW location, my mistake was that I put it inside a RO folder and it would not load the script, so I mounted the kamakiri-mantis-v1.2.zip unto the /mnt directory of the usb and I was able to run the script successfully, make sure to run the commands quickly as the first time that I it finished the ./bootrom-step.sh script and I left it sitting for 10 minutes to grab a bite, I couldn't run the second script and had to start all over. After the second ./fastboot-step.sh script, your device will be on the TWRP recovery, now on the same terminal page or a new one enter these commands:

    Code:
    adb devices
    adb shell
    exit

    You should see your device's serial number from the first command with "device" to the right of it and the second command will basically put you inside the device's directory assuming you have established a successful connection. The last command just put you back to your starting point, now open the firefox browser on the FireOS USB and navigate to the URL below

    Download the Pre-Rooted Image from "HERE" This image contains Magisk already so you don't have to worry about installing it separately, the image is larger than the available partition on this USB so this is a good time to either get a second USB or if you want to download the file to your local hdd and pull them from there its up to you, then run these commands:


    Code:
    adb push <your download location you decided earlier here>/mantis-6.2.6.8-rooted_r1.zip / sdcard/ 
    adb reboot recovery 
    
    adb shell
    twrp install /sdcard/mantis-6.2.6.8-rooted_r1.zip
    twrp wipe cache
    twrp wipe dalvik
    reboot -p

    This basically installs the pre-rooted image to your device, after the last command, you should see on your monitor the Fire Stick Reboot and boot to the Amazon GUI Splash Screen, now very important if you followed my previous instructions of deregistering your device before performing all these steps, it should bring you up to the Amazon Initial Setup Screen, now what you want to do is do the following commands before continuing on terminal:

    Code:
    adb devices *you should see something your screen where the FS is connected to, click accept or enter can't remember*
    Now it should show you in terminal your serial number and "device" next to it, meaning you can run adb commands in which you will run the following to disable OTA updates:

    Code:
    adb shell
    su *after this command you should see something again on your screen, click the check the box "Always Remember" and click ok" *
    
    if "su" was successful, you should see something like this:
    
    mantis:/ $ su
    mantis:/ #   *the hash means you're running as root, if you don't have a "#" you are not running as root" 
    
    Than continue with these commands and should get the following results:
    
    pm disable com.amazon.tv.forcedotaupdater.v2
    ***Package com.amazon.tv.forcedotaupdater.v2 new state: disabled***
    pm disable com.amazon.device.software.ota
    ***Package om.amazon.device.software.ota new state: disabled***
    pm disable com.amazon.device.software.ota.override
    ***Package com.amazon.device.software.ota.override new state: disabled***

    After running all these commands exit adb and continue with the normal Amazon Setup including adding your amazon account. After you get to the screen where you can see all the apps, open a new web page browser in firefox and download "This Add-On" , this one is less than 200MB so it should fit on the Fire OS USB, so I would download it and copy it to /mnt for ease of access, go back to terminal and type this:

    Code:
    adb devices
    adb push <your download location you decided earlier here>/AFTV-MM-1.7-6.2.6.8.zip/ sdcard/ 
    adb reboot recovery *it will boot into TWRP*
    
    adb shell
    twrp install /sdcard/AFTV-MM-1.7-6.2.6.8.zip
    twrp wipe cache
    twrp wipe dalvik
    reboot -p

    Your device will reboot and if everything went smoothly, you should have a rooted amazon fire stick 4k, Congrats :good:
    2
    I explained that already just type “cd” In the terminal (w/o the quotes) then drag and drop the ‘kamakiri’ folder into terminal, then hit enter in the terminal, it will change the directory, make sure u drop the kamakiri folder and not the kamakiri-mantis-v1

    Another option : open the kamakiri folder and just right click in an open area and a submenu will popup then click on terminal in the submenu.
    2
    How might one do this on a Mac?
    Thanks

    Do what? The only thing u can do on the MacOS is to create the bootable iso usb, you can follow these steps to do so https://www.google.com/amp/s/www.le...-on-an-apple-mac-os-x-from-an-iso?hs_amp=true

    After your create the bootable usb just reboot and hold down option and select the bootable usb, once in open up Firefox and download the kamakiri-mantis-v1 and open a terminal window and change the directory to where u have the kamakiri folder, in terminal type cd then just drop in the kamakiri and hit enter. From there u can just follow the tut, FYI the bootable usb you create is a Linux OS so that’s how you can do it on a Mac, you just can’t do the rooting on MacOS, just clarifying Incase that was your question.
    1
    Nice guide ;)

    Here are a few thoughts from me...
    It's important to use the latest kamakiri. The mentioned prerooted 6.2.6.5 is probably a downgrade. A few sticks needs an update of the TZ in order to play prime video. The TZ update is only in the v1.2 Kamakiri or in the 6.2.6.6 prerooted.

    Edit: S̵i̵n̵c̵e̵ ̵t̵h̵e̵ ̵e̵x̵p̵l̵o̵i̵t̵ ̵c̵a̵n̵'̵t̵ ̵b̵e̵ ̵p̵a̵t̵c̵h̵e̵d̵,̵ ̵i̵t̵'̵s̵ ̵i̵n̵ ̵m̵y̵ ̵o̵p̵i̵n̵i̵o̵n̵ ̵t̵h̵e̵ ̵b̵e̵s̵t̵ ̵t̵o̵ ̵d̵o̵ ̵t̵h̵e̵ ̵s̵e̵t̵u̵p̵ ̵a̵t̵ ̵t̵h̵e̵ ̵b̵e̵g̵i̵n̵n̵i̵n̵g̵,̵ ̵p̵a̵i̵r̵ ̵t̵h̵e̵ ̵r̵e̵m̵o̵t̵e̵,̵ ̵t̵h̵e̵n̵ ̵u̵p̵d̵a̵t̵e̵ ̵t̵o̵ ̵t̵h̵e̵ ̵l̵a̵t̵e̵s̵t̵ ̵o̵v̵e̵r̵ ̵f̵i̵r̵e̵O̵S̵.̵ ̵T̵h̵a̵t̵ ̵w̵a̵y̵ ̵y̵o̵u̵ ̵a̵v̵o̵i̵d̵ ̵a̵ ̵p̵e̵n̵d̵i̵n̵g̵ ̵u̵p̵d̵a̵t̵e̵ ̵n̵a̵g̵ ̵s̵e̵t̵u̵p̵ ̵s̵c̵r̵e̵e̵n̵ ̵a̵f̵t̵e̵r̵ ̵d̵o̵i̵n̵g̵ ̵t̵h̵e̵ ̵e̵x̵p̵l̵o̵i̵t̵.̵ ̵T̵h̵e̵n̵ ̵e̵n̵a̵b̵l̵e̵ ̵A̵D̵B̵ ̵a̵n̵d̵ ̵u̵n̵k̵n̵o̵w̵n̵ ̵s̵o̵u̵r̵c̵e̵s̵.̵ ̵ After kamakiri I would flash only magisk.zip + sideload the manager app with adb... and avoid any prerooted rom flashing until there is an update to a somewhat higher version (and the current 6.2.6.8v1 has that contact manufacturer error screen).

    Edit: Update: meanwhile, the fix for the mentioned 'contact manufacturer' error is known...
    Take a look here and here.

    Edit/Update: Due to efuses (blocking the bootrom access), it isn't recommended to do any update infront of the unlock...
    1
    UPDATE: I just checked my FS and I'm on 6.2.6.8v1 and didn't receive contact the manufacturer, is it because I sideloaded the manager app after?

    No. If I remember correct, it has something to do with flashing, i.e. the vendor partition wasn't flashed propperly.
    Maybe you flashed not the prerooted!? With the Kamakiri TWRP version is flashing full ota update packages (renamed to zip) also possible... and in the prerooted thread is such a full 6.2.6.8 ota linked.

    Edit: Could be that this error is prime video related, idk. rbox said he looks into it soon...

    Just for clarification: The prerooted rom is a perfect thing since years.
    My suggestion 'avoid any rom flashing' from my last post is just an attempt to keep it simple for beginners.
    By the way, if the stick gets all updates in front of the unlock, it makes no sense to update it after the unlock again (unless addon.d support is needed).
    I hope that has become clear ;) I very much appreciate all the prerooted stuff :)