• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!
  • Fill out your device list and let everyone know which phones you have!    Edit Your Device Inventory

[Thor][Apollo] Unlocking bootloader with any firmware

Search This thread

best.grafix

New member
Sep 20, 2016
2
0
Problems with unlocking..

Hi,
iam trying to unlock the bootloader but stuck at some point:

adb shell
cat /sys/block/mmcblk0/device/manfid
0x000015
cat /sys/block/mmcblk0/device/serial
0x5960ba33

Installed python and gmpy2 and the python.exe cuberHDX.py is script is working foritself .

But dont unterstand the composition of 0xmmssssssss.
I know that mm is manfid and ssssssss ist the serial.
but means the mm first 2 numbers after 0x , which where 00.
And the ssssssss looks like the whole serial without 0x , which is 5960ba33

tried
python.exe cuberHDX.py 0x000x5960ba33 and python.exe cuberHDX.py 0x150x5960ba33

creates me a unlock file.

Following also worked.
Code:
adb shell
su
dd if=/sdcard/twrp_cubed.img of=/dev/block/platform/msm_sdcc.1/by-name/recovery
dd if=/sdcard/aboot_vuln.mbn of=/dev/block/platform/msm_sdcc.1/by-name/aboot

Now iam stucking at fastboot ready on Kindle Fire HDX 8.9 and trying to unlock which doent work

fastboot -i 0x1949 flash unlock 0x005960ba33.unlock
fastboot -i 0x1949 flash unlock 0x155960ba33.unlock

only gaves me < waiting for any device >

tried stuff like that
fastboot -i 0x005960ba33 flash unlock 0x005960ba33.unlock
error: invalid vendor id '0x005960ba33'

hope sombody can help :)

A already uninstalled safestrap , root is still there.
TWRP is working, but what i have to do to get the tablet working, flashing a modified stockimage via TWRP ?

Thanks for reading...
 

Cl4ncy

Senior Member
Jul 9, 2015
367
198
Hi,
iam trying to unlock the bootloader but stuck at some point:

adb shell
cat /sys/block/mmcblk0/device/manfid
0x000015
cat /sys/block/mmcblk0/device/serial
0x5960ba33

Installed python and gmpy2 and the python.exe cuberHDX.py is script is working foritself .

But dont unterstand the composition of 0xmmssssssss.
I know that mm is manfid and ssssssss ist the serial.
but means the mm first 2 numbers after 0x , which where 00.
And the ssssssss looks like the whole serial without 0x , which is 5960ba33

tried
python.exe cuberHDX.py 0x000x5960ba33 and python.exe cuberHDX.py 0x150x5960ba33

creates me a unlock file.

Following also worked.
Code:
adb shell
su
dd if=/sdcard/twrp_cubed.img of=/dev/block/platform/msm_sdcc.1/by-name/recovery
dd if=/sdcard/aboot_vuln.mbn of=/dev/block/platform/msm_sdcc.1/by-name/aboot

Now iam stucking at fastboot ready on Kindle Fire HDX 8.9 and trying to unlock which doent work

fastboot -i 0x1949 flash unlock 0x005960ba33.unlock
fastboot -i 0x1949 flash unlock 0x155960ba33.unlock

only gaves me < waiting for any device >

tried stuff like that
fastboot -i 0x005960ba33 flash unlock 0x005960ba33.unlock
error: invalid vendor id '0x005960ba33'

hope sombody can help :)

A already uninstalled safestrap , root is still there.
TWRP is working, but what i have to do to get the tablet working, flashing a modified stockimage via TWRP ?

Thanks for reading...

You must use the last two digits of the manfid, not the first two. ;)

EDIT:
Sorry, I just saw you tried that, too, and now you're stuck with the "waiting for device" issue. That is (using Windows) usually solved by using the PDANet Drivers available here: http://forum.xda-developers.com/showpost.php?p=59268023&postcount=8

And btw, the command to create the unlock file must be python.exe cuberHDX.py 0x155960ba33 without the second 0x! ;)
Should give you this unlock file: http://www118.zippyshare.com/v/gR56suoS/file.html
 
Last edited:
  • Like
Reactions: sol-invictus

ONYXis

Senior Member
Dec 7, 2013
436
328
Kyiv

python.exe cuberHDX.py 0x155960ba33
this is right
TWRP is working, but what i have to do to get the tablet working, flashing a modified stockimage via TWRP
no need flash anything before you unlock
fastboot -i 0x1949 flash unlock 0x155960ba33.unlock
correct
< waiting for any device >
this is driver-related
did you install my original drivers? or you can do this on linux without drivers with only fastboot installed.
 
Last edited:
  • Like
Reactions: best.grafix

best.grafix

New member
Sep 20, 2016
2
0
Thanks a lot,

had problems installing the drivers , windows dont like unsigend drivers, after disabling it, i could install them and the unlock was succesfully.

Many thanks for the fast help.

Update: Still stuck at fastboot mode - VLUP/DN dont brings me to recovery, tried to flash with fastboot cm13 recovery, only said waiting for device....


this is right

no need flash anything before you unlock

correct

this is driver-related
did you install my original drivers? or you can do this on linux without drivers with only fastboot installed.
 
Last edited:

ONYXis

Senior Member
Dec 7, 2013
436
328
Kyiv
Update: Still stuck at fastboot mode
of course
now you need to flash something from list at the bottom of OP - CM12.1 or 13 or repacked stock rom through TWRP 3.0 that already installed on your device.
Press VOLUP + power when device reboot - keep hold volup without power . you should boot into twrp
tried to flash with fastboot cm13 recovery, only said waiting for device....
try to flash twrp cubed for apollo that you already downloaded
Code:
fastboot -i 0x1949 flash recovery twrp_cubed.img
or try just boot it
Code:
fastboot -i 0x1949 boot twrp_cubed.img
 
Last edited:

FotixChiang

Member
Jan 6, 2015
39
20
Suzhou
Hi ONYXis, I read the words again. And here is my question.
I noticed that you suggest do not flash stock firmware. So I just want to know if I flashed, what will happen?
Will the device get bricked? If not, which version could i choose, just like the original one? If yes, what can i do when i want my stock system back with everything just like before?
 

ONYXis

Senior Member
Dec 7, 2013
436
328
Kyiv
Hi ONYXis, I read the words again. And here is my question.
I noticed that you suggest do not flash stock firmware. So I just want to know if I flashed, what will happen?
Will the device get bricked? If not, which version could i choose, just like the original one? If yes, what can i do when i want my stock system back with everything just like before?
if you'll flash original stock firmware - you will get original stock firmware =)
with locked bootloader. nothing will happen really.
caution because locking bootloader. and I do not sure about versions , assuming that need to flash version >=4.5.5.2 (or 3.2.8)
 

FotixChiang

Member
Jan 6, 2015
39
20
Suzhou
if you'll flash original stock firmware - you will get original stock firmware =)
with locked bootloader. nothing will happen really.
caution because locking bootloader. and I do not sure about versions , assuming that need to flash version >=4.5.5.2 (or 3.2.8)
So, if the original version is 3.2.8 or later, could i flash the 3.2.3 or earlier version after bl unlocked?
 

ONYXis

Senior Member
Dec 7, 2013
436
328
Kyiv
I do not know really and do not want to check, sorry)
I sure that no risk with last version and "rollback"-version (we say about original, not repacked firmwares).
with other - I think if sbl1 will be earlier version that one in device, you could brick. but it is only my theory.
 
Last edited:

Fallingwater

Senior Member
Jan 26, 2012
117
8
Does anything change according to what bootloader is currently installed? I have version 3.2.4 right now (FireOS is not installed - I have SafeStrap running an old version of Nexus HDX in the stock slot).

I'm guessing not since if I understand correctly the proper bootloader gets flashed over the one currently on the device during the procedure, but it doesn't hurt to ask...
 

Kokos92

New member
Aug 31, 2014
3
0
unlock file

Hi! Please. Can you make me unlock file?
Thanks a lot
0x000015
0x5f86b072


C:\Python27>fastboot -i 0x1949 flash unlock 0x155f86b072.unlock
target reported max download size of 536870912 bytes
sending 'unlock' (0 KB)...
OKAY [ 0.097s]
writing 'unlock'...
FAILED (remote: Unlock code is NOT correct)
finished. total time: 0.172s
 

Top Liked Posts

  • There are no posts matching your filters.
  • 53
    Hello. At first, I did not invent anything new, just checked some my guess on a other motherboard. All thanks and credits to our great developers. As always, all at your own risk.
    It does not work on the Fire HDX 8.9 (Saturn)!
    All steps in this manual are not necessary but they are present for maximum safety. So I highly recommend do anything exactly in this way. Sorry my English as always =)
    Update2 - actual method is https://forum.xda-developers.com/showpost.php?p=75284993&postcount=1006
    Update: now you can use updated draxie's utility - http://forum.xda-developers.com/kindle-fire-hdx/general/multi-platform-1-click-bootloader-t3241014

    Prerequisites for Installation
    - Root
    - Installed adb and fastboot drivers - official - https://drive.google.com/open?id=0B2twXJIOgv-UWWdwRl9TQS11b0k (if your system language not English, after fail navigate to "Program Files (x86)\Lab126\drivers" and run dpinst.exe /EL or switch to English =) for x64 need to disable driver signature verification before install ) also you can use pdanet drivers - http://forum.xda-developers.com/showpost.php?p=59268023&postcount=8

    Manual:
    1. Create unlock file following this instruction - https://forum.xda-developers.com/ki...r-firmware-t3463982/post70881555#post70881555

    2. Flash old vulnarable aboot and cubed twrp (just in case). Check that all these commands executed without errors. If you'll get one - read second post below. If your firmware <=13(14)3.2.3.2 skip this step.
    Download aboot and twrp for Thor (Kindle Fire HDX 7) https://drive.google.com/open?id=0B2twXJIOgv-UMGxXMUZPZTlZTUk or for Apollo (Kindle Fire HDX 8.9) - https://drive.google.com/open?id=0B2twXJIOgv-URzJDQkczNzRLaHM - and put this two files (twrp_cubed.img and aboot_vuln.mbn) into root of your kindle internal storage.
    Run:
    Code:
    adb shell
    su
    dd if=/sdcard/twrp_cubed.img of=/dev/block/platform/msm_sdcc.1/by-name/recovery
    dd if=/sdcard/aboot_vuln.mbn of=/dev/block/platform/msm_sdcc.1/by-name/aboot
    Now you have working twrp recovery. It already works even without unlocked bootloader. You could boot into it by holding volUP during grey kindle logo. But no need to flash anything until unlock. At this point this is just emergency tool if something goes wrong =)

    3. Flash unlock file.
    Now, if you reboot, you will go straight into fastboot because of old aboot - newest boot.img can't load with it. If your firmware <13(14).4.1.1 you need run "adb reboot bootloader" to boot into fastboot.
    Time to flash your unlock file.
    Code:
    fastboot -i 0x1949 flash unlock 0xmmssssssss.unlock
    You must obtain "unlock code is correct".
    Grats. You are perfect =)
    You can flash:
    CM13 - http://forum.xda-developers.com/kin...ment/rom-cm-13-kindle-hdx-2015-11-29-t3259732
    CM 12.1 - http://forum.xda-developers.com/kin...ent/rom-cm-12-unofficial-apollo-thor-t3050199
    Or stock repacked latest 4.5.5.2 rom - https://drive.google.com/open?id=0B2twXJIOgv-UVFFtN2RYNXNUZ0k (13.x - thor, 14.x - apollo)
    Do not flash original stock firmwares.

    Regards and thank to all - @dpeddi, @vortox, @draxie, @ggow, @Ralekdev, @jcase, @Hashcode
    And greatest thanks for motherboard for my experiments to @MahmudS !
    27
    Steps unlock bootloader and needed files

    this is the details step for unlocking bootloader for the 2013 Kindle HDX 7 (Thor) and HDX 8.9 (Apollo). Becarefull the 2014 HDX 8.9 (Saturn) doesn't work! These steps are done in Windows 10, successfully checked by myselft!
    i don't take any credits, just collect all the steps in one post of the whole process.

    Download the needed files are in the attachment, just download them all + the TWRP for your device from this thread: TWRP 3.1.1-1
    You do NOT need root for these steps!

    1. Install the adb-setup-1.4.3 into a folder (for example: C:/adb), extract dd-0.5.zip + unlock.zip + aboot-xxx.zip, put dd.exe + get_code.bat + unlock.bat + twrp image (for your device) + aboot_vuln.mbn (for your device) into that folder. After that install the kindle_fire_usb_driver.
    2. Turn on ADB-Debuging Mode in Developer Mod by tapping 7 times the build numbers in settings and connect to your computer + trust your device.
    3. Excecute "get_code.bat" in the folder above, you will get a new file: unlock.code in the folder.
    4. Open CMD in the folder and run "adb reboot bootloader", the Kindle will reboot to bootloader with "[ fastboot ]" on the display
    5. On the Computer go to Device-Manager and change driver in "Other Android" to "Fire Devices - Android Adb Composite Driver" . It should say "Ready" on the Kindle.
    6. Now we need to enter Bulk-Mode like the instruction in this thread: Bulk Mode
    Type:
    Code:
    fastboot -i 0x1949 erase aboot
    fastboot -i 0x1949 reboot

    NB: this will be scary as you'll lose 'fastboot' and only see a black screen.
    Your device should reboot into "bulk mode" resulting in a number of pop-up
    windows asking to format all the partitions that get exposed (at least, on Windows 10).
    DO NOT format anything! Follow the above instructions instead.

    Open a command window (cmd) and run the following commands:

    Code:
    wmic partition where index=22 get diskindex
    wmic partition where (index=17 and numberofblocks=20480) get diskindex
    wmic partition where (index=5 and numberofblocks=4096) get diskindex

    All three of the above commands should return the same DiskIndex. Let's call that index X.

    In the command window, run the following two commands with the right aboot&twrp files for your device
    (you will need to substitute the DiskIndex X from above in place of the X):


    Code:
    dd of=\\?\Device\HarddiskX\Partition6 if=aboot_vuln.mbn
    dd of=\\?\Device\HarddiskX\Partition18 if=twrp_cubed.img

    This error message on the first command seems normal: "Error reading file: 87 The parameter is incorrect"
    NB: make sure you run both commands! Without TWRP, you'll get a brick.

    Wait a few minutes for good measure; then, keep holding Power + VolUp until your device enters TWRP.

    7. When done, hold down the power button until it reboots. Now you will be at Bootloader with [Fastboot] sign on the screen. Change the drive in Device-Manager again if needed.
    8. Run the "unlock.bat" in the folder and you should get a green line: "unlock code is correct". Congrats your Kindle now has an unlocked bootloader.
    9. Now hold power button again to shut down the device, then hold both "power button + Volume UP" and keep them for 3-5 seconds after you see the "kindle fire" logo. Then you will get into the TWRP and flash your desire things.

    i hope this post will help others new member to free our beautifull devices!

    Cheers and happy flashing :D
    13
    Generate the unlock code on your own Kindle (no python required)

    Prerequisites
    • Platform tools (adb + fastboot) from Google
    • Fire drivers from Amazon
      (if you want something that works with *both* adb *and* fastboot, make sure you hand-pick the 'Android Composite ADB Interface' driver under 'Fire Devices' in Device Manager)
      Update Driver Software... >> Browse my computer for driver software >> Let me pick from a list [...] >> Fire Devices
    • Download and extract unlock.zip (SHA256: e5db0b8d82c8fd2a25a22b0a598014d22a2ec33cef27a8d4b65a36acde08f27a)
      to the same directory that holds the adb and fastboot executables (default: platform-tools)
      unless, of course, you have added that directory to your PATH

    Code Generation & Unlock
    1. Click on get_code.bat in the extracted folder (default: platform-tools)
      --- this replaces step 1 (including *both* 1.1 & 1.2) of the OP ---
      Check that two hex-numbers are printed (manfid+serial) and a new file 'unlock.code' appears in that folder
    2. Perform Step 2 of the OP
    3. Click on unlock.bat in the extracted folder (default: platform-tools)
      --- this replaces step 3 of the OP ---
      if you see < waiting for any device > in the Command window, you'll need to manually select a driver

    That's all folks...
    10
    BULK MODE

    it is all my fault.my device is apollo,nexus4.4.4. when unlocking bootloader,i put the wrong file into interstorage,that is thor's aboot vuln and twrp cube.and then my hdx8.9 cannot enter recovery,bootload and system,only display background light.i can still see its storage in computer,but shows do not find device in adb .so what should i do to save my apollo?i am appreciating for you help..

    Here's a set of instructions that _SHOULD_ work to recover your device.
    We had two recent successful cases, and I've only managed to brick
    one of my test devices experimenting with this.

    Nevertheless, the standard disclaimer still applies: your device, your risk.
    If anything goes wrong, I'm not responsible.


    1. Open a command window (cmd, NOT PowerShell!!) and run the following commands:
      Code:
      wmic partition where index=22 get diskindex
      wmic partition where (index=17 and numberofblocks=20480) get diskindex
      wmic partition where (index=5 and numberofblocks=4096) get diskindex
      All three of the above commands should return the same DiskIndex.
      Let's call that index X.
    2. Download and extract http://www.chrysocome.net/downloads/dd-0.5.zip.
    3. In the command window, change to the directory with the extracted dd.exe
      and run the following two commands with the right aboot&twrp files for your device
      (you will need to substitute the DiskIndex X from above in place of the red X):
      Code:
      dd of=\\?\Device\Harddisk[COLOR="Red"]X[/COLOR]\Partition6 if=aboot_vuln.mbn
      dd of=\\?\Device\Harddisk[COLOR="Red"]X[/COLOR]\Partition18 if=twrp_cubed.img
      This error message on the first command seems normal: "Error reading file: 87 The parameter is incorrect"
      NB: make sure you run both commands! Without TWRP, you'll get a brick.
    4. Wait a few minutes for good measure; then, keep holding Power + VolUp until your device enters TWRP.


    @bluecoyote, @Mr McBoatface (or anyone else starting from fastboot)
    I have all the ingredients for a script, but haven't had time to put it all together.
    The above instructions work, once you put your device into "bulk mode".
    To do so, you'll need to run these two fastboot commands:
    Code:
    fastboot -i 0x1949 erase aboot
    fastboot -i 0x1949 reboot
    NB: this will be scary as you'll lose 'fastboot' and only see a black screen.
    Your device should reboot into "bulk mode" resulting in a number of pop-up
    windows asking to format all the partitions that get exposed (at least, on Windows 10).
    DO NOT format anything! Follow the above instructions instead.

    Oh, and YES: this should also work on any unrooted & locked 3rd gen HDX device.
    You need to enable ADB and run the following command to enter fastboot:
    Code:
    adb reboot bootloader

    This is arguably faster (and less malware-ridden) than trying to root with Kingroot,
    but it's easy to make a small mistake and end up with a brick.
    7
    Although I have registered my 'thanks' on various posts it seems hollow to not explicitly recognize @ONYXis and @draxie for their tremendous contributions supporting this device both past and present. The ability to unlock virtually any rooted 3rd gen HDX is a true game changer that will revive interest in this discontinued gem that still competes nicely with contemporary offerings. Well done, gents!