[Thor][Apollo] Unlocking bootloader with any firmware

[thecharlie654]

Steps unlock bootloader and needed files

this is the details step for unlocking bootloader for the 2013 Kindle HDX 7 (Thor) and HDX 8.9 (Apollo). Becarefull the 2014 HDX 8.9 (Saturn) doesn't work! These steps are done in Windows 10, successfully checked by myselft!
i don't take any credits, just collect all the steps in one post of the whole process.

Download the needed files are in the attachment, just download them all + the TWRP for your device from this thread: TWRP 3.1.1-1
You do NOT need root for these steps!

1. Install the adb-setup-1.4.3 into a folder (for example: C:/adb), extract dd-0.5.zip + unlock.zip + aboot-xxx.zip, put dd.exe + get_code.bat + unlock.bat + twrp image (for your device) + aboot_vuln.mbn (for your device) into that folder. After that install the kindle_fire_usb_driver.
2. Turn on ADB-Debuging Mode in Developer Mod by tapping 7 times the build numbers in settings and connect to your computer + trust your device.
3. Excecute "get_code.bat" in the folder above, you will get a new file: unlock.code in the folder.
4. Open CMD in the folder and run "adb reboot bootloader", the Kindle will reboot to bootloader with "[ fastboot ]" on the display
5. On the Computer go to Device-Manager and change driver in "Other Android" to "Fire Devices - Android Adb Composite Driver" . It should say "Ready" on the Kindle.
6. Now we need to enter Bulk-Mode like the instruction in this thread: Bulk Mode
Type:






7. When done, hold down the power button until it reboots. Now you will be at Bootloader with [Fastboot] sign on the screen. Change the drive in Device-Manager again if needed.
8. Run the "unlock.bat" in the folder and you should get a green line: "unlock code is correct". Congrats your Kindle now has an unlocked bootloader.
9. Now hold power button again to shut down the device, then hold both "power button + Volume UP" and keep them for 3-5 seconds after you see the "kindle fire" logo. Then you will get into the TWRP and flash your desire things.

i hope this post will help others new member to free our beautifull devices!

Cheers and happy flashing

Hi. I've just attempted these steps on my thor Kindle Fire HDX 7. I completed up to step 8 successfully, however, when I ran the "get_code.bat" file in step 3, I didn't realise that it didn't create the unlock code correctly, and it resulted in a blank unlock.code file.
Therefore running the unlock.bat file results in 'unlock code not correct' and I cannot unlock the bootloader. I am stuck in fastboot, cannot access adb, therefore is there any way to get a new unlock code from the device's current state?

 

[DB126]

Hi. I've just attempted these steps on my thor Kindle Fire HDX 7. I completed up to step 8 successfully, however, when I ran the "get_code.bat" file in step 3, I didn't realise that it didn't create the unlock code correctly, and it resulted in a blank unlock.code file.
Therefore running the unlock.bat file results in 'unlock code not correct' and I cannot unlock the bootloader. I am stuck in fastboot, cannot access adb, therefore is there any way to get a new unlock code from the device's current state?

Install (flash) an older TWRP build and ROM and then use that to generate a proper unlock code/file. Don't bother with GApps, Magisk, etc. I have seen some posts claiming Lineage 14.1 will install on devices with locked bootloader (can't enable root). I prefer nexus as it goes in clean. Good luck.

 

[harlansgs]

fastboot -i 0x1949 erase aboot
fastboot -i 0x1949 reboot

Edit: for anyone else who runs into the "no -i option" error, you can just drop the "-i 0x1949" and continue with the other steps.

 

[PokeFan919]

Install (flash) an older TWRP build and ROM and then use that to generate a proper unlock code/file. Don't bother with GApps, Magisk, etc. I have seen some posts claiming Lineage 14.1 will install on devices with locked bootloader (can't enable root). I prefer nexus as it goes in clean. Good luck.

Hey, I had the same issue as the person you replied to but which version of twrp and the ROM do I download ? I flashed the thor-twrp-3.0.0-0.img( after trying the latest TWRP build )but it boots to the grey kindle logo and then to fastboot mode.

 

[DB126]

Old post, old device; have moved on. As I recall, TWRP 2.8.x.x was the go-to build for older HDX ROMs

 

[hangvupro]

Edit: for anyone else who runs into the "no -i option" error, you can just drop the "-i 0x1949" and continue with the other steps.

i do this with kindle 8.9 2014 saturn. now my cmd is not working. someone help me what to do. Thanks

 

[exokinetic]

Got it! The original post did not mention that we need to copy 'cuber' file from the 'unlock' directory into the 'adb' folder. Rest works as instructed. Running Lineage OS 14.1 now. Thanks a lot to all the contributors of this thread!

Hello Friends!
Some specs:
Kindle Fire HDX 8.9 (3rd Generation)
Device: Apollo
Model: KFAPWI
Current OS: Fire OS 4.5.5.3


So, I also followed the instructions found on page #51 of this thread: https://forum.xda-developers.com/t/...oader-with-any-firmware.3463982/post-75284993

I followed them EXACTLY...

Which means I had the same error as TheZenGuy above, but I ignored the cuber fails, and moved through the rest of the steps.

>.<

This is what I saw:
c:\adb>get_code
cannot stat 'cuber': No such file or directory
Unable to open /data/local/tmp/cuber: No such file or directory
0x000045 0x251b3b67
/system/bin/sh: /data/local/tmp/cuber: not found
rm failed for /data/local/tmp/cuber, No such file or directory
Press any key to continue . . .

This definitely seemed "off", but the instructions said that step should generate a file:
"unlock.code"
...and it would be in the folder you had just created.

And that file WAS generated, so I assumed all was good, and moved on (**** me...)
I have attached the unlock.code that was generated by the above get_code.bat

I have now opened this unlock.code with notepad++ and it is blank, no text.
I am pretty sure a blank entry is NOT going to unlock the bootloader...

spoiler alert: it doesn't

So I continue;

c:\adb>adb reboot bootloader
c:\adb>fastboot -i 0x1949 erase aboot
erasing 'aboot'...
OKAY [ 0.052s]
finished. total time: 0.054s

...GULP...

c:\adb>fastboot -i 0x1949 reboot
rebooting...

finished. total time: 0.022s

Well, that looks right...
c:\adb>dd of=\\?\Device\Harddisk1\Partition6 if=emmc_appsboot-14.3.2.3.2_user_323001720.mbn
rawwrite dd for windows version 0.5.
Written by John Newbigin <[email protected]>
This program is covered by the GPL. See copying.txt for details
Error reading file: 87 The parameter is incorrect
677+1 records in
677+1 records out

c:\adb>dd of=\\?\Device\Harddisk1\Partition18 if=apollo-twrp-3.5.0_9-1.img
rawwrite dd for windows version 0.5.
Written by John Newbigin <[email protected]>
This program is covered by the GPL. See copying.txt for details
19128+0 records in
19128+0 records out

And that also appears to go as planned, I got the predicted Error reading file: 87 The parameter is incorrect, smooth sailing...?
c:\adb>unlock
error: device '(null)' not found
target reported max download size of 1073741824 bytes
sending 'unlock' (0 KB)...
FAILED ()
finished. total time: 0.003s
Press any key to continue . . .

Fuuuuuuuuuuuuuuuuu
/fail
[fastboot] - bootloop - softbricked
Power Button + Volume Up will NOT boot in to TWRP (unsuprising given the bootloader is still locked)

For reference, this is what I see on the Kindles screen:

getvarartition-type:unlock...Ok.
getvar:max-download-size...[[ 0x40000000 ]].
Ready.

Firstly;

error: device '(null)' not found

???

This is what I see in device manager;

Secondly;

I noticed that there was a file in the attached archives that I was NOT instructed to move to the working adb folder that had a name I had seen when doing the cmd line operations:

CUBER

So, I searched this thread for 'cuber' and my suspicions were confirmed, cuber was SUPPOSED to be copied into the working adb folder (for future reference, are any of the OTHER files in the attached archives ALSO supposed to be in the working adb folder? like get_code.sh and unlock.sh?)

-it would just seem like common sense that ALL the files on those attached archives should have been placed into the working adb folder, but you know, the intructions were pretty explicit about what files should be copied into the folder

"1. Install the adb-setup-1.4.3 into a folder (for example: C:/adb), extract dd-0.5.zip + unlock.zip + aboot-xxx.zip, put dd.exe + get_code.bat + unlock.bat + twrp image (for your device) + aboot_vuln.mbn (for your device) into that folder."

Install the adb-setup-1.4.3 into a folder (for example: C:/adb)

Okay, folder C:\adb\ created and it contains:

adb.exe
AdbWinApi.dll
AdbWinUsbApi.dll
fastboot.exe

extract dd-0.5.zip + unlock.zip + aboot-xxx.zip

Okay, extracted to folders with the same name, waiting for further instructions (it does not say WHERE to extract them TO)

put dd.exe + get_code.bat + unlock.bat + twrp image (for your device) + aboot_vuln.mbn (for your device) into that folder.

Okay, 5 explicitly referenced files are placed into THAT folder. (it seems impled that ONLY THOSE files should be copied into THAT folder)

In my case the folder now contains:
adb.exe
AdbWinApi.dll
AdbWinUsbApi.dll
fastboot.exe
dd.exe
get_code.bat
unlock.bat
apollo-twrp-3.5.0_9-1.img
emmc_appsboot-14.3.2.3.2_user_323001720.mbn


As a last attempt to save my ass, after reading the quoted post about cuber, I moved cuber into my adb folder and tried to fire off another get_code.bat:

c:\adb>get_code
error: device '(null)' not found
error: device '(null)' not found
error: device '(null)' not found
error: device '(null)' not found
error: device '(null)' not found
Press any key to continue . . .

/EPIC FAIL

^^^Kindle is booted into fastboot bootloader, device manager correctly seeing the fire device and with the right driver assigned as per the screenshot above

additionally, the command:

fastboot -i 0x1949 reboot

works perfectly fine and re-boots the device, suggesting the device is absolutely not '(null)'


So, currently soft bricked, and stuck in a fastboot bootloop.

Theoretical ideas:

Is it ridiculous to think I could attempt to use someone elses unlock.code file? (it seems to me this was going to be some kind of a uniquely generated hash, but I certainly dont know)

If I could get out of this bootloop and load back into FireOS it would seem like I could fire off another get_code.bat (with CUBER in the adb folder!) and get this baby flashing like TheZenGuy thankfully managed...

So, from my current position, do I try re-installing the "vulnerable" aboot from the instructions attachments and see if I can get it to boot into FireOS so I can start over again? (seem unlikely given theOS version mis-match)

Do I try re-installing some other aboot file that is relative to my apollo hardware and current 4.5.5.3 Fire OS?
^*scratching cheek* anyone got any links?^

Does anyone have any ideas for me to get back into FireOS so I can start over?


And as an asside;

I messaged Draxie earlier today for a link to their "1 Click Bootload Unlock" VM Script; and it is suggested over there that it has worked on fire devices that were in a soft brick state, so perhaps, even if I can not make any progress from here, all is not lost?


Thank you for reading this wall of a post, any help would be greatly appreciated!

/Exo

 

[exokinetic]

Power Button + Volume Up will NOT boot in to TWRP (unsuprising given the bootloader is still locked)

Okay, upon noticing most users were doing this with TWRP 3.1.1.1;

"the needed files are in the attachment, just download them all + the TWRP for your device from this thread: link"

^^^It would be nice if that explicitly stated to grab the 3.1.1.1 version for your device (apollo vs thor)

I restarted from bulk mode + dd'd the vuln_aboot and twrp 3.1.1.1

One step forward...

Now I CAN boot into TWRP with the Power + Volume Up combination;

Now if I have been following along like a good little student, then;

All I need to do now is grab -any- ROM image that does NOT require an unlocked bootload to flash through TWRP?

Flash any vanilla ROM, boot into ROM, adb get_code.bat (WITH CUBER IN THE DAMN FOLDER), verify unlock.code is 256 bytes

/PROFIT

Now, there was a user that was helping multiple users through this SAME ISSUE, and part of the solution involved posting up a link for a Nexus ROM that had been developed FOR the Fire HDX, which did NOT require an unlocked bootloader...

Unfortunatly, those links are all dead now. /sadface

Am I correct in understanding that -any- AEX or Nexus flavored ROM should work for the same purpose?

...one way to find out...

/Exo

 

[exokinetic]

Okay friends!

keyword: cuber

Now that I have a nice fresh instance of Lineage-16 running on my HDX, thanks to the brilliant and helpful minds floating around here...

A huge thank you to Draxie for holding my hand through this, and a big thank you to everyone who has worked on this development.

I thought I would share how I managed to make it through!

So, to begin; the orriginal instructions that most people will find referenced for "unlocking the bootloader" on your Kindle Fire HDX 8.9 are -almost- perfect;

Step 1.

This line:

1. Install the adb-setup-1.4.3 into a folder (for example: C:/adb), extract dd-0.5.zip + unlock.zip + aboot-xxx.zip, put dd.exe + get_code.bat + unlock.bat + twrp image (for your device) + aboot_vuln.mbn (for your device) into that folder.

Is missing one file (cuber) that needs to be placed "into that folder" (the folder you install adb into, from the example C:\adb )

The line SHOULD READ:

1. Install the adb-setup-1.4.3 into a folder (for example: C:/adb), extract dd-0.5.zip + unlock.zip + aboot-xxx.zip, put dd.exe + get_code.bat + unlock.bat + cuber + twrp image (for your device) + aboot_vuln.mbn (for your device) into that folder.

(can a Moderator please edit post #1,006 to reflect the above change? as in, ADD "+ cuber" -so no one else has to get stuck here)

Cuber -must- be in the adb folder you use for this set of instructions, or you will encounter an.... ERROR!


So, lets say you fell into the n0-cuber trap...

How do you get out of your now softbrick state?

Well, you had BETTER HOPE you still have your console open where you attempted to complete the instructions.
(I dont know if a log-file of command prompt history gets saved anywhere in Windows, if it does, you are in luck, and you MUST find this in order to follow my particular set of bread crumbs)

The information you are going to need (hash text) actually came back as a return in the command prompt window you were working in when you attempted step 3.

Specifically:

Step 3.

3. Excecute "get_code.bat" in the folder above, you will get a new file: unlock.code in the folder.

When you do that WITHOUT cuber in your adb folder, you will get a return that look SIMILAR to this:

C:\adb>get_code
cannot stat 'cuber': No such file or directory
Unable to open /data/local/tmp/cuber: No such file or directory
0x000045 0x251b3b67
/system/bin/sh: /data/local/tmp/cuber: not found
rm failed for /data/local/tmp/cuber, No such file or directory
Press any key to continue . . .

(coloring/ bolding added for clarity, your console will display all this text as the same color/formating)

That bold/green text is your key out of softboot purgatory, this is why you MUST have the console you orriginally attempted the instructions in still open, or have a backup/ log-file history saved somewhere
(I have no idea if windows does this automatically -I would assume not...)

You WILL generate a file called "unlock.code" -EXCEPT, it will have a size of 0kb (exceedingly useless)
-your unlock.code -should- have a filesize of: 256 Bytes

Unsuprisingly, when you get to the last step:

Step 8.

8. Run the "unlock.bat" in the folder and you should get a green line: "unlock code is correct". Congrats your Kindle now has an unlocked bootloader.

You will NOT receive "unlock code is correct" (you will not pass go, and you will not collect $200)
-sad face

What you WILL receive will look SIMILAR to this:

C:\adb>unlock
error: device '(null)' not found
target reported max download size of 1073741824 bytes
sending 'unlock' (0 KB)...
FAILED ()
finished. total time: 0.003s
Press any key to continue . . .

And you will be a sad panda.


So, how did I make out of this epic fail?

Enter @draxie

I let draxie know I needed a little help, and after reading my orriginal post, they spotted the necessesary information to generate a GOOD unlock.code file:

This is the response I got from @draxie:
I saw the relevant info printed in one of your recent
very detailed forum posts: 0x000045 0x251b3b67.

That's really _all_ you need and a version of `cuber` that runs on _some_ HW
you have access to. Both C and Python implementations have been posted.

BUT, the attachment should save you the trouble of searching and compiling...


So, Draxie was a champ, and compiled the unlock.code file FOR ME -thank you Draxie!

But, if you have been following along;

You need:

-The two hash's YOU got from the first time you attempted get_code.bat
(I believe these will absolutely be unique to your individual device, no one elses unlock.code will work for your device -someone please correct me if I am wrong here)

-Any version of cuber and hardware (like, a laptop) to run it on in order to compile the unlock.code

-The understanding of how to tell cuber to use YOUR hash text to compile a new unlock.code file
(if anyone that knows how to do this wants to provide exact instructions for the above, it would probably help someone)

Once you generate the new /GOOD unlock.code using cuber and your hash text (and replace the /BAD one in your /adb folder), boot the device back into fastboot and fire off the unlock.bat again.

-GOOD LUCK!-

--------------------------------------------------------------------------------------------------------------------------------------

Alternatly: (I have no idea how to do this from the current fastboot bootloop state you will be stuck in) you need to get a stock factory Kindle Fire HDX image (actually, -any- ROM you can get flashed and boot in to will work) flashed back onto your device so you can boot into the OS.

If you can get it to boot back into -ANY- OS (I read that some custom ROM's wont require an unlocked bootloader in order to flash onto the Fire HDX, for example) then, while the device is booted into the OS, you can run get_code.bat again (with cuber in your adb folder this time!) in order to generate a good unlock.code.

--------------------------------------------------------------------------------------------------------------------------------------

Once you have you unlocked bootloader, (gasp!)...

I followed the instruction found here -EXACTLY- in order to install a rather stable version of LineageOS-16 onto my Fire HDX.

Call me one happy camper.

In case I haven't done it enough in this post... -THANK YOU DRAXIE!


/Exo

 

[daftfool]

Can anyone point me in the direction of upgrading TWRP / Installed v3.x for this device?

I am attempting to install TWRP image downloaded from post #1006 in this thread, but it states that the partition is not large enough. Every advice I can find simply states I have the wrong version of TWRP, but that isn't the case.

I have twrp installed, but it is an old v 2.8.5 and I cannot find a way to upgrade it.

 

[santucio]

Hello guys)
I love this kindle fire hdx and lovely stock sound.
I want chance back stock from unlocking TWRP device.
Some have old repacked stock from 1st post for Thor:

Or stock repacked latest 4.5.5.2 rom - https://drive.google.com/open?id=0B2twXJIOgv-UVFFtN2RYNXNUZ0k (13.x - thor, 14.x - apollo)

Plz, link it.
Its sad, if not way back to stock from castom(

 

[cosmic_child]

Hi Guys,
i´m using the instructions from posting 1006 for my apollo. it´s running until the bulk-mode
this 2 commands are not running:
dd of=\\?\Device\HarddiskX\Partition6 if=aboot_vuln.mbn
dd of=\\?\Device\HarddiskX\Partition18 if=twrp_cubed.img

"Error native opening file: 0"

now didnt have access -can i reinstall the original rom and start again ?
I cannot restart - or with a special combination of buttons?

thx a lot
cosmic

 

[skdubg]

your error says that it cannot open the file.

Either the name is wrong, or the files are not in the same folder as dd.exe.

 

[cosmic_child]

your error says that it cannot open the file.

Either the name is wrong, or the files are not in the same folder as dd.exe.

Thx, i didnt wrote the result of wmic partition where index=22 get diskindex
wmic partition where (index=17 and numberofblocks=20480) get diskindex
wmic partition where (index=5 and numberofblocks

NOW i ve no acces... Hmm other ideas?

 

[Pixelado]

Steps unlock bootloader and needed files

this is the details step for unlocking bootloader for the 2013 Kindle HDX 7 (Thor) and HDX 8.9 (Apollo). Becarefull the 2014 HDX 8.9 (Saturn) doesn't work! These steps are done in Windows 10, successfully checked by myselft!
i don't take any credits, just collect all the steps in one post of the whole process...

Thanks so much for this!!! Aside from windows being picky about drivers and having to try my luck with different fastboot versions, this guide worked wonders for getting my friend's HDX 7 3rdGen unlocked and running LOS14.1

 

[firefan33]

Steps unlock bootloader and needed files

this is the details step for unlocking bootloader for the 2013 Kindle HDX 7 (Thor) and HDX 8.9 (Apollo). Becarefull the 2014 HDX 8.9 (Saturn) doesn't work! These steps are done in Windows 10, successfully checked by myselft!
i don't take any credits, just collect all the steps in one post of the whole process.

Download the needed files are in the attachment, just download them all + the TWRP for your device from this thread: TWRP 3.1.1-1
You do NOT need root for these steps!

1. Install the adb-setup-1.4.3 into a folder (for example: C:/adb), extract dd-0.5.zip + unlock.zip + aboot-xxx.zip, put dd.exe + get_code.bat + unlock.bat + twrp image (for your device) + aboot_vuln.mbn (for your device) into that folder. After that install the kindle_fire_usb_driver.
2. Turn on ADB-Debuging Mode in Developer Mod by tapping 7 times the build numbers in settings and connect to your computer + trust your device.
3. Excecute "get_code.bat" in the folder above, you will get a new file: unlock.code in the folder.
4. Open CMD in the folder and run "adb reboot bootloader", the Kindle will reboot to bootloader with "[ fastboot ]" on the display
5. On the Computer go to Device-Manager and change driver in "Other Android" to "Fire Devices - Android Adb Composite Driver" . It should say "Ready" on the Kindle.
6. Now we need to enter Bulk-Mode like the instruction in this thread: Bulk Mode
Type:






7. When done, hold down the power button until it reboots. Now you will be at Bootloader with [Fastboot] sign on the screen. Change the drive in Device-Manager again if needed.
8. Run the "unlock.bat" in the folder and you should get a green line: "unlock code is correct". Congrats your Kindle now has an unlocked bootloader.
9. Now hold power button again to shut down the device, then hold both "power button + Volume UP" and keep them for 3-5 seconds after you see the "kindle fire" logo. Then you will get into the TWRP and flash your desire things.

i hope this post will help others new member to free our beautifull devices!

Cheers and happy flashing

I have a problem - after following these steps my hdx7 cannot boot regularly:

I exactly followed the steps described from ReichMann in #1006. Then i installed LineageOS 16 as described here:

[ROM][testing][apollo, thor] Lineage-16.0 [08 FEB 2021]

For now 14.1 seems to be the sweet spot for me, my Kindle got really toasty with this build and my battery life was bad. I hope this build will see more stability and further improvements in the future :)

forum.xda-developers.com

Unfortunately my Fire HDX7 (3rd gen) is only able to boot in recovery mode (TWRP) and fastboot mode.
The first time i installed LineageOS via TWRP everything seemed fine.
But after rebooting the device the start screen from LIneage appeared only for a few seconds, went black and appeared again for a few seconds, and so on until i turned it off (long-pressed power button).
I re-flashed the image.
But now after rebooting immediately the recovery (TWRP) is started. And Fastboot is working, too. So i have two possible modes left ;-) recovery mode and fastboot mode... wonderful - but the regular mode has gone...

Do you think there is any way to get my hdx work again?

Thank you very much !

 

[dnt83]

Hello. At first, I did not invent anything new, just checked some my guess on a other motherboard. All thanks and credits to our great developers. As always, all at your own risk.
It does not work on the Fire HDX 8.9 (Saturn)!
All steps in this manual are not necessary but they are present for maximum safety. So I highly recommend do anything exactly in this way. Sorry my English as always =)
Update2 - actual method is https://forum.xda-developers.com/showpost.php?p=75284993&postcount=1006
Update: now you can use updated draxie's utility - http://forum.xda-developers.com/kindle-fire-hdx/general/multi-platform-1-click-bootloader-t3241014

Prerequisites for Installation
- Root
- Installed adb and fastboot drivers - official - https://drive.google.com/open?id=0B2twXJIOgv-UWWdwRl9TQS11b0k (if your system language not English, after fail navigate to "Program Files (x86)\Lab126\drivers" and run dpinst.exe /EL or switch to English =) for x64 need to disable driver signature verification before install ) also you can use pdanet drivers - http://forum.xda-developers.com/showpost.php?p=59268023&postcount=8

Manual:
1. Create unlock file following this instruction - https://forum.xda-developers.com/ki...r-firmware-t3463982/post70881555#post70881555

2. Flash old vulnarable aboot and cubed twrp (just in case). Check that all these commands executed without errors. If you'll get one - read second post below. If your firmware <=13(14)3.2.3.2 skip this step.
Download aboot and twrp for Thor (Kindle Fire HDX 7) https://drive.google.com/open?id=0B2twXJIOgv-UMGxXMUZPZTlZTUk or for Apollo (Kindle Fire HDX 8.9) - https://drive.google.com/open?id=0B2twXJIOgv-URzJDQkczNzRLaHM - and put this two files (twrp_cubed.img and aboot_vuln.mbn) into root of your kindle internal storage.
Run:

adb shell
su
dd if=/sdcard/twrp_cubed.img of=/dev/block/platform/msm_sdcc.1/by-name/recovery
dd if=/sdcard/aboot_vuln.mbn of=/dev/block/platform/msm_sdcc.1/by-name/aboot

Now you have working twrp recovery. It already works even without unlocked bootloader. You could boot into it by holding volUP during grey kindle logo. But no need to flash anything until unlock. At this point this is just emergency tool if something goes wrong =)

3. Flash unlock file.
Now, if you reboot, you will go straight into fastboot because of old aboot - newest boot.img can't load with it. If your firmware <13(14).4.1.1 you need run "adb reboot bootloader" to boot into fastboot.
Time to flash your unlock file.

fastboot -i 0x1949 flash unlock 0xmmssssssss.unlock

You must obtain "unlock code is correct".
Grats. You are perfect =)
You can flash:
CM13 - http://forum.xda-developers.com/kin...ment/rom-cm-13-kindle-hdx-2015-11-29-t3259732
CM 12.1 - http://forum.xda-developers.com/kin...ent/rom-cm-12-unofficial-apollo-thor-t3050199
Or stock repacked latest 4.5.5.2 rom - https://drive.google.com/open?id=0B2twXJIOgv-UVFFtN2RYNXNUZ0k (13.x - thor, 14.x - apollo)
Do not flash original stock firmwares.

Regards and thank to all - @dpeddi, @vortox, @draxie, @ggow, @Ralekdev, @jcase, @Hashcode
And greatest thanks for motherboard for my experiments to @MahmudS !

Hello
I forgot to get_code before, so can I unbrick it? Thank you

 

[zekzekzek]

sigh.

I have a Kindle Fire HDX Thor. I went through post 1006 and thought I followed everything to the T. Looks like I messed up with the unlock code being 0 KB just like what happened to user @exokinetic. Unfortunately, I did not execute "get_code.bat" from CMD but rather directly from windows explorer. I also did not notice that "unlock.code" is 0 KB.

So here is where we are - softbricked. No unique hashes and stuck on fastboot.

I have noticed that I can see the kindle when it is turned on. It shows up as Android ADB Interface.

I can open up CMD and run unlock.bat and I see on my kindle fastboot screen that it receives the unlock code and states its incorrect. So I can somewhat communicate with the Kindle.

Looking at unlock.bat I see that this command [fastboot -i 0x1949 flash unlock unlock.code] is working in sending data to the kindle and the kindle is responding. Albeit with nothing useful from what I can tell but responding nevertheless.

Wondering if I can use the below command with some variation to get a different type of response and get out of softbrick hell. I'm very curious now.
fastboot -i 0x1949

UPDATE 1:
While thinking about the above command, I was wondering why I can't run get_code.bat and then continued to read @exokinetic in his post #1208 and figured it was worth a shot. I followed these steps:

I restarted from bulk mode + dd'd the vuln_aboot and twrp 3.1.1.1

I also specifically got TWRP 3.1.1-1.

And success at getting TWRP loaded!! There is hope after all!

UPDATE 2:
So now I have TWRP and it loads just fine with Power Button and Volume Up. I thought the next step would be to try and get a ROM that does not need an unlocked bootloader but have had no luck finding the Nexus ROM.

I did notice on a German forum (that google translated to english for me) that there were commands for people to get manfid and serial (which is the goal to be able to unlock!) and I tried them in a command prompt with ADB. No luck. (maybe I could have tried with fastboot)

However!
TWRP has a terminal option. Like on the kindle itself. So I manually typed the same commands below into TWRP terminal and voila!! It worked! Who knew. Not this guy.

cat /sys/block/mmcblk0/device/manfid
cat /sys/block/mmcblk0/device/serial

So now I have my manfid and serial! Almost there! Now I just need to feed it into get_code.bat or unlock.bat so I can have a proper unlock.code file.

I did try to run get_code,bat using fastboot (and ensuring cuber was in the adb and folder) but I don't know what command to use here and the ones I tried haven't worked. Just ruling this out.

UPDATE 3: Unlock success!
Whoever said being impatient is a bad thing.
I knew I needed to manually pass the manfid and serial to be able to get a generated unlock.code file. So I was digging around in XDA and came across this thread by @yujikaido79 which was a great guiding post:

[TOOLS] Create unlock.img, fix boot.img, repack update.bin (for aboot

The attached archive includes 3 tools for those of you with .3.2.3.2 (or earlier) bootloaders. Since other tools (and earlier version of these very tools) are available and working well, this is mostly meant as an entry to an imaginary beauty...

forum.xda-developers.com

I did both these steps (although GMPY2 might not be needed):

get Python 2.7 for windows and install it >>https://www.python.org/download/releases/2.7/
btw I installed the 64 bit edition for both

get GMPY2 for Python 2.7 https://code.google.com/p/gmpy/downloads/list

I then followed the thread to get cuberHDX.py (which I realized I didn't need) over here by the great @draxie :

[Thor][Apollo] Unlocking bootloader with any firmware

Hello. At first, I did not invent anything new, just checked some my guess on a other motherboard. All thanks and credits to our great developers. As always, all at your own risk. It does not work on the Fire HDX 8.9 (Saturn)! All steps in this...

forum.xda-developers.com

** SIMPLER UNLOCK CODE GENERATION ON (ANY) WINDOWS **

• If you don't have python installed, download and install your preferred Python version
• Download and extract tools.zip
• Open a command shell (cmd.exe) and navigate to the directory where you extracted the archive
• To generate your unlock code type
  Code:
  py cublock.py 0xmm 0xssssssss

NB: the filename of the unlock code is 'unlock.img',
as opposed to the '0xmmssssssss.unlock' pattern that cuberHDX.py used to generate,
but the contents are the same and the unlock code is flashed the same way.

Since I had my manfid and serial, these instructions seemed like exactly what I was searching for. Once I was done with the above instructions, I had a unlock.img file.

Since I was going to be using fastboot, I copied the unlock.img file into my adb folder and simply ran this command and it worked like a charm.

Code:
fastboot -i 0x1949 flash unlock unlock.img

Success!

Overarching Edit: I'm going to keep editing my post as I find and have useful information in my journey so everything is in one place for my own reference.

 

[skeptic1007]

Hello. I have another problem with running the procedure at post 1006 above: get_code does not stop. The command at adb push cuber ... does not terminate. Any idea where I may be wrong?

I have unlocked my Kindle Fire and installed an Android OS some years ago. Have restored the original Fire OS since. Now I would like to repeat the Android OS procedure. Is the bootloader still unlocked?

 

[Toothless_NEO]

Can't find any working drivers, it's stuck at waiting for device. Any idea how to fix this?