[Thor][Apollo] Unlocking bootloader with any firmware

Search This thread
By:
Advanced…
ONYXis

ONYXis

Senior Member
Dec 7, 2013
436
332
Kyiv
Samsung Gear S3
Nvidia Shield TV & TV Pro (2019)
Hello. At first, I did not invent anything new, just checked some my guess on a other motherboard. All thanks and credits to our great developers. As always, all at your own risk.
It does not work on the Fire HDX 8.9 (Saturn)!
All steps in this manual are not necessary but they are present for maximum safety. So I highly recommend do anything exactly in this way. Sorry my English as always =)
Update2 - actual method is https://xdaforums.com/showpost.php?p=75284993&postcount=1006
Update: now you can use updated draxie's utility - http://xdaforums.com/kindle-fire-hdx/general/multi-platform-1-click-bootloader-t3241014

Prerequisites for Installation
- Root
- Installed adb and fastboot drivers - official - https://drive.google.com/open?id=0B2twXJIOgv-UWWdwRl9TQS11b0k (if your system language not English, after fail navigate to "Program Files (x86)\Lab126\drivers" and run dpinst.exe /EL or switch to English =) for x64 need to disable driver signature verification before install ) also you can use pdanet drivers - http://xdaforums.com/showpost.php?p=59268023&postcount=8

Manual:
1. Create unlock file following this instruction - https://xdaforums.com/kindle-fire-h...r-firmware-t3463982/post70881555#post70881555

2. Flash old vulnarable aboot and cubed twrp (just in case). Check that all these commands executed without errors. If you'll get one - read second post below. If your firmware <=13(14)3.2.3.2 skip this step.
Download aboot and twrp for Thor (Kindle Fire HDX 7) https://drive.google.com/open?id=0B2twXJIOgv-UMGxXMUZPZTlZTUk or for Apollo (Kindle Fire HDX 8.9) - https://drive.google.com/open?id=0B2twXJIOgv-URzJDQkczNzRLaHM - and put this two files (twrp_cubed.img and aboot_vuln.mbn) into root of your kindle internal storage.
Run:
Code: 
adb shell
su
dd if=/sdcard/twrp_cubed.img of=/dev/block/platform/msm_sdcc.1/by-name/recovery
dd if=/sdcard/aboot_vuln.mbn of=/dev/block/platform/msm_sdcc.1/by-name/aboot
Now you have working twrp recovery. It already works even without unlocked bootloader. You could boot into it by holding volUP during grey kindle logo. But no need to flash anything until unlock. At this point this is just emergency tool if something goes wrong =)

3. Flash unlock file.
Now, if you reboot, you will go straight into fastboot because of old aboot - newest boot.img can't load with it. If your firmware <13(14).4.1.1 you need run "adb reboot bootloader" to boot into fastboot.
Time to flash your unlock file.
Code: 
fastboot -i 0x1949 flash unlock 0xmmssssssss.unlock
You must obtain "unlock code is correct".
Grats. You are perfect =)
You can flash:
CM13 - http://xdaforums.com/kindle-fire-hdx/orig-development/rom-cm-13-kindle-hdx-2015-11-29-t3259732
CM 12.1 - http://xdaforums.com/kindle-fire-hdx/development/rom-cm-12-unofficial-apollo-thor-t3050199
Or stock repacked latest 4.5.5.2 rom - https://drive.google.com/open?id=0B2twXJIOgv-UVFFtN2RYNXNUZ0k (13.x - thor, 14.x - apollo)
Do not flash original stock firmwares.

Regards and thank to all - @dpeddi, @vortox, @draxie, @ggow, @Ralekdev, @jcase, @Hashcode
And greatest thanks for motherboard for my experiments to @MahmudS !
 
Last edited:
  • Like
Reactions: Pixelado, sol-invictus, neoroid and 51 others
ONYXis

ONYXis

Senior Member
Dec 7, 2013
436
332
Kyiv
Samsung Gear S3
Nvidia Shield TV & TV Pro (2019)
FAQ:
1. if your get "not such file or directory" after su in step 2 (this is SAFESTRAP related possibly)- try to use next commands:
Code: 
adb shell
su
dd if=/storage/emulated/0/twrp_cubed.img of=/dev/block/platform/msm_sdcc.1/by-name/recovery
dd if=/storage/emulated/0/aboot_vuln.mbn of=/dev/block/platform/msm_sdcc.1/by-name/aboot
http://xdaforums.com/showpost.php?p=68751981&postcount=35
 
Last edited:
  • Like
Reactions: Pixelado, cosmic_child, sol-invictus and 2 others
D

draxie

Senior Member
Apr 20, 2014
515
642
Daredevil

ONYXis said:
Code: 
dd if=/sdcard/aboot_vuln.mbn of=/dev/block/platform/msm_sdcc.1/by-name/aboot
Click to expand...
Click to collapse

Great job! So, simply flashing the vulnerable bootloader "just works"...
Are you absolutely positive?
Although I've been expecting this all along
[but wouldn't dare trying, since the HDX is *still* my only tablet],
I'm wondering what the supposed "rollback protection" after 3.2.8 really covers.

Fixed issue (now hidden)
BTW: I get the exact same MD5 hash for both versions of 'aboot_vuln.mbn' (the two 'cubed_twrp.img' are different).
Code: 
66b7df0db97c7c2905d1d61199c816a5  13-aboot_vuln.mbn
66b7df0db97c7c2905d1d61199c816a5  14-aboot_vuln.mbn
087e7125c48fcbebcc2f51a9c46379f2  13-twrp_cubed.img
c06799a4a8d48d9dd55aea002def1caf  14-twrp_cubed.img

H[66b7df0db97c7c2905d1d61199c816a5]=aboot-13.3.2.3.2_user_323001720.mbn

Please double-check to make sure Apollo users won't get fried.



You do say that not all steps are necessary. Can you advise if my thinking below sounds correct?
I'm considering adding this to 1-Click; that's why I'm asking.. (If I could also include a surefire way
to root the device beforehand, we'd be all set for a truly 1-Click experience from scratch, modulo
strange Windows behaviour. [if anybody still cares ;-P])

  • I suppose getting rid of the potentially dangerous anti-rollback-related files is good measure,
    but if they had been making any difference, this method shouldn't really work, right?
    So, this may not be needed at all.
  • I'm also thinking that flashing TWRP in the same step -although nice- is not strictly needed.
    Would you agree?
 
Last edited:
  • Like
Reactions: sol-invictus, jimyv and ONYXis
ONYXis

ONYXis

Senior Member
Dec 7, 2013
436
332
Kyiv
Samsung Gear S3
Nvidia Shield TV & TV Pro (2019)
Are you absolutely positive?
Click to expand...
Click to collapse
I tried this with two devices with two firmwares at each after rollback-upgrade proccess to be sure.
Although I've been expecting this
Click to expand...
Click to collapse
Same as I. Just need to be checked.
: I get the exact same MD5 hash for both versions of 'aboot_vuln.mbn
Click to expand...
Click to collapse
Strange, I use same aboots in this tool - http://xdaforums.com/kindle-fire-hdx/general/how-to-unbrick-kindle-fire-hdx-firmware-t3277197 =) need to fix=)
Re-uploaded aboot from 14.3.2.3.2 - 4A2BE8E374C8D1FCE8E6743AC2D09BB0
Thank you.
'm also thinking that flashing TWRP in the same step -although nice- is not strictly needed.
Click to expand...
Click to collapse
Of course. But... why not? and sometimes fastboot flash recovery at very first time don't work.
but if they had been making any difference, this method shouldn't really work, right?
So, this may not be needed at all.
Click to expand...
Click to collapse
This is need to check. I really do not like that factory_provision_tool.
But I agree that all magic is just dd'ing of old aboot.
 
Last edited:
  • Like
Reactions: sol-invictus
D

draxie

Senior Member
Apr 20, 2014
515
642
ONYXis said:
I tried this with two devices with two firmwares at each after rollback-upgrade proccess to be sure.
Click to expand...
Click to collapse
Sounds good.

ONYXis said:
Same as I. Just need to be checked.
Click to expand...
Click to collapse
Indeed! And, that's quite a daring achievement. Big thanks for that!

ONYXis said:
Strange, I use same aboots in this tool - http://xdaforums.com/kindle-fire-hdx/general/how-to-unbrick-kindle-fire-hdx-firmware-t3277197 =) need to fix=)
Re-uploaded aboot from 14.3.2.3.2 - 4A2BE8E374C8D1FCE8E6743AC2D09BB0
Thank you.
Click to expand...
Click to collapse
I also verified this, just to be sure; and, chose to hide the issue in my post above.
H[4a2be8e374c8d1fce8e6743ac2d09bb0]=aboot-14.3.2.3.2_user_323001720.mbn

ONYXis said:
Of course. But... why not? and sometimes fastboot flash recovery at very first time don't work.
Click to expand...
Click to collapse
I'll see if including the TWRP images in 1-Click pushes the size of the ZIP over the XDA limit.
I suppose I could opt to fetch from the net if it doesn't, but then I need to enable networking for the VM.

ONYXis said:
This is need to check. I really do not like that factory_provision_tool.
But I agree that all magic is just dd'ing of old aboot.
Click to expand...
Click to collapse
Yes. Please check!
 
  • Like
Reactions: sol-invictus and jimyv
ONYXis

ONYXis

Senior Member
Dec 7, 2013
436
332
Kyiv
Samsung Gear S3
Nvidia Shield TV & TV Pro (2019)
draxie said:
Yes. Please check!
Click to expand...
Click to collapse
Ok. So... Another motherboard with stock 3.2.3.2
Updated it through OTA to 3.2.5 > 4.1.1 > 4.5.2 > 4.5.4 > 4.5.5 > 4.5.5.1 > 4.5.5.2
Rollbacked to 3.2.8, updated to 4.5.5.1, Kingroot.
Code: 
adb shell
su
dd if=/sdcard/aboot_vuln.mbn of=/dev/block/platform/msm_sdcc.1/by-name/aboot
reboot
Boot into fastboot. At this point need to have id's already!!!
Flash unlock, flash recovery, flash upHDXed 4.5.5.2 rom. Succesfully booted up. :fingers-crossed:
OP edited.
 
Last edited:
  • Like
Reactions: sol-invictus, DB126 and draxie
D

draxie

Senior Member
Apr 20, 2014
515
642
ONYXis said:
Rollbacked to 3.2.8, updated to 4.5.5.1, Kingroot.
Click to expand...
Click to collapse
I don't suppose this rollback is essential, is it?
It should work just as well to stop the update before the currently unrootable 4.5.5.2, right?

ONYXis said:
Flash unlock, flash recovery, flash upHDXed 4.5.5.2 rom. Succesfully booted up. :fingers-crossed:
Click to expand...
Click to collapse

Nice. I'll PM you soon with an updated 1-Click, for testing, if you don't mind.
(I cannot [and don't even want to] test this on my only tablet.)
 
  • Like
Reactions: sol-invictus
DB126

DB126

Senior Member
Oct 15, 2013
15,362
10,174
Although I have registered my 'thanks' on various posts it seems hollow to not explicitly recognize @ONYXis and @draxie for their tremendous contributions supporting this device both past and present. The ability to unlock virtually any rooted 3rd gen HDX is a true game changer that will revive interest in this discontinued gem that still competes nicely with contemporary offerings. Well done, gents!
 
  • Like
Reactions: sol-invictus, notjoken958, sashusmom and 4 others
R

RambaaZambaa

Member
Nov 29, 2015
15
3
Hi, i cant get the adb driver to work with my german Win 10 64bit
dpinst.exe /EL starts fine but throws an error while installing.

So i wanted to try the pdanet drivers but im not sure how to get my fire into fastboot mode ("- connect your kindle already waiting in fastboot mode with usb cable to pc").
Any help? :>
 
R

RambaaZambaa

Member
Nov 29, 2015
15
3
ONYXis said:
Maybe you need to disable driver signature verification before install. Google it.
fastboot -
Code: 
adb reboot bootloader
Click to expand...
Click to collapse
Thanks, that worked. Now i have the following problem when trying "python.exe cuberHDX.py 0xmmssssssss": (tried with 64 and 32bit Python + gmpy2, because that seems to be the problem sometimes)

File "cuberHDX.py", line 7, in <module>
from gmpy2 import iroot, mpz
ImportError: DLL load failed: %1 ist keine zulõssige Win32-Anwendung. [last part means not a valid win 32 application]

Thanks for your help!
 
R

RambaaZambaa

Member
Nov 29, 2015
15
3
ONYXis said:
Welcome.
Need to unarchive.
Click to expand...
Click to collapse
Next problem :silly:
As long as im not su i can cd to sdcard folder (or storage/sdcard0). But then i cant use the "dd if=/sdcard/twrp_cubed.img of=/dev/block/platform/msm_sdcc.1/by-name/recovery" command.
So when im SU the command fails and i also cant enter the sdcard folder (no such file or directory). Strange...
 
ONYXis

ONYXis

Senior Member
Dec 7, 2013
436
332
Kyiv
Samsung Gear S3
Nvidia Shield TV & TV Pro (2019)
RambaaZambaa said:
Next problem :silly:
As long as im not su i can cd to sdcard folder (or storage/sdcard0). But then i cant use the "dd if=/sdcard/twrp_cubed.img of=/dev/block/platform/msm_sdcc.1/by-name/recovery" command.
So when im SU the command fails and i also cant enter the sdcard folder (no such file or directory). Strange...
Click to expand...
Click to collapse
Sorry, really don't understand )
Pls, provide screenshot of cmd with your error.
And try to follow instructions directly.There is no any cd command.
 
Last edited:
You must log in or register to reply here.

Similar threads

D
Multi-platform 1-Click bootloader unlock for *ANY* 3rd Gen HDX (with VirtualBox)
Replies
672
Views
171K
W
wave_sailor
ONYXis
[Rollback][Downgrade][Thor][Apollo] 3.2.8 rollback-OTA captured
Replies
807
Views
209K
Z
zchtoy
K
Thor & 4.5.5.2 : Easy to root and Unlock Bootloader
Replies
143
Views
79K
Z
zXiC
ONYXis
Stock firmwares for Kindle Fire HDX (Thor-Apollo)
Replies
199
Views
130K
K
kkcheong
C
[FLASHABLE ZIP] Google Gapps + Amazon AppShop - HDX 7", 8.9" (Thor, Apollo)
Replies
289
Views
100K
C
Cl4ncy

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 54
    ONYXis
    ONYXis
    Hello. At first, I did not invent anything new, just checked some my guess on a other motherboard. All thanks and credits to our great developers. As always, all at your own risk.
    It does not work on the Fire HDX 8.9 (Saturn)!
    All steps in this manual are not necessary but they are present for maximum safety. So I highly recommend do anything exactly in this way. Sorry my English as always =)
    Update2 - actual method is https://xdaforums.com/showpost.php?p=75284993&postcount=1006
    Update: now you can use updated draxie's utility - http://xdaforums.com/kindle-fire-hdx/general/multi-platform-1-click-bootloader-t3241014

    Prerequisites for Installation
    - Root
    - Installed adb and fastboot drivers - official - https://drive.google.com/open?id=0B2twXJIOgv-UWWdwRl9TQS11b0k (if your system language not English, after fail navigate to "Program Files (x86)\Lab126\drivers" and run dpinst.exe /EL or switch to English =) for x64 need to disable driver signature verification before install ) also you can use pdanet drivers - http://xdaforums.com/showpost.php?p=59268023&postcount=8

    Manual:
    1. Create unlock file following this instruction - https://xdaforums.com/kindle-fire-h...r-firmware-t3463982/post70881555#post70881555

    2. Flash old vulnarable aboot and cubed twrp (just in case). Check that all these commands executed without errors. If you'll get one - read second post below. If your firmware <=13(14)3.2.3.2 skip this step.
    Download aboot and twrp for Thor (Kindle Fire HDX 7) https://drive.google.com/open?id=0B2twXJIOgv-UMGxXMUZPZTlZTUk or for Apollo (Kindle Fire HDX 8.9) - https://drive.google.com/open?id=0B2twXJIOgv-URzJDQkczNzRLaHM - and put this two files (twrp_cubed.img and aboot_vuln.mbn) into root of your kindle internal storage.
    Run:
    Code: 
    adb shell
su
dd if=/sdcard/twrp_cubed.img of=/dev/block/platform/msm_sdcc.1/by-name/recovery
dd if=/sdcard/aboot_vuln.mbn of=/dev/block/platform/msm_sdcc.1/by-name/aboot
    Now you have working twrp recovery. It already works even without unlocked bootloader. You could boot into it by holding volUP during grey kindle logo. But no need to flash anything until unlock. At this point this is just emergency tool if something goes wrong =)

    3. Flash unlock file.
    Now, if you reboot, you will go straight into fastboot because of old aboot - newest boot.img can't load with it. If your firmware <13(14).4.1.1 you need run "adb reboot bootloader" to boot into fastboot.
    Time to flash your unlock file.
    Code: 
    fastboot -i 0x1949 flash unlock 0xmmssssssss.unlock
    You must obtain "unlock code is correct".
    Grats. You are perfect =)
    You can flash:
    CM13 - http://xdaforums.com/kindle-fire-hdx/orig-development/rom-cm-13-kindle-hdx-2015-11-29-t3259732
    CM 12.1 - http://xdaforums.com/kindle-fire-hdx/development/rom-cm-12-unofficial-apollo-thor-t3050199
    Or stock repacked latest 4.5.5.2 rom - https://drive.google.com/open?id=0B2twXJIOgv-UVFFtN2RYNXNUZ0k (13.x - thor, 14.x - apollo)
    Do not flash original stock firmwares.

    Regards and thank to all - @dpeddi, @vortox, @draxie, @ggow, @Ralekdev, @jcase, @Hashcode
    And greatest thanks for motherboard for my experiments to @MahmudS !
    View
    34
    ReichMann
    ReichMann
    Steps unlock bootloader and needed files

    this is the details step for unlocking bootloader for the 2013 Kindle HDX 7 (Thor) and HDX 8.9 (Apollo). Becarefull the 2014 HDX 8.9 (Saturn) doesn't work! These steps are done in Windows 10, successfully checked by myselft!
    i don't take any credits, just collect all the steps in one post of the whole process.

    Download the needed files are in the attachment, just download them all + the TWRP for your device from this thread: TWRP 3.1.1-1
    You do NOT need root for these steps!

    1. Install the adb-setup-1.4.3 into a folder (for example: C:/adb), extract dd-0.5.zip + unlock.zip + aboot-xxx.zip, put dd.exe + get_code.bat + unlock.bat + twrp image (for your device) + aboot_vuln.mbn (for your device) into that folder. After that install the kindle_fire_usb_driver.
    2. Turn on ADB-Debuging Mode in Developer Mod by tapping 7 times the build numbers in settings and connect to your computer + trust your device.
    3. Excecute "get_code.bat" in the folder above, you will get a new file: unlock.code in the folder.
    4. Open CMD in the folder and run "adb reboot bootloader", the Kindle will reboot to bootloader with "[ fastboot ]" on the display
    5. On the Computer go to Device-Manager and change driver in "Other Android" to "Fire Devices - Android Adb Composite Driver" . It should say "Ready" on the Kindle.
    6. Now we need to enter Bulk-Mode like the instruction in this thread: Bulk Mode
    Type:
    Code: 
    fastboot -i 0x1949 erase aboot
fastboot -i 0x1949 reboot
    Click to expand...
    Click to collapse

    NB: this will be scary as you'll lose 'fastboot' and only see a black screen.
    Your device should reboot into "bulk mode" resulting in a number of pop-up
    windows asking to format all the partitions that get exposed (at least, on Windows 10).
    DO NOT format anything! Follow the above instructions instead.
    Click to expand...
    Click to collapse

    Open a command window (cmd) and run the following commands:

    Code: 
    wmic partition where index=22 get diskindex
wmic partition where (index=17 and numberofblocks=20480) get diskindex
wmic partition where (index=5 and numberofblocks=4096) get diskindex

    All three of the above commands should return the same DiskIndex. Let's call that index X.

    In the command window, run the following two commands with the right aboot&twrp files for your device
    (you will need to substitute the DiskIndex X from above in place of the X):


    Code: 
    dd of=\\?\Device\HarddiskX\Partition6 if=aboot_vuln.mbn
dd of=\\?\Device\HarddiskX\Partition18 if=twrp_cubed.img

    This error message on the first command seems normal: "Error reading file: 87 The parameter is incorrect"
    NB: make sure you run both commands! Without TWRP, you'll get a brick.

    Wait a few minutes for good measure; then, keep holding Power + VolUp until your device enters TWRP.
    Click to expand...
    Click to collapse

    7. When done, hold down the power button until it reboots. Now you will be at Bootloader with [Fastboot] sign on the screen. Change the drive in Device-Manager again if needed.
    8. Run the "unlock.bat" in the folder and you should get a green line: "unlock code is correct". Congrats your Kindle now has an unlocked bootloader.
    9. Now hold power button again to shut down the device, then hold both "power button + Volume UP" and keep them for 3-5 seconds after you see the "kindle fire" logo. Then you will get into the TWRP and flash your desire things.

    i hope this post will help others new member to free our beautifull devices!

    Cheers and happy flashing :D
    View
    14
    D
    draxie
    Generate the unlock code on your own Kindle (no python required)

    Prerequisites
    • Platform tools (adb + fastboot) from Google
    • Fire drivers from Amazon
      (if you want something that works with *both* adb *and* fastboot, make sure you hand-pick the 'Android Composite ADB Interface' driver under 'Fire Devices' in Device Manager)
      Update Driver Software... >> Browse my computer for driver software >> Let me pick from a list [...] >> Fire Devices
    • Download and extract unlock.zip (SHA256: e5db0b8d82c8fd2a25a22b0a598014d22a2ec33cef27a8d4b65a36acde08f27a)
      to the same directory that holds the adb and fastboot executables (default: platform-tools)
      unless, of course, you have added that directory to your PATH

    Code Generation & Unlock
    1. Click on get_code.bat in the extracted folder (default: platform-tools)
      --- this replaces step 1 (including *both* 1.1 & 1.2) of the OP ---
      Check that two hex-numbers are printed (manfid+serial) and a new file 'unlock.code' appears in that folder
    2. Perform Step 2 of the OP
    3. Click on unlock.bat in the extracted folder (default: platform-tools)
      --- this replaces step 3 of the OP ---
      if you see < waiting for any device > in the Command window, you'll need to manually select a driver

    That's all folks...
    View
    10
    D
    draxie
    BULK MODE

    mliyy said:
    it is all my fault.my device is apollo,nexus4.4.4. when unlocking bootloader,i put the wrong file into interstorage,that is thor's aboot vuln and twrp cube.and then my hdx8.9 cannot enter recovery,bootload and system,only display background light.i can still see its storage in computer,but shows do not find device in adb .so what should i do to save my apollo?i am appreciating for you help..
    Click to expand...
    Click to collapse

    Here's a set of instructions that _SHOULD_ work to recover your device.
    We had two recent successful cases, and I've only managed to brick
    one of my test devices experimenting with this.

    Nevertheless, the standard disclaimer still applies: your device, your risk.
    If anything goes wrong, I'm not responsible.


    1. Open a command window (cmd, NOT PowerShell!!) and run the following commands:
      Code: 
      wmic partition where index=22 get diskindex
wmic partition where (index=17 and numberofblocks=20480) get diskindex
wmic partition where (index=5 and numberofblocks=4096) get diskindex
      All three of the above commands should return the same DiskIndex.
      Let's call that index X.
    2. Download and extract http://www.chrysocome.net/downloads/dd-0.5.zip.
    3. In the command window, change to the directory with the extracted dd.exe
      and run the following two commands with the right aboot&twrp files for your device
      (you will need to substitute the DiskIndex X from above in place of the red X):
      Code: 
      dd of=\\?\Device\Harddisk[COLOR="Red"]X[/COLOR]\Partition6 if=aboot_vuln.mbn
dd of=\\?\Device\Harddisk[COLOR="Red"]X[/COLOR]\Partition18 if=twrp_cubed.img
      This error message on the first command seems normal: "Error reading file: 87 The parameter is incorrect"
      NB: make sure you run both commands! Without TWRP, you'll get a brick.
    4. Wait a few minutes for good measure; then, keep holding Power + VolUp until your device enters TWRP.


    @bluecoyote, @Mr McBoatface (or anyone else starting from fastboot)
    I have all the ingredients for a script, but haven't had time to put it all together.
    The above instructions work, once you put your device into "bulk mode".
    To do so, you'll need to run these two fastboot commands:
    Code: 
    fastboot -i 0x1949 erase aboot
fastboot -i 0x1949 reboot
    NB: this will be scary as you'll lose 'fastboot' and only see a black screen.
    Your device should reboot into "bulk mode" resulting in a number of pop-up
    windows asking to format all the partitions that get exposed (at least, on Windows 10).
    DO NOT format anything! Follow the above instructions instead.

    Oh, and YES: this should also work on any unrooted & locked 3rd gen HDX device.
    You need to enable ADB and run the following command to enter fastboot:
    Code: 
    adb reboot bootloader

    This is arguably faster (and less malware-ridden) than trying to root with Kingroot,
    but it's easy to make a small mistake and end up with a brick.
    View
    7
    DB126
    DB126
    Although I have registered my 'thanks' on various posts it seems hollow to not explicitly recognize @ONYXis and @draxie for their tremendous contributions supporting this device both past and present. The ability to unlock virtually any rooted 3rd gen HDX is a true game changer that will revive interest in this discontinued gem that still competes nicely with contemporary offerings. Well done, gents!
    View

New posts