"UNBRICK" Fire 7 5th Gen after a downgrade attempt from 5.1.1 to 5.0.1

Search This thread

hwmod

Senior Member
Dec 12, 2011
309
276
0
Verona
IDENTIFYING THE "BRICK" TYPE
This is a raw "unbrick" method ONLY of use to those people that tried to downgrade from 5.1.1 to 5.0.1 and "bricked" their tablet during these attempts. The symptoms of the "brick" I experienced are: tablet seems to be dead, screen never turns on, no ADB and no FASTBOOT available from the USB port.
NOTE: At the moment I could only test this method on the Fire 7 5th Generation tablets, though it is possible that the same procedure could work on other Mediatek SoC.

From a serial console this kind of soft "brick" can be identified by the following output (just the last few lines):
Code:
[ANTI-ROLLBACK] Processing anti-rollback data
mmc_rpmb_send_command -> req_type=0x1, type=0x4, blks=0x1
mmc_rpmb_send_command -> req_type=0x2, type=0x4, blks=0x1
[ANTI-ROLLBACK] PL: 2 TEE: 3002 LK: 3
[ANTI-ROLLBACK] Checksum validated
[ANTI-ROLLBACK] LK version mismatch!
[ANTI-ROLLBACK] L: 3 R: 2

This state reveals that the UBOOT code ("lk.bin" version 5.0.1) is blocked by Amazon enforced [ANTI-ROLLBACK] protection checks. If this is your case I am 100% sure this method can be used to recover your tablet from the soft "brick" (tested twice).

"UNBRICK" METHOD DETAILS
The method makes use of Zeroepoch's Python code used previously to "root" the Amazon Fire TV2 and works very well making it possible to directly and unconditionally write to the EMMC memory space of our Fire 7" 5th Generation tablets. There is no need to sign code, no SHA keys and no certificates involved in the process.

NOTE: Initially I opened my tablet, connected cables + serial break-out board by soldering them directly to the internal UART TX/RX pads on the mainboard. I even ripped off some of the pads. However this is absolutely not necessary for this method, I did that to ensure myself complete control over the tablet and to learn all I could related to this tablet.

All the procedure can be completed through the normal USB cable and a Linux terminal console logged in as the "root" user. I preferred to do everything as the "root" user to exclude permission problems on the devices.

Unfortunately this method is really slow due to the fact that the process is executed through a USB serial connection at 115200 bps and at the moment the proposed code can only write very small chunks of data one after one through a call to a boot loader operation.

I executed the complete process from a Linux system (Fedora 23) but I believe the same could be done from both Windows and Mac OS X. On Windows it would be slightly more difficult since it requires the correct USB drivers and the Python interpreter. On Linux everything should be already available on any distribution. This will make the process much easier by excluding variables like wrong USB drivers or difficult Python installations.

THE REQUISITES
Download the following code archive from Gitlab (thanks to Zeroepoch):
then unzip the downloaded archive in its new folder. The name of the original folder will be something like:
aftv2-tools-master-5a6de7663bd7c20c54f59ed10b3a5cec841d6564.zip
Rename the folder to a shorter name like "aftv2-tools" to make it easier and shorter to type and move between folders. There are several files and directories in the unpacked AFTV2 archive. However we will only need 4 of them for our method. They are 4 Python scripts named "handshake.py", "read_mmc.py", "write_mmc.py" and "read32.py".

It is possible that you will need to install a Python module called "pyserial" since that is a required dependency. You can do that using the "pip" utility, the command is "pip install pyserial" (the same also for Windows and Mac OS).

THE PROCEDURE
The first step is to ensure the tablet is switched off, then "cd" to the "aftv2-tools" folder that you renamed and execute:
Code:
./handshake.py
on the next line in the console you will immediately see:
waiting for preloader ...
now connect the tablet (ensure it is switched off) to the USB port of your PC and wait a couple of second until the Python script exits and the following appears on the console:
Found port = /dev/ttyACM0
Handshake complete!

Now the tablet is in the [USBDL] / [USBDOWNLOAD] mode.

NOTE: Do not disconnect the cable until the end of the complete write procedure and only after executing the disconnect command below.

TRAINING WITH A "READ" OPERATION
Before doing more damages and to ensure the setup/environment works, let's use a READ operation as an exercise and make a backup copy of the current UBOOT partition (it will take a while, prepare your coffee).

Knowing that the UBOOT partition starts at 0x1460000 (hex) and that the length of the partition in bytes is 0x100000 (hex) we could read the complete partition with the following command:
Code:
./read_mmc.py $((0x1460000)) $((0x100000)) UBOOT_501_backup.part
The command above would take about 2 hours or more to complete and read the full 16Mbytes , so you may skip that.

Since we know that the size of the original "lk_501.bin" is exactly 406964 bytes it will be enough to read just what we need (40x less read operations thus 40x less time). A bit of math is needed here, we have to find the minimum number of 512 bytes blocks needed to make up a length of at least 406964 bytes. That is 795 * 512 = 407040 so the command will be:
Code:
./read_mmc.py $((0x1460000)) $((795*512)) UBOOT_501_backup.part
this will create a file slightly larger than the original, but we will trim it down with the next command below.

To double check that everything went fine and knowing that the length in bytes of the original 5.0.1 lk.bin is 406964 (dec) we can compare what we have read from the serial connection with the "lk.bin" taken from the 5.0.1 version of the original Amazon update using the following commands. The first line is to trim down what we read to the same size of the original "lk_501.bin" while the second will calculate the MD5 sum of the two files to ensure they are identical:
Code:
dd if=UBOOT_501_backup.part of=UBOOT_501_backup.bin bs=406964 count=1
md5sum UBOOT_501_backup.bin lk_501.bin
The above command will print 2 lines containing the MD5 sum of both files, the 2 hex number should be the same. Don't worry if the numbers are different, it may be due to a different version of 5.0.x that you used to try the downgrade. Actually there where 3 or more 5.0.1 partial updates. However check with an hex editor that the first four bytes of the backup you just made are HEX: 88 16 88 58 and that bytes number 8 and 9 (start counting from 0) are HEX: 4C 4B which correspond to the ASCII string "LK".

NOW THE "UNBRICK" PART
At this point to "unbrick" the tablet we need to write the 5.1.1 version of "lk.bin" to the UBOOT partition with this command:
Code:
./write_mmc.py $((0x1460000)) lk_511.bin
Wait for this command to complete it will take some time (may be 5 to 10 minutes).
Now we need to exit the [USBDL] / [USBDOWNLOAD] mode before disconnecting the USB cable.
Use this command to do that, it may print some error on the console but that is the expected behavior:
Code:
./read32.py 0 1
wait 10 seconds and then pull the USB cable to disconnect it from the PC.

NOTE if you can’t get your device out of [USBDL] / [USBDOWNLOAD] mode at this point then pop the back cover off of the device and remove the battery plug that has 6 wires and the plug lifts straight up. Wait 5 seconds and reconnect the battery and place the cover on the back of your tablet then power it up.

If all went well the device will reboot with a working "UBOOT/lk.bin". You can now boot to recovery and "adb sideload" stock fire os 5.1.1 update to get your device fully working again (not downgraded but fully functional).

Most of the things explained here are also written in the README files contained in the archives you have downloaded (aftv2-tools / fbtool) and in the documents linked in previous posts.

Have to say thanks to Sturmflut for the invaluable Mediatek SoC docs and to Zeroepoch for the Python scripts.

Have fun,

.:HWMOD:.
 

STrRedWolf

Member
May 29, 2016
11
0
0
Ahhh! A glimmer of hope for a bricked Fire. I had tried to downgrade a 5.1.2 to a 5.1.1 and bricked it... but I did see the MediaTek USB ACM device pop up and down. If I can find a 5.1.2 update, I can try to extract that, slap that on the internal MMC, and see if I can unbrick my (first) Fire that way.
 

hwmod

Senior Member
Dec 12, 2011
309
276
0
Verona
Quick guide to "unbrick" 5.1.2 from downgrade attempts

Ahhh! A glimmer of hope for a bricked Fire. I had tried to downgrade a 5.1.2 to a 5.1.1 and bricked it... but I did see the MediaTek USB ACM device pop up and down. If I can find a 5.1.2 update, I can try to extract that, slap that on the internal MMC, and see if I can unbrick my (first) Fire that way.

This is a condensed resume of post #1 to "unbrick" and rollback to stock firmware 5.1.2.
You will need a working system with Python3 installed and the "pyserial" module.
Download and unzip AFTV2-Tools in a new folder on your PC.

From inside the AFTV2-Tools folder execute the following script:
Code:
./handshake.py
if your setup is OK the script will print this message to the console:
waiting for preloader ...
now ensure the tablet is switched off, then connect it to the PC with the USB cable.
In a couple of seconds the script will detect the serial port and print this message:
Found port = /dev/ttyACM0
Handshake complete!
confirming the tablet was successfully switched to [USBDOWNLOAD] mode.
Next you need to write the 5.1.2 version of "lk.bin" to the UBOOT partition:
Code:
./write_mmc.py $((0x1460000)) lk_512.bin
now exit the [USBDownload] mode by executing the following script:
Code:
./read32.py 0 1
this will possibly print a few error in the console but that is expected.
Wait 10 seconds and then pull the USB cable to disconnect it from the PC.
If all went well the device will reboot with a working "UBOOT/lk.bin" partition.
You can now boot into recovery mode and "adb sideload" stock fire os 5.1.2 update.
You will have your device fully working again (not downgraded but fully functional).

.:HWMOD:.
 
  • Like
Reactions: tintin74

STrRedWolf

Member
May 29, 2016
11
0
0
This is a condensed resume of post #1 to "unbrick" and rollback to stock firmware 5.1.2.
You will need a working system with Python3 installed and the "pyserial" module.
Download and unzip AFTV2-Tools in a new folder on your PC.

From inside the AFTV2-Tools folder execute the following script:
Code:
./handshake.py
if your setup is OK the script will print this message to the console:
waiting for preloader ...
now ensure the tablet is switched off, then connect it to the PC with the USB cable.
In a couple of seconds the script will detect the serial port and print this message:
Found port = /dev/ttyACM0
Handshake complete!
confirming the tablet was successfully switched to [USBDOWNLOAD] mode.
Next you need to write the 5.1.2 version of "lk.bin" to the UBOOT partition:
Code:
./write_mmc.py $((0x1460000)) lk_512.bin
now exit the [USBDownload] mode by executing the following script:
Code:
./read32.py 0 1
this will possibly print a few error in the console but that is expected.
Wait 10 seconds and then pull the USB cable to disconnect it from the PC.
If all went well the device will reboot with a working "UBOOT/lk.bin" partition.
You can now boot into recovery mode and "adb sideload" stock fire os 5.1.2 update.
You will have your device fully working again (not downgraded but fully functional).

.:HWMOD:.
I've just tried that... and no go. It won't boot into it. I'm wondering what else needs to be flashed this way...
 

hwmod

Senior Member
Dec 12, 2011
309
276
0
Verona
I've just tried that... and no go. It won't boot into it. I'm wondering what else needs to be flashed this way...

Did the "handshake.py" script return the expected messages ?
Did the "write_mmc.py" script output the progress of writing the "lk_512.bin" ?
Did you get some message indicating errors from running the two scripts above ?

I suggest people trying this method to save the output and include relevant parts in their posts.
This way I may be able to give extra instructions or help.

.:HWMOD:.
 

STrRedWolf

Member
May 29, 2016
11
0
0
Did the "handshake.py" script return the expected messages ?
Did the "write_mmc.py" script output the progress of writing the "lk_512.bin" ?
Did you get some message indicating errors from running the two scripts above ?

I suggest people trying this method to save the output and include relevant parts in their posts.
This way I may be able to give extra instructions or help.

.:HWMOD:.

Yep, yep, and nope. Here's the output.

Code:
sandra aftv2-tools # ./handshake.py 
Waiting for preloader...
Found port = /dev/ttyACM0
Handshake complete!
sandra aftv2-tools # ./write_mmc.py $((0x1460000)) ~tygris/dls/kindle/lk.bin 
Addr: 0x1460000
Addr: 0x1460200
Addr: 0x1460400
Addr: 0x1460600
Addr: 0x1460800
Addr: 0x1460a00
Addr: 0x1460c00
Addr: 0x1460e00
Addr: 0x1461000
Addr: 0x1461200
Addr: 0x1461400
Addr: 0x1461600
Addr: 0x1461800
Addr: 0x1461a00
Addr: 0x1461c00
Addr: 0x1461e00
Addr: 0x1462000
Addr: 0x1462200
Addr: 0x1462400
Addr: 0x1462600
Addr: 0x1462800
Addr: 0x1462a00
Addr: 0x1462c00
Addr: 0x1462e00
Addr: 0x1463000
Addr: 0x1463200
Addr: 0x1463400
Addr: 0x1463600
Addr: 0x1463800
Addr: 0x1463a00
Addr: 0x1463c00
Addr: 0x1463e00
Addr: 0x1464000
Addr: 0x1464200
Addr: 0x1464400
Addr: 0x1464600
Addr: 0x1464800
Addr: 0x1464a00
Addr: 0x1464c00
Addr: 0x1464e00
Addr: 0x1465000
Addr: 0x1465200
Addr: 0x1465400
Addr: 0x1465600
Addr: 0x1465800
Addr: 0x1465a00
Addr: 0x1465c00
Addr: 0x1465e00
Addr: 0x1466000
Addr: 0x1466200
Addr: 0x1466400
Addr: 0x1466600
Addr: 0x1466800
Addr: 0x1466a00
Addr: 0x1466c00
Addr: 0x1466e00
Addr: 0x1467000
Addr: 0x1467200
Addr: 0x1467400
Addr: 0x1467600
Addr: 0x1467800
Addr: 0x1467a00
Addr: 0x1467c00
Addr: 0x1467e00
Addr: 0x1468000
Addr: 0x1468200
Addr: 0x1468400
Addr: 0x1468600
Addr: 0x1468800
Addr: 0x1468a00
Addr: 0x1468c00
Addr: 0x1468e00
Addr: 0x1469000
Addr: 0x1469200
Addr: 0x1469400
Addr: 0x1469600
Addr: 0x1469800
Addr: 0x1469a00
Addr: 0x1469c00
Addr: 0x1469e00
Addr: 0x146a000
Addr: 0x146a200
Addr: 0x146a400
Addr: 0x146a600
Addr: 0x146a800
Addr: 0x146aa00
Addr: 0x146ac00
Addr: 0x146ae00
Addr: 0x146b000
Addr: 0x146b200
Addr: 0x146b400
Addr: 0x146b600
Addr: 0x146b800
Addr: 0x146ba00
Addr: 0x146bc00
Addr: 0x146be00
Addr: 0x146c000
Addr: 0x146c200
Addr: 0x146c400
Addr: 0x146c600
Addr: 0x146c800
Addr: 0x146ca00
Addr: 0x146cc00
Addr: 0x146ce00
Addr: 0x146d000
Addr: 0x146d200
Addr: 0x146d400
Addr: 0x146d600
Addr: 0x146d800
Addr: 0x146da00
Addr: 0x146dc00
Addr: 0x146de00
Addr: 0x146e000
Addr: 0x146e200
Addr: 0x146e400
Addr: 0x146e600
Addr: 0x146e800
Addr: 0x146ea00
Addr: 0x146ec00
Addr: 0x146ee00
Addr: 0x146f000
Addr: 0x146f200
Addr: 0x146f400
Addr: 0x146f600
Addr: 0x146f800
Addr: 0x146fa00
Addr: 0x146fc00
Addr: 0x146fe00
Addr: 0x1470000
Addr: 0x1470200
Addr: 0x1470400
Addr: 0x1470600
Addr: 0x1470800
Addr: 0x1470a00
Addr: 0x1470c00
Addr: 0x1470e00
Addr: 0x1471000
Addr: 0x1471200
Addr: 0x1471400
Addr: 0x1471600
Addr: 0x1471800
Addr: 0x1471a00
Addr: 0x1471c00
Addr: 0x1471e00
Addr: 0x1472000
Addr: 0x1472200
Addr: 0x1472400
Addr: 0x1472600
Addr: 0x1472800
Addr: 0x1472a00
Addr: 0x1472c00
Addr: 0x1472e00
Addr: 0x1473000
Addr: 0x1473200
Addr: 0x1473400
Addr: 0x1473600
Addr: 0x1473800
Addr: 0x1473a00
Addr: 0x1473c00
Addr: 0x1473e00
Addr: 0x1474000
Addr: 0x1474200
Addr: 0x1474400
Addr: 0x1474600
Addr: 0x1474800
Addr: 0x1474a00
Addr: 0x1474c00
Addr: 0x1474e00
Addr: 0x1475000
Addr: 0x1475200
Addr: 0x1475400
Addr: 0x1475600
Addr: 0x1475800
Addr: 0x1475a00
Addr: 0x1475c00
Addr: 0x1475e00
Addr: 0x1476000
Addr: 0x1476200
Addr: 0x1476400
Addr: 0x1476600
Addr: 0x1476800
Addr: 0x1476a00
Addr: 0x1476c00
Addr: 0x1476e00
Addr: 0x1477000
Addr: 0x1477200
Addr: 0x1477400
Addr: 0x1477600
Addr: 0x1477800
Addr: 0x1477a00
Addr: 0x1477c00
Addr: 0x1477e00
Addr: 0x1478000
Addr: 0x1478200
Addr: 0x1478400
Addr: 0x1478600
Addr: 0x1478800
Addr: 0x1478a00
Addr: 0x1478c00
Addr: 0x1478e00
Addr: 0x1479000
Addr: 0x1479200
Addr: 0x1479400
Addr: 0x1479600
Addr: 0x1479800
Addr: 0x1479a00
Addr: 0x1479c00
Addr: 0x1479e00
Addr: 0x147a000
Addr: 0x147a200
Addr: 0x147a400
Addr: 0x147a600
Addr: 0x147a800
Addr: 0x147aa00
Addr: 0x147ac00
Addr: 0x147ae00
Addr: 0x147b000
Addr: 0x147b200
Addr: 0x147b400
Addr: 0x147b600
Addr: 0x147b800
Addr: 0x147ba00
Addr: 0x147bc00
Addr: 0x147be00
Addr: 0x147c000
Addr: 0x147c200
Addr: 0x147c400
Addr: 0x147c600
Addr: 0x147c800
Addr: 0x147ca00
Addr: 0x147cc00
Addr: 0x147ce00
Addr: 0x147d000
Addr: 0x147d200
Addr: 0x147d400
Addr: 0x147d600
Addr: 0x147d800
Addr: 0x147da00
Addr: 0x147dc00
Addr: 0x147de00
Addr: 0x147e000
Addr: 0x147e200
Addr: 0x147e400
Addr: 0x147e600
Addr: 0x147e800
Addr: 0x147ea00
Addr: 0x147ec00
Addr: 0x147ee00
Addr: 0x147f000
Addr: 0x147f200
Addr: 0x147f400
Addr: 0x147f600
Addr: 0x147f800
Addr: 0x147fa00
Addr: 0x147fc00
Addr: 0x147fe00
Addr: 0x1480000
Addr: 0x1480200
Addr: 0x1480400
Addr: 0x1480600
Addr: 0x1480800
Addr: 0x1480a00
Addr: 0x1480c00
Addr: 0x1480e00
Addr: 0x1481000
Addr: 0x1481200
Addr: 0x1481400
Addr: 0x1481600
Addr: 0x1481800
Addr: 0x1481a00
Addr: 0x1481c00
Addr: 0x1481e00
Addr: 0x1482000
Addr: 0x1482200
Addr: 0x1482400
Addr: 0x1482600
Addr: 0x1482800
Addr: 0x1482a00
Addr: 0x1482c00
Addr: 0x1482e00
Addr: 0x1483000
Addr: 0x1483200
Addr: 0x1483400
Addr: 0x1483600
Addr: 0x1483800
Addr: 0x1483a00
Addr: 0x1483c00
Addr: 0x1483e00
Addr: 0x1484000
Addr: 0x1484200
Addr: 0x1484400
Addr: 0x1484600
Addr: 0x1484800
Addr: 0x1484a00
Addr: 0x1484c00
Addr: 0x1484e00
Addr: 0x1485000
Addr: 0x1485200
Addr: 0x1485400
Addr: 0x1485600
Addr: 0x1485800
Addr: 0x1485a00
Addr: 0x1485c00
Addr: 0x1485e00
Addr: 0x1486000
Addr: 0x1486200
Addr: 0x1486400
Addr: 0x1486600
Addr: 0x1486800
Addr: 0x1486a00
Addr: 0x1486c00
Addr: 0x1486e00
Addr: 0x1487000
Addr: 0x1487200
Addr: 0x1487400
Addr: 0x1487600
Addr: 0x1487800
Addr: 0x1487a00
Addr: 0x1487c00
Addr: 0x1487e00
Addr: 0x1488000
Addr: 0x1488200
Addr: 0x1488400
Addr: 0x1488600
Addr: 0x1488800
Addr: 0x1488a00
Addr: 0x1488c00
Addr: 0x1488e00
Addr: 0x1489000
Addr: 0x1489200
Addr: 0x1489400
Addr: 0x1489600
Addr: 0x1489800
Addr: 0x1489a00
Addr: 0x1489c00
Addr: 0x1489e00
Addr: 0x148a000
Addr: 0x148a200
Addr: 0x148a400
Addr: 0x148a600
Addr: 0x148a800
Addr: 0x148aa00
Addr: 0x148ac00
Addr: 0x148ae00
Addr: 0x148b000
Addr: 0x148b200
Addr: 0x148b400
Addr: 0x148b600
Addr: 0x148b800
Addr: 0x148ba00
Addr: 0x148bc00
Addr: 0x148be00
Addr: 0x148c000
Addr: 0x148c200
Addr: 0x148c400
Addr: 0x148c600
Addr: 0x148c800
Addr: 0x148ca00
Addr: 0x148cc00
Addr: 0x148ce00
Addr: 0x148d000
Addr: 0x148d200
Addr: 0x148d400
Addr: 0x148d600
Addr: 0x148d800
Addr: 0x148da00
Addr: 0x148dc00
Addr: 0x148de00
Addr: 0x148e000
Addr: 0x148e200
Addr: 0x148e400
Addr: 0x148e600
Addr: 0x148e800
Addr: 0x148ea00
Addr: 0x148ec00
Addr: 0x148ee00
Addr: 0x148f000
Addr: 0x148f200
Addr: 0x148f400
Addr: 0x148f600
Addr: 0x148f800
Addr: 0x148fa00
Addr: 0x148fc00
Addr: 0x148fe00
Addr: 0x1490000
Addr: 0x1490200
Addr: 0x1490400
Addr: 0x1490600
Addr: 0x1490800
Addr: 0x1490a00
Addr: 0x1490c00
Addr: 0x1490e00
Addr: 0x1491000
Addr: 0x1491200
Addr: 0x1491400
Addr: 0x1491600
Addr: 0x1491800
Addr: 0x1491a00
Addr: 0x1491c00
Addr: 0x1491e00
Addr: 0x1492000
Addr: 0x1492200
Addr: 0x1492400
Addr: 0x1492600
Addr: 0x1492800
Addr: 0x1492a00
Addr: 0x1492c00
Addr: 0x1492e00
Addr: 0x1493000
Addr: 0x1493200
Addr: 0x1493400
Addr: 0x1493600
Addr: 0x1493800
Addr: 0x1493a00
Addr: 0x1493c00
Addr: 0x1493e00
Addr: 0x1494000
Addr: 0x1494200
Addr: 0x1494400
Addr: 0x1494600
Addr: 0x1494800
Addr: 0x1494a00
Addr: 0x1494c00
Addr: 0x1494e00
Addr: 0x1495000
Addr: 0x1495200
Addr: 0x1495400
Addr: 0x1495600
Addr: 0x1495800
Addr: 0x1495a00
Addr: 0x1495c00
Addr: 0x1495e00
Addr: 0x1496000
Addr: 0x1496200
Addr: 0x1496400
Addr: 0x1496600
Addr: 0x1496800
Addr: 0x1496a00
Addr: 0x1496c00
Addr: 0x1496e00
Addr: 0x1497000
Addr: 0x1497200
Addr: 0x1497400
Addr: 0x1497600
Addr: 0x1497800
Addr: 0x1497a00
Addr: 0x1497c00
Addr: 0x1497e00
Addr: 0x1498000
Addr: 0x1498200
Addr: 0x1498400
Addr: 0x1498600
Addr: 0x1498800
Addr: 0x1498a00
Addr: 0x1498c00
Addr: 0x1498e00
Addr: 0x1499000
Addr: 0x1499200
Addr: 0x1499400
Addr: 0x1499600
Addr: 0x1499800
Addr: 0x1499a00
Addr: 0x1499c00
Addr: 0x1499e00
Addr: 0x149a000
Addr: 0x149a200
Addr: 0x149a400
Addr: 0x149a600
Addr: 0x149a800
Addr: 0x149aa00
Addr: 0x149ac00
Addr: 0x149ae00
Addr: 0x149b000
Addr: 0x149b200
Addr: 0x149b400
Addr: 0x149b600
Addr: 0x149b800
Addr: 0x149ba00
Addr: 0x149bc00
Addr: 0x149be00
Addr: 0x149c000
Addr: 0x149c200
Addr: 0x149c400
Addr: 0x149c600
Addr: 0x149c800
Addr: 0x149ca00
Addr: 0x149cc00
Addr: 0x149ce00
Addr: 0x149d000
Addr: 0x149d200
Addr: 0x149d400
Addr: 0x149d600
Addr: 0x149d800
Addr: 0x149da00
Addr: 0x149dc00
Addr: 0x149de00
Addr: 0x149e000
Addr: 0x149e200
Addr: 0x149e400
Addr: 0x149e600
Addr: 0x149e800
Addr: 0x149ea00
Addr: 0x149ec00
Addr: 0x149ee00
Addr: 0x149f000
Addr: 0x149f200
Addr: 0x149f400
Addr: 0x149f600
Addr: 0x149f800
Addr: 0x149fa00
Addr: 0x149fc00
Addr: 0x149fe00
Addr: 0x14a0000
Addr: 0x14a0200
Addr: 0x14a0400
Addr: 0x14a0600
Addr: 0x14a0800
Addr: 0x14a0a00
Addr: 0x14a0c00
Addr: 0x14a0e00
Addr: 0x14a1000
Addr: 0x14a1200
Addr: 0x14a1400
Addr: 0x14a1600
Addr: 0x14a1800
Addr: 0x14a1a00
Addr: 0x14a1c00
Addr: 0x14a1e00
Addr: 0x14a2000
Addr: 0x14a2200
Addr: 0x14a2400
Addr: 0x14a2600
Addr: 0x14a2800
Addr: 0x14a2a00
Addr: 0x14a2c00
Addr: 0x14a2e00
Addr: 0x14a3000
Addr: 0x14a3200
Addr: 0x14a3400
Addr: 0x14a3600
Addr: 0x14a3800
Addr: 0x14a3a00
Addr: 0x14a3c00
Addr: 0x14a3e00
Addr: 0x14a4000
Addr: 0x14a4200
Addr: 0x14a4400
Addr: 0x14a4600
Addr: 0x14a4800
Addr: 0x14a4a00
Addr: 0x14a4c00
Addr: 0x14a4e00
Addr: 0x14a5000
Addr: 0x14a5200
Addr: 0x14a5400
Addr: 0x14a5600
Addr: 0x14a5800
Addr: 0x14a5a00
Addr: 0x14a5c00
Addr: 0x14a5e00
Addr: 0x14a6000
Addr: 0x14a6200
Addr: 0x14a6400
Addr: 0x14a6600
Addr: 0x14a6800
Addr: 0x14a6a00
Addr: 0x14a6c00
Addr: 0x14a6e00
Addr: 0x14a7000
Addr: 0x14a7200
Addr: 0x14a7400
Addr: 0x14a7600
Addr: 0x14a7800
Addr: 0x14a7a00
Addr: 0x14a7c00
Addr: 0x14a7e00
Addr: 0x14a8000
Addr: 0x14a8200
Addr: 0x14a8400
Addr: 0x14a8600
Addr: 0x14a8800
Addr: 0x14a8a00
Addr: 0x14a8c00
Addr: 0x14a8e00
Addr: 0x14a9000
Addr: 0x14a9200
Addr: 0x14a9400
Addr: 0x14a9600
Addr: 0x14a9800
Addr: 0x14a9a00
Addr: 0x14a9c00
Addr: 0x14a9e00
Addr: 0x14aa000
Addr: 0x14aa200
Addr: 0x14aa400
Addr: 0x14aa600
Addr: 0x14aa800
Addr: 0x14aaa00
Addr: 0x14aac00
Addr: 0x14aae00
Addr: 0x14ab000
Addr: 0x14ab200
Addr: 0x14ab400
Addr: 0x14ab600
Addr: 0x14ab800
Addr: 0x14aba00
Addr: 0x14abc00
Addr: 0x14abe00
Addr: 0x14ac000
Addr: 0x14ac200
Addr: 0x14ac400
Addr: 0x14ac600
Addr: 0x14ac800
Addr: 0x14aca00
Addr: 0x14acc00
Addr: 0x14ace00
Addr: 0x14ad000
Addr: 0x14ad200
Addr: 0x14ad400
Addr: 0x14ad600
Addr: 0x14ad800
Addr: 0x14ada00
Addr: 0x14adc00
Addr: 0x14ade00
Addr: 0x14ae000
Addr: 0x14ae200
Addr: 0x14ae400
Addr: 0x14ae600
Addr: 0x14ae800
Addr: 0x14aea00
Addr: 0x14aec00
Addr: 0x14aee00
Addr: 0x14af000
Addr: 0x14af200
Addr: 0x14af400
Addr: 0x14af600
Addr: 0x14af800
Addr: 0x14afa00
Addr: 0x14afc00
Addr: 0x14afe00
Addr: 0x14b0000
Addr: 0x14b0200
Addr: 0x14b0400
Addr: 0x14b0600
Addr: 0x14b0800
Addr: 0x14b0a00
Addr: 0x14b0c00
Addr: 0x14b0e00
Addr: 0x14b1000
Addr: 0x14b1200
Addr: 0x14b1400
Addr: 0x14b1600
Addr: 0x14b1800
Addr: 0x14b1a00
Addr: 0x14b1c00
Addr: 0x14b1e00
Addr: 0x14b2000
Addr: 0x14b2200
Addr: 0x14b2400
Addr: 0x14b2600
Addr: 0x14b2800
Addr: 0x14b2a00
Addr: 0x14b2c00
Addr: 0x14b2e00
Addr: 0x14b3000
Addr: 0x14b3200
Addr: 0x14b3400
Addr: 0x14b3600
Addr: 0x14b3800
Addr: 0x14b3a00
Addr: 0x14b3c00
Addr: 0x14b3e00
Addr: 0x14b4000
Addr: 0x14b4200
Addr: 0x14b4400
Addr: 0x14b4600
Addr: 0x14b4800
Addr: 0x14b4a00
Addr: 0x14b4c00
Addr: 0x14b4e00
Addr: 0x14b5000
Addr: 0x14b5200
Addr: 0x14b5400
Addr: 0x14b5600
Addr: 0x14b5800
Addr: 0x14b5a00
Addr: 0x14b5c00
Addr: 0x14b5e00
Addr: 0x14b6000
Addr: 0x14b6200
Addr: 0x14b6400
Addr: 0x14b6600
Addr: 0x14b6800
Addr: 0x14b6a00
Addr: 0x14b6c00
Addr: 0x14b6e00
Addr: 0x14b7000
Addr: 0x14b7200
Addr: 0x14b7400
Addr: 0x14b7600
Addr: 0x14b7800
Addr: 0x14b7a00
Addr: 0x14b7c00
Addr: 0x14b7e00
Addr: 0x14b8000
Addr: 0x14b8200
Addr: 0x14b8400
Addr: 0x14b8600
Addr: 0x14b8800
Addr: 0x14b8a00
Addr: 0x14b8c00
Addr: 0x14b8e00
Addr: 0x14b9000
Addr: 0x14b9200
Addr: 0x14b9400
Addr: 0x14b9600
Addr: 0x14b9800
Addr: 0x14b9a00
Addr: 0x14b9c00
Addr: 0x14b9e00
Addr: 0x14ba000
Addr: 0x14ba200
Addr: 0x14ba400
Addr: 0x14ba600
Addr: 0x14ba800
Addr: 0x14baa00
Addr: 0x14bac00
Addr: 0x14bae00
Addr: 0x14bb000
Addr: 0x14bb200
Addr: 0x14bb400
Addr: 0x14bb600
Addr: 0x14bb800
Addr: 0x14bba00
Addr: 0x14bbc00
Addr: 0x14bbe00
Addr: 0x14bc000
Addr: 0x14bc200
Addr: 0x14bc400
Addr: 0x14bc600
Addr: 0x14bc800
Addr: 0x14bca00
Addr: 0x14bcc00
Addr: 0x14bce00
Addr: 0x14bd000
Addr: 0x14bd200
Addr: 0x14bd400
Addr: 0x14bd600
Addr: 0x14bd800
Addr: 0x14bda00
Addr: 0x14bdc00
Addr: 0x14bde00
Addr: 0x14be000
Addr: 0x14be200
Addr: 0x14be400
Addr: 0x14be600
Addr: 0x14be800
Addr: 0x14bea00
Addr: 0x14bec00
Addr: 0x14bee00
Addr: 0x14bf000
Addr: 0x14bf200
Addr: 0x14bf400
Addr: 0x14bf600
Addr: 0x14bf800
Addr: 0x14bfa00
Addr: 0x14bfc00
Addr: 0x14bfe00
Addr: 0x14c0000
Addr: 0x14c0200
Addr: 0x14c0400
Addr: 0x14c0600
Addr: 0x14c0800
Addr: 0x14c0a00
Addr: 0x14c0c00
Addr: 0x14c0e00
Addr: 0x14c1000
Addr: 0x14c1200
Addr: 0x14c1400
Addr: 0x14c1600
Addr: 0x14c1800
Addr: 0x14c1a00
Addr: 0x14c1c00
Addr: 0x14c1e00
Addr: 0x14c2000
Addr: 0x14c2200
Addr: 0x14c2400
Addr: 0x14c2600
Addr: 0x14c2800
Addr: 0x14c2a00
Addr: 0x14c2c00
Addr: 0x14c2e00
Addr: 0x14c3000
Addr: 0x14c3200
Addr: 0x14c3400
sandra aftv2-tools # ./read32.py 0 1
1: 0xd1
4: 0x00 0x00 0x00 0x00
4: 0x00 0x00 0x00 0x01
Traceback (most recent call last):
  File "/usr/lib64/python3.4/site-packages/serial/serialposix.py", line 475, in read
    raise SerialException('device reports readiness to read but returned no data (device disconnected or multiple access on port?)')
serial.serialutil.SerialException: device reports readiness to read but returned no data (device disconnected or multiple access on port?)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "./read32.py", line 69, in <module>
    ret = read32(addr, size)
  File "./read32.py", line 45, in read32
    print_hex_byte(dev.read(2)) # status
  File "/usr/lib64/python3.4/site-packages/serial/serialposix.py", line 480, in read
    if e[0] != errno.EAGAIN:
TypeError: 'SerialException' object does not support indexing
sandra aftv2-tools #
 

hwmod

Senior Member
Dec 12, 2011
309
276
0
Verona
Yep, yep, and nope. Here's the output.

Code:
sandra aftv2-tools # ./handshake.py 
Waiting for preloader...
Found port = /dev/ttyACM0
Handshake complete!
sandra aftv2-tools # ./write_mmc.py $((0x1460000)) ~tygris/dls/kindle/lk.bin 
Addr: 0x1460000
Addr: 0x1460200
Addr: 0x1460400
Addr: 0x1460600
Addr: 0x1460800
Addr: 0x1460a00
Addr: 0x1460c00
Addr: 0x1460e00
Addr: 0x1461000
Addr: 0x1461200
Addr: 0x1461400
Addr: 0x1461600
Addr: 0x1461800
Addr: 0x1461a00
Addr: 0x1461c00
Addr: 0x1461e00
Addr: 0x1462000
Addr: 0x1462200
Addr: 0x1462400
Addr: 0x1462600
Addr: 0x1462800
Addr: 0x1462a00
Addr: 0x1462c00
Addr: 0x1462e00
Addr: 0x1463000
Addr: 0x1463200
Addr: 0x1463400
Addr: 0x1463600
Addr: 0x1463800
Addr: 0x1463a00
Addr: 0x1463c00
Addr: 0x1463e00
Addr: 0x1464000
Addr: 0x1464200
Addr: 0x1464400
Addr: 0x1464600
Addr: 0x1464800
Addr: 0x1464a00
Addr: 0x1464c00
Addr: 0x1464e00
Addr: 0x1465000
Addr: 0x1465200
Addr: 0x1465400
Addr: 0x1465600
Addr: 0x1465800
Addr: 0x1465a00
Addr: 0x1465c00
Addr: 0x1465e00
Addr: 0x1466000
Addr: 0x1466200
Addr: 0x1466400
Addr: 0x1466600
Addr: 0x1466800
Addr: 0x1466a00
Addr: 0x1466c00
Addr: 0x1466e00
Addr: 0x1467000
Addr: 0x1467200
Addr: 0x1467400
Addr: 0x1467600
Addr: 0x1467800
Addr: 0x1467a00
Addr: 0x1467c00
Addr: 0x1467e00
Addr: 0x1468000
Addr: 0x1468200
Addr: 0x1468400
Addr: 0x1468600
Addr: 0x1468800
Addr: 0x1468a00
Addr: 0x1468c00
Addr: 0x1468e00
Addr: 0x1469000
Addr: 0x1469200
Addr: 0x1469400
Addr: 0x1469600
Addr: 0x1469800
Addr: 0x1469a00
Addr: 0x1469c00
Addr: 0x1469e00
Addr: 0x146a000
Addr: 0x146a200
Addr: 0x146a400
Addr: 0x146a600
Addr: 0x146a800
Addr: 0x146aa00
Addr: 0x146ac00
Addr: 0x146ae00
Addr: 0x146b000
Addr: 0x146b200
Addr: 0x146b400
Addr: 0x146b600
Addr: 0x146b800
Addr: 0x146ba00
Addr: 0x146bc00
Addr: 0x146be00
Addr: 0x146c000
Addr: 0x146c200
Addr: 0x146c400
Addr: 0x146c600
Addr: 0x146c800
Addr: 0x146ca00
Addr: 0x146cc00
Addr: 0x146ce00
Addr: 0x146d000
Addr: 0x146d200
Addr: 0x146d400
Addr: 0x146d600
Addr: 0x146d800
Addr: 0x146da00
Addr: 0x146dc00
Addr: 0x146de00
Addr: 0x146e000
Addr: 0x146e200
Addr: 0x146e400
Addr: 0x146e600
Addr: 0x146e800
Addr: 0x146ea00
Addr: 0x146ec00
Addr: 0x146ee00
Addr: 0x146f000
Addr: 0x146f200
Addr: 0x146f400
Addr: 0x146f600
Addr: 0x146f800
Addr: 0x146fa00
Addr: 0x146fc00
Addr: 0x146fe00
Addr: 0x1470000
Addr: 0x1470200
Addr: 0x1470400
Addr: 0x1470600
Addr: 0x1470800
Addr: 0x1470a00
Addr: 0x1470c00
Addr: 0x1470e00
Addr: 0x1471000
Addr: 0x1471200
Addr: 0x1471400
Addr: 0x1471600
Addr: 0x1471800
Addr: 0x1471a00
Addr: 0x1471c00
Addr: 0x1471e00
Addr: 0x1472000
Addr: 0x1472200
Addr: 0x1472400
Addr: 0x1472600
Addr: 0x1472800
Addr: 0x1472a00
Addr: 0x1472c00
Addr: 0x1472e00
Addr: 0x1473000
Addr: 0x1473200
Addr: 0x1473400
Addr: 0x1473600
Addr: 0x1473800
Addr: 0x1473a00
Addr: 0x1473c00
Addr: 0x1473e00
Addr: 0x1474000
Addr: 0x1474200
Addr: 0x1474400
Addr: 0x1474600
Addr: 0x1474800
Addr: 0x1474a00
Addr: 0x1474c00
Addr: 0x1474e00
Addr: 0x1475000
Addr: 0x1475200
Addr: 0x1475400
Addr: 0x1475600
Addr: 0x1475800
Addr: 0x1475a00
Addr: 0x1475c00
Addr: 0x1475e00
Addr: 0x1476000
Addr: 0x1476200
Addr: 0x1476400
Addr: 0x1476600
Addr: 0x1476800
Addr: 0x1476a00
Addr: 0x1476c00
Addr: 0x1476e00
Addr: 0x1477000
Addr: 0x1477200
Addr: 0x1477400
Addr: 0x1477600
Addr: 0x1477800
Addr: 0x1477a00
Addr: 0x1477c00
Addr: 0x1477e00
Addr: 0x1478000
Addr: 0x1478200
Addr: 0x1478400
Addr: 0x1478600
Addr: 0x1478800
Addr: 0x1478a00
Addr: 0x1478c00
Addr: 0x1478e00
Addr: 0x1479000
Addr: 0x1479200
Addr: 0x1479400
Addr: 0x1479600
Addr: 0x1479800
Addr: 0x1479a00
Addr: 0x1479c00
Addr: 0x1479e00
Addr: 0x147a000
Addr: 0x147a200
Addr: 0x147a400
Addr: 0x147a600
Addr: 0x147a800
Addr: 0x147aa00
Addr: 0x147ac00
Addr: 0x147ae00
Addr: 0x147b000
Addr: 0x147b200
Addr: 0x147b400
Addr: 0x147b600
Addr: 0x147b800
Addr: 0x147ba00
Addr: 0x147bc00
Addr: 0x147be00
Addr: 0x147c000
Addr: 0x147c200
Addr: 0x147c400
Addr: 0x147c600
Addr: 0x147c800
Addr: 0x147ca00
Addr: 0x147cc00
Addr: 0x147ce00
Addr: 0x147d000
Addr: 0x147d200
Addr: 0x147d400
Addr: 0x147d600
Addr: 0x147d800
Addr: 0x147da00
Addr: 0x147dc00
Addr: 0x147de00
Addr: 0x147e000
Addr: 0x147e200
Addr: 0x147e400
Addr: 0x147e600
Addr: 0x147e800
Addr: 0x147ea00
Addr: 0x147ec00
Addr: 0x147ee00
Addr: 0x147f000
Addr: 0x147f200
Addr: 0x147f400
Addr: 0x147f600
Addr: 0x147f800
Addr: 0x147fa00
Addr: 0x147fc00
Addr: 0x147fe00
Addr: 0x1480000
Addr: 0x1480200
Addr: 0x1480400
Addr: 0x1480600
Addr: 0x1480800
Addr: 0x1480a00
Addr: 0x1480c00
Addr: 0x1480e00
Addr: 0x1481000
Addr: 0x1481200
Addr: 0x1481400
Addr: 0x1481600
Addr: 0x1481800
Addr: 0x1481a00
Addr: 0x1481c00
Addr: 0x1481e00
Addr: 0x1482000
Addr: 0x1482200
Addr: 0x1482400
Addr: 0x1482600
Addr: 0x1482800
Addr: 0x1482a00
Addr: 0x1482c00
Addr: 0x1482e00
Addr: 0x1483000
Addr: 0x1483200
Addr: 0x1483400
Addr: 0x1483600
Addr: 0x1483800
Addr: 0x1483a00
Addr: 0x1483c00
Addr: 0x1483e00
Addr: 0x1484000
Addr: 0x1484200
Addr: 0x1484400
Addr: 0x1484600
Addr: 0x1484800
Addr: 0x1484a00
Addr: 0x1484c00
Addr: 0x1484e00
Addr: 0x1485000
Addr: 0x1485200
Addr: 0x1485400
Addr: 0x1485600
Addr: 0x1485800
Addr: 0x1485a00
Addr: 0x1485c00
Addr: 0x1485e00
Addr: 0x1486000
Addr: 0x1486200
Addr: 0x1486400
Addr: 0x1486600
Addr: 0x1486800
Addr: 0x1486a00
Addr: 0x1486c00
Addr: 0x1486e00
Addr: 0x1487000
Addr: 0x1487200
Addr: 0x1487400
Addr: 0x1487600
Addr: 0x1487800
Addr: 0x1487a00
Addr: 0x1487c00
Addr: 0x1487e00
Addr: 0x1488000
Addr: 0x1488200
Addr: 0x1488400
Addr: 0x1488600
Addr: 0x1488800
Addr: 0x1488a00
Addr: 0x1488c00
Addr: 0x1488e00
Addr: 0x1489000
Addr: 0x1489200
Addr: 0x1489400
Addr: 0x1489600
Addr: 0x1489800
Addr: 0x1489a00
Addr: 0x1489c00
Addr: 0x1489e00
Addr: 0x148a000
Addr: 0x148a200
Addr: 0x148a400
Addr: 0x148a600
Addr: 0x148a800
Addr: 0x148aa00
Addr: 0x148ac00
Addr: 0x148ae00
Addr: 0x148b000
Addr: 0x148b200
Addr: 0x148b400
Addr: 0x148b600
Addr: 0x148b800
Addr: 0x148ba00
Addr: 0x148bc00
Addr: 0x148be00
Addr: 0x148c000
Addr: 0x148c200
Addr: 0x148c400
Addr: 0x148c600
Addr: 0x148c800
Addr: 0x148ca00
Addr: 0x148cc00
Addr: 0x148ce00
Addr: 0x148d000
Addr: 0x148d200
Addr: 0x148d400
Addr: 0x148d600
Addr: 0x148d800
Addr: 0x148da00
Addr: 0x148dc00
Addr: 0x148de00
Addr: 0x148e000
Addr: 0x148e200
Addr: 0x148e400
Addr: 0x148e600
Addr: 0x148e800
Addr: 0x148ea00
Addr: 0x148ec00
Addr: 0x148ee00
Addr: 0x148f000
Addr: 0x148f200
Addr: 0x148f400
Addr: 0x148f600
Addr: 0x148f800
Addr: 0x148fa00
Addr: 0x148fc00
Addr: 0x148fe00
Addr: 0x1490000
Addr: 0x1490200
Addr: 0x1490400
Addr: 0x1490600
Addr: 0x1490800
Addr: 0x1490a00
Addr: 0x1490c00
Addr: 0x1490e00
Addr: 0x1491000
Addr: 0x1491200
Addr: 0x1491400
Addr: 0x1491600
Addr: 0x1491800
Addr: 0x1491a00
Addr: 0x1491c00
Addr: 0x1491e00
Addr: 0x1492000
Addr: 0x1492200
Addr: 0x1492400
Addr: 0x1492600
Addr: 0x1492800
Addr: 0x1492a00
Addr: 0x1492c00
Addr: 0x1492e00
Addr: 0x1493000
Addr: 0x1493200
Addr: 0x1493400
Addr: 0x1493600
Addr: 0x1493800
Addr: 0x1493a00
Addr: 0x1493c00
Addr: 0x1493e00
Addr: 0x1494000
Addr: 0x1494200
Addr: 0x1494400
Addr: 0x1494600
Addr: 0x1494800
Addr: 0x1494a00
Addr: 0x1494c00
Addr: 0x1494e00
Addr: 0x1495000
Addr: 0x1495200
Addr: 0x1495400
Addr: 0x1495600
Addr: 0x1495800
Addr: 0x1495a00
Addr: 0x1495c00
Addr: 0x1495e00
Addr: 0x1496000
Addr: 0x1496200
Addr: 0x1496400
Addr: 0x1496600
Addr: 0x1496800
Addr: 0x1496a00
Addr: 0x1496c00
Addr: 0x1496e00
Addr: 0x1497000
Addr: 0x1497200
Addr: 0x1497400
Addr: 0x1497600
Addr: 0x1497800
Addr: 0x1497a00
Addr: 0x1497c00
Addr: 0x1497e00
Addr: 0x1498000
Addr: 0x1498200
Addr: 0x1498400
Addr: 0x1498600
Addr: 0x1498800
Addr: 0x1498a00
Addr: 0x1498c00
Addr: 0x1498e00
Addr: 0x1499000
Addr: 0x1499200
Addr: 0x1499400
Addr: 0x1499600
Addr: 0x1499800
Addr: 0x1499a00
Addr: 0x1499c00
Addr: 0x1499e00
Addr: 0x149a000
Addr: 0x149a200
Addr: 0x149a400
Addr: 0x149a600
Addr: 0x149a800
Addr: 0x149aa00
Addr: 0x149ac00
Addr: 0x149ae00
Addr: 0x149b000
Addr: 0x149b200
Addr: 0x149b400
Addr: 0x149b600
Addr: 0x149b800
Addr: 0x149ba00
Addr: 0x149bc00
Addr: 0x149be00
Addr: 0x149c000
Addr: 0x149c200
Addr: 0x149c400
Addr: 0x149c600
Addr: 0x149c800
Addr: 0x149ca00
Addr: 0x149cc00
Addr: 0x149ce00
Addr: 0x149d000
Addr: 0x149d200
Addr: 0x149d400
Addr: 0x149d600
Addr: 0x149d800
Addr: 0x149da00
Addr: 0x149dc00
Addr: 0x149de00
Addr: 0x149e000
Addr: 0x149e200
Addr: 0x149e400
Addr: 0x149e600
Addr: 0x149e800
Addr: 0x149ea00
Addr: 0x149ec00
Addr: 0x149ee00
Addr: 0x149f000
Addr: 0x149f200
Addr: 0x149f400
Addr: 0x149f600
Addr: 0x149f800
Addr: 0x149fa00
Addr: 0x149fc00
Addr: 0x149fe00
Addr: 0x14a0000
Addr: 0x14a0200
Addr: 0x14a0400
Addr: 0x14a0600
Addr: 0x14a0800
Addr: 0x14a0a00
Addr: 0x14a0c00
Addr: 0x14a0e00
Addr: 0x14a1000
Addr: 0x14a1200
Addr: 0x14a1400
Addr: 0x14a1600
Addr: 0x14a1800
Addr: 0x14a1a00
Addr: 0x14a1c00
Addr: 0x14a1e00
Addr: 0x14a2000
Addr: 0x14a2200
Addr: 0x14a2400
Addr: 0x14a2600
Addr: 0x14a2800
Addr: 0x14a2a00
Addr: 0x14a2c00
Addr: 0x14a2e00
Addr: 0x14a3000
Addr: 0x14a3200
Addr: 0x14a3400
Addr: 0x14a3600
Addr: 0x14a3800
Addr: 0x14a3a00
Addr: 0x14a3c00
Addr: 0x14a3e00
Addr: 0x14a4000
Addr: 0x14a4200
Addr: 0x14a4400
Addr: 0x14a4600
Addr: 0x14a4800
Addr: 0x14a4a00
Addr: 0x14a4c00
Addr: 0x14a4e00
Addr: 0x14a5000
Addr: 0x14a5200
Addr: 0x14a5400
Addr: 0x14a5600
Addr: 0x14a5800
Addr: 0x14a5a00
Addr: 0x14a5c00
Addr: 0x14a5e00
Addr: 0x14a6000
Addr: 0x14a6200
Addr: 0x14a6400
Addr: 0x14a6600
Addr: 0x14a6800
Addr: 0x14a6a00
Addr: 0x14a6c00
Addr: 0x14a6e00
Addr: 0x14a7000
Addr: 0x14a7200
Addr: 0x14a7400
Addr: 0x14a7600
Addr: 0x14a7800
Addr: 0x14a7a00
Addr: 0x14a7c00
Addr: 0x14a7e00
Addr: 0x14a8000
Addr: 0x14a8200
Addr: 0x14a8400
Addr: 0x14a8600
Addr: 0x14a8800
Addr: 0x14a8a00
Addr: 0x14a8c00
Addr: 0x14a8e00
Addr: 0x14a9000
Addr: 0x14a9200
Addr: 0x14a9400
Addr: 0x14a9600
Addr: 0x14a9800
Addr: 0x14a9a00
Addr: 0x14a9c00
Addr: 0x14a9e00
Addr: 0x14aa000
Addr: 0x14aa200
Addr: 0x14aa400
Addr: 0x14aa600
Addr: 0x14aa800
Addr: 0x14aaa00
Addr: 0x14aac00
Addr: 0x14aae00
Addr: 0x14ab000
Addr: 0x14ab200
Addr: 0x14ab400
Addr: 0x14ab600
Addr: 0x14ab800
Addr: 0x14aba00
Addr: 0x14abc00
Addr: 0x14abe00
Addr: 0x14ac000
Addr: 0x14ac200
Addr: 0x14ac400
Addr: 0x14ac600
Addr: 0x14ac800
Addr: 0x14aca00
Addr: 0x14acc00
Addr: 0x14ace00
Addr: 0x14ad000
Addr: 0x14ad200
Addr: 0x14ad400
Addr: 0x14ad600
Addr: 0x14ad800
Addr: 0x14ada00
Addr: 0x14adc00
Addr: 0x14ade00
Addr: 0x14ae000
Addr: 0x14ae200
Addr: 0x14ae400
Addr: 0x14ae600
Addr: 0x14ae800
Addr: 0x14aea00
Addr: 0x14aec00
Addr: 0x14aee00
Addr: 0x14af000
Addr: 0x14af200
Addr: 0x14af400
Addr: 0x14af600
Addr: 0x14af800
Addr: 0x14afa00
Addr: 0x14afc00
Addr: 0x14afe00
Addr: 0x14b0000
Addr: 0x14b0200
Addr: 0x14b0400
Addr: 0x14b0600
Addr: 0x14b0800
Addr: 0x14b0a00
Addr: 0x14b0c00
Addr: 0x14b0e00
Addr: 0x14b1000
Addr: 0x14b1200
Addr: 0x14b1400
Addr: 0x14b1600
Addr: 0x14b1800
Addr: 0x14b1a00
Addr: 0x14b1c00
Addr: 0x14b1e00
Addr: 0x14b2000
Addr: 0x14b2200
Addr: 0x14b2400
Addr: 0x14b2600
Addr: 0x14b2800
Addr: 0x14b2a00
Addr: 0x14b2c00
Addr: 0x14b2e00
Addr: 0x14b3000
Addr: 0x14b3200
Addr: 0x14b3400
Addr: 0x14b3600
Addr: 0x14b3800
Addr: 0x14b3a00
Addr: 0x14b3c00
Addr: 0x14b3e00
Addr: 0x14b4000
Addr: 0x14b4200
Addr: 0x14b4400
Addr: 0x14b4600
Addr: 0x14b4800
Addr: 0x14b4a00
Addr: 0x14b4c00
Addr: 0x14b4e00
Addr: 0x14b5000
Addr: 0x14b5200
Addr: 0x14b5400
Addr: 0x14b5600
Addr: 0x14b5800
Addr: 0x14b5a00
Addr: 0x14b5c00
Addr: 0x14b5e00
Addr: 0x14b6000
Addr: 0x14b6200
Addr: 0x14b6400
Addr: 0x14b6600
Addr: 0x14b6800
Addr: 0x14b6a00
Addr: 0x14b6c00
Addr: 0x14b6e00
Addr: 0x14b7000
Addr: 0x14b7200
Addr: 0x14b7400
Addr: 0x14b7600
Addr: 0x14b7800
Addr: 0x14b7a00
Addr: 0x14b7c00
Addr: 0x14b7e00
Addr: 0x14b8000
Addr: 0x14b8200
Addr: 0x14b8400
Addr: 0x14b8600
Addr: 0x14b8800
Addr: 0x14b8a00
Addr: 0x14b8c00
Addr: 0x14b8e00
Addr: 0x14b9000
Addr: 0x14b9200
Addr: 0x14b9400
Addr: 0x14b9600
Addr: 0x14b9800
Addr: 0x14b9a00
Addr: 0x14b9c00
Addr: 0x14b9e00
Addr: 0x14ba000
Addr: 0x14ba200
Addr: 0x14ba400
Addr: 0x14ba600
Addr: 0x14ba800
Addr: 0x14baa00
Addr: 0x14bac00
Addr: 0x14bae00
Addr: 0x14bb000
Addr: 0x14bb200
Addr: 0x14bb400
Addr: 0x14bb600
Addr: 0x14bb800
Addr: 0x14bba00
Addr: 0x14bbc00
Addr: 0x14bbe00
Addr: 0x14bc000
Addr: 0x14bc200
Addr: 0x14bc400
Addr: 0x14bc600
Addr: 0x14bc800
Addr: 0x14bca00
Addr: 0x14bcc00
Addr: 0x14bce00
Addr: 0x14bd000
Addr: 0x14bd200
Addr: 0x14bd400
Addr: 0x14bd600
Addr: 0x14bd800
Addr: 0x14bda00
Addr: 0x14bdc00
Addr: 0x14bde00
Addr: 0x14be000
Addr: 0x14be200
Addr: 0x14be400
Addr: 0x14be600
Addr: 0x14be800
Addr: 0x14bea00
Addr: 0x14bec00
Addr: 0x14bee00
Addr: 0x14bf000
Addr: 0x14bf200
Addr: 0x14bf400
Addr: 0x14bf600
Addr: 0x14bf800
Addr: 0x14bfa00
Addr: 0x14bfc00
Addr: 0x14bfe00
Addr: 0x14c0000
Addr: 0x14c0200
Addr: 0x14c0400
Addr: 0x14c0600
Addr: 0x14c0800
Addr: 0x14c0a00
Addr: 0x14c0c00
Addr: 0x14c0e00
Addr: 0x14c1000
Addr: 0x14c1200
Addr: 0x14c1400
Addr: 0x14c1600
Addr: 0x14c1800
Addr: 0x14c1a00
Addr: 0x14c1c00
Addr: 0x14c1e00
Addr: 0x14c2000
Addr: 0x14c2200
Addr: 0x14c2400
Addr: 0x14c2600
Addr: 0x14c2800
Addr: 0x14c2a00
Addr: 0x14c2c00
Addr: 0x14c2e00
Addr: 0x14c3000
Addr: 0x14c3200
Addr: 0x14c3400
sandra aftv2-tools # ./read32.py 0 1
1: 0xd1
4: 0x00 0x00 0x00 0x00
4: 0x00 0x00 0x00 0x01
Traceback (most recent call last):
  File "/usr/lib64/python3.4/site-packages/serial/serialposix.py", line 475, in read
    raise SerialException('device reports readiness to read but returned no data (device disconnected or multiple access on port?)')
serial.serialutil.SerialException: device reports readiness to read but returned no data (device disconnected or multiple access on port?)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "./read32.py", line 69, in <module>
    ret = read32(addr, size)
  File "./read32.py", line 45, in read32
    print_hex_byte(dev.read(2)) # status
  File "/usr/lib64/python3.4/site-packages/serial/serialposix.py", line 480, in read
    if e[0] != errno.EAGAIN:
TypeError: 'SerialException' object does not support indexing
sandra aftv2-tools #

Looking at your log It looks like a successful "unbrick". The errors at the end after the "./read32.py 0 1" are the expected behavior for the wrong command needed to exit [USBDOWNLOAD] mode.

Try to remove the battery for 10 seconds then reconnect it and see if it reboots now.

Could you tell the size in bytes of the "lk.bin" you wrote ?

.:HWMOD:.
 

STrRedWolf

Member
May 29, 2016
11
0
0
Looking at your log It looks like a successful "unbrick". The errors at the end after the "./read32.py 0 1" are the expected behavior for the wrong command needed to exit [USBDOWNLOAD] mode.

Try to remove the battery for 10 seconds then reconnect it and see if it reboots now.

Could you tell the size in bytes of the "lk.bin" you wrote ?

.:HWMOD:.
Ugh. Time to take a spludger to my Kindle. :(

Code:
sandra aftv2-tools # ls -l ~tygris/dls/kindle/lk.bin 
-rw-r--r-- 1 tygris tygris 407096 Apr 15  2015 /home/tygris/dls/kindle/lk.bin
 

hwmod

Senior Member
Dec 12, 2011
309
276
0
Verona
FIre OS 5.1.2 LK.bin is 400 KB (409,600 bytes)

I can see that the length of "lk.bin" is different from what you suggested, both in 5.1.2 and 5.1.2.1.
  • update-kindle-global-37.5.4.2_user_542168620.bin (version 5.1.2) - lk.bin is 407096 bytes
  • update-kindle-37.5.4.2_user_542169020.bin (version 5.1.2.1) - lk.bin is 407096 bytes
the two "lk.bin" from these two versions are exactly the same and their "md5sum" is:
  • d73a2c504dc4db427d1dc3996ce4e206
This could be one of the possible reasons for @STrRedWolf not being able to "unbrick" his tablet. To reduce the risks of errors it would be advisable to always include the exact length of the files in bytes accompanied by the "md5sum".

.:HWMOD:.
 
Last edited:

STrRedWolf

Member
May 29, 2016
11
0
0
I can see that the length of "lk.bin" is different from what you suggested, both in 5.1.2 and 5.1.2.1.
  • update-kindle-global-37.5.4.2_user_542168620.bin (version 5.1.2) - lk.bin is 407096 bytes
  • update-kindle-37.5.4.2_user_542169020.bin (version 5.1.2.1) - lk.bin is 407096 bytes
the two "lk.bin" from these two versions are exactly the same and their "md5sum" is:
  • d73a2c504dc4db427d1dc3996ce4e206
This could be one of the possible reasons for @STrRedWolf not being able to "unbrick" his tablet. To reduce the risks of errors it would be advisable to always include the exact length of the files in bytes accompanied by the "md5sum".

.:HWMOD:.

I would also not post the MD5 hash but instead the SHA-256 hash. MD5's deprecated due to known security attacks against it. SHA-256 is considered much more secure (enough that SSL/TLS certificates are required to use it).

Here's the "sha256sum" of the lk-5.1.2.bin from the update-kindle-global-37.5.4.2_user_542168620.bin

Code:
[email protected] ~/dls/kindle $ sha256sum lk.bin 
ef3e0cd928ddf380fa00da1f79fd63e6ed1279be1f4f2e093498116f6faec48e  lk.bin
[email protected] ~/dls/kindle $ ls -l lk.bin
-rw-r--r-- 1 tygris tygris 407096 Apr 15  2015 lk.bin
 

DB126

Senior Member
Oct 15, 2013
15,251
10,034
253
I would also not post the MD5 hash but instead the SHA-256 hash. MD5's deprecated due to known security attacks against it. SHA-256 is considered much more secure (enough that SSL/TLS certificates are required to use it).
Security concerns are irrelevant in the context of determining file equivalency/integrity. Fine to provide one or both checksums but no valid reason to avoid MD5 in this use case.
 

Kramar111

Senior Member
Feb 16, 2014
306
137
63
Near Center of Ukraine
MD5 or SHA-256?
Don't need reinvent the wheel
Amazon says "SHA-1" and publish SHA-1 for system, boot, recovery, UBOOT(=lk.bin), TEE1(=tz.img) in each update META-INF/com/amazon/android/target.blocklist + copy that to /cache/recovery/last_blocklist

For example, lk.bin
Code:
Ver	Size	Sha-1
5.0.1	406964	4690a896d2964b39d5dd8aea7b09b57a80511f22
5.1.1	409060	5f0c2350956fc03aaed24fa83c6c0f441af2b578
5.1.2	407096	995983f35352a3d20c979db447e82739249c52d8
5.1.2.1	407096	995983f35352a3d20c979db447e82739249c52d8
5.1.4	407160	618df04cb5cb96fc286d9c0eacba5256976aee4e
P.S. Same sha-1 and size :) for 5.1.2 and 5.1.2.1 = no brick after downgrade 5.1.2.1 -> 5.1.2
If lk.bin in 5.1.4 will have size 407096 and SHA-1 995983f35352a3d20c979db447e82739249c52d8 - downgrade to 5.1.2 is possible.
 
Last edited:

Top Liked Posts

  • There are no posts matching your filters.
  • 23
    IDENTIFYING THE "BRICK" TYPE
    This is a raw "unbrick" method ONLY of use to those people that tried to downgrade from 5.1.1 to 5.0.1 and "bricked" their tablet during these attempts. The symptoms of the "brick" I experienced are: tablet seems to be dead, screen never turns on, no ADB and no FASTBOOT available from the USB port.
    NOTE: At the moment I could only test this method on the Fire 7 5th Generation tablets, though it is possible that the same procedure could work on other Mediatek SoC.

    From a serial console this kind of soft "brick" can be identified by the following output (just the last few lines):
    Code:
    [ANTI-ROLLBACK] Processing anti-rollback data
    mmc_rpmb_send_command -> req_type=0x1, type=0x4, blks=0x1
    mmc_rpmb_send_command -> req_type=0x2, type=0x4, blks=0x1
    [ANTI-ROLLBACK] PL: 2 TEE: 3002 LK: 3
    [ANTI-ROLLBACK] Checksum validated
    [ANTI-ROLLBACK] LK version mismatch!
    [ANTI-ROLLBACK] L: 3 R: 2

    This state reveals that the UBOOT code ("lk.bin" version 5.0.1) is blocked by Amazon enforced [ANTI-ROLLBACK] protection checks. If this is your case I am 100% sure this method can be used to recover your tablet from the soft "brick" (tested twice).

    "UNBRICK" METHOD DETAILS
    The method makes use of Zeroepoch's Python code used previously to "root" the Amazon Fire TV2 and works very well making it possible to directly and unconditionally write to the EMMC memory space of our Fire 7" 5th Generation tablets. There is no need to sign code, no SHA keys and no certificates involved in the process.

    NOTE: Initially I opened my tablet, connected cables + serial break-out board by soldering them directly to the internal UART TX/RX pads on the mainboard. I even ripped off some of the pads. However this is absolutely not necessary for this method, I did that to ensure myself complete control over the tablet and to learn all I could related to this tablet.

    All the procedure can be completed through the normal USB cable and a Linux terminal console logged in as the "root" user. I preferred to do everything as the "root" user to exclude permission problems on the devices.

    Unfortunately this method is really slow due to the fact that the process is executed through a USB serial connection at 115200 bps and at the moment the proposed code can only write very small chunks of data one after one through a call to a boot loader operation.

    I executed the complete process from a Linux system (Fedora 23) but I believe the same could be done from both Windows and Mac OS X. On Windows it would be slightly more difficult since it requires the correct USB drivers and the Python interpreter. On Linux everything should be already available on any distribution. This will make the process much easier by excluding variables like wrong USB drivers or difficult Python installations.

    THE REQUISITES
    Download the following code archive from Gitlab (thanks to Zeroepoch):
    then unzip the downloaded archive in its new folder. The name of the original folder will be something like:
    aftv2-tools-master-5a6de7663bd7c20c54f59ed10b3a5cec841d6564.zip
    Rename the folder to a shorter name like "aftv2-tools" to make it easier and shorter to type and move between folders. There are several files and directories in the unpacked AFTV2 archive. However we will only need 4 of them for our method. They are 4 Python scripts named "handshake.py", "read_mmc.py", "write_mmc.py" and "read32.py".

    It is possible that you will need to install a Python module called "pyserial" since that is a required dependency. You can do that using the "pip" utility, the command is "pip install pyserial" (the same also for Windows and Mac OS).

    THE PROCEDURE
    The first step is to ensure the tablet is switched off, then "cd" to the "aftv2-tools" folder that you renamed and execute:
    Code:
    ./handshake.py
    on the next line in the console you will immediately see:
    waiting for preloader ...
    now connect the tablet (ensure it is switched off) to the USB port of your PC and wait a couple of second until the Python script exits and the following appears on the console:
    Found port = /dev/ttyACM0
    Handshake complete!

    Now the tablet is in the [USBDL] / [USBDOWNLOAD] mode.

    NOTE: Do not disconnect the cable until the end of the complete write procedure and only after executing the disconnect command below.

    TRAINING WITH A "READ" OPERATION
    Before doing more damages and to ensure the setup/environment works, let's use a READ operation as an exercise and make a backup copy of the current UBOOT partition (it will take a while, prepare your coffee).

    Knowing that the UBOOT partition starts at 0x1460000 (hex) and that the length of the partition in bytes is 0x100000 (hex) we could read the complete partition with the following command:
    Code:
    ./read_mmc.py $((0x1460000)) $((0x100000)) UBOOT_501_backup.part
    The command above would take about 2 hours or more to complete and read the full 16Mbytes , so you may skip that.

    Since we know that the size of the original "lk_501.bin" is exactly 406964 bytes it will be enough to read just what we need (40x less read operations thus 40x less time). A bit of math is needed here, we have to find the minimum number of 512 bytes blocks needed to make up a length of at least 406964 bytes. That is 795 * 512 = 407040 so the command will be:
    Code:
    ./read_mmc.py $((0x1460000)) $((795*512)) UBOOT_501_backup.part
    this will create a file slightly larger than the original, but we will trim it down with the next command below.

    To double check that everything went fine and knowing that the length in bytes of the original 5.0.1 lk.bin is 406964 (dec) we can compare what we have read from the serial connection with the "lk.bin" taken from the 5.0.1 version of the original Amazon update using the following commands. The first line is to trim down what we read to the same size of the original "lk_501.bin" while the second will calculate the MD5 sum of the two files to ensure they are identical:
    Code:
    dd if=UBOOT_501_backup.part of=UBOOT_501_backup.bin bs=406964 count=1
    md5sum UBOOT_501_backup.bin lk_501.bin
    The above command will print 2 lines containing the MD5 sum of both files, the 2 hex number should be the same. Don't worry if the numbers are different, it may be due to a different version of 5.0.x that you used to try the downgrade. Actually there where 3 or more 5.0.1 partial updates. However check with an hex editor that the first four bytes of the backup you just made are HEX: 88 16 88 58 and that bytes number 8 and 9 (start counting from 0) are HEX: 4C 4B which correspond to the ASCII string "LK".

    NOW THE "UNBRICK" PART
    At this point to "unbrick" the tablet we need to write the 5.1.1 version of "lk.bin" to the UBOOT partition with this command:
    Code:
    ./write_mmc.py $((0x1460000)) lk_511.bin
    Wait for this command to complete it will take some time (may be 5 to 10 minutes).
    Now we need to exit the [USBDL] / [USBDOWNLOAD] mode before disconnecting the USB cable.
    Use this command to do that, it may print some error on the console but that is the expected behavior:
    Code:
    ./read32.py 0 1
    wait 10 seconds and then pull the USB cable to disconnect it from the PC.

    NOTE if you can’t get your device out of [USBDL] / [USBDOWNLOAD] mode at this point then pop the back cover off of the device and remove the battery plug that has 6 wires and the plug lifts straight up. Wait 5 seconds and reconnect the battery and place the cover on the back of your tablet then power it up.

    If all went well the device will reboot with a working "UBOOT/lk.bin". You can now boot to recovery and "adb sideload" stock fire os 5.1.1 update to get your device fully working again (not downgraded but fully functional).

    Most of the things explained here are also written in the README files contained in the archives you have downloaded (aftv2-tools / fbtool) and in the documents linked in previous posts.

    Have to say thanks to Sturmflut for the invaluable Mediatek SoC docs and to Zeroepoch for the Python scripts.

    Have fun,

    .:HWMOD:.
    5
    Fire 7 inch 5 Gen stock 5.0.1 firmware and Scatter file for SP_FT

    It is not possible to use SP Flash Tool on our Fire 7 device. Not yet ... we miss a working "authentication" file.
    However I decided to publish some corrections to a previously posted Scatter file for the MT8127 device.

    The attached archive contains the revised Scatter file, a small shell script to prepare the "PRELOADER"
    for flashing the device using the SP Flash Tool and the minimal 5.0.1 files needed to recover the tablet.

    Even if this stuff is not usable yet, the Scatter file can be loaded and parsed correctly in SP Flash Tool v5.
    So this might be of help to others letting them continue the investigation and report/share their findings.

    .:HWMOD:.
    4
    I installed the OS from Amazon OS 5.1.2 to Android 5.1.1. (Lollipop). It worked a few days and started intermittently working sensor and I decided to reinstall another Android 5.1.1. After reinstalling the tablet does not turn on. Then I went in fastboot and through ADB installed Amazon OS 5.1.1.

    The result: the tablet when turn on does not show screen AMAZON, that is does not react to pressing the power button. When connected to the computer constantly appears and disappears "PreLoader USB VCOM Port".

    Tell me, please, how can I restore the tablet after that?
    Congratulations - now encountered this EXACT same post in seven different threads. Going for the record ...
    4
    FIre OS 5.1.2 LK.bin is 400 KB (409,600 bytes)

    I can see that the length of "lk.bin" is different from what you suggested, both in 5.1.2 and 5.1.2.1.
    • update-kindle-global-37.5.4.2_user_542168620.bin (version 5.1.2) - lk.bin is 407096 bytes
    • update-kindle-37.5.4.2_user_542169020.bin (version 5.1.2.1) - lk.bin is 407096 bytes
    the two "lk.bin" from these two versions are exactly the same and their "md5sum" is:
    • d73a2c504dc4db427d1dc3996ce4e206
    This could be one of the possible reasons for @STrRedWolf not being able to "unbrick" his tablet. To reduce the risks of errors it would be advisable to always include the exact length of the files in bytes accompanied by the "md5sum".

    .:HWMOD:.
    3
    MD5 or SHA-256?
    Don't need reinvent the wheel
    Amazon says "SHA-1" and publish SHA-1 for system, boot, recovery, UBOOT(=lk.bin), TEE1(=tz.img) in each update META-INF/com/amazon/android/target.blocklist + copy that to /cache/recovery/last_blocklist

    For example, lk.bin
    Code:
    Ver	Size	Sha-1
    5.0.1	406964	4690a896d2964b39d5dd8aea7b09b57a80511f22
    5.1.1	409060	5f0c2350956fc03aaed24fa83c6c0f441af2b578
    5.1.2	407096	995983f35352a3d20c979db447e82739249c52d8
    5.1.2.1	407096	995983f35352a3d20c979db447e82739249c52d8
    5.1.4	407160	618df04cb5cb96fc286d9c0eacba5256976aee4e
    P.S. Same sha-1 and size :) for 5.1.2 and 5.1.2.1 = no brick after downgrade 5.1.2.1 -> 5.1.2
    If lk.bin in 5.1.4 will have size 407096 and SHA-1 995983f35352a3d20c979db447e82739249c52d8 - downgrade to 5.1.2 is possible.
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone