[UNLOCK][ROOT][TWRP][UNBRICK] Fire HD 10 2017 (suez)

Search This thread

pokemon81

New member
Jun 10, 2008
3
0
Hi,

i try to Root my Device for Lineage ROM. But it don't Work. i see Waintig Devices an nothing more. I need to Brick the Device because it was with latest fire OS 5 installed. here i my Console output:

Code:
[email protected]:~/amonet# sudo ./bootrom-step-minimal.sh
[2021-02-19 12:38:09.667910] Waiting for bootrom
[2021-02-19 12:38:15.504746] Found port = /dev/ttyACM0
[2021-02-19 12:38:15.507227] Handshake
[2021-02-19 12:38:15.512809] Disable watchdog

* * * Remove the short and press Enter * * *


[2021-02-19 12:38:27.277045] Init crypto engine
[2021-02-19 12:38:27.513155] Disable caches
[2021-02-19 12:38:27.516118] Disable bootrom range checks
[2021-02-19 12:38:27.638276] Load payload from ../brom-payload/build/payload.bin = 0x4820 bytes
[2021-02-19 12:38:27.676080] Send payload
[2021-02-19 12:38:34.028390] Let's rock
[2021-02-19 12:38:34.033964] Wait for the payload to come online...
[2021-02-19 12:38:34.037863] all good
[2021-02-19 12:38:34.039129] Running in minimal mode, assuming LK and TZ to have already been flash                                      ed.
[2021-02-19 12:38:34.039793] If this is correct (i.e. you used "brick" option in step 1) press ente                                      r, otherwise terminate with Ctrl+C

[2021-02-19 12:38:37.069439] Check GPT
[2021-02-19 12:38:41.743851]
[2021-02-19 12:38:41.744626] Sector size (logical): 512 bytes
[2021-02-19 12:38:41.745299] Disk identifier (GUID): B1541C10-343E-474B-B5B2-05796C64E992
[2021-02-19 12:38:41.745781] Partition table holds up to 128 entries
[2021-02-19 12:38:41.746218] This partition table begins at sector 2 and ends at sector 33
[2021-02-19 12:38:41.746638] First usable sector is 34, last usable sector is 61071326
[2021-02-19 12:38:41.747038] Other partition table is at sector 61071359
[2021-02-19 12:38:41.747428]
[2021-02-19 12:38:41.748086] Number   Start (sector)     End (sector)  Size          Name                                              
[2021-02-19 12:38:41.752948]     1             1024             7167  3.00 MiB      proinfo                                            
[2021-02-19 12:38:41.756000]     2             7168            16383  4.50 MiB      PMT                                                
[2021-02-19 12:38:41.758094]     3            16384            18431  1024.00 KiB   kb                                                  
[2021-02-19 12:38:41.760166]     4            18432            20479  1024.00 KiB   dkb                                                
[2021-02-19 12:38:41.762282]     5            20480            22527  1024.00 KiB   lk                                                  
[2021-02-19 12:38:41.764337]     6            22528            32767  5.00 MiB      tee1                                                
[2021-02-19 12:38:41.766409]     7            32768            43007  5.00 MiB      tee2                                                
[2021-02-19 12:38:41.768551]     8            43008           123903  39.50 MiB     metadata                                            
[2021-02-19 12:38:41.770634]     9           123904           124927  512.00 KiB    MISC                                                
[2021-02-19 12:38:41.772770]    10           124928           141311  8.00 MiB      reserved                                            
[2021-02-19 12:38:41.774977]    11           141312           174079  16.00 MiB     boot_x                                              
[2021-02-19 12:38:41.777100]    12           174080           208895  17.00 MiB     recovery_x                                          
[2021-02-19 12:38:41.779190]    13           208896          3515391  1.58 GiB      system                                              
[2021-02-19 12:38:41.781278]    14          3515392          4383743  424.00 MiB    cache                                              
[2021-02-19 12:38:41.783400]    15          4383744         60619775  26.82 GiB     userdata                                            
[2021-02-19 12:38:41.785539]    16         60619776         60845055  110.00 MiB    boot                                                
[2021-02-19 12:38:41.787567]    17         60845056         61070335  110.00 MiB    recovery                                            
[2021-02-19 12:38:41.897324]
[2021-02-19 12:38:41.898619] Check boot0
[2021-02-19 12:38:43.421270] Check rpmb
[2021-02-19 12:38:43.633027] rpmb looks broken; if this is expected (i.e. you're retrying the explo                                      it) press enter, otherwise terminate with Ctrl+C

[2021-02-19 12:38:53.911153] Clear preloader header
[8 / 8]
[2021-02-19 12:38:55.578061] Downgrade rpmb
[2021-02-19 12:38:55.582559] Recheck rpmb
[2021-02-19 12:38:56.474786] rpmb downgrade ok
[2021-02-19 12:38:56.475503] Inject payload
[1 / 1]
[807 / 807]
[1 / 1]
[807 / 807]
[2021-02-19 12:39:28.373408] Force fastboot
[2021-02-19 12:39:29.973640] Flash preloader
[361 / 361]
[353 / 353]
[2021-02-19 12:39:44.938608] Reboot to unlocked fastboot
[email protected]:~/amonet# sudo ./fastboot-step.sh
Your device will be reset to factory defaults...
Press Enter to Continue...

< waiting for any device >
^C


what are i am Missing ? When i connect the Display of teh Device i see an Loop with den "Amazon " Logo. i cannot get into recovery or Fastboot mode.
 
D

Deleted member 9954674

Guest
I've been experimenting with the LineageOS 14.1 and 16.0 builds for this device, before that I had LineaegeOS 12.1 working fine, but now I can't get it to boot, and it's not detected by adb either. I've tried almost everything including redoing the whole bootloader unlocking process after restoring back to stock so I don't see what could be causing this. Does anyone have any ideas of how I could get LineaegeOS 12.1 working again? Thanks for your help!

Edit: I attempted to clear the misc partition, which worked, but didn't solve the issue.
Edit 2: I fixed this by wiping the metadata partition.
 
Last edited by a moderator:

sga999

Senior Member
Mar 13, 2012
809
112
That's interesting, I tried Magisk 21.1 but it also left me unable to boot FireOS 5.6.8.0. But I could easily enough revert back to Magisk 20.4 and it booted back up with no problems. I didn't bother trying 21.0 as I assumed it would also fail.

The Magisk Manager update works fine, just Magisk itself doesn't.

I got a notification about a new Magisk version 22.0 today. It is a combined app and zip file. I thought maybe this boot problem would be fixed on our Fire HD 10, but no luck. And yet it looks like this problem was closed out the day after we mentioned it. I wonder why. Has anyone else encountered this issue with the newest version?

As we did before, flashing the older version of the zip works, but it sure would be nice to have the latest version installed.
 

mhardyman

Senior Member
Jul 10, 2007
179
27
I got a notification about a new Magisk version 22.0 today. It is a combined app and zip file. I thought maybe this boot problem would be fixed on our Fire HD 10, but no luck. And yet it looks like this problem was closed out the day after we mentioned it. I wonder why. Has anyone else encountered this issue with the newest version?

As we did before, flashing the older version of the zip works, but it sure would be nice to have the latest version installed.


I failed to boot with previous magisk update 21.4. Reverted to 18.1 and boots but can't access root. Installed v22 as an apk this morning and doesn't load. I think mine has got messed up. Is there a link to legacy magisk 20.4. Thanks.
 

sga999

Senior Member
Mar 13, 2012
809
112
I failed to boot with previous magisk update 21.4. Reverted to 18.1 and boots but can't access root. Installed v22 as an apk this morning and doesn't load. I think mine has got messed up. Is there a link to legacy magisk 20.4. Thanks.

I'm not very familiar with gitHub, but it looks like all old releases are there. Newer ones are listed first, so you may have to advance to a subsequent page to get the one you want.

 
  • Like
Reactions: mhardyman

otorijin

New member
Nov 12, 2017
1
0
Hi everyone, I was given a Fire HD 10 7th gen to play with. It is currently on 5.6.4.0 (636559820). There is a lot to read over but from what I gather so far, I CANNOT use the method in this guide? :cry:

I see there is the "offline method" and "kingoroot apk" as alternatives, but I've read somewhere that superSU and kingoroot are not safe?
-> If I still go with it, which one is better to use (more beginner friendly)?
-> Will installing TWRP/Magisk/Lineage OS afterwards get rid of any potential "bad stuff" from superSU/kingoroot?

Sorry for the noob questions, but I really am a noob to all this haha. So any response will be appreciated! TIA
 

Michajin

Senior Member
Oct 23, 2012
1,245
486
Hi everyone, I was given a Fire HD 10 7th gen to play with. It is currently on 5.6.4.0 (636559820). There is a lot to read over but from what I gather so far, I CANNOT use the method in this guide? :cry:

I see there is the "offline method" and "kingoroot apk" as alternatives, but I've read somewhere that superSU and kingoroot are not safe?
-> If I still go with it, which one is better to use (more beginner friendly)?
-> Will installing TWRP/Magisk/Lineage OS afterwards get rid of any potential "bad stuff" from superSU/kingoroot?

Sorry for the noob questions, but I really am a noob to all this haha. So any response will be appreciated! TIA
Kingoroot ads adware usually. But unlocking would clear it, unlocking wipes data anyways. superSU is fine for SU management. Magisk is a root that can be hidden from apps that look for root. To install TWRP you will need to be unlocked. Magisk is a SU management. Lineage is a custom rom. What are you looking to do? This guide will help to unlock once you have root access. Unless you want to open the device.
 

Avishay.a

Member
Feb 22, 2013
35
1
Hi everyone,
I have Fire HD 10 7th gen with firmware version 5.6.8.0.
I would like to open the bootloader in order to install TWRP and install lineage OS.
I read countless threads and posts in many forums, but I'm quite lost.
I rooted devices and installed custom ROMs many times in the past on other Android devices (and did some times Jailbreaking on iOS), so I'm sure I got the skills and understanding.

Can someone point me to one simple step-by-step guide that actually works and fits my version 5.6.8.0, how to open the bootloader?
Thank you all in advance!
 

poulopoulosa

Senior Member
Oct 15, 2014
55
40
Kingoroot ads adware usually. But unlocking would clear it, unlocking wipes data anyways. superSU is fine for SU management. Magisk is a root that can be hidden from apps that look for root. To install TWRP you will need to be unlocked. Magisk is a SU management. Lineage is a custom rom. What are you looking to do? This guide will help to unlock once you have root access. Unless you want to open the device.
I got a Fire 10 (Suez) from a friend he said the USB was not working. I opened it and fixed with a new usb port. But, I realised that I cannot root it since its the latest firmware.

I read somewhere that you need to short some specific parts on the board to kick a different do you have any links? I can open the device.

Thanks
 

Michajin

Senior Member
Oct 23, 2012
1,245
486
I got a Fire 10 (Suez) from a friend he said the USB was not working. I opened it and fixed with a new usb port. But, I realised that I cannot root it since its the latest firmware.

I read somewhere that you need to short some specific parts on the board to kick a different do you have any links? I can open the device.

Thanks
Have you tried the offline rotting method or kingoroot? Last I knew they still worked...

 

poulopoulosa

Senior Member
Oct 15, 2014
55
40
Have you tried the offline rotting method or kingoroot? Last I knew they still worked...

No Kingoroot is not ideal as I want to unlock the bootloader.

For those who have the latest fireOS like OP says you have to downgrade so you would have to "brick" your device. In order to brick your device you would have to push it into bootrom mode (idk if that is the right terminology). I shorted the PCB from a picture I saw by @retyre in this post.

I have managed to unlock and install lineage OS 16.0 (under development still). Please understand if you have the latest firmware the only way is to "brick" the device.
 

Michajin

Senior Member
Oct 23, 2012
1,245
486
No Kingoroot is not ideal as I want to unlock the bootloader.

For those who have the latest fireOS like OP says you have to downgrade so you would have to "brick" your device. In order to brick your device you would have to push it into bootrom mode (idk if that is the right terminology). I shorted the PCB from a picture I saw by @retyre in this post.

I have managed to unlock and install lineage OS 16.0 (under development still). Please understand if you have the latest firmware the only way is to "brick" the device.
Yes it is, but if you don't want to open the device, you need root. Unlocking the bootloader will wipe everything, shorting out will get you into the bootrom, but it's easier to root and boot into it. I have 3 of these, never opened one...
 
Last edited:
  • Like
Reactions: poulopoulosa

Top Liked Posts

  • 1
    Touch screen not working. I strongly believe the digitizer is intact.
    You previously stated that you opened it up to do the short, so my first guess would be that you damaged the ribbon cable for the screen, or did not seat it in properly. I would open it back up and try reseating the cable, making sure that it is inserted all the way, etc. Beyond that IDK, maybe whatever version of FireOS you installed does not have the correct drivers, I would try reinstalling whatever version (specifically for this tablet) was previously working. You could also try a USB keyboard to see if it will allow you to interact with the setup screens, but I do not think that is gonna fix anything related to the touch screen.
  • 1
    I have a question regarding this. Seems like I have a brick right now, because I tried to update magisk through the manager app... I can boot into TWRP but trying to do a default restart I'm stuck in a boot loop.... What can I do about it? Sorry if my question sounds stupid, but I'm a total noob...

    Any help much appreciated!

    Kind regards,
    Florian
    Reinstall your system, then flash magisk. Did you make a backup? Oh and never flash magisk from the manager.. lol
    1
    First of all thank you for your answer, michajin! But, what do you mean by reinstallling the system? What exactly do I have to do? Thank you, and sorry for my stupidity! And also I should have known to not install Magisk through Manager app, sorry!
    Flash your rom. Fireos or lineage...
    1
    Talk about a helpful thread!!! Everything and more I was able to figure out reading the last two pages. 😁 I've had my suez since a few months after it came out. I guess I'll root it now and get all these apps off it that I don't use. Reminds me of an old Motorola phone I had some years ago. After unlocking bootloader and rooting it and then deleting all the bloat my ram almost doubled!! 😂 I'm sure this thing will be about the same. Tks everyone for making all these very helpful posts here!!
    Lineage works pretty well on it....
    1
    Just one more question... Where can I find the latest magisk canary zip file version 23001? Can someone link me up, please? Thank you!!
    the apk is flashable, just rename it to a zip....

    1
    the apk is flashable, just rename it to a zip....

    I always rename canary apk to canary.zip and flash or I patch my boot.img on my phone, pixel 4xl, but I saw the other day a few people posted that they flashed the APK in twrp. I was like "WTF!!" 😂🤣😁 Android has come a LOOOONG way!!! I'm grateful we still have the creater and maintainer of magisk, topjohnwu, still around and doing all he does, especially after he was recently hired on to Google on the development team. I always laugh a lil because he is an Apple developer as well. I remember all the fuss back in the day about people hating Apple.. topjohnwu is definitely a top notch dev and we are blessed to have him as we are blessed to have everyone who participates in development. 🙏✌️❤️
  • 77
    Read this whole guide before starting.

    This is for the 7th gen Fire HD10 (suez).

    Current version: amonet-suez-v1.1.2.zip


    NOTE: This process does not require you to open your device, but should something go horribly wrong, be prepared to do so.


    NOTE: This process will modify the partition-table (GPT) of your device.


    NOTE: Your device will be reset to factory defaults (including internal storage) during this process.


    What you need:
    • A Linux installation or live-system
    • A micro-USB cable

    Install python3, PySerial, adb, fastboot dos2unix. For Debian/Ubuntu something like this should work:
    Code:
    sudo apt update
    sudo add-apt-repository universe
    sudo apt install python3 python3-serial adb fastboot dos2unix

    1. Extract the attached zip-file "amonet-suez-v1.1.2.zip" and open a terminal in that directory.


    NOTE: If you are already rooted, continue with the next step, otherwise get mtk-su by @diplomatic from here and place (the unpacked binary) into amonet/bin folder


    2. Enable ADB in Developer Settings

    3. Start the script:
    Code:
    sudo ./step-1.sh

    Your device will now reboot into recovery and perform a factory reset.

    NOTE: If you are on firmware 5.6.4.0 or newer, a downgrade is necessary, this requires bricking the device temporarily. (The screen won't come on at all)
    If you chose the brick option, you don't need to run step-2.sh below:



    Make sure ModemManager is disabled or uninstalled:
    Code:
    sudo systemctl stop ModemManager
    sudo systemctl disable ModemManager

    After you have confirmed the bricking by typing "YES", you will need disconnect the device and run
    Code:
    sudo ./bootrom-step-minimal.sh
    Then plug the device back in.

    It will then boot into "hacked fastboot" mode.
    Then run
    Code:
    sudo ./fastboot-step.sh



    NOTE: When you are back at initial setup, you can skip registration by selecting a WiFi-Network, then pressing "Cancel" and then "Not Now"
    NOTE: Make sure you re-enable ADB after Factory Reset.


    4. Start the script:
    Code:
    sudo ./step-2.sh

    The exploit will now be flashed and your device will reboot into TWRP.

    You can now install Magisk from there.


    Going back to stock

    Extract the attached zip-file "amonet-suez-v1.1-return-to-stock.zip" into the same folder where you extracted "amonet-suez-v1.1.2.zip" and open a terminal in that directory.
    You can go back to stock without restoring the original partition-table, so you can go back to unlocked without wiping data.
    Just use hacked fastboot to
    Code:
    fastboot flash recovery bin/recovery.img

    If you want to go back completely (including restoring your GPT):
    Code:
    sudo ./return-to-stock.sh

    Your device should reboot into Amazon Recovery. Use adb sideload to install stock image from there. (Make sure to use FireOS 5.6.3.0 or newer, otherwise you may brick your device)

    Important information


    In the new partitioning scheme your boot/recovery-images will be in boot_x/recovery_x respectively, while boot/recovery will hold the exploit.
    TWRP takes care of remapping these for you, so installing zips/images from TWRP will work as expected.

    Don't flash boot/recovery images from FireOS (FlashFire, MagiskManager etc.) (If you do anyway, make sure you flash them to boot_x/recovery_x)

    Should you accidentally overwrite the wrong boot, but your TWRP is still working, rebooting into TWRP will fix that automatically.

    TWRP will prevent updates from overwriting LK/Preloader/TZ, so generally installing an update should work without issues (only full updates, incremental updates won't work).

    For ROM developers there is still an option to overwrite these, which should only be done after thorough testing and if needed (LK should never be updated).

    It is still advised to disable OTA.


    Very special thanks to @xyz` for making all this possible and putting up with the countless questions I have asked, helping me finish this.
    Special thanks also to @retyre for porting the bootrom-exploit and for testing.
    Special thanks also to @diplomatic for his wonderfull mtk-su, allowing you to unlock without opening the device.
    Thanks also to @bibikalka and everyone who donated :)
    Thanks to @TheRealIntence and @b1u3m3th for confirming it also works on the 64GB model.
    12
    Unbricking

    If Recovery OR FireOS are still accessible there are other means of recovery, don't continue.

    If your device shows one of the following symptoms:
    1. It doesn't show any life (screen stays dark)
    2. You see the white amazon logo, but cannot access Recovery or FireOS.

    If you have a Type 1 brick, you may not have to open the device, if your device comes up in bootrom-mode (See Checking USB connection below).
    1. Make sure the device is powered off, by holding the power-button for 20+ seconds
    2. Start bootrom-step.sh
    3. Plug in USB

    In all other cases you will have to open the device and partially take it apart.
    Follow this guide by @retyre until (including) step 8..
    At Step 6. you will replace
    Code:
    sudo ./bootrom.sh
    with
    Code:
    sudo ./bootrom-step.sh
    Should the script stall at some point, restart it and replug the USB-cable (Shorting it again should not be necessary unless the script failed at the very beginning).

    If the script succeeded, put the device back together.
    When you turn it on, it should start in hacked fastboot mode.
    You can now use
    Code:
    sudo ./fastboot-step.sh
    This will flash TWRP and reset your device to factory defaults, then reboot into TWRP.


    Checking USB connection
    In lsusb the boot-rom shows up as:
    Code:
    Bus 002 Device 013: ID [b]0e8d:0003[/b] MediaTek Inc. MT6227 phone

    If it shows up as:
    Code:
    Bus 002 Device 014: ID [b]0e8d:2000[/b] MediaTek Inc. MT65xx Preloader
    instead, you are in preloader-mode, try again.

    dmesg lists the correct device as:
    Code:
    [ 6383.962057] usb 2-2: New USB device found, idVendor=[b]0e8d[/b], idProduct=[b]0003[/b], bcdDevice= 1.00
    10
    Changelog
    Version 1.1.2 (26.03.2019)
    • Fix regenerating GPT from temp GPT

    Version 1.1.1 (26.03.2019)
    • Fix unbricking procedure

    Version 1.1 (25.03.2019)
    • Update TWRP-sources to twrp-9.0 branch
    • TWRP uses kernel compiled from source
    • Add scripts to use handshake2.py to enter fastboot/recovery

    Features.

    • Uses 5.6.3 LK for full compatibility with newer kernels.
    • Hacked fastboot mode lets you use all fastboot commands (flash etc).
    • Boots custom/unsigned kernel-images (no patching needed)
    • TWRP protects from downgrading PL/TZ/LK
    • For the devs: sets printk.disable_uart=0 (enables debug-output over UART).

    NOTE: Hacked fastboot can be reached via TWRP.

    NOTE: Hacked fastboot doesn't remap partition names, so you can easily go back to stock
    9
    Just uploaded version 1.1.
    If you are already unlocked you can just install the zip-file from TWRP to update.

    Version 1.1 (25.03.2019)
    • Update TWRP-sources to twrp-9.0 branch
    • TWRP uses kernel compiled from source
    • Add scripts to use handshake2.py to enter fastboot/recovery