[UNLOCK][ROOT][TWRP][UNBRICK] Fire HD 10 2017 (suez)

Search This thread

jayp900

New member
Apr 25, 2021
1
0
I have a huge problem since a few hours. I rooted my Fire HD 10 2017 yesterday and everything worked fine. ..until I accidentally flashed TWRP to bootloader instead of recovery. I don't know what I did there.. Obviously the device is now stucked in boot loop. I can't get into recovery mode via button combination and I can't send any commands via adb since the device disconnects every few seconds because it is stucked in bootloop. Fastboot is also not working. Any idea?
 

kwanbis

Senior Member
Apr 19, 2010
404
15
The Internets
Hey k4y0z. Brilliant work here!

However, there are a couple of things that were not clear/confusing for me:

3. Start the script: sudo ./step-1.sh
Your device will now reboot into recovery and perform a factory reset.
I was running a 2020 update (6.3.7.0 I believe), so I was getting an error on line 4, something about the firmware could not be modified or something like that.

I fixed it by first rooting the HD10 with Kingroot in my Windows machine, and then connecting the HD10 back to my Linux machine and starting the process again (run sudo ./step-1.sh etc).

NOTE: If you are on firmware 5.6.4.0 or newer, a downgrade is necessary, this requires bricking the device temporarily. (The screen won't come on at all)
If you chose the brick option, you don't need to run step-2.sh below:
As stated, I need to do the downgrade, so I followed these instructions.

After you have confirmed the bricking by typing "YES", you will need to disconnect the device and run sudo ./bootrom-step-minimal.sh
Then plug the device back in.

I don't remember the exact moment, but the script asks you to "remove the short" or something like that. So I was confused, do I need to re-remove the cable and do it again?

It will then boot into "hacked fastboot" mode.
Then run sudo ./fastboot-step.sh
I did and ended up on TWRP. But then it says:

NOTE: When you are back at initial setup, you can skip registration by selecting a WiFi-Network, then pressing "Cancel" and then "Not Now"
NOTE: Make sure you re-enable ADB after Factory Reset.
I was wondering if at this point I can just flash LineageOS or do I really need to at least boot FireOS once?

THANKS!
 
Last edited:
  • Like
Reactions: flash713

Michajin

Senior Member
Oct 23, 2012
1,246
486
Hey k4y0z. Brilliant work here!

However, there are a couple of things that were not clear/confusing for me:


I was running a 2020 update (6.3.7.0 I believe), so I was getting an error on line 4, something about the firmware could not be modified or something like that.

I fixed it by first rooting the HD10 with Kingroot.


As stated, I need to do the downgrade, so I followed these instructions.



I don't remember the exact moment, but the script asks you to "remove the short" or something like that. So I was confused, do I need to re-remove the cable and do it again?


I did and ended up on TWRP. But then it says:


I was wondering if at this point I can just flash LineageOS or do I really need to at least boot FireOS once?

THANKS!
You can just flash Los at this point. Still need to wipe though. This was written before that was los was a option.
 
  • Like
Reactions: kwanbis

kwanbis

Senior Member
Apr 19, 2010
404
15
The Internets
No Kingoroot is not ideal as I want to unlock the bootloader.

For those who have the latest fireOS like OP says you have to downgrade so you would have to "brick" your device. In order to brick your device you would have to push it into bootrom mode (idk if that is the right terminology). I shorted the PCB from a picture I saw by @retyre in this post.

I have managed to unlock and install lineage OS 16.0 (under development still). Please understand if you have the latest firmware the only way is to "brick" the device.
I had the exact problem. mkt-su would not work (first step of the guide), so I used kingroot from my windows machine to get root first, and then I followed the guide and worked perfectly.
 
  • Like
Reactions: flash713

arooni

Member
Aug 15, 2011
35
2
got the root on my 2017 fire 10 tablet via the offline method

~/D/amonet  sudo ./step-1.sh
Testing root access...
uid=0(root) gid=0(root) context=u:r:init:s0

PL version: 5 (5)
LK version: 4 (2)
TZ version: 267 (263)

TZ, Preloader or LK are too new, RPMB downgrade necessary (or brick option used)
Brick preloader to continue via bootrom-exploit? (Type "YES" to continue)
YES
Bricking preloader
8+0 records in
8+0 records out
4096 bytes transferred in 0.002 secs (2048000 bytes/sec)
Flashing LK
bin/lk.bin: 1 file pushed. 5.2 MB/s (407012 bytes in 0.075s)
794+1 records in
794+1 records out
407012 bytes transferred in 0.031 secs (13129419 bytes/sec)

Flashing TZ
bin/tz.img: 1 file pushed. 5.7 MB/s (3559424 bytes in 0.592s)
6952+0 records in
6952+0 records out
3559424 bytes transferred in 0.197 secs (18068142 bytes/sec)
6952+0 records in
6952+0 records out
3559424 bytes transferred in 0.283 secs (12577469 bytes/sec)

Rebooting..., continue with bootrom-step-minimal.sh
~/D/amonet  sduo ./^C



~/D/amonet  sudo ./bootrom-step-minimal.sh
[2021-05-18 21:06:49.956789] Waiting for bootrom


what to do now ?
 

furomin

Member
  • Jan 24, 2020
    29
    3
    I have a question regarding this. Seems like I have a brick right now, because I tried to update magisk through the manager app... I can boot into TWRP but trying to do a default restart I'm stuck in a boot loop.... What can I do about it? Sorry if my question sounds stupid, but I'm a total noob...

    Any help much appreciated!

    Kind regards,
    Florian
     
    Last edited:

    Michajin

    Senior Member
    Oct 23, 2012
    1,246
    486
    I have a question regarding this. Seems like I have a brick right now, because I tried to update magisk through the manager app... I can boot into TWRP but trying to do a default restart I'm stuck in a boot loop.... What can I do about it? Sorry if my question sounds stupid, but I'm a total noob...

    Any help much appreciated!

    Kind regards,
    Florian
    Reinstall your system, then flash magisk. Did you make a backup? Oh and never flash magisk from the manager.. lol
     

    furomin

    Member
  • Jan 24, 2020
    29
    3
    Reinstall your system, then flash magisk. Did you make a backup? Oh and never flash magisk from the manager.. lol
    First of all thank you for your answer, michajin! But, what do you mean by reinstallling the system? What exactly do I have to do? Thank you, and sorry for my stupidity! And also I should have known to not install Magisk through Manager app, sorry!
     
    Last edited:

    Michajin

    Senior Member
    Oct 23, 2012
    1,246
    486
    First of all thank you for your answer, michajin! But, what do you mean by reinstallling the system? What exactly do I have to do? Thank you, and sorry for my stupidity! And also I should have known to not install Magisk through Manager app, sorry!
    Flash your rom. Fireos or lineage...
     
    • Like
    Reactions: flash713
    Talk about a helpful thread!!! Everything and more I was able to figure out reading the last two pages. 😁 I've had my suez since a few months after it came out. I guess I'll root it now and get all these apps off it that I don't use. Reminds me of an old Motorola phone I had some years ago. After unlocking bootloader and rooting it and then deleting all the bloat my ram almost doubled!! 😂 I'm sure this thing will be about the same. Tks everyone for making all these very helpful posts here!!
     

    Michajin

    Senior Member
    Oct 23, 2012
    1,246
    486
    Talk about a helpful thread!!! Everything and more I was able to figure out reading the last two pages. 😁 I've had my suez since a few months after it came out. I guess I'll root it now and get all these apps off it that I don't use. Reminds me of an old Motorola phone I had some years ago. After unlocking bootloader and rooting it and then deleting all the bloat my ram almost doubled!! 😂 I'm sure this thing will be about the same. Tks everyone for making all these very helpful posts here!!
    Lineage works pretty well on it....
     
    • Like
    Reactions: flash713

    koad1226

    Member
    Nov 3, 2014
    11
    0
    1. I tried rooting my hd 10 2017 7th generation and soft bricked the device.
    2. I attempted to adb sideload FireOS 5.6.8.0 and ended up permanently bricking the device.
    3. I used shorting to bring back the device. (at this point I did not know the os version the device was running)
    4. But the problem is device boots normally to the first setup page BUT THE TOUCH IS NOT WORKING.
    5. I have sideloaded the FireOS 5.6.8.0 again the screen is not responsive to touch still.
    6. Physically, I don't see any damage to the digitizer.
    7. I can boot into Amazon Recovery; volume keys, sound and screen rotation work perfectly.
    8. Is my problem due to a corrupt os (don't know if that is possible) or a hardware issue?
    KINDLY HELP ME FIX THE ISSUE.
     

    Attachments

    • 20210521_010720.jpg
      20210521_010720.jpg
      180.3 KB · Views: 10

    koad1226

    Member
    Nov 3, 2014
    11
    0
    Help me oo.
    I can boot into Amazon Recovery and the first set up screen as shown above but the screen is not responsive to touch. It is on 5.6.8.0.
    Can I sideload 5.6.3.0 without bricking the device? (just to verify if is the os causing the touch problem)
     

    Top Liked Posts

    • There are no posts matching your filters.
    • 1
      nevermind. got it!

      i had to turn the device on i think to get it to boot by holding down the power button; didn't see that in the instructions.
      1
      I have a question regarding this. Seems like I have a brick right now, because I tried to update magisk through the manager app... I can boot into TWRP but trying to do a default restart I'm stuck in a boot loop.... What can I do about it? Sorry if my question sounds stupid, but I'm a total noob...

      Any help much appreciated!

      Kind regards,
      Florian
      Reinstall your system, then flash magisk. Did you make a backup? Oh and never flash magisk from the manager.. lol
      1
      First of all thank you for your answer, michajin! But, what do you mean by reinstallling the system? What exactly do I have to do? Thank you, and sorry for my stupidity! And also I should have known to not install Magisk through Manager app, sorry!
      Flash your rom. Fireos or lineage...
      1
      Talk about a helpful thread!!! Everything and more I was able to figure out reading the last two pages. 😁 I've had my suez since a few months after it came out. I guess I'll root it now and get all these apps off it that I don't use. Reminds me of an old Motorola phone I had some years ago. After unlocking bootloader and rooting it and then deleting all the bloat my ram almost doubled!! 😂 I'm sure this thing will be about the same. Tks everyone for making all these very helpful posts here!!
      Lineage works pretty well on it....
      1
      Just one more question... Where can I find the latest magisk canary zip file version 23001? Can someone link me up, please? Thank you!!
      the apk is flashable, just rename it to a zip....

    • 77
      Read this whole guide before starting.

      This is for the 7th gen Fire HD10 (suez).

      Current version: amonet-suez-v1.1.2.zip


      NOTE: This process does not require you to open your device, but should something go horribly wrong, be prepared to do so.


      NOTE: This process will modify the partition-table (GPT) of your device.


      NOTE: Your device will be reset to factory defaults (including internal storage) during this process.


      What you need:
      • A Linux installation or live-system
      • A micro-USB cable

      Install python3, PySerial, adb, fastboot dos2unix. For Debian/Ubuntu something like this should work:
      Code:
      sudo apt update
      sudo add-apt-repository universe
      sudo apt install python3 python3-serial adb fastboot dos2unix

      1. Extract the attached zip-file "amonet-suez-v1.1.2.zip" and open a terminal in that directory.


      NOTE: If you are already rooted, continue with the next step, otherwise get mtk-su by @diplomatic from here and place (the unpacked binary) into amonet/bin folder


      2. Enable ADB in Developer Settings

      3. Start the script:
      Code:
      sudo ./step-1.sh

      Your device will now reboot into recovery and perform a factory reset.

      NOTE: If you are on firmware 5.6.4.0 or newer, a downgrade is necessary, this requires bricking the device temporarily. (The screen won't come on at all)
      If you chose the brick option, you don't need to run step-2.sh below:



      Make sure ModemManager is disabled or uninstalled:
      Code:
      sudo systemctl stop ModemManager
      sudo systemctl disable ModemManager

      After you have confirmed the bricking by typing "YES", you will need disconnect the device and run
      Code:
      sudo ./bootrom-step-minimal.sh
      Then plug the device back in.

      It will then boot into "hacked fastboot" mode.
      Then run
      Code:
      sudo ./fastboot-step.sh



      NOTE: When you are back at initial setup, you can skip registration by selecting a WiFi-Network, then pressing "Cancel" and then "Not Now"
      NOTE: Make sure you re-enable ADB after Factory Reset.


      4. Start the script:
      Code:
      sudo ./step-2.sh

      The exploit will now be flashed and your device will reboot into TWRP.

      You can now install Magisk from there.


      Going back to stock

      Extract the attached zip-file "amonet-suez-v1.1-return-to-stock.zip" into the same folder where you extracted "amonet-suez-v1.1.2.zip" and open a terminal in that directory.
      You can go back to stock without restoring the original partition-table, so you can go back to unlocked without wiping data.
      Just use hacked fastboot to
      Code:
      fastboot flash recovery bin/recovery.img

      If you want to go back completely (including restoring your GPT):
      Code:
      sudo ./return-to-stock.sh

      Your device should reboot into Amazon Recovery. Use adb sideload to install stock image from there. (Make sure to use FireOS 5.6.3.0 or newer, otherwise you may brick your device)

      Important information


      In the new partitioning scheme your boot/recovery-images will be in boot_x/recovery_x respectively, while boot/recovery will hold the exploit.
      TWRP takes care of remapping these for you, so installing zips/images from TWRP will work as expected.

      Don't flash boot/recovery images from FireOS (FlashFire, MagiskManager etc.) (If you do anyway, make sure you flash them to boot_x/recovery_x)

      Should you accidentally overwrite the wrong boot, but your TWRP is still working, rebooting into TWRP will fix that automatically.

      TWRP will prevent updates from overwriting LK/Preloader/TZ, so generally installing an update should work without issues (only full updates, incremental updates won't work).

      For ROM developers there is still an option to overwrite these, which should only be done after thorough testing and if needed (LK should never be updated).

      It is still advised to disable OTA.


      Very special thanks to @xyz` for making all this possible and putting up with the countless questions I have asked, helping me finish this.
      Special thanks also to @retyre for porting the bootrom-exploit and for testing.
      Special thanks also to @diplomatic for his wonderfull mtk-su, allowing you to unlock without opening the device.
      Thanks also to @bibikalka and everyone who donated :)
      Thanks to @TheRealIntence and @b1u3m3th for confirming it also works on the 64GB model.
      12
      Unbricking

      If Recovery OR FireOS are still accessible there are other means of recovery, don't continue.

      If your device shows one of the following symptoms:
      1. It doesn't show any life (screen stays dark)
      2. You see the white amazon logo, but cannot access Recovery or FireOS.

      If you have a Type 1 brick, you may not have to open the device, if your device comes up in bootrom-mode (See Checking USB connection below).
      1. Make sure the device is powered off, by holding the power-button for 20+ seconds
      2. Start bootrom-step.sh
      3. Plug in USB

      In all other cases you will have to open the device and partially take it apart.
      Follow this guide by @retyre until (including) step 8..
      At Step 6. you will replace
      Code:
      sudo ./bootrom.sh
      with
      Code:
      sudo ./bootrom-step.sh
      Should the script stall at some point, restart it and replug the USB-cable (Shorting it again should not be necessary unless the script failed at the very beginning).

      If the script succeeded, put the device back together.
      When you turn it on, it should start in hacked fastboot mode.
      You can now use
      Code:
      sudo ./fastboot-step.sh
      This will flash TWRP and reset your device to factory defaults, then reboot into TWRP.


      Checking USB connection
      In lsusb the boot-rom shows up as:
      Code:
      Bus 002 Device 013: ID [b]0e8d:0003[/b] MediaTek Inc. MT6227 phone

      If it shows up as:
      Code:
      Bus 002 Device 014: ID [b]0e8d:2000[/b] MediaTek Inc. MT65xx Preloader
      instead, you are in preloader-mode, try again.

      dmesg lists the correct device as:
      Code:
      [ 6383.962057] usb 2-2: New USB device found, idVendor=[b]0e8d[/b], idProduct=[b]0003[/b], bcdDevice= 1.00
      10
      Changelog
      Version 1.1.2 (26.03.2019)
      • Fix regenerating GPT from temp GPT

      Version 1.1.1 (26.03.2019)
      • Fix unbricking procedure

      Version 1.1 (25.03.2019)
      • Update TWRP-sources to twrp-9.0 branch
      • TWRP uses kernel compiled from source
      • Add scripts to use handshake2.py to enter fastboot/recovery

      Features.

      • Uses 5.6.3 LK for full compatibility with newer kernels.
      • Hacked fastboot mode lets you use all fastboot commands (flash etc).
      • Boots custom/unsigned kernel-images (no patching needed)
      • TWRP protects from downgrading PL/TZ/LK
      • For the devs: sets printk.disable_uart=0 (enables debug-output over UART).

      NOTE: Hacked fastboot can be reached via TWRP.

      NOTE: Hacked fastboot doesn't remap partition names, so you can easily go back to stock
      9
      Just uploaded version 1.1.
      If you are already unlocked you can just install the zip-file from TWRP to update.

      Version 1.1 (25.03.2019)
      • Update TWRP-sources to twrp-9.0 branch
      • TWRP uses kernel compiled from source
      • Add scripts to use handshake2.py to enter fastboot/recovery
    Our Apps
    Get our official app!
    The best way to access XDA on your phone
    Nav Gestures
    Add swipe gestures to any Android
    One Handed Mode
    Eases uses one hand with your phone