[UNLOCK][ROOT][TWRP][UNBRICK] Fire HD 10 2017 (suez)

Search This thread
By:
Advanced…
P

pkgingo

Member
Jan 11, 2010
24
7
Can someone please post their GPT data?
k4y0z said:
script for hd 10 7th generation
Click to expand...
Click to collapse
I ran the script posted in the OP but it never saved out any gpt data and now twrp has loaded and I loaded a rom but I have no other partitions. I cant authorize adb in the rom to dump the partition table properly.

TIA!

Update: I managed to finally figure it out. It looks like the lineage 14 scripts do NOT have the mkfs commands that lineage 12 does, so you must first flash lineage 12 before you can use another distribution.
 
Last edited:
NickStaceeJaxx

NickStaceeJaxx

Member
Aug 13, 2014
11
1
Hi guys,

I need your help! I try to return back to stock, because I want to sell my Fire HD tablet.
I try to run the return script on a linux live system.
However I get two errors
./return-to-stock.sh: line 7: dos2unix: command not found
This is only for the "suez" (Amazon Fire HD10 (2017)), your device is a ""

The second line is kind of funny, because when I run adb shell getprop ro.product.name it shows me suez....
Ive installed the latest fire os update via TWRP, so there shouldnt be a problem.

Maybe you have an idea and can help me?
Thanks in advance for your help :)
 

Attachments

  • Untitled.png
    Untitled.png
    48.6 KB · Views: 114
R

rG-

Senior Member
Sep 20, 2010
73
8
so i found my old fire hd 10 and decided to try this out! workes very well! GJ!

PS: i had to use the "bricked version" without step 2.sh!
 
smithbill

smithbill

Senior Member
Jun 24, 2007
289
81
Liverpool
I've been using my rooted Fire HD 10 on FireOS for months and it's been working well. However, I just got the notification that a new Magisk was available (I had been on Magisk 20.4). So I downloaded the new Magisk zip (v21.3) and went into TWRP and wiped Cache/dalvik, flashed Magisk zip, wiped Cache/dalvik again and rebooted.

It crept through the Fire "Optimising system storage and applications" screen and is stuck at the end. I tried power down & reboot, it was then just stuck on the Fire screen. I tried rebooting to TWRP and wiping caches again, but the same happens - it's now been sat on the "Optimising system storage and applications" screen for an hour.

So it would appear that Magisk 21.3 does not work with Fire HD 10 (2017) on FireOS 5.6.8.0.

Anyone got any ideas how to resolve this?
 
Last edited:
S

sga999

Senior Member
Mar 13, 2012
968
165
smithbill said:
I've been using my rooted Fire HD 10 on FireOS for months and it's been working well. However, I just got the notification that a new Magisk was available (I had been on Magisk 20.4). So I downloaded the new Magisk zip (v21.3) and went into TWRP and wiped Cache/dalvik, flashed Magisk zip, wiped Cache/dalvik again and rebooted.

It crept through the Fire "Optimising system storage and applications" screen and is stuck at the end. I tried power down & reboot, it was then just stuck on the Fire screen. I tried rebooting to TWRP and wiping caches again, but the same happens - it's now been sat on the "Optimising system storage and applications" screen for an hour.

So it would appear that Magisk 21.3 does not work with Fire HD 10 (2017) on FireOS 5.6.8.0.

Anyone got any ideas how to resolve this?
Click to expand...
Click to collapse

I am also having problems with 21.3. (The difference is that I have a custom rom installed). I also tried 21.2 and that fails. But 21.1 does work (and 20.4).

I'm not that familiar with GitHub, but it looks like someone reported a similar problem #3636, 15 days ago on a Sony Z1C. It's about 9 down from your report on that site. Let's hope someone gets around to addressing this problem soon.

By the way, the newest Magisk Manager 8.06 seems to work fine with 20.4 or 21.1.
 
smithbill

smithbill

Senior Member
Jun 24, 2007
289
81
Liverpool
sga999 said:
I am also having problems with 21.3. (The difference is that I have a custom rom installed). I also tried 21.2 and that fails. But 21.1 does work (and 20.4).
Click to expand...
Click to collapse

That's interesting, I tried Magisk 21.1 but it also left me unable to boot FireOS 5.6.8.0. But I could easily enough revert back to Magisk 20.4 and it booted back up with no problems. I didn't bother trying 21.0 as I assumed it would also fail.

The Magisk Manager update works fine, just Magisk itself doesn't.
 
K

Korin67

Senior Member
Feb 24, 2018
250
114
I am new to suez. Sorry if his is a FAQ. I got suez recently, and the firmware is 5.6.8.0. OP says that I need to downgrade (brick). This means: set suez in fastboot mode (adb reboot bootloader) and run brick.sh?
When I did it, brick seems fail and FireOS reboot. Is there newer version of brick.sh?? I have experience with douglas and karnak, but new to suez.
Thank you for your advice.
 
K

Korin67

Senior Member
Feb 24, 2018
250
114
Korin67 said:
I am new to suez. Sorry if his is a FAQ. I got suez recently, and the firmware is 5.6.8.0. OP says that I need to downgrade (brick). This means: set suez in fastboot mode (adb reboot bootloader) and run brick.sh?
When I did it, brick seems fail and FireOS reboot. Is there newer version of brick.sh?? I have experience with douglas and karnak, but new to suez.
Thank you for your advice.
Click to expand...
Click to collapse
Sorry guys, this is a response to myself. I should have to search more before posting this. I found that brick.sh is no more useful (for newer firmware). We have to use Kingo Root approach instead to brick the tablet.
Thank you for your time.
 
K

Korin67

Senior Member
Feb 24, 2018
250
114
Succeeded but need your help. By following the @ajvasudhar method. I could successfully install TWRP from FireOS 5.6.8.0. I installed LOS14.1 and reboot. But boot animation repeats endlessly. What I noticed is in TWRP /data was not mounted. I can turn off the tablet by pressing PWR button nearly 30 secs. But I cannot enter TWRP. The key sequence is VolDown+PWR?? The tablet always go into LOS14.1 animation that does not boot now. Please help.

Edit:
After root the tablet. I did ./step-1.sh to brick. Then, ./bootrom-step-minimal.sh, lastly ./fastboot-step.sh all from amonet version 1.1.2

Edit2:
Okay, I can find how to enter twrp. It is VolUP(or Dn, the key closer to PWR)+PWR. I cannot mount /data with this version of TWRP (3.2.3-O). Is there newer version for suez? With this version I always see Keep System Read only? message. And I can mount System and Cache. I cannot not mount Data.

Edit3:
Solved. I had to do Format Data partition in TWRP. After this everything is okay. Thank you for all the informative articles in this thread.
 
Last edited:
  • Like
Reactions: M. Allison
F

fuzzynco

Senior Member
Oct 29, 2008
581
35
HTC One Max
Samsung Galaxy S9
I did the software install on a usb live xubuntu 20.4 (lte).
I setup adb on the tablet and got them connected ok.
I do now see 'serial-number device' reply to 'adb devices'.

Running step-1.sh says its using mtk-su and then pushes the 3 files okay.

error message:
Failed critical init step 4
This firmware cannot be supported

error just keeps repeating.

The tablet is Fire HD 10 2017
OS: 5.6.4.0 (636559820)

It's never connected to the internet.

I thought it was supposed to ask permission for the workaround for the 5.6.4.0 issue.
It didn't. I did download 'brick-suez' and 'return-to-stock' zips and unzipped them.

What should I do?

Fuzzy
 
K

Korin67

Senior Member
Feb 24, 2018
250
114
fuzzynco said:
I did the software install on a usb live xubuntu 20.4 (lte).
I setup adb on the tablet and got them connected ok.
I do now see 'serial-number device' reply to 'adb devices'.

Running step-1.sh says its using mtk-su and then pushes the 3 files okay.

error message:
Failed critical init step 4
This firmware cannot be supported

error just keeps repeating.

The tablet is Fire HD 10 2017
OS: 5.6.4.0 (636559820)

It's never connected to the internet.

I thought it was supposed to ask permission for the workaround for the 5.6.4.0 issue.
It didn't. I did download 'brick-suez' and 'return-to-stock' zips and unzipped them.

What should I do?

Fuzzy
Click to expand...
Click to collapse

I am new to suez, just finished my TWRP job. If incorrect, more knowledgeable people might correct.

I think in your case, you need to brick your tablet first. If the 'brick.sh' works, it is simple. Otherwise, you first need to root your tablet. Be sure in this case, 'su' command in adb shell environment guide to superuser. Under this environment you can use step-1.sh guides you to brick your tablet. Once your tablet be bricked, bootrom-step.minimal.sh will guide to fastboot mode.
 
K

KingNeox

New member
Feb 12, 2021
1
0
I need youre help please. i tried to root my fire hd 10 (2017) as it was described in the first post here. After the step

"sudo systemctl stop ModemManager
sudo systemctl disable ModemManager"

the Tablet didnt start again and now when it is connected to the computer there is only a connect and disconnect sound after 20 seconds in an endless loop. No reactions on the tablet, the screen stay black. Because it stay black i also cant acess to the recovery mode. Can i rescue my tablet with any steps?

Thanks for youre help.
 
F

fuzzynco

Senior Member
Oct 29, 2008
581
35
HTC One Max
Samsung Galaxy S9
fuzzynco said:
I did the software install on a usb live xubuntu 20.4 (lte).
I setup adb on the tablet and got them connected ok.
I do now see 'serial-number device' reply to 'adb devices'.

Running step-1.sh says its using mtk-su and then pushes the 3 files okay.

error message:
Failed critical init step 4
This firmware cannot be supported

error just keeps repeating.

The tablet is Fire HD 10 2017
OS: 5.6.4.0 (636559820)

It's never connected to the internet.

I thought it was supposed to ask permission for the workaround for the 5.6.4.0 issue.
It didn't. I did download 'brick-suez' and 'return-to-stock' zips and unzipped them.

What should I do?

Fuzzy
Click to expand...
Click to collapse

Should I run brick.sh, then bootrom-minimal.sh?

I'm a little lost as I thought if it tested for > 5.6.3 and failed it would ask for
permission to do the brick and then continue the script? Instead it continues without
asking and then fails with 'critical init step 4' error message.

It appears to have pushed the 3 three files to the tablet successfully, using mtk-su.

Fuz
 
R

Robi2003

Member
Mar 30, 2020
7
0
My Fire HD 10 (2017) is not showing anything.
So I have the black screen brick.

I just wanted to try the steps from @k4y0z

But after "Disable Watchdog" I get this (see screenshot)

screenshot.png
 
K

Korin67

Senior Member
Feb 24, 2018
250
114
fuzzynco said:
Should I run brick.sh, then bootrom-minimal.sh?

I'm a little lost as I thought if it tested for > 5.6.3 and failed it would ask for
permission to do the brick and then continue the script? Instead it continues without
asking and then fails with 'critical init step 4' error message.

It appears to have pushed the 3 three files to the tablet successfully, using mtk-su.

Fuz
Click to expand...
Click to collapse

Unfortunately, brick.sh does not work. bootrom-minimal.sh only works if your tablet is bricked. That means you first have to brick your tablet. To brick your tablet without using brick.sh (now it is useless), you need to root your tablet first. Article #1321 (the original article it refers) gives you the clue.
 
R

Robi2003

Member
Mar 30, 2020
7
0
karldonteljames said:
3D
sudo ./bootrom-step-minimal.sh
re-connecting to usb cable
At this point i had to hold the power button for 20 seconds. and a message came up asking me to press enter after removng the short (no short was applied, so just press enter)
anther message came up asking if i had bricked the device, press enter. at this point it began injecting the payload.
Click to expand...
Click to collapse

I cannot make this step, I get this error:

Bildschirmfoto von 2021-02-17 12-53-56.png
 
F

fuzzynco

Senior Member
Oct 29, 2008
581
35
HTC One Max
Samsung Galaxy S9
Korin67 said:
Unfortunately, brick.sh does not work. bootrom-minimal.sh only works if your tablet is bricked. That means you first have to brick your tablet. To brick your tablet without using brick.sh (now it is useless), you need to root your tablet first. Article #1321 (the original article it refers) gives you the clue.
Click to expand...
Click to collapse

The tablet is as it came from Amazon with Fire OS 5.6.4.0. mtk-su does still work.
Which version (fire os) was brick.sh written for?

Fuz
 
K

Korin67

Senior Member
Feb 24, 2018
250
114
I have no idea. I also tried with OS 5.6.4.0. When I tried brick.sh, the tablet just rebooted to FireOS as if nothing applied. It could not bring the tablet into brick.
 
You must log in or register to reply here.

Similar threads

K
[UNLOCK][ROOT][TWRP][UNBRICK] Fire HD 8 2017 (douglas)
Replies
853
Views
284K
tgptgp
tgptgp
X
Fire HD 8 (2018 ONLY) unbrick, downgrade, unlock & root
Replies
1K
Views
371K
R
RichBG
K
[UNLOCK][ROOT][TWRP][UNBRICK] Fire HD 8 2018 (karnak) amonet-3
Replies
1K
Views
244K
DerivativeOfLog7
DerivativeOfLog7
ggow
  • Locked
[discontinued][ROM][unlocked][suez] Lineage-14.1 [26 SEP 2019]
Replies
801
Views
213K
engloa
engloa
ggow
[discontinued][ROM][unlocked][suez] Lineage-12.1 [05 MAY 2020]
Replies
746
Views
164K
Y
yuera

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 86
    K
    k4y0z
    Read this whole guide before starting.

    This is for the 7th gen Fire HD10 (suez).

    Current version: amonet-suez-v1.1.2.zip


    NOTE: This process does not require you to open your device, but should something go horribly wrong, be prepared to do so.


    NOTE: This process will modify the partition-table (GPT) of your device.


    NOTE: Your device will be reset to factory defaults (including internal storage) during this process.


    What you need:
    • A Linux installation or live-system
    • A micro-USB cable

    Install python3, PySerial, adb, fastboot dos2unix. For Debian/Ubuntu something like this should work:
    Code: 
    sudo apt update
sudo add-apt-repository universe
sudo apt install python3 python3-serial adb fastboot dos2unix

    1. Extract the attached zip-file "amonet-suez-v1.1.2.zip" and open a terminal in that directory.


    NOTE: If you are already rooted, continue with the next step, otherwise get mtk-su by @diplomatic from here and place (the unpacked binary) into amonet/bin folder


    2. Enable ADB in Developer Settings

    3. Start the script:
    Code: 
    sudo ./step-1.sh

    Your device will now reboot into recovery and perform a factory reset.

    NOTE: If you are on firmware 5.6.4.0 or newer, a downgrade is necessary, this requires bricking the device temporarily. (The screen won't come on at all)
    If you chose the brick option, you don't need to run step-2.sh below:


    Make sure ModemManager is disabled or uninstalled:
    Code: 
    sudo systemctl stop ModemManager
sudo systemctl disable ModemManager

    After you have confirmed the bricking by typing "YES", you will need disconnect the device and run
    Code: 
    sudo ./bootrom-step-minimal.sh
    Then plug the device back in.

    It will then boot into "hacked fastboot" mode.
    Then run
    Code: 
    sudo ./fastboot-step.sh



    NOTE: When you are back at initial setup, you can skip registration by selecting a WiFi-Network, then pressing "Cancel" and then "Not Now"
    NOTE: Make sure you re-enable ADB after Factory Reset.


    4. Start the script:
    Code: 
    sudo ./step-2.sh

    The exploit will now be flashed and your device will reboot into TWRP.

    You can now install Magisk from there.


    Going back to stock
    Extract the attached zip-file "amonet-suez-v1.1-return-to-stock.zip" into the same folder where you extracted "amonet-suez-v1.1.2.zip" and open a terminal in that directory.
    You can go back to stock without restoring the original partition-table, so you can go back to unlocked without wiping data.
    Just use hacked fastboot to
    Code: 
    fastboot flash recovery bin/recovery.img

    If you want to go back completely (including restoring your GPT):
    Code: 
    sudo ./return-to-stock.sh

    Your device should reboot into Amazon Recovery. Use adb sideload to install stock image from there. (Make sure to use FireOS 5.6.3.0 or newer, otherwise you may brick your device)

    Important information

    In the new partitioning scheme your boot/recovery-images will be in boot_x/recovery_x respectively, while boot/recovery will hold the exploit.
    TWRP takes care of remapping these for you, so installing zips/images from TWRP will work as expected.

    Don't flash boot/recovery images from FireOS (FlashFire, MagiskManager etc.) (If you do anyway, make sure you flash them to boot_x/recovery_x)

    Should you accidentally overwrite the wrong boot, but your TWRP is still working, rebooting into TWRP will fix that automatically.

    TWRP will prevent updates from overwriting LK/Preloader/TZ, so generally installing an update should work without issues (only full updates, incremental updates won't work).

    For ROM developers there is still an option to overwrite these, which should only be done after thorough testing and if needed (LK should never be updated).

    It is still advised to disable OTA.


    Very special thanks to @xyz` for making all this possible and putting up with the countless questions I have asked, helping me finish this.
    Special thanks also to @retyre for porting the bootrom-exploit and for testing.
    Special thanks also to @diplomatic for his wonderfull mtk-su, allowing you to unlock without opening the device.
    Thanks also to @bibikalka and everyone who donated :)
    Thanks to @TheRealIntence and @b1u3m3th for confirming it also works on the 64GB model.
    View
    14
    K
    k4y0z
    Unbricking

    If Recovery OR FireOS are still accessible there are other means of recovery, don't continue.

    If your device shows one of the following symptoms:
    1. It doesn't show any life (screen stays dark)
    2. You see the white amazon logo, but cannot access Recovery or FireOS.

    If you have a Type 1 brick, you may not have to open the device, if your device comes up in bootrom-mode (See Checking USB connection below).
    1. Make sure the device is powered off, by holding the power-button for 20+ seconds
    2. Start bootrom-step.sh
    3. Plug in USB

    In all other cases you will have to open the device and partially take it apart.
    Follow this guide by @retyre until (including) step 8..
    At Step 6. you will replace
    Code: 
    sudo ./bootrom.sh
    with
    Code: 
    sudo ./bootrom-step.sh
    Should the script stall at some point, restart it and replug the USB-cable (Shorting it again should not be necessary unless the script failed at the very beginning).

    If the script succeeded, put the device back together.
    When you turn it on, it should start in hacked fastboot mode.
    You can now use
    Code: 
    sudo ./fastboot-step.sh
    This will flash TWRP and reset your device to factory defaults, then reboot into TWRP.


    Checking USB connection
    In lsusb the boot-rom shows up as:
    Code: 
    Bus 002 Device 013: ID [b]0e8d:0003[/b] MediaTek Inc. MT6227 phone

    If it shows up as:
    Code: 
    Bus 002 Device 014: ID [b]0e8d:2000[/b] MediaTek Inc. MT65xx Preloader
    instead, you are in preloader-mode, try again.

    dmesg lists the correct device as:
    Code: 
    [ 6383.962057] usb 2-2: New USB device found, idVendor=[b]0e8d[/b], idProduct=[b]0003[/b], bcdDevice= 1.00
    View
    11
    S
    smartypantsuk
    k4v7uk said:
    This sounds promising. Is there any documentation on here to get SuperSu on the Fire? It would be great if i could get this method to work. I really dont want to open the thing. Thanx for your help.
    Click to expand...
    Click to collapse
    You'll need a linux distrubution to work from, a live boot cd/usb will work fine.
    Don't use WSL (Subsystem for Linux) on Windows 10 as usb support doesn't work properly, or at all, for anything other than usb storage devices.

    This guide was part of a larger guide on Github, adapted from Retyre's XDA Guide.

    Root on Fire HD10 2017 5.6.9.0 (not tried on other systems)

    1. Download the root exploit code (alternate link SHA256 8bfc3d5c75964e5fa28c8ffa39a87249ba10ea4180f55f546b2dcc286a585ea8) and Super_SU18+ (alternate link SHA256 b572c1a982d1e0baeb571d3bc0df7f6be11b14553c181c9e0bf737cc4a4fbbfd).
      wget -c "http://myphone-download.wondershare.cc/mgroot/20165195.zip" "http://myphone-download.wondershare.cc/mgroot/SuperSU_18+.zip"
    2. Unzip them both to a 20165195 directory.
      unzip -u 20165195.zip -d 20165195 && unzip -u SuperSU_18+.zip -d 20165195
    3. Check the 20165195 directory contains all the needed files.
      $ ls -1 20165195
      Matrix
      Superuser.apk
      ddexe
      debuggerd
      fileWork
      install-recovery.sh
      krdem
      mount
      patch_boot.sh
      pidof
      push_root.sh
      start_wssud.sh
      su
      su_arm64
      supersu.zip
      supolicy
      toolbox
      wsroot.sh
    4. Push the directory to the tablet.
      adb push 20165195 /data/local/tmp
    5. Login to the tablet.
      adb shell
    6. Make the files executable.
      chmod 755 /data/local/tmp/20165195/*
    7. Run the exploit. You should see a lot of output while it runs.
      /data/local/tmp/20165195/Matrix /data/local/tmp/20165195 2
      If the script executes successfully, the final lines of output should display the memory location that was exploited (may be different than 0x7fab64c000) and a value of 0 for <Exploit> and <Done>. If it fails, check the Troubleshooting section:
    8. exploited 0x7fab64c000=f97cff8c
      end!!!!!!!
      <WSRoot><Exploit>0</Exploit></WSRoot>
      <WSRoot><Done>0</Done></WSRoot>

    9. You can verify root with su.
      shell@suez:/ $ su
      su
      root@suez:/ #
    10. Back on your computer, download SuperSU 2.82 SR5 apk (alternate link SHA256 2c7be9795a408d6fc74bc7286658dfe12252824867c3a2b726c1f3c78cee918b) and install it to the tablet with adb.
      adb install "eu.chainfire.supersu_2.82-SR5-282_minAPI9(nodpi)_apkmirror.com.apk"
    11. Open up the SuperSU app on the tablet, tap Get Started, then tap Continue and select Normal to update the app. Select Reboot after it is done installing to reboot the tablet.
    12. After the tablet reboots, open SuperSU app again, tap on Settings tab, then tap Default access, then choose Grant.
    13. Log in to your tablet.
      adb shell
    14. Switch to superuser and delete directories /data/data-lib/com.wondershare.DashRoot and /data/data-lib/wondershare.
      su
      rm -r /data/data-lib/com.wondershare.DashRoot /data/data-lib/wondershare

    Once rooted, you can start the main guide on here for TWRP installation and skip past the root part.
    Notes: At stage 7, running the exploit, you may find get an error instead of a successful output like above.
    If you get this or similar, try rebooting your Fire HD and try again:

    <WSRoot><Exploit>0x00000332</Exploit></WSRoot>
    check done
    sched_setaffinity: Function not implemented<WSRoot><Exploit>0x00000382</Exploit></WSRoot>
    FAIL : load1 --> /sepolicy
    <WSRoot><Exploit>0x00000341</Exploit></WSRoot>
    <WSRoot><Exploit>0x00000881</Exploit></WSRoot>
    <WSRoot><Done>0x00000172</Done></WSRoot>

    I had to reboot once to get it to work. It's also worth noting that, even though it was successful the second time, i still received a function not implemented error, but it still worked. This is the part that you're looking for to be sucessful:

    <WSRoot><Exploit>0</Exploit></WSRoot>
    <WSRoot><Done>0</Done></WSRoot>
    View
    10
    K
    k4y0z
    Changelog
    Version 1.1.2 (26.03.2019)
    • Fix regenerating GPT from temp GPT

    Version 1.1.1 (26.03.2019)
    • Fix unbricking procedure

    Version 1.1 (25.03.2019)
    • Update TWRP-sources to twrp-9.0 branch
    • TWRP uses kernel compiled from source
    • Add scripts to use handshake2.py to enter fastboot/recovery

    Features.

    • Uses 5.6.3 LK for full compatibility with newer kernels.
    • Hacked fastboot mode lets you use all fastboot commands (flash etc).
    • Boots custom/unsigned kernel-images (no patching needed)
    • TWRP protects from downgrading PL/TZ/LK
    • For the devs: sets printk.disable_uart=0 (enables debug-output over UART).

    NOTE: Hacked fastboot can be reached via TWRP.

    NOTE: Hacked fastboot doesn't remap partition names, so you can easily go back to stock
    View
    9
    K
    k4y0z
    Just uploaded version 1.1.
    If you are already unlocked you can just install the zip-file from TWRP to update.

    Version 1.1 (25.03.2019)
    • Update TWRP-sources to twrp-9.0 branch
    • TWRP uses kernel compiled from source
    • Add scripts to use handshake2.py to enter fastboot/recovery
    View

New posts