• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[UNLOCK][ROOT][TWRP][UNBRICK] Fire HD 8 2016 (giza)

Search This thread

Rortiz2

Senior Member
Mar 1, 2018
2,156
1,428
Barcelona

sancho_sumy

Member
Sep 9, 2021
9
2
Weird enough, either the preloader was corrupt or (somehow) your tab updated RPMB. Anyway, you don't need to short since it flashed 5.3.1.0 Preloader, so you can access bootrom using the volume rockers.

Try to follow the second post (unbricking): https://forum.xda-developers.com/t/...ck-fire-hd-8-2016-giza.4303443/#post-85302749
Tableb become avalable by lsusb.

When I try you instruction I receve

[email protected]:~/Downloads/amonet-giza-v1.2$ sudo ./bootrom-step.sh
[2021-09-10 07:56:12.991706] Waiting for bootrom
[2021-09-10 07:56:26.305050] Found port = /dev/ttyACM1
[2021-09-10 07:56:26.305832] Handshake

* * * If you have a short attached, remove it now * * *
* * * Press Enter to continue * * *


[2021-09-10 07:56:38.330642] Init crypto engine
[2021-09-10 07:56:38.347839] Disable caches
[2021-09-10 07:56:38.348305] Disable bootrom range checks
[2021-09-10 07:56:38.362671] Load payload from ../brom-payload/build/payload.bin = 0x48D8 bytes
[2021-09-10 07:56:38.366215] Send payload
[2021-09-10 07:56:38.992353] Let's rock
[2021-09-10 07:56:38.993244] Wait for the payload to come online...
[2021-09-10 07:56:39.713971] all good
[2021-09-10 07:56:39.714639] Check GPT
[2021-09-10 07:56:40.694832]
[2021-09-10 07:56:40.695088] Sector size (logical): 512 bytes
[2021-09-10 07:56:40.695273] Disk identifier (GUID): 2FF3406B-19BF-4AEF-BC13-A5EC521D38CA
[2021-09-10 07:56:40.695389] Partition table holds up to 128 entries
[2021-09-10 07:56:40.695492] This partition table begins at sector 2 and ends at sector 33
[2021-09-10 07:56:40.695584] First usable sector is 34, last usable sector is 30535646
[2021-09-10 07:56:40.695671] Other partition table is at sector 30535679
[2021-09-10 07:56:40.695756]
[2021-09-10 07:56:40.695939] Number Start (sector) End (sector) Size Name
[2021-09-10 07:56:40.697361] 1 1024 7167 3.00 MiB proinfo
[2021-09-10 07:56:40.697919] 2 7168 17407 5.00 MiB nvram
[2021-09-10 07:56:40.698446] 3 17408 37887 10.00 MiB protect1
[2021-09-10 07:56:40.698934] 4 37888 58367 10.00 MiB protect2
[2021-09-10 07:56:40.699433] 5 58368 58879 256.00 KiB seccfg
[2021-09-10 07:56:40.699940] 6 58880 59879 500.00 KiB lk
[2021-09-10 07:56:40.700455] 7 59880 92415 15.89 MiB boot_x
[2021-09-10 07:56:40.701250] 8 92416 125183 16.00 MiB recovery_x
[2021-09-10 07:56:40.701747] 9 125184 137471 6.00 MiB secro
[2021-09-10 07:56:40.702227] 10 137472 138495 512.00 KiB para
[2021-09-10 07:56:40.702698] 11 138496 154879 8.00 MiB logo
[2021-09-10 07:56:40.703162] 12 154880 175359 10.00 MiB expdb
[2021-09-10 07:56:40.703623] 13 175360 177407 1024.00 KiB frp
[2021-09-10 07:56:40.704082] 14 177408 187647 5.00 MiB tee1
[2021-09-10 07:56:40.704561] 15 187648 197887 5.00 MiB tee2
[2021-09-10 07:56:40.705041] 16 197888 278527 39.38 MiB metadata
[2021-09-10 07:56:40.705511] 17 278528 280575 1024.00 KiB kb
[2021-09-10 07:56:40.705971] 18 280576 282623 1024.00 KiB dkb
[2021-09-10 07:56:40.706442] 19 282624 3588671 1.58 GiB system
[2021-09-10 07:56:40.706904] 20 3588672 4457023 424.00 MiB cache
[2021-09-10 07:56:40.707380] 21 4457024 4458047 512.00 KiB MISC
[2021-09-10 07:56:40.707844] 22 4458048 4490815 16.00 MiB persisbackup
[2021-09-10 07:56:40.708310] 23 4490816 4499455 4.22 MiB PMT
[2021-09-10 07:56:40.708828] 24 4499456 30084095 12.20 GiB userdata
[2021-09-10 07:56:40.709304] 25 30084096 30309375 110.00 MiB boot
[2021-09-10 07:56:40.709800] 26 30309376 30534655 110.00 MiB recovery
[2021-09-10 07:56:40.733369]
[2021-09-10 07:56:40.733573] Check boot0
Traceback (most recent call last):
File "main.py", line 233, in <module>
main()
File "main.py", line 162, in main
switch_boot0(dev)
File "main.py", line 31, in switch_boot0
raise RuntimeError("what's wrong with your BOOT0?")
RuntimeError: what's wrong with your BOOT0?
 

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    Tableb become avalable by lsusb.

    When I try you instruction I receve
    Ok, yeah, your Preloader was corrupt, try with this zip (which ignores boot0 status). And no, don't run gpt-fix, your issue isn't the partition table.
    1
    this is off topic and wrong device please create a a topic on the hd 8 and 10 general
    1
    Ok, yeah, your Preloader was corrupt, try with this zip (which ignores boot0 status). And no, don't run gpt-fix, your issue isn't the partition table.

    It works!

    Thank you for prompt reply and assistance.
    Now device flashed with Lineage 15.1 and work good!
    1
    @ri

    nutt camera note working

    but camra not working
    Newer used it in stock, so it's not a problem for me.
  • 3
    Read this whole guide before starting.
    This is for the 6th gen Fire HD8 (giza).

    Current version: amonet-giza-v1.2.zip

    NOTE: This process does not require you to open your device, but should something go horribly wrong, be prepared to do so.
    NOTE: This process will modify the partition-table (GPT) of your device.

    NOTE: Your device will be reset to factory defaults (including internal storage) during this process.

    What you need:
    • A Linux installation or live-system
    • A micro-USB cable
    Install python3, PySerial, adb, fastboot dos2unix. For Debian/Ubuntu something like this should work:
    Code:
    sudo apt update
    sudo add-apt-repository universe
    sudo apt install python3 python3-serial adb fastboot dos2unix

    1. Extract the attached zip-file "amonet-giza-v1.2.zip" and open a terminal in that directory.
    NOTE: If you are already rooted, continue with the next step, otherwise get mtk-su by @diplomatic from here and place (the unpacked binary) into amonet/bin folder

    2. Enable ADB in Developer Settings.

    3. Start the script:
    Code:
    sudo ./step-1.sh

    Your device will now reboot into recovery and perform a factory reset.

    NOTE: If your PL/TZ/LK versions are too new, a downgrade is necessary, this requires bricking the device temporarily. (The screen won't come on at all)
    If you chose the brick option, you don't need to run step-2.sh below:


    Make sure ModemManager is disabled or uninstalled:
    Code:
    sudo systemctl stop ModemManager
    sudo systemctl disable ModemManager

    After you have confirmed the bricking by typing "YES", you will need disconnect the device and run
    Code:
    sudo ./bootrom-step-minimal.sh

    Then plug the device back in.

    It will then boot into "hacked fastboot" mode.
    Then run
    Code:
    sudo ./fastboot-step.sh
    NOTE: When you are back at initial setup, you can skip registration by selecting a WiFi-Network, then pressing "Cancel" and then "Not Now"
    NOTE: Make sure you re-enable ADB after Factory Reset.


    4. Start the script:
    Code:
    sudo ./step-2.sh

    The exploit will now be flashed and your device will reboot into TWRP.
    You can now install Magisk from there.

    Going back to stock
    Extract the attached zip-file "amonet-giza-v1.2.zip" and open a terminal in that directory.

    You can go back to stock without restoring the original partition-table, so you can go back to unlocked without wiping data.

    Just use hacked fastboot to
    Code:
    sudo fastboot flash recovery bin/recovery.img

    If you want to go back completely (including restoring your GPT):
    Code:
    sudo ./return-to-stock.sh

    Your device should reboot into Amazon Recovery. Use adb sideload to install stock image from there.

    Important information

    In the new partitioning scheme your boot/recovery-images will be in boot_x/recovery_x respectively, while boot/recovery will hold the exploit.
    TWRP takes care of remapping these for you, so installing zips/images from TWRP will work as expected.

    Don't flash boot/recovery images from FireOS (FlashFire, MagiskManager etc.) (If you do anyway, make sure you flash them to boot_x/recovery_x)

    Should you accidentally overwrite the wrong boot, but your TWRP is still working, rebooting into TWRP will fix that automatically.

    TWRP will prevent updates from overwriting LK/Preloader/TZ, so generally installing an update should work without issues (only full updates, incremental updates won't work).

    For ROM developers there is still an option to overwrite these, which should only be done after thorough testing and if needed (LK should never be updated).

    It is still advised to disable OTA.

    Very special thanks to @xyz` for making all this possible and releasing the original amonet exploit for karnak.
    Special thanks also to @k4y0z for making all this possible and porting the exploit to 64 bit devices.
    Special thanks also to @diplomatic for his wonderfull mtk-su, allowing you to unlock without opening the device.
    Special thanks also to @lovaduck for all the testing.
    1
    Great job by Roger, everything worked very much at first attempt while I tested. Now I have revived an old tablet that was not in use anymore!
    I would advise everybody trying this process to keep in mind that things can always go wrong, but you have nothing to lose anyways. Hack at your own risk.
    So good luck with the mod, and again, kudos to @Rortiz2
    1
    I get the following when running step 1:

    Is there much of a difference between the two and if not should I just edit the check in step-1.sh & step-2.sh?
    Oh well, my fault, let me fix that.
    EDIT: Fixed the product check, use the v1.1 package.
    1
    Tableb become avalable by lsusb.

    When I try you instruction I receve
    Ok, yeah, your Preloader was corrupt, try with this zip (which ignores boot0 status). And no, don't run gpt-fix, your issue isn't the partition table.
    1
    this is off topic and wrong device please create a a topic on the hd 8 and 10 general