[UNLOCK][ROOT][TWRP][UNBRICK] Fire HD 8 2016 (giza)

Search This thread
By:
Advanced…
CessnaBroon

CessnaBroon

Senior Member
Mar 17, 2021
171
69
Scotland
Samsung Galaxy Tab S
Samsung Galaxy Tab A series
An update: I installed the Mediatek Preloader VCOM Driver, (tl;dr i was on linux before, using wsl now), and upon connection it is recognised by Device Manager for two seconds, before it disconnects again. It doesn't pass-through the connection to either WSL, or the ubuntu VM I have setup. In other news, it now lets out a quiet, but high-pitched wailing when the battery and micro-USB is connected 🤣
 
R

Rortiz2

Senior Member
Mar 1, 2018
2,449
1,862
Barcelona
CessnaBroon said:
Shorted something I shouldn't have, and now it's making a burning smell, and getting extremely hot. Gonna call this a loss. Thanks for the help 👍
Click to expand...
Click to collapse
There's literally a picture of what you need to short to access bootrom mode in the second post.

Based on what you said (especially the burning smell part), it sounds like you shorted VBAT/VBUS with ground. Worst case scenario, you may have killed the entire motherboard, or if you were lucky, maybe you just killed the battery.

Maybe the tab is still alive. Try to check if it still shows up under lsusb when you plug it in.​
 
CessnaBroon

CessnaBroon

Senior Member
Mar 17, 2021
171
69
Scotland
Samsung Galaxy Tab S
Samsung Galaxy Tab A series
Rortiz2 said:
There's literally a picture of what you need to short to access bootrom mode in the second post.

Based on what you said (especially the burning smell part), it sounds like you shorted VBAT/VBUS with ground. Worst case scenario, you may have killed the entire motherboard, or if you were lucky, maybe you just killed the battery.

Maybe the tab is still alive. Try to check if it still shows up under lsusb when you plug it in.​
Click to expand...
Click to collapse
I used the picture as a guide, but I think I was a bit too erratic removing the shielding. The board is in many pieces now, so it won't be booting again, but I will return if we are ever donated another. Best wishes :)
 
D

dfat

New member
May 26, 2022
2
0
Hello! I have the Fire HD giza and the tablet got bricked after step 1. I had succeeded in running bootrom-step.sh once and used TWRP and tried to install LineageOS, however I encountered an error, but that's not relevant at the moment. I restarted and had varying degrees of success with bootrom-step.sh, what had worked for me was holding BOTH volume buttons with the battery disconnected and running bootrom-step.sh. My mistake was I ran gpt-fix.sh and as the script was running the cable got unplugged and now the screen is completely blank. Not even the blank screen with the amazon logo comes on under any circumstance, can you please advise?
 
R

Rortiz2

Senior Member
Mar 1, 2018
2,449
1,862
Barcelona
dfat said:
Hello! I have the Fire HD giza and the tablet got bricked after step 1. I had succeeded in running bootrom-step.sh once and used TWRP and tried to install LineageOS, however I encountered an error, but that's not relevant at the moment. I restarted and had varying degrees of success with bootrom-step.sh, what had worked for me was holding BOTH volume buttons with the battery disconnected and running bootrom-step.sh. My mistake was I ran gpt-fix.sh and as the script was running the cable got unplugged and now the screen is completely blank. Not even the blank screen with the amazon logo comes on under any circumstance, can you please advise?
Click to expand...
Click to collapse
Just run it again. It may complain about broken RPMB, just press enter.
 
D

dfat

New member
May 26, 2022
2
0
Rortiz2 said:
Just run it again. It may complain about broken RPMB, just press enter.
Click to expand...
Click to collapse
It's not moving past 'Waiting for bootrom', i've tried pressing both volume buttons as I plug into script as well as shorting the pin as I plug in, all with the battery disconnected. Is it possible I deleted the bootrom / preloader somehow?
 
cellist

cellist

Member
Dec 22, 2013
16
5
Quickly wanted to share my story with you, maybe someone can relate ;-)
I got my hands on a Fire HD8, Giza model (was advertised as Douglas, but oh well ...).
  1. Step 1 told me that I had to do the temporary brick, so I used the brick and continued with bootstep minimal
  2. The screen went black, "lsusb" did not show the device (neither did "dmesg"), tried to turn it off and on including pressing volume key -/+ simultaneously, and not pressing it - but it didn't work
  3. I tried one last time, and then I hoped it was still on and power would run off (I'm scared of opening the device ;-) )
  4. Two days later, I tried the bootstep minimal once again, but arrived at the same result
  5. I swapped the USB cable for another one, bootstep minimal found the device and I was presented with hacked fastboot mode, yay!!!
  6. I completed the fastboot step afterwards, got into TWRP, and then "adb sideload"ed LineageOS 15.1
So the process is very sensitive to the USB cable (although the first one had worked for the 1st step perfectly), and waiting for battery losing all its power is definitely an option, too.

Rortiz2, thank you very much again for your support on this device, and just a quick comment: the camera is not working (tried Open Camera - on Douglas, it is working fine there), but for me that is only a minor issue.
 
Last edited:
You must log in or register to reply here.

Similar threads

K
[UNLOCK][ROOT][TWRP][UNBRICK] Fire HD 10 2017 (suez)
Replies
2K
Views
348K
N
nathanzachary
X
Fire HD 8 (2018 ONLY) unbrick, downgrade, unlock & root
Replies
1K
Views
315K
R
Rortiz2
D
Rapid Temporary Root for HD 8 & HD 10
Replies
1K
Views
388K
T
targa
K
[UNLOCK][ROOT][TWRP][UNBRICK] Fire HD 8 2017 (douglas)
Replies
757
Views
211K
Kararmowfaq
Kararmowfaq
K
[UNLOCK][ROOT][TWRP][UNBRICK] Fire HD 8 2018 (karnak) amonet-3
Replies
945
Views
193K
sanjeevchhantyal
sanjeevchhantyal

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 8
    R
    Rortiz2
    Read this whole guide before starting.
    This is for the 6th gen Fire HD8 (giza).

    Current version: amonet-giza-v1.3.zip

    NOTE: This process does not require you to open your device, but should something go horribly wrong, be prepared to do so.
    NOTE: This process will modify the partition-table (GPT) of your device.
    NOTE: Your device will be reset to factory defaults (including internal storage) during this process.

    What you need:
    • A Linux installation or live-system
    • A micro-USB cable
    Install python3, PySerial, adb, fastboot dos2unix. For Debian/Ubuntu something like this should work:
    Code: 
    sudo apt update
sudo add-apt-repository universe
sudo apt install python3 python3-serial adb fastboot dos2unix

    1. Extract the attached zip-file "amonet-giza-v1.2.zip" and open a terminal in that directory.
    NOTE: If you are already rooted, continue with the next step, otherwise get mtk-su by @diplomatic from here and place (the unpacked binary) into amonet/bin folder

    2. Enable ADB in Developer Settings.

    3. Start the script:
    Code: 
    sudo ./step-1.sh

    Your device will now reboot into recovery and perform a factory reset.

    NOTE: If your PL/TZ/LK versions are too new, a downgrade is necessary, this requires bricking the device temporarily. (The screen won't come on at all)
    If you chose the brick option, you don't need to run step-2.sh below:

    Make sure ModemManager is disabled or uninstalled:
    Code: 
    sudo systemctl stop ModemManager
sudo systemctl disable ModemManager

    After you have confirmed the bricking by typing "YES", you will need disconnect the device and run
    Code: 
    sudo ./bootrom-step-minimal.sh

    Then plug the device back in.

    It will then boot into "hacked fastboot" mode.
    Then run
    Code: 
    sudo ./fastboot-step.sh
    NOTE: When you are back at initial setup, you can skip registration by selecting a WiFi-Network, then pressing "Cancel" and then "Not Now"
    NOTE: Make sure you re-enable ADB after Factory Reset.

    4. Start the script:
    Code: 
    sudo ./step-2.sh

    The exploit will now be flashed and your device will reboot into TWRP.
    You can now install Magisk from there.

    Going back to stock
    Extract the attached zip-file "amonet-giza-v1.2.zip" and open a terminal in that directory.

    You can go back to stock without restoring the original partition-table, so you can go back to unlocked without wiping data.

    Just use hacked fastboot to
    Code: 
    sudo fastboot flash recovery bin/recovery.img

    If you want to go back completely (including restoring your GPT):
    Code: 
    sudo ./return-to-stock.sh

    Your device should reboot into Amazon Recovery. Use adb sideload to install stock image from there.

    Important information

    In the new partitioning scheme your boot/recovery-images will be in boot_x/recovery_x respectively, while boot/recovery will hold the exploit.
    TWRP takes care of remapping these for you, so installing zips/images from TWRP will work as expected.

    Don't flash boot/recovery images from FireOS (FlashFire, MagiskManager etc.) (If you do anyway, make sure you flash them to boot_x/recovery_x)

    Should you accidentally overwrite the wrong boot, but your TWRP is still working, rebooting into TWRP will fix that automatically.

    TWRP will prevent updates from overwriting LK/Preloader/TZ, so generally installing an update should work without issues (only full updates, incremental updates won't work).

    For ROM developers there is still an option to overwrite these, which should only be done after thorough testing and if needed (LK should never be updated).

    It is still advised to disable OTA.

    Very special thanks to @xyz` for making all this possible and releasing the original amonet exploit for karnak.
    Special thanks also to @k4y0z for making all this possible and porting the exploit to 64 bit devices.
    Special thanks also to @diplomatic for his wonderfull mtk-su, allowing you to unlock without opening the device.
    Special thanks also to @lovaduck for all the testing.
    View
    2
    R
    Rortiz2
    Unbricking

    If Recovery OR FireOS are still accessible there are other means of recovery, don't continue.

    If your device shows one of the following symptoms:
    1. It doesn't show any life (screen stays dark)
    2. You see the white amazon logo, but cannot access Recovery or FireOS.

    If you have a Type 1 brick, you may not have to open the device, if your device comes up in bootrom-mode (See Checking USB connection below).
    1. Make sure the device is powered off, by holding the power-button for 20+ seconds
    2. Start bootrom-step.sh
    3. Plug in USB
    In all other cases you will have to open the device and partially take it apart.

    1. Extract the attached zip-file "amonet-giza-v1.2.zip" and open a terminal in that directory.
    2. Start the script:
    Code: 
    sudo ./bootrom-step.sh
    It should now say Waiting for bootrom.

    If you're lucky and have an old preloader (Up to FireOS 5.3.2.0), you can just hold the left volume button while plugging the device in.
    If you're on a newer preloader, there are two options:
    1. Open the device and short the marked pin (CLK) in the attached photo to ground while plugging in.
    2. Downgrade to 5.3.1.0 firmware (google drive mirror) via adb sideload in Amazon recovery, then proceed to use the left volume button to enter boot-rom.
    NOTE: Using option two may brick your device until you have successfully finished the process.

    4. When the script asks you to remove the short, remove the short and press enter.

    5. Wait for the script to finish.
    If it fails at some point, stop it and restart the process from step 2.

    6. Your device should now reboot into unlocked fastboot state.

    7. Run
    Code: 
    sudo ./fastboot-step.sh

    The device should reboot to TWRP. Format data and use TWRP to flash a custom ROM, Magisk or SuperSU.

    Checking USB connection
    In lsusb the boot-rom shows up as:
    Code: 
    Bus 002 Device 013: ID 0e8d:0003 MediaTek Inc. MT6227 phone

    If it shows up as:
    Code: 
    Bus 002 Device 014: ID 0e8d:2000 MediaTek Inc. MT65xx Preloader
    instead, you are in preloader-mode, try again.

    dmesg lists the correct device as:
    Code: 
    [ 6383.962057] usb 2-2: New USB device found, idVendor=0e8d, idProduct=0003, bcdDevice= 1.0
    View
    2
    O
    owbk
    If you really bricked the tablet with step-1.sh and you can't get bootrom-step.sh to work, try to connect the tablet with the battery unplugged (then after the script finishes, reconnect it). Alternatively, if that doesn't work, try pressing the volume - button while plugging it in.
    Click to expand...
    Click to collapse
    Unplugging the battery and running bootrom-step-minimal.sh works. Thanks.
    View
    1
    R
    Rortiz2
    Source Code:
    View
    1
    P
    pascal009
    CessnaBroon said:
    Hi there!
    Firstly, thanks for this!
    Problem: I've flashed the old update bin through sideload successfully. However, when I try to boot the bootrom, it doesn't. Lsusb doesn't register the device at all, and dmesg sees it as preloaded with error -22. What are your suggestions as to what I have done wrong, and what should I do to remedy it? Thanks :)
    Click to expand...
    Click to collapse
    At some point Amazon built in an anti-rollback mechanism to prevent downgrading the firmware directly through side-loading.
    This leads to bricking of the device. You can only side-load the same version of firmware or higher.

    For the suez (Fire HD 10 7th Gen) there is a way to successfully unbrick this type of problem which requires disassembling your device and shorting a specific point on the PCB.

    2017 Fire HD 10: Unbricking from anti-rollback

    Disclaimer: To go through with this, you will...
    forum.xda-developers.com forum.xda-developers.com

    But as everything with these devices the OPs are specific to the model. There might be a similar way for the giza. More experienced members on this thread might be able to help you. This was just a likely explanation of what had caused the bricking.

    Good luck.
    View

New posts