[UNLOCK][ROOT][TWRP][UNBRICK] Fire HD 8 2017 (douglas)

k4y0z

Senior Member
Nov 27, 2015
1,401
1,790
143
Read this whole guide before starting.

This is for the 7th gen Fire HD8 (douglas).

Current version: amonet-douglas-v1.2.zip


NOTE: This process does not require you to open your device, but should something go horribly wrong, be prepared to do so.


NOTE: This process will modify the partition-table (GPT) of your device.



NOTE: Your device will be reset to factory defaults (including internal storage) during this process.


What you need:
  • A Linux installation or live-system
  • A micro-USB cable

Install python3, PySerial, adb, fastboot dos2unix. For Debian/Ubuntu something like this should work:
Code:
sudo apt update
sudo add-apt-repository universe
sudo apt install python3 python3-serial adb fastboot dos2unix
1. Extract the attached zip-file "amonet-douglas-v1.1.zip" and open a terminal in that directory.


NOTE: If you are already rooted, continue with the next step, otherwise get mtk-su by @diplomatic from here and place (the unpacked binary) into amonet/bin folder


2. Enable ADB in Developer Settings

3. Start the script:
Code:
sudo ./step-1.sh
Your device will now reboot into recovery and perform a factory reset.

NOTE: If you are on a firmware newer than 5.6.4.0, a downgrade is necessary, this requires bricking the device temporarily. (The screen won't come on at all)
If you chose the brick option, you don't need to run step-2.sh below:



Make sure ModemManager is disabled or uninstalled:
Code:
sudo systemctl stop ModemManager
sudo systemctl disable ModemManager

WARNING: Do not use bootrom-step-minimal.sh if you bricked using brick(-9820).sh!
You will need to use bootrom-step.sh.


After you have confirmed the bricking by typing "YES", you will need disconnect the device and run
Code:
sudo ./bootrom-step-minimal.sh
Then plug the device back in.

It will then boot into "hacked fastboot" mode.
Then run
Code:
sudo ./fastboot-step.sh



NOTE: When you are back at initial setup, you can skip registration by selecting a WiFi-Network, then pressing "Cancel" and then "Not Now"
NOTE: Make sure you re-enable ADB after Factory Reset.



4. Start the script:
Code:
sudo ./step-2.sh
The exploit will now be flashed and your device will reboot into TWRP.

You can now install Magisk from there.


Going back to stock
Extract the attached zip-file "amonet-douglas-return-to-stock.zip" into the same folder where you extracted "amonet-douglas-v1.0.zip" and open a terminal in that directory.
You can go back to stock without restoring the original partition-table, so you can go back to unlocked without wiping data.
Just use hacked fastboot to
Code:
sudo fastboot flash recovery bin/recovery.img
If you want to go back completely (including restoring your GPT):
Code:
sudo ./return-to-stock.sh
Your device should reboot into Amazon Recovery. Use adb sideload to install stock image from there. (Make sure to use FireOS 5.6.4.0 or newer, otherwise you may brick your device)

Important information

In the new partitioning scheme your boot/recovery-images will be in boot_x/recovery_x respectively, while boot/recovery will hold the exploit.
TWRP takes care of remapping these for you, so installing zips/images from TWRP will work as expected.

Don't flash boot/recovery images from FireOS (FlashFire, MagiskManager etc.) (If you do anyway, make sure you flash them to boot_x/recovery_x)

Should you accidentally overwrite the wrong boot, but your TWRP is still working, rebooting into TWRP will fix that automatically.

TWRP will prevent updates from overwriting LK/Preloader/TZ, so generally installing an update should work without issues (only full updates, incremental updates won't work).

For ROM developers there is still an option to overwrite these, which should only be done after thorough testing and if needed (LK should never be updated).

It is still advised to disable OTA.


Very special thanks to @xyz` for making all this possible and putting up with the countless questions I have asked, helping me finish this.
Special thanks also to @diplomatic for his wonderfull mtk-su, allowing you to unlock without opening the device.
Thanks to @t0x1cSH and @breakfastofsecrets for testing.
 

Attachments

Last edited:

k4y0z

Senior Member
Nov 27, 2015
1,401
1,790
143
Changelog
Version 1.2 (15.10.2019)
  • Increase boot.hdr size to avoid crashes with leftovers of boot.img

Version 1.1 (02.09.2019)
  • Add system_image to TWRP
  • Add serialno to GPT-folder to avoid mixups between 16G and 32G
  • Add scripts to fix GPT
Features.

  • Hacked fastboot mode lets you use all fastboot commands (flash etc).
  • Boots custom/unsigned kernel-images (no patching needed)
  • TWRP protects from downgrading PL/TZ/LK

NOTE: Hacked fastboot can be reached via TWRP.

NOTE: Hacked fastboot doesn't remap partition names, so you can easily go back to stock
 
Last edited:

t0x1cSH

Senior Member
Jul 24, 2018
105
114
53
if you can't get in the recovery by long pressing the volume buttons and power button simultaneously, during the boot keep both the volume buttons and fastly tap the power button

i had some problems getting by long pressing in the recovery and this worked every time

ty k4y0z
 
Last edited:
  • Like
Reactions: ray2jerry

MontysEvilTwin

Senior Member
Nov 4, 2016
250
92
28
On a rooted device with a locked bootloader, if I back up system and data only with Flashfire, will I be able to restore these partitions with TWRP after unlocking? Presumably I wouldn't restore the boot partition?
 
  • Like
Reactions: Kctucka

Rortiz2

Senior Member
Mar 1, 2018
1,999
1,199
123
Barcelona
On a rooted device with a locked bootloader, if I back up system and data only with Flashfire, will I be able to restore these partitions with TWRP after unlocking? Presumably I wouldn't restore the boot partition?
I think that you can. TWRP supports flashfire backups but as you say don't restore boot.img neither recovery.img.
 
  • Like
Reactions: Kctucka

k4y0z

Senior Member
Nov 27, 2015
1,401
1,790
143
On a rooted device with a locked bootloader, if I back up system and data only with Flashfire, will I be able to restore these partitions with TWRP after unlocking? Presumably I wouldn't restore the boot partition?
I think that you can. TWRP supports flashfire backups but as you say don't restore boot.img neither recovery.img.
Haven't tested, but should work fine, also boot.img should give no issues when restoring.
Only userdata is erased during unlocking, so it should be enough to restore userdata.
 

MontysEvilTwin

Senior Member
Nov 4, 2016
250
92
28
Haven't tested, but should work fine, also boot.img should give no issues when restoring.
Only userdata is erased during unlocking, so it should be enough to restore userdata.
Doesn't the unlock procedure include a factory reset which will wipe settings and apps? By 'userdata' do you mean 'data' or data plus internal storage (user files and photos etc.) or just internal storage?
 

k4y0z

Senior Member
Nov 27, 2015
1,401
1,790
143
Doesn't the unlock procedure include a factory reset which will wipe settings and apps? By 'userdata' do you mean 'data' or data plus internal storage (user files and photos etc.) or just internal storage?
Yes it does wipe data/userdata including the internal storage.
But it doesn't touch the system-partition.
 
  • Like
Reactions: MontysEvilTwin

Kctucka

Senior Member
Mar 24, 2019
192
71
0
Everything went super smooth. Many thanks for this, and all your unlocks.

Also, I was able to flash my flashfire system and usedata backups in TWRP with no issues.
 

MontysEvilTwin

Senior Member
Nov 4, 2016
250
92
28
Everything went super smooth. Many thanks for this, and all your unlocks.

Also, I was able to flash my flashfire system and usedata backups in TWRP with no issues.
How do you flash Flashfire backups? I now am unlocked and have TWRP installed, but when I try to restore, TWRP can see the backup folders but does not see any backed-up partitions.

---------- Post added at 10:49 AM ---------- Previous post was at 10:36 AM ----------

OK. I've got it figured out. You have to install the relevant 'twrp.zip' archives from the Flashfire backups.
 

deathlessster

Senior Member
Oct 13, 2015
72
5
0
dear friends
I make backup with twrp ( just system ) and transfer it to other device but when restore system the device stock on amazon i try to flash system by hacked BL flash success but when reboot also stock on amazon logo
 

deathlessster

Senior Member
Oct 13, 2015
72
5
0
thank you Rortiz2 i will try

---------- Post added at 03:36 PM ---------- Previous post was at 03:30 PM ----------

Read this whole guide before starting.

This is for the 7th gen Fire HD8 (douglas).

Current version: amonet-douglas-v1.0.zip


NOTE: This process does not require you to open your device, but should something go horribly wrong, be prepared to do so.


NOTE: This process will modify the partition-table (GPT) of your device.


NOTE: Your device will be reset to factory defaults (including internal storage) during this process.


What you need:
  • A Linux installation or live-system
  • A micro-USB cable

Install python3, PySerial, adb, fastboot dos2unix. For Debian/Ubuntu something like this should work:
Code:
sudo apt update
sudo add-apt-repository universe
sudo apt install python3 python3-serial adb fastboot dos2unix
1. Extract the attached zip-file "amonet-douglas-v1.0.zip" and open a terminal in that directory.


NOTE: If you are already rooted, continue with the next step, otherwise get mtk-su by @diplomatic from here and place (the unpacked binary) into amonet/bin folder


2. Enable ADB in Developer Settings

3. Start the script:
Code:
sudo ./step-1.sh
Your device will now reboot into recovery and perform a factory reset.

NOTE: If you are on a firmware newer than 5.6.4.0, a downgrade is necessary, this requires bricking the device temporarily. (The screen won't come on at all)
If you chose the brick option, you don't need to run step-2.sh below:



Make sure ModemManager is disabled or uninstalled:
Code:
sudo systemctl stop ModemManager
sudo systemctl disable ModemManager
After you have confirmed the bricking by typing "YES", you will need disconnect the device and run
Code:
sudo ./bootrom-step-minimal.sh
Then plug the device back in.

It will then boot into "hacked fastboot" mode.
Then run
Code:
sudo ./fastboot-step.sh



NOTE: When you are back at initial setup, you can skip registration by selecting a WiFi-Network, then pressing "Cancel" and then "Not Now"
NOTE: Make sure you re-enable ADB after Factory Reset.


4. Start the script:
Code:
sudo ./step-2.sh
The exploit will now be flashed and your device will reboot into TWRP.

You can now install Magisk from there.


Going back to stock

Extract the attached zip-file "amonet-douglas-return-to-stock.zip" into the same folder where you extracted "amonet-douglas-v1.0.zip" and open a terminal in that directory.
You can go back to stock without restoring the original partition-table, so you can go back to unlocked without wiping data.
Just use hacked fastboot to
Code:
fastboot flash recovery bin/recovery.img
If you want to go back completely (including restoring your GPT):
Code:
sudo ./return-to-stock.sh
Your device should reboot into Amazon Recovery. Use adb sideload to install stock image from there. (Make sure to use FireOS 5.6.4.0 or newer, otherwise you may brick your device)

Important information


In the new partitioning scheme your boot/recovery-images will be in boot_x/recovery_x respectively, while boot/recovery will hold the exploit.
TWRP takes care of remapping these for you, so installing zips/images from TWRP will work as expected.

Don't flash boot/recovery images from FireOS (FlashFire, MagiskManager etc.) (If you do anyway, make sure you flash them to boot_x/recovery_x)

Should you accidentally overwrite the wrong boot, but your TWRP is still working, rebooting into TWRP will fix that automatically.

TWRP will prevent updates from overwriting LK/Preloader/TZ, so generally installing an update should work without issues (only full updates, incremental updates won't work).

For ROM developers there is still an option to overwrite these, which should only be done after thorough testing and if needed (LK should never be updated).

It is still advised to disable OTA.


Very special thanks to @xyz` for making all this possible and putting up with the countless questions I have asked, helping me finish this.
Special thanks also to @diplomatic for his wonderfull mtk-su, allowing you to unlock without opening the device.
Thanks to @t0x1cSH and @breakfastofsecrets for testing.
I do this method on windows 10 with linux shell and i get success thank you very much
 
  • Like
Reactions: TraderJack

MontysEvilTwin

Senior Member
Nov 4, 2016
250
92
28
I have unlocked three tablets now. It is very easy, thanks @k4y0z for making it that way. The only problem I had was with my first try on step 1, but that was because my adb and fastboot drivers needed updating.
Is a similar unlock planned for the HD 8, 2016/ 6th gen. Giza?
 

yafi1710

Member
Aug 17, 2019
21
3
0
[email protected]:/mnt/c/Users/aimya/Downloads/Compressed/amonet-douglas-v1.0_2/amonet$ sudo ./step-1.sh
[sudo] password for aimyafi:
* daemon not running; starting now at tcp:5037
* daemon started successfully

Stuck at there! What's the problem?