[UNLOCK][ROOT][TWRP][UNBRICK] Fire HD 8 2018 (karnak) amonet-3

[789mod]

Lot code G945

I used the software brick script without understanding some lots have the exploit patched and my tablet is bricked. I can't used the hardware method as nothing happens. I tried to short the pins hundreds of times with different wires, methods, etc. As I understand it, random lots cannot be shorted. So seems it is just trash? Doesn't seem to be a way to fix it.

Lot code G945

I used the software brick script without understanding some lots have the exploit patched and my tablet is bricked. I can't used the hardware method as nothing happens. I tried to short the pins hundreds of times with different wires, methods, etc. As I understand it, random lots cannot be shorted. So seems it is just trash? Doesn't seem to be a way to fix it.

You can revert to stock . Your device will back to original system

In linux

Use commend (sudo ./revert to stock.sh

 

[Sus_i]

Lot code G945

I used the software brick script without understanding some lots have the exploit patched and my tablet is bricked. I can't used the hardware method as nothing happens. I tried to short the pins hundreds of times with different wires, methods, etc. As I understand it, random lots cannot be shorted. So seems it is just trash? Doesn't seem to be a way to fix it.

Sell it, for parts only

 

[Sus_i]

You can revert to stock . Your device will back to original system

In linux

Use commend (sudo ./revert to stock.sh

Won't work. Seems you also missed the warning from OP?

WARNING: There have been numerous reports that would indicate a hardware-change that doesn't allow access to the bootrom.
When bricking these devices there is currently no known way to unbrick.
This makes the hardware-method currently the safest option.

 

[789mod]

Sell it, for parts only

No , he can't repair it

 

[OMEGA_himajin]

[2022-06-18 17:20:08.519039] Waiting for bootrom
[ 5700.630945] cdc_acm 1-1.2:1.0: Zero length descriptor references
[2022-06-18 17:20:16.623931] Found port = /dev/ttyACMO
[2022-06-18 17:20:16.628292] Handshake

No more is displayed and I can't proceed
What should I do?
I'm sorry, the text may be strange because I use google translate.

 

[sanjeevchhantyal]

Unbricking / Unlocking with Firmware 6.3.1.2+

If Recovery OR FireOS are still accessible (or your firmware is below 6.3.1.2) there are other means of recovery, don't continue.

If your device shows one of the following symptoms:

1. It doesn't show any life (screen stays dark)
2. You see the white amazon logo, but cannot access Recovery or FireOS.

If you have a Type 1 brick, you may not have to open the device, if your device comes up in bootrom-mode (See Checking USB connection below).

1. Make sure the device is powered off, by holding the power-button for 20+ seconds
2. Start bootrom-step.sh
3. Plug in USB

In all other cases you will have to open the device.

Make sure ModemManager is disabled or uninstalled:

sudo systemctl stop ModemManager
sudo systemctl disable ModemManager

NOTE: If you have issues running the scripts, you might have to run them using sudo.
Also try using different USB-ports (preferably USB-2.0-ports)

Open the device and short the pin marked in the attached photo to ground while plugging in.
1. Extract the attached zip-file "amonet-karnak-v3.0.zip" and open a terminal in that directory.

2. start the script:

sudo ./bootrom-step.sh

It should now say Waiting for bootrom.

3. Short the device according to the attached photo and plug it in.

4. When the script asks you to remove the short, remove the short and press enter.

5. Wait for the script to finish.
If it stalls at some point, stop it and restart the process from step 2.

6. Your device should now reboot into unlocked fastboot state.

7. Run

sudo ./fastboot-step.sh

8. Wait for the device to reboot into TWRP.

9. Use TWRP to flash custom ROM, Magisk or SuperSU

Checking USB connection
In lsusb the boot-rom shows up as:

Bus 002 Device 013: ID [b]0e8d:0003[/b] MediaTek Inc. MT6227 phone

If it shows up as:

Bus 002 Device 014: ID [b]0e8d:2000[/b] MediaTek Inc. MT65xx Preloader

instead, you are in preloader-mode, try again.

dmesg lists the correct device as:

[ 6383.962057] usb 2-2: New USB device found, idVendor=[b]0e8d[/b], idProduct=[b]0003[/b], bcdDevice= 1.00

I tried to unlock the bootloader and my device went black.. When I disconnect the battery then connect it and power on the only thing I hear is the bootup sound of amazon... Fire HD 8 Please Help..

 

[farscaper11]

will this work with firmware 7.3.2.3 or if anyone knows the thread to unlock the bootloader for hd8 would you kindly link it.

 

[pascal009]

will this work with firmware 7.3.2.3 or if anyone knows the thread to unlock the bootloader for hd8 would you kindly link it.

The approach at the top of this thread has worked on my Fire HD 8 Gen 8 running firmware 7.3.1.9, with 2 caveats.
1. I had to do the hardware bricking which required opening the back cover of the tablet and using the shorting described in the OPs.
2. Versions 7.x.x.x are incompatible with the current version of TWRP, causing boot loops. So I had to flash the firmware 6.3.1.5 (Android Nouget 7.1.2) to make it work.

Scroll back to post https://xdaforums.com/goto/post?id=86702613

Good luck

 

[sanjeevchhantyal]

will this work with firmware 7.3.2.3 or if anyone knows the thread to unlock the bootloader for hd8 would you kindly link it.

You have to downgrade from your current version. If you dont you will end up with a device like mine. I tried it with the lastest version 7.3 using the wire method the device went completely black the only thing I see or hear is the amazon bootup sound been trying to revive it ever since. GoodLuck

 

[RicardoS_]

I've downgraded the preloader successfully and able to boot to:
=> HACKED FASTBOOT mode: (4) - xyz, k4y0z

I execute sudo ./fastboot-step.sh and script runs as described.

ubuntu-boy@ubuntu:~/Documents/amonet$ sudo ./fastboot-step.sh
target reported max download size of 114294784 bytes
sending 'recovery' (13604 KB)...
OKAY [ 0.619s]
writing 'recovery'...
OKAY [ 0.638s]
finished. total time: 1.257s
target reported max download size of 114294784 bytes
sending 'MISC' (0 KB)...
OKAY [ 0.012s]
writing 'MISC'...
OKAY [ 0.007s]
finished. total time: 0.019s
rebooting...

finished. total time: 0.052s

Your device will now reboot into TWRP.

The device reboots to amazon splash screen with =>RECOVERY mode... but never loads twrp.

I am using the short method.

I have previously installed up to lineage 18.1 and at one time magisk 24.1 (on lineage 17.1) but I was trying to install Magisk on lineage 18.1 and patch original Amazon Fire boot image from 6300.zip folder (I was unsuccessful) then unwisely downloaded and extracted boot.img from most recent bin file (7.3... whatever from amazon's website has currently to date). I flashed it through hacked bootloader.

I am able to flash files it would seem but just won't boot to twrp?

I pull the battery (even overnight most recently)

able to issue sudo ./boot-fastboot.sh and sudo ./boot-recovery.sh successfully. From time to time it boots to factory bootloader and I have to try again or pull the battery.

 

[Sus_i]

but never loads twrp.

What shows up if you run: adb reboot recovery

 

[RicardoS_]

What shows up if you run: adb reboot recovery

While on the splash screen with =>RECOVERY mode... on the bottom left of the screen

ubuntu-boy@ubuntu:~/Documents/amonet$ adb reboot recovery
* daemon not running; starting now at tcp:5037
* daemon started successfully
error: no devices/emulators found
ubuntu-boy@ubuntu:~/Documents/amonet$

I am unable to boot into Lineage/FireOS

 

[Sus_i]

While on the splash screen with =>RECOVERY mode... on the bottom left of the screen

ubuntu-boy@ubuntu:~/Documents/amonet$ adb reboot recovery
* daemon not running; starting now at tcp:5037
* daemon started successfully
error: no devices/emulators found
ubuntu-boy@ubuntu:~/Documents/amonet$

I am unable to boot into Lineage/FireOS

Sounds like something is messed up. The first thing i would do is to use boot-fastboot script and run:

fastboot erase userdata
fastboot erase cache

In case that won't work, try the command format instead of erase.

If it stuck again at the logo screen, you can try to flash images out of the stock.bin file to the given partitions. I would skip the preloader, logo and LK images, start with system and so on...

Could be that you need a gpt-fix too, you can find the bin file here:

[UNLOCK][ROOT][TWRP][UNBRICK] Fire HD 8 2018 (karnak) amonet-3

Read this whole guide before starting. This is for the 8th gen Fire HD8 (karnak). Current version: amonet-karnak-v3.0.1.zip This is based on xyz`s original work, but adds some features such as reboot to hacked BL. It also intends to simplify...

xdaforums.com

Usually you can copy that file into amonets bin folder and run gpt-fix.sh, but I guess the script is missing for karnak.

 

[cibolo]

My HD 8 2018 stopped booting even though it still will boot TWRP. I had some ebooks on it I'd like to back up. What is a quick way to do that? adb devices shows nothing when it is turned on and stuck in a amazon boot-loop. I'm thinking of trying lineage os next.

 

[Sus_i]

My HD 8 2018 stopped booting even though it still will boot TWRP. I had some ebooks on it I'd like to back up. What is a quick way to do that? adb devices shows nothing when it is turned on and stuck in a amazon boot-loop. I'm thinking of trying lineage os next.

Afaik you can boot twrp and just use an usb cable to transfer all data to a PC via file explorer...!?

 

[Najatski]

Hi! I just successfully got this to work on one of my Kindle Fire HD 8s, and I installed lineage OS. All worked out. Only issue, my second tablet is giving me issues. When I do the CLK thingy, the script runs, but does not succeed. I get this error:

root@computing-device:/home/aden/Downloads/amonet# ./bootrom-step.sh
[2022-08-05 12:28:22.282976] Waiting for bootrom
[2022-08-05 12:29:12.540370] Found port = /dev/ttyACM0
[2022-08-05 12:29:12.570923] Handshake
[2022-08-05 12:29:12.591566] Disable watchdog
Traceback (most recent call last):
File "/home/aden/Downloads/amonet/modules/main.py", line 121, in <module>
main()
File "/home/aden/Downloads/amonet/modules/main.py", line 54, in main
handshake(dev)
File "/home/aden/Downloads/amonet/modules/handshake.py", line 11, in handshake
dev.write32(0x10007000, 0x22000000)
File "/home/aden/Downloads/amonet/modules/common.py", line 147, in write32
self.check(self.dev.read(2), b'\x00\x01') # arg check
File "/home/aden/Downloads/amonet/modules/common.py", line 84, in check
raise RuntimeError("ERROR: Serial protocol mismatch")
RuntimeError: ERROR: Serial protocol mismatch

I read elsewhere for the fire 7, someone fixed this by using the CLK on the back of the motherboard, but before I spent a while doing this, has anyone managed to fix this before? Is there a way I can fix this error without taking the motherboard off mostly?

EDIT: Should mention, modem manager is uninstalled.
EDIT2: Took it off, don't see a CLK on the back :/
EDIT3: I've tried many more times, still no luck. Using a newer version of amonet gives me the same problem.

 

[cibolo]

Afaik you can boot twrp and just use an usb cable to transfer all data to a PC via file explorer...!?

I looked up some howtos on TWRP. After adb start-server
then
adb devices
showed something finally! I was able to verify which books were on the HD 8 and am now ready to get and install lineage OS without having to do the case off hardware boot mode again.
Thanks!

 

[appleguru1]

Hey all! trying to follow this guide but am running into a snag:

appleguru@ubuntu:~$ sudo systemctl stop ModemManager
appleguru@ubuntu:~$ sudo systemctl disable ModemManager
Removed /etc/systemd/system/dbus-org.freedesktop.ModemManager1.service.
Removed /etc/systemd/system/multi-user.target.wants/ModemManager.service.
appleguru@ubuntu:~$ cd '/home/appleguru/Desktop/amonet-karnak-v3.0.1'
appleguru@ubuntu:~/Desktop/amonet-karnak-v3.0.1$ ls
amonet  META-INF
appleguru@ubuntu:~/Desktop/amonet-karnak-v3.0.1$ cd amonet/
appleguru@ubuntu:~/Desktop/amonet-karnak-v3.0.1/amonet$ sudo ./bootrom-step.sh
[2022-09-11 22:01:34.907797] Waiting for bootrom
[2022-09-11 22:01:54.239782] Found port = /dev/ttyACM0
[2022-09-11 22:01:54.242430] Handshake

* * * If you have a short attached, remove it now * * *
* * * Press Enter to continue * * *


[2022-09-11 22:02:02.384702] Init crypto engine
[2022-09-11 22:02:02.810546] Disable caches
[2022-09-11 22:02:02.818569] Disable bootrom range checks
[2022-09-11 22:02:03.136374] Load payload from ../brom-payload/build/payload.bin = 0x4888
 bytes
[2022-09-11 22:02:03.138912] Send payload
[2022-09-11 22:02:16.799644] Let's rock
[2022-09-11 22:02:16.816306] Wait for the payload to come online...
[2022-09-11 22:02:17.534090] all good
[2022-09-11 22:02:17.537674] Check GPT
[2022-09-11 22:02:17.909226] gpt_parsed = {'proinfo': (1024, 6144), 'PMT': (7168, 9216),
'kb': (16384, 2048), 'dkb': (18432, 2048), 'lk': (20480, 2048), 'tee1': (22528, 10240), '
tee2': (32768, 10240), 'metadata': (43008, 80896), 'MISC': (123904, 1024), 'reserved': (1
24928, 16384), 'boot': (141312, 32768), 'recovery': (174080, 40960), 'system': (215040, 6
354944), 'vendor': (6569984, 460800), 'cache': (7030784, 1024000), 'userdata': (8054784,
22480863)}
[2022-09-11 22:02:17.909434] Check boot0
[2022-09-11 22:02:18.161958] Check rpmb
[2022-09-11 22:02:18.377407] Clear preloader header
[8 / 8]
[2022-09-11 22:02:18.850996] Downgrade rpmb
[2022-09-11 22:02:18.856021] Recheck rpmb
[2022-09-11 22:02:19.751660] rpmb downgrade ok
[2022-09-11 22:02:19.755488] Flash preloader
[280 / 280]
[280 / 280]
[2022-09-11 22:02:35.610415] Flash lk-payload
[6 / 6]
[2022-09-11 22:02:36.035489] Flash tz
[6732 / 6732]
[2022-09-11 22:05:45.080371] Flash lk
[685 / 685]
[2022-09-11 22:06:04.428770] Inject microloader
[2 / 2]
[2 / 2]
[2022-09-11 22:06:04.924653] Force fastboot
[2022-09-11 22:06:05.264611] Flash preloader header
[4 / 4]
[4 / 4]
[2022-09-11 22:06:05.750306] Reboot
appleguru@ubuntu:~/Desktop/amonet-karnak-v3.0.1/amonet$ sudo ./fastboot-step.sh
< waiting for any device >
target reported max download size of 114294784 bytes
sending 'recovery' (13604 KB)...
OKAY [  0.536s]
writing 'recovery'...
FAILED (remote: flash write failure)
finished. total time: 0.542s

Any tips?

[edit] nvm, solved this.. left a wire soldered to CLK and floating. Once I removed it the fasboot step worked fine and it rebooted into TWRP. [/edit]

Now... how do I install Magisk and root? I grabbed the latest 25.2 apk from https://github.com/topjohnwu/Magisk/releases/tag/v25.2, renamed to .zip, copied to TWRP folder on my SD card and tried to install... but I just get a bootloop.

I can get back into TWRP by doing the CLK to gnd short and fastboot steps again, but not sure where to go from here.

[edit2] I guess I wiped my factory image from TWRP inadvertently... trying to install lineage 17.1 now; hopefully that works! [/edit2]

[edit3] Ended up installing lineage 18.1: https://xdaforums.com/t/rom-unstable-unlocked-karnak-lineage-18-1-25-october-2021.4352241/

Also added open-gapps-arm-11.0-pico.zip and Magisk-v25.2.zip from TWRP. Boots and seems to be running OK, we'll see if it's stable. Not bad for a $20 tablet [/edit3]

 

[Reynald0]

Hey all! trying to follow this guide but am running into a snag:

appleguru@ubuntu:~$ sudo systemctl stop ModemManager
appleguru@ubuntu:~$ sudo systemctl disable ModemManager
Removed /etc/systemd/system/dbus-org.freedesktop.ModemManager1.service.
Removed /etc/systemd/system/multi-user.target.wants/ModemManager.service.
appleguru@ubuntu:~$ cd '/home/appleguru/Desktop/amonet-karnak-v3.0.1'
appleguru@ubuntu:~/Desktop/amonet-karnak-v3.0.1$ ls
amonet  META-INF
appleguru@ubuntu:~/Desktop/amonet-karnak-v3.0.1$ cd amonet/
appleguru@ubuntu:~/Desktop/amonet-karnak-v3.0.1/amonet$ sudo ./bootrom-step.sh
[2022-09-11 22:01:34.907797] Waiting for bootrom
[2022-09-11 22:01:54.239782] Found port = /dev/ttyACM0
[2022-09-11 22:01:54.242430] Handshake

* * * If you have a short attached, remove it now * * *
* * * Press Enter to continue * * *


[2022-09-11 22:02:02.384702] Init crypto engine
[2022-09-11 22:02:02.810546] Disable caches
[2022-09-11 22:02:02.818569] Disable bootrom range checks
[2022-09-11 22:02:03.136374] Load payload from ../brom-payload/build/payload.bin = 0x4888
 bytes
[2022-09-11 22:02:03.138912] Send payload
[2022-09-11 22:02:16.799644] Let's rock
[2022-09-11 22:02:16.816306] Wait for the payload to come online...
[2022-09-11 22:02:17.534090] all good
[2022-09-11 22:02:17.537674] Check GPT
[2022-09-11 22:02:17.909226] gpt_parsed = {'proinfo': (1024, 6144), 'PMT': (7168, 9216),
'kb': (16384, 2048), 'dkb': (18432, 2048), 'lk': (20480, 2048), 'tee1': (22528, 10240), '
tee2': (32768, 10240), 'metadata': (43008, 80896), 'MISC': (123904, 1024), 'reserved': (1
24928, 16384), 'boot': (141312, 32768), 'recovery': (174080, 40960), 'system': (215040, 6
354944), 'vendor': (6569984, 460800), 'cache': (7030784, 1024000), 'userdata': (8054784,
22480863)}
[2022-09-11 22:02:17.909434] Check boot0
[2022-09-11 22:02:18.161958] Check rpmb
[2022-09-11 22:02:18.377407] Clear preloader header
[8 / 8]
[2022-09-11 22:02:18.850996] Downgrade rpmb
[2022-09-11 22:02:18.856021] Recheck rpmb
[2022-09-11 22:02:19.751660] rpmb downgrade ok
[2022-09-11 22:02:19.755488] Flash preloader
[280 / 280]
[280 / 280]
[2022-09-11 22:02:35.610415] Flash lk-payload
[6 / 6]
[2022-09-11 22:02:36.035489] Flash tz
[6732 / 6732]
[2022-09-11 22:05:45.080371] Flash lk
[685 / 685]
[2022-09-11 22:06:04.428770] Inject microloader
[2 / 2]
[2 / 2]
[2022-09-11 22:06:04.924653] Force fastboot
[2022-09-11 22:06:05.264611] Flash preloader header
[4 / 4]
[4 / 4]
[2022-09-11 22:06:05.750306] Reboot
appleguru@ubuntu:~/Desktop/amonet-karnak-v3.0.1/amonet$ sudo ./fastboot-step.sh
< waiting for any device >
target reported max download size of 114294784 bytes
sending 'recovery' (13604 KB)...
OKAY [  0.536s]
writing 'recovery'...
FAILED (remote: flash write failure)
finished. total time: 0.542s

Any tips?

[edit] nvm, solved this.. left a wire soldered to CLK and floating. Once I removed it the fasboot step worked fine and it rebooted into TWRP. [/edit]

Now... how do I install Magisk and root? I grabbed the latest 25.2 apk from https://github.com/topjohnwu/Magisk/releases/tag/v25.2, renamed to .zip, copied to TWRP folder on my SD card and tried to install... but I just get a bootloop.

I can get back into TWRP by doing the CLK to gnd short and fastboot steps again, but not sure where to go from here.

[edit2] I guess I wiped my factory image from TWRP inadvertently... trying to install lineage 17.1 now; hopefully that works! [/edit2]

[edit3] Ended up installing lineage 18.1: https://xdaforums.com/t/rom-unstable-unlocked-karnak-lineage-18-1-25-october-2021.4352241/

Also added open-gapps-arm-11.0-pico.zip and Magisk-v25.2.zip from TWRP. Boots and seems to be running OK, we'll see if it's stable. Not bad for a $20 tablet [/edit3]

For Magisk downgrade to the previous version, should be 25.1, the version 25.2 is causing a bootloop also on my karnak. You have to install magisk.zip using the twrp recovery, never update it through the app.

 

[RicardoS_]

Sounds like something is messed up. The first thing i would do is to use boot-fastboot script and run:

fastboot erase userdata
fastboot erase cache

In case that won't work, try the command format instead of erase.

If it stuck again at the logo screen, you can try to flash images out of the stock.bin file to the given partitions. I would skip the preloader, logo and LK images, start with system and so on...

Could be that you need a gpt-fix too, you can find the bin file here:

[UNLOCK][ROOT][TWRP][UNBRICK] Fire HD 8 2018 (karnak) amonet-3

Read this whole guide before starting. This is for the 8th gen Fire HD8 (karnak). Current version: amonet-karnak-v3.0.1.zip This is based on xyz`s original work, but adds some features such as reboot to hacked BL. It also intends to simplify...

xdaforums.com

Usually you can copy that file into amonets bin folder and run gpt-fix.sh, but I guess the script is missing for karnak.

Any insight how to find or create this script? Thank you for all your help!