[UNLOCK][ROOT][TWRP][UNBRICK] Fire TV Stick 3 and Fire TV Stick Lite (sheldon/p)

Search This thread

ChriMo

Senior Member
Oct 13, 2014
473
124
Agree @Sus_i Updated request:

All who have bought in the last months please report:
1) model (sheldon/p), date buyed and optionally the region or nation of the shop
2) DSN code: first 10 characters (label at the bottom of the package, sheldon usually G071CQ.... , sheldonp G071EL.... or G4N1EL....) and optionally made in/parts made in
3) unlocking successful or unsuccessful

My Report
  • sheldon mid Sept. 2022 UE Central Europe, DSN G071CQ1320 China, unlocking successful
  • sheldon begin Oct. 2022 UE Central Europe, DSN G071CQ1522 China, unlocking unsuccessful
  • sheldon mid. Oct. 2022 MW Central Europe, DSN G071CQ1320 China, not on sale / not buyed
  • sheldonp mid. Oct. 2022 MW Central Europe, DSN G071EL1520 China, not on sale / not buyed
  • sheldonp mid. Oct. 2022 MW Central Europe, DSN G4N1EL0614 Vietnam/China, not on sale / not buyed
As you can see the last three are not on sale anymore, otherwise I would have tested the G071CQ1320 or G4N1EL0614. Not sure if the Vietnam/China variant might be vulnerable, the G071CQ1320 almost for sure.
 
  • Like
Reactions: Sus_i

Sus_i

Senior Member
Apr 9, 2013
1,858
811
@Sus_i may you report for your sheldon and sheldonp please?
Would like to contribute something useful, but I selled almost all of my unlocked sheldons.
Still have two of them, but both early sticks, got them a few weeks infront of the unlock release:
sheldon, G071CQ1111
sheldonp, G071EL1112

Edit: Both sticks out of the box with
Code:
ro.build.version.number=0019428492676
ro.build.mktg.fireos=Fire OS 7.2.2.8
ro.build.version.name=Fire OS 7.2.2.8 (PS7228/1861)

Best Regards
 
Last edited:
  • Like
Reactions: ChriMo

Dismal.

Member
May 23, 2022
27
4
Where can I go to increase my chances of buying a vulnerable one and are obvious signs that you can notice before buying that it isn't vulnerable
 

spoofit1

New member
Oct 14, 2022
4
3
Agree @Sus_i Updated request:

All who have bought in the last months please report:
1) model (sheldon/p), date buyed and optionally the region or nation of the shop
2) DSN code: first 10 characters (label at the bottom of the package, sheldon usually G071CQ.... , sheldonp G071EL.... or G4N1EL....) and optionally made in/parts made in
3) unlocking successful or unsuccessful

My Report
  • sheldon mid Sept. 2022 UE Central Europe, DSN G071CQ1320 China, unlocking successful
  • sheldon begin Oct. 2022 UE Central Europe, DSN G071CQ1522 China, unlocking unsuccessful
  • sheldon mid. Oct. 2022 MW Central Europe, DSN G071CQ1320 China, not on sale / not buyed
  • sheldonp mid. Oct. 2022 MW Central Europe, DSN G071EL1520 China, not on sale / not buyed
  • sheldonp mid. Oct. 2022 MW Central Europe, DSN G4N1EL0614 Vietnam/China, not on sale / not buyed
As you can see the last three are not on sale anymore, otherwise I would have tested the G071CQ1320 or G4N1EL0614. Not sure if the Vietnam/China variant might be vulnerable, the G071CQ1320 almost for sure.
I bought 5 this month g070vm242 US unlocking fine with one exception had one get stuck on fast boot mode easy fix manually running next simply fixed that
 
  • Like
Reactions: ChriMo and Sus_i

ozfunghi

Member
Jun 6, 2016
25
13
Where can I go to increase my chances of buying a vulnerable one and are obvious signs that you can notice before buying that it isn't vulnerable
Bargain bins, discolored packaging, multiple price stickers on top of each other... anything that indicates it's a box that has been lying around in the warehouse/store/stock for a while.
 

nattan920

Senior Member
Jan 26, 2013
50
8
Where can I go to increase my chances of buying a vulnerable one and are obvious signs that you can notice before buying that it isn't vulnerable
I picked one up at target the other day, they dont seem to move a lot had had a ton of old sticks. Just ask them to unlock the case and check the serials.
 
  • Like
Reactions: Sus_i

ChriMo

Senior Member
Oct 13, 2014
473
124
Happy Report Update
  • sheldon mid Sept. 2022 UE Central Europe, DSN G071CQ13206..... China, unlocking OK successful
  • sheldon End. Oct. 2022 MW Central Europe, DSN G071CQ13207..... China, unlocking OK successful
  • sheldon begin Oct. 2022 UE Central Europe, DSN G071CQ15228..... China, unlocking UNSUCCESSFULL
  • sheldonp mid. Oct. 2022 MW Central Europe, DSN G071EL1520 China, not on sale / not buyed
  • sheldonp mid. Oct. 2022 MW Central Europe, DSN G4N1EL0614 Vietnam/China, not on sale / not buyed
I got the penultimate sheldon (not on sale) with DSN G071CQ13207..... and unlocking works. So it seems devices up to this DSN are good to unlock. But getting those seems to become very hard. Not sure if for sheldonp the DSN 13(ok)/15(no) is also valid.
 
  • Like
Reactions: Sus_i

zfk110

Senior Member
Jan 11, 2014
1,085
220
Atlanta
Try again with the sticks usb port via usb data cable... ;)
[2022-11-03 17:55:52.196517] Waiting for device
[2022-11-03 17:56:13.464833] Found port = /dev/ttyACM0
[2022-11-03 17:56:13.503817] Handshake
[2022-11-03 17:56:13.524858] Load payload from ../brom-payload/pl/pl.bin = 0x3A04 bytes
[2022-11-03 17:56:15.069227] All good
[2022-11-03 17:56:15.559029] Check device_type_id
[2022-11-03 17:56:15.559089] Wrong device detected: AKPGW064GI9HE


thats what Im getting right now

my Model is g070vm2421171k6h
 
  • Like
Reactions: Sus_i

Sus_i

Senior Member
Apr 9, 2013
1,858
811
[2022-11-03 17:55:52.196517] Waiting for device
[2022-11-03 17:56:13.464833] Found port = /dev/ttyACM0
[2022-11-03 17:56:13.503817] Handshake
[2022-11-03 17:56:13.524858] Load payload from ../brom-payload/pl/pl.bin = 0x3A04 bytes
[2022-11-03 17:56:15.069227] All good
[2022-11-03 17:56:15.559029] Check device_type_id
[2022-11-03 17:56:15.559089] Wrong device detected: AKPGW064GI9HE


thats what Im getting right now

my Model is g070vm2421171k6h
Nice. Seems you've got a vulnerable 4k stick...
If you grab/use the latest zip for mantis, it should work fine :)

Edit: Btw, you need no short at all, use the sheldon guide together with the mantis zip...
 
  • Like
Reactions: zfk110

zfk110

Senior Member
Jan 11, 2014
1,085
220
Atlanta
Nice. Seems you've got a vulnerable 4k stick...
If you grab/use the latest zip for mantis, it should work fine :)

Edit: Btw, you need no short at all, use the sheldon guide together with the mantis zip...
Yes I was able to run it without any issues,
[email protected]:~/Downloads/kamakiri-mantis-v2.0.1/kamakiri$ ./fastboot-step.sh
Sending 'recovery' (13142 KB) OKAY [ 0.485s]
Writing 'recovery' OKAY [ 0.805s]
Finished. Total time: 1.302s
OKAY [ 0.003s]


now how can I see the FS on my Linux PC's monitor? when I plugged the FS into my HDMI port with the external power ( I had to disconnect the data USB) my monitor saying no signals.


btw which rom, setup are you running on it? Im new to TV stick rooting, compare to phones.
 
Last edited:
  • Like
Reactions: Sus_i

Sus_i

Senior Member
Apr 9, 2013
1,858
811
Yes I was able to run it without any issues
(y)
now how can I see the FS on my Linux PC's monitor? when I plugged the FS into my HDMI port with the external power ( I had to disconnect the data USB) my monitor saying no signals.
You should see a signal on your display, even if you use the usb port of the PC.
But it must be connected to a hdmi in port, won't work on a hdmi out port.
btw which rom, setup are you running on it? Im new to TV stick rooting, compare to phones.
There isn't a rom for mantis, we all use the stock fireOS with or without magisk, more or less debloated. You can also change the launcher...
 
  • Like
Reactions: zfk110

zfk110

Senior Member
Jan 11, 2014
1,085
220
Atlanta
(y)

You should see a signal on your display, even if you use the usb port of the PC.
But it must be connected to a hdmi in port, won't work on a hdmi out port.

There isn't a rom for mantis, we all use the stock fireOS with or without magisk, more or less debloated. You can also change the launcher...
"But it must be connected to a hdmi in port, won't work on a hdmi out port." that mean I have to have usb capture card? since I dont have HDMI in port on my video card.

"There isn't a rom for mantis, we all use the stock fireOS with or without magisk" so what are the benefits putting TWRP and Magisk on it?
 

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    Bash:
    aax-eu.amazon-adsystem.com
    ab9hgnqkqtwh.eu.api.amazonvideo.com
    api.amazon.com
    api.github.com
    arcus-uswest.amazon.com
    aviary.amazon.de
    beb3d20a-dnsotls-ds.metric.gstatic.com
    cad9828c-dnsotls-ds.metric.gstatic.com
    cdn-gl.imrworldwide.com
    config.ioam.de
    d3h5bk8iotgjvw.cloudfront.net
    dcape-na.amazon.com
    det-ta-g7g.amazon.com
    device-messaging-na.amazon.com
    device-metrics-us.amazon.com
    dp-discovery-na-ext.amazon.com
    dp-gw-na.amazon.com
    freetimecaptiveportal.com
    ftv-smp.ntp-fireos.com
    ktpx-eu.amazon.com
    mas-ext-eu.amazon.com
    mas-sdk.amazon.com
    mobile-data.onetrust.io
    msh.amazon.co.uk
    prod.amazoncrl.com
    prod.us-east-1.sonar.prime-video.amazon.dev
    softwareupdates.amazon.com
    suggestqueries.google.com
    unagi-eu.amazon.com
    usji9q-dnsotls-ds.metric.gstatic.com
    wl.amazon-dss.com


    I am sure they may be different based on the region.
    1
    you must have the FireOS version required in the first post.
    You need to have a linux live system or a installed linux beacause the exploit need some installed packages which is unavailable in wsl.
    post says FireOs < 7.2.7.3 but My FireOs is 7.6.x.x
    Am i Out of luck? Or still i have chance
    cause i just installed Linux and downloaded all the file but i failed to check the Fireos Earlier. Or is there any Way to downgrade I googled that Amazon has stopped Downgrading FireOs.
    1
    (root or future downgrade or install Los)
    you can't do this if you install the latest amzn firmware
  • 40
    Read this whole guide before starting.
    This is for the 3rd gen Fire TV Stick (sheldonp) and Fire TV Stick Lite (sheldon).

    NOTE: FireOS < 7.2.7.3 required

    NOTE: This process does not require you to open your device.

    What you need:
    • A Linux installation or live-system
    • A micro-USB cable

    Install python3, PySerial, PyUSB, adb, fastboot. For Debian/Ubuntu something like this should work:
    • sudo apt update
    • sudo add-apt-repository universe
    • sudo apt install python3 python3-serial python3-usb adb fastboot dos2unix

    Make sure ModemManager is disabled or uninstalled:
    • sudo systemctl stop ModemManager
    • sudo systemctl disable ModemManager

    NOTE: If you have issues running the scripts, you might have to run them using sudo.
    Also try using different USB-ports (preferably USB-2.0-ports)


    1. Extract the attached zip-file "kamakiri-sheldon-1.0.zip" and open a terminal in that directory.

    2. Start the script:
    • sudo ./bootrom-step.sh
    It should now say Waiting for device.

    3. Plug in the stick (powered off) and wait for the script to finish.
    If it fails at some point, stop it and restart the process from step 2.

    4. Your device should now reboot into unlocked fastboot state.

    5. Run:
    • ./fastboot-step.sh

    6. Wait for the device to reboot into TWRP.

    7. Use TWRP to flash custom ROMs, Magisk etc.

    NOTE: Only ever flash boot/recovery images using TWRP, if you use FlashFire or other methods that are not aware of the exploit, your device will likely not boot anymore (unless you flashed a signed image). TWRP will patch recovery/boot-images on the fly.

    NOTE: NEVER erase Preloader, otherwise you’ll hard brick the device and you won’t be able to unbrick it (since bootrom isn’t accessible).

    Important information

    Don't flash boot/recovery images from FireOS (FlashFire, MagiskManager etc.)

    TWRP will prevent updates from overwriting LK/Preloader/TZ, so generally installing an update should work without issues (only full updates, incremental updates won't work).

    For ROM developers there is still an option to overwrite these, which should only be done after thorough testing and if needed (LK should never be updated).

    It is still advised to disable OTA.

    special thanks to @Sus_i for all the testing and support.

    Contributors
    @xyz`
    @k4y0z
    @Rortiz2
    @t0x1cSH
    7
    Yeah, probably just needs a more recent FireOS installed the TZ in kamakiri is from 7.2.4.9
    Had a look into all fw bin's, TZ is the same until the newest 7.2.7.3 got an updated one...

    @etami @yacinecino @Tech0308 and all other people with the netflix/disney error):
    Can you provide more Information, i.e. what kind of stick (sheldon or sheldonp) and the installed fireOS, please!?
    Make sure (check in stettings) that the stick hasn't got an update already, because the latest OS will need the updated TZ.

    FYI, disable updates with:

    Code:
    adb shell
    su
    pm disable com.amazon.device.software.ota
    pm disable com.amazon.device.software.ota.override
    pm disable com.amazon.tv.forcedotaupdater.v2
    exit
    exit

    Maybe someone of you with a sheldonp device can install 7.2.4.9 from here, without to flash magisk behind the OS update please, to see if it works?

    Users with sheldon can flash this too, but you need to change this prop first from twrp shell:
    Code:
    adb shell
    resetprop ro.product.device sheldonp
    exit
    4
    @k4y0z will a similar unlocking method be used for the Max once we receive the 7.2.7.3 update?
    No, the Max isn't vulnerable to the preloader-exploit
    3
    @Sus_i and @bloot and @Tech0308 and @Rortiz2 just to say all your painstaking coaching and my reading paid off (for me anyway😊) Instead of magisk, flashed the older 7.2.4.2/2907 update (from before ota update processes became protected) and set LM to block updates. It also fixed the issues with Netflix, Disney etc. Will look to flash Lineage custom rom sometime, now that I know how, and also put Linux on one of my laptops. Thanks heaps!

    Open TWRP, then mount /system, go to file explorer, go to navigate to priv-app and delete the folder
    "com.amazon.device.software.ota"
    Usually you should be good to go now, but goto /data/app and check for same folder (it will have something as suffix) if its present then delete it, your ota should be blocked.
    @SweenWolf thanks for your suggested fix . . . appreciate your work (and that of your good mate TDUK😊) LM and Debloat Tool are must-haves. This other way to block updates, is it somehow more permanent or safer than thru LM or Debloat Tool?
    3
    I have the same problem since I flashed only TWRP alone and didn't installed anything on it just to be sure that my sheldon don't update ,Now any application who try to check DRM on stock firmware cause a bug and a reboot of the system. like netflix and disney+ or live tv with DRM..
    Could be that this is TZ related...
    We saw the same on mantis 4k fireTV stick, hangs and wont play if the TZ image on tee partition is too old compared to the installed fireOS version. Anyways, your problem sounds different to @Tech0308 problem.

    @Tech0308 You don't see this without a magisk install, then everything plays fine?