[UNLOCK][ROOT][TWRP][UNBRICK] Fire TV Stick 3 and Fire TV Stick Lite (sheldon/p)

Search This thread


Dec 20, 2022
no because AM
So there is no way to "free" a current FireTV Stick Lite?
Not even a hardware way?

has blocked all the various accesses that the system could offer to flash a new rom over time. These changes are:
- Full patch of the exploit kamakiri used;
- Preventing intervention on system packages via shell,
- launcher lock


Jul 14, 2020
Hi guys i have amazon fire stick 3rd generation from tata binge. When ever i try to run any app that stuck on the recharge.
” Error May have occurred because your tatasky account is inactive or activate Tata sky Binge subscription to continue”
I cant even watch youtube please help me with any custom OS or any way to get rid off the tata binge.


Jan 19, 2023
They are, but only with newer software.
And newer software has the exploits patched that the devs here use to gain root and flash "unsigned" (by amazon) software.

If I understand correctly there is no such thing as a write protection. More like the older software looks for the eFuses and expects them to be in a certain state, if that's not the case it will refuse to boot. Thats why you can't go back to the old firmware after updating to the latest even with a custom recovery.

In order to get things working for us you need to find an exploitable thing in the current firmware that would give us root and/or the way to flash a different recovery.

That's what I understood from all the stuff posted here and on other sites.
I just remain waiting for one of the devs here to have enough free time to spend on these things :)


Senior Member
Apr 9, 2013
I've read something about blown eFuses wich prevent older software to boot. So a simple eMMC reflash wouldn't work if I'm correct?
Kamakiri from OP may work even on a patched stick if you are able to downgrade the preloader at boot0 partition to a vulnerable version...
RPMB will ofc prevent booting, but the kamakiri handshake comes most likely infront the replay check, so kamakiri can access and downgrade the RPMB, do the unlock and install twrp.
This is untested, because there are still vulnerable sticks out there, still easy to find.


Jun 22, 2022
for those who encountering this error :
RuntimeError: ERROR: Serial protocol mismatch, expected 0000 got 2001
is there a possibility to recover the stick by flashing a stock_rom and let the device working again ?
Last edited:


May 23, 2022
Nexus 9
Google Pixel 6
Not even close to similar? lol

Take a look at your picture and compare it with the mantis one from here (see the small 'picture in picture' on the right side of the pic, i.e. the part with the MTK ARM chip):
It's the same layout.

You would need to compare the left part of the mantis pic too, i.e. the part with the desoldered eMMC, can't see that part on your picture.
Could I just short the same pins shown in mantis like you would to unlock a kanak fire tablet?


Senior Member
Oct 13, 2014

unlocking OK successful FireOS <
sheldon mid Sept. 2022 UE Central Europe, DSN G071CQ13206..... China, unlocking OK successful
sheldon End. Oct. 2022 MW Central Europe, DSN G071CQ13207..... China, unlocking OK successful
sheldonp mid. Nov. 2022 MW Central Europe, DSN G071EL13141..... China, unlocking OK successful
sheldonp Dec. 2022 @is0xxx Amazon G071EL0214260M6T & G071EL0214260M64
sheldon Feb. 2023 Austria MM @manu_jedi G071EL11132....

Unknown / shelf DSN
sheldonp mid. Oct. 2022 MW Central Europe, DSN G071EL1520...... China, not on sale / not buyed
sheldonp mid. Oct. 2022 MW Central Europe, DSN G4N1EL0614...... Vietnam/China, not on sale / not buyed

not working / unlocking UNSUCCESSFULL / Serial protocol 2001 / FireOS >
sheldon begin Oct. 2022 UE Central Europe, DSN G071CQ15228..... China, unlocking UNSUCCESSFULL
sheldon/p Nov. 2022 @dp-FH, G071EL0323520... and G4N1EL0323520...
sheldon Nov. 2022 @usstreet G071EL0323220...
sheldon Dec. 2022 @Dismal. GO71EL16233601KJ
sheldonp Dec. 2022 @disco_y2k G4N1CQ07234313BN UPC 840080593296
Last edited:

Top Liked Posts

  • 1
    I was going to use a Linux live disc to try to do this but I don't have a TV close by that PC.

    My other PC that is close to a TV does not have a disc drive. Can I boot Linux off of a USB and still do the steps?
  • 1
    I was going to use a Linux live disc to try to do this but I don't have a TV close by that PC.

    My other PC that is close to a TV does not have a disc drive. Can I boot Linux off of a USB and still do the steps?
  • 41
    Read this whole guide before starting.
    This is for the 3rd gen Fire TV Stick (sheldonp) and Fire TV Stick Lite (sheldon).

    NOTE: FireOS < required

    NOTE: This process does not require you to open your device.

    What you need:
    • A Linux installation or live-system
    • A micro-USB cable

    Install python3, PySerial, PyUSB, adb, fastboot. For Debian/Ubuntu something like this should work:
    • sudo apt update
    • sudo add-apt-repository universe
    • sudo apt install python3 python3-serial python3-usb adb fastboot dos2unix

    Make sure ModemManager is disabled or uninstalled:
    • sudo systemctl stop ModemManager
    • sudo systemctl disable ModemManager

    NOTE: If you have issues running the scripts, you might have to run them using sudo.
    Also try using different USB-ports (preferably USB-2.0-ports)

    1. Extract the attached zip-file "kamakiri-sheldon-1.0.zip" and open a terminal in that directory.

    2. Start the script:
    • sudo ./bootrom-step.sh
    It should now say Waiting for device.

    3. Plug in the stick (powered off) and wait for the script to finish.
    If it fails at some point, stop it and restart the process from step 2.

    4. Your device should now reboot into unlocked fastboot state.

    5. Run:
    • ./fastboot-step.sh

    6. Wait for the device to reboot into TWRP.

    7. Use TWRP to flash custom ROMs, Magisk etc.

    NOTE: Only ever flash boot/recovery images using TWRP, if you use FlashFire or other methods that are not aware of the exploit, your device will likely not boot anymore (unless you flashed a signed image). TWRP will patch recovery/boot-images on the fly.

    NOTE: NEVER erase Preloader, otherwise you’ll hard brick the device and you won’t be able to unbrick it (since bootrom isn’t accessible).

    Important information

    Don't flash boot/recovery images from FireOS (FlashFire, MagiskManager etc.)

    TWRP will prevent updates from overwriting LK/Preloader/TZ, so generally installing an update should work without issues (only full updates, incremental updates won't work).

    For ROM developers there is still an option to overwrite these, which should only be done after thorough testing and if needed (LK should never be updated).

    It is still advised to disable OTA.

    special thanks to @Sus_i for all the testing and support.

    Yeah, probably just needs a more recent FireOS installed the TZ in kamakiri is from
    Had a look into all fw bin's, TZ is the same until the newest got an updated one...

    @etami @yacinecino @Tech0308 and all other people with the netflix/disney error):
    Can you provide more Information, i.e. what kind of stick (sheldon or sheldonp) and the installed fireOS, please!?
    Make sure (check in stettings) that the stick hasn't got an update already, because the latest OS will need the updated TZ.

    FYI, disable updates with:

    adb shell
    pm disable com.amazon.device.software.ota
    pm disable com.amazon.device.software.ota.override
    pm disable com.amazon.tv.forcedotaupdater.v2

    Maybe someone of you with a sheldonp device can install from here, without to flash magisk behind the OS update please, to see if it works?

    Users with sheldon can flash this too, but you need to change this prop first from twrp shell:
    adb shell
    resetprop ro.product.device sheldonp
    @k4y0z will a similar unlocking method be used for the Max once we receive the update?
    No, the Max isn't vulnerable to the preloader-exploit
    @Sus_i and @bloot and @Tech0308 and @Rortiz2 just to say all your painstaking coaching and my reading paid off (for me anyway😊) Instead of magisk, flashed the older update (from before ota update processes became protected) and set LM to block updates. It also fixed the issues with Netflix, Disney etc. Will look to flash Lineage custom rom sometime, now that I know how, and also put Linux on one of my laptops. Thanks heaps!

    Open TWRP, then mount /system, go to file explorer, go to navigate to priv-app and delete the folder
    Usually you should be good to go now, but goto /data/app and check for same folder (it will have something as suffix) if its present then delete it, your ota should be blocked.
    @SweenWolf thanks for your suggested fix . . . appreciate your work (and that of your good mate TDUK😊) LM and Debloat Tool are must-haves. This other way to block updates, is it somehow more permanent or safer than thru LM or Debloat Tool?
    I have the same problem since I flashed only TWRP alone and didn't installed anything on it just to be sure that my sheldon don't update ,Now any application who try to check DRM on stock firmware cause a bug and a reboot of the system. like netflix and disney+ or live tv with DRM..
    Could be that this is TZ related...
    We saw the same on mantis 4k fireTV stick, hangs and wont play if the TZ image on tee partition is too old compared to the installed fireOS version. Anyways, your problem sounds different to @Tech0308 problem.

    @Tech0308 You don't see this without a magisk install, then everything plays fine?