[UNLOCK][ROOT][TWRP][UNBRICK] Fire TV Stick 4K (mantis)

Search This thread

Animizio

Member
Aug 19, 2016
33
1
Hey I used an old version some time ago. Is it recommened to use the newest version again with the new features etc. or do I dont need it?

Also I'm at 6.2.8.1 with unlook and root atm, are there any FireOS Updates yet which are still working with unlook/root etc.? I cant find any new version on the internet/xda. Maybe a new 7.x update or something? Thanks
 

Sus_i

Senior Member
Apr 9, 2013
1,791
764
Hey I used an old version some time ago. Is it recommened to use the newest version again with the new features etc. or do I dont need it?
Idk if you need it, but you can flash the latest kamakiri.zip (+magisk) with twrp if you like, in order to update twrp recovery...
Besides that,, 6.2.8.1 is still fine... later update = more bloat.
 
  • Like
Reactions: Animizio

Schnoinsch

Member
Jan 16, 2019
27
6
Hey :)
I´m stuck on this step:

./bootrom-step.sh

When i connect it with the short, nothing happens. When i connect without short, it´s a runtime error:

RuntimeError: ERROR: Serial protocol mismatch, expected 0001 got 0000

Any idea what i should do so it connects with short?

Greetings, Schnoinsch
 

Sus_i

Senior Member
Apr 9, 2013
1,791
764
Hey :)
I´m stuck on this step:

./bootrom-step.sh

When i connect it with the short, nothing happens. When i connect without short, it´s a runtime error:

RuntimeError: ERROR: Serial protocol mismatch, expected 0001 got 0000

Any idea what i should do so it connects with short?

Greetings, Schnoinsch
Connect the shorted stick without running a script, then check lsusb...
 

hasobist

Senior Member
Feb 1, 2021
61
18
Hello a newbie here fetched a firestick 4k on sale that was updated to the latest firmware 6.2.8.9.
Tried the unlocking procedure with the fire iso the script gets frozen at waiting for device and without short ends with runtime errors.
Is there any possibility can achieve root or any alternative method appreciated.
Thank you for all your work.
 

Sus_i

Senior Member
Apr 9, 2013
1,791
764
Hello a newbie here fetched a firestick 4k on sale that was updated to the latest firmware 6.2.8.9.
No, you may return it and get an older stick from a local store ;)
Compare your sticks current serial with the stock in the shop, in order to get an idea from the date of manufacture...
 

Sus_i

Senior Member
Apr 9, 2013
1,791
764
Hello it's VM180 series
Thank you.......
Then forget about this serial, back then it was a vulnerable stick but patched via an update...
If the stick is really from amazon, it's maybe a refurbished one or maybe someone updated it and returned it after a quick read on xda. ;)

New sticks should have something with VM201... or later.

If you go for a look in a shop, VM20113xxx sticks arrived with 6.2.8.1, earlier serials should be fine.
 

hasobist

Senior Member
Feb 1, 2021
61
18
Then forget about this serial, back then it was a vulnerable stick but patched via an update...
If the stick is really from amazon, it's maybe a refurbished one or maybe someone updated it and returned it after a quick read on xda. ;)

New sticks should have something with VM201... or later.

If you go for a look in a shop, VM20113xxx sticks arrived with 6.2.8.1, earlier serials should be fine.
Okay fetched it from ebay .
Means once patched restore to factory defaults it still remains patched isn't it.
For now Wolf launcher works well ain't know the launcher manager never worked using the launcher with on fire boot and works well so far and with a debloat serves the purpose.
Will try for a new stick on sale a good deal with series mentioned by you
Have a cube 2nd gen will try rooting the same.
Thank you.......
 
  • Like
Reactions: Sus_i

jacoghi

Senior Member
Sep 24, 2012
371
570
Mirabel
VM241 with 6.2.8.1 out of the box here. After tweaking the script, I managed to get it working. After kamakiri succeeded, DRM stopped working, so for anybody with the same problem, here you go, this updates TZ back to whatever version was originally in your stick before kamakiri. Just flash it, credits to @Skel40 and @rbox since I extracted the TZ and cleaned script from his rooted rom.
 

Attachments

  • TZ-update-6281-kamakiri.zip
    4 MB · Views: 85

hasobist

Senior Member
Feb 1, 2021
61
18
Hello received a new update 6.2.9.1 yesterday,
All looks good on a non rooted stick.
Hoping to find a workaround for the vulnerable and patched sticks achieve root.
Thank you.......
 

Top Liked Posts

  • There are no posts matching your filters.
  • 2
    This says it is for the sheldon version, will that work with mantis?

    Also, for a device that is already rooted, how do you reboot the device into TWRP to flash a new ROM? DO you boot the live ISO, plug in the fire stick, and run ./fastboot-step.sh?
    Hello
    The first part of your question,The script does work to unlock Firetv 4k without short so you ain't need to open the stick.
    The second part of your question, when you boot the Firetv 4k it gives 5 seconds to boot into recovery a mouse connected via usb dongle helps in selecting the option to recovery once lapsed it boots to OS.
    The third part of your question just follow the instructions in the unlock thread.
    Just read through the previous posts of this thread you'll find most of the answers.
    Hope it helps.......
    2
    Can you clarify? You say "Once in TWRP", how do I get into TWRP? I need to issue command from an adb shell anyway, I will not be using a mouse.
    You have already unlocked and rooted your stick so i think you know the basics.
    If you are already rooted that means you have magisk installed on your firestick (theres no other meaning of root in this case) then boot up your firestick normally, open "Magisk Manager" click on three dots menu (on top right of the screen) and then choose reboot to recovery.
    If you don't have magisk installed (means you don't have root) then you can use adb to reboot into TWRP (do not boot into Fastboot if you don't want to brick your stick) now in order to do that follow one of the Options.

    Option 1 (if you dont have a pc)
    Download "Remote ADB Shell" on your Firestick (watch on youtube on how to do that)
    Open remote adb shell and in the IP address field enter "localhost" or "127.0.0.1" and in the port enter "5555" and connect.
    Your stick will show a popup, click on allow.
    Once in shell, type "reboot recovery"
    It will reboot into TWRP, from there you can flash any rom of your choice.

    Option TWO (if you have a pc)
    Get "Minimal ADB and Fastboot" from XDA or get "platform tools" from Android developers site, then install it.
    Once installed open the command prompt and type
    "adb devices" this will start adb server and show list of devices.
    Make sure your pc and firestick is connected to same wifi, get the ip address of your stick.
    Type in the ip address along with port like
    "adb connect 192.168.22.40:5555"
    Change 192.168.22.40 to ip address of your stick.
    Allow the debugging prompt on your firestick.
    And then type
    "adb reboot recovery"
    You will reboot into TWRP

    Option 3 (from stick itself with the help of OTG)
    Connect a Y type OTG to your Firestick, boot your firestick, you will be greeted with an option to reboot into recovery for 5 seconds, you can press cancel to "reboot to recovery" you will need a mouse connected to OTG to do that.
    1
    Possibly when the Fire Stick rebooted into TWRP mode, did it get assigned a different IP address, and that why the adb connect failed? Just grasping at straws here
    SMH, Bluetooth and Wifi does not work in TWRP, you don't have to type the ip address as there won't be any.
    The reason why i told you to connect using the cable is that it doesn't need any ip to connect, its a direct connection. You will have to type everything in the Console.
    And make sure you are using a data cable i.e. it should have 4 wires in it
    1
    How do I do a FULL wipe of the stick so nothing carries over? What would the adb commands be to do that?
    Boot into TWRP (via usb cable connected to your PC), then run something like this:
    Code:
    adb shell
    twrp wipe data
    twrp wipe cache
    You can run 'twrp format data' too, if you like.
    Done.

    Full list of commands:
    1
    I should reboot into recovery and back that up so I can return to that state easily, right?
    (y)
    Would the ADB command to back that up be (from adb shell) "twrp backup partition S, D to STOCK_BACKUP"
    You don't need a name for the backup, example "twrp backup S" will backup system...
  • 69
    NOTE: There have been multiple reports of devices with serial numbers containing VM190 or higher being shipped with DL-Mode disabled in BROM.
    These devices cannot be unlocked using kamakiri.
    These devices do not show up at all on USB when shorted.


    After the old bootrom-exploit (amonet) we've been using for unlocking all these Fire-gadgets is closed in more recent Mediatek SOCs like the one used in the FireTV Stick 4K, @xyz` has done it again and found another bootrom-exploit.
    Together we proudly present kamakiri for the FireTV Stick 4K.

    Before proceeding make sure to read and understand this entire post.

    Running this exploit requires a patched linux-kernel on the PC you are using.
    We have put together a Live-ISO that already contains all prerequisites required for running kamakiri.
    You can find the current version of the ISO at:
    https://github.com/amonet-kamakiri/fireiso/releases

    It can be burned to a CD or to a USB-flashdrive.

    Current Version: kamakiri-mantis-v2.0.1.zip


    You will need to open the device and remove the heatshield on the side without the antennas (2 square bricks).
    NOTE: It is not required to desolder or force the shield off, it is just clipped onto a frame. (The attached picture may be a bit misleading, since it also has the frame removed)

    You will need something for shorting (wire, aluminum foil etc.)

    1. Boot the ISO
    2. Download and extract the exploit package.
    3. Open a terminal in the kamakiri directory
    4. Run
      Code:
      ./bootrom-step.sh
    5. Short one of the points in the attached photo to ground (the cage of the shielding).
      Ideally you want to use DAT0, since that is tiny it might be easier to short the point marked CLK instead.
      It is very important that you use a piece of soft wire or aluminum foil or something similar for shorting. Don't use tweezers as that makes it incredibly easy to knock of the capacitor off the PCB and kill the board!
    6. Connect the stick to your computer (while keeping it shorted)
    7. The script should tell you to release the short and hit enter
    8. Once finished run
      Code:
      ./fastboot-step.sh
    9. Your device will now reboot into TWRP

    Important information

    Don't flash boot/recovery images from FireOS (FlashFire, MagiskManager etc.)

    TWRP will prevent updates from overwriting LK/Preloader/TZ, so generally installing an update should work without issues (only full updates, incremental updates won't work).

    For ROM developers there is still an option to overwrite these, which should only be done after thorough testing and if needed (LK should never be updated).

    It is still advised to disable OTA.

    thanks to @hwmod for the picture
    thanks to @Sus_i for providing an update.bin
    thanks to @zeroepoch for developing aftv2-tools

    Contributors
    k4y0z, xyz`
    Source Code: https://github.com/amonet-kamakiri/
    16
    There are three options for interacting with TWRP:
    1. A mouse via USB-OTG
    2. TWRP commandline via adb: https://twrp.me/faq/openrecoveryscript.html
    3. Via /cache/recovery/command

    Example for /cache/recovery/command:
    Code:
    echo "--update_package=/path/to/zipfile" > /cache/recovery/command
    echo "--wipe_cache" >> /cache/recovery/command
    reboot recovery

    Should you somehow end in a bootloop, TWRP contains a special boot menu that will be displayed when you boot the stick with an OTG-cable connected.
    It will give you 5 seconds to hit cancel and stay in TWRP or reboot into the OS otherwise.

    NOTE:This will only work if the boot-exploit is still there.
    13
    I'v just uploaded a new Version of the unlock for mantis.
    It comes with an all new TWRP (3.6.1) and an unlock method that works even for fused devices with firmware version < 6.2.8.7, no shorting needed!
    For detailed instructions check https://forum.xda-developers.com/t/...k-3-and-fire-tv-stick-lite-sheldon-p.4410297/ (Use mantis-zip from here, will update instructions here in a bit)
    12
    Well that was easy! And my stick isn't on the latest version, so I'll be able to get some update URLs and make a prerooted ROM hopefully this weekend.
    11
    Is this something that Amazon can fix with future updates? I am holding off until we have a more refined rom..

    No, the only way they can fix it is with a new hardware revision.