[UNLOCK][ROOT][TWRP][UNBRICK] Fire TV Stick 4K (mantis)

Search This thread

Animizio

Member
Aug 19, 2016
33
1
Hey I used an old version some time ago. Is it recommened to use the newest version again with the new features etc. or do I dont need it?

Also I'm at 6.2.8.1 with unlook and root atm, are there any FireOS Updates yet which are still working with unlook/root etc.? I cant find any new version on the internet/xda. Maybe a new 7.x update or something? Thanks
 

Sus_i

Senior Member
Apr 9, 2013
1,699
725
Hey I used an old version some time ago. Is it recommened to use the newest version again with the new features etc. or do I dont need it?
Idk if you need it, but you can flash the latest kamakiri.zip (+magisk) with twrp if you like, in order to update twrp recovery...
Besides that,, 6.2.8.1 is still fine... later update = more bloat.
 
  • Like
Reactions: Animizio

Schnoinsch

Member
Jan 16, 2019
27
6
Hey :)
I´m stuck on this step:

./bootrom-step.sh

When i connect it with the short, nothing happens. When i connect without short, it´s a runtime error:

RuntimeError: ERROR: Serial protocol mismatch, expected 0001 got 0000

Any idea what i should do so it connects with short?

Greetings, Schnoinsch
 

Sus_i

Senior Member
Apr 9, 2013
1,699
725
Hey :)
I´m stuck on this step:

./bootrom-step.sh

When i connect it with the short, nothing happens. When i connect without short, it´s a runtime error:

RuntimeError: ERROR: Serial protocol mismatch, expected 0001 got 0000

Any idea what i should do so it connects with short?

Greetings, Schnoinsch
Connect the shorted stick without running a script, then check lsusb...
 

hasobist

Senior Member
Feb 1, 2021
55
16
Hello a newbie here fetched a firestick 4k on sale that was updated to the latest firmware 6.2.8.9.
Tried the unlocking procedure with the fire iso the script gets frozen at waiting for device and without short ends with runtime errors.
Is there any possibility can achieve root or any alternative method appreciated.
Thank you for all your work.
 

Sus_i

Senior Member
Apr 9, 2013
1,699
725
Hello a newbie here fetched a firestick 4k on sale that was updated to the latest firmware 6.2.8.9.
No, you may return it and get an older stick from a local store ;)
Compare your sticks current serial with the stock in the shop, in order to get an idea from the date of manufacture...
 

Sus_i

Senior Member
Apr 9, 2013
1,699
725
Hello it's VM180 series
Thank you.......
Then forget about this serial, back then it was a vulnerable stick but patched via an update...
If the stick is really from amazon, it's maybe a refurbished one or maybe someone updated it and returned it after a quick read on xda. ;)

New sticks should have something with VM201... or later.

If you go for a look in a shop, VM20113xxx sticks arrived with 6.2.8.1, earlier serials should be fine.
 

hasobist

Senior Member
Feb 1, 2021
55
16
Then forget about this serial, back then it was a vulnerable stick but patched via an update...
If the stick is really from amazon, it's maybe a refurbished one or maybe someone updated it and returned it after a quick read on xda. ;)

New sticks should have something with VM201... or later.

If you go for a look in a shop, VM20113xxx sticks arrived with 6.2.8.1, earlier serials should be fine.
Okay fetched it from ebay .
Means once patched restore to factory defaults it still remains patched isn't it.
For now Wolf launcher works well ain't know the launcher manager never worked using the launcher with on fire boot and works well so far and with a debloat serves the purpose.
Will try for a new stick on sale a good deal with series mentioned by you
Have a cube 2nd gen will try rooting the same.
Thank you.......
 
  • Like
Reactions: Sus_i

jacoghi

Senior Member
Sep 24, 2012
371
568
Mirabel
VM241 with 6.2.8.1 out of the box here. After tweaking the script, I managed to get it working. After kamakiri succeeded, DRM stopped working, so for anybody with the same problem, here you go, this updates TZ back to whatever version was originally in your stick before kamakiri. Just flash it, credits to @Skel40 and @rbox since I extracted the TZ and cleaned script from his rooted rom.
 

Attachments

  • TZ-update-6281-kamakiri.zip
    4 MB · Views: 54

hasobist

Senior Member
Feb 1, 2021
55
16
Hello received a new update 6.2.9.1 yesterday,
All looks good on a non rooted stick.
Hoping to find a workaround for the vulnerable and patched sticks achieve root.
Thank you.......
 

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    Where do I find the "sheldon unlock guide"? My firestick 4k is at 6.2.8.1
    1
    Where do I find the "sheldon unlock guide"? My firestick 4k is at 6.2.8.1
    Hello
    Use kamakari-mantis-v2.0.1 of firetv 4k from OP and follow the instructions here https://forum.xda-developers.com/t/...k-3-and-fire-tv-stick-lite-sheldon-p.4410297/
    Use Fireiso 2.0.0 or you can
    try using ubuntu for unlocking.......
  • 69
    NOTE: There have been multiple reports of devices with serial numbers containing VM190 or higher being shipped with DL-Mode disabled in BROM.
    These devices cannot be unlocked using kamakiri.
    These devices do not show up at all on USB when shorted.


    After the old bootrom-exploit (amonet) we've been using for unlocking all these Fire-gadgets is closed in more recent Mediatek SOCs like the one used in the FireTV Stick 4K, @xyz` has done it again and found another bootrom-exploit.
    Together we proudly present kamakiri for the FireTV Stick 4K.

    Before proceeding make sure to read and understand this entire post.

    Running this exploit requires a patched linux-kernel on the PC you are using.
    We have put together a Live-ISO that already contains all prerequisites required for running kamakiri.
    You can find the current version of the ISO at:
    https://github.com/amonet-kamakiri/fireiso/releases

    It can be burned to a CD or to a USB-flashdrive.

    Current Version: kamakiri-mantis-v2.0.1.zip


    You will need to open the device and remove the heatshield on the side without the antennas (2 square bricks).
    NOTE: It is not required to desolder or force the shield off, it is just clipped onto a frame. (The attached picture may be a bit misleading, since it also has the frame removed)

    You will need something for shorting (wire, aluminum foil etc.)

    1. Boot the ISO
    2. Download and extract the exploit package.
    3. Open a terminal in the kamakiri directory
    4. Run
      Code:
      ./bootrom-step.sh
    5. Short one of the points in the attached photo to ground (the cage of the shielding).
      Ideally you want to use DAT0, since that is tiny it might be easier to short the point marked CLK instead.
      It is very important that you use a piece of soft wire or aluminum foil or something similar for shorting. Don't use tweezers as that makes it incredibly easy to knock of the capacitor off the PCB and kill the board!
    6. Connect the stick to your computer (while keeping it shorted)
    7. The script should tell you to release the short and hit enter
    8. Once finished run
      Code:
      ./fastboot-step.sh
    9. Your device will now reboot into TWRP

    Important information

    Don't flash boot/recovery images from FireOS (FlashFire, MagiskManager etc.)

    TWRP will prevent updates from overwriting LK/Preloader/TZ, so generally installing an update should work without issues (only full updates, incremental updates won't work).

    For ROM developers there is still an option to overwrite these, which should only be done after thorough testing and if needed (LK should never be updated).

    It is still advised to disable OTA.

    thanks to @hwmod for the picture
    thanks to @Sus_i for providing an update.bin
    thanks to @zeroepoch for developing aftv2-tools

    Contributors
    k4y0z, xyz`
    Source Code: https://github.com/amonet-kamakiri/
    16
    There are three options for interacting with TWRP:
    1. A mouse via USB-OTG
    2. TWRP commandline via adb: https://twrp.me/faq/openrecoveryscript.html
    3. Via /cache/recovery/command

    Example for /cache/recovery/command:
    Code:
    echo "--update_package=/path/to/zipfile" > /cache/recovery/command
    echo "--wipe_cache" >> /cache/recovery/command
    reboot recovery

    Should you somehow end in a bootloop, TWRP contains a special boot menu that will be displayed when you boot the stick with an OTG-cable connected.
    It will give you 5 seconds to hit cancel and stay in TWRP or reboot into the OS otherwise.

    NOTE:This will only work if the boot-exploit is still there.
    12
    Well that was easy! And my stick isn't on the latest version, so I'll be able to get some update URLs and make a prerooted ROM hopefully this weekend.
    12
    I'v just uploaded a new Version of the unlock for mantis.
    It comes with an all new TWRP (3.6.1) and an unlock method that works even for fused devices with firmware version < 6.2.8.7, no shorting needed!
    For detailed instructions check https://forum.xda-developers.com/t/...k-3-and-fire-tv-stick-lite-sheldon-p.4410297/ (Use mantis-zip from here, will update instructions here in a bit)
    11
    Is this something that Amazon can fix with future updates? I am holding off until we have a more refined rom..

    No, the only way they can fix it is with a new hardware revision.