[UNLOCK][ROOT][TWRP][UNBRICK] Fire TV Stick 4K (mantis)

Search This thread

Leproide

Member
Jul 10, 2016
12
6
Verbania
UPDATE:
Ok, i have a rooted firestick now but i cant login in amazon account, for this i cant pair a remote.
I tried to pair with a bt pairing app, but the remote wont work.
Is possible to change the firestick serial number for unban?
 
Last edited:

cnnn1234

New member
Oct 17, 2022
1
0
VM241 with 6.2.8.1 out of the box here. After tweaking the script, I managed to get it working. After kamakiri succeeded, DRM stopped working, so for anybody with the same problem, here you go, this updates TZ back to whatever version was originally in your stick before kamakiri. Just flash it, credits to @Skel40 and @rbox since I extracted the TZ and cleaned script from his rooted rom.
Thank you. It fixed our streaming issue. I discovered the DRM issue on day 1 of our vacation and it was a huge bummer kids couldn’t watch Disney+.

In case anyone needs some quick instructions.
adb reboot recovery
adb push path_to_the_tz.zip /sdcard
adb shell
# twrp install /sdcard/the_tz.zip
adb reboot
 

Spyder_NA

New member
Oct 17, 2022
1
0
I have a fire tv stick 4K with a software version of 6.2.9.1 and serial number containing VM201. Will this method work for me or as the firmware is too current it will not be possible?
 

bl3ckjeck

Member
Jan 24, 2014
26
0
Help please
 

Attachments

  • 1666170148928118280148937162862.jpg
    1666170148928118280148937162862.jpg
    3.6 MB · Views: 87

Sus_i

Senior Member
Apr 9, 2013
1,858
811
  • Like
Reactions: Kramar111

emkorial

Senior Member
Mar 2, 2008
425
16


This says it is for the sheldon version, will that work with mantis?

Also, for a device that is already rooted, how do you reboot the device into TWRP to flash a new ROM? DO you boot the live ISO, plug in the fire stick, and run ./fastboot-step.sh?
 

hasobist

Senior Member
Feb 1, 2021
64
18
This says it is for the sheldon version, will that work with mantis?

Also, for a device that is already rooted, how do you reboot the device into TWRP to flash a new ROM? DO you boot the live ISO, plug in the fire stick, and run ./fastboot-step.sh?
Hello
The first part of your question,The script does work to unlock Firetv 4k without short so you ain't need to open the stick.
The second part of your question, when you boot the Firetv 4k it gives 5 seconds to boot into recovery a mouse connected via usb dongle helps in selecting the option to recovery once lapsed it boots to OS.
The third part of your question just follow the instructions in the unlock thread.
Just read through the previous posts of this thread you'll find most of the answers.
Hope it helps.......
 
Last edited:
  • Like
Reactions: Kramar111 and Sus_i

emkorial

Senior Member
Mar 2, 2008
425
16
Hello
The first part of your qurstion,The script does work to unlock Firetv 4k without short so you ain't need to open the stick.
The second part of your question, when you boot the Firetv 4k it gives 5 seconds to boot into recovery a mouse connected via usb dongle helps in selecting the option to recovery once lapsed it boots to OS.
The third part of your question just follow the instructions in the unlock thread.
Just read through the previous posts of this thread you'll find most of the answers.
Hope it helps.......

I was asking if it works on Mantis. And does it work if the eFuse is already blown?


Your second part is for my already unlocked Fire Stick. When I plug the device in, I do not get any option to select anything, so plugging a mouse won't do anything. The only way I was able to get to recovery before was performing the entire exploit. How do you get into recovery after you have already performed the exploit/unlocked the device?

Would I boot a laptop with the ISO from the unlock thread, plug in the Fire Stick, and then run adb commands from there to fastboot into recovery?

Thanks for any help. I need to re-flash the 6.6 Fire OS.
 

hasobist

Senior Member
Feb 1, 2021
64
18
I was asking if it works on Mantis. And does it work if the eFuse is already blown?


Your second part is for my already unlocked Fire Stick. When I plug the device in, I do not get any option to select anything, so plugging a mouse won't do anything. The only way I was able to get to recovery before was performing the entire exploit. How do you get into recovery after you have already performed the exploit/unlocked the device?

Would I boot a laptop with the ISO from the unlock thread, plug in the Fire Stick, and then run adb commands from there to fastboot into recovery?

Thanks for any help. I need to re-flash the 6.6 Fire OS.
Hello
Which version of OS you're currently on and check the serial no of the stick nevertheless it's worth giving a try.
If your Firetv 4k is unlocked and the script Kamakari-mantis-v2.0.1 ended successfully it should provide you with an option ,try connecting it to the TV and check on screen whether you get the option.
You can burn the ISO to USB to make a bootable USB and boot via USB using a Desktop or a Laptop.
As said earler read through the thread you have the unanswered answered.
Hope it helps.......
 

emkorial

Senior Member
Mar 2, 2008
425
16
Hello
Which version of OS you're currently on and check the serial no of the stick nevertheless it's worth giving a try.
If your Firetv 4k is unlocked and the script Kamakari-mantis-v2.0.1 ended successfully it should provide you with an option ,try connecting it to the TV and check on screen whether you get the option.
You can burn the ISO to USB to make a bootable USB and boot via USB using a Desktop or a Laptop.
As said earler read through the thread you have the unanswered answered.
Hope it helps.......

Still trying to understand what you are saying ... Let me break it down

  • I have a Fire Stick. It has been unlocked and rooted following the instruction for the exploit. I had flashed the 6.6 OS. It all worked great
  • I now need to RE FLASH 6.6 on the same stick.
  • How do I get to an ADB shell to do so? Once I can get to an adb shell I know I can fastboot recovery the device to and the run the TWRP commands needed to re flash 6.6, but I don't know how to get to the adb shell in the first place to issue those commands. Plugging the stick into the TV just boots it as a normal fire stick.
Thanks for any help
 

hasobist

Senior Member
Feb 1, 2021
64
18
Hello emkorial
Your not getting the option since the Firetv 4k is ain't connected to an OTG cable or a USB hub and a usb mouse connected to navigate once in TWRP and then try reboot you'll get the option.
Hope it helps.......
 

emkorial

Senior Member
Mar 2, 2008
425
16
Hello emkorial
Your not getting the option since the Firetv 4k is ain't connected to an OTG cable or a USB hub and a usb mouse connected to navigate once in TWRP and then try reboot you'll get the option.
Hope it helps.......

Can you clarify? You say "Once in TWRP", how do I get into TWRP? I need to issue command from an adb shell anyway, I will not be using a mouse.
 

SweenWolf

Senior Member
Mar 18, 2016
681
588
Paradise
Amazon Fire TV
Can you clarify? You say "Once in TWRP", how do I get into TWRP? I need to issue command from an adb shell anyway, I will not be using a mouse.
You have already unlocked and rooted your stick so i think you know the basics.
If you are already rooted that means you have magisk installed on your firestick (theres no other meaning of root in this case) then boot up your firestick normally, open "Magisk Manager" click on three dots menu (on top right of the screen) and then choose reboot to recovery.
If you don't have magisk installed (means you don't have root) then you can use adb to reboot into TWRP (do not boot into Fastboot if you don't want to brick your stick) now in order to do that follow one of the Options.

Option 1 (if you dont have a pc)
Download "Remote ADB Shell" on your Firestick (watch on youtube on how to do that)
Open remote adb shell and in the IP address field enter "localhost" or "127.0.0.1" and in the port enter "5555" and connect.
Your stick will show a popup, click on allow.
Once in shell, type "reboot recovery"
It will reboot into TWRP, from there you can flash any rom of your choice.

Option TWO (if you have a pc)
Get "Minimal ADB and Fastboot" from XDA or get "platform tools" from Android developers site, then install it.
Once installed open the command prompt and type
"adb devices" this will start adb server and show list of devices.
Make sure your pc and firestick is connected to same wifi, get the ip address of your stick.
Type in the ip address along with port like
"adb connect 192.168.22.40:5555"
Change 192.168.22.40 to ip address of your stick.
Allow the debugging prompt on your firestick.
And then type
"adb reboot recovery"
You will reboot into TWRP

Option 3 (from stick itself with the help of OTG)
Connect a Y type OTG to your Firestick, boot your firestick, you will be greeted with an option to reboot into recovery for 5 seconds, you can press cancel to "reboot to recovery" you will need a mouse connected to OTG to do that.
 
  • Like
Reactions: hasobist and Finnzz

emkorial

Senior Member
Mar 2, 2008
425
16
You have already unlocked and rooted your stick so i think you know the basics.
If you are already rooted that means you have magisk installed on your firestick (theres no other meaning of root in this case) then boot up your firestick normally, open "Magisk Manager" click on three dots menu (on top right of the screen) and then choose reboot to recovery.
If you don't have magisk installed (means you don't have root) then you can use adb to reboot into TWRP (do not boot into Fastboot if you don't want to brick your stick) now in order to do that follow one of the Options.

Option 1 (if you dont have a pc)
Download "Remote ADB Shell" on your Firestick (watch on youtube on how to do that)
Open remote adb shell and in the IP address field enter "localhost" or "127.0.0.1" and in the port enter "5555" and connect.
Your stick will show a popup, click on allow.
Once in shell, type "reboot recovery"
It will reboot into TWRP, from there you can flash any rom of your choice.

Option TWO (if you have a pc)
Get "Minimal ADB and Fastboot" from XDA or get "platform tools" from Android developers site, then install it.
Once installed open the command prompt and type
"adb devices" this will start adb server and show list of devices.
Make sure your pc and firestick is connected to same wifi, get the ip address of your stick.
Type in the ip address along with port like
"adb connect 192.168.22.40:5555"
Change 192.168.22.40 to ip address of your stick.
Allow the debugging prompt on your firestick.
And then type
"adb reboot recovery"
You will reboot into TWRP

Option 3 (from stick itself with the help of OTG)
Connect a Y type OTG to your Firestick, boot your firestick, you will be greeted with an option to reboot into recovery for 5 seconds, you can press cancel to "reboot to recovery" you will need a mouse connected to OTG to do that.


Thanks, this is much more comprehensive.

I do have Magisk installed. So I just launch Magisk (I have never done this) and select reboot into recovery, and that will reboot me into TWRP and I can flash 6.2.6.6? I already copied the ROM file up to the stick. Do you use the fire TV remote to navigate Magisk and TWRP?

And if I do that, how to I access adb afterwords to run the commands to disable OTA updates? Or do I even need to? The ROM I am flashing is the 6.2.6.6 rooted one from https://forum.xda-developers.com/t/...is-prerooted-stock-images-6-2-8-1_r3.3983091/, does that have OTA disable already?

Or, could I just skip using MAgisk and try one of the options you listed. I think option 2 would be the best for me, so basically to reflash 6.2.6.6 I would do the following:

  • Get "Minimal ADB and Fastboot" and install it.
  • Once installed open the command prompt and type "adb devices" this will start adb server and show list of devices.
  • Make sure your pc and firestick is connected to same wifi, get the ip address of your stick.
  • Type in the ip address along with port like "adb connect [ip address of my stick]:5555"
  • Allow the debugging prompt on your firestick.
  • And then type the following
    • adb reboot recovery
  • After it reboots type
    • adb devices (I should see the SN of my stick)
    • adb shell
    • twrp install /sdcard/mantis-6.2.6.6_r1.zip
    • twrp wipe cache
    • twrp wipe dalvik
    • reboot -p
Following either method, Magisk to TWRP or flashing via adb commands, after the reboot is complete, once it gets to the setup screen, to disable OTA updates (assuming I still need to, if the ROM does not have them disabled already), I connect adb per the instructions above then run
  • adb shell
  • su
  • pm disable com.amazon.tv.forcedotaupdater.v2
  • pm disable com.amazon.device.software.ota
  • pm disable com.amazon.device.software.ota.override

And I would be back in business? It's insane, I went to watch a freaking Thursday football game, it tells me I need to update an app, and because of THAT it screws up the display on my Firestick (it is like 300% brightness now), I need to go through all this

One question, do I need to deregister my FireStick before doing all this?
 
Last edited:

SweenWolf

Senior Member
Mar 18, 2016
681
588
Paradise
Amazon Fire TV
Thanks, this is much more comprehensive. I think option 2 would be the best for me, so basically to reflash 6.2.6.6 I would do the following:

  • Get "Minimal ADB and Fastboot" and install it.
  • Once installed open the command prompt and type "adb devices" this will start adb server and show list of devices.
  • Make sure your pc and firestick is connected to same wifi, get the ip address of your stick.
  • Type in the ip address along with port like "adb connect 192.168.22.40:5555"
  • Allow the debugging prompt on your firestick.
  • And then type the following
    • adb push <my local location of ROM/mantis-6.2.6.6_r1.zip / sdcard/
    • adb reboot recovery
    • adb shell
    • twrp install /sdcard/mantis-6.2.6.6_r1.zip
    • twrp wipe cache
    • twrp wipe dalvik
    • reboot -p
And I would be back in business? It's insane, I went to watch a freaking Thursday footbal game, it tells me I need to update an app, and because of THAT it screws up the display on my Firestick (it is like 300% brightness now), I need to go through all this

One question, do I need to deregister my FireStick before doing all this? And I will need to disable OTA updates again, correct?
Just flash, if ota packages are reenabled then disable them.
Just do this.

Pull out the data cable from your TV/Power brick and connect it to your computer.
Your stick will be powered by the usb ports of the computer and will start booting. Once its booted, open cmd/ps/terminal
Type "adb devices"
Accept prompt on your tv
Then type command to push with (adb push)
Reboot to recovery using (adb reboot recovery)
Get into shell by using (adb shell)
Flash the zip using (twrp install)
Reboot using (reboot)
 

emkorial

Senior Member
Mar 2, 2008
425
16
Just flash, if ota packages are reenabled then disable them.
Just do this.

Pull out the data cable from your TV/Power brick and connect it to your computer.
Your stick will be powered by the usb ports of the computer and will start booting. Once its booted, open cmd/ps/terminal
Type "adb devices"
Accept prompt on your tv
Then type command to push with (adb push)
Reboot to recovery using (adb reboot recovery)
Get into shell by using (adb shell)
Flash the zip using (twrp install)
Reboot using (reboot)


OK, so just to try and make this as idiot proof as possible for me:
  1. Plug the USB cable that I currently have going to the power strip into my Windows laptop. This will boot the stick
  2. Once it is booted, open a cmd prompt
  3. Run "adb devices"
  4. I will get some prompt on the TV, click OK using the Fire TV Remote
    (I don't think I need to push anything since I have the ROM already on the /sdcard of the stick)
  5. Type "adb reboot recovery", this will reboot me into TWRP
  6. Type "adb shell"
  7. Type "twrp install /sdcard/mantis-6.2.6.6_r1.zip" (this file is already there)
  8. Type "twrp wipe cache"
  9. Type "twrp wipe dalvik"
  10. Type "reboot -p"
At that point I should have a stick that is freshly flashed to 6.2.6.6, that may have OTA re-enabled

Two final questions before I dive into this:
  1. If OTA is re-enabled, how do I prevent it from updating before I get a chance to disable OTA?
  2. Do I need to deregister my firestick before I do this? I would prefer not to if it is not needed but if it has to be done, that's OK

Thanks again for the excellent help!
 

Top Liked Posts

  • There are no posts matching your filters.
  • 3
    Thanks again, but I'm still having trouble. I'm still not clear on how to use ADB without it being previously enabled.
    TWRP does have a sideload but when trying to start I just get the starting.... message
    Not adb sideload. You need to boot TWRP, start adb shell and then use TWRP commandline via USB cable ;)
    I also wasn't clear on the comment about no mouse/OTG cable, how do I stop TWRP from rebooting to FireTV when I don't have a mouse? Am I missing something?
    Boot the fireISO,
    open a terminal in the kamakiri folder,
    run ./boot-recovery.sh
    and connect the stick via fireTV usb cable.
    TWRP will boot and if you type adb shell in the terminal, then you can use TWRP commandline.

    I think down time is my worst enemy, well that and not totally understanding exactly how this works on an OS level...
    I decided to give another try with booting and interrupting the download to get back to the registration screen but I ran into what appears to be a major problem.... if I use the feature to enable voice menu that just enables the feature, it doesn't take you to the special screen that can be used to exit to the registration page... FRICK! So pissed at myself for hesitating when given the chance before... proof I failed myself by not leaning droid development 12 years ago!

    I did some searching and can't find a way around this. Sure, pressing the two buttons again turns it off, but turning on just turns it on... I guess there's a flag saved somewhere I'll need to find. But I don't find anyone talking about doing that online. Is there a way to reset that setting? Will the TWRP factory wipe get this done without wiping TWRP?
    Now you've got a terminal open, TWRP is running.
    Download magisk from here:
    If adb shell is running quit with exit, then rename the apk to zip and push it to sdcard via adb push command.
    Then start adb shell and use:
    twrp wipe data
    twrp wipe cache
    twrp install /sdcard/name-of-the-zip.zip

    Now you should be able to skip the initial update again and magisk is installed.

    Note: Never ever flash something via an APP from inside fireOS, especially not magisk updates. Only TWRP will work. Also never wipe system ;)
    2
    What is the proper procedure to get it updated to 6.2.9.4?? I assume the DRM is out of date and Netflix and prime show a black screen. It also seems this root blocks updates, as it just boots to twrp and the update never happens.
    As you've got a stick with 6281 (already burned efuse = shorting method gone), there isn't a special procedure required, you would just need to flash the rom you like...

    If you go to 6.2.9.4 you may flash the TZ too (if there are DRM playback issues or black screens).
    Easiest way to do this is take/extract the TZ image from 6.2.9.4 rom and overwrite the TZ image from kamakiri 2.1 folder. Then re-do the bootrom/fastboot-step.
    I am perfectly ok with manually updating but can't seem to find the bins anywhere. Any help here would be appreciated.
    2
    Prompt now has the 13| prepended.
    Magisk on the FireTV has presented an upgrade option and given the previous comment about not flashing from anything other than TWRP has me frozen in my tracks. =)
    su is aviable as soon as you grant access

    Wondering if I should accept the "download and install" Magisk upgrade or should I just start pushing rbox images using TWRP?
    Any update of the 'magisk manager' (app) is ok... (y)

    The update/upgrade of 'magisk' will only work via TWRP.
    2
    But when I try to run 'su' or 'pm' I get "Not found". I tried 'su' and 'pm' via adb shell and twrp terminal with same results.
    You are in TWRP, and already have root. Package Manager isn't available until you boot FireOS.
    2
    Can someone can give me the "ls" output of folloing command - with ADB Shell + SU - of a rooted decive - FireOS version does not matter... Its just about the correct settings for chmod/chmod/chcon
    Nevermid... Just noticed that Pretoriano80's Kernel (which I'am at 6.2.7.7 - 3033) as insecure ADB - Therefore no ADB RSA Keys are needed - And no popub came up - Even if file (on FireTV) /data/misc/adb/adb_keys is deleted/renamed.
    For testing: With stock Kernel 3033 the RSA PopUp came up again (with deleted /data/misc/adb/adb_keys),
    and new file /data/misc/adb/adb_keys is created with correct permissions...

    Can I trigger the stick to forget the previous saved authentication?
    :ROFLMAO: Again we are fiddling at the same place - I wonder why? :)

    Even if its not needed for your case anymore - To reset the RSA Key its needed to delete/rename files on the sending and receving side (one side should be enough as well, but to keep it clear... both)

    WinPC: C:\Users\<USER>\.android - Files: adbkey + adbkey.pub
    Linux/Android/FireTV: /data/misc/adb/ - File: adb_keys
    FireISO: /root/.android/ - Files: adbkey + adbkey.pub (of course temporary)

    On WInPC its reported that adbkey + adbkey.pub may are saved at other places.
    If they are not in mentioned folder search on system drive for them....
  • 69
    NOTE: There have been multiple reports of devices with serial numbers containing VM190 or higher being shipped with DL-Mode disabled in BROM.
    These devices cannot be unlocked using kamakiri.
    These devices do not show up at all on USB when shorted.


    After the old bootrom-exploit (amonet) we've been using for unlocking all these Fire-gadgets is closed in more recent Mediatek SOCs like the one used in the FireTV Stick 4K, @xyz` has done it again and found another bootrom-exploit.
    Together we proudly present kamakiri for the FireTV Stick 4K.

    Before proceeding make sure to read and understand this entire post.

    Running this exploit requires a patched linux-kernel on the PC you are using.
    We have put together a Live-ISO that already contains all prerequisites required for running kamakiri.
    You can find the current version of the ISO at:
    https://github.com/amonet-kamakiri/fireiso/releases

    It can be burned to a CD or to a USB-flashdrive.

    Current Version: kamakiri-mantis-v2.0.1.zip


    You will need to open the device and remove the heatshield on the side without the antennas (2 square bricks).
    NOTE: It is not required to desolder or force the shield off, it is just clipped onto a frame. (The attached picture may be a bit misleading, since it also has the frame removed)

    You will need something for shorting (wire, aluminum foil etc.)

    1. Boot the ISO
    2. Download and extract the exploit package.
    3. Open a terminal in the kamakiri directory
    4. Run
      Code:
      ./bootrom-step.sh
    5. Short one of the points in the attached photo to ground (the cage of the shielding).
      Ideally you want to use DAT0, since that is tiny it might be easier to short the point marked CLK instead.
      It is very important that you use a piece of soft wire or aluminum foil or something similar for shorting. Don't use tweezers as that makes it incredibly easy to knock of the capacitor off the PCB and kill the board!
    6. Connect the stick to your computer (while keeping it shorted)
    7. The script should tell you to release the short and hit enter
    8. Once finished run
      Code:
      ./fastboot-step.sh
    9. Your device will now reboot into TWRP

    Important information

    Don't flash boot/recovery images from FireOS (FlashFire, MagiskManager etc.)

    TWRP will prevent updates from overwriting LK/Preloader/TZ, so generally installing an update should work without issues (only full updates, incremental updates won't work).

    For ROM developers there is still an option to overwrite these, which should only be done after thorough testing and if needed (LK should never be updated).

    It is still advised to disable OTA.

    thanks to @hwmod for the picture
    thanks to @Sus_i for providing an update.bin
    thanks to @zeroepoch for developing aftv2-tools

    Contributors
    k4y0z, xyz`
    Source Code: https://github.com/amonet-kamakiri/
    16
    There are three options for interacting with TWRP:
    1. A mouse via USB-OTG
    2. TWRP commandline via adb: https://twrp.me/faq/openrecoveryscript.html
    3. Via /cache/recovery/command

    Example for /cache/recovery/command:
    Code:
    echo "--update_package=/path/to/zipfile" > /cache/recovery/command
    echo "--wipe_cache" >> /cache/recovery/command
    reboot recovery

    Should you somehow end in a bootloop, TWRP contains a special boot menu that will be displayed when you boot the stick with an OTG-cable connected.
    It will give you 5 seconds to hit cancel and stay in TWRP or reboot into the OS otherwise.

    NOTE:This will only work if the boot-exploit is still there.
    13
    I'v just uploaded a new Version of the unlock for mantis.
    It comes with an all new TWRP (3.6.1) and an unlock method that works even for fused devices with firmware version < 6.2.8.7, no shorting needed!
    For detailed instructions check https://forum.xda-developers.com/t/...k-3-and-fire-tv-stick-lite-sheldon-p.4410297/ (Use mantis-zip from here, will update instructions here in a bit)
    12
    Well that was easy! And my stick isn't on the latest version, so I'll be able to get some update URLs and make a prerooted ROM hopefully this weekend.
    11
    Is this something that Amazon can fix with future updates? I am holding off until we have a more refined rom..

    No, the only way they can fix it is with a new hardware revision.