[UNLOCK][ROOT][TWRP][UNBRICK] Fire TV Stick 4K (mantis)

Search This thread


Dec 2, 2020
Yeah might help, meant to add the version to initial post but must have had brain fade.
[Guide] [ROM] (mantis) Fire TV Stick 4K Prerooted Android TV Rom ( is the currently installed ROM, bar the remote issue, everything works perfectly.

Evidently I missed the post about other users having issues pairing the remote on page 11, seems I am not alone in this, maybe find an alternate ROM,

I thought it would be straight forward if you have an old style remote. I used that image too and paired newer remote. The issue I had was not having an old remote, had to use adb shell commands to put in my wifi details and then use firetv on my app to control the stick and pair the new style remote.

This guide:

Might be that you will have to remove the old remote to pair the new one? You can just skip to final paragraph in that post.


Senior Member
Apr 9, 2013
  • Like
Reactions: cityhunter_1919_xyz
Dec 29, 2022
I have a 4K with OS because I accidentally deactivated OTA, but the RAM has increased by 0.5GB.(1.3GB -> 1.8GB)
Did this increase when the version was upgraded?

Also, if I manually UPDATE a 4K with TWRP installed to, is it possible to keep TWRP?


Senior Member
Nov 19, 2012
Amazon Fire TV
Samsung Galaxy S9+
Old kamakiri v1.x, i.e. root/unlock 'with shorting' gets blocked by:
-serial numbers starting with 190... or by update higher than 6280.

The new root/unlock method without any shorting (kamakiri v2.x) works on all devices, serial doesn't matter, as long as the installed fireOS is not at or above, i.e. needs to be lower.

It's still very easy to get fireTV 4k sticks at a lower OS than, if you do the unlock infront of the setup/logon/update thing. Avoid any boot until the thing is rooted ;)

I'm quite new in this FireTV business. But I do have Android rooting knowledge from the older days (Sammy ACE 2 and sony z3 compact).
Even if I should kown it better I pluged my FireTV 4K (E9L29Y) in (bought years ago - ever used before) and it self updated during the day to latest Actually I was not planning to "play" with this device but some spare time and the lack of full NTFS support brought back some rooting whishes... :)

I'm I right that my device is now not rootable at all anymore?
Mar 30, 2019
L Guys, I've tried short-circuiting the Fire TV Stick 4K with a paperclip, but I keep getting SERIAL PROTOCOL MISSMATCH, help!!!! has the device been made unrootable? That is the Serial number: G4N0VM12223207PR


Mar 27, 2017
I'm hoping for some feedback from those who know answers to stupid questions... 107 pages of questions and I'm got as far as I could before asking for thoughts.

I've tried to follow the guide here with my (old, 2019) 4K stick but have failed to get bootrom-step to detect the device. I'm grounding the cap indicates as control because my shield base covers the data pad and clock cap. I'm questioning if I'm really grounding cmd, and haven't grabbed the scope to confirm.

I'm struggling to figure out how to ID the installed firmware version without going through the setup. Is it possible to check the firmware version before setting up? My dsn starts G070VM1292 so I've been assuming it's old enough... bad assumption?

I'm looking at the guide for the fire stick 3 / lite because I have one of those too but since the 4k is open I'm wanting to finish if possible but since I don't have a running ubuntu system at home, I'm holding off until I can grab mine from work since I know how that's configured and ready to go.
Last edited:


Senior Member
Apr 9, 2013
L Guys, I've tried short-circuiting the Fire TV Stick 4K with a paperclip, but I keep getting SERIAL PROTOCOL MISSMATCH, help!!!! has the device been made unrootable? That is the Serial number: G4N0VM12223207PRView attachment 5797537
Try the latest kamakiri for mantis and use the script 'without a short' like described here:

@~iceweasel You may try the same...


Mar 27, 2017
Try the latest kamakiri for mantis and use the script 'without a short' like described here:

@~iceweasel You may try the same...
Thanks will give that a try, I didn't notice the sheldon script when looking last night guessing you're saying to use the sheldon scripts?
I followed the direction over there and posted a response (similar result with not noticing the device even though Ubuntu did mount the AFTMM device.) During that I tried a OTG cable and found the device does get discovered, but the script fails. I then tried to run this mantis script same results.

So I came back here, using FireOS.iso 2.0 and OTG cable, and it's currently flashing! It looks like I've got the device configured to boot into TWRP!!!

Thanks for your help!! I'm heading off to learn how to correctly get the latest firmware installed from here:
Last edited:
Mar 30, 2019
Danke, probiere es aus, ich habe das Sheldon-Skript nicht bemerkt, als ich gestern Abend nachgeschaut habe, weil ich vermutete, dass du sagst, dass du die Sheldon-Skripts verwenden sollst?
Ich folgte der Anweisung dort drüben und postete eine Antwort (ähnliches Ergebnis ohne das Gerät zu bemerken, obwohl Ubuntu das AFTMM-Gerät gemountet hat). Währenddessen habe ich ein OTG-Kabel ausprobiert und festgestellt, dass das Gerät erkannt WIRD, aber das Skript schlägt fehl. Ich habe dann versucht, dieses Mantis-Skript mit deutlicher auszuführen.

Also bin ich hierher zurückgekommen, mit FireOS.iso 2.0 und OTG-Kabel, und es blinkt gerade! Es sieht so aus, als hätte ich das Gerät so konfiguriert, dass es in TWRP bootet !!!

Danke für Ihre Hilfe!! Ich mache mich auf den Weg, um zu lernen, wie man die neueste Firmware von hier aus richtig installiert:
How exactly does it work? Should I try the Sheldon script and then the Mantis script, will this work on new Fire TV Stick 4K's?


Mar 27, 2017
How exactly does it work? Should I try the Sheldon script and then the Mantis script, will this work on new Fire TV Stick 4K's?
I'm no expert and really don't know much. I also don't know about your "new" 4k, mine was 3 years old and had never been powered before, so it was in good shape for changes. But what I now understand, is using the Sheldon topic for creating a suitable Ubuntu environment. When Ubuntu is configured correctly, instead of using the sheldon.zip scripts use the mantis.zip scripts from the OP here.

My big "fix" for me was using the OTG cable instead of a normal USB cable. Normal USB cable would identify and "mount" the device in Ubuntu, but the script didn't identify the stick.

So, OTG cable was my key to getting TWRP installed and running. But I've got work to do still because when launched TWRP only gives the option to reboot which isn't what I'm used to with the "boot normal" and "boot recovery" options. I think I nedd to figure out what else I need to install.
Last edited:

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    Hi everyone. Need some help. Got a mantis for free. Amazon told me not to return it. I can't register the stick. I ran the scripts and TWRP installed and working. Challenge is I don't have OTG cable. Long story short. Download this thread rom. Instead of TWRP install which I don't have keybd. I ended up adb sideload. Does that means this won't patch the stick like TWRP would?

    The boot scripts and sideload all says successful. When the stick ask to login it give me 2 options. Online amazon.com/code or enter my login on the stick.

    If I login on stick, it flat out saying something is wrong. If I login from online code, the site says successful but the stick didn't do a thing.

    I also tried a ROM here says no efuse. Same behavior. Since I can't pass login. I can't tell which version I am on. All I know is the script worked and it is a VM242 serial. How do I know efuse is burnt or not? I only wish I have OTG do I can try TWRP.

    Edit: just found out I can do "trwp" from adb shell, but still after twrp install and wipes, still thou shall not pass registration. Are there LineageOS, AndroidTV, or Ubuntu, so I can repurpose and not e-waste? Retro/Emulator would be so cool.

    I had the same symptoms with an unopened 4K obtained from a private sale.
    I contacted Amazon and they replied that it was because the serial number of the device had been erased due to a return or some other reason.
    I was able to get to the home screen by restoring the data I had backed up on my other 4K, but I can't use the store, so some apps that depend on Amazon are not available.

    Some apps that rely on Amazon can be avoided by installing from AptoideTV.
    someone please help. I am getting the error below. And i am not using emulator

    [[email protected] ~/Downloads/kamakiri-mantis-v2.0.1/kamakiri]# ./bootrom-step.sh
    [2023-03-16 21:07:23.756547] Waiting for device
    [2023-03-16 21:07:33.484969] Found port = /dev/ttyACM0
    [2023-03-16 21:07:33.544591] Handshake
    [2023-03-16 21:07:33.565564] Load payload from ../brom-payload/pl/pl.bin = 0x3A04 bytes
    [2023-03-16 21:07:36.050129] All good
    [2023-03-16 21:07:36.543132] Check device_type_id
    [2023-03-16 21:07:36.543301] Detected mantis (AKPGW064GI9HE)
    [2023-03-16 21:07:36.543375] Check GPT
    [2023-03-16 21:07:37.070601] gpt_parsed = {'lk': (1024, 2048), 'tee1': (3072, 10240), 'tee2': (13312, 10240), 'boot': (23552, 32768), 'recovery': (56320, 32768), 'logo': (89088, 7168), 'kb': (96256, 2048), 'dkb': (98304, 2048), 'MISC': (100352, 2048), 'vendor': (102400, 307200), 'system': (409600, 2252800), 'cache': (2662400, 1048576), 'userdata': (3710976, 11562591), '': (0, 1)}
    [2023-03-16 21:07:37.070751] Check boot0
    [2023-03-16 21:07:37.549660] Check rpmb
    [2023-03-16 21:07:37.580679] Downgrade rpmb
    [2023-03-16 21:07:37.581025] Recheck rpmb
    Traceback (most recent call last):
    File "/root/Downloads/kamakiri-mantis-v2.0.1/kamakiri/modules/main.py", line 135, in <module>
    File "/root/Downloads/kamakiri-mantis-v2.0.1/kamakiri/modules/main.py", line 74, in main
    raise RuntimeError("downgrade failure, giving up")
    RuntimeError: downgrade failure, giving up
    I was in trouble with the same error before, but I was told by this reply.

    Delete the following comments in kamakiri > modules > main.py

    if rpmb != b"\x00" * 0x100:
    raise RuntimeError("downgrade failure, giving up")

    lines 72-74
  • 70
    NOTE: There have been multiple reports of devices with serial numbers containing VM190 or higher being shipped with DL-Mode disabled in BROM.
    These devices cannot be unlocked using kamakiri.
    These devices do not show up at all on USB when shorted.

    After the old bootrom-exploit (amonet) we've been using for unlocking all these Fire-gadgets is closed in more recent Mediatek SOCs like the one used in the FireTV Stick 4K, @xyz` has done it again and found another bootrom-exploit.
    Together we proudly present kamakiri for the FireTV Stick 4K.

    Before proceeding make sure to read and understand this entire post.

    Running this exploit requires a patched linux-kernel on the PC you are using.
    We have put together a Live-ISO that already contains all prerequisites required for running kamakiri.
    You can find the current version of the ISO at:

    It can be burned to a CD or to a USB-flashdrive.

    Current Version: kamakiri-mantis-v2.0.1.zip

    You will need to open the device and remove the heatshield on the side without the antennas (2 square bricks).
    NOTE: It is not required to desolder or force the shield off, it is just clipped onto a frame. (The attached picture may be a bit misleading, since it also has the frame removed)

    You will need something for shorting (wire, aluminum foil etc.)

    1. Boot the ISO
    2. Download and extract the exploit package.
    3. Open a terminal in the kamakiri directory
    4. Run
    5. Short one of the points in the attached photo to ground (the cage of the shielding).
      Ideally you want to use DAT0, since that is tiny it might be easier to short the point marked CLK instead.
      It is very important that you use a piece of soft wire or aluminum foil or something similar for shorting. Don't use tweezers as that makes it incredibly easy to knock of the capacitor off the PCB and kill the board!
    6. Connect the stick to your computer (while keeping it shorted)
    7. The script should tell you to release the short and hit enter
    8. Once finished run
    9. Your device will now reboot into TWRP

    Important information

    Don't flash boot/recovery images from FireOS (FlashFire, MagiskManager etc.)

    TWRP will prevent updates from overwriting LK/Preloader/TZ, so generally installing an update should work without issues (only full updates, incremental updates won't work).

    For ROM developers there is still an option to overwrite these, which should only be done after thorough testing and if needed (LK should never be updated).

    It is still advised to disable OTA.

    thanks to @hwmod for the picture
    thanks to @Sus_i for providing an update.bin
    thanks to @zeroepoch for developing aftv2-tools

    k4y0z, xyz`
    Source Code: https://github.com/amonet-kamakiri/
    There are three options for interacting with TWRP:
    1. A mouse via USB-OTG
    2. TWRP commandline via adb: https://twrp.me/faq/openrecoveryscript.html
    3. Via /cache/recovery/command

    Example for /cache/recovery/command:
    echo "--update_package=/path/to/zipfile" > /cache/recovery/command
    echo "--wipe_cache" >> /cache/recovery/command
    reboot recovery

    Should you somehow end in a bootloop, TWRP contains a special boot menu that will be displayed when you boot the stick with an OTG-cable connected.
    It will give you 5 seconds to hit cancel and stay in TWRP or reboot into the OS otherwise.

    NOTE:This will only work if the boot-exploit is still there.
    I'v just uploaded a new Version of the unlock for mantis.
    It comes with an all new TWRP (3.6.1) and an unlock method that works even for fused devices with firmware version <, no shorting needed!
    For detailed instructions check https://forum.xda-developers.com/t/...k-3-and-fire-tv-stick-lite-sheldon-p.4410297/ (Use mantis-zip from here, will update instructions here in a bit)
    Well that was easy! And my stick isn't on the latest version, so I'll be able to get some update URLs and make a prerooted ROM hopefully this weekend.
    Is this something that Amazon can fix with future updates? I am holding off until we have a more refined rom..

    No, the only way they can fix it is with a new hardware revision.