[UNLOCK][ROOT][TWRP][UNBRICK] Fire TV Stick 4K (mantis)

Search This thread
By:
Advanced…
J

Joe Baliu

Member
Feb 23, 2010
29
1
Hi,
I have succesfully installed TWRP 3.6.1_9.0 on my Fire TV 4k with 6.2.7.3 os version.
I have also succesfully installed Magisk 25.2. Cache/dalvik was cleaned.
But when I try to run 'su' or 'pm' I get "Not found". I tried 'su' and 'pm' via adb shell and twrp terminal with same results.
Initially I installed Magisk via adb, then retried via twrp UI - but in both cases 'su' and 'pm' are not found.
What could be the issue? Thanks in advance

P.S. when I try 'pm' after mounting system I get 'library "ld-android.so" not found'.
 

Attachments

  • 20230114_205134~2.jpg
    20230114_205134~2.jpg
    380.2 KB · Views: 52
  • 20230114_204757~3.jpg
    20230114_204757~3.jpg
    1.7 MB · Views: 53
R

redeyedjedi

Senior Member
May 1, 2011
828
500
I got a 4k stick at 6.2.8.1 and I have gone through the process and rooted it.
What is the proper procedure to get it updated to 6.2.9.4?? I assume the DRM is out of date and Netflix and prime show a black screen. It also seems this root blocks updates, as it just boots to twrp and the update never happens. I am perfectly ok with manually updating but can't seem to find the bins anywhere. Any help here would be appreciated.
 
S

Sus_i

Senior Member
Apr 9, 2013
1,860
813
redeyedjedi said:
What is the proper procedure to get it updated to 6.2.9.4?? I assume the DRM is out of date and Netflix and prime show a black screen. It also seems this root blocks updates, as it just boots to twrp and the update never happens.
Click to expand...
Click to collapse
As you've got a stick with 6281 (already burned efuse = shorting method gone), there isn't a special procedure required, you would just need to flash the rom you like...

If you go to 6.2.9.4 you may flash the TZ too (if there are DRM playback issues or black screens).
Easiest way to do this is take/extract the TZ image from 6.2.9.4 rom and overwrite the TZ image from kamakiri 2.1 folder. Then re-do the bootrom/fastboot-step.
redeyedjedi said:
I am perfectly ok with manually updating but can't seem to find the bins anywhere. Any help here would be appreciated.
Click to expand...
Click to collapse
forum.xda-developers.com

Fire TV Stick 4K Firmware and apps. Official Cloud Front direct links

Fire TV Stick 4K Stock Firmware files, cloudfront.net download links. Firmware (Once downloaded you need to change file name from .bin to .zip) Mirror and builtin app updates: https://gist.github.com/JulyIghor/d3d3dd460527a1d2b5b67954160d4abf...
forum.xda-developers.com forum.xda-developers.com
 
  • Like
Reactions: redeyedjedi and Kramar111
R

redeyedjedi

Senior Member
May 1, 2011
828
500
Sus_i said:
As you've got a stick with 6281 (already burned efuse = shorting method gone), there isn't a special procedure required, you would just need to flash the rom you like...

If you go to 6.2.9.4 you may flash the TZ too (if there are DRM playback issues or black screens).
Easiest way to do this is take/extract the TZ image from 6.2.9.4 rom and overwrite the TZ image from kamakiri 2.1 folder. Then re-do the bootrom/fastboot-step.

forum.xda-developers.com

Fire TV Stick 4K Firmware and apps. Official Cloud Front direct links

Fire TV Stick 4K Stock Firmware files, cloudfront.net download links. Firmware (Once downloaded you need to change file name from .bin to .zip) Mirror and builtin app updates: https://gist.github.com/JulyIghor/d3d3dd460527a1d2b5b67954160d4abf...
forum.xda-developers.com forum.xda-developers.com
Click to expand...
Click to collapse
Done and done. Thanks, this is exactly what I was looking for. Now, is there a semi up to date list of what system apps can be deleted? Time to go looking.
 
  • Like
Reactions: Sus_i
M

Mfizz

Member
Oct 27, 2012
18
2
Hi all, I'm hopeful you can help me. Back in October my firestick out by 5 days warranty got stuck on boot animation with fire TV logo.

My primary goal is to get it working again and root is a bonus. I'm not sure what os version it was on. I had adb debugging enabled, but didn't connect it to any pc.

Will this method help me recover my stick? I have already tried all the official methods with remote, otg cable etc.
 
T

[email protected]

Member
Jul 27, 2017
17
0
Amazon Fire HD 8 and HD 10
tsynik said:
You guys rock! Unlocked without issues. Rooted with Magisk 19.3.
Note: in my case, correct pin was left side of 3rd smd component from right.
Heatsink can be easely detached with flat screwdriver (just rotate it in points as on the picture
Click to expand...
Click to collapse

tsynik said:
You guys rock! Unlocked without issues. Rooted with Magisk 19.3.
Note: in my case, correct pin was left side of 3rd smd component from right.
Heatsink can be easely detached with flat screwdriver (just rotate it in points as on the picture)
Click to expand...
Click to collapse
Here's a YouTube vid which shows it all. Enjoy

 
T

[email protected]

Member
Jul 27, 2017
17
0
Amazon Fire HD 8 and HD 10
It's not that I get bored waiting for the script to run, I just don't know how long to wait for! Can anybody tell me please, exactly which point is supposed to be shorted and to where? Should the script run and inform me immediately that I insert the usb plug into the PC? I wait for seemingly ages and then make ^C to terminate. This what I get. Has the script run or are my terminals still not shorted? Help please!
 

Attachments

  • 20230218_103315.jpg
    20230218_103315.jpg
    5.4 MB · Views: 38
F

fluffi444

Senior Member
Nov 19, 2012
1,597
928
Amazon Fire TV
Samsung Galaxy S9+
[email protected] said:
It's not that I get bored waiting for the script to run, I just don't know how long to wait for! Can anybody tell me please, exactly which point is supposed to be shorted and to where? Should the script run and inform me immediately that I insert the usb plug into the PC? I wait for seemingly ages and then make ^C to terminate. This what I get. Has the script run or are my terminals still not shorted? Help please!
Click to expand...
Click to collapse
How to short is documented well in thread...
If it shorts correctly AND your stick can be rooted short (lower FW than 6.2.8.7) then the script starts immediately withhin milliseconds - after plugging the USB.

With my first stick (updated by mistake to 6.2.9.4 right after first boot) I waited 30 min :) with running bootrom-step.sh.
Untill I start reading and learing much and learned that 6.2.9.4 is not rootable at all!
Sold this to a fried whom do not care about rooting att all - I explained him...
Bought a second one (old modell from 2018 but brand new - shipped with 6.2.3.1 - VM058) and this was rootable via short right away. Here the short was mandatory!

In addition a bought now a third one from private and unopend (for my sister) build 2021 (shipped with 6.2.8.1 - VM101) - This was rootable right away without any short!

So all in all its about build date, serial number (VM***) and most importand FireOS-Version. - Check this all.

There are some ways to boot the stick without initial forced update to find out what FireOS is installed.
 
Last edited:
  • Like
Reactions: Sus_i
T

[email protected]

Member
Jul 27, 2017
17
0
Amazon Fire HD 8 and HD 10
fluffi444 said:
How to short is documented well in thread...
If it shorts correctly AND your stick can be short (lower FW than 6.2.8.7) then the script starts immediately withhin milliseconds - after plugging the USB.

With my first stick (updated by mistake to 6.2.9.4 right after first boot) I waited 30 min :) with running bootrom-step.sh.
Untill I start reading and learing much and learned that 6.2.9.4 is not rootable at all!
Sold this to a fried whom do not care about rooting att all - I explained him...
Bought a second one (old modell from 2018 but brand new - shipped with 6.2.3.1 - VM058) and this was rootable via short right away. Here the short was mandatory!

In addition a bought now a third one from private and unopend (for my sister) build 2021 (shipped with 6.2.8.1 - VM101) - This was rootable right away without any short!

So all in all its about build date, serial number (VM***) and most importand FireOS-Version. - Check this all.

There are some ways to boot the stick without initial forced update to find out what FireOS is installed.
Click to expand...
Click to collapse
Thanks for that info. Mine is, of course 6.2.8.9! Is there anyway of downgrading? I suppose not.
 

Attachments

  • 20230212_120450.jpg
    20230212_120450.jpg
    3.2 MB · Views: 44
S

Skel40

Senior Member
Dec 27, 2019
360
192
Moto G 5G
Sus_i said:
Depends on you, if you like the old fireOS launcher use 6.2.7.7 (renamed to zip):

and if you like the new launcher UI then flash rbox 6.2.8.1r2.

Don't wipe anything, rom flash is enough.

If you want to flash a more recent fireOS at some point, make sure you think twice, i.e. keep your efuse from burning: @SweenWolf uploaded a patch somewhere which deletes the efuse burn script and @Pretoriano80 does also similar patches including his awesome custom kernel:
forum.xda-developers.com

[KERNEL][FireTV Stick 4K] Custom Kernel For AFTV 4k - 6.2.9.4

Warning !!! Use this kernel on your own risk !!! I can't be held responsible for any kind of damage or data loss !!! Features: SDCARDFS exFAT and F2FS support Wireguard Advanced TCP options CIFS and NFS support Insecure ADB v1...
forum.xda-developers.com forum.xda-developers.com
Click to expand...
Click to collapse
The roms I have are also safe to flash as well. I have downgradable roms without the efuse
 
  • Like
Reactions: Sus_i
S

Skel40

Senior Member
Dec 27, 2019
360
192
Moto G 5G
I've tried to unlock my 4K again with the 2.0.1 zip @k4y0z provided and my OTG couldn't recognize my mouse in recovery mode. I used the plugin method without pin pointing so can someone help me out?

Edit: ADB doesn't work at all it doesn't detect it after ./fastboot-step.sh boots into TWRP. The hacked fastboot is fine it shows up. Only adb isn't working. I don't know what's going on. The unlock is successful, and right when I try to enter adb device's on terminal on fireiso, nothing.
I managed to fix the OTG issue after flashing 1.2 of the kamakiri exploit. It seems to be recovery related
 
Last edited:
C

cityhunter_1919_xyz

Member
Dec 29, 2022
17
7
aleet said:
Hi everyone. Need some help. Got a mantis for free. Amazon told me not to return it. I can't register the stick. I ran the scripts and TWRP installed and working. Challenge is I don't have OTG cable. Long story short. Download this thread rom. Instead of TWRP install which I don't have keybd. I ended up adb sideload. Does that means this won't patch the stick like TWRP would?

The boot scripts and sideload all says successful. When the stick ask to login it give me 2 options. Online amazon.com/code or enter my login on the stick.

If I login on stick, it flat out saying something is wrong. If I login from online code, the site says successful but the stick didn't do a thing.

I also tried a ROM here says no efuse. Same behavior. Since I can't pass login. I can't tell which version I am on. All I know is the script worked and it is a VM242 serial. How do I know efuse is burnt or not? I only wish I have OTG do I can try TWRP.

Edit: just found out I can do "trwp" from adb shell, but still after twrp install and wipes, still thou shall not pass registration. Are there LineageOS, AndroidTV, or Ubuntu, so I can repurpose and not e-waste? Retro/Emulator would be so cool.

Thanks
Click to expand...
Click to collapse
I had the same symptoms with an unopened 4K obtained from a private sale.
I contacted Amazon and they replied that it was because the serial number of the device had been erased due to a return or some other reason.
I was able to get to the home screen by restoring the data I had backed up on my other 4K, but I can't use the store, so some apps that depend on Amazon are not available.

Some apps that rely on Amazon can be avoided by installing from AptoideTV.
 
  • Like
Reactions: aleet
A

aleet

Member
Nov 9, 2007
25
2
cityhunter_1919_xyz said:
I had the same symptoms with an unopened 4K obtained from a private sale.
I contacted Amazon and they replied that it was because the serial number of the device had been erased due to a return or some other reason.
I was able to get to the home screen by restoring the data I had backed up on my other 4K, but I can't use the store, so some apps that depend on Amazon are not available.

Some apps that rely on Amazon can be avoided by installing from AptoideTV.
Click to expand...
Click to collapse
Oh cool. You mean from TWRP restore data partition? Would you know where I can get a copy? I actually do not want Amazon store since we can side load.
 
DevanteWeary

DevanteWeary

Senior Member
Feb 15, 2012
55
18
Nexus 6
Huawei Nexus 6P
Hey guys,

So I can't even boot the FIREISO200 image.


I've tried three different USB drives with Rufus using the following settings.
  • Partition scheme: MBR
  • Target system: BIOS or UEFI
  • Quick format: off
  • File system: FAT32

Once I boot the drive, I'm met with this each time:


PXL_20230304_090801254.jpg


I'm at a loss, guys.
What should I do?


Thanks for any advice!
 
You must log in or register to reply here.

Similar threads

K
[UNLOCK][ROOT][TWRP][UNBRICK] Fire TV Stick 2nd gen (tank)
Replies
2K
Views
336K
S
Sus_i
K
[UNLOCK][ROOT][TWRP][UNBRICK] Fire TV Stick 3 and Fire TV Stick Lite (sheldon/p)
Replies
715
Views
117K
BTK19
BTK19
burcbuluklu
[Guide] [ROM] (mantis) Fire TV Stick 4K Prerooted Android TV Rom (6.2.7.6)
Replies
226
Views
103K
impactor
impactor
R
[ROM][UNOFFICIAL][11] LineageOS 18.1 for Fire TV Stick Lite/3rd gen (sheldon/p)
Replies
647
Views
110K
S
strikert
tsynik
[Magisk][Module] FireTV 4K Stick Add-Ons
Replies
275
Views
94K
Bertonumber1
Bertonumber1

Top Liked Posts

24 Hours 30 Days All time
  • There are no posts matching your filters.
  • 1
    S
    Skel40
    Sus_i said:
    Depends on you, if you like the old fireOS launcher use 6.2.7.7 (renamed to zip):

    and if you like the new launcher UI then flash rbox 6.2.8.1r2.

    Don't wipe anything, rom flash is enough.

    If you want to flash a more recent fireOS at some point, make sure you think twice, i.e. keep your efuse from burning: @SweenWolf uploaded a patch somewhere which deletes the efuse burn script and @Pretoriano80 does also similar patches including his awesome custom kernel:

    [KERNEL][FireTV Stick 4K] Custom Kernel For AFTV 4k - 6.2.9.4

    Warning !!! Use this kernel on your own risk...
    forum.xda-developers.com forum.xda-developers.com
    Click to expand...
    Click to collapse
    The roms I have are also safe to flash as well. I have downgradable roms without the efuse
    View
    1
    C
    cityhunter_1919_xyz
    aleet said:
    Hi everyone. Need some help. Got a mantis for free. Amazon told me not to return it. I can't register the stick. I ran the scripts and TWRP installed and working. Challenge is I don't have OTG cable. Long story short. Download this thread rom. Instead of TWRP install which I don't have keybd. I ended up adb sideload. Does that means this won't patch the stick like TWRP would?

    The boot scripts and sideload all says successful. When the stick ask to login it give me 2 options. Online amazon.com/code or enter my login on the stick.

    If I login on stick, it flat out saying something is wrong. If I login from online code, the site says successful but the stick didn't do a thing.

    I also tried a ROM here says no efuse. Same behavior. Since I can't pass login. I can't tell which version I am on. All I know is the script worked and it is a VM242 serial. How do I know efuse is burnt or not? I only wish I have OTG do I can try TWRP.

    Edit: just found out I can do "trwp" from adb shell, but still after twrp install and wipes, still thou shall not pass registration. Are there LineageOS, AndroidTV, or Ubuntu, so I can repurpose and not e-waste? Retro/Emulator would be so cool.

    Thanks
    Click to expand...
    Click to collapse
    I had the same symptoms with an unopened 4K obtained from a private sale.
    I contacted Amazon and they replied that it was because the serial number of the device had been erased due to a return or some other reason.
    I was able to get to the home screen by restoring the data I had backed up on my other 4K, but I can't use the store, so some apps that depend on Amazon are not available.

    Some apps that rely on Amazon can be avoided by installing from AptoideTV.
    View
    1
    C
    cityhunter_1919_xyz
    rahulbmg said:
    someone please help. I am getting the error below. And i am not using emulator


    [[email protected] ~/Downloads/kamakiri-mantis-v2.0.1/kamakiri]# ./bootrom-step.sh
    [2023-03-16 21:07:23.756547] Waiting for device
    [2023-03-16 21:07:33.484969] Found port = /dev/ttyACM0
    [2023-03-16 21:07:33.544591] Handshake
    [2023-03-16 21:07:33.565564] Load payload from ../brom-payload/pl/pl.bin = 0x3A04 bytes
    [2023-03-16 21:07:36.050129] All good
    [2023-03-16 21:07:36.543132] Check device_type_id
    [2023-03-16 21:07:36.543301] Detected mantis (AKPGW064GI9HE)
    [2023-03-16 21:07:36.543375] Check GPT
    [2023-03-16 21:07:37.070601] gpt_parsed = {'lk': (1024, 2048), 'tee1': (3072, 10240), 'tee2': (13312, 10240), 'boot': (23552, 32768), 'recovery': (56320, 32768), 'logo': (89088, 7168), 'kb': (96256, 2048), 'dkb': (98304, 2048), 'MISC': (100352, 2048), 'vendor': (102400, 307200), 'system': (409600, 2252800), 'cache': (2662400, 1048576), 'userdata': (3710976, 11562591), '': (0, 1)}
    [2023-03-16 21:07:37.070751] Check boot0
    [2023-03-16 21:07:37.549660] Check rpmb
    [2023-03-16 21:07:37.580679] Downgrade rpmb
    [2023-03-16 21:07:37.581025] Recheck rpmb
    Traceback (most recent call last):
    File "/root/Downloads/kamakiri-mantis-v2.0.1/kamakiri/modules/main.py", line 135, in <module>
    main(dev)
    File "/root/Downloads/kamakiri-mantis-v2.0.1/kamakiri/modules/main.py", line 74, in main
    raise RuntimeError("downgrade failure, giving up")
    RuntimeError: downgrade failure, giving up
    Click to expand...
    Click to collapse
    I was in trouble with the same error before, but I was told by this reply.

    Delete the following comments in kamakiri > modules > main.py

    if rpmb != b"\x00" * 0x100:
    dev.reboot()
    raise RuntimeError("downgrade failure, giving up")

    lines 72-74
    View
  • 70
    K
    k4y0z
    NOTE: There have been multiple reports of devices with serial numbers containing VM190 or higher being shipped with DL-Mode disabled in BROM.
    These devices cannot be unlocked using kamakiri.
    These devices do not show up at all on USB when shorted.

    After the old bootrom-exploit (amonet) we've been using for unlocking all these Fire-gadgets is closed in more recent Mediatek SOCs like the one used in the FireTV Stick 4K, @xyz` has done it again and found another bootrom-exploit.
    Together we proudly present kamakiri for the FireTV Stick 4K.

    Before proceeding make sure to read and understand this entire post.

    Running this exploit requires a patched linux-kernel on the PC you are using.
    We have put together a Live-ISO that already contains all prerequisites required for running kamakiri.
    You can find the current version of the ISO at:
    https://github.com/amonet-kamakiri/fireiso/releases

    It can be burned to a CD or to a USB-flashdrive.

    Current Version: kamakiri-mantis-v2.0.1.zip


    You will need to open the device and remove the heatshield on the side without the antennas (2 square bricks).
    NOTE: It is not required to desolder or force the shield off, it is just clipped onto a frame. (The attached picture may be a bit misleading, since it also has the frame removed)

    You will need something for shorting (wire, aluminum foil etc.)

    1. Boot the ISO
    2. Download and extract the exploit package.
    3. Open a terminal in the kamakiri directory
    4. Run
      Code: 
      ./bootrom-step.sh
    5. Short one of the points in the attached photo to ground (the cage of the shielding).
      Ideally you want to use DAT0, since that is tiny it might be easier to short the point marked CLK instead.
      It is very important that you use a piece of soft wire or aluminum foil or something similar for shorting. Don't use tweezers as that makes it incredibly easy to knock of the capacitor off the PCB and kill the board!
    6. Connect the stick to your computer (while keeping it shorted)
    7. The script should tell you to release the short and hit enter
    8. Once finished run
      Code: 
      ./fastboot-step.sh
    9. Your device will now reboot into TWRP

    Important information

    Don't flash boot/recovery images from FireOS (FlashFire, MagiskManager etc.)

    TWRP will prevent updates from overwriting LK/Preloader/TZ, so generally installing an update should work without issues (only full updates, incremental updates won't work).

    For ROM developers there is still an option to overwrite these, which should only be done after thorough testing and if needed (LK should never be updated).

    It is still advised to disable OTA.

    thanks to @hwmod for the picture
    thanks to @Sus_i for providing an update.bin
    thanks to @zeroepoch for developing aftv2-tools

    Contributors
    k4y0z, xyz`
    Source Code: https://github.com/amonet-kamakiri/
    View
    16
    K
    k4y0z
    There are three options for interacting with TWRP:
    1. A mouse via USB-OTG
    2. TWRP commandline via adb: https://twrp.me/faq/openrecoveryscript.html
    3. Via /cache/recovery/command

    Example for /cache/recovery/command:
    Code: 
    echo "--update_package=/path/to/zipfile" > /cache/recovery/command
echo "--wipe_cache" >> /cache/recovery/command
reboot recovery

    Should you somehow end in a bootloop, TWRP contains a special boot menu that will be displayed when you boot the stick with an OTG-cable connected.
    It will give you 5 seconds to hit cancel and stay in TWRP or reboot into the OS otherwise.

    NOTE:This will only work if the boot-exploit is still there.
    View
    13
    K
    k4y0z
    I'v just uploaded a new Version of the unlock for mantis.
    It comes with an all new TWRP (3.6.1) and an unlock method that works even for fused devices with firmware version < 6.2.8.7, no shorting needed!
    For detailed instructions check https://forum.xda-developers.com/t/...k-3-and-fire-tv-stick-lite-sheldon-p.4410297/ (Use mantis-zip from here, will update instructions here in a bit)
    View
    12
    R
    rbox
    Well that was easy! And my stick isn't on the latest version, so I'll be able to get some update URLs and make a prerooted ROM hopefully this weekend.
    View
    11
    X
    xyz`
    rootuser11 said:
    Is this something that Amazon can fix with future updates? I am holding off until we have a more refined rom..
    Click to expand...
    Click to collapse

    No, the only way they can fix it is with a new hardware revision.
    View

New posts