[UNLOCK][ROOT][TWRP][UNBRICK] Fire TV Stick 4K (mantis)

[Sus_i]

Everything is logical! I agree with you. Then you need to examine the board in more detail, but today it was examined carefully. There is nothing superfluous for a short circuit on the capacitor contacts. When power is applied, the second pin has 1.1V. When checking with a tester, there is a resistance between the capacitor contacts. Nothing indicates a shorted contact. This is also a fact. If possible, tomorrow I will try to check the second capacitor nearby, along the board's tracks it is very likely that they have a common contact with a torn capacitor. Visually, it is not damaged (microscope), but it will have to be checked more thoroughly.

I exaggerated that a bit
The emmc isn't permanently shorted, as you can see on your picture. But if that thing goes without a short into bootrom, I think it's at least very unstable.
You may replace that missing mlc and run the two scripts again. I bet that is your solution.

---------- Post added at 10:53 PM ---------- Previous post was at 10:32 PM ----------

When power is applied, the second pin has 1.1V. When checking with a tester, there is a resistance between the capacitor contacts.

Yes, that is ok. The power you measure comes from the internal emmc and requires a mlc at this point and is used by the internal voltage regulator, that supplys the emmc controller. The resistance to ground that you measure at this point, is from inside the emmc, i.e. you're measure the voltage regulator in the emmc.

 

[hyperblu]

Sent donation. Great job! ?

 

[el_smurfo]

Does it make sense that this script would work on a Fire TV 4K pendant if I can get it into the bootloader mode? I assume the hardware is pretty similar inside, but perhaps not? I have a blacklisted one that's been taking up space in my closet and I could probably scope out the EMMC signals...

 

[extrem0]

Today I was not able to solder the capacitor, I hope I will do it tomorrow or later. However, the circuit board was examined - everything is in order with it, there is no damage. At the second contact there is 1.1v. I definitely know two people, the stick works without this capacitor. Still, I have doubts that the problem is in the hardware, perhaps an error occurred while executing the first Unlock script. Are there any options to fix the bootloader?

I also ended up toring the same capacitor off and it's still working. Even without the capacitor it was very hard to short and make the script works (I could do it shorting CLK to GND).
There's probably another place in the board where it's shorting.

Does it make sense that this script would work on a Fire TV 4K pendant if I can get it into the bootloader mode? I assume the hardware is pretty similar inside, but perhaps not? I have a blacklisted one that's been taking up space in my closet and I could probably scope out the EMMC signals...

I don't think so. They are different. The fire tv 4k pendant has an Amlogic S905 SOC while the stick 4k has a MTK8695.

 

[hyperblu]

Just an FYI, I was able to short DAT0 no problem. I used tweezers to bend the shield back, use kids fingernail clippers to trim the shield back, and a straight pick tool to touch DAT0 pin to the shield and plugged in the USB to the laptop. I used my phone camera with flashlight on set to macro mode to be able to see the spot.

 

[hyperblu]

It also downloaded an update immediately after and occasionally would boot loop. I let it finish the update and going to see if it continues to crash. Hopefully rbox will have a prerooted rom soon.

Edit: still rebooting after a few minutes of netflix. I think the twrp preloader lock is conflicting with the partial update that downloaded immediately after running the exploit.

 

[kigba]

In that and the depths of the depths ... On the one hand, the behavior of emmc indicates a constant short circuit. On the other hand, examination of the board and measurements of the accident site at the capacitor do not show this circuit. And there are also confirmed cases when the stick works normally without this reference capacitor. But I do not give up, I will try to restore the scheme. And another question - can the fact that this stick was flashed right out of the box affect my situation? It was new and never connected to the TV at all. Perhaps he had a completely old, non-updated firmware version and the unlock exploit did not work correctly? Perhaps more recent firmware is required for a successful unlock?

 

[rbox]

Anyone have a stock image, I tried installing gapps but had issues that didn't go away after a factory reset, so I restored the backup I made with twrp, but the stick just reboots to twrp every time.

I hope to have a ROM up this weekend.

 

[Kramar111]

@rbox
Thank you for all you work with Amazon devices
Can i kindly ask you repack/update TWRP for Stick 4K with mouse emulator like for Fire TV 2 Gen?
Its very usefull and maybe integrate it into kamakiri?

 

[Sus_i]

Can't believe that so many people rip off components.

That shorting procedere is really easy, please don't use sharp tools, no steel or something like that.

A small snippet of tinfoil, maybe two or three times pleated, does the job fine. Simply shove it carefully about a millimeter under the heatshield, goal is to short one of the components right by the edge of the shield. Please use no pressure at all, don't force it... the slightest short will work.

I made a picture for better understanding:

 

[kigba]

Today I completely restored the iron to the fire stick. But this did not solve the problem. The preloader remains open for firmware. I will assume that there is a place for a software failure during unlock. The stick was right out of the box on its first Amazon firmware. Perhaps the exploit did not work correctly on the old, very first bootloader. I ran out of ideas ...

 

[k4y0z]

Today I completely restored the iron to the fire stick. But this did not solve the problem. The preloader remains open for firmware. I will assume that there is a place for a software failure during unlock. The stick was right out of the box on its first Amazon firmware. Perhaps the exploit did not work correctly on the old, very first bootloader. I ran out of ideas ...

As I have told you previously, the script flashes the bootloader.
Also have you tried powering it using a power brick instead of through your computers USB as I have suggested earlier?

You could try attaching a serial console at 115200 baud and see if the bootrom tells you any reason for not loading the preloader.

 

[Sus_i]

Today I completely restored the iron to the fire stick. But this did not solve the problem

I'm curious, have you shorted a point or runs the script like yesterday without a short?

The script runs up to the reboot, in the picture from yesterday it stops at the preloader thing.
I would try to run the second script again, you may plug your stick in multiple times until it finds the stick.
You can try to run adb devices.
If the fastboot script doesn't find the stick, start the first script and look if that thing goes always into bootrom without a short.

 

[k4y0z]

I'm curious, have you shorted a point or runs the script like yesterday without a short?

The script runs up to the reboot, in the picture from yesterday it stops at the preloader thing.
I would try to run the second script again, you may plug your stick in multiple times until it finds the stick.
You can try to run adb devices.
If the fastboot script doesn't find the stick, start the first script and look if that thing goes always into bootrom without a short.

Good eye, I didn't even notice, that the script didn't finish earlier.
Of course if it didn't properly flash the preloader, then it can't load the preloader.

 

[kigba]

As I have told you previously, the script flashes the bootloader.
Also have you tried powering it using a power brick instead of through your computers USB as I have suggested earlier?

You could try attaching a serial console at 115200 baud and see if the bootrom tells you any reason for not loading the preloader.

have not tried with additional nutrition. Here you will need an otg cable, which I do not have. I'll try to do it later. I probably will not be able to check through uart or I need to give the fire stick to more competent specialists

 

[k4y0z]

have not tried with additional nutrition. Here you will need an otg cable, which I do not have. I'll try to do it later. I probably will not be able to check through uart or I need to give the fire stick to more competent specialists

No need for an OTG.
Just plug it into HDMI and power it using a power brick and watch if it boots into hacked fastboot.

 

[kigba]

No need for an OTG.
Just plug it into HDMI and power it using a power brick and watch if it boots into hacked fastboot.

no. It doesn’t load in twrp. It should not, because I can’t complete the second step to install tvrp - the console says that there is no device. This is visible in my photos. Repeated attempts to complete the second step are futile. Only the first script is executed, and always when the USB cable is connected, without any short circuits. The bootloader is always "open" It would be nice to try the reverse procedure of "closing" the bootloader, but you do not have such a scenario

 

[k4y0z]

no. It doesn’t load in twrp. It should not, because I can’t complete the second step to install tvrp - the console says that there is no device. This is visible in my photos. Repeated attempts to complete the second step are futile. Only the first script is executed, and always when the USB cable is connected, without any short circuits. The bootloader is always "open" It would be nice to try the reverse procedure of "closing" the bootloader, but you do not have such a scenario

I didn't ask if it loads TWRP, but if it loads "HACKED FASTBOOT".
But since you are saying it still goes into bootrom without shorting it wouldn't.
I will tell you again, if it goes straight into bootrom, that means it doesn't even load the preloader,
there is no such thing as closing the bootloader that would help in this case.

 

[a5538544]

Thank you very much for everything you've done.
May I ask a question? Can Major Update affect root ? ...I mean Fire OS 7.

 

[Jesstr8803]

NTFS file useage

Just FYI,

I rooted my FireStick 4K, which was already updated to the latest FireOS, following these fine instructions on the top of this forum! (Many many many Thanks! ) A little trick I did for shorting the pin and not having to "cut" away any of the shielding was to take a pin and stick it between the two capacitors that are right next to each other, slightly underneath the shielding, then angle the pin so that it touched the shield at the same time (which would be GND). Worked like a charm!

After I had completed installing TWRP, I used ADB and transferred and install Magisk 19.4 Zip ( from Magisk.me). Once that was completed I used ADB to install the Magisk Manager APK. Booted everything up and worked like a hot damn.

My final step was to get the system to notice and use NTFS file systems. Using ADB I looked through some of the files on the FireStick, trying to see if I could find some script which was launched when a USB stick was inserted into the OTG cable and how the OS was handling it. I gave up quickly. Haha. If anyone knows what files/code that the FireOS uses for checking and mounting external USB drive please let me know. Instead I used ADB and installed StickMount 3.5, which works perfectly.

In summary,
I was easily able to root ( Thank you, @xyz @k4y0z), install Magisk, Install StickMount, and now I can mount NTFS, and watch my own files greater that 4GB on Kodi!

Thank you!