[UNLOCK][ROOT][TWRP][UNBRICK] Fire TV Stick 4K (mantis)

Search This thread

emkorial

Senior Member
Mar 2, 2008
380
14
When I flash 6.2.7.7 the Stick will not get past the Boot screen (the white screen with the yellow "Fire" and arrow on it) it just sits there forever. Any ideas how to fix that?
 

Sus_i

Senior Member
Apr 9, 2013
1,044
392
When I flash 6.2.7.7 the Stick will not get past the Boot screen (the white screen with the yellow "Fire" and arrow on it) it just sits there forever. Any ideas how to fix that?
At the white screen adb is aviable, if you power the stick with a PC usb port.
You can use adb logcat and take a look whats wrong.
Best is to run this: adb logcat > 6277.txt
The stick will print the whole log constantly in that file.
Open it up with a txt editor and investigate.
If you see something suspect, use search and filter options of the editor.
 

emkorial

Senior Member
Mar 2, 2008
380
14
At the white screen adb is aviable, if you power the stick with a PC usb port.
You can use adb logcat and take a look whats wrong.
Best is to run this: adb logcat > 6277.txt
The stick will print the whole log constantly in that file.
Open it up with a txt editor and investigate.
If you see something suspect, use search and filter options of the editor.

I'll give that a try thnks

One more thing, I know when flashing ROMS on rooted Android phones you are supposed to wipe a bunch of stuff (like /system) before you flash the new ROM. DO you need to do that in the Fire Stick? If you just reboot into recovery and do the twrp flash of the new ROM, is that a totally clean process? I want to make sure any "upgrades" that 6.2.8 installed don't persist through the flash of the lower version ROM
 

Sus_i

Senior Member
Apr 9, 2013
1,044
392
If you just reboot into recovery and do the twrp flash of the new ROM, is that a totally clean process? I want to make sure any "upgrades" that 6.2.8 installed don't persist through the flash of the lower version ROM

TWRP flashs only full images of system, vendor and boot and yes, thats clean.
 

h3ct0rx

Member
Jul 31, 2008
5
1
Is there any chance to unlock an old 4k fire stick recently updated to 2.6.8.0? Previously was 2.6.7.7 and now it has the dark boot screen.

Edit: After making the short the output of 'lsusb' is 1949:03a8 Lab126, Inc.
 
Last edited:

kurpiq

New member
Nov 24, 2012
2
0
hi i have VM180
and everytime when i try to short i have error with
[2021-04-19 20:17:46.773817] Waiting for bootrom
[2021-04-19 20:18:23.965227] Found port = /dev/ttyACM0
[2021-04-19 20:18:23.997236] Handshake
[2021-04-19 20:18:24.018489] Disable watchdog
Traceback (most recent call last):
File "main.py", line 119, in <module>
main(dev)
File "main.py", line 24, in main
load_payload(dev)
File "/root/Desktop/kamakiri/modules/load_payload.py", line 47, in load_payload
dev.write32(0x10007000, 0x22000000)
File "/root/Desktop/kamakiri/modules/common.py", line 147, in write32
self.check(self.dev.read(2), b'\x00\x01') # arg check
File "/root/Desktop/kamakiri/modules/common.py", line 84, in check
raise RuntimeError("ERROR: Serial protocol mismatch, expected {} got {}".format(gold.hex(), test.hex()))
RuntimeError: ERROR: Serial protocol mismatch, expected 0001 got 0000
but still when it's shorted it's not booting up and showing as:


Bus 001 Device 045: ID 0e8d:2000 MediaTek Inc. MT65xx Preloader



so it's have to be well shorted... why it's not working
 

Sus_i

Senior Member
Apr 9, 2013
1,044
392
hi i have VM180
and everytime when i try to short i have error with

but still when it's shorted it's not booting up and showing as:


Bus 001 Device 045: ID 0e8d:2000 MediaTek Inc. MT65xx Preloader



so it's have to be well shorted... why it's not working

It isn't well shorted, if it shows Preloader...
Well shorted shows mtk phone or in case of a patched stick just nothing.
 

BeAtSs

Member
Dec 7, 2014
24
0
So I have new stick since today, bootrom unlock worked. I flashed TWRP and installed Magisk, but the last step is getting root with su, for that the device needs to be discoverable through adb.
But I unlocked it out of the box, so it was not configured yet.

If I flashed TWRP and installed Magisk, is it safe to let the stick go through the whole update process? And then enable ADB Debug in settings. Can anyone confirm? Thank you
 

emkorial

Senior Member
Mar 2, 2008
380
14
So I have new stick since today, bootrom unlock worked. I flashed TWRP and installed Magisk, but the last step is getting root with su, for that the device needs to be discoverable through adb.
But I unlocked it out of the box, so it was not configured yet.

If I flashed TWRP and installed Magisk, is it safe to let the stick go through the whole update process? And then enable ADB Debug in settings. Can anyone confirm? Thank you

Yes, this is the exact process I went through.
  • New Fire Stick out of the box, never updated
  • Unlocked bootloader, installed TWRP
  • Plugged in Fire Stick, let it self update all the way to 6.2.8.0
  • Went into Developer options, enabled ADB debugging
  • Connected to Fire Stick, flashed older ROM (currently running 6.2.6.6, going to go to 6.2.7.1 soon)
Where did you buy an unlockable stick?

I will say, based on my condition and what I am experiencing I am not 100% convinced that the downgrade is completely "clean", in that some app's, even using identical versions of the apps, that caused me no visual issues pre 6.2.8.0, ARE causing me issues after the upgrade and downgrade process. So I'm not completely convinced the downgrade process is 100% "clean". But my issue could also be caused by minor hardware difference between multiple sticks, so the fact I am having symptoms is not conclusive evidence that the downgrade is not clean.
 

47M4RZ

Member
Apr 26, 2021
6
1
Good day all

I'm trying to follow the steps to get my Fire TV Stick 4k out of the boot loop (also picks up as unauthorized in ADB)

When I boot the ISO mounted to flash drive from the bios boot menu of my windows laptop this is what I get:

BootISO.jpeg


Then...

BootISO2.jpeg


I'm I on the right track?

Kindly assist me. I'm trying to follow steps 1 to 4; I should be okay from there onward.
 

47M4RZ

Member
Apr 26, 2021
6
1
UPDATE: Ran the ISO via VM and got it to work.

I also get the exact same error as this.

Note: My firestick is a day old. It's stuck in a boot loop after installing google services framework, play store etc.
I'm pretty sure I'm shorting it properly but will continue to try and update you on my progress.
 

47M4RZ

Member
Apr 26, 2021
6
1
UPDATE: Ran the ISO via VM and got it to work.

I also get the exact same error as this.

Note: My firestick is a day old. It's stuck in a boot loop after installing google services framework, play store etc.
I'm pretty sure I'm shorting it properly but will continue to try and update you on my progress.
To add, I distinctly remember, turning USB debugging on in dev mode before I got jammed.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    Okay, conclusion. It turns out I have one of the devices with DL mode disabled. Tough luck. Should have gone with the Chromecast with Google TV...Smh mxm
    Yeah maybe Chromecast is a better product, IDK. But I did go through and debloat the FireStick and then used Wolf Launcher. I was in the same boat as you a few weeks ago but Wolf Launcher is much nicer than the stock launcher.
  • 59
    NOTE: There have been multiple reports of devices with serial numbers containing VM190 or higher being shipped with DL-Mode disabled in BROM.
    These devices cannot be unlocked using kamakiri.
    These devices do not show up at all on USB when shorted.


    After the old bootrom-exploit (amonet) we've been using for unlocking all these Fire-gadgets is closed in more recent Mediatek SOCs like the one used in the FireTV Stick 4K, @xyz` has done it again and found another bootrom-exploit.
    Together we proudly present kamakiri for the FireTV Stick 4K.

    Before proceeding make sure to read and understand this entire post.

    Running this exploit requires a patched linux-kernel on the PC you are using.
    We have put together a Live-ISO that already contains all prerequisites required for running kamakiri.
    You can find the current version of the ISO at:
    https://github.com/amonet-kamakiri/fireiso/releases

    It can be burned to a CD or to a USB-flashdrive.

    Current Version: kamakiri-mantis-v1.2.zip

    You will need to open the device and remove the heatshield on the side without the antennas (2 square bricks).
    NOTE: It is not required to desolder or force the shield off, it is just clipped onto a frame. (The attached picture may be a bit misleading, since it also has the frame removed)

    You will need something for shorting (wire, aluminum foil etc.)

    1. Boot the ISO
    2. Download and extract the exploit package.
    3. Open a terminal in the kamakiri directory
    4. Run
      Code:
      ./bootrom-step.sh
    5. Short one of the points in the attached photo to ground (the cage of the shielding).
      Ideally you want to use DAT0, since that is tiny it might be easier to short the point marked CLK instead.
      It is very important that you use a piece of soft wire or aluminum foil or something similar for shorting. Don't use tweezers as that makes it incredibly easy to knock of the capacitor off the PCB and kill the board!
    6. Connect the stick to your computer (while keeping it shorted)
    7. The script should tell you to release the short and hit enter
    8. Once finished run
      Code:
      ./fastboot-step.sh
    9. Your device will now reboot into TWRP

    Important information

    Don't flash boot/recovery images from FireOS (FlashFire, MagiskManager etc.)

    TWRP will prevent updates from overwriting LK/Preloader/TZ, so generally installing an update should work without issues (only full updates, incremental updates won't work).

    For ROM developers there is still an option to overwrite these, which should only be done after thorough testing and if needed (LK should never be updated).

    It is still advised to disable OTA.

    thanks to @hwmod for the picture
    thanks to @Sus_i for providing an update.bin
    thanks to @zeroepoch for developing aftv2-tools

    XDA:DevDB Information
    kamakiri, Tool/Utility for the Amazon Fire TV

    Contributors
    k4y0z, xyz`
    Source Code: https://github.com/amonet-kamakiri/


    Version Information
    Status:
    Stable
    Current Stable Version: 1.0.0
    Stable Release Date: 2019-10-05

    Created 2019-10-05
    Last Updated 2019-10-14
    14
    There are three options for interacting with TWRP:
    1. A mouse via USB-OTG
    2. TWRP commandline via adb: https://twrp.me/faq/openrecoveryscript.html
    3. Via /cache/recovery/command

    Example for /cache/recovery/command:
    Code:
    echo "--update_package=/path/to/zipfile" > /cache/recovery/command
    echo "--wipe_cache" >> /cache/recovery/command
    reboot recovery

    Should you somehow end in a bootloop, TWRP contains a special boot menu that will be displayed when you boot the stick with an OTG-cable connected.
    It will give you 5 seconds to hit cancel and stay in TWRP or reboot into the OS otherwise.

    NOTE:This will only work if the boot-exploit is still there.
    12
    Well that was easy! And my stick isn't on the latest version, so I'll be able to get some update URLs and make a prerooted ROM hopefully this weekend.
    11
    Is this something that Amazon can fix with future updates? I am holding off until we have a more refined rom..

    No, the only way they can fix it is with a new hardware revision.
    10
    Can you tell us how to disable Ota update on the fire tv stick 4k after a successful root.
    And since there is no superuser installed how can this be done.
    ota can be disabled with root by following commands:
    Code:
    adb shell
    su
    pm disable com.amazon.tv.forcedotaupdater.v2
    pm disable com.amazon.device.software.ota
    pm disable com.amazon.device.software.ota.override
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone