[UNLOCK][ROOT][TWRP][UNBRICK] Fire TV Stick 4K (mantis)

Search This thread

JohanVincent

Member
Nov 26, 2009
5
1
Okay, conclusion. It turns out I have one of the devices with DL mode disabled. Tough luck. Should have gone with the Chromecast with Google TV...Smh mxm
Yeah maybe Chromecast is a better product, IDK. But I did go through and debloat the FireStick and then used Wolf Launcher. I was in the same boat as you a few weeks ago but Wolf Launcher is much nicer than the stock launcher.
 
  • Like
Reactions: 47M4RZ

tocUK

Member
Apr 2, 2018
5
4
"Firesticks running FireOS 6.2.8.0+ are now blocked from this exploit."
This should be in the OP .. this would have saved me a lot of time, With so many posts and pages to the thread took a while to drill this simple info out. Hope this helps someone else.
 
Last edited:

lasauce22

New member
Oct 20, 2020
1
0
"Firesticks running FireOS 6.2.8.0+ are blocked from this exploit."
This should be in the OP .. this would have saved me a lot of time, Many post and pages to the thread to drill this info out. Hope this helps someone else.
Yes exploit now patched, i have buy 20 fire tv stick from different place and all are patched =(

EVERYBODY DON'T WASTE YOUR TIME TO TRY ROOTING FIRE TV STICK 4K, IT IS NOW IMPOSSIBLE !
 

Gsharpshooter80

New member
Jun 2, 2021
2
0
Hey, not sure if this could be of any use to get around forced OTA updates at registration point but figured I'd run it by here anyways. I noticed the hidden Dev Menu can be enabled before registering and there's a proxy network tab that can be accessed. Can that be of any use to block OTA's? To access the hidden menu hold select button followed by holding the down button together for 3-4 seconds and then quickly let go of both and hit the hamburger menu (button to the right of home button) and the dev menu should pop up

 
Last edited:
Hey, not sure if this could be of any use to get around forced OTA updates at registration point but figured I'd run it by here anyways. I noticed the hidden Dev Menu can be enabled before registering and there's a proxy network tab that can be accessed. Can that be of any use to block OTA's? To access the hidden menu hold select button followed by holding the down button together for 3-4 seconds and then quickly let go of both and hit the hamburger menu (button to the right of home button) and the dev menu should pop up

Yes!! Good find.. Whilst I'm not sure about proxies.... It Should maybe let one enable developer options to then enable usb debugging which ofc will let the user run pm disable commands for ota updates @0815hoffi? What you thinking?

ie
pm disable com.amazon.device.software.ota.override
pm disable com.amazon.device.software.ota
pm disable com.amazon.tv.forcedotaupdater.v2
(these commands sometimes need alteration of -- user 0 or --user com. Xxx)

II would say you've done well there mate but it may well be that disabling updates at this point will cause the stick to crash or reboot in search of the ota file. Idk

Regards
 
"Firesticks running FireOS 6.2.8.0+ are now blocked from this exploit."
This should be in the OP .. this would have saved me a lot of time, With so many posts and pages to the thread took a while to drill this simple info out. Hope this helps someone else.

Yes exploit now patched, i have buy 20 fire tv stick from different place and all are patched =(

EVERYBODY DON'T WASTE YOUR TIME TO TRY ROOTING FIRE TV STICK 4K, IT IS NOW IMPOSSIBLE !
NOTE: There have been multiple reports of devices with serial numbers containing VM190 or higher being shipped with DL-Mode disabled in BROM.
These devices cannot be unlocked using kamakiri.
These devices do not show up at all on USB when shorted.



It's there right at the top of the OP and has been for some time loud and clear


Regards
 
:(;)"Firesticks running FireOS 6.2.8.0+ are now blocked from this exploit."
This should be in the OP .. this would have saved me a lot of time, With so many posts and pages to the thread took a while to drill this simple info out. Hope this helps someone else.

Yes exploit now patched, i have buy 20 fire tv stick from different place and all are patched =(

EVERYBODY DON'T WASTE YOUR TIME TO TRY ROOTING FIRE TV STICK 4K, IT IS NOW IMPOSSIBLE !
It's in the software/rom thread not here in the hardware/exploit thread.
Use the search function it works rather well and will save you time in future.
Also, reading the threads and various posts expands your knowledge ;)

Regards
 

Gsharpshooter80

New member
Jun 2, 2021
2
0
Yes!! Good find.. Whilst I'm not sure about proxies.... It Should maybe let one enable developer options to then enable usb debugging which ofc will let the user run pm disable commands for ota updates @0815hoffi? What you thinking?

ie
pm disable com.amazon.device.software.ota.override
pm disable com.amazon.device.software.ota
pm disable com.amazon.tv.forcedotaupdater.v2
(these commands sometimes need alteration of -- user 0 or --user com. Xxx)

II would say you've done well there mate but it may well be that disabling updates at this point will cause the stick to crash or reboot in search of the ota file. Idk

Regards
So I noticed Developer Options as well but when I turned it on it showed 2 more option tabs underneath it and none of the options were for ADB Debugging. However one of them has a off/on slider for an option called "developer row" which seems to detect application packages installed on the device. Not sure if it's of any use or not but anyone can access this Dev Option menu on any device whether they are past registration screen or not and you can mess around with it yourself.
 

tocUK

Member
Apr 2, 2018
5
4
NOTE: There have been multiple reports of devices with serial numbers containing VM190 or higher being shipped with DL-Mode disabled in BROM.
These devices cannot be unlocked using kamakiri.
These devices do not show up at all on USB when shorted.



It's there right at the top of the OP and has been for some time loud and clear


Regards

wow, I never asked about hardware revisions as this points out, I suggest you re-read what you quoted.

If this was as you suggest the wrong thread for this info then why would you suggest searching it, secondly the info is in the thread (as it should be) so would be obvious to add this important info to the OP for the same reason the with hardware revisions/serial numbers have been added as times have changed since the OP. The blowing of the efuse via software update has affected the hardware thus ability of this exploit to work (to date) regardless of original serial number/hardware revisions.

More importantly your post has just created more filler making harder for people to find the correct info. 🤦‍♂️
 
Last edited:
wow, I never asked about hardware revisions as this points out, I suggest you re-read what you quoted.

If this was as you suggest the wrong thread for this info then why would you suggest searching it, secondly the info is in the thread (as it should be) so would be obvious to add this important info to the OP for the same reason the with hardware revisions/serial numbers have been added as times have changed since the OP. The blowing of the efuse via software update has affected the hardware thus ability of this exploit to work (to date) regardless of original serial number/hardware revisions.

More importantly your post has just created more filler making harder for people to find the correct info. 🤦‍♂️

Thank you for your kind words in these difficult times.

Regards
 

Attachments

  • download.png
    download.png
    972 bytes · Views: 8
Last edited:

darksavior

Senior Member
May 14, 2010
195
81
Los Angeles
I previously had this rooted with recovery. I made the mistake of updating magisk and my 4k stick now boot loops the white fire tv logo. I don't get the option to boot to twrp with otg anymore. Adb does not see the 4k stick. It was on the latest version of fireos. I think 6.2.8.0.

I'm booting off the fireiso2.0 usb stick to macbook.
4k Stick is directly connected to macbook.
Is there a trick to get it to recovery?
 
Last edited:

Skel40

Senior Member
Dec 27, 2019
171
92
Moto G 5G
I previously had this rooted with recovery. I made the mistake of updating magisk and my 4k stick now boot loops the white fire tv logo. I don't get the option to boot to twrp with otg anymore. Adb does not see the 4k stick. It was on the latest version of fireos. I think 6.2.8.0.

I'm booting off the fireiso2.0 usb stick to macbook.
4k Stick is directly connected to macbook.
Is there a trick to get it to recovery?
Is the latest version of the os stock or prerooted? If it's stock, you're out of luck because the efuse is triggered to disable the brom unless you unlocked it before it got blown. Don't hesitate to try running the exploit again to try again if that makes any sense.
 
Last edited:
  • Like
Reactions: darksavior

darksavior

Senior Member
May 14, 2010
195
81
Los Angeles
Is the latest version of the os stock or prerooted? If it's stock, you're out of luck because the efuse is triggered to disable the brom unless you unlocked it before it got blown. Don't hesitate to try running the exploit again to try again if that makes any sense.
It was originally a prerooted rom found in this forum but it updated to the latest stock version which I then rooted again with magisk. Updating magisk from fireos really hosed the bootloader.
I decided to crack it open again and short the point to redo the process. Success. I'm back in twrp.
 
Last edited:
  • Like
Reactions: Skel40

Skel40

Senior Member
Dec 27, 2019
171
92
Moto G 5G
It was originally a prerooted rom found in this forum but it updated to the latest stock version.
I decided to crack it open again and short the point to redo the process. Success. I'm back in twrp.
Perfect!!! At least we know what the issue was just in case it happens again by accident! I was worried myself that it was going to be in a bootloop forever. You should be fine. When it bootloops after installing Magisk with FireOS it doesn't relock the bootloader because it's still unlocked in the process so messing up by accident is alright in some situations! Make sure to keep the 4K unlocked and you'll be safe
 
  • Like
Reactions: darksavior

xoxo_xdagirl91

Senior Member
Jun 17, 2013
111
53
Had my 4k firestick for awhile and realized it updated itself to 6.2.8.0. Never got around to rooting it. Is it too late for that now? The recent comments in this thread have kinda confused me on wether or not I can so I just want to make sure
 

emkorial

Senior Member
Mar 2, 2008
382
15
Had my 4k firestick for awhile and realized it updated itself to 6.2.8.0. Never got around to rooting it. Is it too late for that now? The recent comments in this thread have kinda confused me on wether or not I can so I just want to make sure

Yes it is to late now. The only way to root the device is to get a device that has:

A - Not been patched
B - Not been upgraded to 6.2.8.0

Whether or not a new method to root will be discovered, who knows.
 
  • Like
Reactions: xoxo_xdagirl91
Just to clarify for anyone else in the near future (and save people time reading through threads)


If you purchase one of the Firestick 4K 2020 models with serial number VM190 or higher....

OR

You have been sitting on top of an exploitable (but never before unlocked) mantis 4K firestick that happens to take the 6.2.8.0 ota update.

You will NOT be able to Unlock/Root the device at this time.

Regards
 
  • Like
Reactions: Sus_i

emkorial

Senior Member
Mar 2, 2008
382
15
Just to clarify for anyone else in the near future (and save people time reading through threads)


If you purchase one of the Firestick 4K 2020 models with serial number VM190 or higher....

OR

You have been sitting on top of an exploitable (but never before unlocked) mantis 4K firestick that happens to take the 6.2.8.0 ota update.

You will NOT be able to Unlock/Root the device at this time.

Regards

Thoughts on another exploit method being discovered that would work?

Could the chip with the efuse in it be identified and possible replaced?
 

Top Liked Posts

  • There are no posts matching your filters.
  • 2
    "Firesticks running FireOS 6.2.8.0+ are now blocked from this exploit."
    This should be in the OP .. this would have saved me a lot of time, With so many posts and pages to the thread took a while to drill this simple info out. Hope this helps someone else.
    1
    I previously had this rooted with recovery. I made the mistake of updating magisk and my 4k stick now boot loops the white fire tv logo. I don't get the option to boot to twrp with otg anymore. Adb does not see the 4k stick. It was on the latest version of fireos. I think 6.2.8.0.

    I'm booting off the fireiso2.0 usb stick to macbook.
    4k Stick is directly connected to macbook.
    Is there a trick to get it to recovery?
    Is the latest version of the os stock or prerooted? If it's stock, you're out of luck because the efuse is triggered to disable the brom unless you unlocked it before it got blown. Don't hesitate to try running the exploit again to try again if that makes any sense.
    1
    Is the latest version of the os stock or prerooted? If it's stock, you're out of luck because the efuse is triggered to disable the brom unless you unlocked it before it got blown. Don't hesitate to try running the exploit again to try again if that makes any sense.
    It was originally a prerooted rom found in this forum but it updated to the latest stock version which I then rooted again with magisk. Updating magisk from fireos really hosed the bootloader.
    I decided to crack it open again and short the point to redo the process. Success. I'm back in twrp.
    1
    It was originally a prerooted rom found in this forum but it updated to the latest stock version.
    I decided to crack it open again and short the point to redo the process. Success. I'm back in twrp.
    Perfect!!! At least we know what the issue was just in case it happens again by accident! I was worried myself that it was going to be in a bootloop forever. You should be fine. When it bootloops after installing Magisk with FireOS it doesn't relock the bootloader because it's still unlocked in the process so messing up by accident is alright in some situations! Make sure to keep the 4K unlocked and you'll be safe
    1
    Had my 4k firestick for awhile and realized it updated itself to 6.2.8.0. Never got around to rooting it. Is it too late for that now? The recent comments in this thread have kinda confused me on wether or not I can so I just want to make sure

    Yes it is to late now. The only way to root the device is to get a device that has:

    A - Not been patched
    B - Not been upgraded to 6.2.8.0

    Whether or not a new method to root will be discovered, who knows.
  • 59
    NOTE: There have been multiple reports of devices with serial numbers containing VM190 or higher being shipped with DL-Mode disabled in BROM.
    These devices cannot be unlocked using kamakiri.
    These devices do not show up at all on USB when shorted.


    After the old bootrom-exploit (amonet) we've been using for unlocking all these Fire-gadgets is closed in more recent Mediatek SOCs like the one used in the FireTV Stick 4K, @xyz` has done it again and found another bootrom-exploit.
    Together we proudly present kamakiri for the FireTV Stick 4K.

    Before proceeding make sure to read and understand this entire post.

    Running this exploit requires a patched linux-kernel on the PC you are using.
    We have put together a Live-ISO that already contains all prerequisites required for running kamakiri.
    You can find the current version of the ISO at:
    https://github.com/amonet-kamakiri/fireiso/releases

    It can be burned to a CD or to a USB-flashdrive.

    Current Version: kamakiri-mantis-v1.2.zip

    You will need to open the device and remove the heatshield on the side without the antennas (2 square bricks).
    NOTE: It is not required to desolder or force the shield off, it is just clipped onto a frame. (The attached picture may be a bit misleading, since it also has the frame removed)

    You will need something for shorting (wire, aluminum foil etc.)

    1. Boot the ISO
    2. Download and extract the exploit package.
    3. Open a terminal in the kamakiri directory
    4. Run
      Code:
      ./bootrom-step.sh
    5. Short one of the points in the attached photo to ground (the cage of the shielding).
      Ideally you want to use DAT0, since that is tiny it might be easier to short the point marked CLK instead.
      It is very important that you use a piece of soft wire or aluminum foil or something similar for shorting. Don't use tweezers as that makes it incredibly easy to knock of the capacitor off the PCB and kill the board!
    6. Connect the stick to your computer (while keeping it shorted)
    7. The script should tell you to release the short and hit enter
    8. Once finished run
      Code:
      ./fastboot-step.sh
    9. Your device will now reboot into TWRP

    Important information

    Don't flash boot/recovery images from FireOS (FlashFire, MagiskManager etc.)

    TWRP will prevent updates from overwriting LK/Preloader/TZ, so generally installing an update should work without issues (only full updates, incremental updates won't work).

    For ROM developers there is still an option to overwrite these, which should only be done after thorough testing and if needed (LK should never be updated).

    It is still advised to disable OTA.

    thanks to @hwmod for the picture
    thanks to @Sus_i for providing an update.bin
    thanks to @zeroepoch for developing aftv2-tools

    XDA:DevDB Information
    kamakiri, Tool/Utility for the Amazon Fire TV

    Contributors
    k4y0z, xyz`
    Source Code: https://github.com/amonet-kamakiri/


    Version Information
    Status:
    Stable
    Current Stable Version: 1.0.0
    Stable Release Date: 2019-10-05

    Created 2019-10-05
    Last Updated 2019-10-14
    14
    There are three options for interacting with TWRP:
    1. A mouse via USB-OTG
    2. TWRP commandline via adb: https://twrp.me/faq/openrecoveryscript.html
    3. Via /cache/recovery/command

    Example for /cache/recovery/command:
    Code:
    echo "--update_package=/path/to/zipfile" > /cache/recovery/command
    echo "--wipe_cache" >> /cache/recovery/command
    reboot recovery

    Should you somehow end in a bootloop, TWRP contains a special boot menu that will be displayed when you boot the stick with an OTG-cable connected.
    It will give you 5 seconds to hit cancel and stay in TWRP or reboot into the OS otherwise.

    NOTE:This will only work if the boot-exploit is still there.
    12
    Well that was easy! And my stick isn't on the latest version, so I'll be able to get some update URLs and make a prerooted ROM hopefully this weekend.
    11
    Is this something that Amazon can fix with future updates? I am holding off until we have a more refined rom..

    No, the only way they can fix it is with a new hardware revision.
    10
    Can you tell us how to disable Ota update on the fire tv stick 4k after a successful root.
    And since there is no superuser installed how can this be done.
    ota can be disabled with root by following commands:
    Code:
    adb shell
    su
    pm disable com.amazon.tv.forcedotaupdater.v2
    pm disable com.amazon.device.software.ota
    pm disable com.amazon.device.software.ota.override