• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[UNLOCK][ROOT][TWRP][UNBRICK] Fire TV Stick 4K (mantis)

Search This thread

Skel40

Senior Member
Dec 27, 2019
286
137
Moto G 5G
When you unlock the 4K, be sure to update the tz image with the latest prerooted rom so it doesn't automatically reboot. The unlock downgrades the tz
 
  • Like
Reactions: puppinoo

yener90

Senior Member
Dec 10, 2018
152
330
@leokon

You should be good to go mate if the device is vulnerable to the exploit. Dont matter bout firmware versions just follow the steps carefully and be sure to disable ota updates once you've got through the steps on first boot.

Regards
Are you sure about it? I thought update 6.2.8.0 destroys a fuse, which breaks the rooting possibility. I tried to root my device and it's impossible.
 

tw39515

Senior Member
Oct 14, 2006
610
144
HTC Leo
T-Mobile Samsung Galaxy S III
Just got one its on 6.2.8.1 serial G070VM221 getting error

ERROR: Serial protocol mismatch, expected {} got {}".format(gold.hex(), test.hex()))
RuntimeError: ERROR: Serial protocol mismatch, expected 0001 got 0000

Is this due to the newest update or am i not shorting properly.
Is there a way to disable future updates in hope of a fix.
Thanks TW.
 
  • Like
Reactions: micmacxda

micmacxda

New member
Mar 20, 2012
2
0
Just got one its on 6.2.8.1 serial G070VM221 getting error

ERROR: Serial protocol mismatch, expected {} got {}".format(gold.hex(), test.hex()))
RuntimeError: ERROR: Serial protocol mismatch, expected 0001 got 0000

Is this due to the newest update or am i not shorting properly.
Is there a way to disable future updates in hope of a fix.
Thanks TW.
at same point here too...have you tried accurately shorting clk too?
 

phickasphuck

Member
Dec 10, 2021
5
1
Hi Guy's I really hate to bother you but I need your help please.....
Booting to Ubuntu via usb cant get past the bootrom, literally nothing happens just a flashing cursor! and with the FireISO i just get the "root #" then nothing please please help
thanks in advance for the advice
 

phickasphuck

Member
Dec 10, 2021
5
1
Now for the record I would like to kick myself! rule No 1 "always read previous post's" I think on the very first page it say's "I wonder why it don't work on Ubuntu?" then a reply say's "It will if you patch the Kernel" have no idea about Linux so best left....... how ever would still like some help with FireISO V2.0.0 if at all possible
 
Now for the record I would like to kick myself! rule No 1 "always read previous post's" I think on the very first page it say's "I wonder why it don't work on Ubuntu?" then a reply say's "It will if you patch the Kernel" have no idea about Linux so best left....... how ever would still like some help with FireISO V2.0.0 if at all possible
Hi,

Define help? Downloading the image? Using kamakiri.. Please elaborate where you need assistance


Regards
 

phickasphuck

Member
Dec 10, 2021
5
1
Hi,

Define help? Downloading the image? Using kamakiri.. Please elaborate where you need assistance


Regards

Hi, Seasons greetings to you and thanks for responding I really apricate it, sorry or the delay, Ok so I really need help with all of the procedure but I haven't got past the "bootstep" when I load Kamakiri and enter the command I get "file /home/ubuntu/desktop/kamakiri/modules/main.py, line 6, in <module> from common import device" and "file /home/ubuntu/desktop/kamakiri/modules/common.py, line 6, in <module> from common import serial" culminating in no "module not found error: no module named serial"

I've tried to remove the lines but it just throws up another error if you can point me in the right direction please.
 
Hi, Seasons greetings to you and thanks for responding I really apricate it, sorry or the delay, Ok so I really need help with all of the procedure but I haven't got past the "bootstep" when I load Kamakiri and enter the command I get "file /home/ubuntu/desktop/kamakiri/modules/main.py, line 6, in <module> from common import device" and "file /home/ubuntu/desktop/kamakiri/modules/common.py, line 6, in <module> from common import serial" culminating in no "module not found error: no module named serial"

I've tried to remove the lines but it just throws up another error if you can point me in the right direction please.
Hi,

No dont remove any lines..
Delete those files and extract the zip again. Start over....

Are you sure the stick you have is vulnerable to the amonet exploit what serial number is displayed in adb? Try another usb port and cable also.
Lastly when you run bootrom-step be sure to run it as exactly :

./bootrom-step.sh

Let me know whats happening

Regards
 

phickasphuck

Member
Dec 10, 2021
5
1
Hi ,

So can i go through this a step at a time with you please?

I can't get the fireISO to boot from usb? i can get it working in a linux terminal is that the correct way?

Regards
 

eac5

New member
Dec 26, 2021
1
0
21
Spain
Amazon Fire TV
Samsung Galaxy S7
I'm a little confused with the conflicting information surrounding the 6.2.8.1 and efuses. Some say its better to do the initial setup for the stick, then root, so that the ota update doesn't interrupt the root process, others say it's necessary to do the root right out of the box without ever booting the stick, as the update will burn an efuse and prevent bootrom access thru shorting even on an exploit-compatible model.

So which order is correct?

I'm ordering an older model specifically for rooting purposes and it's quite pricey here so I really wanna get this right.


Edit: with a bit of further digging I gather rooting straight away is the only way now. So just one more question, can anyone confirm whether the following order will work?
Root stick out of the box -> on first TWRP boot flash 6.2.8.1_r2 from rbox to do the firmware and TZ updates -> Flash the OTA update disabler from SweenWolf

I take it the prerooted roms already remove the efuse related files so I should be safe in that regard?

TIA
 
Last edited:

Top Liked Posts

  • There are no posts matching your filters.
  • 62
    NOTE: There have been multiple reports of devices with serial numbers containing VM190 or higher being shipped with DL-Mode disabled in BROM.
    These devices cannot be unlocked using kamakiri.
    These devices do not show up at all on USB when shorted.


    After the old bootrom-exploit (amonet) we've been using for unlocking all these Fire-gadgets is closed in more recent Mediatek SOCs like the one used in the FireTV Stick 4K, @xyz` has done it again and found another bootrom-exploit.
    Together we proudly present kamakiri for the FireTV Stick 4K.

    Before proceeding make sure to read and understand this entire post.

    Running this exploit requires a patched linux-kernel on the PC you are using.
    We have put together a Live-ISO that already contains all prerequisites required for running kamakiri.
    You can find the current version of the ISO at:
    https://github.com/amonet-kamakiri/fireiso/releases

    It can be burned to a CD or to a USB-flashdrive.

    Current Version: kamakiri-mantis-v1.2.zip

    You will need to open the device and remove the heatshield on the side without the antennas (2 square bricks).
    NOTE: It is not required to desolder or force the shield off, it is just clipped onto a frame. (The attached picture may be a bit misleading, since it also has the frame removed)

    You will need something for shorting (wire, aluminum foil etc.)

    1. Boot the ISO
    2. Download and extract the exploit package.
    3. Open a terminal in the kamakiri directory
    4. Run
      Code:
      ./bootrom-step.sh
    5. Short one of the points in the attached photo to ground (the cage of the shielding).
      Ideally you want to use DAT0, since that is tiny it might be easier to short the point marked CLK instead.
      It is very important that you use a piece of soft wire or aluminum foil or something similar for shorting. Don't use tweezers as that makes it incredibly easy to knock of the capacitor off the PCB and kill the board!
    6. Connect the stick to your computer (while keeping it shorted)
    7. The script should tell you to release the short and hit enter
    8. Once finished run
      Code:
      ./fastboot-step.sh
    9. Your device will now reboot into TWRP

    Important information

    Don't flash boot/recovery images from FireOS (FlashFire, MagiskManager etc.)

    TWRP will prevent updates from overwriting LK/Preloader/TZ, so generally installing an update should work without issues (only full updates, incremental updates won't work).

    For ROM developers there is still an option to overwrite these, which should only be done after thorough testing and if needed (LK should never be updated).

    It is still advised to disable OTA.

    thanks to @hwmod for the picture
    thanks to @Sus_i for providing an update.bin
    thanks to @zeroepoch for developing aftv2-tools

    XDA:DevDB Information
    kamakiri, Tool/Utility for the Amazon Fire TV

    Contributors
    k4y0z, xyz`
    Source Code: https://github.com/amonet-kamakiri/


    Version Information
    Status:
    Stable
    Current Stable Version: 1.0.0
    Stable Release Date: 2019-10-05

    Created 2019-10-05
    Last Updated 2019-10-14
    15
    There are three options for interacting with TWRP:
    1. A mouse via USB-OTG
    2. TWRP commandline via adb: https://twrp.me/faq/openrecoveryscript.html
    3. Via /cache/recovery/command

    Example for /cache/recovery/command:
    Code:
    echo "--update_package=/path/to/zipfile" > /cache/recovery/command
    echo "--wipe_cache" >> /cache/recovery/command
    reboot recovery

    Should you somehow end in a bootloop, TWRP contains a special boot menu that will be displayed when you boot the stick with an OTG-cable connected.
    It will give you 5 seconds to hit cancel and stay in TWRP or reboot into the OS otherwise.

    NOTE:This will only work if the boot-exploit is still there.
    12
    Well that was easy! And my stick isn't on the latest version, so I'll be able to get some update URLs and make a prerooted ROM hopefully this weekend.
    11
    Is this something that Amazon can fix with future updates? I am holding off until we have a more refined rom..

    No, the only way they can fix it is with a new hardware revision.
    10
    Can you tell us how to disable Ota update on the fire tv stick 4k after a successful root.
    And since there is no superuser installed how can this be done.
    ota can be disabled with root by following commands:
    Code:
    adb shell
    su
    pm disable com.amazon.tv.forcedotaupdater.v2
    pm disable com.amazon.device.software.ota
    pm disable com.amazon.device.software.ota.override