[UNLOCK][ROOT][TWRP][UNBRICK] Fire TV Stick 4K (mantis)

Search This thread

Sus_i

Senior Member
Apr 9, 2013
1,600
687
You can also try the bootrom-step a few times first, re-do it until it works... lets say five times or so.

I don't know whats the reason for the failure, some people disabled this check and it worked for them.
 

anphabvn

Member
May 13, 2022
21
2
the script
Code:
bootrom-step.sh
keep saying
Code:
RuntimeError("donwload failure,giving up")
what does it means? the device is patched?
I do not boot up the device to check the firmware version to avoid any type of update
What is your firmware and serial number ?
Mine is Fireos 6.2.8.1 and VM2012
success on first try
 

Noisemaker00

Senior Member
Apr 9, 2013
66
21
finally I commented out the check and both bootrom and fastboot step completed.
Now it show me the TWRP screen.
How can I block the OTA app package before setup firestick and connecting to internet? I tried using
adb shell
pm ...
to check the exact package name for OTA but it says the command not exist
 
Last edited:

Noisemaker00

Senior Member
Apr 9, 2013
66
21
another question:
should I install magisk? if yes is this the correct link/guide to install on mantis too?
 

Noisemaker00

Senior Member
Apr 9, 2013
66
21
I installed magisk 20.3 from the link above, then I followed this guide to skip updates

but when I try to run
Code:
adb shell
su
pm disable com.amazon.device.software.ota
pm disable com.amazon.device.software.ota.override
pm disable com.amazon.tv.forcedotaupdater.v2
pm clear com.amazon.device.software.ota
exit
exit
it says
Wiki:
WARNING: linker: /sbin/magisk32/: unsupported flag DT_FLAGS_1=0x8000001
and the firestick prompt me a pop-up saying it needs internet connection to finish installation of Magisk Manager

What should I do?
is magisk manager safe to install?
 

Noisemaker00

Senior Member
Apr 9, 2013
66
21
ok, I finished the magisk setup and I was able to disable OTA app packages and some other packages I found in this script (eg. Alexa)
Now I have a couple of questions:
  1. I read Magisk >= 24.0 has no Magisk Hide anymore, so how I can hide root from apps like Netflix, and so on?
  2. Is there a list of suggested packages to disable specific for 4K? Or can I use the packages in the script above safely? In particular I'm interested to block all amazon metrics, data-sniffer and so on
    eg: in the script this package is commented out
    Code:
    #pm disable com.amazon.tv.forcedotaupdater.v2 # NEEDED FOR OOBE REG / WI-FI SETUP
    but in this thread is suggested to disable to prevent OTA, so I disabled, but is correct?
  3. Is there any suggested androidTV-like launcher to use instead of the amazon default one?
  4. Now firestick have FireOS 6.2.7.7, do I need any upgrade? (obviously any that does not break the exploit and root)
 
Last edited:

Sus_i

Senior Member
Apr 9, 2013
1,600
687
ok, I finished the magisk setup and I was able to disable OTA app packages and some other packages I found in this script (eg. Alexa)
Now I have a couple of questions:
  1. I read Magisk >= 24.0 has no Magisk Hide anymore, so how I can hide root from apps like Netflix, and so on?
You may use an older version of magisk...
Is there a list of suggested packages to disable specific for 4K? Or can I use the packages in the script above safely? In particular I'm interested to block all amazon metrics, data-sniffer and so on
You may try it step by step, each disabled package can break something. It's best if you take TWRP backups in between.
eg: in the script this package is commented out
Code:
#pm disable com.amazon.tv.forcedotaupdater.v2 # NEEDED FOR OOBE REG / WI-FI SETUP
but in this thread is suggested to disable to prevent OTA, so I disabled, but is correct?
The note says that you need this package in order to do the setup of the stick. Doesn't matter, in case you get to the setup screen because you did a factory reset, all packages are enabled by default.
Is there any suggested androidTV-like launcher to use instead of the amazon default one?
Take a look into @SweenWolf threads...
Now firestick have FireOS 6.2.7.7, do I need any upgrade?
No
 

Noisemaker00

Senior Member
Apr 9, 2013
66
21
You may use an older version of magisk...
yesterday I read something about Zygisk and the DenyList to achieve the MagiskHide task in the new Magisk version.
As far I understand zygisk is not enabled by default. Is it safe to enable on firestick?
If I choose to downgrade to magisk 19.x can I simply flash it from TWRP even if is an older version?
Or this may cause issues?
 

Sus_i

Senior Member
Apr 9, 2013
1,600
687
yesterday I read something about Zygisk and the DenyList to achieve the MagiskHide task in the new Magisk version.
As far I understand zygisk is not enabled by default. Is it safe to enable on firestick?
You may tell us that... ;)
If I choose to downgrade to magisk 19.x can I simply flash it from TWRP even if is an older version?
Or this may cause issues?
Doesn't need to be 19 and a downgrade should not be an issue.
 

Oneplus#

Senior Member
Dec 3, 2015
127
25
(y)

The script from OP works fine for the most sticks, only a few get the rpmb downgrade issue...

Btw this is the thread for mantis, the 4k stick...
Though some mantis sticks are also affected, but maybe post it again in the sheldon thread ;)
Oh, my bad ahah. Wrong thread. Got confused.
Btw maybe the other things in the guide will help someone ahaha. Now I'll post on the right thread.
 
Last edited:

Noisemaker00

Senior Member
Apr 9, 2013
66
21
I'm trying to use custom launcher on my rooted firestick, so I tried to disable
Code:
pm disable com.amazon.tv.launcher
pm disable com.amazon.firehomestarter

and I installed

but Amazon Prime Video (com.amazon.avod) seems not working with those 2 packages disabled.
Why this happening? The prime video app require the stock launcher to be executed?
 

Top Liked Posts

  • There are no posts matching your filters.
  • 3
    Hey guys.
    Big thanks to the dev. I've succesully rooted my firetv with this script and fixed some stuff. So I've made a guide for who need some help https://github.com/daboynb/Root_firestick .
    2
    I have a 4k, I didn't think this thread applied when researching.
    Yes, the mantis OP of this thread needs an update and the instructions for sheldon are up-to-date...
    You can read some details here:
    1
    So after 6.2.8.7 shorting method won’t work?
    No. Shorting (kamakiri 1.x) gets blocked via 6.2.8.0 (or later) or by factory if the serial is VM190 and later.
    The new kamakiri 2.x gets blocked with 6.2.8.7 or later.
    1
    Wow, thank you! I did not think of that. I've gone through only five pages of this thread. Let me just go through the other 93 pages and eventually I will find an answer! Thanks again and God Bless :)
    I guess you need to read @Rortiz2 post again... ;)
    He said you may take a look at the forums, not only this thread! :p
  • 68
    NOTE: There have been multiple reports of devices with serial numbers containing VM190 or higher being shipped with DL-Mode disabled in BROM.
    These devices cannot be unlocked using kamakiri.
    These devices do not show up at all on USB when shorted.


    After the old bootrom-exploit (amonet) we've been using for unlocking all these Fire-gadgets is closed in more recent Mediatek SOCs like the one used in the FireTV Stick 4K, @xyz` has done it again and found another bootrom-exploit.
    Together we proudly present kamakiri for the FireTV Stick 4K.

    Before proceeding make sure to read and understand this entire post.

    Running this exploit requires a patched linux-kernel on the PC you are using.
    We have put together a Live-ISO that already contains all prerequisites required for running kamakiri.
    You can find the current version of the ISO at:
    https://github.com/amonet-kamakiri/fireiso/releases

    It can be burned to a CD or to a USB-flashdrive.

    Current Version: kamakiri-mantis-v2.0.1.zip


    You will need to open the device and remove the heatshield on the side without the antennas (2 square bricks).
    NOTE: It is not required to desolder or force the shield off, it is just clipped onto a frame. (The attached picture may be a bit misleading, since it also has the frame removed)

    You will need something for shorting (wire, aluminum foil etc.)

    1. Boot the ISO
    2. Download and extract the exploit package.
    3. Open a terminal in the kamakiri directory
    4. Run
      Code:
      ./bootrom-step.sh
    5. Short one of the points in the attached photo to ground (the cage of the shielding).
      Ideally you want to use DAT0, since that is tiny it might be easier to short the point marked CLK instead.
      It is very important that you use a piece of soft wire or aluminum foil or something similar for shorting. Don't use tweezers as that makes it incredibly easy to knock of the capacitor off the PCB and kill the board!
    6. Connect the stick to your computer (while keeping it shorted)
    7. The script should tell you to release the short and hit enter
    8. Once finished run
      Code:
      ./fastboot-step.sh
    9. Your device will now reboot into TWRP

    Important information

    Don't flash boot/recovery images from FireOS (FlashFire, MagiskManager etc.)

    TWRP will prevent updates from overwriting LK/Preloader/TZ, so generally installing an update should work without issues (only full updates, incremental updates won't work).

    For ROM developers there is still an option to overwrite these, which should only be done after thorough testing and if needed (LK should never be updated).

    It is still advised to disable OTA.

    thanks to @hwmod for the picture
    thanks to @Sus_i for providing an update.bin
    thanks to @zeroepoch for developing aftv2-tools

    Contributors
    k4y0z, xyz`
    Source Code: https://github.com/amonet-kamakiri/
    16
    There are three options for interacting with TWRP:
    1. A mouse via USB-OTG
    2. TWRP commandline via adb: https://twrp.me/faq/openrecoveryscript.html
    3. Via /cache/recovery/command

    Example for /cache/recovery/command:
    Code:
    echo "--update_package=/path/to/zipfile" > /cache/recovery/command
    echo "--wipe_cache" >> /cache/recovery/command
    reboot recovery

    Should you somehow end in a bootloop, TWRP contains a special boot menu that will be displayed when you boot the stick with an OTG-cable connected.
    It will give you 5 seconds to hit cancel and stay in TWRP or reboot into the OS otherwise.

    NOTE:This will only work if the boot-exploit is still there.
    12
    Well that was easy! And my stick isn't on the latest version, so I'll be able to get some update URLs and make a prerooted ROM hopefully this weekend.
    12
    I'v just uploaded a new Version of the unlock for mantis.
    It comes with an all new TWRP (3.6.1) and an unlock method that works even for fused devices with firmware version < 6.2.8.7, no shorting needed!
    For detailed instructions check https://forum.xda-developers.com/t/...k-3-and-fire-tv-stick-lite-sheldon-p.4410297/ (Use mantis-zip from here, will update instructions here in a bit)
    11
    Is this something that Amazon can fix with future updates? I am holding off until we have a more refined rom..

    No, the only way they can fix it is with a new hardware revision.