[UNLOCK][ROOT][TWRP][UNBRICK] Fire TV Stick 4K (mantis)

Search This thread
By:
Advanced…
W

Wizard_bg

New member
Jun 14, 2022
3
0
Hello I've been trying to follow your steps but i always end up with error message.
First time I tried to flash twrp my Fire TV Stick 4K (not rooted) with FireOs 6.2.8.1with Ubuntu 22.04 LTS and kamakiri-mantis-v2.0.1.
My second try was with
fireiso-2.0.0-amd64.iso and kamakiri-mantis-v2.0.1, again the same error. Please any suggest to fix it.
[root@fireiso ~/kamakiri2/kamakiri]# sudo ./bootrom-step.sh
[2022-06-14 19:20:48.079382] Waiting for device
[2022-06-14 19:21:16.707858] Found port = /dev/ttyACM0
[2022-06-14 19:21:16.732793] Handshake
[2022-06-14 19:21:16.753991] Load payload from ../brom-payload/pl/pl.bin = 0x3A04 bytes
[2022-06-14 19:21:19.261159] All good
[2022-06-14 19:21:19.757150] Check device_type_id
[2022-06-14 19:21:19.757429] Detected mantis (AKPGW...GI9..)
[2022-06-14 19:21:19.757577] Check GPT
[2022-06-14 19:21:20.299945] gpt_parsed = {'lk': (1024, 2048), 'tee1': (3072, 10240), 'tee2': (13312, 10240), 'boot': (23552, 32768), 'recovery': (56320, 32768), 'logo': (89088, 7168), 'kb': (96256, 2048), 'dkb': (98304, 2048), 'MISC': (100352, 2048), 'vendor': (102400, 307200), 'system': (409600, 2252800), 'cache': (2662400, 1048576), 'userdata': (3710976, 11558879), '': (0, 1)}
[2022-06-14 19:21:20.300154] Check boot0
[2022-06-14 19:21:20.782851] Check rpmb
[2022-06-14 19:21:20.813066] Downgrade rpmb
[2022-06-14 19:21:20.814502] Recheck rpmb
[2022-06-14 19:21:20.930679] rpmb downgrade ok
[2022-06-14 19:21:20.931270] Flash tz
[7265 / 7265]
[2022-06-14 19:22:24.273383] Flash lk
[613 / 613]
[2022-06-14 19:22:30.105779] Flash lk-payload
[7 / 7]
[2022-06-14 19:22:30.650295] Inject microloader
Traceback (most recent call last):
File "/root/kamakiri2/kamakiri/modules/main.py", line 135, in <module>
main(dev)
File "/root/kamakiri2/kamakiri/modules/main.py", line 95, in main
switch_user(dev)
File "/root/kamakiri2/kamakiri/modules/functions.py", line 111, in switch_user
block = dev.emmc_read(0)
File "/root/kamakiri2/kamakiri/modules/common.py", line 212, in emmc_read
raise RuntimeError("read fail")
RuntimeError: read fail
[root@fireiso ~/kamakiri2/kamakiri]#
 
LKJEFoi234

LKJEFoi234

Senior Member
Dec 19, 2016
70
3
So what do you do after all the steps in OP? I can boot to TWRP and everything, but do I install LineageOS or some other OS? Once I disconnect the Micro USB cable, it turns off and boots to Fire OS when it boots again. So what's the point of rooting it?
 
R

Rortiz2

Senior Member
Mar 1, 2018
2,628
2,208
Barcelona
Amazon Fire TV
Amazon Fire HD 8 and HD 10
LKJEFoi234 said:
So what do you do after all the steps in OP? I can boot to TWRP and everything, but do I install LineageOS or some other OS? Once I disconnect the Micro USB cable, it turns off and boots to Fire OS when it boots again. So what's the point of rooting it?
Click to expand...
Click to collapse
Imao - take a look at the forums, you will find the answer for yourself.
 
S

Sus_i

Senior Member
Apr 9, 2013
1,882
837
Wizard_bg said:
Please any suggest to fix it.
Click to expand...
Click to collapse
Try again and again until the script finishs without an error message.
You can try to disable steps 3 to 5 in the main.py if you like (with # infront of the lines), maybe that helps to finish the script...

In what condition was your stick infront of the unlock attempt? Bricked?
 
W

Wizard_bg

New member
Jun 14, 2022
3
0
Sus_i said:
Try again and again until the script finishs without an error message.
You can try to disable steps 3 to 5 in the main.py if you like (with # infront of the lines), maybe that helps to finish the script...

In what condition was your stick infront of the unlock attempt? Bricked?
Click to expand...
Click to collapse
It was normal working with Fire OS. I just want to use stick for android applications.
 
W

Wizard_bg

New member
Jun 14, 2022
3
0
Sus_i said:
Try again and again until the script finishs without an error message.
You can try to disable steps 3 to 5 in the main.py if you like (with # infront of the lines), maybe that helps to finish the script...

In what condition was your stick infront of the unlock attempt? Bricked?
Click to expand...
Click to collapse
It was normal working with Fire OS. I just want to use stick for android applications.
 
N

noahitall

New member
Aug 14, 2017
2
0
Hey I have been trying at this for quite a while. The best I can get is it gets stuck on "Waiting for devices..." whenever I feel like I have the short right, otherwise it errors out. I would love some tips here as perhaps I'm shorting it wrong but I've been at this for hours and am thinking something is wrong.

FireStick still boots ok after removing the short.
 
S

Sus_i

Senior Member
Apr 9, 2013
1,882
837
noahitall said:
Hey I have been trying at this for quite a while. The best I can get is it gets stuck on "Waiting for devices..." whenever I feel like I have the short right, otherwise it errors out. I would love some tips here as perhaps I'm shorting it wrong but I've been at this for hours and am thinking something is wrong.

FireStick still boots ok after removing the short.
Click to expand...
Click to collapse
Try mantis kamakiri 2.x without a short...
See instructions over there:
forum.xda-developers.com

[UNLOCK][ROOT][TWRP][UNBRICK] Fire TV Stick 3 and Fire TV Stick Lite (sheldon/p)

Read this whole guide before starting. This is for the 3rd gen Fire TV Stick (sheldonp) and Fire TV Stick Lite (sheldon). NOTE: FireOS < 7.2.7.3 required NOTE: This process does not require you to open your device. What you need: A Linux...
forum.xda-developers.com forum.xda-developers.com
 
N

noahitall

New member
Aug 14, 2017
2
0
Sus_i said:
Try mantis kamakiri 2.x without a short...
See instructions over there:
forum.xda-developers.com

[UNLOCK][ROOT][TWRP][UNBRICK] Fire TV Stick 3 and Fire TV Stick Lite (sheldon/p)

Read this whole guide before starting. This is for the 3rd gen Fire TV Stick (sheldonp) and Fire TV Stick Lite (sheldon). NOTE: FireOS < 7.2.7.3 required NOTE: This process does not require you to open your device. What you need: A Linux...
forum.xda-developers.com forum.xda-developers.com
Click to expand...
Click to collapse
I have a 4k, I didn't think this thread applied when researching.
 
S

Sus_i

Senior Member
Apr 9, 2013
1,882
837
noahitall said:
I have a 4k, I didn't think this thread applied when researching.
Click to expand...
Click to collapse
Yes, the mantis OP of this thread needs an update and the instructions for sheldon are up-to-date...
You can read some details here:
forum.xda-developers.com

[UNLOCK][ROOT][TWRP][UNBRICK] Fire TV Stick 4K (mantis)

NOTE: There have been multiple reports of devices with serial numbers containing VM190 or higher being shipped with DL-Mode disabled in BROM. These devices cannot be unlocked using kamakiri. These devices do not show up at all on USB when...
forum.xda-developers.com forum.xda-developers.com
 
  • Like
Reactions: puppinoo and Kramar111
S

slack5

Member
Feb 14, 2022
8
0
I have a problem with my Fire STick 4k. Stick boots up endlessly, animated fire tv logo is shown on the screen and it never goes away. I bought the stick in february 2022, I belive it has the latest firmware since I never prevented it from updating.

I believe I have tried all possible ways mentioned in this thread in order to unlock the Bootloader an install TWRP and revive the system by flashing. Unfortunately nothing seems to work.

Now comes the interesting part.
When I connect Fire Stick 4k to laptop via USB cable, it gets recognised for a few secconds as: MediaTek Preloader USB VCOM (Android) (COM4)
After those few seconds the Stick disaperes from device manager and after few more seconds it gets recognised as a ADB device.
Does this mean that it could be possible for me to flash it using Spflash since the stick gets recognised as Preloader USB VCOM?
I would love to try to flash the Stick using Spflash but unfortunately I am not able to find the firmware file that could be used in Spflash.
I couldn't locate the scatter file for Fire Stick 4k either.

Is there anybody that could share the 4k Stick scatter file or the complete flash file that I could use in Spflash?

Or maybe there is a way to generate files for Spflash from ZIP files that are used for flashing via TWRP?

I cannot use ADB since I never registered laptop on the stick while it was working.
The only thing I managed to do is put the Stick in the Fastboot mode.
This is the info I pulled from the stick while in Fastboot mode.

Waiting for fastboot device... [FBSN:G4N0VM0812xxxxxx]
D_Model :
SW Info :
Region :
Rescue_v :
Firmware :
Extra : (bootloader) secure: yes
(bootloader) unlock_status: false
(bootloader) unlock_code: 0xe1fc3053551b2234
(bootloader) max-download-size: 0x8000000
(bootloader) partition-size:userdata: 160bfbe00
(bootloader) partition-type:userdata: ext4
(bootloader) partition-size:cache: 20000000
(bootloader) partition-type:cache: ext4
(bootloader) partition-size:system: 44c00000
(bootloader) partition-type:system: ext4
(bootloader) partition-size:vendor: 9600000
(bootloader) partition-type:vendor: ext4
(bootloader) partition-size:tee2: 500000
(bootloader) partition-type:tee2: raw data
(bootloader) partition-size:tee1: 500000
(bootloader) partition-type:tee1: raw data
(bootloader) partition-size:logo: 380000
(bootloader) partition-type:logo: raw data
(bootloader) partition-size:MISC: 100000
(bootloader) partition-type:MISC: raw data
(bootloader) partition-size:recovery: 1000000
(bootloader) partition-type:recovery: raw data
(bootloader) partition-size:boot: 1000000
(bootloader) partition-type:boot: raw data
(bootloader) partition-size:lk: 100000
(bootloader) partition-type:lk: raw data
(bootloader) partition-size: preloader: 40000
(bootloader) partition-type: preloader: raw data
(bootloader) warranty: no
(bootloader) unlocked: yes
(bootloader) secure: no
(bootloader) kernel: lk
(bootloader) product: MANTIS
(bootloader) version-preloader: 0.1.00
(bootloader) version: 0.5
all: Done!!
finished. total time: 0.013s
OEMDeviceInfo : ...
FAILED (remote: the command is restricted on locked hw)
finished. total time: 0.003s

I hope there is something I can do to revive my 4k stick.
 
A

anphabvn

Senior Member
May 13, 2022
52
6
slack5 said:
I have a problem with my Fire STick 4k. Stick boots up endlessly, animated fire tv logo is shown on the screen and it never goes away. I bought the stick in february 2022, I belive it has the latest firmware since I never prevented it from updating.

I believe I have tried all possible ways mentioned in this thread in order to unlock the Bootloader an install TWRP and revive the system by flashing. Unfortunately nothing seems to work.

Now comes the interesting part.
When I connect Fire Stick 4k to laptop via USB cable, it gets recognised for a few secconds as: MediaTek Preloader USB VCOM (Android) (COM4)
After those few seconds the Stick disaperes from device manager and after few more seconds it gets recognised as a ADB device.
Does this mean that it could be possible for me to flash it using Spflash since the stick gets recognised as Preloader USB VCOM?
I would love to try to flash the Stick using Spflash but unfortunately I am not able to find the firmware file that could be used in Spflash.
I couldn't locate the scatter file for Fire Stick 4k either.

Is there anybody that could share the 4k Stick scatter file or the complete flash file that I could use in Spflash?

Or maybe there is a way to generate files for Spflash from ZIP files that are used for flashing via TWRP?

I cannot use ADB since I never registered laptop on the stick while it was working.
The only thing I managed to do is put the Stick in the Fastboot mode.
This is the info I pulled from the stick while in Fastboot mode.

Waiting for fastboot device... [FBSN:G4N0VM0812xxxxxx]
D_Model :
SW Info :
Region :
Rescue_v :
Firmware :
Extra : (bootloader) secure: yes
(bootloader) unlock_status: false
(bootloader) unlock_code: 0xe1fc3053551b2234
(bootloader) max-download-size: 0x8000000
(bootloader) partition-size:userdata: 160bfbe00
(bootloader) partition-type:userdata: ext4
(bootloader) partition-size:cache: 20000000
(bootloader) partition-type:cache: ext4
(bootloader) partition-size:system: 44c00000
(bootloader) partition-type:system: ext4
(bootloader) partition-size:vendor: 9600000
(bootloader) partition-type:vendor: ext4
(bootloader) partition-size:tee2: 500000
(bootloader) partition-type:tee2: raw data
(bootloader) partition-size:tee1: 500000
(bootloader) partition-type:tee1: raw data
(bootloader) partition-size:logo: 380000
(bootloader) partition-type:logo: raw data
(bootloader) partition-size:MISC: 100000
(bootloader) partition-type:MISC: raw data
(bootloader) partition-size:recovery: 1000000
(bootloader) partition-type:recovery: raw data
(bootloader) partition-size:boot: 1000000
(bootloader) partition-type:boot: raw data
(bootloader) partition-size:lk: 100000
(bootloader) partition-type:lk: raw data
(bootloader) partition-size: preloader: 40000
(bootloader) partition-type: preloader: raw data
(bootloader) warranty: no
(bootloader) unlocked: yes
(bootloader) secure: no
(bootloader) kernel: lk
(bootloader) product: MANTIS
(bootloader) version-preloader: 0.1.00
(bootloader) version: 0.5
all: Done!!
finished. total time: 0.013s
OEMDeviceInfo : ...
FAILED (remote: the command is restricted on locked hw)
finished. total time: 0.003s

I hope there is something I can do to revive my 4k stick.
Click to expand...
Click to collapse
Can you flash stock roms?
 
S

slack5

Member
Feb 14, 2022
8
0
anphabvn said:
Can you flash stock roms?
Click to expand...
Click to collapse
I am not sure if stock ROMs can be flashed in fastboot mode.
As I could not find system.img and vendor.img in any of the ROM archives, I believe I would need to build system.img and vendor.img in order to flash them via fastboot.
I gues I could try preparing those two images using files in the firmware archive:
- system.transfer.list, system.new.dat, system.patch.dat
- vendor.transfer.list, vendor.new.dat, vendor.patch.dat
I would need guidance in order to make system.img and vendor.img appropriate for flashing via fastboot.
 
A

anphabvn

Senior Member
May 13, 2022
52
6
slack5 said:
I am not sure if stock ROMs can be flashed in fastboot mode.
As I could not find system.img and vendor.img in any of the ROM archives, I believe I would need to build system.img and vendor.img in order to flash them via fastboot.
I gues I could try preparing those two images using files in the firmware archive:
- system.transfer.list, system.new.dat, system.patch.dat
- vendor.transfer.list, vendor.new.dat, vendor.patch.dat
I would need guidance in order to make system.img and vendor.img appropriate for flashing via fastboot.
Click to expand...
Click to collapse
But why you stuck in black screen? Update Magisk ?
 
A

anphabvn

Senior Member
May 13, 2022
52
6
slack5 said:
I am not sure if stock ROMs can be flashed in fastboot mode.
As I could not find system.img and vendor.img in any of the ROM archives, I believe I would need to build system.img and vendor.img in order to flash them via fastboot.
I gues I could try preparing those two images using files in the firmware archive:
- system.transfer.list, system.new.dat, system.patch.dat
- vendor.transfer.list, vendor.new.dat, vendor.patch.dat
I would need guidance in order to make system.img and vendor.img appropriate for flashing via fastboot.
Click to expand...
Click to collapse
You should try to Factory reset by fastboot command.
 
You must log in or register to reply here.

Similar threads

K
[UNLOCK][ROOT][TWRP][UNBRICK] Fire TV Stick 2nd gen (tank)
Replies
2K
Views
365K
H
hasobist
K
[UNLOCK][ROOT][TWRP][UNBRICK] Fire TV Stick 3 and Fire TV Stick Lite (sheldon/p)
Replies
763
Views
150K
lionleggend
lionleggend
burcbuluklu
[Guide] [ROM] (mantis) Fire TV Stick 4K Prerooted Android TV Rom (6.2.7.6)
Replies
246
Views
121K
dom019
dom019
R
[ROM][UNOFFICIAL][11] LineageOS 18.1 for Fire TV Stick Lite/3rd gen (sheldon/p)
Replies
679
Views
137K
ChriMo
ChriMo
tsynik
[Magisk][Module] FireTV 4K Stick Add-Ons
Replies
280
Views
100K
M
murtzsch

Top Liked Posts

24 Hours 30 Days All time
  • There are no posts matching your filters.
  • 2
    S
    Skel40
    dom019 said:
    Thank you very much for your time, you would do me a great favor if we could make this rom work with skygo.

    Can I ask you if it is possible in some way to unpack the rom I linked and understand the changes made on that rom?
    Click to expand...
    Click to collapse
    Anytime. Does this rom include the system.new.dat, system.transfer.list, etc? TZ is in charge of DRM to work so I'll patch the OTAs, PackageInstaller, etc
    View
    1
    dom019
    dom019
    Skel40 said:
    @dom019 I posted the tutorial on the Fire TV General
    Click to expand...
    Click to collapse
    yes thank you but I haven’t understood the process 😅
    View
    1
    dom019
    dom019
    Skel40 said:
    Yeah. It should be able to work properly with those two and even the AutoPairService as well which is responsible for oobe pairing on setup. The Smartkeymanager is also very important as its setting the keys to its proper settings with the later os' and its ok. I'll patch one for you to test on 6.2.7.3
    Click to expand...
    Click to collapse
    Thank you very much for your time, you would do me a great favor if we could make this rom work with skygo.

    Can I ask you if it is possible in some way to unpack the rom I linked and understand the changes made on that rom?
    View
    1
    dom019
    dom019
    Skel40 said:
    Anytime. Does this rom include the system.new.dat, system.transfer.list, etc?
    Click to expand...
    Click to collapse
    Yes it includes them, I downloaded the rom from
    https://forum.xda-developers.com/t/app-no-root-skygo-for-fire-tv.3776919/post-83717373
    The link is broken and I had an old backup, its developer vanished and I only bought the fire this month
    View
    1
    H
    hasobist
    Skel40 said:
    Anytime. Does this rom include the system.new.dat, system.transfer.list, etc? TZ is in charge of DRM to work so I'll patch the OTAs, PackageInstaller, etc
    Click to expand...
    Click to collapse
    Hello Skel40!

    6.2.7.3-mantis-skygo

    MediaFire is a simple to use free service that...
    www.mediafire.com
    It's an incremental rom built around Android super kitchen
    Has the following folders:
    1./install/bin/backuptool.function.sh
    backuptool.sh
    configure.sh
    busybox.sh
    2.Metainf
    3.boot.img
    4.file_contexts
    5.system.new.dat.......198mb
    That's et all.
    Was testing it ,its smooth though free on memory and /system(128mb)and using with patched fosservices.jar by sween for accessibility.
    So far all good.
    Cheers!
    View
  • 74
    K
    k4y0z
    NOTE: There have been multiple reports of devices with serial numbers containing VM190 or higher being shipped with DL-Mode disabled in BROM.
    These devices cannot be unlocked using kamakiri.
    These devices do not show up at all on USB when shorted.

    After the old bootrom-exploit (amonet) we've been using for unlocking all these Fire-gadgets is closed in more recent Mediatek SOCs like the one used in the FireTV Stick 4K, @xyz` has done it again and found another bootrom-exploit.
    Together we proudly present kamakiri for the FireTV Stick 4K.

    Before proceeding make sure to read and understand this entire post.

    Running this exploit requires a patched linux-kernel on the PC you are using.
    We have put together a Live-ISO that already contains all prerequisites required for running kamakiri.
    You can find the current version of the ISO at:
    https://github.com/amonet-kamakiri/fireiso/releases

    It can be burned to a CD or to a USB-flashdrive.

    Current Version: kamakiri-mantis-v2.0.1.zip


    You will need to open the device and remove the heatshield on the side without the antennas (2 square bricks).
    NOTE: It is not required to desolder or force the shield off, it is just clipped onto a frame. (The attached picture may be a bit misleading, since it also has the frame removed)

    You will need something for shorting (wire, aluminum foil etc.)

    1. Boot the ISO
    2. Download and extract the exploit package.
    3. Open a terminal in the kamakiri directory
    4. Run
      Code: 
      ./bootrom-step.sh
    5. Short one of the points in the attached photo to ground (the cage of the shielding).
      Ideally you want to use DAT0, since that is tiny it might be easier to short the point marked CLK instead.
      It is very important that you use a piece of soft wire or aluminum foil or something similar for shorting. Don't use tweezers as that makes it incredibly easy to knock of the capacitor off the PCB and kill the board!
    6. Connect the stick to your computer (while keeping it shorted)
    7. The script should tell you to release the short and hit enter
    8. Once finished run
      Code: 
      ./fastboot-step.sh
    9. Your device will now reboot into TWRP

    Important information

    Don't flash boot/recovery images from FireOS (FlashFire, MagiskManager etc.)

    TWRP will prevent updates from overwriting LK/Preloader/TZ, so generally installing an update should work without issues (only full updates, incremental updates won't work).

    For ROM developers there is still an option to overwrite these, which should only be done after thorough testing and if needed (LK should never be updated).

    It is still advised to disable OTA.

    thanks to @hwmod for the picture
    thanks to @Sus_i for providing an update.bin
    thanks to @zeroepoch for developing aftv2-tools

    Contributors
    k4y0z, xyz`
    Source Code: https://github.com/amonet-kamakiri/
    View
    17
    K
    k4y0z
    There are three options for interacting with TWRP:
    1. A mouse via USB-OTG
    2. TWRP commandline via adb: https://twrp.me/faq/openrecoveryscript.html
    3. Via /cache/recovery/command

    Example for /cache/recovery/command:
    Code: 
    echo "--update_package=/path/to/zipfile" > /cache/recovery/command
echo "--wipe_cache" >> /cache/recovery/command
reboot recovery

    Should you somehow end in a bootloop, TWRP contains a special boot menu that will be displayed when you boot the stick with an OTG-cable connected.
    It will give you 5 seconds to hit cancel and stay in TWRP or reboot into the OS otherwise.

    NOTE:This will only work if the boot-exploit is still there.
    View
    15
    K
    k4y0z
    I'v just uploaded a new Version of the unlock for mantis.
    It comes with an all new TWRP (3.6.1) and an unlock method that works even for fused devices with firmware version < 6.2.8.7, no shorting needed!
    For detailed instructions check https://forum.xda-developers.com/t/...k-3-and-fire-tv-stick-lite-sheldon-p.4410297/ (Use mantis-zip from here, will update instructions here in a bit)
    View
    12
    R
    rbox
    Well that was easy! And my stick isn't on the latest version, so I'll be able to get some update URLs and make a prerooted ROM hopefully this weekend.
    View
    12
    X
    xyz`
    rootuser11 said:
    Is this something that Amazon can fix with future updates? I am holding off until we have a more refined rom..
    Click to expand...
    Click to collapse

    No, the only way they can fix it is with a new hardware revision.
    View

New posts