[UNLOCK][ROOT][TWRP][UNBRICK] Fire TV Stick 4K (mantis)

[Bertonumber1]

Magisk was flashed as part of the ROM.



The issue was no one mentioned that you need to fully upgrade, then turn on USB Debugging, then flash a new ROM and the ADB Debugging will persist across ROMS. Once I figured that out I was aable to get ADB Access and reboot into recovery and flash a ROM



At this point all I need is to get the Amazon Appstore working. Any ideas?

Nobody mentioned because nobody has upgraded to this firmware on an unlocked rooted mantis (save the ones using rbox prerooted modded 6.2.7.8 lol) it could well be this is part of the problem amazon have created.

Idk Maybe use Magisk hide then clear data on the apps in managed installed applications and reboot , what happens when you open up the appstore what error are you getting?

Have your tried flashing another lower firmware and checking if all is normal on that. Just download another rom to firestick sdcard (or adb push)

Only Wipe cache, dalvik and system and flash the older firmware and magisk and try that.
As you're not wiping data your stick won't go through all the updates again and remain on the older firmware which will be treated by twrp like any other update.bin albeit a previous older version.

Regards

 

[emkorial]

However, you can try the unlock nevertheless, it doesn't harm your device.
Who knows, maybe they messed the burning-efuse thing up badly and rooting is still possible ^^

Once I get the amazon AppStore working on my rooted stick, I will be trying the unlock on my device that was natively upgraded to 6.2.8. Maybe it will work, who knows.

 

[emkorial]

Nobody mentioned because nobody has upgraded to this firmware on an unlocked rooted mantis (save the ones using rbox prerooted modded 6.2.7.8 lol) it could well be this is part of the problem amazon have created.

This device was not upgraded either, it was fresh out of the box non upgraded. The only ay to get USB debugging to be turned on was to go through Setup, get upgraded, then turn it on, then reflash. Either way it is working now and I have ADB access

Idk Maybe use Magisk hide then clear data on the apps in managed installed applications and reboot , what happens when you open up the appstore what error are you getting?

So on the Home Screen the "Your Apps" list is empty. If I go to Settings > Applications, it shows some apps and the Appstore. If I search for an app (like Disney+) it will come up in the Search results, but if you click on it, nothing happens, and it does not install. I tried clearing Cache, Data, and Force Stopping the App Store and it didn't change anything. I tried going to the appstore online and pushing an app to the Stick, but that did not work either.

If you try to run an app that it syncs (it did this for HBO Max) from the Manage Applications screen, you get an error, "Amazon Appstore connection failure, An error occurred connecting to the Amazon Appstore, please try opening this app again" with a Quit button

Amazon Prime does seem to be working in that I can watch a Prime show with no errors.

Have your tried flashing another lower firmware and checking if all is normal on that. Just download another rom to firestick sdcard (or adb push)

I tried 4 LOL. Here were my results. All ROM's were downloaded from https://xdaforums.com/t/fire-tv-stick-4k-mantis-prerooted-stock-images-6-2-8-0_r1.3983091/

6.2.6.8 - Upon boot you get an error, "There is an internal problem with your device". You can hit OK and proceed through Setup

6.2.7.1 - Boots fine, will get you to a Home screen, but the Appstore doesn't work

6.2.7.7 - Will not get past the Boot screen (the white screen with the yellow "Fire" and arrow on it)

6.2.6.6 - Boots fine, will get you to a Home screen, but the Appstore doesn't work


I have 6.2.6.6 flashed now because visually it seems to be the best version for me. Everything works, except the Appstore.

 

[BeAtSs]

I got another Firetv Stick today, got it out of the box and did not do any update yet. But for some reason I cannot get the unlock to work.

Does ADB Debug in developer options need to be turned for the bootrom unlock to work? Because that is a problem ofcourse, as stated above here, you cannot get into the menu without letting it upgrade first.

Its frustrating with how easy it was with the other stick, and few days later how many problems I am having to get it to work.

 

[emkorial]

I got another Firetv Stick today, got it out of the box and did not do any update yet. But for some reason I cannot get the unlock to work.

Does ADB Debug in developer options need to be turned for the bootrom unlock to work? Because that is a problem ofcourse, as stated above here, you cannot get into the menu without letting it upgrade first.

Its frustrating with how easy it was with the other stick, and few days later how many problems I am having to get it to work.

I unlocked my old stick without ADB Debug enabled so I do not believe it is needed. I have a new stick showing up today that I will be trying the unlock on. the one I was just able to do it successfully on was a year old.

Also, from the OP:

NOTE: There have been multiple reports of devices with serial numbers containing VM190 or higher being shipped with DL-Mode disabled in BROM.
These devices cannot be unlocked using kamakiri.
These devices do not show up at all on USB when shorted.

Maybe this got you?

 

[emkorial]

So for some strange reason, I plugged the Fire Stick in today, after doing absolutely nothing, and now the App store seems to be working. I'm going to try and get things loaded but if it works I should be good to go.

No idea why it works this morning and not last night, it just sat unplugged on my desk overnight.

Update: I have successfully installed some apps from the appStore, I successfully sideloaded an app, and I successfully registered an app with my online provider, so at this point, everything SEEMS to be working. I only have it plugged into a little mini monitor right now, I need to hook it up to the TV later and see if it works. I don't know what version my old stick was on before it upgraded, I never thought to look, but from what I remember this looks like it used to look on the other stick prior to it upgrading

I'm going to leave it plugged in and just sitting on the screensaver for a while to see if anything bad happens. Once I get it up and running on the TV I will take the one that was updated and see if I can unlock that and follow the same steps

 

[Sus_i]

I got another Firetv Stick today, got it out of the box and did not do any update yet. But for some reason I cannot get the unlock to work.

Does ADB Debug in developer options need to be turned for the bootrom unlock to work? Because that is a problem ofcourse, as stated above here, you cannot get into the menu without letting it upgrade first.

Its frustrating with how easy it was with the other stick, and few days later how many problems I am having to get it to work.

If the stick is new, the OS doesn't need to be on 6.2.8.0. They ship them with br mode disabled, independently of the OS version... Remember the note from OP:

NOTE: There have been multiple reports of devices with serial numbers containing VM190 or higher being shipped with DL-Mode disabled in BROM.
These devices cannot be unlocked using kamakiri.
These devices do not show up at all on USB when shorted.

In addition to that, they try to patch all old devices now, with the 6.2.8.0 OTA update.

 

[BeAtSs]

If the stick is new, the OS doesn't need to be on 6.2.8.0. They ship them with br mode disabled, independently of the OS version... Remember the note from OP:



In addition to that, they try to patch all old devices now, with the 6.2.8.0 OTA update.

Serial starts with VM070, so I did not think it would apply here. But for some reason it is still patched it seems. I cannot get it to detect when shortcutted.

And it does not have the 6.2.8 update yet, because if I go through setup and choose a network, it starts downloading the updates. And also the boot screen is still the old one (White background with orange text)

 

[emkorial]

Well I trying the stick that got updated, which was was just as old as the stick that I was successful with, and when shorting it the script runs but crashes and I get

"raise RunTimeError("ERROR: Serial protocol mismatch, expected {} got {}". format(gold.hex(), test.hex()))
Runtime Error: ERROR Serial protocol mismatch, expected 0001 got 0000

Anyone know what that means?

 

[BeAtSs]

Well I trying the stick that got updated, which was was just as old as the stick that I was successful with, and when shorting it the script runs but crashes and I get

"raise RunTimeError("ERROR: Serial protocol mismatch, expected {} got {}". format(gold.hex(), test.hex()))
Runtime Error: ERROR Serial protocol mismatch, expected 0001 got 0000

Anyone know what that means?

From what I know thats an expected error when the short is not properly done.

 

[Sus_i]

Serial starts with VM070, so I did not think it would apply here. But for some reason it is still patched it seems. I cannot get it to detect when shortcutted.

And it does not have the 6.2.8 update yet, because if I go through setup and choose a network, it starts downloading the updates. And also the boot screen is still the old one (White background with orange text)

Ok, fine, then apply a good short and try again. Take a look into lsusb while shorted, you need the 'phone' message for the bootrom-step

 

[Sus_i]

From what I know thats an expected error when the short is not properly done.

Yeah. It mean that the script talked to preloader instead of the bootrom.

Only way to tell if the bootrom is blocked, is to look into lsusb while shorted.
-if there isn't a device like phone or preloader or mtp, it is patched. It shows just nothing while shorted.

 

[emkorial]

Yeah. It mean that the script talked to preloader instead of the bootrom.

Only way to tell if the bootrom is blocked, is to look into lsusb while shorted.
-if there isn't a device like phone or preloader or mtp, it is patched. It shows just nothing while shorted.

So when the device in unshorted, lsusb lists it as MediaTek MT65xx Preloader

I short the device, and get the error. While still shorted, I run lsbusb, and I still see MediaTek MT65xx Preloader


Does that mean I just need to keep trying the short? I've tried about 20 times and always gotten the error. On the other stick I got it perfect the first time I tried and 2 other times after that

 

[Sus_i]

So when the device in unshorted, lsusb lists it as MediaTek MT65xx Preloader

I short the device, and get the error. While still shorted, I run lsbusb, and I still see MediaTek MT65xx Preloader


Does that mean I just need to keep trying the short? I've tried about 20 times and always gotten the error. On the other stick I got it perfect the first time I tried and 2 other times after that

If it shows preloader -> the short wasn't propper / or is removed (the bootrom was able to load the preloader from the eMMC. That is not possible with a good short in place).

Disconnect and try again if you like.

A kamakiri vulnerable device shows mtk phone while shorted.
A non-vulnerable aka patched device shows nothing while shorted.
In order to get a clear answer, patched or not, a good short is most important

 

[emkorial]

If it shows preloader -> the short wasn't propper / or is removed (the bootrom was able to load the preloader from the eMMC. That is not possible with a good short in place).

Disconnect and try again if you like.

A kamakiri vulnerable device shows mtk phone while shorted.
A non-vulnerable aka patched device shows nothing while shorted.
In order to get a clear answer, patched or not, a good short is most important

I tried about 50 times and got the same error

My brand new fire stick showed up just now, I tried it on that one, and got the SAME error. That would lead me to believe both devices are patched. But I can keep trying. Foil is cheap.

will lsusb show MediaTek PreLoader or Mediatek phone with a good short? I ave never gotten "nothing" on a lsusb so far, it's always the MediaTek preloader

 

[emkorial]

If it shows preloader -> the short wasn't propper / or is removed (the bootrom was able to load the preloader from the eMMC. That is not possible with a good short in place).

Disconnect and try again if you like.

A kamakiri vulnerable device shows mtk phone while shorted.
A non-vulnerable aka patched device shows nothing while shorted.
In order to get a clear answer, patched or not, a good short is most important

OK, this is interesting, and I think the device may be patched.

When I plug in the device with NO short, lsusb shows MediaTek Preloader

When I apply the short, BEFORE I run the ./bootrom-step.sh, with the short in place, lsusb shows NOTHING.

If i keep that short in place, and run the script, it gives the error, and THEN an lsusb shows MediaTek preloader again

I will keep trying the short and running lsusb and see if phone ever shows up but it sounds like it is patched which is odd since this is an old 2019 stick.

 

[Sus_i]

When I apply the short, BEFORE I run the ./bootrom-step.sh, with the short in place, lsusb shows NOTHING.

Ok. This is what I said, it shows nothing in lsusb while shorted.
This stick is 100% for sure patched.

It is normal that the SOC loads the preloader (if the short gets removed, even for only a second) and that the script errors out in case of a patched stick, cuz bootrom isn't aviable.

 

[emkorial]

Ok. This is what I said, it shows nothing in lsusb while shorted.
This stick is 100% for sure patched.

It is normal that the SOC loads the preloader (if the short gets removed, even for only a second) and that the script errors out in case of a patched stick, cuz bootrom isn't aviable.

Gotcha, that makes sense

Whats weird is that the stick was purchased in 2019 (either April, September, or Nov 2019) and I thought patching didn't kick in till the mid 2020's? Point of fact the one I WAS successful in unlocking was also purchased during one of those months, and it was not patched.

Or did the forced upgrade to 6.0.8 "patch" it with the efuse? Thats the biggest difference between the two sticks, the one I unlocked was from 2019 and fresh out of the box, the one that I cannot unlock was also from 2019 but had underwent the 6.0.8 upgrade OTA

Is anyone working on a way to bypass that eFuse issue?

 

[Sus_i]

Or did the forced upgrade to 6.0.8 "patch" it with the efuse?

Correct, thats it...
Locked sticks get this patch with the 6.2.8.0 update.

 

[emkorial]

Correct, thats it...
Locked sticks get this patch with the 6.2.8.0 update.

OK, so that means my other Fire Stick that got updated is lost to me too. So the only thing this works on are old Fire Sticks from pre mid 2020 that have not been updated to 6.0.8. That's a small number. I'll start looking on eBay and emailing sellers

This a workaround will ever be developed or is this the end of the road for the hardware?