Database Info

[REF] Installing Kindle Fire HD 7" 2nd-Bootloader + TWRP Complete Tutorial

Disclaimer: By following this guide, you understand and accepts that I, and any developers mentioned in this guide, will NOT be held responsible in the event that your device stops functioning or dies. While I try my best to make everything as clear and concise as it can be, accidents will happen should you not follow everything like a hawk. Read the replies and make the best decision for yourself.
Installing Kindle Fire HD 7" 2nd-Bootloader + TWRP Complete Tutorial​
This tutorial DOES NOT work for the 2013 HD model, only for the 2012 model. Following the guide with the newer model WILL CAUSE your heart to race after doing so because you'll end up with red screens and/or bootloops. So please, don't do it.
I'm going to lead you through installing Hashcode's 2nd-Bootloader and TWRP in order to start flashing custom ROMs and make backups. First, let's go over the basics and why I'm doing this in the first place. I wrote this guide to be used on a Windows computer, but as long as you can do the same things on Mac/Linux, the whole guide applies. If there are any issues, please first refer to the troubleshooting portion at the end of the guide.
+Note: As of Amazon OS update 7.3.x+, there has been a lot of issues with rooting and flashing the 2nd-bootloader. Many users reported bootloops during the completion of the guide. Those with tablets running 7.3.0 or higher, please proceed with caution, and make sure you have a factory cable on hand if you wish to advance. I strongly recommend you make backups in Step 2. If you want guaranteed success, use this tool to revert back to 7.2.3 before using the guide. You will need to flash a brand-new 7.2.3 on top to revert, so you will lose everything if you don't backup your files first.
++Note: As of December 2013, Hashcode updated the freedom-boot.img to Amazon 7.4.6 so there should be no more bootloops or any other issues like that for those running 7.4.6 or lower, but to be safe, revert back regardless. If your tablet is running anything higher than 7.4.6, you will run into issues when completing the guide. Again, if you revert back to 7.2.3 like I pointed to above, then you will have no issues. If you didn't revert, always make sure your tablet is running the same or lower version than Hashcode's freedom-boot.img.
===== 1. Why do we need a 2nd bootloader? =====
The stock Amazon bootloader doesn't play nice with Android even though it has Android at its core. We can still use fastboot commands with it, but other than that, it's quite locked-down. In other words, normal exploits used to unlock the bootloader on other Android devices, for example, like the Nexus series by Google or the handsets by HTC don't apply here. In order to use the same features, like a custom ROM, custom kernel, custom recovery, we must bypass Amazon's software by installing a 2nd bootloader.
===== 2. Why are you posting a tutorial? =====
I'm doing this because the lack of a guide means that people like myself, who are not proficient developers, keep running into issues and some ended up bricking their devices. This means that they end up with a heavy paperweight, with no chance of fixing, other than hoping that they're lucky with a fastboot cable (not the one that came with the device) and find their way back to the beginning. I'm sick of seeing so many questions about the exact same issues so I thought, why not just make a guide everyone can follow and thus make the world a better place.
===== 3. Do I need any special equipment/knowledge? =====
You don't need any special equipment, provided that you follow this guide word-for-word and be careful. I recommend a factory cable, just in case, which can be found in various online dealers, like eBay. This is just in case you make a mistake and you brick the device. I successfully installed the 2nd-Bootloader + TWRP and flashed CM10.1 without a factory cable, within minutes. The key is make sure you don't miss anything, and if you're not sure, don't make any random guesses. As far as knowledge, yes, and no. Know what you're dealing with. Anything underneath the ROM has the chance to brick the device, so know what you're getting into.
===== 4. Can't I just use FireFireFire or another automatic tool to install the bootloader + TWRP? =====
Definitely not. This is the exact reason why there are so many threads in the Q&A section about bricked devices in the first place. Never use a tool that wasn't made for the version of your tablet. The Kindle Fire (1st gen), the Kindle Fire 2 (2nd gen), and the Kindle Fire HD 7" & 8.9" (3rd gen) are not the same devices, at all. Due to the way the bootloader behaves, flashing the files that are only compatible for the Kindle Fire 2 on a Kindle Fire HD 7" will definitely brick it. This is because the bootloader is so-named for a program that checks the booting process before the device actually boots, and if there are any bad sectors that don't match, the device won't boot.
How do you avoid this? By following guides like mine, and first knowing exactly what model you have. Yes, the Kindle Fire 2 and the Kindle Fire HD 7" look similar, and Amazon seriously have problems with their naming method, but a bit of research tells you that the Kindle Fire HD actually contains an HD resolution screen, 1280x800 for the 7" and 1920x1200 for the 8.9". Also, ONLY the Kindle Fire HD 7" and 8.9" models have a front-facing camera while the other models don't have one at all. If you want to be sophisticated about it, you can use working fastboot to identify the tablet.
+Note: if you know 100% that you have the right model, skip to Step 1 and begin the guide. This part is only for those with knowledge of fastboot and would like to confirm scientifically that they have the right model. You don't need to know how to use ADB or fastboot in order to successfullly complete the guide and install custom ROMs:
In CMD, type:
Code:
fastboot -i 0x1949 getvar product
Hitting enter will return with <waiting for device>. If you connect your powered-off Kindle Fire HD 7" or 8.9" at this point, it will reboot into fastboot mode, and on CMD, it will return with "tate-xxx-xxx" for the 7" and "jem-xxx-xxx" for the 8.9". I cannot stress this enough, please know your stuff before you end up crying about how you made a simple mistake that cost you $200, or however many in other currencies, but I do know that universally, it's quite a lot of money.
===== 5. What is Android SDK, ADB, and Fastboot? =====
Android SDK is a package with the tools for an Android developer to modify devices and collect data to help them create builds and maintain a device. Included in the package is what we commonly use around here in the development world, called ADB (Android Debug Bridge) and Fastboot. ADB allows a computer to communicate with a device by means of a USB cable, allowing a developer to push and pull data between the two devices, and this is the way some root methods are discovered.
Fastboot is the term we use to refer to a diagnostic tool built into Android. This is because fastboot is the first thing a developer turns to when their device is bricked. Factory cables are designed to power the devices into fastboot, and that's all they're really good for. While ADB is for communication between two devices, pushing and pulling data, fastboot is all about writing data into the partitions on a device. We call this process "flashing".
Generally, ADB commands in command prompts start with "adb" (i.e. "adb reboot bootloader" which commands a typical Android device to boot into bootloader mode, another name for fastboot mode). ADB commands can only be used when both devices are fully booted up, and ADB debugging is selected on the Android device. After the device boots into fastboot, the device no longer recognizes ADB commands, only fastboot commands. Likewise, in fastboot mode, commands begin with "fastboot" (i.e. "fastboot oem unlock" which unlocks the bootloader on many Android devices). While in fastboot mode, the only safe way to exit is by typing "fastboot reboot" although the usual power button will be fine for most cases.
On the Kindle Fire HD 7" and 8.9", you will notice that the fastboot commands look something like this: "fastboot -i 0x1949 flash boot boot.img" ("flash" is the command to flash a file, "boot" is the partition to flash the file into, and "boot.img" is the image file containing the booting information). The reason why there's a "-i 0x1949" is simply because of the locked-down bootloader. After we install the 2nd-bootloader, this part commands the device to flash the files into the stock bootloader, because the 2nd-bootloader doesn't accept fastboot commands.
To install the Android SDK and be able to use ADB + fastboot, go to this link: Android SDK. After you hit download, just be patient, and you will need a video reference to help set up the package properly, so click here: Video on Installation of Android SDK. To check if it installed properly, once you're done with the video, open up a command prompt (for Windows, hold the Windows key + R, and type cmd, then hit Enter), and type either "adb" or "fastboot" and hit Enter. For both cases, you should get a block of text that tells you what each command does.
To check if your device can work with ADB, enable ADB on the device (may be called USB debugging), and connect it to the computer. If there are any drivers installing, let them finish. Then, on the command prompt, type "adb devices" and hit Enter. If your ADB drivers work, you should see a line of letters and characters. Same thing with fastboot. Always do this check before you start messing around to make sure your devices are receiving the commands.
===== 6. I bricked my Kindle! Help! =====
Calm down. You know you have a brick when the Kindle dies completely. It doesn't respond in anyway, even plugging in the USB won't do anything. It is also considered a brick if you have a red screen, which is commonly associated with trying to mod the system of Amazon OS 7.3.0 or higher without first flashing the Amazon OS 7.2.3 bootloader. Your only hope is to purchase a factory cable (not the same one that came with your device in the box) and go from there. To restore the device to factory settings and unbrick, go to this thread: KFHD System Restore Tool and follow the directions.
Alternatively, if you are reading this after you made a mistake and ended up with either scenarios above, and have made backups from Step 1 below, use the instructions from #7 to boot into fastboot using a regular USB cable, and restore with instructions found in Step 1. If you do have a factory cable, simply open up command prompt, plug in the cable to the device and the computer, and proceed with the second line of code in the last set of codes.
===== 7. How do I get into fastboot mode without a factory cable? =====
This relies on you having a working device (as long as it can boot at all, you're good). If you wish to enter fastboot mode to flash system images like new versions of TWRP or restore Amazon OS 7.2.3 if you've got freezing or bootloops, then you need a regular USB cable that came with the device, or any other mini-USB cable that fits the device and the computer. Again, you need to have Android SDK installed before you can use fastboot. Turn the device off, and leave it unplugged. Go to your computer, open command prompt, and type this:
Code:
fastboot -i 0x1949 getvar product
Hit enter, and it should return with <waiting for device>. If it doesn't, your fastboot drivers aren't working. Install Android SDK and go from there. If it does, connect your turned-off Kindle to the computer. Two things will happen: one, the command prompt will show "Tate-xxx-xxx" (something there), and two, your Kindle should reboot into fastboot mode. To exit fastboot mode, after you finished flashing what you needed, type this:
Code:
fastboot -i 0x1949 reboot
If you can fully boot into the ROM, you can use ADB to boot into fastboot, but you must still use the same command above to reboot out of fastboot mode. Then make sure ADB is turned on through settings, connect the device to the computer using a regular USB cable, and type this:
Code:
adb shell su -c "reboot bootloader"
And that's all for the basics! Let's move on to the actual process.
Step 1: Rooting​
+Note: Some users reported not being able to root on 7.4.1, so go into Settings and check your software version. 7.2.3 is what you want to see. I provided two root methods in case one doesn't work. If both fails, please try the second one again, using a different mode.
Before you can do anything else, you need to root the device first. Rooting is the process of acquiring superuser (administrator) access on a Linux system, allowing you to modify just about anything with regards to software. It is generally very safe to do, provided you follow the correct guides and you use the correct tools, and if there are no tools, the knowledge to manually root the device. On many other Android devices, rooting also installs a custom recovery, but the Kindle Fire HD 7" is different. You must root first before you do any modifications.
Go to this thread: QEMU Root by sparkym3, and download the necessary attachments. Use any decompressing software to unzip the files, and install the Kindle Fire HD 7" ADB drivers (this may fail, no need to worry). Then jump to your device, go to Settings and turn on ADB, then plug it into your computer. At this time, your computer should report that the ADB Composite Interface has been installed. What this means is that your ADB drivers work. Go ahead and use that thread's instructions to root the device.
Alternatively, you can use this if the first method failed: Root_with_Restore_by_Bin4ry, same idea. Make sure your ADB drivers are working, and that ADB is turned on in Settings. Open the RunMe.bat file, choose option 1. Now it will ask for your Amazon account password to restore, go ahead and type in your password and proceed. After the device reboots, it will be sluggish, now run the first method again, and you'll be back to normal with root.
To check if you're rooted, when the device is on, go to the Amazon Appstore, install "ES File Manager" or any other root application, you want to see the window asking for superuser permissions. Once it installs, open it, go to settings, and turn on root browsing. If it asks for superuser permissions, you have root access, and you can move on to the next step. If the root programs say you have root, but you don't see the window asking for the permission, remember to go to the app listing, and tap on superuser to initialize the daemon, then try to check for root again.
Recap:
1. Download the root tools from the two threads
2. Proceed to root by using the provided tools
3. Check if you successfully have root access using any root application
Step 2: Grabbing Files and Backing Up​
Once you're rooted successfully, you need to grab the files we'll need for the installation. Go to Hashcode's thread: Kindle Fire 2nd-bootloader + TWRP for the Kindle Fire HD 7. Download ONLY two files: the TWRP recovery image, and the freedom-boot image. That's all, and transfer both of those to the root of the sdcard, now you can move on to Step 3: Installation if you wish to skip backing up.
I will go through the steps to backup. Remember that it is not mandatory that you do this; should you follow the guide very closely, you do not require backing up whatsoever. This just serves as an extraneous step for those who feel comfortable working with ADB and would like to participate in modding the device, in which case these files would come in handy in case the device is bricked. Again, it is NOT mandatory.
Connect the device to the computer through a normal USB cable, turn on ADB through settings. Open up the command prompt (CMD) on your computer: hold down the Windows key, and press R. This will open up Run, type "cmd" and hit Enter. Now, enter the following lines of code one-by-one, wait for a line to finish before going to the next one.
Code:
adb shell su -c "dd if=/dev/block/mmcblk0boot0 of=/sdcard/boot0block.img"
adb shell su -c "dd if=/dev/block/platform/omap/omap_hsmmc.1/by-name/boot of=/sdcard/stock-boot.img"
adb shell su -c "dd if=/dev/block/platform/omap/omap_hsmmc.1/by-name/recovery of=/sdcard/stock-recovery.img"
adb shell su -c "dd if=/dev/block/platform/omap/omap_hsmmc.1/by-name/system of=/sdcard/stock-system.img"
mkdir C:\KFHD7Backup
adb pull /sdcard/stock-boot.img/ [C:\KFHD7Backup]
adb pull /sdcard/stock-recovery.img/ [C:\KFHD7Backup]
adb pull /sdcard/stock-system.img/ [C:\KFHD7Backup]
Now open up the Computer folder, and in the C: drive you will find a folder called "KFHD7Backup" with all of those files that you just pulled in there. Once you're at this stage, you have finished backing up. Take that folder and put it somewhere safe, on a USB drive, or an external flash drive.
If you need to flash these to restore the device in case you have bricked it, boot into fastboot mode (if you have the fastboot cable, plug it into the device and the computer, if you don't have a fastboot cable, look at #7 above). Place the folder and the files back to the C: drive before attempting to restore (if you know how to use the cd command, feel free to change the location of the files). Once you're in fastboot, start with the first line of code to command CMD to locate the backups folder, then proceed with the second, one-at-a-time:
Code:
cd C:/KFHD7Backup
fastboot -i 0x1949 flash boot stock-boot.img
fastboot -i 0x1949 flash recovery stock-recovery.img
fastboot -i 0x1949 flash system stock-system.img
fastboot -i 0x1949 reboot
+Note: Be patient, as some of the codes take a while due to the amount of data being transferred between the device and your computer. If nothing happens after you hit Enter on a line of code or it just hangs at nothing, close the command prompt, open it up again, and retry. It might seem scary, but if there are no codes being executed in the command prompt (you'll see data transfers with kB/s and such if there's communication), it's safe to unplug the cable or close the command prompt. Feel free to reboot your computer, then plug the cable in and try again.
Also, know that these files, when flashed through fastboot, will revert your device back to the state of when these backups were made, so once you have TWRP, these files are no longer important. The backups you make in TWRP will be just as useful, and can save you both time and patience. If, however, you want to revert to a completely stock Amazon OS software for warranty purposes, or to redo this process for any reason, they will come into play because these backups retain your apps and your settings. Otherwise, use the KFHD System Restore Tool to go completely stock.
After you have backed-up (optional), and you have the two needed files on the sdcard (TWRP image and freedom-boot image, ignore the Amazon OS and the stack override files), you can move on to step three.
Recap:
1. Go to Hashcode's 2nd-bootloader thread
2. Download both the required files and move them to sdcard
3. Use ADB to make backups (optional)
4. Use fastboot to restore the images you backed up if there are issues
Step 3: Installation​
You might have noticed that Hashcode made a pretty extensive thread to help you flash the bootloader, but another coder has since developed an automatic app to do all the work for you: FireFlash. Go ahead and download the .apk file. Move that file to the sdcard, and on the device, install it using "ES File Manager" (tap on that file) or "Easy Installer" (after it finishes scanning, select it and install), both found on the Amazon Appstore. You will then find it in the applications listing, go ahead and open it.
The first thing you notice is that there are spots to plug in files for different partitions. This is where those files from Hashcode come into play. Plug the freedom-boot.img into the boot partition space, plug the TWRP recovery.img into the recovery partition, and make sure to hit "apply stack". If you are NOT on the 7.2.3 bootloader (you'll see red letters warning you), then hit the check box next to that to flash the 7.2.3 bootloader, otherwise you'll see a red screen after you reboot. If you don't see that warning, you're fine, move on.
Check that "disable recovery auto update" box, leave everything else alone, unplug the cable, and hit flash (the first option). You will see a progress window, and just hit OK. Then, turn off the device. Now, when you turn it on, this is the way to enter recovery every time: the moment you turn it on, you'll see the yellow Kindle title. Immediately hold down the Volume Up button (leftmost from the power button) before it turns blue, and once it does, count to three in your head and let go and you'll see the TWRP splash logo. Once you're in TWRP, you're done. Just hit reboot, and everything's finished. Now you can browse the 7" Development forum for custom ROMs.
If you want to save space, you can now go ahead and delete all the files we just used; you no longer have a need for any of them. Keep FireFlash, though, because in the future you might want to update TWRP, then leave everything blank, plug the update image into the recovery partition and hit flash. Only use Hashcode's TWRP builds as of now, because he specifically altered those builds to work on the Kindle Fire HD 7" and 8.9" so the official ones on the TWRP site won't work. If you flash those (especially the "blaze" codename), you will brick the device, so don't do it!
Recap:
1. Download FireFlash and install on device using file manager or installer
2. Plug in the required files in the correct areas, and check the necessary checkboxes
3. Flash, and boot into TWRP to confirm successful installation of both 2nd-Bootloader and TWRP recovery
Step 4: Flashing Custom ROMs​
This is what you've been waiting for, the ability to load custom ROMs. You have a few choices at this point in time. This list contains (somewhat, if not) stable releases only:
1. Kinology by psych0phobia & JulianPaoloThiry (Amazon OS base + ICS modifications)
2. CyanogenMod 11 by Hashcode (AOSP, Android 4.4 KitKat)
3. ParanoidAndroid Port by jb2kred (AOKP, Android 4.2.2 Jelly Bean)
4. PAC-man by goldflame09 (AOKP, Hybrid of CM and PA, Android 4.3 Jelly Bean)
Once you have the .zip files for the ROMs with GApps (Google apps, like Play Store), place them on the sdcard, and turn off the device. Turn it on, hold Volume-Up before the logo turns blue, and enter TWRP. Once there, immediately do two things: make a backup, and after that, wipes: system, factory reset, cache, and Dalvik cache. After these two things are done, go ahead and flash the .zip file, and wait for it to finish. After it finishes, go ahead and again, wipe cache and Dalvik cache, then reboot. After you rebooted, wait 5 minutes, then reboot again, and you're all done!
Now, in case your custom ROM doesn't automatically include GApps, and you would know if you boot up and you don't see Play Store or Google Maps in the app drawer, follow this. Go to this link. You will notice a table, and on the left side, you see the CM version that corresponds to the Android version number. All the custom ROMs should use the row that corresponds to the Android version. For example, CM10.1 runs 4.2.2, CM10.2 runs 4.3, so click on the one that corresponds. If your ROM runs 4.2.2, use the 4.2.2 row, etc. After you finish downloading that .zip file, move it to the sdcard, and boot into TWRP. From there, if you want to be fancy, wipe cache and Dalvik cache before flashing, but you don't have to unless there are problems after you restart. If there are problems, like freezing on boot, or crashing, then boot back into TWRP and wipe the two cache partitions.
Generally, you only need to flash the file and you're done, but you can never be too safe. This also applies to ROMs: if you're moving from ROM to ROM, say Kinology to CM10.1, you MUST wipe EVERYTHING except the sdcard itself, and this includes the "Factory Reset" option. However, if you're moving from one update of a ROM to another, say a nightly of CM10.1 to a newer nightly of CM10.1, you can just simply flash the update over the old one, no wiping needed (this is called dirty-flashing). However, again, if you notice problems afterward, simply boot back in TWRP and wipe the two cache partitions. Remember to always make backups before you make changes to an otherwise stable build. If there are issues that you can't seem to resolve, you can always restore back to the previous build.
Recap:
1. Download .zip for ROM + GApps and move to sdcard
2. Boot into TWRP, make backups, and wipe the necessary partitions
3. Flash ROM, and wipe cache + Dalvik cache, then reboot
4. Wait for 5 minutes after successful reboot, then reboot again
5. If there's no GApps for your ROM, use the link to download the proper version.
6. Move the file to sdcard, then boot into TWRP and flash.
7. Reboot, and if there are problems, reboot back into TWRP and wipe cache partitions.
Troubleshooting​
1. Red screen upon reboot: You didn't check the checkbox in FireFlash to flash the Amazon OS 7.2.3 bootloader, causing the 7.3.x bootloader to crash, hence the red screen.
Solution: Plug it factory cable, then follow #6. If you made backups using ADB in Step 2, then flash those image files using the commands provided in Step 2.
2. Bootloop after reboot: Commonly associated with not following instructions in FireFlash like ignoring the stack override or just forgetting to check the box, or being on Amazon OS 7.3.x+.
Solution: Plug it factory cable, then follow #6. If you made backups using ADB in Step 2, then flash those image files using the commands provided in Step 2.
3. Device fails to boot at all: You flashed the wrong version of an image for another device to your device. This is common with users who use Kindle Fire Utility or FireFireFire which were made for the 1st & 2nd gen devices on a 3rd gen device (KFHD 7" & 8.9").
Solution: Plug it factory cable, then follow #6.
4. Fastboot doesn't detect device: All the commands hang at "waiting for device" in the terminal, even if ADB worked before.
Solution: Make sure Android SDK is installed by going into command prompt and type "adb" then hit Enter. You should see a block of text instructing you to use ADB commands. Find a Windows computer, because ADB & fastboot works best on a Linux system, therefore Macs and OS X will not yield proper results.
Go to the QEMU root thread, and pick up the drivers. Then hold Windows key + R, type "devmgmt.msc" and hit Enter. In Device Manager, if Kindle shows up as "Tate-PVT-08" then right click on that item, Update Driver Software, choose Browse, and select the option to pick from a list. Now navigate to the Kindle drivers you downloaded, and install. Now your fastboot should work.
5. Stuck at boot logo: Device boots after flashing with FireFlash and hangs at the splash screen.
Solution: Plug it factory cable, then follow #6.
6. Wiped /sdcard, can't reboot from recovery: You thought you had the ROM file on the sdcard, but you didn't, and wiped everything, so without a ROM image, you can't boot into system.
Solution: Put the ROM file where your ADB binary is (usually inside platform-tools folder in Android SDK directory) and rename it rom.zip. On the device, boot into TWRP, select Advanced, then ADB Sideload. Connect device to PC. From here, run "adb" and hit Enter to check for your binary version, if it's anything lower than 1.0.3.0, you need to update the binaries by re-installing the latest Android SDK. Once the device is in sideloading mode and is connected to the PC, type "adb sideload rom.zip" and hit Enter. Now you'll find the ROM on the sdcard, flash, and you're done.
Credits: Hashcode, fattire, and verygreen for the work on the bootloader, stanga72 for the app FireFlash, sparkym3 & Bin4ry for their rooting methods, onemeila for the restore tool, and myself for the creation of this guide.​

If your video can help guide and more for noobs,many thanks.

quan_1986 said:
If your video can help guide and more for noobs,many thanks.
Click to expand...
Click to collapse
Unfortunately, I don't have a spare KFHD7 to do a video on. I can't start over on mine because I have too many things on there and starting over would mean losing absolutely everything and I can't afford that.
I did try to be as clear as possible in the instructions above, so point out any mistakes or anything confusing you can find. The goal is to help the people out.

WOW!
seokhun said:
Disclaimer: By following this guide, you understand and accepts that I, or any other developers mentioned in this guide, will NOT be held responsible in the event that your device stops functioning or dies. While I try my best to make everything as clear and concise as it can be, accidents will happen should you not follow everything like a hawk.
Installing Kindle Fire HD 7" 2nd-Bootloader + TWRP Complete Tutorial​
I'm going to lead you through installing Hashcode's 2nd-Bootloader and TWRP in order to start flashing custom ROMs and make backups. First, let's go over the basics and why I'm doing this in the first place.
===== 1. Why do we need a 2nd bootloader? =====
The stock Amazon bootloader doesn't play nice with Android even though it has Android at its core. We can still use fastboot commands with it, but other than that, it's quite locked-down. In other words, normal exploits used to unlock the bootloader on other Android devices, for example, like the Nexus series by Google or the handsets by HTC don't apply here. In order to use the same features, like a custom ROM, custom kernel, custom recovery, we must bypass Amazon's software by installing a 2nd bootloader.
===== 2. Why are you posting a tutorial? =====
I'm doing this because the lack of a guide means that people like myself, who are not proficient developers, keep running into issues and some ended up bricking their devices. This means that they end up with a heavy paperweight, with no chance of fixing, other than hoping that they're lucky with a fastboot cable (not the one that came with the device) and find their way back to the beginning. I'm sick of seeing so many questions about the exact same issues so I thought, why not just make a guide everyone can follow and thus make the world a better place.
===== 3. Do I need any special equipment/knowledge? =====
You don't need any special equipment, provided that you follow this guide word-for-word and be careful. I recommend a factory cable, just in case, which can be found in various online dealers, like eBay. This is just in case you make a mistake and you brick the device. I successfully installed the 2nd-Bootloader + TWRP and flashed CM10.1 without a factory cable, within minutes. The key is make sure you don't miss anything, and if you're not sure, don't make any random guesses. As far as knowledge, yes, and no. Know what you're dealing with. Anything underneath the ROM has the chance to brick the device, so know what you're getting into.
===== 4. Can't I just use FireFireFire or another automatic tool to install the bootloader + TWRP? =====
Definitely not. This is the exact reason why there are so many threads in the Q&A section about bricked devices in the first place. Never use a tool that wasn't made for the version of your tablet. The Kindle Fire (1st gen), the Kindle Fire 2 (2nd gen), and the Kindle Fire HD 7" & 8.9" (3rd gen) are not the same devices, at all. Due to the way the bootloader behaves, flashing the files that are only compatible for the Kindle Fire 2 on a Kindle Fire HD 7" will definitely brick it. This is because the bootloader is so-named for a program that checks the booting process before the device actually boots, and if there are any bad sectors that don't match, the device won't boot.
How do you avoid this? By following guides like mine, and first knowing exactly what model you have. Yes, the Kindle Fire 2 and the Kindle Fire HD look similar, and Amazon seriously have problems with their naming method, but a bit of research tells you that the Kindle Fire HD actually contains an HD resolution screen, 1280x800 for the 7" and 1920x1200 for the 8.9". Also, ONLY the Kindle Fire HD 7" and 8.9" models have a front-facing camera while the other models don't have one at all. If you want to be sophisticated about it, you can use working fastboot to identify the tablet.
In CMD, type: fastboot -i 0x1949 getvar product. Hitting enter will return with <waiting for device>. If you connect your powered-off Kindle Fire HD 7" or 8.9" at this point, it will reboot into fastboot mode, and on CMD, it will return with "tate-xxx-xxx" for the 7" and "jem-xxx-xxx" for the 8.9". I cannot stress this enough, please know your stuff before you end up crying about how you made a simple mistake that cost you $200, or however many in other currencies, but I do know that universally, it's quite a lot of money.
===== 5. I bricked my Kindle! Help! =====
Calm down. You know you have a brick when the Kindle dies completely. It doesn't respond in anyway, even plugging in the USB won't do anything. Your only hope is to purchase a factory cable (not the same one that came with your device in the box) and go from there. To restore the device to factory settings and unbrick, there are two methods:
1. Go to this thread: KFHD System Restore Tool and follow the directions.
2. Download this file: Amazon OS 7.2.3. Once it finishes, place that file in the same folder as your fastboot.exe (this is found in the Android SDK folder, so if you haven't installed the Android SDK, do so) which should be the platform-tools folder. Rename the file to amazon723.bin for easier flashing (or rename it however you want, but use that name later on).
Now plug the device into the computer using the factory cable, and the device should reboot into fastboot mode (you'll see "fastboot" in orange on the device). From there, type this command and hit enter:
fastboot -i 0x1949 flash boot amazon723.bin
Now the OS will be flashed, and after it finishes, type:
fastboot -i 0x1949 reboot
After the reboot completes, you'll be back at the very start.
===== 6. How do I get into fastboot mode without a factory cable? =====
This relies on you having a working device (as long as it can boot at all, you're good). If you wish to enter fastboot mode to flash system images like new versions of TWRP or restore Amazon OS 7.2.3 if you've got freezing or bootloops, then you need a regular USB cable that came with the device, or any other mini-USB cable that fits the device and the computer. Turn the device off, and leave it unplugged. Go to your computer, open command prompt, and type this:
fastboot -i 0x1949 getvar product
Hit enter, and it should return with <waiting for device>. If it doesn't, your fastboot drivers aren't working. Install Android SDK and go from there. If it does, connect your turned-off Kindle to the computer. Two things will happen: one, the command prompt will show "Tate-xxx-xxx" (something there), and two, your Kindle should reboot into fastboot mode. To exit fastboot mode, after you finished flashing what you needed, type this:
fastboot -i 0x1949 reboot
And that's all for the basics! Let's move on to the actual process.
Step 1: Rooting​
+Note: Some users reported not being able to root on 7.3.1, so go into Settings and check your software version. 7.2.3 is what you want to see. I provided two root methods in case one doesn't work.
Before you can do anything else, you need to root the device first. Rooting is the process of acquiring superuser (administrator) access on a Linux system, allowing you to modify just about anything with regards to software. It is generally very safe to do, provided you follow the correct guides and you use the correct tools, and if there are no tools, the knowledge to manually root the device. On many other Android devices, rooting also installs a custom recovery, but the Kindle Fire HD 7" is different. You must root first before you do any modifications.
Go to this thread: QEMU Root by sparkym3, and download the necessary attachments. Use any decompressing software to unzip the files, and install the Kindle Fire HD 7" ADB drivers (this may fail, no need to worry). Then jump to your device, go to Settings and turn on ADB, then plug it into your computer. At this time, your computer should report that the ADB Composite Interface has been installed. What this means is that your ADB drivers work. Go ahead and use that thread's instructions to root the device. Alternatively, you can use this if the first method failed: Root_with_Restore_by_Bin4ry, same idea.
To check if you're rooted, when the device is on, go to the Amazon Appstore, install "ES File Manager". Once it installs, open it, go to settings, and turn on root browsing. If it asks for superuser permissions, you have root access, and you can move on to the next step.
Recap:
1. Download the root tools from the two threads
2. Proceed to root by using the provided tools
3. Check if you successfully have root access using any root application
Step 2: Grabbing Files and Backing Up​
Once you're rooted successfully, you need to grab the files we'll need for the installation. Go to Hashcode's thread: Kindle Fire 2nd-bootloader + TWRP 2.4.4.0 for the Kindle Fire HD 7. If you have ADB installed (you should), then use the command prompt (CMD) to make backups just in case things go wrong. It's not required, but if you want to be safe, follow Hashcode's step 1 in that thread. Open CMD, connect the Kindle with ADB turned on, copy-paste the first line, hit enter, wait, then do the same thing for the remaining 4 lines of code. Otherwise, download all the files from step 2, except the stack.
Now, after you have backed-up (optional), and you have downloaded all the needed files (freedom-boot.img and TWRP recovery.img, you don't need the stack override file because that's provided in FireFlash, read Step 3), go ahead and transfer all of those to the root of the sdcard. Once that's done, you can move on to step three.
Recap:
1. Go to Hashcode's 2nd-bootloader thread
2. Use ADB to make backups (optional)
3. Download the required files and move them to sdcard
Step 3: Installation​
You might have noticed that Hashcode made a pretty extensive thread to help you flash the bootloader, but another coder has since developed an automatic app to do all the work for you: FireFlash v1.1. Go ahead and download the .apk file. Move that file to the sdcard, and on the device, install it using "ES File Manager" (tap on that file) or "Easy Installer" (after it finishes scanning, select it and install), both found on the Amazon Appstore. You will then find it in the applications listing, go ahead and open it.
The first thing you notice is that there are spots to plug in files for different partitions. This is where those files from Hashcode come into play. Plug the freedom-boot.img into the boot partition space, plug the TWRP recovery.img into the recovery partition, and make sure to hit "apply stack". If you are NOT on the 7.2.3 bootloader (you'll see red letters warning you), then hit the check box next to that to flash the 7.2.3 bootloader, otherwise you'll see a red screen after you reboot. If you don't see that warning, you're fine, move on.
Leave that "disable recovery auto update" function checked, leave everything else alone and hit flash. You will see a progress window, and just hit OK. Then, you will either be automatically rebooted into TWRP, in which case skip to step 4, or you will do it manually: go ahead and turn off the device, you no longer need the computer. When you turn it on, here's how to do it: push the power button, and the instant you see the orange "Kindle" logo, hold down the volume-up button (leftmost from the power button) while the orange turns into blue, then you can let go. This will enter you into TWRP, and it will take a minute, so be patient.
Once you're in TWRP, you're done. Just hit reboot, and everything's finished. Now you can browse the 7" Development forum for custom ROMs.
Recap:
1. Download FireFlash v1.1 and install on device using file manager or installer
2. Plug in the required files in the correct areas, and check the necessary checkboxes
3. Flash, and boot into TWRP to confirm successful installation of both 2nd-Bootloader and TWRP recovery
Step 4: Flashing Custom ROMs​
This is what you've been waiting for, the ability to load custom ROMs. You have a few choices at this point in time:
1. Kinology by psychophobia (Amazon OS 7.3.1 base + Android Ice Cream Sandwich modifications)
2. CyanogenMod 10.1 by Hashcode (AOSP with custom 1.5GHz kernel, Android Jelly Bean 4.2.2) *read below
3. ParanoidAndroid Port by -a- (CM10.1 base, AOKP, Android Jelly Bean 4.2.2)
4. CyanogenMod 10.1 Tablet UI by Jester6 (same properties as Hashcode's CM10.1 build, Tablet UI = just looks nicer with dual-pane)
5. ParanoidAndroid Port by jb2kred (same properties as -a-'s ParanoidAndroid build)
Once you have the .zip files for the ROMs with GApps (Google apps, like Play Store, found on goo.im, use the top row), place them on the sdcard, and turn off the device. Turn it on, hold Volume-Up before the logo turns blue, and enter TWRP. Once there, immediately do two things: make a backup, and after that, wipes: system, factory reset, cache, and Dalvik cache. After these two things are done, go ahead and flash the .zip file, and wait for it to finish. After it finishes, go ahead and again, wipe cache and Dalvik cache, then reboot. After you rebooted, wait 5 minutes, then reboot again, and you're all done!
+If you want to use CM10.1, be sure to also download the alternate 1.2GHz kernel, as myself and some others have experienced some freezing on the 1.5GHz kernel. Flashing the 05/08 alpha will automatically install the 1.5GHz kernel, and if it freezes on the boot animation, simply turn it off, turn it on, boot into TWRP, and flash the 1.2GHz kernel and reboot. Alternatively, this is where the backup you made comes in handy, in case you forgot to download the 1.2GHz.
Recap:
1. Download .zip for ROM + GApps and move to sdcard
2. Boot into TWRP, make backups, and wipe the necessary partitions
3. Flash ROM, and wipe cache + Dalvik cache, then reboot
4. Wait for 5 minutes after successful reboot, then reboot again
Credits: Hashcode, fattire, and verygreen for the work on the bootloader, stanga72 for the app FireFlash v1.1, sparkym3 and Bin4ry for their rooting methods, and myself for the creation of this guide.​
Click to expand...
Click to collapse
You have made my day... Thanks A LOT!!!!:victory:

vlavlix said:
You have made my day... Thanks A LOT!!!!:victory:
Click to expand...
Click to collapse
I made the guide with people like you in mind. Thank you for trusting it

This post needs to be pinned!
Awesome work, Keep it up! :good:

One last question.
seokhun said:
Disclaimer: By following this guide, you understand and accepts that I, or any other developers mentioned in this guide, will NOT be held responsible in the event that your device stops functioning or dies. While I try my best to make everything as clear and concise as it can be, accidents will happen should you not follow everything like a hawk.
Installing Kindle Fire HD 7" 2nd-Bootloader + TWRP Complete Tutorial​
I'm going to lead you through installing Hashcode's 2nd-Bootloader and TWRP in order to start flashing custom ROMs and make backups. First, let's go over the basics and why I'm doing this in the first place.
===== 1. Why do we need a 2nd bootloader? =====
The stock Amazon bootloader doesn't play nice with Android even though it has Android at its core. We can still use fastboot commands with it, but other than that, it's quite locked-down. In other words, normal exploits used to unlock the bootloader on other Android devices, for example, like the Nexus series by Google or the handsets by HTC don't apply here. In order to use the same features, like a custom ROM, custom kernel, custom recovery, we must bypass Amazon's software by installing a 2nd bootloader.
===== 2. Why are you posting a tutorial? =====
I'm doing this because the lack of a guide means that people like myself, who are not proficient developers, keep running into issues and some ended up bricking their devices. This means that they end up with a heavy paperweight, with no chance of fixing, other than hoping that they're lucky with a fastboot cable (not the one that came with the device) and find their way back to the beginning. I'm sick of seeing so many questions about the exact same issues so I thought, why not just make a guide everyone can follow and thus make the world a better place.
===== 3. Do I need any special equipment/knowledge? =====
You don't need any special equipment, provided that you follow this guide word-for-word and be careful. I recommend a factory cable, just in case, which can be found in various online dealers, like eBay. This is just in case you make a mistake and you brick the device. I successfully installed the 2nd-Bootloader + TWRP and flashed CM10.1 without a factory cable, within minutes. The key is make sure you don't miss anything, and if you're not sure, don't make any random guesses. As far as knowledge, yes, and no. Know what you're dealing with. Anything underneath the ROM has the chance to brick the device, so know what you're getting into.
===== 4. Can't I just use FireFireFire or another automatic tool to install the bootloader + TWRP? =====
Definitely not. This is the exact reason why there are so many threads in the Q&A section about bricked devices in the first place. Never use a tool that wasn't made for the version of your tablet. The Kindle Fire (1st gen), the Kindle Fire 2 (2nd gen), and the Kindle Fire HD 7" & 8.9" (3rd gen) are not the same devices, at all. Due to the way the bootloader behaves, flashing the files that are only compatible for the Kindle Fire 2 on a Kindle Fire HD 7" will definitely brick it. This is because the bootloader is so-named for a program that checks the booting process before the device actually boots, and if there are any bad sectors that don't match, the device won't boot.
How do you avoid this? By following guides like mine, and first knowing exactly what model you have. Yes, the Kindle Fire 2 and the Kindle Fire HD look similar, and Amazon seriously have problems with their naming method, but a bit of research tells you that the Kindle Fire HD actually contains an HD resolution screen, 1280x800 for the 7" and 1920x1200 for the 8.9". Also, ONLY the Kindle Fire HD 7" and 8.9" models have a front-facing camera while the other models don't have one at all. If you want to be sophisticated about it, you can use working fastboot to identify the tablet.
In CMD, type: fastboot -i 0x1949 getvar product. Hitting enter will return with <waiting for device>. If you connect your powered-off Kindle Fire HD 7" or 8.9" at this point, it will reboot into fastboot mode, and on CMD, it will return with "tate-xxx-xxx" for the 7" and "jem-xxx-xxx" for the 8.9". I cannot stress this enough, please know your stuff before you end up crying about how you made a simple mistake that cost you $200, or however many in other currencies, but I do know that universally, it's quite a lot of money.
===== 5. I bricked my Kindle! Help! =====
Calm down. You know you have a brick when the Kindle dies completely. It doesn't respond in anyway, even plugging in the USB won't do anything. Your only hope is to purchase a factory cable (not the same one that came with your device in the box) and go from there. To restore the device to factory settings and unbrick, there are two methods:
1. Go to this thread: KFHD System Restore Tool and follow the directions.
2. Download this file: Amazon OS 7.2.3. Once it finishes, place that file in the same folder as your fastboot.exe (this is found in the Android SDK folder, so if you haven't installed the Android SDK, do so) which should be the platform-tools folder. Rename the file to amazon723.bin for easier flashing (or rename it however you want, but use that name later on).
Now plug the device into the computer using the factory cable, and the device should reboot into fastboot mode (you'll see "fastboot" in orange on the device). From there, type this command and hit enter:
fastboot -i 0x1949 flash boot amazon723.bin
Now the OS will be flashed, and after it finishes, type:
fastboot -i 0x1949 reboot
After the reboot completes, you'll be back at the very start.
===== 6. How do I get into fastboot mode without a factory cable? =====
This relies on you having a working device (as long as it can boot at all, you're good). If you wish to enter fastboot mode to flash system images like new versions of TWRP or restore Amazon OS 7.2.3 if you've got freezing or bootloops, then you need a regular USB cable that came with the device, or any other mini-USB cable that fits the device and the computer. Turn the device off, and leave it unplugged. Go to your computer, open command prompt, and type this:
fastboot -i 0x1949 getvar product
Hit enter, and it should return with <waiting for device>. If it doesn't, your fastboot drivers aren't working. Install Android SDK and go from there. If it does, connect your turned-off Kindle to the computer. Two things will happen: one, the command prompt will show "Tate-xxx-xxx" (something there), and two, your Kindle should reboot into fastboot mode. To exit fastboot mode, after you finished flashing what you needed, type this:
fastboot -i 0x1949 reboot
And that's all for the basics! Let's move on to the actual process.
Step 1: Rooting​
+Note: Some users reported not being able to root on 7.3.1, so go into Settings and check your software version. 7.2.3 is what you want to see. I provided two root methods in case one doesn't work.
Before you can do anything else, you need to root the device first. Rooting is the process of acquiring superuser (administrator) access on a Linux system, allowing you to modify just about anything with regards to software. It is generally very safe to do, provided you follow the correct guides and you use the correct tools, and if there are no tools, the knowledge to manually root the device. On many other Android devices, rooting also installs a custom recovery, but the Kindle Fire HD 7" is different. You must root first before you do any modifications.
Go to this thread: QEMU Root by sparkym3, and download the necessary attachments. Use any decompressing software to unzip the files, and install the Kindle Fire HD 7" ADB drivers (this may fail, no need to worry). Then jump to your device, go to Settings and turn on ADB, then plug it into your computer. At this time, your computer should report that the ADB Composite Interface has been installed. What this means is that your ADB drivers work. Go ahead and use that thread's instructions to root the device. Alternatively, you can use this if the first method failed: Root_with_Restore_by_Bin4ry, same idea.
To check if you're rooted, when the device is on, go to the Amazon Appstore, install "ES File Manager". Once it installs, open it, go to settings, and turn on root browsing. If it asks for superuser permissions, you have root access, and you can move on to the next step.
Recap:
1. Download the root tools from the two threads
2. Proceed to root by using the provided tools
3. Check if you successfully have root access using any root application
Step 2: Grabbing Files and Backing Up​
Once you're rooted successfully, you need to grab the files we'll need for the installation. Go to Hashcode's thread: Kindle Fire 2nd-bootloader + TWRP 2.4.4.0 for the Kindle Fire HD 7. If you have ADB installed (you should), then use the command prompt (CMD) to make backups just in case things go wrong. It's not required, but if you want to be safe, follow Hashcode's step 1 in that thread. Open CMD, connect the Kindle with ADB turned on, copy-paste the first line, hit enter, wait, then do the same thing for the remaining 4 lines of code. Otherwise, download all the files from step 2, except the stack.
Now, after you have backed-up (optional), and you have downloaded all the needed files (freedom-boot.img and TWRP recovery.img, you don't need the stack override file because that's provided in FireFlash, read Step 3), go ahead and transfer all of those to the root of the sdcard. Once that's done, you can move on to step three.
Recap:
1. Go to Hashcode's 2nd-bootloader thread
2. Use ADB to make backups (optional)
3. Download the required files and move them to sdcard
Step 3: Installation​
You might have noticed that Hashcode made a pretty extensive thread to help you flash the bootloader, but another coder has since developed an automatic app to do all the work for you: FireFlash v1.1. Go ahead and download the .apk file. Move that file to the sdcard, and on the device, install it using "ES File Manager" (tap on that file) or "Easy Installer" (after it finishes scanning, select it and install), both found on the Amazon Appstore. You will then find it in the applications listing, go ahead and open it.
The first thing you notice is that there are spots to plug in files for different partitions. This is where those files from Hashcode come into play. Plug the freedom-boot.img into the boot partition space, plug the TWRP recovery.img into the recovery partition, and make sure to hit "apply stack". If you are NOT on the 7.2.3 bootloader (you'll see red letters warning you), then hit the check box next to that to flash the 7.2.3 bootloader, otherwise you'll see a red screen after you reboot. If you don't see that warning, you're fine, move on.
Leave that "disable recovery auto update" function checked, leave everything else alone and hit flash. You will see a progress window, and just hit OK. Then, you will either be automatically rebooted into TWRP, in which case skip to step 4, or you will do it manually: go ahead and turn off the device, you no longer need the computer. When you turn it on, here's how to do it: push the power button, and the instant you see the orange "Kindle" logo, hold down the volume-up button (leftmost from the power button) while the orange turns into blue, then you can let go. This will enter you into TWRP, and it will take a minute, so be patient.
Once you're in TWRP, you're done. Just hit reboot, and everything's finished. Now you can browse the 7" Development forum for custom ROMs.
Recap:
1. Download FireFlash v1.1 and install on device using file manager or installer
2. Plug in the required files in the correct areas, and check the necessary checkboxes
3. Flash, and boot into TWRP to confirm successful installation of both 2nd-Bootloader and TWRP recovery
Step 4: Flashing Custom ROMs​
This is what you've been waiting for, the ability to load custom ROMs. You have a few choices at this point in time:
1. Kinology by psychophobia (Amazon OS 7.3.1 base + Android Ice Cream Sandwich modifications)
2. CyanogenMod 10.1 by Hashcode (AOSP with custom 1.5GHz kernel, Android Jelly Bean 4.2.2) *read below
3. ParanoidAndroid Port by -a- (CM10.1 base, AOKP, Android Jelly Bean 4.2.2)
4. CyanogenMod 10.1 Tablet UI by Jester6 (same properties as Hashcode's CM10.1 build, Tablet UI = just looks nicer with dual-pane)
5. ParanoidAndroid Port by jb2kred (same properties as -a-'s ParanoidAndroid build)
Once you have the .zip files for the ROMs with GApps (Google apps, like Play Store, found on goo.im, use the top row), place them on the sdcard, and turn off the device. Turn it on, hold Volume-Up before the logo turns blue, and enter TWRP. Once there, immediately do two things: make a backup, and after that, wipes: system, factory reset, cache, and Dalvik cache. After these two things are done, go ahead and flash the .zip file, and wait for it to finish. After it finishes, go ahead and again, wipe cache and Dalvik cache, then reboot. After you rebooted, wait 5 minutes, then reboot again, and you're all done!
+If you want to use CM10.1, be sure to also download the alternate 1.2GHz kernel, as myself and some others have experienced some freezing on the 1.5GHz kernel. Flashing the 05/08 alpha will automatically install the 1.5GHz kernel, and if it freezes on the boot animation, simply turn it off, turn it on, boot into TWRP, and flash the 1.2GHz kernel and reboot. Alternatively, this is where the backup you made comes in handy, in case you forgot to download the 1.2GHz.
Recap:
1. Download .zip for ROM + GApps and move to sdcard
2. Boot into TWRP, make backups, and wipe the necessary partitions
3. Flash ROM, and wipe cache + Dalvik cache, then reboot
4. Wait for 5 minutes after successful reboot, then reboot again
Credits: Hashcode, fattire, and verygreen for the work on the bootloader, stanga72 for the app FireFlash v1.1, sparkym3 and Bin4ry for their rooting methods, and myself for the creation of this guide.​
Click to expand...
Click to collapse
Once I've flashed the cm10.1 zip and installed the 1.2GHz kernel, how do i install the GAPPS? because I didn't install them meanwhile I was in TWRP..

vlavlix said:
Once I've flashed the cm10.1 zip and installed the 1.2GHz kernel, how do i install the GAPPS? because I didn't install them meanwhile I was in TWRP..
Click to expand...
Click to collapse
Simply go to the goo.im page, and click on Gapps. Go back up to step 4, I've added an explanation.

Thanks for the guide, I have been away from this area of the community for awhile, and have gotten lost with what has happened. Spent hours, looking for what I had missed. Got everything working :good:

iMJets said:
Thanks for the guide, I have been away from this area of the community for awhile, and have gotten lost with what has happened. Spent hours, looking for what I had missed. Got everything working :good:
Click to expand...
Click to collapse
You sure? If you installed a custom ROM, change your signature, haha. I'm glad it worked out fine!

Can someone just make then video how to I'm tire of amazon I want cm 10 I'm my kindle thanks
Sent from my Nexus 7 using Tapatalk 2

Cheers mate, followed to a tee and now have my Kindle Fire HD 7" OC'ed to 1500MHz and jester's TabUI CM 10.1 ROM on. Sweetness....

esema1o said:
Can someone just make then video how to I'm tire of amazon I want cm 10 I'm my kindle thanks
Sent from my Nexus 7 using Tapatalk 2
Click to expand...
Click to collapse
I already went out of my way to create a super-extensive guide for you. If you need a video, go bother someone else to do it. My instructions are as clear and as simple as they could get.
Katalystik said:
Cheers mate, followed to a tee and now have my Kindle Fire HD 7" OC'ed to 1500MHz and jester's TabUI CM 10.1 ROM on. Sweetness....
Click to expand...
Click to collapse
I'm glad! Enjoy the custom ROMs!

esema1o said:
Can someone just make then video how to I'm tire of amazon I want cm 10 I'm my kindle thanks
Sent from my Nexus 7 using Tapatalk 2
Click to expand...
Click to collapse
You actually need to read the tutorial. Its word for word, there's no video needed. If you are scared to do this don't do it. You will just mess up your device, which is more of a pain to fix. As always make sure you have a fastboot cable.

iMJets said:
You actually need to read the tutorial. Its word for word, there's no video needed. If you are scared to do this don't do it. You will just mess up your device, which is more of a pain to fix. As always make sure you have a fastboot cable.
Click to expand...
Click to collapse
Yea I'm lil nerves well I'm not gone do it I all ready got me Google table nexus 7 so I'm just gone leave this table like this oh well thanks
Sent from my Nexus 7 using Tapatalk 2

maybe I'm being stupid but when I try this on my rooted kfhd7 and type fastboot -i 0x1949 getvar product I get <waiting for device> then connect my device and nothing happens. tried this when device powered off as well. Any ideas?
thanks

rhodri11 said:
maybe I'm being stupid but when I try this on my rooted kfhd7 and type fastboot -i 0x1949 getvar product I get <waiting for device> then connect my device and nothing happens. tried this when device powered off as well. Any ideas?
thanks
Click to expand...
Click to collapse
You don't have fastboot drivers. Did you install Android SDK and configure it properly? By that I mean installing the package, downloading the required components using the installer, and adding the path to system.

seokhun said:
You don't have fastboot drivers. Did you install Android SDK and configure it properly? By that I mean installing the package, downloading the required components using the installer, and adding the path to system.
Click to expand...
Click to collapse
Hmm strange one this. I have tried using fastboot on my windows and linux system with the KFHD off and the when connected they still don't go into fastboot. Been told I could probably get away with using root toolbox and rebooting into fastboot that way?
In the mean time I have just followed step 2, backup the images on the kindle, and now it says to use FireFlash v1.1. I am running 7.3.0. Is FireFlash v1.1 okay to use with my version or will I have to do it the manual way?
Thanks

rhodri11 said:
Hmm strange one this. I have tried using fastboot on my windows and linux system with the KFHD off and the when connected they still don't go into fastboot. Been told I could probably get away with using root toolbox and rebooting into fastboot that way?
In the mean time I have just followed step 2, backup the images on the kindle, and now it says to use FireFlash v1.1. I am running 7.3.0. Is FireFlash v1.1 okay to use with my version or will I have to do it the manual way?
Thanks
Click to expand...
Click to collapse
As I previously said, you don't have working fastboot drivers. Go back to the guide, in #5, and install Android SDK. Then the commands will work.
You can use FireFlash, but if you see the red letters warning you to flash the 7.2.3 bootloader once you open up the app, CHECK THAT BOX. The rest of the guide applies.

seokhun said:
As I previously said, you don't have working fastboot drivers. Go back to the guide, in #5, and install Android SDK. Then the commands will work.
You can use FireFlash, but if you see the red letters warning you to flash the 7.2.3 bootloader once you open up the app, CHECK THAT BOX. The rest of the guide applies.
Click to expand...
Click to collapse
I am able to communicate with the kindle through adb commands but fastboot still not working. Have installed AndroidSDK on my windows 7 machine, extracted it, run and and made sure the tools, platform tools, and usb drivers were installed, which they are. Fastboot does run.. it just hangs there "waiting for device"
Sorry but have I missed a crucial step?
edit:
Have also tried fastboot using Linux android bundle (again, adb devices shows the kindle, but nothing from fastboot) and then tried sudo add-apt-repository ppa:nilarimogard/webupd8, updated everything then apt-get install android-tools-adb android-tools-fastboot. Again, run adb devices and it shows up, but fastboot doesn't work.

[Q] [SOLVED] ADB issues

EDIT: solution here
Hi all,
My HTC OX+ died, and I bought a Motorola Moto G (Falcon) to see me through to the end of my contract. Aside from the price, the big draw was CM support.
I've unlocked by bootloader and installed TWRP without trouble (when I was screwing with my HOX+, I read that CWM doesn't support sideloading. Since - correct me if I'm wrong - the 'cleanest' way to install a ROM is to format the SDcard completely, then install the ROM, sideloading support is vital).
I've tested and confirmed root access (initially, I thought not having the SU binary installed was an issue, although I did have TWRP installed fine). However, I'm stuck with adb - in recovery, adb does not recognise what I do. I've tried installing, uninstalling and reinstalling drivers from various sources (first the ones offered my Motorola during the unlocking process, then the ones from Windows Update, and last but not least ones from here: http://d-h.st/5j0 - following advice of a thread I found on here). I've tried doing this both automatically and manually using Device Manager.
Usually, precisely because of these problems, I hate using Windoze for this kind of thing. However, I don't have a Linux distro open to me atm - other than in VirtualBox, in which case adb still doesn't pick up the phone (presumably because its reliant on the host Windows drivers). I'm tearing my hair out trying to get it fixed.
Not that they can be conclusively relied upon, but as confirmation it is a drivers issue (despite Device Manager finding no problem), when the phone is connected in recovery (TWRP), Windows plays an odd sound - three tones instead of the usual two.
Any help would be appreciated. My Windows is Windows 7 Ultimate x64. Also, I've no problems at all when the stock OS is booted - or at least 'adb devices' detects the device and displays it correctly.
Thanks!

CWM does work with sideloading (that's the way i installed CM the first time ) [make sure to use the one linked in CM11 thread!]
if i understand correctly:
fastboot works fine (since you could unlock the BL)
adb works when the device is booted
adb fails when in recovery
make sure you are using the latest adb :
Code:
[email protected] ~ $ adb version
Android Debug Bridge version 1.0.31
if your version is lower than 1.0.31, then update it (in that case your adb is outdated regarding the 4.4 bootloader) ==> update your Android SDK manager or your adb binary

matmutant said:
CWM does work with sideloading (that's the way i installed CM the first time ) [make sure to use the one linked in CM11 thread!]
if i understand correctly:
fastboot works fine (since you could unlock the BL)
adb works when the device is booted
adb fails when in recovery
make sure you are using the latest adb :
Code:
[email protected] ~ $ adb version
Android Debug Bridge version 1.0.31
if your version is lower than 1.0.31, then update it (in that case your adb is outdated regarding the 4.4 bootloader) ==> update your Android SDK manager or your adb binary
Click to expand...
Click to collapse
Do you think CWM is preferred to TWRP? If sideloading is supported, it's not like you spend much time in recovery anyway, so if you think it'll help, flashing CWM is definitely something I can do...
AFAIK...
- have only used fastboot briefly to install recovery, but this went without a hitch.
- ADB does indeed work when the stock OS is booted
- As above. Fails in recovery, I suspect because of a driver issue (weird Windows sound when connected, no Autoplay popup etc). You can kind of understand this...writing a driver for the device in recovery is hardly a key issue for the devs (though I confess, why it can interact with the same hardware with one set of programs loaded (i.e. stock OS) and not another (i.e. TWRP) I've no idea)
Just issued the command, and (as expected since I downloaded the bundle only yesterday from Google) I am running 1.0.31.

ArminasAnarchy said:
Do you think CWM is preferred to TWRP? If sideloading is supported, it's not like you spend much time in recovery anyway, so if you think it'll help, flashing CWM is definitely something I can do...
AFAIK...
- have only used fastboot briefly to install recovery, but this went without a hitch.
- ADB does indeed work when the stock OS is booted
- As above. Fails in recovery, I suspect because of a driver issue (weird Windows sound when connected, no Autoplay popup etc). You can kind of understand this...writing a driver for the device in recovery is hardly a key issue for the devs (though I confess, why it can interact with the same hardware with one set of programs loaded (i.e. stock OS) and not another (i.e. TWRP) I've no idea)
Just issued the command, and (as expected since I downloaded the bundle only yesterday from Google) I am running 1.0.31.
Click to expand...
Click to collapse
In fact i never tried TWRP : i have always been happy with CWM so i didn't feel the need to change (so you can give a try but i don't think it would change anything)
Try to run ADB as administrator it may help (i think you can open cmd as admin with windows but don't remember how :-\)
I don't know how USB drivers work : there's a long time i didn't use Windows

matmutant said:
In fact i never tried TWRP : i have always been happy with CWM so i didn't feel the need to change (so you can give a try but i don't think it would change anything)
Try to run ADB as administrator it may help (i think you can open cmd as admin with windows but don't remember how :-\)
I don't know how USB drivers work : there's a long time i didn't use Windows
Click to expand...
Click to collapse
I think I can figure this out - I'll double check it was running as admin, and try flashing CWM.
As with flashing ROMs, do I need to wipe anything first? Or can I just use the same command I used for flashing TWRP in the firs place?
If it's still not working, (re) installing Linux seems an idea to try (I assume you're not on OSX?). What distro do you use and/or do you know others have had no problems with? (Usually if I was installing Linux, I'd take Ubuntu's minimal iso and stick as little as possible on top of it - since the drivers are likely to be something cut out of that though, installing a 'normal'/'full' .iso seems sensible)
Cheers for your help, man

ArminasAnarchy said:
I think I can figure this out - I'll double check it was running as admin, and try flashing CWM.
As with flashing ROMs, do I need to wipe anything first? Or can I just use the same command I used for flashing TWRP in the firs place?
If it's still not working, (re) installing Linux seems an idea to try (I assume you're not on OSX?). What distro do you use and/or do you know others have had no problems with? (Usually if I was installing Linux, I'd take Ubuntu's minimal iso and stick as little as possible on top of it - since the drivers are likely to be something cut out of that though, installing a 'normal'/'full' .iso seems sensible)
Cheers for your help, man
Click to expand...
Click to collapse
The latest TWRP has in its wipe menu a setting to wipe to install a new rom I use this and with the Gapps & rom Zips on the phone choose install from sd card.
You only need fastboot to flash recovery or stock roms.
Adb is not needed at all but can still be used if you prefer!

ArminasAnarchy said:
I think I can figure this out - I'll double check it was running as admin, and try flashing CWM.
As with flashing ROMs, do I need to wipe anything first? Or can I just use the same command I used for flashing TWRP in the firs place?
If it's still not working, (re) installing Linux seems an idea to try (I assume you're not on OSX?). What distro do you use and/or do you know others have had no problems with? (Usually if I was installing Linux, I'd take Ubuntu's minimal iso and stick as little as possible on top of it - since the drivers are likely to be something cut out of that though, installing a 'normal'/'full' .iso seems sensible)
Cheers for your help, man
Click to expand...
Click to collapse
To install CWM :same as for TWRP, no wipe required
________
Linux :
I'm using Mint (Cinnamon and Xfce) since a while [ubuntu based distro] and Manjaro since a few days [Arch based]
If you want yo install linux without touching your HDD you can do the following :
Burn an iso (Xubuntu could be nice)
Take a blank 16GB USB key and unplug your HDD to void issues
Boot on live CD
Install linux to that USB device
And now each time you want linux : just force boot your computer to USB (no grub / no modifications on HDD)
To use ADB you'll need the Android SDK Manager (to stay up-to-date) and set up your udev rules following this

matmutant said:
To install CWM :same as for TWRP, no wipe required
________
Linux :
I'm using Mint (Cinnamon and Xfce) since a while [ubuntu based distro] and Manjaro since a few days [Arch based]
If you want yo install linux without touching your HDD you can do the following :
Burn an iso (Xubuntu could be nice)
Take a blank 16GB USB key and unplug your HDD to void issues
Boot on live CD
Install linux to that USB device
And now each time you want linux : just force boot your computer to USB (no grub / no modifications on HDD)
To use ADB you'll need the Android SDK Manager (to stay up-to-date) and set up your udev rules following this
Click to expand...
Click to collapse
Is the android-tools-abd and android-tools-fastboot package in the Ubuntu repos not maintained to be the latest? I've no idea about Arch package names, but again, it'd surprise me if they didn't maintain their repo with the latest package (especially since they pride themselves on being on the bleeding edge).

ArminasAnarchy said:
Is the android-tools-abd and android-tools-fastboot package in the Ubuntu repos not maintained to be the latest? I've no idea about Arch package names, but again, it'd surprise me if they didn't maintain their repo with the latest package (especially since they pride themselves on being on the bleeding edge).
Click to expand...
Click to collapse
It is up-to-date on arch/Manjaro (I don't remember the package name either)
On Ubuntu it wasn't when I needed (February), so I installed SDK package :-/

matmutant said:
It is up-to-date on arch/Manjaro (I don't remember the package name either)
On Ubuntu it wasn't when I needed (February), so I installed SDK package :-/
Click to expand...
Click to collapse
Right, well...we'll see how it goes. It might be the repo package does the job.
I've installed CWM and can conclusively confirm I prefer TWRP (the interface is hardly touch-friendly and even though I'm using the touch build, it's easier to use the volume rocker in case of accidental presses) but little else. Windows seems completely ****ed up - when CWM is booted, it plays the disconnect sound, when the cable is unplugged and plugged back in it goes back to playing the 'unknown' tone. Currently torrenting Xubuntu - going to see if a live install has any more luck.

Full solution
matmutant said:
It is up-to-date on arch/Manjaro (I don't remember the package name either)
On Ubuntu it wasn't when I needed (February), so I installed SDK package :-/
Click to expand...
Click to collapse
Right, I'm running TWRP with CM11. There are a couple of issues bothering me, but that's another thread...
Solution:
- From stock, booted into recovery, then replaced TWRP with CWM. Rebooted into CWM.
- Tested sideload from CWM. Still non-functional. Made sure cmd.exe was running with administator privileges, still no difference. Time for _buntu!
- Installed Xubuntu. Connected to wifi, downloaded
Code:
android-tools-adb
and
Code:
android-tools-fastboot
. Plugged in phone. Checked
Code:
adb version
(it is the latest, 14.04 was released in April after you checked in Feb, and the new release must have updated the package...seems strange no one backported it though).
- Sideloaded and did a dirty flash of CM11 (didn't want to wipe without first confirming I could flash and everything was functional). Issues (as expected) such as slow loading but able to boot up.
- Decide it's time to push my luck and flash TWRP - this goes without a hitch.
- Test sideload. Still working, so perform full wipe and factory reset. Then sideload CM11 + GApps.
- Reboot into CM11. Still some issues so flashed the CM11 kernel using fastboot (not sure if TWRP does this automatically, but since the boot up improved a bit, I'd guess not).
- Now have a fully functional phone, albeit some of the changes from CM10.x to CM11 have disorientated me a bit...
Thanks for your help man. As with a lot of things this turned out to be a dopey Windoze issue than a problem with the phone or adb etc!

TWRP
TWRP has sideload ability.
Boot into recovery and got to the "Advanced" button then the "ADB Sideload" button is at the bottom. I am on TWRP v2.7.0.0 and I used it the other day so I know for sure it works.

ArminasAnarchy said:
Right, I'm running TWRP with CM11. There are a couple of issues bothering me, but that's another thread...
Solution:
- From stock, booted into recovery, then replaced TWRP with CWM. Rebooted into CWM.
- Tested sideload from CWM. Still non-functional. Made sure cmd.exe was running with administator privileges, still no difference. Time for _buntu!
- Installed Xubuntu. Connected to wifi, downloaded
Code:
android-tools-adb
and
Code:
android-tools-fastboot
. Plugged in phone. Checked
Code:
adb version
(it is the latest, 14.04 was released in April after you checked in Feb, and the new release must have updated the package...seems strange no one backported it though).
- Sideloaded and did a dirty flash of CM11 (didn't want to wipe without first confirming I could flash and everything was functional). Issues (as expected) such as slow loading but able to boot up.
- Decide it's time to push my luck and flash TWRP - this goes without a hitch.
- Test sideload. Still working, so perform full wipe and factory reset. Then sideload CM11 + GApps.
- Reboot into CM11. Still some issues so flashed the CM11 kernel using fastboot (not sure if TWRP does this automatically, but since the boot up improved a bit, I'd guess not).
- Now have a fully functional phone, albeit some of the changes from CM10.x to CM11 have disorientated me a bit...
Thanks for your help man. As with a lot of things this turned out to be a dopey Windoze issue than a problem with the phone or adb etc!
Click to expand...
Click to collapse
I'm happy it worked fine finally !
And thank you for providing the way you did it, that could help some other people having similar issue.

highspeedfelon said:
TWRP has sideload ability.
Boot into recovery and got to the "Advanced" button then the "ADB Sideload" button is at the bottom. I am on TWRP v2.7.0.0 and I used it the other day so I know for sure it works.
Click to expand...
Click to collapse
I think you mis-read somewhere. I know TWRP has sideload, I used it on my HOX+. It was CWM I was unsure of...
matmutant said:
I'm happy it worked fine finally !
And thank you for providing the way you did it, that could help some other people having similar issue.
Click to expand...
Click to collapse
That was the idea, yeah .
I love the way the moral of the story is "Don't expect Windows to do the job properly. EVER. (Or at least not without several hours of screwing with it first)."

ArminasAnarchy said:
I love the way the moral of the story is "Don't expect Windows to do the job properly. EVER. (Or at least not without several hours of screwing with it first)."
Click to expand...
Click to collapse
And during that time i succeeded to break both my Mint and Manjaro installs (user-related fails) and bring them back to life XD

[TOOL] Unlock bootloader in ASUS ZenPad 3S 10 Z500M (P027)

Tool to Unlock Bootloader in ASUS ZenPad 3S 10 Z500M (P027)​
This software essentially unlocks the bootloader in your tablet. I've developed a way to switch a Mediatek bootloader into an unlocked state using root privileges. Luckily, the Z500M does give us temporary root access to run this tool. The result is an "Orange State" boot mode, which disables boot partition verification. As a bonus, this procedure does not erase your data like a typical unlock routine does. It also does not require a PC except to start the temporary rooted image. Note that your tablet will still lack fastboot flashing functionality. But flashing by other means is still possible.
WARNING: Running this tool should be pretty safe. But I don't encourage anyone to try this. Before trying this out, consider the risks and drawbacks involved. By unlocking, you are essentially giving up the security of your device. It's also possible that a future firmware update will relock the bootloader or become incompatible with this tool.
This software is only for ASUS model Z500M/P027. Do not try it on any other device. It will not work. Support for other Mediatek devices may be added in the future. (That's why this is posted in the general forum rather than the ZenPad 10 one.)
And by the way, I don't own this tablet.
DISCLAIMER
This software is for educational purposes only. Anything you do that is described in this post is at your own risk. No one else is responsible for any data loss, corruption or damage of your device, including that which results from bugs in this software.
REQUIREMENTS
A ZenPad Z500M tablet upgraded to Android N
A rooted/patched boot image such as one made by Magisk Manager (method 1)
Temporary root with Magisk or other superuser manager installed (method 1)
TWRP image (method 2)
Knowledge of adb/fastboot and of basic Linux command shell
INSTRUCTIONS
Method 1
Read all of these instructions and make sure you understand them before starting
If you don't have an offline patched boot image, use Magisk Manager to make one from the stock boot.img of your current firmware. Transfer it to your PC.
Reboot your tablet into fastboot mode--either hold vol. down + power to power up, and select Fastboot. Or run 'adb reboot bootloader' while in Android.
Connect your tablet to a PC and run fastboot boot patched_boot.img to start the rooted image in tethered mode
Download the tool zip file to your tablet.
Extract the zip to your /data/local/tmp folder.
Open a root shell with adb shell, then run 'su'
Change your shell current directory to that folder (cd /data/local/tmp)
Run this command to unlock or lock the bootloader
Code:
sh unlockbl.sh
Follow the instructions on the screen and type the requested confirmation into the prompt.
Check for completion or any error messages. Report them here.
If no errors, you are unlocked and may modify your boot partition (e.g. install root).
Method 2
Read all of these instructions and make sure you understand them before starting
If you don't have TWRP for your tablet, download the latest image to your PC from this thread.
Download the tool zip file to your tablet.
Extract the zip to your /data/local/tmp folder. (For this method, most other folders should work as well due to permissive selinux mode)
Reboot your tablet into fastboot mode--either hold vol. down + power to start up and select Fastboot, or run 'adb reboot bootloader' from Android
Connect your tablet to a PC and run fastboot boot twrp-*.img to start TWRP in tethered mode
At the TWRP welcome screen, do not select to modify the system partition and touch Keep System Read-only instead. Doing otherwise will render your tablet unbootable.
Mount system in TWRP in read-only mode. Mounting in read/write mode will render your tablet unbootable.
Open a shell with adb shell on your PC or open TWRP's built-in terminal
Change your shell current directory to the folder that you extracted the tool zip into (cd /data/local/tmp)
Run this command to unlock or lock the bootloader
Code:
sh unlockbl.sh
Follow the instructions on the screen and type the requested confirmation into the prompt.
Check for completion or any error messages. Report them here.
If no errors, you are unlocked and may modify your boot partition (e.g. install root).
DOWNLOAD
Current Version
Unlock Tool v0.6a
Changelog
v0.6a
Actually improve compatibility with TWRP
v0.6
Handle units with blank bootloader configs
Improve compatibility with TWRP
Improve text wrapping for TWRP's terminal
v0.5
Major overhaul to remove the need for kernel module
v0.2
Made compatible with other FW versions
v0.1
First release
CREDITS
@amartolos for being a kick-ass tester
If anyone wants to develop a full Android app around this script, be my guest.
Also, that Thanks button will not click itself...

reversed :silly:

I got this after typing "Yes, I want to unlock"
Extracting binaries
Inserting kernel module
Testing kernel module
Oops! Something went wrong. Aborting
Your system has not been modified
Exit code 126
Click to expand...
Click to collapse
When running script with terminal on tablet I got exit code 1 on the same stage.

Joh14vers6 said:
I got this after typing "Yes, I want to unlock"
When running script with terminal on tablet I got exit code 1 on the same stage.
Click to expand...
Click to collapse
Were you running a basic boot image or did you boot the patched boot image?

amartolos said:
Were you running a basic boot image or did you boot the patched boot image?
Click to expand...
Click to collapse
I booted from the patched boot image. Latest FW. Script will not run without (temp)root.

I haven't been able to get magisk to make a patched boot.img
Any help appreciated.

Can we use the patched boot image you posted from the other thread? "Z500M_signed_patched_boot.tar"? https://forum.xda-developers.com/showpost.php?p=74303280&postcount=72

2. Install Magisk Manager and create an offline patched boot image from the stock boot.img if you don't have one.
Apologies. I have Magisk installed on my Nexus 6 but I would not consider myself an expert. With that device I installed the Magisk zip file in TWRP recovery and then installed Magisk Manager. After installation of Magisk Manager on the Z500M and launching the app it asks if I want to install the Magisk 15.2 zip. Should that be done?
At this time I haven't done this and I don't see any method for creating the patched boot image. Can someone direct me via a link or explanation on how to do this?

There's another thread that contains this info: Click Here

ExtremeRyno said:
Can we use the patched boot image you posted from the other thread? "Z500M_signed_patched_boot.tar"? https://forum.xda-developers.com/showpost.php?p=74303280&postcount=72
Click to expand...
Click to collapse
Yes
Sent from my P01MA using Tapatalk

Joh14vers6 said:
I got this after typing "Yes, I want to unlock"
Extracting binaries
Inserting kernel module
Testing kernel module
Oops! Something went wrong. Aborting
Your system has not been modified
Exit code 126
Click to expand...
Click to collapse
When running script with terminal on tablet I got exit code 1 on the same stage.
Click to expand...
Click to collapse
Hmm, that sounds like a permissions problem. Before running the script, can you turn off Selinux enforcement somehow? Try running 'setenforce 0' or maybe there's a setting in Magisk that controls this. Bear with me, I'm trying to get to the bottom of this...
Has anyone besides amartolos gotten this to work yet?

I ran the tool successfully and it said to reboot and Root. While rebooting it says:
Orange State
Your device has been unlocked and can't be trusted
Your device will reboot in 5 seconds
Then I can't get a root to take.
Edit: I found the problem. After you run the script, run magisk to root before you reboot, while you are still in temp root status.
Sent from my P01MA using Tapatalk

loner. said:
I ran the tool successfully and it said to reboot and Root. While rebooting it says:
Orange State
Your device has been unlocked and can't be trusted
Your device will reboot in 5 seconds
Then I can't get a root to take.
Click to expand...
Click to collapse
Yep, you got it! In order to have persistent root, you actually have to install it to your boot partition while booted up with temporary root.

loner. said:
Edit: I found the problem. After you run the script, run magisk to root before you reboot, while you are still in temp root status.
Click to expand...
Click to collapse
Word

diplomatic said:
I got this after typing "Yes, I want to unlock"
Hmm, that sounds like a permissions problem. Before running the script, can you turn off Selinux enforcement somehow? Try running 'setenforce 0' or maybe there's a setting in Magisk that controls this. Bear with me, I'm trying to get to the bottom of this...
Has anyone besides amartolos gotten this to work yet?
Click to expand...
Click to collapse
I tried SELinuxModeChanger to set Selinux to permisive and tried setenforce 0 and both give same exit code 1 from the terminal.

Joh14vers6 said:
I tried SELinuxModeChanger to set Selinux to permisive and tried setenforce 0 and both give same exit code 1 from the terminal.
Click to expand...
Click to collapse
What firmware version do you have installed? And are you running this from the /data/local/tmp directory?

diplomatic said:
What firmware version do you have installed?
Click to expand...
Click to collapse
FW WW_14.0210.1709.30 from 04 jan 2018 and yes, I ran from that folder.

Joh14vers6 said:
FW WW_14.0210.1709.30 from 04 jan 2018 and yes, I ran from that folder.
Click to expand...
Click to collapse
Last two numbers should be .27
I checked and yes there is a update, but I don't think I can install it. Since I and already rooted. The size of the update seems to be a security update.
---------- Post added at 05:16 PM ---------- Previous post was at 05:11 PM ----------
Has anyone who successfully rooted this device able to do the update after?

I'm glad to see that Asus is releasing security updates even if it does break the unlock. My biggest fear buying this tablet was that it would not be updated. I opted for the update and will hope for an updated patch from @diplomatic.
As an aside. I would encourage anyone in this thread to give hit the "Thanks" button for diplomatic!
EDIT: I just checked and see my last update brought me to WW_14.0210.1711.30_20171206. That's different than the 1/4/2018 update showing on the website which is WW_14.0210.1709.30 and what @Joh14vers6 shows.

Joh14vers6 said:
FW WW_14.0210.1709.30 from 04 jan 2018 and yes, I ran from that folder.
Click to expand...
Click to collapse
OK everyone, this is important... I found an incompatibility between the new FW's kernel and the tool. You have to use the patched boot image from FW 1709.27 for temporary root... In the meantime, I have to fix it to be able to run under the new FW. But it won't be compatible with the old. And I hope it still unlocks...

[UNLOCK][ROOT][TWRP][UNBRICK] Fire HD 8 2016 (giza)

Read this whole guide before starting.
This is for the 6th gen Fire HD8 (giza).
Current version: amonet-giza-v1.3.zip
NOTE: This process does not require you to open your device, but should something go horribly wrong, be prepared to do so.
NOTE: This process will modify the partition-table (GPT) of your device.
NOTE: Your device will be reset to factory defaults (including internal storage) during this process.
What you need:
A Linux installation or live-system
A micro-USB cable
Install python3, PySerial, adb, fastboot dos2unix. For Debian/Ubuntu something like this should work:
Code:
sudo apt update
sudo add-apt-repository universe
sudo apt install python3 python3-serial adb fastboot dos2unix
1. Extract the attached zip-file "amonet-giza-v1.2.zip" and open a terminal in that directory.
NOTE: If you are already rooted, continue with the next step, otherwise get mtk-su by @diplomatic from here and place (the unpacked binary) into amonet/bin folder
2. Enable ADB in Developer Settings.
3. Start the script:
Code:
sudo ./step-1.sh
Your device will now reboot into recovery and perform a factory reset.
NOTE: If your PL/TZ/LK versions are too new, a downgrade is necessary, this requires bricking the device temporarily. (The screen won't come on at all)
If you chose the brick option, you don't need to run step-2.sh below:
Make sure ModemManager is disabled or uninstalled:
Code:
sudo systemctl stop ModemManager
sudo systemctl disable ModemManager
After you have confirmed the bricking by typing "YES", you will need disconnect the device and run
Code:
sudo ./bootrom-step-minimal.sh
Then plug the device back in.
It will then boot into "hacked fastboot" mode.
Then run
Code:
sudo ./fastboot-step.sh
NOTE: When you are back at initial setup, you can skip registration by selecting a WiFi-Network, then pressing "Cancel" and then "Not Now"
NOTE: Make sure you re-enable ADB after Factory Reset.
4. Start the script:
Code:
sudo ./step-2.sh
The exploit will now be flashed and your device will reboot into TWRP.
You can now install Magisk from there.
Going back to stock
Extract the attached zip-file "amonet-giza-v1.2.zip" and open a terminal in that directory.
You can go back to stock without restoring the original partition-table, so you can go back to unlocked without wiping data.
Just use hacked fastboot to
Code:
sudo fastboot flash recovery bin/recovery.img
If you want to go back completely (including restoring your GPT):
Code:
sudo ./return-to-stock.sh
Your device should reboot into Amazon Recovery. Use adb sideload to install stock image from there.
Important information
In the new partitioning scheme your boot/recovery-images will be in boot_x/recovery_x respectively, while boot/recovery will hold the exploit.
TWRP takes care of remapping these for you, so installing zips/images from TWRP will work as expected.
Don't flash boot/recovery images from FireOS (FlashFire, MagiskManager etc.) (If you do anyway, make sure you flash them to boot_x/recovery_x)
Should you accidentally overwrite the wrong boot, but your TWRP is still working, rebooting into TWRP will fix that automatically.
TWRP will prevent updates from overwriting LK/Preloader/TZ, so generally installing an update should work without issues (only full updates, incremental updates won't work).
For ROM developers there is still an option to overwrite these, which should only be done after thorough testing and if needed (LK should never be updated).
It is still advised to disable OTA.
Very special thanks to @xyz` for making all this possible and releasing the original amonet exploit for karnak.
Special thanks also to @k4y0z for making all this possible and porting the exploit to 64 bit devices.
Special thanks also to @diplomatic for his wonderfull mtk-su, allowing you to unlock without opening the device.
Special thanks also to @lovaduck for all the testing.

Unbricking
If Recovery OR FireOS are still accessible there are other means of recovery, don't continue.
If your device shows one of the following symptoms:
It doesn't show any life (screen stays dark)
You see the white amazon logo, but cannot access Recovery or FireOS.
If you have a Type 1 brick, you may not have to open the device, if your device comes up in bootrom-mode (See Checking USB connection below).
Make sure the device is powered off, by holding the power-button for 20+ seconds
Start bootrom-step.sh
Plug in USB
In all other cases you will have to open the device and partially take it apart.
1. Extract the attached zip-file "amonet-giza-v1.2.zip" and open a terminal in that directory.
2. Start the script:
Code:
sudo ./bootrom-step.sh
It should now say Waiting for bootrom.
If you're lucky and have an old preloader (Up to FireOS 5.3.2.0), you can just hold the left volume button while plugging the device in.
If you're on a newer preloader, there are two options:
Open the device and short the marked pin (CLK) in the attached photo to ground while plugging in.
Downgrade to 5.3.1.0 firmware (google drive mirror) via adb sideload in Amazon recovery, then proceed to use the left volume button to enter boot-rom.
NOTE: Using option two may brick your device until you have successfully finished the process.
4. When the script asks you to remove the short, remove the short and press enter.
5. Wait for the script to finish.
If it fails at some point, stop it and restart the process from step 2.
6. Your device should now reboot into unlocked fastboot state.
7. Run
Code:
sudo ./fastboot-step.sh
The device should reboot to TWRP. Format data and use TWRP to flash a custom ROM, Magisk or SuperSU.
Checking USB connection
In lsusb the boot-rom shows up as:
Code:
Bus 002 Device 013: ID 0e8d:0003 MediaTek Inc. MT6227 phone
If it shows up as:
Code:
Bus 002 Device 014: ID 0e8d:2000 MediaTek Inc. MT65xx Preloader
instead, you are in preloader-mode, try again.
dmesg lists the correct device as:
Code:
[ 6383.962057] usb 2-2: New USB device found, idVendor=0e8d, idProduct=0003, bcdDevice= 1.0

Source Code:
https://github.com/R0rt1z2/amonet-giza
https://github.com/R0rt1z2/android_device_amazon_giza
https://github.com/chaosmaster/android_bootable_recovery

Reserved #1

Great job by Roger, everything worked very much at first attempt while I tested. Now I have revived an old tablet that was not in use anymore!
I would advise everybody trying this process to keep in mind that things can always go wrong, but you have nothing to lose anyways. Hack at your own risk.
So good luck with the mod, and again, kudos to @Rortiz2

I get the following when running step 1:
This is only for the "giza" - Amazon Fire HD 8 (2016) - , your device is a "full_giza"
Click to expand...
Click to collapse
Is there much of a difference between the two and if not should I just edit the check in step-1.sh & step-2.sh?

cultofrobots said:
I get the following when running step 1:
Is there much of a difference between the two and if not should I just edit the check in step-1.sh & step-2.sh?
Click to expand...
Click to collapse
Oh well, my fault, let me fix that.
EDIT: Fixed the product check, use the v1.1 package.

Wrong thread.... deleted.

Rortiz2 said:
Oh well, my fault, let me fix that.
EDIT: Fixed the product check, use the v1.1 package.
Click to expand...
Click to collapse
That worked. Thanks.

thankssssss my frind , but i want root for fire hd8 5gen veeeeeerynessry sory bad englash
also i can buy it form you pleassss

789mod said:
thankssssss my frind , but i want root for fire hd8 5gen veeeeeerynessry sory bad englash
also i can buy it form you pleassss
Click to expand...
Click to collapse
Unfortunately, the Amazon Fire HD8 2015 (thebes) uses MT8135 which is pretty different to MT8163. Since I don't own the device, I can't really help you with that.

Rortiz2 said:
Unfortunately, the Amazon Fire HD8 2015 (thebes) uses MT8135 which is pretty different to MT8163. Since I don't own the device, I can't really help you with that.
Click to expand...
Click to collapse
have you any way to root these ) fire HD 10 5gen ?
I need it to my wrok
my work it unlockbootloader

Hi. I have a problem on Step 2
adb: error: cannot stat 'bin/boot0short.img': No such file or directory
Click to expand...
Click to collapse
I checked bin directory and really didn't found boot0short.img. Maybe it should be generated by the script. I checked code and didn't found any other mentions about this file...
What I doing wrong?

sancho_sumy said:
Hi. I have a problem on Step 2
I checked bin directory and really didn't found boot0short.img. Maybe it should be generated by the script. I checked code and didn't found any other mentions about this file...
What I doing wrong?
Click to expand...
Click to collapse
I've updated the main post with the v1.2 version, can you try with that one, please?
(https://forum.xda-developers.com/attachments/amonet-giza-v1-2-zip.5405917/)

Rortiz2 said:
I've updated the main post with the v1.2 version, can you try with that one, please?
(https://forum.xda-developers.com/attachments/amonet-giza-v1-2-zip.5405917/)
Click to expand...
Click to collapse
Now I have a brick...
Dark screen after "Rebooting into TWRP"
Dark screen, device didn't responce on power button...

sancho_sumy said:
Now I have a brick...
Dark screen after "Rebooting into TWRP"
Dark screen, device didn't responce on power button...
Click to expand...
Click to collapse
Bricked after running the 1.2 version? That makes no sense, unless your RPMB was updated. What's the output of "lsusb" when you plug in the tablet to the computer"?

Rortiz2 said:
Bricked after running the 1.2 version? That makes no sense, unless your RPMB was updated. What's the output of "lsusb" when you plug in the tablet to the computer"?
Click to expand...
Click to collapse
Yes. I run Step 2 from 1.2 version.
After "Rebooting into TWRP" screen off and didn't on anymore.
It's not listed in lsusb:
[email protected]:~/Downloads/amonet-giza-v1.2$ lsusb
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 004: ID 5986:2113 Acer, Inc Integrated Camera
Bus 001 Device 005: ID 0bda:c024 Realtek Semiconductor Corp. Bluetooth Radio
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Click to expand...
Click to collapse
After plug in to USB dmesg:
usb 1-3: USB disconnect, device number 7
Click to expand...
Click to collapse
Is there any chances to fix it? :-(

sancho_sumy said:
Yes. I run Step 2 from 1.2 version.
After "Rebooting into TWRP" screen off and didn't on anymore.
It's not listed in lsusb:
After plug in to USB dmesg:
Is there any chances to fix it? :-(
Click to expand...
Click to collapse
don't worry
first short your devices after this
2. sudo ./boot-fastboot.sh
the screen still black
after that
unplug your USB write sudo ./ fastboot-step.sh and plug it
and wait 1sec
will successfully..
thank

789mod said:
don't worry
first short your devices after this
2. sudo ./boot-fastboot.sh
the screen still black
after that
unplug your USB write sudo ./ fastboot-step.sh and plug it
and wait 1sec
will successfully..
thank
Click to expand...
Click to collapse
do you have any detailed instruction how to short it?

sancho_sumy said:
do you have any detailed instruction how to short it?
Click to expand...
Click to collapse
before short ,
try this commands
sudo ./boot-fastboot.sh
and wait 3sec
and
sudo ./fastboot-step.sh

Guide to Rooting the Infinix Hot 30 Play, With Magisk

Preface​Luckily, it looks like Infinix is following the general trend of Android root solutions being more straightforward than in the recent past. Besides the usual spiel about your warranty being voided, and the annoying chirp each time you boot your phone, this hopefully won't present any problems for you if you do end up rooting your phone.
Notices​
Still, I'm not responsible for anything bad that will happen to your phone if you do this, and there's no support guaranteed either from me or your OEM/support centre.
There's quite a few steps to this, and naturally you're gonna need a few more things to setup before you even start.
Your phone's data will be reset, please backup everything you'd like to keep before rooting your phone (now and in general).
You do need to know some things already, mainly what ADB and Fastboot are, and how to keep your working environment clean and straightforward.
Please do review all the tools you're working with, be sure that you personally trust all the software you're running.
And last but not least, you won't be able to update your phone through OTA updates anymore unless you go back to stock firmware.
The process​
Make an environment for easy access:
Setup ADB and Fastboot (either as a local executable or a global environment variable to that executable).
Setup an easy to access directory with the Google Fastboot driver in it.
Grab your firmware's boot.img file, or grab the one attached to this post, or from here (and skip to the preliminary work section):
1. Download your phone's current ROM.
2. Extract it, as it should be a simple .zip file.
3. Look for the file of the same name (boot.img).
4. Copy it to your phone's storage, anywhere works.
Install the Magisk APK (from their Github).
Once it's installed, Magisk's app frontend allows you to patch your stock boot.img with itself, the gist of it is:
Click on Install within the app, in the "Magisk" section of the main menu.
Click "Select and patch a file", a file selection menu will show up, select the stock boot.img, then start the installation.
Magisk should spit out a patched boot.img named in the format of magisk_patched_[random_strings].img, in your phone's /sdcard/Download/ directory.
Copy that back into our working directory, and rename it to magisk_patched.img for easier usage.
Now, let's do some preliminary work, in any order, really:
Have Powershell or CMD open in the directory of all your tools, alongside the patched image.
Click to expand...
Click to collapse
From here on out, if you have to use adb as a command, and it's not a global environment variable, use ./adb while in the working directory instead, the same goes for fastboot.
Click to expand...
Click to collapse
Make sure that the adb daemon (adbd) is properly detecting your phone:
Enable developer options.
Enable ADB debugging.
Run adb devices to start the server daemon for ADB, and see if ADB detects your phone.
Authorize your PC for ADB debugging if it prompts you to.
Click to expand...
Click to collapse
Infinix's implementation of Fastboot will exit back out of itself and into normal boot after 60 seconds of inactivity, which makes this a tad annoying, although you can simply send it any input to reset that timer.
Click to expand...
Click to collapse
Let's start:
Restart the phone into Fastboot, adb reboot bootloader loader, it'll take a second, the phone is slow.
Unlock flashing 3rd party software, fastboot flashing unlock, the phone will prompt you on the screen to confirm doing this. Yes, this will void your warranty.
Flash magisk_patched.img to both A and B virtual partitions, fastboot flash boot_a magisk_patched.img and then fastboot flash boot_b magisk_patched.img.
That should be it! fastboot reboot to boot normally!
Be sure to also run the Magisk app so it finishes setting itself up, with another reboot, naturally.
Technicalities​The Infinix Hot 30 Play does have a dedicated vbmeta partition, it's advised that you also flash it alongside flashing the patched boot.img for Verified Boot, but that's not necessary if you don't want to tinker with your super partition's crypto keys.
Thank yous​- topjohnwu for their work on Magisk.
- ansh_/ and their post/guide on rooting the Infinix Hot 11, that I used originally.

Addendum​
Using fastboot with MediaTek SoCs will be a bit of a pain as their driver availibilty is limited, if it doesn't get installed by Windows automatically, you have a few options:
Grab the Google's Pixel driver, and install it in realtime during fastboot.
Try to install the VCOM driver from a source you trust.
For grabbing the Google one, you'll have to:
Extract the driver somewhere easy to access.
Open Windows' Device Manager.
Plug in your phone during fastboot to your Windows PC.
Replace the "Unknown" entry for your phone with the Google driver in device manager, within the 60 second window it stays open in.
Note that you'll have to do this every time you go into fastboot.