Database Users

[Q] KFU 0.9.5 not rooting

Is anyone else who picked up one of the new refurb Kindles from Thursday's sale having trouble getting KFU 0.9.5 to actually root and install GApps?
In the last couple steps, it seems it can't complete something. I get the following error:
<idme> write 5002 to offset 0x1000
2183 KB/s (22364 bytes in 0.010s)
mv: can't rename '/system/bin/check_rooted': No such file or directory
<idme> write 4000 to offset 0x1000
Then when you run Install Google Apps / Go Launcher EX, it installs Go Launcher fine, calendar fine, but runs into trouble installing sync and a few other things.
Strange.

I'm having the exact same issue; KFU 0.9.5 is not giving me SU access.
FFF/TWRP are installed, but I fail with the
Please wait...
<idme> write 5002 to offset 0x1000
5459 KB/s (22364 bytes in 0.004s)
mv: can't rename '/system/bin/check_rooted': No such file or directory
<idme> write 4000 to offset 0x1000

Same here, but I installed fff and cwm .
Sent from my Kindle Fire using xda premium

Is it our kindle's or the way we are rooting????
Sent from my Kindle Fire using xda premium

soberarmy said:
Is it our kindle's or the way we are rooting????
Click to expand...
Click to collapse
I don't believe it has to do with anything specific we're doing. I think something changed in 6.3 that is throwing KFU for a loop. I'm not a developer... just a tech nerd... but I think it has something to do with whatever root exploit is in use not being able to assume SU (super user) permissions to copy/change the needed files.

curiousmike said:
I'm having the exact same issue; KFU 0.9.5 is not giving me SU access.
FFF/TWRP are installed, but I fail with the
Please wait...
<idme> write 5002 to offset 0x1000
5459 KB/s (22364 bytes in 0.004s)
mv: can't rename '/system/bin/check_rooted': No such file or directory
<idme> write 4000 to offset 0x1000
Click to expand...
Click to collapse
Are you also trying to do this on one of the refurb KFs from Thursday's sale?

soberarmy said:
Same here, but I installed fff and cwm .
Click to expand...
Click to collapse
Did you try installing CM7 or CM8 after you installed FFF and CWM? I've been tempted to try but after I couldn't get the Google Market/Google Play to work I paused to see if I could figure out why it was failing.
I was able to get Google Calendar installed by unzipping the APK file that it downloaded, copying it files over using USB, and manually installing it.

DPAnyion said:
Are you also trying to do this on one of the refurb KFs from Thursday's sale?
Click to expand...
Click to collapse
Mine is brand new as of a couple days ago.

Same problem, KFU didn't give me SU, also Google Play. Any helps...

I got the kindle from Thursday. Kfu did not work for me. I had to use jcases root method for 6.3, burrito or something. Make sure to follow it exactly. I spent hours trying to get kfu working and even softbricked for a bit.
I used the tools folder from kfu for all of the commands needed. Took 5 min, then did it again to my friends kindle who also got his on Thursdays sale.
I will be on tomorrow for anyone who needs help.
Sent from my Kindle Fire using XDA

DPAnyion said:
Did you try installing CM7 or CM8 after you installed FFF and CWM? I've been tempted to try but after I couldn't get the Google Market/Google Play to work I paused to see if I could figure out why it was failing.
I was able to get Google Calendar installed by unzipping the APK file that it downloaded, copying it files over using USB, and manually installing it.
Click to expand...
Click to collapse
I have not tried to install anything but gapps, Google Calendar did install but i think that sync if not working correctly, and ofcourse market is not working because im not rooted. I have faith that this will be fixed real soon.

Serinety said:
I got the kindle from Thursday. Kfu did not work for me. I had to use jcases root method for 6.3, burrito or something. Make sure to follow it exactly.
Click to expand...
Click to collapse
Do you have a link to this method?

curiousmike said:
Do you have a link to this method?
Click to expand...
Click to collapse
Here you go: http://forum.xda-developers.com/showthread.php?t=1568340

Dasanko said:
Here you go: http://forum.xda-developers.com/showthread.php?t=1568340
Click to expand...
Click to collapse
Did this work for anyone? I have a Fire from the Thurs sale and this isn't working. I upgraded to 9.3 w/o thinking. I first tried KFU 0.9.5 and then jcases' method. When I type this:
adb shell mv /system/bin/check_rooted /system/bin/check_rooted.bak
It says the path doesn't exist.
If I run KFU after jcases' method to install GAPPS it says permission denied like here: http://forum.xda-developers.com/showthread.php?t=1572846&page=2
failed to copy 'apps\system\vending.apk' to '/system/app/vending.apk': Permissio
n denied
failed to copy 'apps\system\GoogleCalendarSyncAdapter.apk' to '/system/app/Googl
eCalendarSyncAdapter.apk': Permission denied
failed to copy 'apps\system\GoogleContactsSyncAdapter.apk' to '/system/app/Googl
eContactsSyncAdapter.apk': Permission denied
For the record: Go launcher installs fine, FFF installs, and so does TWRP.

Serinety said:
I got the kindle from Thursday. Kfu did not work for me. I had to use jcases root method for 6.3, burrito or something. Make sure to follow it exactly. I spent hours trying to get kfu working and even softbricked for a bit.
I used the tools folder from kfu for all of the commands needed. Took 5 min, then did it again to my friends kindle who also got his on Thursdays sale.
I will be on tomorrow for anyone who needs help.
Sent from my Kindle Fire using XDA
Click to expand...
Click to collapse
can you walkthru how you just used the tools folder, i open my tools folder and there's .exe. files etc and not sure where to go from there.
run.bat just crashes for me

Dasanko said:
Here you go: http://forum.xda-developers.com/showthread.php?t=1568340
Click to expand...
Click to collapse
OK, from that I got to this:
http://forum.xda-developers.com/showthread.php?t=1569298
I guess I just flashed my ROM for the first time.
Root explorer now asks me to access as SU, so it seems to be working.

I just got a refurb one too and adb can't see it, even though it is listed in device manager as adb composite interface. Kindle Water can see it on my Mac, but that can't root this software version yet. Quite frustrating!
Sent from my Galaxy Nexus using XDA Premium HD app

have you tried rooting with 0.9.4. I was running 6.3 on a new kindle and it rooted and installed twrp just fine.

Ya its not adding SU app but I didnt need it since I went straight to CM7. Root, FireFireFire and TWRP all went without a hitch.

jocampbe said:
I just got a refurb one too and adb can't see it, even though it is listed in device manager as adb composite interface. Kindle Water can see it on my Mac, but that can't root this software version yet. Quite frustrating!
Sent from my Galaxy Nexus using XDA Premium HD app
Click to expand...
Click to collapse
I had to install the drivers the long way for ADB to work. I got these links off Google and they worked with 2 PCs.
http://www.jayceooi.com/2011/12/13/how-to-install-setup-android-sdk-development-environment/
http://www.jayceooi.com/2011/12/13/how-to-install-kindle-fire-adb-usb-driver/

The Kindle Fire Utility

Hello.
Long time lurker first time poster.
I'm not sure if this is where I should post this, or even if it's okay that I do, but the run.bat batch file for Kindle Fire Utility states "You are free to tweak or modify this as you see fit, just please be respectful is all I ask."
Vashypooh's latest version came out on the 9th, I think, and I started working on this as a large edit of version 0.9.5.
Vashypooh did some great work putting the batch file together, I hope that it is okay that I put this edited version here.
The abilites of this little program surprised even myself, you can have a custom ROM installed over a Stock Kindle Fire in roughly 6 minutes.
I've titled it 0.9.6d, if that's not okay, I can change it.
Get it: 0.9.6d @ db (dot ) tt/d41BrLYM
Older: 0.9.6c @ db (dot) tt/noGQ8wgf
From the readme:
The Kindle Fire Utility Readme
The original batch file was created by Vashypooh
Batch file edited by StanDudek
You are free to tweak or modify this as you see fit, just please be respectful is all I ask.
Initial work by ubeezee & yareally
Full revert based off method from Clavin, "tweaked" by Vashypooh
UI Elements, md5 Bypass, About Section, FFF + TWRP + Recovery bode quick install, Root Access split, by Stan Dudek
Full credit for FFF goes to Hashcode of XDA.
Full credit for TWRP goes to Team Win
Full credit for CWM goes to Hashcode
Installation:
Extract to C:\ as follows
"C:\The Kindle Fire Utility"
Done
################################
Running The Kindle Fire Utility:
################################
Run The Kindle Fire Utility and follow the on-screen instructions.
Setting Bootmode:
Choose option 1 and set one of three bootmodes.
Fire Fire Fire, Team Win Recovery Project, and reboot in Recovery Mode:
Choose option 2. When device reboots into Recovery Mode, Wipe device and install Custom ROM, Kindle Stock ROM, a new Kernel, or an apps.zip package.
Choose option 2a. to download files for future offline installation.
Root Access and Superuser Installation for Kindle Fire 6.3.1
Choose option 3. When Device restarts, Kindle Fire 6.3.1 has Root Access and Superuser.apk is installed.
Choose option 3a. to download files for future offline installation.
Fire Fire Fire Installation:
Choose option 4. After device reboots, reboot and press power button at Kindle Fire logo for boot menu.
Choose option 4a. to download files for future offline installation.
Team Win Recovery Project:
Choose option 5. After device reboots, reboot and select recovery from the bootloader menu.
Choose option 5a. to download files for future offline installation.
Clockwork Recovery Mod:
Choose option 6. After device reboots, reboot and select recovery from the bootloader menu.
Choose option 6a. to download files for future offline installation.
Miscellaneous:
Choose option 7.
Download and install:
Stock Kindle Fire 6.3.1 and push to /sdcard/
Hashcode Kernel 3.0+ and push to /sdcard/
GApps and push to /sdcard/
Lock Desktop Background
Unlock Desktop Background
Mount Read/Write
Mount Read-Only
Readme:
This File.
About:
Credits
################################
################################
################################
If you have any questions, contact me at [email protected]
Or PM me on the XDA forums, my username is StanDudek

This is the overhauled main menu.

If you're willing to share, put it in Development forum.
Nice work.
Sent from my iPad using Tapatalk HD

Thank you. I'll do that.

[How To]Fix Recovery Bootloop after installing twrp and 2nd bootloader

First and foremost I AM NOT RESPONSIBLE FOR ANY HARD BRICKS,etc ,etc(Really hard to hard brick a kindle doing this unless you flash a weird rom package)
Now that thats cleared up, I have been seeing too many recovery bootloop bricks lately because I think the main tutorials people use haven't been updated(to mention you need to put a rom on the kindle beforehand now), so I thought why not write a tutorial that explains how to fix this problem since there are so many posts, that way we can just put a link to the tutorial in the peoples threads. So here we go!
Things you need to do this:
a micro-usb cable
patience
minimal command prompt experience
Instructions:
Boot your kindle into twrp (it should do this on its own at this point)
Make sure you have the adb drivers installed(they will need to be installed again if you flashed an older version of twrp), if not, update your drivers in the device manager with the ones in my signature.(See below if you don't know how to update your drivers)
Download the attached file and extract it somewhere
Put the rom and gapps in the folder you extracted the files to
Open a command prompt with admin privileges(start>all programs>accessories right click command prompt, hit run as admin)
CD into the directory where the extracted files are
Type this into the command prompt: adb push rom-or-gapps-name-goes-here.zip /sdcard/
As I said in the filename put either the rom or the gapps, but send both in two commands
At this point once the transfer is done unplug your kindle
If you are going from amazon to a cm based rom, at this point you should wipe system, cache, dalvik cache, and do a factory reset. If not just goto step 11.
Hit install, browse to the /sdcard folder and choose the rom and gapps files and flash them
Reboot and profit!
For people with driver issues that don't know how to install my driver:
Open the device manager
Find the device with a triangle next to it
Right click it and hit update driver
Choose the option that lets you search a folder for drivers by browsing
Choose the folder you extracted my drivers to
Let it search and install the drivers
Profit!
Note: If adb isn't picking up the kindle in recovery, try uninstalling the current kindle devices it detects first and then updating the drivers

It's about time someone posted a tutorial for how to fix this. Great job! This should be a sticky.

thanks
I had the same problem... the looping thing... you're tutorial saved me! thanks a lot.

rom and gapps
sry for my ignorance, but what do you mean with "rom and gapps"?
i explain what i've done:
i did everything in the guide to install twrp and 2nd bootloader.
i can acces in the twrp, but if i enter the reboot menu, if i push the botton "System", i had the boot loop problem (Kindle logo became orange and then blue forever)
Now the question is: where i find the rom and the gapps you're talking about?

You choose a ROM from the android development section for your model kindle, usually it tells what version of gapps(google apps) you need to flash with it. If it doesn't tell what gapps you need its pretty easy to tell, goo.im has the gapps posted for all versions of android, and have a chart telling which version goes with what os.
Sent from my Amazon Kindle Fire HD running CM10.1 Tablet UI using xda-developers app

*cannot read
When I go to push the file to the kindle I get a message in the command prompt saying *cannot stat 'rom.zip': no such file or directory.
I have the zip in the same folder as the adb file
Any suggestions?

Check the ROM name to make sure its not a typo? It should work. Make sure you didn't rename the ROM and add .zip because windows by default doesn't show extensions, so the filename might actually be ROM.zip.zip now if you did that.
Sent from my Amazon Kindle Fire HD running CM10.1 Tablet UI using xda-developers app

Sigh, I was hoping my first post on XDA wouldn't be a help request, but here I am..
I agonized for hours over the directions in this tutorial, checked all the right boxes, but I ended up in the bootloop as described in the OP. I can get to TWRP fine, but nothing else. My ADB drivers along with the Android SDK package were installed and previously working fine. Now, of course, the device no longer has a driver in Windows. I followed the instructions here, carefully selecting the extracted folder containing the ADB files, and Device Manager tells me—
"Windows was unable to install your Kindle. If you know the manufacturer of your device, you can visit its website and check the support section for driver software."
Click to expand...
Click to collapse
I tried a number of times to reboot both systems, uninstall the Kindle, try to pick it up again, etc., to no avail.
My device is a Kindle Fire HD 7" originally version 7.4.6. I made backups before I started as per the directions in the linked thread and I have my desired ROM and Gapp .zips all ready to go, I just can't get anything to the device. I'd prefer to avoid needing to get a factory cable, if possible.
Thanks for any help!
Edit: I've managed to get my .zip files to the /sdcard/ directory. For anyone stuck on the same problem I was, the instructions in this thread got my ADB drivers up and running again. The rest of the steps here worked fine at that point.

Oh good, someone finally made a tutorial for this.

Help please
hello i am in need of some help, at step 6 can you explain what CD is. Also in Cmd i keep on getting this message below, please could you help me i also have just installed android ADB driver interface driver.
C:\Windows\system32>adb push cm-10.1-20130726-UNOFFICIAL-tate.zip /sdcard/
'adb' is not recognized as an internal or external command,
operable program or batch file.

CD means change directory, it does what it says, right now you are in your system32 folder so when you CD into the directory you extracted the zip file to you won't get that error. You should Google some command prompt basics.
Sent from my Amazon Kindle Fire HD running CM10.1 Tablet UI using xda-developers app

Thanks
Thank you for this guide, googled some basic CMD knowledge and now i have cyanogen. Cheers

gallowayj3 said:
hello i am in need of some help, at step 6 can you explain what CD is. Also in Cmd i keep on getting this message below, please could you help me i also have just installed android ADB driver interface driver.
C:\Windows\system32>adb push cm-10.1-20130726-UNOFFICIAL-tate.zip /sdcard/
'adb' is not recognized as an internal or external command,
operable program or batch file.
Click to expand...
Click to collapse
Extract the file in the first post to somewhere on your C drive. (I put it in the C drive directly so it was just c:\adb\.)
Check this: ht tp://coweb.cc.gatec h.edu/ice-gt/339 - remove the spaces.
That should help.
Do
cd..
until you have just c:/. Then type cd:/adb and it should put you in the right place. Then you can do adb push.
I just figured this out actually and did it.

HELP
everything worked until i am flashing the rom, i get this error
updating partition details...
installing ' /sdcard/rom.zip'...
checking for MD5 file...
skipping MD5 check: no file found
assert failed: getprop("ro.product.device")=="blaze_tablet" || getprop(ro.build.product") == "blaze_tablet" || getprop("ro.product.device") == "tate" || getprop("ro.build.product") == "tate"
E:Error executing updater binary in zip ' /sdcard/rom.zip'
Error flashing zip ' /sdcard/rom.zip'
error flashing zip ' /sdcard/rom.zip'
epdating partition details...
PLEASE HELP

Sounds like an old twrp version I think, try downloading the latest twrp from android development for your device, It should have a flashable zip, just push it to your device and flash that, then reboot into recovery again and try flashing the ROM again.
Sent from my Amazon Kindle Fire HD running CM10.1 Tablet UI using xda-developers app

stuck
Hi guys .., when i typed adb push cm-10.1-20130812-UNOFFICIAL-jem.zip /sdcard , it says
error: device not found.
i thing my pc didn't recognize my kindle. In device manager there ain't any devices not installed .
someone pls Help

Find the android adb device in the service manager and uni stall it and let it install my drivers and see if it works, I'm guessing its a simple driver issue.
Sent from my Amazon Kindle Fire HD running CM10.1 Tablet UI using xda-developers app

Sorry for my stupid question. ) what is service manager?
stunts513 said:
Find the android adb device in the service manager and uni stall it and let it install my drivers and see if it works, I'm guessing its a simple driver issue.
Sent from my Amazon Kindle Fire HD running CM10.1 Tablet UI using xda-developers app
Click to expand...
Click to collapse

My bad I think my kindle autocorrected a word incorrectly. It was supposed to say device manager.
Sent from my Amazon Kindle Fire HD running CM10.1 Tablet UI using xda-developers app

i'm kind of newbie on rooting and installing ROMs.
http://www.youtube.com/watch?v=hUW6KARo8Y4
i tried this youtube instruction and after step 20 My kindle fire wouldn't start. Not even the kindle fire with blue color.
and also pc didn't recognize my kindle , maybe because of it won't power on.
/this instruction is for kindle fire HD 8.9 , i don't know my kindle is 7 inch/
In device manager can't find adb devices .. what should i do?

[HDX 8.9] Root, google apps and wallpaper fix

Hi,
I wrote a little script with some nice utilities to customize the Kindle Fire HDX 8.9.
Options available :
Superuser
Remove signature check
Install Google Apps
Fix wallpaper
It runs under Linux, and you need to have java, jar, sed, wget, adb and aapt set up on your computer.
To use it, plug your device and enable adb.
Extract the archive and run hdx.sh in a terminal.
Everything is not perfect, but it seems to work pretty good for me
Thanks to everybody who worked on the tools I use in this script.

Is play store working for downloading
Sent from my SPH-L900 using xda app-developers app

Tanks to cpasjuste tips it is

I know u mentioned Linux us it possible to run this from windows
Sent from my SPH-L900 using xda app-developers app

I have the same question... can we run this script under windows somehow. I already have root, gmail and music working... play store can't connect though... I also used adb to do the wallpaper fix and it says it is applied but nothing seems to have happened. Still no wallpapers anyway. btw, I also have superuser and busybox installed too.

Same question here. Also, can the wallpaper fix be used stand alone and will we be able to have wallpapers on stock launcher? I am on 7“
Sent from beneath my invisibility cloak

Judging by the content of the .sh file, i believe a .bat file can be written to run on windows... however, it would be prudent to do it in a safestrap rom slot, you know, just in case something goes wrong...
Thanks for sharing @Ptiwee !
Ill try manual execution of some of the steps in your guide (most especially on the ones related to DownloadProvider) and see how it goes !
Cheers!

If you want just the wallpaper fix I thought I'd mention my fix still works on the hdx that I designed for the HD, though you may have to install busybox on your kindle first.
Sent from my Amazon Kindle Fire HD running CM10.1 Tablet UI using xda-developers app

It should be possible to use it on Windows, though you have to find the equivalent for all programs used inside (especially for sed ...)
I don't have time to care about it before Christmas ...

stunts513 said:
If you want just the wallpaper fix I thought I'd mention my fix still works on the hdx that I designed for the HD, though you may have to install busybox on your kindle first.
Sent from my Amazon Kindle Fire HD running CM10.1 Tablet UI using xda-developers app
Click to expand...
Click to collapse
Do i have to be rooted?
Sent from beneath my invisibility cloak

Will this allow Amazon Appstore to work?
It doesn't look like it as you've used the same cm10 apks, but I thought it wouldn't hurt to ask before I go through the trouble of trying it out...
Sent from my KFTHWI using Tapatalk 4

Hanzo.Hasashi said:
Do i have to be rooted?
Click to expand...
Click to collapse
You'll need to root before applying the wallpaper fix
Sent from my KFTHWI using Tapatalk 4

I have tried this and after applying the Google Apps 3rd option it rebooted and now its stuck with the kindle fire logo and not coming up anymore
The device answers to adb commands (lists up with adb devices) and reboots with "adb reboot fastboot" and/or "adb reboot recovery"
Although resetting with the recovery to factory defaults doesnt help...
Anyone know whats happening? (I cant afford to send it back to US as I live in Colombia)

Sorry for the double post
Root works, but when trying the signature check (I just went past 1-2-3-4 and 5 without checking for errors I was just too sleepy)
It gives me this:
Waiting for device ...
Pulling files ...
8403 KB/s (3479504 bytes in 0.404s)
335 KB/s (27576 bytes in 0.080s)
5837 KB/s (1083168 bytes in 0.181s)
6180 KB/s (1505152 bytes in 0.237s)
9411 KB/s (10893168 bytes in 1.130s)
6375 KB/s (1398376 bytes in 0.214s)
1422 KB/s (130136 bytes in 0.089s)
4940 KB/s (765056 bytes in 0.151s)
7 KB/s (313 bytes in 0.040s)
1 KB/s (72 bytes in 0.040s)
Deodexing ...
Exception in thread "main" org.jf.util.ExceptionWithContext: services.odex is not an apk, dex file or odex file.
at org.jf.dexlib2.DexFileFactory.loadDexFile(DexFileFactory.java:111)
at org.jf.dexlib2.DexFileFactory.loadDexFile(DexFileFactory.java:54)
at org.jf.baksmali.main.main(main.java:247)
Editing /com/android/server/pm/PackageManagerService.smali ...
./hdx.sh: line 40: smali/com/android/server/pm/PackageManagerService.smali.new: No such file or directory
mv: cannot stat ‘smali/com/android/server/pm/PackageManagerService.smali.new’: No such file or directory
Recompiling ...
UNEXPECTED TOP-LEVEL EXCEPTION:
java.lang.RuntimeException: Cannot find file or directory "smali"
at org.jf.smali.main.main(main.java:174)
./hdx.sh: line 44: jar: command not found
rm: cannot remove ‘smali’: No such file or directory
rm: cannot remove ‘classes.dex’: No such file or directory
Reodexing on device...
7 KB/s (313 bytes in 0.040s)
push: scripts/remove_signature_check/dexopt-wrapper -> /data/local/tmp/dexopt-wrapper
push: scripts/remove_signature_check/odexsign.sh -> /data/local/tmp/odexsign.sh
2 files pushed. 0 files skipped.
70 KB/s (5822 bytes in 0.081s)
Signing and replacing services.odex ...
--- BEGIN 'services.jar' (bootstrap=0) ---
--- waiting for verify+opt, pid=6931
--- would reduce privs here
--- END 'services.jar' --- status=0xff00, process failed
20+0 records in
20+0 records out
20 bytes transferred in 0.001 secs (20000 bytes/sec)
Cleaning ...
Done, push any key to continue ...
Click to expand...
Click to collapse
Any ideas why services.odex is not what its looking for? (Maybe someone could upload it?)

Guys, if ANY PART OF THIS FAILS & YOUR DEVICE REBOOTS, IT WILL BRICK THE HDX.
Several people are having issues (maybe running this in a terminal on device or via mnty) that leads to the endless bootloop. This can also occur if there are files left in Dalvik cache from the old download manager & UI.
Use caution & common sense when trying to modify your device. My brother works for Amazon & has told me that they are supposed to start cracking down on device returns this week. If you mess your device up because you don't really know what you are doing (much of this is early developmental stage) there is an increasing chance that you will be stuck with a non-functioning device &/or out several hundred dollars.

Poesini said:
Sorry for the double post
Root works, but when trying the signature check (I just went past 1-2-3-4 and 5 without checking for errors I was just too sleepy)
It gives me this:
Any ideas why services.odex is not what its looking for? (Maybe someone could upload it?)
Click to expand...
Click to collapse
If you are still stuck in bootloop, I can help you. Based on your post, I bricked on purpose & was able to recover. Hit me up, or check out my thread in the HDX General forum section.

GSLEON3 said:
If you are still stuck in bootloop, I can help you. Based on your post, I bricked on purpose & was able to recover. Hit me up, or check out my thread in the HDX General forum section.
Click to expand...
Click to collapse
WOW
FKN WOW
You saved my life man you just saved my life... Followed your guide and now I have my device back again YAY
Thanks a lot man

Jocky & I probably saves 100's of Kaisers back in the WM days. Been a while since I've had time to really get into Android firmware, but I can still piddle with the best of the average, lol...
Glad you are fixed .
Now you can mod the build.prop & start anew if so desired. What I did. Once you've used the exploit, SU is almost garunteed to stay, at least until Amz patches it in an update.
Sent from my Nexus 7 using XDA Premium HD app

Ptiwee said:
Hi,
I wrote a little script with some nice utilities to customize the Kindle Fire HDX 8.9.
Options available :
Superuser
Remove signature check
Install Google Apps
Fix wallpaper
It runs under Linux, and you need to have java, jar, sed, wget, adb and aapt set up on your computer.
To use it, plug your device and enable adb.
Extract the archive and run hdx.sh in a terminal.
Everything is not perfect, but it seems to work pretty good for me
Thanks to everybody who worked on the tools I use in this script.
Click to expand...
Click to collapse
Hi,
I tried to install the Google Apps with the scripts, and now every time I boot up it shows "Kindle is upgrading ...."
After a while it still boot up successfully. But it is taking longer time.
Also, the Google Play store only works for me once after I first reboot. Afterward, it app closes itself right after I click on it.
Reboot does not help.
Did I do anything wrong here? Any idea how I can fix it?
Thanks.

I'm back from Christmas celebrations, sorry ...
As GSLEON3 stated, it is important to use those scripts safely. I put them here for crazy people who know what they are doing
The Kindle update is a known bug, it doesn't disturb me a lot but maybe I'll try to find a solution
For the Google Play store not working, did you disabled the signature check ?

Fire OS 5.2.6.3 bin and extract for Fire stick 2 (full_tank)

Security path is of june 2017. ro.build.version.security_patch=2017-06-01
We can try all exploits which came after that.
So far not able to find any exploit for tank, I'm sharing the latest bin and extract so we can collectively find some.
Drive Link

Succeeded with this exploit https://www.xda-developers.com/janus-vulnerability-android-apps/.
Able to modify and update system apps and gain system app privilege.
Script used > https://github.com/V-E-O/PoC/tree/master/CVE-2017-13156
i have only tested this on tank since i don't have other devices. Theoretically it should also work on all fire devices which don't have latest security patch.

install this apk to block installing new update from amazon. it will still download the ota bin file for you to experiment, but the ota install will fail as the install code is removed.

I'm not that expert so can you clarify for me? Can you use this exploit to add supersu or any other root method?
I have a US fire TV 3, a US FireTvStick 2 and an italian FireTvStick 2 Basic edition. Can I test this on any of them?
EDIT: All of them have updates blocked on my router. Can't rempember on what Os version they are though. But pretty sure a very early one.
EDIT#2: Reading better I guess it's not possible cause the exploit can only modify SYSTEM APPS permissions? Not sure if a non system app installed by user crafted to install su binaries can work?
EDIT#3: Reading better I understood that if you craft a dex file makiing it look like a legitimate update of a high privileged system app you can inherit its privileges and execute your code. So maybe there are hopes. Thanks again for your effort. Really interesting.
Thanks and nice work.

puppinoo said:
I'm not that expert so can you clarify for me? Can you use this exploit to add supersu or any other root method?
I have a US fire TV 3, a US FireTvStick 2 and an italian FireTvStick 2 Basic edition. Can I test this on any of them?
EDIT: All of them have updates blocked on my router. Can't rempember on what Os version they are though. But pretty sure a very early one.
EDIT#2: Reading better I guess it's not possible cause the exploit can only modify SYSTEM APPS permissions? Not sure if a non system app installed by user crafted to install su binaries can work?
EDIT#3: Reading better I understood that if you craft a dex file makiing it look like a legitimate update of a high privileged system app you can inherit its privileges and execute your code. So maybe there are hopes. Thanks again for your effort. Really interesting.
Thanks and nice work.
Click to expand...
Click to collapse
As of now no super user, still looking for loop holes to use system permission to disable SELinux security.
Yes you can try installing. But if it fails, you will have to pull your system app and modify.
This apk is based on Fire OS 5.2.6.3 bin also works on Fire OS 5.2.6.2.

ranjeet choudhary said:
install this apk to block installing new update from amazon. it will still download the ota bin file for you to experiment, but the ota install will fail as the install code is removed.
Click to expand...
Click to collapse
Where does the downloaded OTA sit? Will this blocking app work for other Fire devices such as Fire tablets?
ranjeet choudhary said:
As of now no super user, still looking for loop holes to use system permission to disable SELinux security.
Yes you can try installing. But if it fails, you will have to pull your system app and modify.
This apk is based on Fire OS 5.2.6.3 bin also works on Fire OS 5.2.6.2.
Click to expand...
Click to collapse
I researched Fire system app permissions a while ago, see this post https://forum.xda-developers.com/showpost.php?p=75226706&postcount=65
You can use a script like this to dump info for all system apps, and then look through the output:
Code:
for p in `pm list package -s | ./busybox awk -F"package:" '{print $2}'`; do echo -n "$p: "; dumpsys package $p ; done
(this requires that you upload 'busybox' to /data/local/tmp, and run it there)
What I observed is that SuperSu adds a whole new level of permissions to the system (a giant hole, if you will). None of the existing apps have that level of access. Of the existing system apps, it seemed that devicesoftwareota had some of the juicer permissions, which that still is not much. All it effectively does is that it grabs the update bin from the Internet, sticks it to a designated directory, and reboots to recovery which will continue the update. This can already be achieved on tablets via the sideloading option in recovery. I don't recall I spotted an existing app that could read the whole /data directory, as to enable backups in a simple format.
I've attached the output for devicesoftwareota for FireHD 10 2017, but that should be similar to the Fire stick.
Anyway, please do share if you find anything good!!!

ranjeet choudhary said:
Security path is of june 2017. ro.build.version.security_patch=2017-06-01
We can try all exploits which came after that.
So far not able to find any exploit for tank, I'm sharing the latest bin and extract so we can collectively find some.
Drive Link
Click to expand...
Click to collapse
Good job! I have not seen the bin file available elsewhere - Amazon obfuscated the links to it quite well.
Just for kicks, I unpacked it, and installed com.amazon.tv.launcher on top of the one I had. So I now have an updated launcher:
Code:
Package [com.amazon.tv.launcher] (2b2540ce):
userId=32072 gids=[3003, 1028, 1015, 3002]
pkg=Package{c86435c com.amazon.tv.launcher}
codePath=/data/app/com.amazon.tv.launcher-1
versionCode=600612610 targetSdk=22
versionName=6.0.0.6-126
...
Hidden system packages:
Package [com.amazon.tv.launcher] (3f5557eb):
userId=32072 gids=[]
pkg=Package{22e23948 com.amazon.tv.launcher}
codePath=/system/priv-app/com.amazon.tv.launcher
versionCode=573001710 targetSdk=22
versionName=5.7.3-17
I may try your devicesoftwareota.apk at some point too.

bibikalka said:
Where does the downloaded OTA sit? Will this blocking app work for other Fire devices such as Fire tablets?
I researched Fire system app permissions a while ago, see this post https://forum.xda-developers.com/showpost.php?p=75226706&postcount=65
You can use a script like this to dump info for all system apps, and then look through the output:
Code:
for p in `pm list package -s | ./busybox awk -F"package:" '{print $2}'`; do echo -n "$p: "; dumpsys package $p ; done
(this requires that you upload 'busybox' to /data/local/tmp, and run it there)
What I observed is that SuperSu adds a whole new level of permissions to the system (a giant hole, if you will). None of the existing apps have that level of access. Of the existing system apps, it seemed that devicesoftwareota had some of the juicer permissions, which that still is not much. All it effectively does is that it grabs the update bin from the Internet, sticks it to a designated directory, and reboots to recovery which will continue the update. This can already be achieved on tablets via the sideloading option in recovery. I don't recall I spotted an existing app that could read the whole /data directory, as to enable backups in a simple format.
I've attached the output for devicesoftwareota for FireHD 10 2017, but that should be similar to the Fire stick.
Anyway, please do share if you find anything good!!!
Click to expand...
Click to collapse
You can find the ota files here
/sdcard/Android/data/com.amazon.device.software.ota/
Haven't tested on Fire tablets, you can try and let us know.

ranjeet choudhary said:
You can find the ota files here
/sdcard/Android/data/com.amazon.device.software.ota/
Haven't tested on Fire tablets, you can try and let us know.
Click to expand...
Click to collapse
is there a way to get a 5.2.6.3 flashable zip for the fire tv 2 box from this?

Which launcher do you have now? can we replace that launcher with any other launcher? I could code a gui for drag/drop so we add the apk then the exploit generates the apk. Of course the tool would tell us which system apps are available and with what they could be replaced. Another interesting question is would we be able to remove the bloatware by adding replacing system apps with empty apks?
bibikalka said:
Good job! I have not seen the bin file available elsewhere - Amazon obfuscated the links to it quite well.
Just for kicks, I unpacked it, and installed com.amazon.tv.launcher on top of the one I had. So I now have an updated launcher:
Code:
Package [com.amazon.tv.launcher] (2b2540ce):
userId=32072 gids=[3003, 1028, 1015, 3002]
pkg=Package{c86435c com.amazon.tv.launcher}
codePath=/data/app/com.amazon.tv.launcher-1
versionCode=600612610 targetSdk=22
versionName=6.0.0.6-126
...
Hidden system packages:
Package [com.amazon.tv.launcher] (3f5557eb):
userId=32072 gids=[]
pkg=Package{22e23948 com.amazon.tv.launcher}
codePath=/system/priv-app/com.amazon.tv.launcher
versionCode=573001710 targetSdk=22
versionName=5.7.3-17
I may try your devicesoftwareota.apk at some point too.
Click to expand...
Click to collapse

Anyone have any pre-configured apk's available to replace the amazon launcher with an alternative using the janus exploit?
I cannot get the janus exploit to work with windows + phyton 2.7
Code:
cd_start_addr = struct.unpack("<L", apk_data[cd_end_addr+16:cd_end_addr+20])[0]
struct.error: unpack requires a string argument of length 4
Will need to try linux, mac, or python 3.0

juanse254 said:
Which launcher do you have now? can we replace that launcher with any other launcher? I could code a gui for drag/drop so we add the apk then the exploit generates the apk. Of course the tool would tell us which system apps are available and with what they could be replaced. Another interesting question is would we be able to remove the bloatware by adding replacing system apps with empty apks?
Click to expand...
Click to collapse
Im using appstarter. Yes you can replace launcher. And Yes its possible to replacing system apps with empty apks.
You can try the attached dummy apk which is replacing com.amazon.tv.oobe.apk. oobe is responsible for triggering default launcher and apply any locks by amazon to block the device and also prevent BOOT_COMPLETED. This dummy apk kills the oobe so that we can listen for BOOT_COMPLETED in other apps and replace launcher.

ranjeet choudhary said:
Im using appstarter. Yes you can replace launcher. And Yes its possible to replacing system apps with empty apks.
You can try the attached dummy apk which is replacing com.amazon.tv.oobe.apk. oobe is responsible for triggering default launcher and apply any locks by amazon to block the device and also prevent BOOT_COMPLETED. This dummy apk kills the oobe so that we can listen for BOOT_COMPLETED in other apps and replace launcher.
Click to expand...
Click to collapse
Sigh
This looked to be the best chance I had at killing the Amazon TV Launcher on my FireTV 2 (5.2.6.2) but it said it was already installed when I tried (adb install out1.apk)
It 'succeeded' when I forced a reinstall (adb install -r out1.apk) but on a reboot the TV Launcher came up
Anything else I can try?

ranjeet choudhary said:
install this apk to block installing new update from amazon. it will still download the ota bin file for you to experiment, but the ota install will fail as the install code is removed.
Click to expand...
Click to collapse
can i use this to stop my tank 5.2.6.3 from updating to 5.2.6.7?
have router blocking working (with some...tinkering), but would like to be able to connect to other networks without worry of update.

A request
Hello,
I'm sure you have noticed the flurry of successfully rooted Fire TV devices lately, including the Fire TV Stick 2, Fire TV 3 and Cube.
Which would seem to make this exploit now obsolete. But not your modified DeviceSoftwareOTA.apk, which I used on my stick to block updates until I recently rooted it.
At current, the Fire TV Stick 2 has the most up to date software. But the Cube and Pendant are behind on updates because there is no way to download them without
some risk of the possibility of losing root for which the exploit has now been patched. But a modified DeviceSoftwareOTA.apk for these devices that would download the
update and not initiate an install would be an elegant solution. Allowing us to pull the update from the device and install it in a different manner.
This type of modification is unfortunately beyond my skill level, so I have attached a link to the current apk from one of these devices.
And am asking, if you have time, could you please have a look at it. And tell me if yours would work in its place, or modify it as you did yours by removing the install code.
Your help would be greatly appreciated.
Thanks.
DeviceSoftwareOTA.apk

2WhlWzrd said:
But a modified DeviceSoftwareOTA.apk for these devices that would download the
update and not initiate an install would be an elegant solution. Allowing us to pull the update from the device and install it in a different manner.
Click to expand...
Click to collapse
This exploit was patched above 5.2.6.3., if your FTV3/Cube is at a higher firmware, forget about this...

2WhlWzrd said:
Hello,
I'm sure you have noticed the flurry of successfully rooted Fire TV devices lately, including the Fire TV Stick 2, Fire TV 3 and Cube.
Which would seem to make this exploit now obsolete. But not your modified DeviceSoftwareOTA.apk, which I used on my stick to block updates until I recently rooted it.
At current, the Fire TV Stick 2 has the most up to date software. But the Cube and Pendant are behind on updates because there is no way to download them without
some risk of the possibility of losing root for which the exploit has now been patched. But a modified DeviceSoftwareOTA.apk for these devices that would download the
update and not initiate an install would be an elegant solution. Allowing us to pull the update from the device and install it in a different manner.
This type of modification is unfortunately beyond my skill level, so I have attached a link to the current apk from one of these devices.
And am asking, if you have time, could you please have a look at it. And tell me if yours would work in its place, or modify it as you did yours by removing the install code.
Your help would be greatly appreciated.
Thanks.
DeviceSoftwareOTA.apk
Click to expand...
Click to collapse
Thanks for the update on root, i totally missed it. this opens a whole lot of modification possible. Let me check if the exploit still works. Even if it doesn't work, with root we can force replace with modified apk.

I read some time ago that there will be a new update that will block Kodi is this an update that could do this ?

ranjeet choudhary said:
Thanks for the update on root, i totally missed it. this opens a whole lot of modification possible. Let me check if the exploit still works. Even if it doesn't work, with root we can force replace with modified apk.
Click to expand...
Click to collapse
Thank you, for your reply.
I thought that it should be possible to force this with root, these devices have Fire OS 6 — Based on Android 7.1 (API level 25).
So I don't think the vulnerability would apply, would it? Unlike the 2nd generation stick with Fire OS 5 — Based on Android 5.1 (API Level 22).
But there still may be hope.
We are rooted with Magisk and I have installed the Magisk port of Xposed. And there is HDXposed, which is said to be able to
disable the signature check. But I don't see anyone using it with Fire OS 6 yet, only Fire OS 5 mods. So I don't know it will work anyway.
I shall patiently await your reply.
Thanks again for your efforts.

[deleted]