Database Users

[HOW TO] Unbricking/Restoring your Kindle Fire

UPDATE: It has come to my attention that zergRush root has been patched and no longer works on the most resent updates. At the moment I haven't checked to see what to use to replace it. I would advise anyone who is needing to unbrick your device to go over to this thread started by Vashypooh: http://forum.xda-developers.com/showthread.php?t=1399889. It is the Kindle Fire Utility v0.9.1 and has options to unbrick your kindle fire among many other great features. Please try his utility out as I have not been keeping up with this thread much over the holidays.
My kindle fire was stuck in a bootloop/bricked (info on what was going on prior to fixing: forum.xda-developers.com/showthread.php?t=1355371) after some complications when trying to install google apps. I may of deleted system files, really not sure what happened at this point. Anyway, this is what finally fixed it. This will get your device to the just out of the box state. Just follow along with the commands. I documented as much as I could, but if you have any questions feel free to ask. Hope this helps anyone whos Kindle Fire wont boot up!
For this to work you will need fastboot and zergRush root
get fastboot here: http://multiupload.com/TPWBYSCGM7
details on how fastboot works: http://wiki.cyanogenmod.com/wiki/Fastboot
zergRush root: http://rootkindlefire.com/kindle-fire-root/how-to-root-kindle-fire/
->zergRush should be in the folder called files when extracted
Also make sure your device is charged, this will save you some time at the end!
I most likely not respond to private messages. This is a general thread so anyone can post here. It is beneficial to others since they may be experiencing the same problems as you. Being in my inbox wont help anyone.
***DISCLAIMER***: This process may not work for everyone! It really does depend on what you did to brick your kindle fire!! Also please consider thinking twice about messing with your device again after you fix it. Unless, of course, you think you can fix it on your own or are an advanced user.
PS: Read other peoples posts! Many have posted a lot of useful information, please use this to your advantage before asking questions!
PPS:What you did to brick your device is probably not unique. in order to prevent this thread from annoying those trying to help and from getting too long, we may ignore posts that ask questions or ask for solutions that have already been asked. If you don't get a reply within 24 hours, your problem probably falls under this.
PPPS:If the directions don't work and you don't see a solution in this thread already then you probably bricked your device beyond this way of recovery and need to seek other ways. If you are still having troubles please post a DESCRIPTIVE (pictures, links, anything and everything you did to get where you are at now) question/post with the problems you are facing and we can try and help you. Thank you.
---------------------------------------///------------------------------------
Hard reset may work for some people - hold power button for ~20 seconds and turn back on. If it doesn't then proceed:
---------------------------------------///------------------------------------
How to begin the how-to using cmd:
1. Download the files you need and stick them in your C:\ directory
2. stick fastboot in C:\KindleFireRoot\files directory
3. open cmd (command prompt)
4. navigate to the files directory on your C:\ drive
should look similar to this:
​
Code:
C:\users\userName>cd C:\KindleFireRoot\files
5. now you are in the kindleFireRoot\files directoryshould look something like this:
​
Code:
C:\KindleFireRoot\files>
Now you can start following the directions in the how-to and type exactly what you see to the right of the $ and # symbols. You should see them but do not type another one next to what you already see.
---------------------------------------///------------------------------------
IF YOU THINK MODIFYING PERMISSIONS ON /system/app IS WHAT CAUSED YOUR DEVICE TO BOOTLOOP THEN FOLLOW THESE STEPS:
check your permissions first
Code:
adb shell
ls -l /system/
they should look like:
Code:
drwxr-xr-x root root 1970-01-01 00:00 lost+found
drw-r-xr-x root root 2011-11-29 12:31 app
drwxr-xr-x root shell 2011-11-16 03:03 bin
-rw-r--r-- root root 2144 2008-08-01 12:00 build.prop
drwxr-xr-x root root 2011-11-16 03:03 etc
drwxr-xr-x root root 2011-11-16 03:03 fonts
drwxr-xr-x root root 2011-11-16 03:03 framework
drwxr-xr-x root root 2011-11-16 03:03 lib
drwxr-xr-x root root 2011-11-16 03:03 media
drwxr-xr-x root root 2011-11-16 03:03 tts
drwxr-xr-x root root 2011-11-16 03:03 usr
drwxr-xr-x root shell 2011-11-16 03:03 vendor
drwxr-xr-x root shell 2011-11-29 12:31 xbin
if yours do not look like this then continute:
follow the steps to temp root FIRST(steps 1 and 2 below)!
AFTER you temp root:
Code:
adb shell
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
chmod 755 /system/app
then reboot
Note: this can work with any directory that has permissions messed up
---------------------------------------///------------------------------------
IF YOU CHANGED WALLPAPERS/THEME AND BRICKED YOUR DEVICE BY MESSING WITH FRAMEWORK-RES.APK TRY THIS:
if you have adb active, try
adb shell ls -l /system/framework/framework-res.apk
if you dont see it show permissions as rw-r--r--
temp root (steps 1 and 2) first then run:
adb shell mount -o remount rw /system
adb shell chown root /system/framework/framework-res.apk
adb shell chmod 644 /system/framework/framework-res.apk
adb shell mount -o remount ro /system
adb reboot
if that does not work, then you need to go back to the old file, get it from the amazon update (download the update from their site and unzip it with 7zip or winrar, ignore the fact it's called bin and just rename it if you don't know how to do it otherwise to .zip).
then run
adb push framework-res.apk /data/local/tmp
adb shell mount -o remount rw /system
adb shell mv /data/local/tmp/framework-res.apk /system/framework/framework-res.apk
adb shell chown root /system/framework/framework-res.apk
adb shell chmod 644 /system/framework/framework-res.apk
adb reboot
---------------------------------------///------------------------------------
IF NONE OF THE ABOVE APPLIES TO YOU THEN DO THESE STEPS:
//Step 1: push zergRush on the device then run chmod 755 on zergRush
Code:
$ adb push zergRush /data/local/tmp
$ adb shell chmod 755 /data/local/tmp/zergRush
//Step 2: temp root
Code:
$ adb shell
adb server is out of date. killing...
* daemon started successfully *
$ cd data/local
cd data/local
$ cd tmp
cd tmp
$ ls
ls
boomsh
zergRush
sh
$ rm sh boomsh [B]Remove everything but zergRush here, it will not matter if yours is missing/out of order compared to mine[/B]
rm sh boomsh
$ ./zergRush
./zergRush
[**] Zerg rush - Android 2.2/2.3 local root
[**] (C) 2011 Revolutionary. All rights reserved.
[**] Parts of code from Gingerbreak, (C) 2010-2011 The Android Exploid Crew.
[+] Found a GingerBread ! 0x00015118
[*] Scooting ...
[*] Sending 149 zerglings ...
[+] Zerglings found a way to enter ! 0x10
[+] Overseer found a path ! 0x000151e0
[*] Sending 149 zerglings ...
[+] Zerglings caused crash (good news): 0x40119cd4 0x0054
[*] Researching Metabolic Boost ...
[+] Speedlings on the go ! 0xafd195cb 0xafd3937f
[*] Popping 24 more zerglings
[*] Sending 173 zerglings ...
[+] Rush did it ! It's a GG, man !
[+] Killing ADB and restarting as root... enjoy!
//Step 3: reboot into fastboot
//note: 4002 for fastboot
Code:
$ adb shell
# cd /system/bin
cd /system/bin
# idme bootmode 4002
idme bootmode 4002
<idme> write 4002 to offset 0x1000
# reboot
reboot
//Step 4: clear user data and cache using fastboot
//note: 0x1949 is the device-id for the kindle so fastboot can recognize it
Code:
$ fastboot -i 0x1949 -w //this part might take a while
erasing 'userdata'... OKAY [110.203s]
erasing 'cache'... OKAY [ 28.328s]
finished. total time: 138.531s
//Step 5: change back to normal boot mode in fastboot
//note: 4000 is for normal boot
Code:
$ fastboot -i 0x1949 oem idme bootmode 4000
... OKAY [ 0.219s]
finished. total time: 0.219s
//Step 6: use fastboot to restart kindle fire
Code:
$ fastboot -i 0x1949 reboot
rebooting...
finished. total time: 0.016s
At this point the kindle hit splash screen for a few minutes then told me that my device needed to be charged (was at 13%) to continue. **So make sure your device is charged**, otherwise you will have to wait about 20-30 minutes depending on your charge %. The amber light finally came on while connected to PC which it wasn't doing before so this was a good sign.
After it was charged enough the next step stated: "Your kindle has detected a problem and must clear app storage.The recovery precess will erase some applications and data from your device. Apps from the appstore are stored in the cloud and can be reinstalled later. This will reset your kindle to its original factory settings. You will need to re-register your kindle prior to downloading items from your amazon account. Please press power button to proceed"
After you press the power button it shows a progress bar, reboots, hits splash screen for a few minutes then takes you to set up your Kindle Fire account YAYYYY!

Just a suggestion but perhaps one of the mods could move this to the developer's forum (or sticky it and make the links have http:// in front)? The OP could not post it there since they do not have 10 posts yet, but they're a friend of mine and we worked together to unbrick their device.

unbricking from recovery
I am going to try the method for unbricking, but not sure it will work on mine. My fire is stuck on the boot screen where it has a long message saying there is a problem with the fire and that it needs to restore the apps and bring it back to default.
It then says to press the power button continue with the restore. Then it completes, says success, then reboots right back into the same message screen all over again.
When I adb devices I get "firexxxxxSN recovery"
I am hoping fastboot can help me or perhaps I need to re-image recovery or boot.
What happened was this. I tried to follow a method to change my wallpapers using metamorph. I followed all the steps then started getting theme errors and such while in the kindle. I rebooted and was stuck in the bootloop as described here.
Being the novice I am, I thought I could then copy over a fresh copy of "system" from the fire system dump that was posted. I did this and this is where I am now.
Any help would be appreciated. It might be a good idea for us to figure this one out so that we have the procedure.

you dont need root to run idme.
But since you can get root, try clearing the /data/dalvik-cache by hand & reboot.. much quicker than a full userdata wipe.

Hi, assuming your responding to me, whats idme? Right now I cant get root just a bootloop. And when I adb devices I get my device serial # recovery where is normally says device serial # device
---------- Post added at 03:57 PM ---------- Previous post was at 03:46 PM ----------
Here is the exact message I get on the screen:
'Your Kindle has detected a problem and must clear app storage. The recovery process will erase some applications and data from your device. Apps from the appstore are stored in the cloud and can be reinstalled later.
This will reset your kindle to its original factory settings. you will need to re-register your kindle prior to downloading items from your Amazon account.
Please press power button to proceed.'
After i press the power button I get a status bar indicating the restore, it then says success, then reboots and ultimately comes back to the same restore screen as noted above.
Any help is appreciated.

Hey, can you please tell me how you get into fastboot? I went to the wiki and did everything it said there but am stuck because I am getting stuck on step 5
Boot device into bootloader - How do I do this? Is this simply powering on the fire?
Make sure the device is in FASTBOOT and not HBOOT - same question

I'm getting "zergRush: permission denied" any help?

Wow, I'm so glad I found this! You just may be my life/job saver. I'm going to try this right now and reply with status.

transfuntioner said:
you dont need root to run idme.
But since you can get root, try clearing the /data/dalvik-cache by hand & reboot.. much quicker than a full userdata wipe.
Click to expand...
Click to collapse
I tried this previous to what I explained in my fix above and it didn't work. I was still stuck in bootloop and getting the same errors in the logs.

transfuntioner said:
you dont need root to run idme.
But since you can get root, try clearing the /data/dalvik-cache by hand & reboot.. much quicker than a full userdata wipe.
Click to expand...
Click to collapse
@transfuntioner - This sounds logical and I did try this. In my specific case it didn't work either but may work for others.

Done! Thanks ubeezee your awesomeness knows no boundaries. I owe you big-time! I'ma gonna buy you a whole case of beers.

@md202000 Glad it worked for you!

justki said:
I'm getting "zergRush: permission denied" any help?
Click to expand...
Click to collapse
Can you give more explanation (i.e. what you were doing beforehand)?
---------- Post added at 08:56 PM ---------- Previous post was at 08:54 PM ----------
bjanice44 said:
Hey, can you please tell me how you get into fastboot? I went to the wiki and did everything it said there but am stuck because I am getting stuck on step 5
Boot device into bootloader - How do I do this? Is this simply powering on the fire?
Make sure the device is in FASTBOOT and not HBOOT - same question
Click to expand...
Click to collapse
Don't rely on the wiki directions...those are meant for other devices (particularly phones). Just do the steps listed in the OP in that order. You won't get some screen that explicitly says FASTBOOT. You'll just assume you are there because fastboot commands will work (and the fact you told the device to go into fastboot before rebooting it through bootmode idme).
Hi, assuming your responding to me, whats idme? Right now I cant get root just a bootloop.
Click to expand...
Click to collapse
Just because you have a bootloop, does not imply you cannot do things like run adb. You need to run "adb shell" with the kindle plugged into the computer and then push over the zergRush exploit and get root and then switch the mode to FASTBOOT. You cannot as far as I know get into FASTBOOT on the device unless you are able to tell it to through temp rooting and adb first.
But since you can get root, try clearing the /data/dalvik-cache by hand & reboot.. much quicker than a full userdata wipe.
Click to expand...
Click to collapse
From trying that with ubeezee, it did nothing to help on its own. It took clearing out all user data to trigger a restore that did something useful.

bjanice44 said:
I am going to try the method for unbricking, but not sure it will work on mine. My fire is stuck on the boot screen where it has a long message saying there is a problem with the fire and that it needs to restore the apps and bring it back to default.
It then says to press the power button continue with the restore. Then it completes, says success, then reboots right back into the same message screen all over again.
When I adb devices I get "firexxxxxSN recovery"
I am hoping fastboot can help me or perhaps I need to re-image recovery or boot.
What happened was this. I tried to follow a method to change my wallpapers using metamorph. I followed all the steps then started getting theme errors and such while in the kindle. I rebooted and was stuck in the bootloop as described here.
Being the novice I am, I thought I could then copy over a fresh copy of "system" from the fire system dump that was posted. I did this and this is where I am now.
Any help would be appreciated. It might be a good idea for us to figure this one out so that we have the procedure.
Click to expand...
Click to collapse
Did you try it out?

justki said:
I'm getting "zergRush: permission denied" any help?
Click to expand...
Click to collapse
I think I know why, I forgot to add that you need to run chmod 755 on zergRush.(see updated first post)
adb shell chmod 755 /data/local/tmp/zergRush
after you push zergRush

i got to step 3 and there is no animation over the letters, so i think i am in fastboot, but i can not access the shell anymore. it appears my device is not being seen by adb? evn at a cmd prompt i tried fastboot devices and that shows nothing either.
any advice?

dingo8baby said:
i got to step 3 and there is no animation over the letters, so i think i am in fastboot, but i can not access the shell anymore. it appears my device is not being seen by adb? evn at a cmd prompt i tried fastboot devices and that shows nothing either.
any advice?
Click to expand...
Click to collapse
I'm not totally sure what you mean. Are you trying to access adb while in fastboot? Because that will not work.
When you're in fastboot, you don't use adb, you use fastboot commands to wipe all the user data (see the reference link in the OP for the commands that work on fastboot and note that it's nothing like adb). Fastboot runs a much lower level than anything you access in adb--it's like being in the BIOS for your computer more or less. It wont show "devices" or anything like that unless you explicitly run the "fastboot -i 0x1949 devices" command (I didn't bother to run that command on the kindle, I just jumped ahead and had it wiped using fastboot, since it didn't really matter if it detected it or not).
However, even if you don't run that command to show devices, you'll know it works when you run the fastboot command to wipe data and it gives you a reply. If it doesn't give a reply and just hangs, then you weren't in fastboot (or you typed the command wrong) and need to try again (press ctrl+c to cancel the command, but just FYI, it takes 3-5 minutes for it to wipe all data, so be patient before canceling).

dingo8baby said:
i got to step 3 and there is no animation over the letters, so i think i am in fastboot, but i can not access the shell anymore. it appears my device is not being seen by adb? evn at a cmd prompt i tried fastboot devices and that shows nothing either.
any advice?
Click to expand...
Click to collapse
Like yareally said, you should move on to step 4 if you are in fastboot. The only time you will need to access adb shell is when it says on the instructions.

ok, i'm sorry if i wasn't clear.
I saw the $ prompt, so I assumed the commands were run in a adb shell.
If i run the fastboot commands in a cmd window, this is the output:
C:\android-sdk-windows\tools>fastboot -i 0x1949 -w
usage: fastboot [ <option> ] <command>
commands:
update <filename> reflash device from update.zip
flashall 'flash boot' + 'flash system'
flash <partition> [ <filename> ] write a file to a flash partition
erase <partition> erase a flash partition
getvar <variable> display a bootloader variable
boot <kernel> [ <ramdisk> ] download and boot kernel
flash:raw boot <kernel> [ <ramdisk> ] create bootimage and flash it
devices list all connected devices
reboot reboot device normally
reboot-bootloader reboot device into bootloader
options:
-w erase userdata and cache
-s <serial number> specify device serial number
-p <product> specify product name
-c <cmdline> override kernel commandline

dingo8baby said:
ok, i'm sorry if i wasn't clear.
I saw the $ prompt, so I assumed the commands were run in a adb shell.
If i run the fastboot commands in a cmd window, this is the output:
C:\android-sdk-windows\tools>fastboot -i 0x1949 -w
usage: fastboot [ <option> ] <command>
commands:
update <filename> reflash device from update.zip
flashall 'flash boot' + 'flash system'
flash <partition> [ <filename> ] write a file to a flash partition
erase <partition> erase a flash partition
getvar <variable> display a bootloader variable
boot <kernel> [ <ramdisk> ] download and boot kernel
flash:raw boot <kernel> [ <ramdisk> ] create bootimage and flash it
devices list all connected devices
reboot reboot device normally
reboot-bootloader reboot device into bootloader
options:
-w erase userdata and cache
-s <serial number> specify device serial number
-p <product> specify product name
-c <cmdline> override kernel commandline
Click to expand...
Click to collapse
I'm a bit confused as to what you are doing. What were you using before to enter commands? Whatever you were using that got you to step 3, was what you need to use. There should always be $ infront of your commands.
Oh I just saw the problem, the fastboot your using is out of date. Theres no -i command. I think the one that I linked was out of date too.. I'll upload the one I have which is the most current and link it on the main post. Sorry about that! So just start over after you update fastboot using whatever you were using before to enter commands that got you into fastboot.

Stuck in KF boot screen - details

Received my KF about a week ago. Just tried to root it yesterday. That was successful. The instructions I was using said this: "This will “root” your Kindle Fire. You can actually stop here but I recommend you to go to the next steps to install TWRP Recovery, which will allow you to install/backup/restore ROMs and also “unroot” your Kindle Fire when needed easily." So, silly me, without doing further research, went on to the next steps. I almost immediately got stuck, here is the code, ending with the -bash where I was stuck.
Zach:~ Zbhest$
Zach:~ Zbhest$ cd Downloads/KindleFireRootMacLinux
Zach:KindleFireRootMacLinux Zbhest$ mkdir ~/.android
mkdir: /Users/Zbhest/.android: File exists
Zach:KindleFireRootMacLinux Zbhest$ cp adb_usb.ini ~/.android/.
Zach:KindleFireRootMacLinux Zbhest$ cp adb_usb.ini ~/.android/
Zach:KindleFireRootMacLinux Zbhest$ ./adb-mac kill-server
Zach:KindleFireRootMacLinux Zbhest$ ./adb-mac devices* daemon not running. starting it now *
* daemon started successfully *
List of devices attached
08EC002600000001 device
Zach:KindleFireRootMacLinux Zbhest$ sh runmemac.sh
---------------------------------------------------------------
Easy rooting toolkit (v2.0)
created by DooMLoRD
Modified for Kindle Fire for Linux/Mac by Max Lee at RootKindleFire.com
using exploit zergRush (Revolutionary Team)
Credits go to all those involved in making this possible!
---------------------------------------------------------------
[*] This script will:
(1) root ur device using latest zergRush exploit (10 Nov)
(2) install Busybox (1.18.4)
(3) install SU files (binary: 3.0.3 and apk: 3.0.6)
[*] Before u begin:
(1) enable USB DEBUGGING
from (Menu\Settings\Applications\Development)
(2) enable UNKNOWN SOURCES
from (Menu\Settings\Applications)
(3) [OPTIONAL] increase screen timeout to 10 minutes
(4) connect USB cable to PHONE and then connect 2 computer
---------------------------------------------------------------
--- STARTING ----
--- WAITING FOR DEVICE
--- cleaning
rm failed for *, No such file or directory
--- pushing zergRush
1836 KB/s (23056 bytes in 0.012s)
--- correcting permissions
--- executing zergRush
[**] Zerg rush - Android 2.2/2.3 local root
[**] (C) 2011 Revolutionary. All rights reserved.
[**] Parts of code from Gingerbreak, (C) 2010-2011 The Android Exploid Crew.
[+] Found a GingerBread ! 0x00015118
[*] Scooting ...
[*] Sending 149 zerglings ...
[+] Zerglings found a way to enter ! 0x10
[+] Overseer found a path ! 0x000151e0
[*] Sending 149 zerglings ...
[+] Zerglings caused crash (good news): 0x40119cd4 0x0054
[*] Researching Metabolic Boost ...
[+] Speedlings on the go ! 0xafd195bb 0xafd39357
[*] Popping 24 more zerglings
[*] Sending 173 zerglings ...
[+] Rush did it ! It's a GG, man !
[+] Killing ADB and restarting as root... enjoy!
--- WAITING FOR DEVICE TO RECONNECT
if it gets stuck over here for a long time then try:
disconnect usb cable and reconnect it
toggle USB DEBUGGING (first disable it then enable it)
--- DEVICE FOUND
--- pushing busybox
4634 KB/s (1075144 bytes in 0.226s)
--- correcting permissions
--- remounting /system
--- copying busybox to /system/xbin/
2099+1 records in
2099+1 records out
1075144 bytes transferred in 0.038 secs (28293263 bytes/sec)
--- correcting ownership
--- correcting permissions
--- installing busybox
--- pushing SU binary
1508 KB/s (22228 bytes in 0.014s)
--- correcting ownership
--- correcting permissions
--- correcting symlinks
--- pushing Superuser app
5116 KB/s (785801 bytes in 0.149s)
--- cleaning
--- rebooting
--- WAITING FOR DEVICE
5382 KB/s (3104805 bytes in 0.563s)
Error: Could not access the Package Manager. Is the system running?
All Done, Kindle Fire ROOTED!!!
Check out RootKindleFire.com for more cool hacks!
Zach:KindleFireRootMacLinux Zbhest$
Zach:KindleFireRootMacLinux Zbhest$ ./adb-mac root
restarting adbd as root
Zach:KindleFireRootMacLinux Zbhest$ ./adb-mac remountremount succeeded
Zach:KindleFireRootMacLinux Zbhest$ ./adb-mac push su /system/xbin/su
260 KB/s (22228 bytes in 0.083s)
Zach:KindleFireRootMacLinux Zbhest$ ./adb-mac shell chmod -6755 /system/sbin/su
Bad mode
Zach:KindleFireRootMacLinux Zbhest$ .adb./adb-mac shell chown 0.0 /system/xbin/su
-bash: .adb./adb-mac: No such file or directory
Zach:KindleFireRootMacLinux Zbhest$ ./adb-mac shell chown 0.0 /system/xbin/su
Zach:KindleFireRootMacLinux Zbhest$ cd Desktop/kindleFireRootNew
-bash: cd: Desktop/kindleFireRootNew: No such file or directory
Zach:KindleFireRootMacLinux Zbhest$ cd desktop/kindlefirerootnew
-bash: cd: desktop/kindlefirerootnew: No such file or directory
Zach:KindleFireRootMacLinux Zbhest$ ./adb-mac push su /system/xbin/su
877 KB/s (22228 bytes in 0.024s)
Zach:KindleFireRootMacLinux Zbhest$ ./adb-mac root
adbd is already running as root
Zach:KindleFireRootMacLinux Zbhest$ ./adb-mac remountremount succeeded
Zach:KindleFireRootMacLinux Zbhest$ ./adb-mac push su /system/xboin/su
264 KB/s (22228 bytes in 0.081s)
Zach:KindleFireRootMacLinux Zbhest$ ./adb-mac shell cown 0.0 /system/xbin/su
cown: not found
Zach:KindleFireRootMacLinux Zbhest$ ./adb-mac shell chown 0.0 /system/xbin/su
Zach:KindleFireRootMacLinux Zbhest$ ./adb-mac shell chmod 06755 /system/xbin/su
Zach:KindleFireRootMacLinux Zbhest$ ./adb-mac install Superuser.apk
3818 KB/s (785801 bytes in 0.200s)
pkg: /data/local/tmp/Superuser.apk
Success
Zach:KindleFireRootMacLinux Zbhest$ ./adb-mac shell
# su
# idme bootmode 4002
<idme> write 4002 to offset 0x1000
# reboot
Zach:KindleFireRootMacLinux Zbhest$ ./fastboot-mac -i 0x1949 boot twrp-blaze-2.0.0RC0.img
-bash: ./fastboot-mac: No such file or directory
And now my Mac does not recognize my KF. When I unplug my KF it appears bricked (will not turn on), but when it is plugged into a wall outlet I can do the hard reset, it charges, but does not go past the KF boot screen.
Also, ADB does not recognize any devices.
Additionally, I have a windows 7 machine. I was going to attempt to pick up where I left off, but as my KF is listed as an "unknown device," I cannot update drivers (or do not know how to do so manually). I also installed this little number: http://forum.xda-developers.com/showthread.php?t=1430038
And I currently have linux loaded on my W7 machine. When I try to use the "normal_boot" command, which is advised, I get:
"Resetting bootmode to standard boot...
< waiting for device >
"
So, yeah. That is where I am at. I WOULD go on to the other directions in firekit, but would prefer not to completely void the warranty using the "usb boot mode trick".
If windows 7 is the key here, I may need a walk through for driver installation and such. Otherwise, I am not totally disinclined to call customer service and ask for a replacement. Apparently they have been good about replacing rooted kindles?

Same issue right now... already tried reinstalling windows/firekit liveusb but nothing works=\ Is there any news on this problem?

http://support.microsoft.com/kb/315539/en-us
http://forum.xda-developers.com/showpost.php?p=20855280&postcount=54

I did read all those threads about such problem before. Just no matter what i do those drivers won't install. I only get unknown device on 7/xp and cannot change it coz when i manually select those drives windows says that there no device info in it=\ Thanks for help anyways

did you select adb_usb.ini ? it's just the folder with this file in it. selecting just the folder is usually enough. if you want to select the file: the driver file is android_winusb.inf. there is the harware info
if you have xp available then use this machine - it's easier

Yeah i did select that inf file (it was only one selectable in folder anyway) but it still says same stuff. I have xp right now if that gonna change something

yes xp is easier to handle because:
only 32bit -> only 1 driver version
no user access control -> don't need to do every thing as administrator
please check the following:
you have a .android folder under your user directory - in this folder is adb_usb.ini - the file has entries for device 0x1949 and 0x18D1 - if not run install.bat from the driver set i provided
check your device manager and delete every entry with kindle or adb
unplug and replug your kf - select the driver i provided manually

Got those 0x1949 and 0x18D1 in adb_usb file. And i only have unknown device every time i plug kindle in, no adb kindle at all

right click unknown device - update driver - select android_winusb.inf
if this don't work we have to cleanup old drivers -> could help per teamviewer if you like

When i try to update driver and manually use inf you provided it says that there no device info there=\ And i got unknown device since fresh windows install so idk what driver can cause it -.- I could ve try teamviewer but my windows is not english so it gonna be quite useless.

what language ?

Well it's in russian +there no laptop drivers yet coz im using xp only for this god dam kindle

ok your right - with russian i have a problem
will try to describe you the steps:
disconnect and power off (pwr ~30sec) your KF
open a command prompt
type "set devmgr_show_nonpresent_devices=1"
type "start devmgmt.msc"
Click Show hidden devices on the View menu in Device Manager
uninstall every entry with kindle, android phone or adb device
power down computer and power on again (no restart)
tell me if your done - we will resume ...

ok i did everything step by step tho there was none of adb/android phone/kindle so i just deleted my unknown device.

ok - lets resume:
you may want to delete your old driver set previously downloaded - it must be faulty
now download the one from this post and extract it to c:\
now plugin your kf (don't power it on - will do it by itself)
if you' asked
-choose browse my computer for driver software
-Then select have disk
-Then select browse
-direct to where you downloaded the usb driver i attached
-Select okay and okay
just in case you'r not asked:
-Go to device manager
-right click on the exclamation mark kindle
-Choose update driver software
-choose browse my computer for driver software
-choose let me pick from a list of devices on my computer
-Then select have disk
-Then select browse
-direct to where you downloaded the usb driver i attached
-Select okay and okay
if this don't work eighter then i would think you have a faulty cable !
try an other one ...

Nope still same=\ Guess i will look for new cable tomorrow then tho this one was just fine today at transfering stuff (dam you nokia!). Well thanks for trying to help anyway.

you have the nokia cable - i have the same one
tell me the status your kf now
stuck at boot screen ?
some other tricks:
http://forum.xda-developers.com/showpost.php?p=20945694&postcount=506
if you'r stuck in wrong bootmode:
with adb:
adb shell su -c "idme bootmode 4000"
adb reboot
with fastboot:
fastboot -i 0x1949 oem idme bootmode 4000
fastboot -i 0x1949 reboot
or
fastboot -i 0x18d1 oem idme bootmode 4000
fastboot -i 0x18d1 reboot
or
fastboot oem idme bootmode 4000
fastboot reboot
if you issue the fastboot commands and get <waiting for device> over some while power the kf off (pwr ~30sec) and on. at some point it should recognize the command

Yeah it same as before=\ I have same problem as topic starter aka device in fastboot and windows won't recognize it and install correct drivers. Fastboot commands won't work coz i don't have correct drivers and all they do is stuck on waiting for device/
xx time later = IT WORKS!!! for some weird reason it picked kindle up nothing changed in windows yet it works! Thanks again for your help time to flash recovery again.

courious - just tested on mine
when i switch to fastboot it is recognised as "android adb interface"
not the composite thing !
and i have the same drivers on xp
perhaps you want to try this one:
http://forum.xda-developers.com/showthread.php?t=1428428
sorry - no more ideas ...
UPDATE: hurraaa !!! - wish you all the best and good luck !!!

[Gen8v2, A70B/A70IT2 Froyo] HOWTO: Enable SDE menus without Archos SDE firmware

Hi All,
As some may know, current Official SDE for gen8 doesn't work on the new Froyo Gen8 v2 devices (currently: A70b / A70it2).
As we do on Gen9, there is a way to enable SDE menu in recovery for the new Archos A70S/A70it2. It's quite easy and safe, it has been used multiple times on gen9 and only use Archos commands (except of course temp root that is done by using psneuter).
Disclaimer: I'm not responsible if you blow your device with this, I'm only using existing Archos commands but this is not an official Archos release. Use at your own risks.
If you don't know about SDE, check my Gen9 thread here, it has some pictures that could help (70it2 menus are not exactly the same but are similar).
So, to enable it:
1) You must have adb working, I won't detail how to install or use it here. "adb shell" should give you a '$' prompt, if it doesn't, check your adb installation first.
2) Unzip content of the attached file to a directory (or platform-tools if adb is not in your PATH)
3) Launch enable_sde.bat script (or enable_sde.sh for linux, don't forget to chmod 755 it)
4) It should display something like this:
Code:
5800 KB/s (557962 bytes in 0.093s)
4625 KB/s (2564188 bytes in 0.541s)
5000 KB/s (728825 bytes in 0.142s)
property service neutered.
killing adbd. (should restart in a second or two)
Generating KD...
Updating KD (3293269 bytes)...
0
100
4) If it worked properly (check file sizes, some had troubles with adb push), reboot in recovery with power+vol+, you should now see the SDE boot menu. If you go to recovery, you should see the and if you go to recovery, you should see the "Developer Edition Menu". If it doesn't work for you, please report in this thread.
Next step is to install a rooted build, you can find one here.
Cheers,
LeTama

Flawless victory...excellent.

Hello!
i get the following error:
Code:
D:\test>enable_sde.bat
D:\test>adb push psneuter /tmp
failed to copy 'psneuter' to '/tmp/psneuter': Permission denied
D:\test>adb push init_zImage /tmp
failed to copy 'init_zImage' to '/tmp/init_zImage': Permission denied
D:\test>adb push init-cpio.gz /tmp
failed to copy 'init-cpio.gz' to '/tmp/init-cpio.gz': Permission denied
D:\test>adb shell chmod 755 /tmp/psneuter
chmod: /tmp/psneuter: No such file or directory
D:\test>adb shell /tmp/psneuter
/bin/sh: /tmp/psneuter: not found
D:\test>ping 127.0.0.1 -n 5 -w 1000 1>nul
D:\test>adb shell /usr/bin/kd_flasher -i /tmp/init-cpio.gz -k /tmp/init_zImage
Generating KD...
cannot open kernel file: No such file or directory
mkflashimage failed
D:\test>adb shell sync
D:\test>
it is an archos A70it2.

Honeycomb or Froyo model ?
This one is for Froyo, I changed title to reflect it, sorry. Check my sig for the Honeycomb one...

Ok, it is the honeycomb model I will try the other one - thx!

[XT1028 XT10XX] Lollipop - temporary root achieved !

Thanks to @kryz who managed to generalize the Dirty Cow exploit, XT1028 now has a way to get temporary root : link. Notice that the /system will still be read-only, but at least full access to /data is available. Given the state of XT1028, this looks like a pretty good progress!
Steps to get temp root (in Lollipop):
1) install Croowt.apk, use the 2nd option in the menu : "Get root"
2) install SuperSu apk from the playstore (don't update the binary)
3) install RootChecker apk from the playstore
4) enjoy temporary root (until hard reboot)
The earlier post for Android 4.4.4:
For all KitKat holdouts, I've tried to use Dirty Cow and got temp root. Could work on other Android versions as well. Now, at least this root one does not seem to crash as much (unlike Kingroot). Here is a brief set of steps. First, download this package:
https://mega.nz/#!LFlBRAhS!rDl7PJMkFq7HqUDDgbKV6ddv-C3qkQIJl_CJkhkx2sc
Then
Code:
adb push dirtycow /data/local/tmp
adb push cow-execute /data/local/tmp
adb shell
cd /data/local/tmp
chmod 0777 *
[email protected]_cdma:/data/local/tmp $ ./dirtycow /system/bin/run-as ./cow-execute
bin/run-as ./cow-execute <
warning: new file size (13728) and file old size (9432) differ
size 13728
[] mmap 0xb6e64000
[] exploit (patch)
[] currently 0xb6e64000=464c457f
[] madvise = 0xb6e64000 13728
[] madvise = 0 1048576
[] /proc/self/mem 0 1048576
[] exploited 0xb6e64000=464c457f
[email protected]_cdma:/data/local/tmp $ run-as -exec id
run-as -exec id
Current uid: 2000
Setting capabilities
Attempting to escalate to root
Current uid: 0
Executing: 'id' with 0 arguments
uid=0(root) gid=0(root) groups=1003(graphics),1004(input),1007(log),1011(adb),10
15(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net
_bw_stats) context=u:r:runas:s0
[email protected]_cdma:/data/local/tmp $ run-as -exec sh
run-as -exec sh
Current uid: 2000
Setting capabilities
Attempting to escalate to root
Current uid: 0
Executing: 'sh' with 0 arguments
[email protected]_cdma:/data/local/tmp #
Not sure how much one can do here without bootloader unlock though ...

Tried it on my Cricket Wireless XT1045 which has been stuck on 4.4.4 without any kind of root for a while now and it worked as shown in your post. Hopefully it'll be a stepping stone to some more permanent kind of root, maybe even something that can be used with Sunshine to unlock the bootloader.

linuxgator said:
Tried it on my Cricket Wireless XT1045 which has been stuck on 4.4.4 without any kind of root for a while now and it worked as shown in your post. Hopefully it'll be a stepping stone to some more permanent kind of root, maybe even something that can be used with Sunshine to unlock the bootloader.
Click to expand...
Click to collapse
Try this, see if you can copy su binary to system (it will disappear after reboot) :
http://android.stackexchange.com/questions/127230/android-adb-has-root-access-but-no-su-binary
Then soft reboot to make it work, in root shell type :
killall zygote
The hope is to get you SuperSu (until next reboot). I believe we are probably back to where these phones were with the old Pie exploit:
http://forum.xda-developers.com/moto-x/orig-development/root-4-4-x-pie-motorola-devices-t2771623
Kingroot used to be able to make a fake copy of itself into /system which disappeared soon after.
I have this stupid Watcher on my phone, and don't want to try these other steps since I don't want it to kill my corporate email ...

Updated with the new Lollipop instructions!
@linuxgator

Nice link down

@bibikalka any chance you can post the kitkat version again?

Logcat/Recowvery issue

I've done it before but it seems like it's just not giving in this time. I had the phone rooted before and had to unroot for what I thought was going to be an insurance claim through my work (T-Mobile) and ended up just having some friends replace the screen for me. I went back to root the device again and still had all the same original files that I used to originally root and even locked and unlocked the bootloader again hoping that would fix my issue but I'm still getting hung at the logcat -s recowvery command. It shows <------- Beginning of system> <-------- Beginning of main> and just hangs and does nothing else.
text posted of every command I used to the exact instructions on @jcadduono post on how to root the h918
can't post screenshots because of new member.
Code:
C:\Users\Mike\Desktop\mini tools>adb devices
List of devices attached
LGH9185c391d6e device
C:\Users\Mike\Desktop\mini tools>adb push dirtycow /data/local/tmp
dirtycow: 1 file pushed. 0.3 MB/s (9984 bytes in 0.030s)
C:\Users\Mike\Desktop\mini tools>adb push recowvery-applypatch /data/local/tmp
recowvery-applypatch: 1 file pushed. 1.7 MB/s (18472 bytes in 0.011s)
C:\Users\Mike\Desktop\mini tools>adb push recowvery-app_process64 /data/local/tmp
recowvery-app_process64: 1 file pushed. 1.0 MB/s (10200 bytes in 0.010s)
C:\Users\Mike\Desktop\mini tools>adbpush recowvery-run-as /data/local/tmp
'adbpush' is not recognized as an internal or external command,
operable program or batch file.
C:\Users\Mike\Desktop\mini tools>adb push recowvery-run-as /data/local/tmp
recowvery-run-as: 1 file pushed. 0.9 MB/s (10192 bytes in 0.011s)
C:\Users\Mike\Desktop\mini tools>adb shell
elsa:/ $ cd /data/local/tmp
elsa:/data/local/tmp $ chmod 0777 *
/dirtycow /system/bin/applypatch recowvery-applypatch <
warning: new file size (18472) and file old size (165144) differ
size 165144
[*] mmap 0x7e70077000
[*] exploit (patch)
[*] currently 0x7e70077000=10102464c457f
[*] madvise = 0x7e70077000 165144
[*] madvise = 0 1048576
[*] /proc/self/mem 1367343104 1048576
[*] exploited 0x7e70077000=10102464c457f
./dirtycow /system/bin/app_process64 recowvery-app_process64 <
warning: new file size (10200) and file old size (18600) differ
size 18600
[*] mmap 0x7ddae0d000
[*] exploit (patch)
[*] currently 0x7ddae0d000=10102464c457f
[*] madvise = 0x7ddae0d000 18600
[*] madvise = 0 1048576
[*] /proc/self/mem -1971322880 1048576
[*] exploited 0x7ddae0d000=10102464c457f
elsa:/data/local/tmp $ exit
C:\Users\Mike\Desktop\mini tools>adb logcat -s recowvery
--------- beginning of system
--------- beginning of main

how to fix lgh918 recowvery issue
OfficialVillager said:
I've done it before but it seems like it's just not giving in this time. I had the phone rooted before and had to unroot for what I thought was going to be an insurance claim through my work (T-Mobile) and ended up just having some friends replace the screen for me. I went back to root the device again and still had all the same original files that I used to originally root and even locked and unlocked the bootloader again hoping that would fix my issue but I'm still getting hung at the logcat -s recowvery command. It shows <------- Beginning of system> <-------- Beginning of main> and just hangs and does nothing else.
text posted of every command I used to the exact instructions on @jcadduono post on how to root the h918
can't post screenshots because of new member.
Code:
C:\Users\Mike\Desktop\mini tools>adb devices
List of devices attached
LGH9185c391d6e device
C:\Users\Mike\Desktop\mini tools>adb push dirtycow /data/local/tmp
dirtycow: 1 file pushed. 0.3 MB/s (9984 bytes in 0.030s)
C:\Users\Mike\Desktop\mini tools>adb push recowvery-applypatch /data/local/tmp
recowvery-applypatch: 1 file pushed. 1.7 MB/s (18472 bytes in 0.011s)
C:\Users\Mike\Desktop\mini tools>adb push recowvery-app_process64 /data/local/tmp
recowvery-app_process64: 1 file pushed. 1.0 MB/s (10200 bytes in 0.010s)
C:\Users\Mike\Desktop\mini tools>adbpush recowvery-run-as /data/local/tmp
'adbpush' is not recognized as an internal or external command,
operable program or batch file.
C:\Users\Mike\Desktop\mini tools>adb push recowvery-run-as /data/local/tmp
recowvery-run-as: 1 file pushed. 0.9 MB/s (10192 bytes in 0.011s)
C:\Users\Mike\Desktop\mini tools>adb shell
elsa:/ $ cd /data/local/tmp
elsa:/data/local/tmp $ chmod 0777 *
/dirtycow /system/bin/applypatch recowvery-applypatch <
warning: new file size (18472) and file old size (165144) differ
size 165144
[*] mmap 0x7e70077000
[*] exploit (patch)
[*] currently 0x7e70077000=10102464c457f
[*] madvise = 0x7e70077000 165144
[*] madvise = 0 1048576
[*] /proc/self/mem 1367343104 1048576
[*] exploited 0x7e70077000=10102464c457f
./dirtycow /system/bin/app_process64 recowvery-app_process64 <
warning: new file size (10200) and file old size (18600) differ
size 18600
[*] mmap 0x7ddae0d000
[*] exploit (patch)
[*] currently 0x7ddae0d000=10102464c457f
[*] madvise = 0x7ddae0d000 18600
[*] madvise = 0 1048576
[*] /proc/self/mem -1971322880 1048576
[*] exploited 0x7ddae0d000=10102464c457f
elsa:/data/local/tmp $ exit
C:\Users\Mike\Desktop\mini tools>adb logcat -s recowvery
--------- beginning of system
--------- beginning of main
Click to expand...
Click to collapse
this is exzactly what happened to me any ideas how to correct it?

I recommend getting the stock kdz and flashing it to get you back to a true stock state. Don't use any kdz after 10j.
Who knows what was left behind when you unrooted. Unrooting doesn't return you to stock. It just unrooted you.
Once on a true stock system, recowvey should work.

androiddiego said:
I recommend getting the stock kdz and flashing it to get you back to a true stock state. Don't use any kdz after 10j.
Who knows what was left behind when you unrooted. Unrooting doesn't return you to stock. It just unrooted you.
Once on a true stock system, recowvey should work.
Click to expand...
Click to collapse
Unfortunately, that won't be the case on 10q or 10r. According to @runningnak3d, they've not only locked down qualcomm processors, but have also basically removed fastboot. There isn't any way to root beyond that update. not yet at least. and with antirollback being enabled now, no way to downgrade. We're stuck in a rut.

OfficialVillager said:
Unfortunately, that won't be the case on 10q or 10r. According to @runningnak3d, they've not only locked down qualcomm processors, but have also basically removed fastboot. There isn't any way to root beyond that update. not yet at least. and with antirollback being enabled now, no way to downgrade. We're stuck in a rut.
Click to expand...
Click to collapse
What firmware is the phone currently on?

androiddiego said:
What firmware is the phone currently on?
Click to expand...
Click to collapse
You'd have to check the about settings of your phone to know what you're on. The most recent is 10r. Im on 10q.

OfficialVillager said:
You'd have to check the about settings of your phone to know what you're on. The most recent is 10r. Im on 10q.
Click to expand...
Click to collapse
You're on 10q. That's why recowvery won't work. It work on 10j and below.

OfficialVillager said:
You'd have to check the about settings of your phone to know what you're on. The most recent is 10r. Im on 10q.
Click to expand...
Click to collapse
Sorry bud you can't root and if you try to go back to a rootable version you'll brick. This is even if you got there through a TWRP flashable zip, since they still update everything except recovery.

Try running logcat -s recowvery directly in an adb shell on the target device.