Well, I guess to start off, I have reversed this method from a exploit posted by Rbox which was actually a bug found by jcase. This was posted on XDA as a binary and I just had to know how it worked. So, Its time for some IDA!

Part 1 (Looking at the original closed source version)

First thing I noticed is that it was reading the Aboot, So, naturally, I would grab a STOCK Aboot and a Patched Aboot, with further examination, it was quite clear that is was simply a one bit change. Who would think right?


Stock Header of the Aboot:


Patched Header of Aboot:


as we can see now, its simply a one bit change.

Part 2 (How to Unlock your boot-loader using my open-source tool!)

I am not responsible for any damage that may happen to any devices because of this method. I have only tested this on my own device running the recommended firmware. If you do not follow this guide exactly, you WILL permanently brick your device. No restore, will help you if you mess up. Good luck!

  1. Got Root? You need root for this process to work. If you do not have root, You will need to get towelroot

  2. Get my open-source code/tool

git clone https://github.com/rhcp011235/firetv_bootloader_unlock.git
  1. Time to Unlock
cd firetv_bootloader_unlock
cd binary
adb push unlock_firetv /data/local/tmp/
adb shell
cd /data/local/tmp/
chmod 755 unlock_firetv
./unlock_firetv check
./unlock_firetv unlock

Reboot and and if you are lucky ;) you now have an unlocked FireTV