Explanation of the unlock process
Well, I guess to start off, I have reversed this method from a exploit posted by Rbox which was actually a bug found by jcase. This was posted on XDA as a binary and I just had to know how it worked. So, Its time for some IDA!
First thing I noticed is that it was reading the Aboot, So, naturally, I would grab a STOCK Aboot and a Patched Aboot, with further examination, it was quite clear that is was simply a one bit change. Who would think right?
Stock Header of the Aboot
Now, the Patched Version using the closed source tool
as we can see now, its simply a one bit change.
How to Unlock your boot-loader using my open-source tool
I am not responsible for any damage that may happen to any devices because of this method. I have only tested this on my own device running the recommended firmware. If you do not follow this guide
exactly, you WILL permanently brick your device. No restore, will help you if you mess up. Good luck!
1. Got Root?
You need root for this process to work. If you do not have root, You will need to get towelroot
2. Get my open-source code/tool
git clone httpss://github.com/rhcp011235/firetv_bootloader_unlock.git
3. Time to Unlock
cd firetv_bootloader_unlock/ cd binary adb push unlock_firetv /data/local/tmp/ adb shell su cd /data/local/tmp/ chmod 755 unlock_firetv ./unlock_firetv check ./unlock_firetv unlock
Changing Back to Default
Since this is hardcoded into
Aboot You can do two things. You can restore the firmware back to default or you can simply use my tool :)
cd firetv_bootloader_unlock/ cd binary adb push unlock_firetv /data/local/tmp/ adb shell su cd /data/local/tmp/ chmod 755 unlock_firetv ./unlock_firetv check ./unlock_firetv lock
Reboot and it should be back to normal.