11 Jan r1 6.2.1 - Insecure Boot Image for Kindle Fire

[Guest Paul]

The first thing I generally do when I start hacking around on a device is create an insecure boot image.

The reason for this is that an insecure boot image gives you a degree of 'recoverability' at the very earliest stage of the device boot process - even if you totally screw up /system, you have a change of getting in via ADB and making things better. ;) With this in mind (and since I haven't seen one about yet?), i've created an insecure boot image for the Kindle Fire. This is the stock 6.2 ROM boot image with ro.secure set to 0 and busybox installed as /system/bin/sh. This is important as it means you can still 'adb shell' even with a totally unmountable system partition.

INSTALL AT YOUR OWN RISK! THIS IS ONLY TESTED ON MY 6.2.1 BUILD KINDLE FIRE, I TAKE NO RESPONSIBLITY IF YOUR DEVICE BREAKS ETC. ETC.!

To install, do the following (ADB access is required):

• Download the zergRush binary (huge props to the Revolutionary.io team for this exploit) - DOWNLOAD (ROMraid) - MD5: aed52dbab0e924f3e7fbef8d314da771
  
• Download the insecure boot image - DOWNLOAD (ROMraid) - MD5: 717279b84953e41856b18975a0eb2f48
  
• Check the MD5 hashes of the downloaded files
  
• adb push zergRush to /data/local and make executable ('adb push zergRush /data/local/ && adb shell chmod 4755 /data/local/zergRush')
  
• adb push the insecure boot image ('adb push r1.6.2.1.kindlefire.boot.insecure.img /data/local/')
  
• Gain temproot ('adb shell /data/local/zergRush')
  
• Flash the boot image ('adb shell dd if=/data/local/r1.6.2.1.kindlefire.boot.insecure.img of=/dev/block/platform/mmci-omap-hs.1/by-name/boot')
  
• Reboot the device ('adb reboot')

And that's it, you're done, you should now have root ADB access!

P

[Guest SikYou]

It was a major pain for me to get these files to download through Filesonic so here are some mirrors...

zergRush

r2.6.2.kindlefire.boot.insecure.img

Edited December 14, 2011 by SikYou

[Guest Paul]

Updated for 6.2.1.

P