This guide will show you how to root the Amazon Fire TV using the DirtyCOW exploit. This is primarily for the 1st-gen Fire TV running older Fire OS 3 versions that were previously unrootable, but it may work for other devices and software versions.
I am posting this guide because I have been asked by several people to post it, but I have not personally followed this guide because I no longer have a device running the software versions that this guide is known to work for. Full credit for this guide goes to slater_g on XDA for posting his instructions and christofsteel on XDA for first sucessfully using Drity COW. Please proceed with caution and at your own risk because I will not be able to help with issues. Please discuss problems and successes in the comments to help others.
Always check my rooting starters guide for the best method to root your device.
This guide is primarily for Fire TV 1 running Software version 184.108.40.206 thru 220.127.116.11. Those specific software versions have no other way to root. If you’re Fire TV 1 is on 18.104.22.168 thru 22.214.171.124, this guide might work to root your device, but you will not be able to downgrade and unlock your bootloader due to the eFuse. This guide might work on Fire TV Stick 1s running Fire OS 3, but I have not seen confirmation. This guide does not work to root Fire OS 5 version 126.96.36.199 and up, regardless of which Fire TV or Fire TV Stick model you have.
- Download and extract the ZIP file at the bottom of this XDA post
- Ensure your device is using a dynamic DHCP IP, meaning you have not set a static IP under network settings.
- Connect to your device via ADB.
- Transfer the 3 files you extract from step 1 to the
/data/local/tmpdirectory on your device by running the following 3 seperate comamnds:
adb push dirtycow /data/local/tmp
adb push ip_script /data/local/tmp
adb push su /data/local/tmp
NOTE: Be sure to replace
dirtycowand ip_scriptand suin the commands above with the full path to those extracted files on your PC.
- Enter ADB Shell by running the command:
- Copy your device’s IP binary by running the command:
cp /system/bin/ip /data/local/tmp
- Make the scripts executable by running the following 2 separate commands:
chmod 755 /data/local/tmp/ip_script
chmod 755 /data/local/tmp/dirtycow
- Go to script directory by running the command:
- Execute the script by running the command:
./dirtycow /system/bin/ip ip_script
NOTE: This will take around 10 minutes to run. When done, it will output something like:
[ *] mmap 0xb51e5000
[ *] exploit (patch)
[ *] currently 0xb51e5000=464c457f
[ *] madvise = 0xb51e5000 17944
[ *] madvise = 0 1048576
[ *] /proc/self/mem 1635778560 1048576
[ *] exploited 0xb51e5000=464c457f
- Exit ADB Shell by running the command:
- Disconnect ADB.
- Execute the exploit by setting a static IP for your device’s network connection. If you don’t know the values you should enter for a static IP, you should go to Settings > System > About > Network on your device and write down the values listed. If you don’t know how to set a static IP, follow this guide.
- Once your device connects to the network using a static IP, the exploit will automatically run in the background and root your device. You can check that your device is rooted by connecting via ADB, entering
adb shell, and entering suto verify that your terminal/command prompt changes from $to #
For Fire TV 1 on software version 188.8.131.52 or older
Follow these steps to get custom recovery installed and get your device on the what ever pre-rooted ROM you want.
- Block software updates on the device by following method 1 of this guide. (Be sure to use the Fire OS 3 command.)
- Download stock software version 184.108.40.206_user_510058520 from here (mirror).
- Downgrade your device to version 220.127.116.11_user_510058520 by following this guide.
- Dowgrading removes root, so re-root your device using the TowelRoot method.
- Unlock your bootloader using this guide.
- Install ClockworkMod custom recovery by following this guide.
- Install pre-rooted ROM version “18.104.22.168_514006420 updated” using this guide.
- Install the kernal boot menu using this guide.
- Install pre-rooted ROM version “22.214.171.124_516012020” using this guide. If you wan tto stay on Fire OS 3, you can stop following the guide after this step, but if you wan to install TWRP and update to Fire OS 5, then continue with the last 2 steps.
- Follow section 1 of this guide to install TWRP custom recovery.
- Install the latest Fire OS 5 pre-rooted ROM by following this guide.