Latest 2018 version of Amazon’s Fire HD 8 tablet has been Rooted with Unlocked Bootloader

The new Amazon Fire HD 8 tablet, released only a few months ago, has been rooted, as spotted by Liliputing. Better yet, the rooting method was achieved by unlocking the bootloader through a chip exploit that the creator of the rooting method claims can only be patched by changing the hardware of the tablet.

A detailed guide for this new rooting method has been posted on XDA Forums. Achieving root is done strictly through software, but the method does involve opening the case of the Fire HD 8 tablet because you must temporarily short/connect two points of the device’s circuit board to put the bootrom into download mode in order for the device to accept the modified software. There’s a possibility that the method will be refined in the future to not require opening up the tablet, but it seems to be relatively easy to do as-is and requires no soldering.

Another requirement of the current rooting procedure is a Linux PC, but this too may be improved soon to include Windows PCs and Macs. In short, the rooting procedure requires prying open the back of the tablet to locate the “CLK” test point on the circuit board, connecting the “CLK” test point to ground with a wire or paper clip, running the provided script on a Linux PC which will wait for the tablet to be connected, and then connecting the tablet to the Linux PC with a micro USB cable while the “CLK” test point is grounded. From there, the provided scripts take care of the rest.

The result is a Fire HD 8 tablet that is rooted with an unlocked bootloader and TRWP custom recovery installed. Having the bootloader unlocked in addition to being rooted, versus just being rooted, means that the tablet will be much easier to recover if you make a mistake, since an unlocked bootloader means you can flash custom boot and system images. This rooting method goes so deep that it can also be used to recover a bricked tablet that was previously ruined through a botched firmware downgrade.

Right now, this rooting method is only available for the latest 2018 version of the Fire HD 8 tablet, but the creator says that “the vulnerability is present on every MediaTek [CPU] device,” so this is very likely just the start for this rooting method. There are already people working on adapting this rooting method to older Fire HD 8 models, as well as the current Fire HD 10 tablet. While the vulnerability is the same across all of these devices, the scripts must be adapted for each device due to different memory addresses and offsets.

The Fire TV 2, Fire TV Stick 2, and Fire TV Stick 4K all use MediaTek CPUs that are likely vulnerable to this same exploit. If the bootrom of those device’s can be put into download mode and someone adapts the rooting method to the Fire TV’s specific hardware addresses, then we might see new Fire TV rooting methods in the near future. I’ll, of course, be keeping a very close eye on how this all unfolds.

  1. Adam O'Donnell says:

    This is cool, but I’m not sure what I’d do with it that would be worth the effort. I’ve already installed the Google Play store on all my HD 8s.

    • Red says:

      To maybe finally be able to get hangouts dialer & s few other apps finally working? Most do but not all by just loading play store & dependencies.

  2. It would be cool to install a native android on it

  3. ZeroEpoch says:

    It will definitely be possible to root the Fire TV devices (at least version 2). While I was working on aftv2-tools I attempted to modify the preloader on one of my devices and it reverts to the bootrom (and was still stuck there), so the bootrom is definitely there. No idea how long it would take the port the work over since I’ve been out of the scene for years and don’t even have an AFTV2 anymore.

    • AFTVnews says:

      That’s great to hear! Thanks for chiming in!

      (For other curious, this is the person who originally rooted the Fire TV 2.)

      • ZeroEpoch says:

        I just got a reply from xyz` explaining what he tried that I didn’t and why I never got the device stuck at the bootrom working again. I had a suspicion that the eMMC (flash storage) was not enabled. He figured out a way to initialize it so he could write to the flash storage. That alone is enough to root the device similar to how I did it. He went much beyond that to exploit the bootrom to run his own C code and then found that exploit in lk (haven’t looked into that yet) to allow unlocked fastboot. Even with my level of understanding of the preloader I’m very astonished with what he was able to do! It’s amazing working.

        • Matt says:

          Unlocked fastboot is YUUUGE! Root is badass, but the bootloader unlock is crazy powerful. Props to both of you guys. Amazing

        • infinity says:

          Is this still all about the 2015 firetv 2 box? What would be the benefit of having an unlocked bootloader additionally to an already rooted device?

          Do you guys see any way to root the new fire tv stick 4k?

          • ZeroEpoch says:

            With an unlocked bootloader it opens up the door to proper TWRP support (not re-init into TWRP) as well as custom ROMs. Also it makes it much easier to change versions because you can use fastboot to flash images even if TWRP is not working.

  4. JFC says:

    Any progress on a rooting method for the HD 8 that is software/firmware only, and does not require cracking open the tablet and monkeying with hardware connections?

    It looks from another thread just posted today that there’s now a software only method for at least some of the older versions of the Fire 7 tablet… Hoping the same can be accomplished for the HD 8 as well.

Leave a Reply

Your email address will not be published. Required fields are marked *


Get AFTVnews articles in your inbox!

Get an email anytime a new article is published.
No Spam EVER and Cancel Anytime.