New MediaTek rooting method for Fire HD 8 tablet may lead to rooting the Fire TV Stick 4K, Fire TV Stick 2, and Fire TV 2

A new rooting method for the Amazon Fire HD 8 tablet has been released this week that has the potential sweep across multiple Amazon devices, include the fire TV line. That’s because exploit used to achieve root access, and unlock the tablet’s bootloader, relies on a bug in the MediaTek CPU. The creator of the rooting method says the bug can only be fixed by changing the hardware and that it exists on all MediaTek CPUs. If that’s accurate, all Fire TV Stick 4Ks, Fire TV 2s, Fire TV Stick 2s, which all use MediaTek CPUs, may all technically be rootable.

The rooting method used to root the Fire HD 8, which will likely be used to root many other devices with MediaTek CPUs in the near future, takes advantage of a bug in a deeply rooted “download mode” found on seemingly all MediaTek CPUs. This mode, which is apparently meant to be used by system architects to recover from botched software flashing, cannot be updated or patched without changing the physical hardware of the device, according to the creator of the rooting method.

People are already working on adapting the existing 2018 Fire HD 8 rooting method to other Amazon devices. Other Fire tablets are being worked on first, since that’s a logical first step. The previous generation 2017 Fire HD 8, the current Fire HD 10, and the current Fire 7 tablets seem to be among the devices that will likely first be rooted.

Once other Fire tablet models are rooted, it will hopefully be possible to adapt the rooting method to Fire TV devices. The Fire TV 2 uses nearly the same MediaTek CPU as the current Fire HD 10 tablet and the Fire TV Stick 2 uses nearly the same MediaTek CPU as the current Fire 7 tablet. The only other Fire TV model that uses a MediaTek CPU is the Fire TV Stick 4K. Since it uses a much more modern MediaTek CPU than all other Fire TVs and Fire tablets, it may be the last to be rooted.

For the current Fire HD 8 rooting method to work on other devices, it must be possible to put the device’s bootrom into download mode, so that it accepts the exploit when sent from a PC. This is done on the Fire HD 8 by taking the device apart and temporarily connecting two points of its circuit board while the device initially powers up. For the Fire HD 8 tablet, this is easy as the test points are openly exposed. For other devices, like the Fire 7 tablet, these points are hidden under a metal heat shield that must be desoldered to reach the test points.

It seems as though all MediaTek devices have these test points somewhere, but I have not seen any discussion of finding them on the aforementioned Fire TV devices with MediaTek CPUs. There’s a chance the rooting method will be refined to access download mode without needing to physically connect test points on a circuit board. If done, it will be much easier to adapt the rooting method to other devices, including Fire TVs.

For the time being, here are some high-resolution images of the circuit boards of the Fire TV Stick 4K and Fire TV Stick 2, that I’ve been sitting on for just this occasion, to get the ball rolling.

ShareTweetShare+1

Leave a Reply

Your email address will not be published. Required fields are marked *