Root the Kindle Fire HD or 2 with Mac or Linux

Previously, we brought you news that the Kindle Fire HD 7″ had been rooted using the popular sparkym3 method. As is the case with some root methods, it wasn’t compatible with operating systems outside of Windows. Now, there is a root method for the Kindle Fire HD and Kindle Fire 2 that works for Linux and Mac users as well.

XDA Senior Member prokennexusa wrote a root tutorial specifically for Mac and Linux users. It’s compatible with the Kindle Fire HD and the Kindle Fire 2. It’s been tested with Ubuntu and Mac OS X 10.5.8. It also requires 32-bit applications, so if you’re running 64-bit Linux you’ll need to get the IA32 libs or comparable package. On Mac, prokennexusa says you have to have x86. It won’t work otherwise.

The tutorial is admittedly written somewhat long. However, prokennexusa wrote it that way to help clarify the steps for those who are relatively new at rooting. It also includes some checks to make sure the process actually worked. So once everything is installed and ready to go, the whole process shouldn’t take more than 15-20 minutes. With this, practically all users can now root a Kindle Fire HD or Kindle Fire 2 easily.

For more details, check out the Mac and Linux root tutorial.

Just Like That, Kindle Fire HD 7 Receives the Gift of Root

Just earlier today, we discussed the invulnerable, un-crackable, Kindle Fire HD7 (bootloader, anyway). We talked about how Amazon was trying their hardest to keep you purchasing one important thing for them: content. We also talked about how the device is very well protected at the bootloader level, which means that no custom ROMs will surface any time soon. Having said that, we just became aware thanks to a thread by XDA Elite Recognized Developer jcase that the Kindle Fire HD7 was finally free from its chains and successfully rooted. As it turns out, the exploit was nothing new, and in fact, it was a method developed by XDA Recognized Contributor sparkym3 for the Eee Transformer Prime.

A while back, sparkym3 found an exploit for ICS that allowed developers easily obtain root. However, shortly after it was published, Google patched up the exploit and it stopped working on more updated builds of ICS and above. Fast forward a few months, and we are sitting in front of an ICS-based device. As it turns out, it looks like the good people from Amazon did not exactly do their due diligence, and happened to miss a commit posted on AOSP that discussed and dealt with the hole found by sparkym3. When devs started looking for exploits and tried a few out, this one seemed to work. It was tried a few times over and confirmed that the invulnerable device indeed had an Achilles’ heel. All in all, the hole is present in the latest KF code. This prompted the dev to pick up the old exploit again and write an easy-to-use tool for this partuclar device.

The new app can be found under the name Qemu Automated Root, and using it is a simple ordeal. Y0u simply need to make sure that you have the correct drivers installed on your PC, which also happen to be provided in the thread. So, if this is what you were waiting for to make the jump to the HD 7 while laughing at Amazon’s misfortune, take it for a spin. If you truly need some hand holding to do this, XDA Forum Member reverendkjr has posted a video on how to root the device.

 This tool will root your device based on my qemu local.prop root method.

You can find more information in the original thread and relevant AP article.

Want something published in the Portal? Contact any News Writer.

[Thanks to jcase for the tip!]

Jelly Bean on Desire HD, Kindle Fire, Nexus One, and Universal Root for ICS – XDA Developer TV

Jordan is back today to talk more about Jelly Bean news from the XDA Portal. Jordan covers CyanogenMod 10 for the Kindle Fire and Original Galaxy Tab. The HTC HD2 also gets an unofficial CM10 alpha release. Jordan talks about universal root for Ice Cream Sandwich phones.

In Jelly Bean news, Jordan mentions the Jelly Bean OTA for the Nexus S. Also mentioned are Jelly Bean ports for the Galaxy S II i9100, HTC Evo 4G, Nexus One, MyTouch 4G Slide, Desire HD and the Motorola Defy. Jordan wraps up the video with a mention of the Linux on Android Project. This is a video you cannot miss!



Kindle Fire 6.2.1 Update Rooted

Last week, we reported on the 6.2.1 update for the Kindle Fire, which brought some nice improvements but had one major disadvantage: it broke root access. Luckily, recognized developer jcase has managed to get this new update rooted as well, so you can comfortably get your Kindle Fire to the newest software version without any caveats.

Continue on to the forum thread for more information.

Nook Tablet Rooted, Kindle Under Heavy Fire!

Just a few days ago, we wrote about how the Kindle Fire was rooted, cracking the doors wide open for development.  We were then unshackled from Amazon’s chains the very next day with full access to Google’s Apps. With all that development work so soon after launch, we assumed that Amazon had stolen Barnes & Noble’s niche.

Perhaps we were a bit too hasty. Today, we are proud to state that the Barnes & Noble’s latest device, the Nook Tablet, has been rooted as well. XDA forum member Indirect achieved root access using the zergRush method, similar to what death2all110 used to root the Fire. Six forum pages later, iShepherd found out that the same method for installing Google Apps on the Fire also works on the Nook Tablet.

I have gotten zergRush to work on the nook tablet as well as created a batch script for you to run to allow you to root your tablet. This does NOT unlock the bootloader software/hardware checks this is just so you can remove whatever unnecessary crap you wish to get the **** off your device.

If you’re the lucky owner of a Nook Tablet, head over to the original thread to get started. Once you’ve achieved su, get in on the Google Apps fun by following these instructions. We all know that’s the real reason you bought an e-reader.

Xposed for Lollipop, Kindle Fire HDX Bootloader Unlocked – XDA TV

Xposed Framework Alpha for Android 5.0 Lollipop has been released! That and much more news is covered by Jordan when he reviews all the important stories from this weekend. Included in this week’s news is the announcement of Lenovo upgrading some devices to Lollipop and be sure to check out the article talking about YouTube, and the value of the site! That’s not all that’s covered in today’s video!

Be sure to check out the other videos released earlier this week on XDA TV. XDA TV Producer TK released a Must Have App review of ROM Toolbox. Then droidmodd3rx sort of reviewed LiquidSmooth ROMs. Finally, TK gave us an App review of Ampere. Finally, if you missed it be sure to check out Jordan’s Review of the Nvidia SHIELD Tablet. Pull up a chair and check out this video.


Bootloader of Kindle Fire HDX Unlocked

XDA Forum Member dpeddi managed to unlocked the bootloader for the Kindle Fire HDX. Provided method requires rooted, downgraded firmware and a few ADB/Fastboot commands. Keep in mind that unlocking can potentially damage your device and void the warranty. Got a Kindle Fire HDX? Give this method a try!

Google App Update Failure, Kindle Fire HDX Boot Signing Exploited- XDA TV

The latest Google App Update has disabled features for millions of users! That and much more news is covered by Jordan when he reviews all the important stories from this weekend. Included in this weekend’s news is the announcement of an exploit for the Kindle Fire HDX and be sure to check out the article talking about 5 Tweaks for a less annoying Android!

Jordan also talks about the other videos released this weekend on XDA TV. XDA TV Producer RootJunky showed you how to remove bloatware from your Android device, and we also got the chance to play with a bunch of gadgets at CES 2015. Pull up a chair and enjoy!


Signing Tool for Kindle Fire HDX Exploits Bootloader

What happens when an Android-related vulnerability is published on a website like the CodeAurora Forum? You got it! Security enthusiasts and Android developers around the world try to take advantage of the newly found problem to create an exploit, which can be used to gain advanced access to your device (such as root access or the ability to flash custom images).

This is exactly what happened to CVE-2014-0973, a vulnerability in an Android Bootloader dubbed “Little Kernel (LK)”. We will talk about the specifics of the exploit a bit later, but for now let’s take a look at what the developers have come up with.

XDA Forum Member vortox has managed to implement an exploit based on CVE-2014-0973 and published a tool for the Amazon Kindle Fire HDX series, that can sign custom boot images if you are using an older bootloader version. The key point here is that you don’t need any kind of unlocking or other trickery to make it work – the exploit allows the tool to sign images in a way that they pass the verification stage in the bootloader with flying colors.

The next part of this article will focus on how the exploit works and why it’s quite sad to see this special vulnerability in a piece of modern software, so if you just want to get your hands on the tool as quickly as possible, head over to the original post and sign away.

The Details

800px-RSA_Security_logo.rect_Ok, so let’s check out the details of CVE-2014-0973. The issue is all about RSA, an encryption standard also used to sign Android boot images. Put shortly, RSA is a public-key cryptosystem where you have two keys, a private key and a public key. Usually the public key (which can be shared with anyone) is used to encrypt a message which then can only be decrypted again with the private key (which is kept private, hence the name). That way two parties can communicate without ever disclosing their private keys, which are required to decrypt.

However, RSA can also be used to verify the contents of a message (or in our world, to “sign” something). In this case, the message gets encrypted with the private key and can then be shared with the receiver. The public key can then be used to decrypt the message and if the decryption works properly, the receiver can be sure that the encrypted contents originate from the original author and aren’t tempered with in any way.

Speaking of tampering, signature verification is a very important feature for all Android OEMs, as it’s essential to verify that a piece of software is indeed from the OEM and not some third party (for example from an XDA developer). So for example, when trying to flash a new boot image on your device, the following happens: the bootloader will look at the digital RSA signature of the image, decrypt it with its public key and therefore make sure that the image was signed by the intended author (the OEM, which is the only one with the matching private key).

The decrypted signature contains a hash value of the boot image data, which then can be used to compare against the actual data that is about to be flashed. So at this point, the bootloader calculates the hash value of the boot image and compares it against the hash it found in the RSA signature. If these two hashes match each other, it is fairly certain (enough for it to be secure by today’s standards) that the contents are not tampered with and that the owner of the private key signed the image. Which basically means that it’s stock software from the OEM that is fine to be flashed.

That part was probably a little bit harder to grasp, so make sure you understood it before continuing.

The Vulnerability

Now what about the vulnerability, why does it allow us to sign boot images despite the lack of the private key (which only the OEM has)? Well, it turns out that the implementation of the RSA signature verification in the Little Kernel bootloader is flawed. The issue here is that the decryption algorithm doesn’t verify the length of the data it is handling. While this may sound rather innocent, security concerned readers will immediately see the problem. Cryptosystems always need to validate their input data the best way possible, simply assuming the data is “right” makes the whole process wide open to various attacks.

And that’s exactly what happened here. The missing length check enables exploiters to forge a valid signature by adding custom data to the signature which, in turn, makes it look valid to the verification check in the bootloader. Explaining this in detail would go beyond the scope of this article, but at the end are a few links for further reading about the topic.

If you look at the website that published the vulnerability, it first appears that the issue has been made public rather recently, on June 13, 2014, but upon further research you will quickly discover that it’s a bit older. Way older in fact. The original issue dates back as far as 2006, where Daniel Bleichenbacher talked about it on stage of the International Cryptology Conference. Obviously, he wasn’t talking about an Android bootloader there, but he discovered that many RSA signature implementations had the potentially disastrous flaw. Today, almost nine years later, we can still profit from the very old vulnerability as it enables Amazon Fire HDX owners to sign custom boot images which can be used to root the device or flash a custom recovery.

If you want to have a more detailed picture of what is happening behind the scenes, make sure to check out these links:

Ready Your Amazon Kindle Fire HDX 7 for Google Play Store and Custom ROMs

Amazon’s Kindle line of Android tablets has always been known for being heavily modified to the point where the devices are unrecognizable as Android devices–from user interface and the absence of the Google Play Store, all the way to the custom Amazon App Store. This is no unfamiliar territory, as we should all be well aware of another big name OEM that’s taken this approach, Nokia. If you’re looking for a way to get rid of these restrictions and modifications and run a clean Android ROM on your Kindle Fire HDX 7 but don’t know how to do it, XDA Forum Member taette’s tutorial will be a great starting point.

This tutorial specifically teaches you how to both root your Fire HDX  and save the official ROM your tablet is running, thanks to a method known as ‘safestrap’. The tutorial is split into three parts, each a different starting point for three different versions of firmware you may be running on your tablet. This process allows you to install Google Play Store and an alternative launcher onto your device, as well as ready it for a custom ROM in the future.

So if you’re an owner of the Fire HDX 7 and are interested in checking this out, head over to the Fire HDX 7 root and safestrap tutorial thread to get started.

How to Root Any Device


Welcome to the XDA-Developers Root Directory. Here, you can find root tutorials for most devices that are on the XDA Forums. Learn how to root any Android device! If you don’t see your device listed or you see a misplaced link, send a PM to PG101, with the device details and a link to the root thread on XDA.

For those new to the world of rooting, acquiring root access essentially grants you elevated permissions. With root access, you are able to access and modify files that would normally be inaccessible, such as files stored on the /data and /system partitions. Having root access also allows you to run an entirely different class of third-party applications and apply deep, system-level modifications. And by proxy, you may also be able to access certain device features that would otherwise be inaccessible or use existing features in new ways.

Having root access isn’t the end all-be all of device modification–that title is usually reserved for fully unlocked bootloaders and S-Off. That said, root access is generally the first step on your journey to device modification. As such, root access is often used to install custom recoveries, which then can be used to flash custom ROMs, kernels, and other device modifications. Root access also enables users to install the powerful and versatile Xposed Framework, which itself acts as a gateway to easy, non-destructive device modification.

Due to its inherent power, having root access is often dangerous. Thankfully, there are root brokering applications such as SuperSU that only grant root access to applications of your choosing. There are also various root-enabled utilities available to help you restore in the event that something goes wrong. For starters, you can use any number of root-enabled application backup tools to backup your applications and their data to your local storage, your PC, and even online cloud storage. And in conjunction with a custom recovery, rooted users are able to perform a full, system-wide Nandroid backup that essentially takes a snapshot of your current smartphone or tablet at any particular time.

We can go on about the virtues of root access ad infinitum, but we’ll stop for now because we sense you salivating at the prospect of root access and what you can do with your device once root is achieved. Head to the links below to begin the journey.





Many devices can be rooted using this application. Check your device for compatibility.


Created by XDA Recognized Developer geohotTowelroot is another root exploit app that is compatible with a large range of devices. The root exploit itself is built around Linux kernel CVE-2014-3153 discovered by hacker Pinkie Pie, and it involves an issue in the Futex subsystem that in turn allows for privilege escalation. Although specifically designed for certain variants of the Galaxy S5, it is compatible with the majority of devices running unpatched kernels.


Created by XDA Senior Recognized Developer Chainfire, CF-Auto-Root is a root for “rooting beginners” and those who want to keep as close to stock as possible. CF-Root is meant to be used in combination with stock Samsung firmwares as well as Nexus devices, and be the quickest and easiest way for your first root. In essence, it does nothing but install and enable SuperSU on your system, so apps can gain root access.


KingRoot is root for people who just want to have root access to their devices, and not necessarily wanting to flash anything extra. It works on almost all devices from Android version 2.x to 5.0. Working of KingRoot is based on system exploit. The most suitable root strategy will be deployed from cloud to your device according to the ROM information on the device. The best part of using this root method is that it does not trip KNOX and have the ability to close Sony_RIC perfectly.


Galaxy Ace

Galaxy S Advance

Galaxy S Relay

Galaxy W

Galaxy Y

Galaxy Y Duos (GT-S5360)

Galaxy Nexus

Galaxy S II (JellyBean)

Galaxy SII Plus (4.1.2 | 4.2.2)

Galaxy S III (International | Verizon 4.3 – 4.1.2 | Sprint | AT&T | T-Mobile)

Galaxy S4 (International Exynos – Snapdragon | Verizon | Sprint | AT&T | T-Mobile | Canadian)

Galaxy S4 Active

Galaxy S5 (International Qualcomm/Exynos | Sprint | T-Mobile | Verizon | AT&T)

Galaxy S6 (Normal Root | PingPong Root)

Galaxy S6 Edge (Normal Root | PingPong Root)

Galaxy Note (International | Verizon | Sprint | T-Mobile AT&T)

Galaxy Note 2 (International | Verizon | Sprint | AT&T | T-Mobile)

Galaxy Note 3 (International | Verizon | Sprint | AT&T | T-Mobile)

Galaxy Note 4 (International | Verizon | Sprint | At&T | T-Mobile)

Galaxy Note Edge

Galaxy Note Pro 12.2

Galaxy Gear

Gear 2

Gear 2 Neo

Tab Pro (12.2, 10.1, 8.4)

Tab S (8.4 | 10.5)

Tab 3

Tab 4



HTC Butterfly

HTC Desire

HTC Desire 500

HTC Desire 610

HTC Desire 816

HTC Desire X

HTC Desire Z

HTC Desire HD

HTC Desire Eye

HTC Evo 3D

HTC Flyer/Evo View 4G

HTC Incredible

HTC Incredible S



HTC One X | One X+

HTC Sensation

HTC One M7 (International | Verizon | Sprint | AT&T | T-Mobile)

HTC One Mini

HTC One Max

HTC One M8 (International | Verizon | Sprint | AT&T | T-Mobile)

HTC One M9




Nexus One

Nexus 4

Nexus 5

Nexus 6

Nexus 7 (Tablet)

Nexus 9 (Tablet)

Nexus 10 (Tablet)

Nexus Player



Moto E

Moto E (2015)

Moto G

Moto G (2014)

Moto X

Moto X (2014)

Droid X (MB810), Droid 2 (a955), Droid 2 Global (a956), R2D2 (a957)

Droid X2 (MB870)

Droid 3 (XT862)

Droid 4 (XT894)

Droid Razr

Droid Razr HD

Maxx XT 1225




Xperia Line (Cross Development) (Link 1 | Link 2)

Xperia T/V/TX

Xperia Z (For FW 10.3.1.A.0.244)

Xperia Z Ultra

Xperia Z Ultra GPe

Xperia Z1

Xperia Z2

Xperia Z3

Xperia Z2 (Tablet)

Xperia Z1 Compact

Xperia Z3 Compact

Xperia S

Xperia SP (For FW 12.0.A.2.245/254 and 12.1.A.1.207)

Xperia U

Smartwatch 3



G Flex

G2 (International | Verizon | Sprint | AT&T | T-Mobile)

G2 Mini

G3 (International/Unlocked Only/AT&T)

Pro 2

Lucid 2

G-Flex 2

G Watch






Find 5

Find 7 | 7a



OnePlus One

OnePlus Two



Kindle Fire 1 (original)
Kindle Fire 2




XIAOMI Mi Note Pro

ZTE Blade

Nvidia Tegra Note 7

HP Slate 7 (2800)

NVidia Shield Tablet

Dell Venue / Acer Iconia A1-830

Asus Zenfone 5

Nokia X2


Updated: 02 July 2015

Amazon Fire TV: What You Need to Know – XDA Developer TV

An announcement from Amazon recently caused the Internet a great deal of excitement. Amazon has expanded its Kindle empire and is attempting to take Google TV, and perhaps the Chromecast, head on with its new Amazon Fire TV. Running Android deep deep down, we recently added a forum for it!

In this video, XDA Developer TV Producer TK takes a look at the Amazon Fire TV. TK shows off how use the various functions of the device.  TK even shows you how to use the voice search, attach Bluetooth Controllers, and play games on the device. So check out this video.


Xposed Framework Backported to Gingerbread, Galaxy Note 3 Auto-Rooted by Chainfire – XDA Developer TV

Certain variants of the Samsung Galaxy Note 3 have been rooted by none other than XDA Elite Recognized Developer Chainfire. That and much more news is covered by Jordan, as he reviews all the important stories from this week. Included in this week’s news is an article reporting on how Xposed Framework has been ported to Gingerbread devices and the announcement that XDA will be at this years Big Android BBQ.

Jordan talks about the other videos released this week on XDA Developer TV. XDA Developer TV Producer Kevin released a video talking about Wakelocks, Jordan released a video helping you get started with Ubuntu Touch development, and TK gave us an Android App Review of Focal. Pull up a chair and check out this video.