How to set up Amazon Fire HD10

• Set up your computer
• Set up the tablet
• Install NoRoot Firewall
• Root the tablet
• Install Xposed
• Install FlashFire
• Install Google Play Store
• Remove bloatware
• Restore stock ROM
• Troubleshooting
  • Root exploit failed
• Need more help

CAUTION

This process could permanently break your device. You are solely responsible for your actions if you choose to use these instructions. SHA256 checksums (e.g., f423cf47f837d74dbb7b9541701dae281ac548b2e8df5f556dfd71708c83d786) are provided to ensure you download the same files I used to make this tutorial. If your checksums don’t match, they may be corrupt, incompatible, or malicious. Or they may be just fine. Use good judgment when deciding to trust the source of the downloads. I put some instruction to restore the stock ROM which will hopefully help if things go really bad.

Set up your computer

1. Download and install adb. (SHA256 7e81d69c303e47a4f0e748a6352d85cd0c8fd90a5a95ae4e076b5e5f960d3c7a). (Here’s a guide if you need help.)
2. If you’re using Windows, also download and install the Kindle Fire USB driver (SHA256 f423cf47f837d74dbb7b9541701dae281ac548b2e8df5f556dfd71708c83d786).

Set up the tablet

1. Begin device setup. When you get to the step to connect to WiFi, select an access point, then go back and choose Not now to skip WiFi setup.
2. Go to Settings > Device Options and tap Serial Number 7 times to unlock Developer Options.
3. Go to Developer Options then toggle on Enable ADB.
4. Go to Settings > Security & Privacy and toggle on Apps from Unknown Sources. Tap OK on the Warning dialog.

Install NoRoot Firewall

System updates could prevent you from rooting or otherwise modifying your device. You can create a firewall to block updates.

1. Download and install NoRoot Firewall. (alternate link SHA256 b8c7e4fd106c3be8fa0cf02d4d1ff805b9e858f8328fa0f88ca1b91581323bc5). Allow USB debugging on the device if prompted.

   adb install "NoRoot Firewall_v3.0.1_apkpure.com.apk"
   

2. Open up NoRoot Firewall app on the tablet, tap Start to start the firewall, check Auto start on boot, tap the Apps tab, and X both boxes next to DeviceSoftwareOTA to block it from network access.
3. You can now connect to the internet without getting system updates. If you want to know more about other apps trying to access the internet, here’s a spreadsheet (alternate link) with more information about Amazon apps.

Root the tablet

Adapted from retyre’s XDA guide

1. Download the root exploit code (alternate link SHA256 8bfc3d5c75964e5fa28c8ffa39a87249ba10ea4180f55f546b2dcc286a585ea8) and Super_SU18+ (alternate link SHA256 b572c1a982d1e0baeb571d3bc0df7f6be11b14553c181c9e0bf737cc4a4fbbfd).

   wget -c "http://myphone-download.wondershare.cc/mgroot/20165195.zip" "http://myphone-download.wondershare.cc/mgroot/SuperSU_18+.zip"
   

2. Unzip them both to a 20165195 directory.

   unzip -u 20165195.zip -d 20165195 && unzip -u SuperSU_18+.zip -d 20165195
   

3. Check the 20165195 directory contains all the needed files.

   $ ls -1 20165195
   Matrix
   Superuser.apk
   ddexe
   debuggerd
   fileWork
   install-recovery.sh
   krdem
   mount
   patch_boot.sh
   pidof
   push_root.sh
   start_wssud.sh
   su
   su_arm64
   supersu.zip
   supolicy
   toolbox
   wsroot.sh
   

4. Push the directory to the tablet.

   adb push 20165195 /data/local/tmp
   

5. Login to the tablet.

   adb shell
   

6. Make the files executable.

   chmod 755 /data/local/tmp/20165195/*
   

7. Run the exploit. You should see a lot of output while it runs.

   /data/local/tmp/20165195/Matrix /data/local/tmp/20165195 2
   

   If the script executes successfully, the final lines of output should display the memory location that was exploited (may be different than 0x7fab64c000) and a value of 0 for <Exploit> and <Done>. If it fails, check the Troubleshooting section:

   [*] exploited 0x7fab64c000=f97cff8c
   end!!!!!!!
   <WSRoot><Exploit>0</Exploit></WSRoot>
   <WSRoot><Done>0</Done></WSRoot>
   

8. You can verify root with su.

   shell@suez:/ $ su
   su
   root@suez:/ #
   

9. Back on your computer, download SuperSU 2.82 SR5 apk (alternate link SHA256 2c7be9795a408d6fc74bc7286658dfe12252824867c3a2b726c1f3c78cee918b) and install it to the tablet with adb.

   adb install "eu.chainfire.supersu_2.82-SR5-282_minAPI9(nodpi)_apkmirror.com.apk"
   

10. Open up the SuperSU app on the tablet, tap Get Started, then tap Continue and select Normal to update the app. Select Reboot after it is done installing to reboot the tablet.

11. After the tablet reboots, open SuperSU app again, tap on Settings tab, then tap Default access, then choose Grant.

12. Log in to your tablet.

    adb shell
    

13. Switch to superuser and delete directories /data/data-lib/com.wondershare.DashRoot and /data/data-lib/wondershare.

    su
    rm -r /data/data-lib/com.wondershare.DashRoot /data/data-lib/wondershare
    

14. Thumbs up retyre’s XDA guide.

NOTE: Some apps won’t run if your system is rooted. If you need these apps, you can restore stock ROM.

Install Xposed

Adapted from tkdfriend’s XDA post

Xposed framework has a lot of nifty plugins for controlling the system at a low level. I use to disable ads and block access to private information.

1. On your computer, download and install Xposed Installer (alternate link SHA256 fb72044f0a5ca5c691ea6e6e7c64d081d09c0b4ac6c896f286845ad41a3ae971).

   adb install XposedInstaller_by_dvdandroid_19_10_18.apk
   

2. Open Xposed Installer app on the tablet.

3. Switch to NoRoot Firewall app and under Pending Access tab, allow Xposed Installer and Download Manager.

4. Switch back to Xposed Installer app. Continue past the warning. Tap on Official tab, then under Framework, select xposed-v89-sdk22-arm64, then tap Install/Update. In the Are you sure? dialog, click OK.

5. Once it finishes downloading, click OK in the Are you sure? dialog. It should display an Install/Update window that contains the following error:

   mv: can't rename '/system/bin/app_process64': No such file or directory
   Error 1 occurred
   

6. From your desktop, log in to the tablet.

   adb shell
   

7. Switch to superuser, remount /system with write access, and delete /system/bin/app_process64_xposed.

   su
   mount -o remount,rw /system
   rm /system/bin/app_process64_xposed
   

8. Log back out of the tablet and reboot your device.

   adb reboot
   

9. Be patient as it displays the fire logo then eventually Optimizing system storage and applications. This takes several minutes.
10. Once the tablet reboots, open Xposed Installer app again. You should see a big green checkmark with Xposed Framework version 89 is active.
11. Thumbs up tkdfriend’s XDA guide and coltxL2717’s XDA post for figuring this out.
12. Be cautious with Xposed modules! They can break your device. Make a backup before you add a module and only install one at a time. Some suggested modules:

• AdBlocker Reborn
• YouTube AdAway
• XPrivacy
• Per App Hacking

Install FlashFire

FlashFire is used to flash new firmware. I don’t usually install this, which means this section is not well tested. Use at your own risk ever more than the rest of this document. This process requires root, Xposed, and Xposed module Per App Hacking.

1. Download and install FlashFire v0.24 (alternate link SHA256 b8edcfa8a684dbd880780eb5d7dcee9b3f09bf0ecaf8b636df4740a48c5f8644), but do not open the app yet.

   adb install ff_free_v0.24.apk
   

2. Log in to the tablet.

   adb shell
   

3. Switch to superuser, remount /system as writable, and move FlashFire and SuperSU apps to /system/app.

   su
   mount -o remount,rw /system
   cp -r /data/app/eu.chainfire.flash-1 /system/app/ && rm -r /data/app/eu.chainfire.flash-1
   cp -r /data/app/eu.chainfire.supersu-1 /system/app/ && rm -r /data/app eu.chainfire.supersu-1
   

4. Reboot the tablet.
5. Now you should be able to use the app.

Install Google Play Store

1. Download and unzip Amazon Fire 5th Gen Supertool (alternate link SHA256 49172c338c501e3455f4b9a9ff40f36493496cd4a92222f77d7fa1901ff47b81).

2. Run the script 1-Amazon-Fire-5th-gen.bat on Windows or 3-Amazon-Fire-5th-gen-linux-mac.sh on Linux/macOS.

   1-Amazon-Fire-5th-gen.bat
   

3. Choose option 2 Install Google Play store.
4. When it finishes, reboot the tablet.
5. Go to NoRoot Firewall and allow Google Account Manager and Google Play Store.
6. Open Google Play Store and sign in.

Remove bloatware

Here’s a spreadsheet (alternate link) of apps listing which ones are safe to remove or disable.

To get a list of installed packages:

adb shell pm list packages

To uninstall a package:

adb shell pm uninstall PACKAGE_NAME

To disable a package:

adb shell pm disable PACKAGE_NAME

Restore stock ROM

If the tablet won’t boot, you can try to recover by reinstalling the stock ROM.

1. Download the FireOS 5.6.2.0 stock ROM image (SHA256 2018c579ca34e859644003c1758fd5d72ff6f0ecd47e5453cb82803ddd6b85da).

   wget -c https://fireos-tablet-src.s3.amazonaws.com/fqt0doGd1liHKioAFObgRm6oGA/update-kindle-40.6.3.6_user_636558520.bin
   

2. Hold the power and volume decrease buttons simultaneously until the device boots into recovery mode.

   adb reboot recovery
   

3. Press the volume decrease button to select the option apply update from adb then press the power button.

4. Sideload the stock image with adb.

   adb sideload update-kindle-40.6.1.2_user_612496320.bin
   

5. If the device still won’t boot, contact Amazon customer support to get a replacement.

Troubleshooting

Root exploit failed

Try rebooting the tablet then run the exploit again if you get an error like this:

<WSRoot><Exploit>0x00000332</Exploit></WSRoot>
check done
sched_setaffinity: Function not implemented<WSRoot><Exploit>0x00000382</Exploit></WSRoot>
FAIL : load1 --> /sepolicy
<WSRoot><Exploit>0x00000341</Exploit></WSRoot>
<WSRoot><Exploit>0x00000881</Exploit></WSRoot>
<WSRoot><Done>0x00000172</Done></WSRoot>

Need more help

Check out the XDA forums.