This guide will show you how to root the Amazon Fire TV using the DirtyCOW exploit. This is primarily for the 1st-gen Fire TV running older Fire OS 3 versions that were previously unrootable, but it may work for other devices and software versions.
Important Note:
I am posting this guide because I have been asked by several people to post it, but I have not personally followed this guide because I no longer have a device running the software versions that this guide is known to work for. Full credit for this guide goes to slater_g on XDA for posting his instructions and christofsteel on XDA for first sucessfully using Drity COW. Please proceed with caution and at your own risk because I will not be able to help with issues. Please discuss problems and successes in the comments to help others.
Compatible Devices:
Always check my rooting starters guide for the best method to root your device.
This guide is primarily for Fire TV 1 running Software version 51.1.2.0 thru 51.1.4.0. Those specific software versions have no other way to root. If you’re Fire TV 1 is on 51.1.4.1 thru 51.1.6.3, this guide might work to root your device, but you will not be able to downgrade and unlock your bootloader due to the eFuse. This guide might work on Fire TV Stick 1s running Fire OS 3, but I have not seen confirmation. This guide does not work to root Fire OS 5 version 5.2.1.0 and up, regardless of which Fire TV or Fire TV Stick model you have.
Rooting Guide
Download and extract the ZIP file at the bottom of this XDA post
Ensure your device is using a dynamic DHCP IP, meaning you have not set a static IP under network settings.
Connect to your device via ADB.
Transfer the 3 files you extract from step 1 to the
/data/local/tmp
directory on your device by running the following 3 seperate comamnds:
adb push dirtycow /data/local/tmp
adb push ip_script /data/local/tmp
adb push su /data/local/tmp
NOTE: Be sure to replace
dirtycow
and
ip_script
and
su
in the commands above with the full path to those extracted files on your PC.
Enter ADB Shell by running the command:
adb shell
Copy your device’s IP binary by running the command:
cp /system/bin/ip /data/local/tmp
Make the scripts executable by running the following 2 separate commands:
chmod 755 /data/local/tmp/ip_script
chmod 755 /data/local/tmp/dirtycow
Execute the script by running the command:
./dirtycow /system/bin/ip ip_script
NOTE: This will take around 10 minutes to run. When done, it will output something like:
[ *] mmap 0xb51e5000
[ *] exploit (patch)
[ *] currently 0xb51e5000=464c457f
[ *] madvise = 0xb51e5000 17944
[ *] madvise = 0 1048576
[ *] /proc/self/mem 1635778560 1048576
[ *] exploited 0xb51e5000=464c457f
Exit ADB Shell by running the command:
exit
Disconnect ADB.
Execute the exploit by setting a static IP for your device’s network connection. If you don’t know the values you should enter for a static IP, you should go to Settings > System > About > Network on your device and write down the values listed. If you don’t know how to set a static IP, follow this guide.
Once your device connects to the network using a static IP, the exploit will automatically run in the background and root your device. You can check that your device is rooted by connecting via ADB, entering
adb shell
, and entering
su
to verify that your terminal/command prompt changes from
$
to
#
For Fire TV 1 on software version 51.1.4.0 or older
Follow these steps to get custom recovery installed and get your device on the what ever pre-rooted ROM you want.
Block software updates on the device by following method 1 of this guide. (Be sure to use the Fire OS 3 command.)
Download stock software version 51.1.0.2_user_510058520 from here (mirror).
Downgrade your device to version 51.1.0.2_user_510058520 by following this guide.
Dowgrading removes root, so re-root your device using the TowelRoot method.
Unlock your bootloader using this guide.
Install ClockworkMod custom recovery by following this guide.
Install pre-rooted ROM version “51.1.4.0_514006420 updated” using this guide.
Install the kernal boot menu using this guide.
Install pre-rooted ROM version “51.1.6.3_516012020” using this guide. If you wan tto stay on Fire OS 3, you can stop following the guide after this step, but if you wan to install TWRP and update to Fire OS 5, then continue with the last 2 steps.
Follow section 1 of this guide to install TWRP custom recovery.
Install the latest Fire OS 5 pre-rooted ROM by following this guide.