Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Root Exploit by TeamAndIRC, released to root the Kindle Fire 6.2.1
Latest commit 67cf420 @CunningLogic deleted: bin/classes.dex
	deleted:    bin/classes/net/andirc/kindleroot/DirectCall$1.class
	deleted:    bin/classes/net/andirc/kindleroot/DirectCall.class
	deleted:    bin/classes/net/andirc/kindleroot/KindlerootActivity$1.class
	deleted:    bin/classes/net/andirc/kindleroot/KindlerootActivity$2.class
	deleted:    bin/classes/net/andirc/kindleroot/KindlerootActivity$3.class
	deleted:    bin/classes/net/andirc/kindleroot/KindlerootActivity$4.class
	deleted:    bin/classes/net/andirc/kindleroot/KindlerootActivity$5.class
	deleted:    bin/classes/net/andirc/kindleroot/KindlerootActivity$6.class
	deleted:    bin/classes/net/andirc/kindleroot/KindlerootActivity$7.class
	deleted:    bin/classes/net/andirc/kindleroot/KindlerootActivity.class
	deleted:    bin/classes/net/andirc/kindleroot/R$attr.class
	deleted:    bin/classes/net/andirc/kindleroot/R$drawable.class
	deleted:    bin/classes/net/andirc/kindleroot/R$layout.class
	deleted:    bin/classes/net/andirc/kindleroot/R$string.class
	deleted:    bin/classes/net/andirc/kindleroot/R.class
	deleted:    bin/kindleroot.apk
	deleted:    bin/res/drawable-hdpi/ic_launcher.png
	deleted:    bin/res/drawable-ldpi/ic_launcher.png
	deleted:    bin/res/drawable-mdpi/ic_launcher.png
	deleted:    bin/res/drawable/apapp.png
	deleted:    bin/res/drawable/burritorootbig.png
	deleted:    bin/resources.ap_
	deleted:    gen/net/andirc/kindleroot/


Please see the LICENSE file

BurritoRoot is a root exploit for the Kindle Fire, released to gain root on the 6.2.1 firmware. Originally
licensed under a proprietary license, we re-released under the GPL due to blatant code theft by the author
of 'unlockroot'. Not only is he a thief, but a moron, hell he stole the unroot code of our's that was broken.

How it all works

In /sbin/adbd is a secondary property check to see if adbD can run as root, "". Normally
this can only be set by a system or root process.

.rodata:000203EC aService_root_0 DCB "",0
.rodata:000203EC                                         ; DATA XREF: .text:0000EFEC�o
.rodata:00020406                 ALIGN 4
.rodata:00020408 a1_0            unicode 0, <1>,0        ; DATA XREF: .text:0000EFF0�o
.rodata:00020408                                         ; .text:0000F000�o
.rodata:0002040C aAdbdCannotRunA DCB "adbd cannot run as root in production builds",0xA,0
.rodata:0002040C                                         ; DATA XREF: .text:0000EFF4�o
.rodata:0002043A                 ALIGN 4
.rodata:0002043C aService_adb__1 DCB "service.adb.root",0 ; DATA XREF: .text:0000EFFC�o
.rodata:0002044D                 ALIGN 0x10
.rodata:00020450 aRestartingAdbd DCB "restarting adbd as root",0xA,0
.rodata:00020450                                         ; DATA XREF: .text:0


In Services.jar is the BroadcastReveiver that allows the above property to
be set with a broadcast from any application.

.method private enable(Z)V
    .locals 2
    .parameter "enabled"

    .line 47
    if-eqz p1, :cond_0

    const-string v1, "1"

    move-object v0, v1

    .line 49
    .local v0, value:Ljava/lang/String;
    const-string v1, ""

    invoke-static {v1, v0}, Landroid/os/SystemProperties;->set(Ljava/lang/String;Ljava/lang/String;)V

    .line 51

    .line 47
    .end local v0           #value:Ljava/lang/String;
    const-string v1, "0"

    move-object v0, v1

    goto :goto_0
.end method

After causing this property to be set, the user can simply do "adb root" and then adbD will run as root.

     * @author jcase - Justin Case -
     * @author TeamAndIRC -
     * Testers:
     * VashyPooh
     * Trevor Eckhart
     * Great Being of Knowledge:
     * IOMonster
     * Supporters:
     * - b16 for the graphics!
     * Copyright 2011 CunningLogic
     * This file is part of BurritoRoot.
     * BurritoRoot is free software: you can redistribute it and/or modify it under the terms of the 
     * GNU eneral Public License as published by the Free Software Foundation, either version 3 of 
     * the License, or (at your option) any later version.
     * BurritoRoot is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
     * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
     * General Public License for more details.
     * You should have received a copy of the GNU General Public License along with Foobar. If not, see

	 * The Wall Of Shame
	 * Organizations and persons listed below have violated the copyright and/or licensing of BurritoRoot
	 * and have had their rights to use any part or derivative of BurritoRoot revoked.
	 * You are scum, you steal the hard work of our developers. You even stole my non working unroot code
	 * you f*cking bum.
	 * Author of unlockroot
	 * http://www(dot)unlockroot(dot)com
	 * Liang Bing
	 * Hong  Kong
Something went wrong with that request. Please try again.