How to Hack Your Amazon Fire Stick

Posted on by
3

How to Hack Your Amazon Fire Stick

Learn how to install and configure your own Kodi open source media platform along with hundreds of add-ons for streaming movies, TV, live sports and other content.  Secure your streams from prying eyes with a VPN, troubleshoot streaming problems, and enable subtitles and other features.  Finally, we’ll take a look at how to clone your ultimate Kodi configuration onto another device.

Background (aka Old Man Rant)

For those of us who are naturally curious and inquisitive, hacking can quickly become a way of life.  As a child, I used to take things apart and put them back together just to see how they worked.  Sometimes I would end up with a few extra parts, wondering why they were needed.  Reassembled TVs, radios and other miscellaneous household appliances would sometimes work, sometimes not.

As a teenager I figured out how to hack my cable box to open up a variety of channels that were intended to be reserved for premium customers.  I was enamored by the simple fact that one could even do this.  Eventually the technology caught up, my box no longer worked, and of course I had to move on to (hacking) the latest model.

As a software developer, curiosity drove me to hack all kinds of things.  Never anything as meaningful as the CIA, DNC or say, an election, thankfully.  But when the first reports of a jailbroken iPhone were published, I was obsessive about researching how it was done.  I mean, this was what Apple (and even the DoD at that point) had purported to be an “impenetrable” platform.  But soon thereafter, jailbreaking an iPhone became as easy as installing a program.  And a jailbroken iPhone was a platform open to a rich community of extensions, apps, hacks and hooks to write my own.

Although my journey was always about knowledge and understanding how things work, the same actions taken in a different context could quickly cross the line into a legal grey area.  Illegally pirated movies and hacked media content are a huge controversy that has become a game of whack-a-mole with technology constantly changing and pirated content moving continuously.

Now let me be clear, I’m no cord-cutter.  Quite the contrary, I pay for the full cable package, HBO and other premium channels, Amazon Prime, Netflix, and other providers.  I also regularly purchase movies and other content from Apple, Amazon, Google and other online stores.  I’m not looking to save a couple of bucks on movies.  I want to understand how this thing works, explore the third party community of add-ons and closely monitor the legal implications and associated debate.

Lately there’s been a whole slew of pop-up companies online selling “jailbroken Amazon Fire Sticks” for a premium.  You can do for yourself what these “companies” do and save yourself the $50+ markup.  Some of the sketchier players have sold sticks that suddenly stop working and need to be sent back for “recoding” which, of course, carries an additional fee.  You don’t need these predators – you can set up and fix your own stick, one bought off Amazon.com for $50.  I’ve seen high schoolers and middle schoolers google the various online recipes and do this themselves – it’s easy!

First off, spoiler alert: We’re not really “jailbreaking” the stick.  In fact, we’re not really even “hacking” the stick by a true programmer’s definition.  Nowadays any sort of customization from out-of-the-box settings seems to qualify with the laziest among us as “hacking”.  No disrespect to our millennial “hackers,” but all we’re really doing here is configuring the stick and installing a few add-ons.  Once you’ve done it once, you can do it again in under ten minutes – I promise.

When people refer to a hacked or jailbroken Amazon Fire Stick, all they have done (or paid someone else to do) is simply install an open source media server called “Kodi” and point it at a couple of online repositories where they downloaded some add-ons (think apps).  Kodi itself grew up from its XBMC roots as an open source media center software platform that ran originally on the Xbox.  It now runs on a whole variety of platforms and is in its seventeenth major release with a rich third party ecosystem of add-ons.

So what’s all the fuss about an open source media center platform?!  It’s the add-ons.  Some of the add-ons provide access to peer-to-peer networks with lots of great content including streaming HD movies right out of the box office to even live streaming sports events not otherwise available in some areas.  Think “napster” for movies, in a stick you can take with you and plug into any TV (with an HDMI port).

These online dark networks of illegal movie content are clearly one of the main reasons driving the surge in popularity of Kodi on the Amazon Fire Stick.  It’s worth noting that there are also lots of people using Kodi for legitimate reasons and giving back to the community with great generosity.  Ironically some of the latter are enabling the former.  As previously noted, my intention here is simply to educate those who want to learn to fish, and hopefully to disrupt the 3rd party market of exploiters in the process.

Overview

Once you’ve plugged in your Fire stick and connected it to WiFi, you’re ready to download and install Kodi.  Here’s a high-level overview of the steps we’ll take in the following Kodi Install recipe…

  1. First, we’ll adjust some Fire stick settings to let us access apps and content outside of the Amazon ecosystem
  2. Next we’ll install a tool that makes it easy to download packages onto the fire stick
  3. We’ll then use that same tool to download & install Kodi
  4. Next we’ll access several online repositories (from within Kodi) to download & install Add-ons (think apps)
  5. We’ll add a VPN to your Kodi stick to encrypt your traffic and hide it from prying eyes like your ISP

How to Install Kodi in 5 Easy Steps

  1. From the Fire TV Home screen, navigate to the Settings menu
  2. Go to Settings -> Device -> Developer Options and Enable both the “ADB Debugging” and the “Apps from Unknown Sources” options.
    • If only the iPhone had a toggle switch like this (!!)  Instead iOS devices need to be rooted and jailbroken, which is a much tougher process, although less recent iOS versions now have apps to automate most of the process.  This is I why I noted we’re not really “jailbreaking” the stick – we’re just flipping a few switches to unlock the dark web!  ;-)
  3. Once you see notification that the app has been installed, click Open, or return to the home screen and launch ES Explore from recent apps
  4. Within ES Explorer, navigate to Tools -> Download Manager, click the + to add a new bookmark, then add a direct link to the latest Kodi file for Android at:
    http://mirrors.kodi.tv/releases/android/arm/kodi-17.3-Krypton-armeabi-v7a.apk.
  5. Once you see the notification that your download has completed, open the file, and click Install

Couple notes:

    • The above URL was accurate and available at the time of this writing.  You can check to make sure this is the latest by opening http://kodi.tv/download in a browser and navigating the directories to look for a more recent distribution.
    • All fire sticks are 32-bit so do not attempt to install the 64-bit (aka “8a”) version
    • And yes, typing long URL that via the stick remote is a PITA!  Google other options if you plan to do this more than once – eg if you have another android device, it’s a lot easier/quicker.
    • My favorite approach to installing Kodi is just to download the above apk to your desktop and use adbFire (google it) to install Kodi.  Use “Install APK” – don’t sideload an existing installation directory.

Kodi is now installed.  Note Kodi will not appear under your “recent apps” until the first time you launch it – but you can easily find it the first time by scrolling all the way right under your apps and looking at the bottom of the full list of installed apps.

There are plenty of other blogs and tutorials out there which explain how to install Kodi on an out-of-the-box Amazon Fire Stick and install various add-ons.  Google is your friend.  Be resourceful and creative. 

Installing Some Popular Kodi Add-ons

As an example of how to install virtually any Kodi add-on, we’ll now walk through step-by-step how to install Elysium.  This is a newer video sharing add-on, similar to the Exodus add-on described in my diatribe above.  It shares much of the same back end network, users and content, even the UI.  In many ways it’s really just changed names, likely in an effort to avoid those cracking down on Exodus usage.   While that whack-a-mole game continues let’s quickly get the Elysium add-on before it goes away too!

  1. Launch Kodi from the fire stick homescreen, and click on ‘Settings’ up top (the cog icon)
  2. Go to File Manager, then click Add Source
  3. Enter the URL to repository source you would like to add here.  To get started, let’s use NanRepo as an example:
  1. Click back twice or return to Kodi’s main menu
  2. Select Add-Ons, then click the open box icon in the upper left hand corner of the screen
  3.  Select Install from Zip File.
    • Note: The first time you do this, you will get a security warning and need to enable a setting to proceed.  This is a one-time setup.  Simply click Settings, then enable the toggle switch for Kodi-AddOns->Unknown Sources.  Much like the very first setting we changed enabling the Fire Stick to get content outside Amazon, this setting enables similar capability within Kodi.  Once enabled, use the back arrow button to return to the prior screen with this same step.
  4. Select “nanrepo”, scroll down and select “respository.elysium-2017.06.10.zip” (or the latest dated “Elysium” zip file)
  5. Once you see a notification that the add-on has been installed, hit back to the add-on browser, click “Install from repository”, and you should now see the Elysium repository in your list of sources.
  6. Click Elysium, navigate into the Video Add-ons directory, select Elysium, click install, then select the latest (top) version
  7. Once you receive notification that the app has been installed, click Open and start exploring all of the great content being streamed by others on the network just like you
  8. If instead, you receive a notification that the app could not be installed, the server could not be contacted, etc, then one of several bad things may be happening.
    • These servers are so popular that sometimes they get overloaded with traffic on certain days or times.  Try again a couple other times of the week and see if you can get through then.
    • As previously noted, some of these sites go down regularly, some on their own, sometimes coming back up with a new host, changing names, or being shut down entirely.   I’ll have more tips on how to deal with this below under Words of Wisdom.

This same recipe can be repeated for countless other add-ons from all over the world.  In summary, it all starts with a URL or source which points to a repository online.  From there the repository can be referenced dynamically or statically (as above) where we download a copy of the repo to our device.  Add-Ons can then be installed from the repo to enhance your Kodi experience with a vast array of functionality, skins, and content.

Words of Wisdom

If my son and my nephew can “hack” one of these… What words of wisdom can this old man blog possibly offer beyond repeating the same recipes cited all over the net?  A couple of gems of wisdom, having seen Kodi (and those coming for its demise) evolve over a few generations…

  • Very few of these blogs tell you how to find add-ons and content after they move.  TVAddOns, the single most popular Kodi add-on repo was shut down last week and now none of the recipes in those blog posts work.  If you were timely enough to have them already installed, any automatic updates now fail.  There are alternative sources for the same and even better add-ons.  Google for the latest Kodi add-on repositories, not specific add-ons themselves.  I’ll share a few recent ones below as well as some tips to find out more about repos moving.
  • How to encrypt your traffic from prying eyes and your ISP – Many of the 3rd party pre-hacked fire sticks lack a VPN which encrypts all of your stick’s internet traffic.  Those who recall the glory days of Napster probably recall how ISPs starting sending nastygrams to their subscribers who were downloading illegal music over Napster, Limewire, and many of the various incarnations that followed.  These unofficial cease & desist letters would cite how much pirated content was consumed and the corresponding remuneration ($$) required to avoid legal action.  Very few Napster users were personally prosecuted, but the letter created quite a legal stir and forced the advent of peer-to-peer networks leveraging VPNs, TOR, and other mechanisms of hiding traffic from prying eyes.
  • There are settings to improve buffering and streaming quality.   Very few of the 3rd party pre-hacked sticks enable these settings as they tend to vary by ISP, wifi strength and other local factors.  If your streams start to buffer or pixilate, its good to know a couple settings you can play with to tune your streams.  Note that if insufficient bandwidth is ultimately your issue – these tweaks won’t help.
  • There are add-ons to enhance your video experience with multi-lingual subtitles and other features.   Subtitles are a nice touch when you want them.
  • There is a great simple backup utility in the Kodi repository that will enable you to back up your Kodi addons & data so that they can be restored to a new device in one step, instead of recreating each of the recipes above.  This is especially valuable in that you will no longer have to hunt down the latest repo to find your favorite add ons.  And those repos seem to be going up and down and moving around daily!

Tip 1 – Focus on the add-ons, not the repos

Add-ons are available via repositories which can disappear, reappear and move sometimes daily like a game of whack-a-mole.  Our first starting point is often to Google for the latest Kodi add-on repositories, not specific add-ons themselves.

Some of the most popular of late include …

Within these repos are hundreds of add-ons.  For purposes of this blog post, we will focus on movie streaming add-ons.

Many of the Kodi movie streaming add-ons leverage the same back-end peer-to-peer network, but they simply present a different (yet familiar) user interface into the content.  Well before the TVAddOns repo was shut down, these alternative front-ends existed but were simply not as popular as Exodus and the usual suspects.  Go google them regularly and you will find an ever evolving landscape of repos and add-ons providing alternative on-ramps to the same content previously available largely via Exodus.

To add sources to your Kodi install, go to Kodi settings (the cog icon), then File Manager then select “Add Source”. 

Once you’ve got these repos added as sources, start exploring the add-ons that have emerged… 

Some of these great add-ons include:

  • Exodus
  • Etheryum
  • Zen
  • Bubbles
  • Phoenix
  • Alloc
  • Plex
  • Velocity
  • specto
  • istream
  • bob

There’s also a whole variety of TV add ons (eg USTVnow+, GenieTV, etc), adult add-ons (look for Erotik in MetalKettles repo), and even sports add ons to tap into live streaming events (eg SportsDevil being the grand daddy of them all).  Literally every sport is available and in some cases new add-ons have spawned with more targeted content for example “Planet MMA”.

Tip: As previously noted, some of these sites go down regularly, either on their own (coming back up with a new host, etc), changing names, or being shut down entirely.   When this happens, a good trick is to type the same source URL into a browser, click through the directories and see if the content is still there.  When TV AddOns was going down, they changed the directory file names to reflect an English message that they knew they were going down and to stay tuned for “big things coming next”. Part of building new sticks is staying current on the latest repos and add-ons

For years, most Kodi users went to TV AddOns as the almost exclusive source of repos and add ons.  Just recently TV AddOns was shut down (ref).  Within days, dozens of mirror sites started appearing all across the internet.  Some of the more popular ones then themselves became targets.  One of those was NanRepo.  Soon, people started posting video blogs explaining how to access it (ref), and the videos surged in popuarity, and then surprise – the site was gone!

The above are just the latest in a whole ancestry of Kodi repositories .. First TV AddOns, then SuperRepo, then NanRepo, now even Cuz is down!  Staying on top of all of this really comes down to just 2 options.  One is to exhaustingly google and scour social networking sites where the latest information on thIs stuff lives and breathes.  The other option is described in tip #5 below.

Tip 2 – Always use a VPN!

If your parents (or more likely someone of a younger generation) haven’t already had this conversation with you, let’s just say, in this day and age, you’ll want to use a VPN – always.  Not using a VPN and streaming content from an internet of unknown sources is equivalent to being more promiscuous than <insert your own fave here> without protecting yourself.  Those who know me well, know that I exercised great restraint in painting such a bland metaphor here.

IPVanish is just one of several VPNs you can find online.  There is a free trial, after which it costs $10 per month or about $75 for an annual plan covering up to 5 simultaneously-connected devices.  IP Vanish is particularly popular because they do not store any traffic logs.  There is nothing for the government, your employer, or whoever is coming after you to find even if they were to subpoena you and IP Vanish!  That’s somewhat comforting.

It’s super easy, here’s how you do it.

Go to “Apps” on the fire stick main menu

  1. Navigate to “Categories” sub-menu, then “Utility”
  2. Select “IPVanish” and then click Get
  3. Once you see notification that the app has been installed, click Open, or return to the home screen and launch IPVanish from recent apps
  4. You will need to create an account and login to the app
  5. Before launching Kodi, launch IPVanish and ensure that the VPN is connected first

Although we installed Kodi and Ethyreum above before installing IP Vanish, it is important that you always have IP Vanish connected before you actually start streaming content within Ethyreum.  It is, of course, ideal to have it running at all times so that your entire session is encrypted and your actual visit into the network remains anonymous.

Simply return to your home screen, launch IP Vanish and click connect.  It’s that easy.  You will see some squiggly traffic lines and a big red “disconnect” button indicating that your communications are now secure.  From there go back or home, launch Kodi, enter Ethyreum (or Exodus or Bubbles or whatever you find and like) and ENJOY!

Tip 3 – Play around with settings to improve buffering and streaming quality

I never had problems with streaming quality as long as the WiFi was sufficient.  Anything above 8Mbps is doable and you can still function in lower resolution down as low as 2-3 Mbps if necessary. One of the settings that helped a colleague of mine immensely was to disable the display’s default option to automatically adjust the refresh rate.

To do this..

  1. Open Exodus, go to Settings, select Player Settings and click on the Video tab
  2. Under the Playback section, change “Adjust display refresh rate” from Always to OFF

This same tweak exists in other add-ons besides Exodus.  Explore the settings and menu options, play around with the buffering and streaming settings.  Always make note of what things looked like beforehand – snapping a photo with your phone is often easier and more accurate than writing it all down.

Note that if insufficient bandwidth is ultimately your issue, this tweak won’t help.

Tip 4 – Enhance your video experience with multi-lingual subtitles and other features

There are lots of options to install subtitles with each of the various video streaming apps.  Typically, within the repository where you installed each video add-on (eg Exodus, Ethyreum, etc) there will be other add-ons for subtitles, skins, and other functionality. Don’t be afraid to explore.  Once you’ve installed the corresponding subtitle add-on, the option appears right within your video add on.

Some subtitle sites appear as subtitles themselves, usually at end of films, eg Psagmeno.com.  You can start streaming a movie, scan to the end and look for these.  If you enter these URLS into your browser, you will typically see both rar (compressed video archive) and srt (subtitles) files, sometimes even new add-ons.  OpenSubtitles.org is also another great source.

Tip 5 - Back up your Kodi addons & data so that they can be restored to a new device in one step

There is one thing easier than repeating the above recipes, especially if some of the ingredients have changed since these recipes were authored, which seems to be the case with 99% of the Kodi repos and blogs you’ll find online.  And that is building your ultimate Kodi configuration and then backing it up so that you can simply restore it to a new device or replace and old device that stopped working.

One of the easiest backup apps for the fire stick is called simply “Backup” and is available via the Kodi repo.  You can backup files and configurations from your stick right to your Google Drive, Dropbox, your own network path, etc.  I found these to perform very slowly, not allow you to handpick what you want to backup/restore, and generally provide a frustrating user experience.

Instead, I opted to back up select files locally on the stick and then stand up an FTP server for me pull the files down to another device for safe keeping, or further transfer to new devices. 

Here’s how to do that:

  1. Go to the Amazon Fire homepage and Open “ES File Explore” app installed earlier
  2. On left menu, scroll down to the bottom and enable the toggle for “Show hidden files”
  3. Use app to create a new empty folder with any name of your choosing
  4. Navigate to Android/data/org.xbmc.kodi/files/.kodi
  5. Long-press to select two folders – add ons and user data – then select copy
  6. Now navigate to the folder we just created in step 3 above – then select paste.  This will create a backup of your Kodi configuration on the stick itself.  There are other options to paste these files to remote network locations as well.

In the next section, I’ll explain how to stand up an FTP server on your fire stick so that files (not limited to the backup we just created) can be copied between the stick and other devices (including another stick).

The Black Market

So to clone these things you’d basically do the following:

  1. Follow the recipe above to create your own really rich Kodi build, choc full of all the latest goodies
  2. Make a back up of the stick per the recipe above.
  3. Use ES Explorer to start an FTP server on your stick and then use any FTP client to fetch the files we just backed up.
  4. Note that these two directories will need to be copied onto new devices to avoid having to rebuild each device from scratch via the recipes above.  This can be done via FTP, Google Drive, Dropbox, network shares and a variety of means.
  5. Install ES Explorer (or Downloader or a similar app) on a second fire stick and use it to download & install the latest build of Kodi per the recipe above
  6. Then use ES Explorer’s FTP server to upload the addons and userdata files to each new device (in ES Explorer, navigate to remote management and enable the FTP server, note the IP address and port)
  7. The rest of the files in .kodi will get rebuilt with a fresh install of kodi

Tip: If network performance becomes an issue getting files on and off your stick, consider sideloading content with adbFire (google it).  In fact, this is likely how the illegal shops mass produce these hacked sticks so quickly.  adbFire let’s you install APKs, side-load apps, and use a computer keyboard when you need to enter info.  So it’s a lot easier and faster to side-load Kodi & IP Vanish, then restore a backup of your favorite add-ons.

And if it’s that easy to clone these things, it’s no wonder a whole black market industry has erupted.  Let’s explore the business case…

One could stand up a business of cloning these things in about 5-10 minutes each, even faster if you have another android device with a keyboard or a side-loading app.

On the black market these things carry a $50 markup to perform what I’ve described above.  Under-cutting the entire black market by 25%, at say $25 labor (a 50% discount to street), paying a single relatively junior laborer $10 per hour, to churn out say 10 per hour, that’s $240 per HOUR pure profit!  No wonder people are setting up small rooms everywhere and hiring low cost labor to churn these things out. 

Just to be clear, I am NOT suggesting anyone profit from this, let alone start a business selling these things.  We’ll see how long the whole market lasts.  It’s robust for right now, but showing signs of strain with all of the recent repo shutdowns and crackdowns on illegal content providers.  As a perpetual student of human behavior, and a total bithead, I’m tinkering with Kodi for fun and watching the headlines closely.

Conclusion

It’s pretty clear just about anyone can “hack” one of the Amazon fire sticks and gain immediate access to a whole world of illegal content.  As repositories change, move, and shutdown, most of the Kodi recipes online simply stop working.  By being resourceful with the internet and exploiting some of the tips above, it’s relatively easy to keep up with the constant change in the Kodi add-on ecosystem. 

I hope my experiences and tips are of help to you in exploring this exciting world of Kodi and the whack-a-mole world of darkweb content!  I hope that you will share your experiences with others, pay for what you consume, and use this information responsibly.