Related
So the atrix has had its bootloaders unlocked (http://forum.xda-developers.com/showthread.php?t=1136261), now if im correct Motorola uses the same bootloader locking on all there phones? So would it be possible to use the atrix unlocking to unlock out phone?
I don't think it's so easy. I mean this could be flashed, but I think it will brick our device...forever. That way, we could easily flash Droid's unlocked bootloader and boost our Milestone's performance. So, i don't know what to say... 8-|
Abazel said:
I don't think it's so easy. I mean this could be flashed, but I think it will brick our device...forever. That way, we could easily flash Droid's unlocked bootloader and boost our Milestone's performance. So, i don't know what to say... 8-|
Click to expand...
Click to collapse
sure we could not use the same bootloader, but perhaps it could be stripped down and the parts that make it update and include the unlocking could then be put in a package to work with our phone?
I don't think it can be done. Look at it as if you standing in front of a locked door and someone else opens the door for you. You still don't have the key. The only way for us to unlock the bootloader is if Motorola decides to give out this RSA key or to give the bootloader an update which unlocks it.
Lets put it this way, if it could be done "that easy", droid-dev would have done it by now.
Fair enough, was just an idea, like if the keys where the same? But if I'm wrong then sorry for taking up your time
Sent from my Milestone using XDA App
Give it time
I don't think It could be done instantly, but *hopefully* with enough time the Dev's could piece something together
zacthespack said:
Fair enough, was just an idea, like if the keys where the same? But if I'm wrong then sorry for taking up your time
Sent from my Milestone using XDA App
Click to expand...
Click to collapse
No need to be sorry.
It's unlikely they would;
- Be using the same bootloader
- Be using the same keys
- That unlocking the bootloader even uses the key
- Motorola said only certain phones from certain places will be unlocked meaning that different ways / keys may have been used on different devices.
This is not going to be a simple talk by any means but hopefully something within Atrix bootloader / recovery will help us get there.
DannyDroid said:
No need to be sorry.
It's unlikely they would;
- Be using the same bootloader
- Be using the same keys
- That unlocking the bootloader even uses the key
- Motorola said only certain phones from certain places will be unlocked meaning that different ways / keys may have been used on different devices.
This is not going to be a simple talk by any means but hopefully something within Atrix bootloader / recovery will help us get there.
Click to expand...
Click to collapse
This is true, well hopefully one of the great developers here and start looking (if they haven't already) at clues to unlocking our phone that the atrix stuff might hold
it is baffling that motorola unlocked the bootloader for atrix but not for milestone because milestone doesnt even sell anymore, atleast not where live, what will they get by keeping it locked .. extremely stupid !!!
rrohanjs said:
it is baffling that motorola unlocked the bootloader for atrix but not for milestone because milestone doesnt even sell anymore, atleast not where live, what will they get by keeping it locked .. extremely stupid !!!
Click to expand...
Click to collapse
An unlocked bootloader is a selling point... more developers will now buy motorola because they can develope for it, whereas the milestone (which is still sold in Canada) has lost its appeal to new devices, and is not what they're trying to sell, therefore eliminating the need to unlock it. It's already made its money. It sucks, but it's the truth.
Different SOC's, different capabilities, different bootloaders.
If Motorola releases a Defy unlockable bootloader, perhaps it is possible to do it, since the SOCs are very similar, but I'm guessing that Tegra 2 capabilities and settings are way different than the ones in OMAP 36XX series. Other than that, you need to hope that keys are the same across different Motorola OMAP devices.
Lets hope, but, I wouldn't wait for that.
HinotoriBR said:
Different SOC's, different capabilities, different bootloaders.
If Motorola releases a Defy unlockable bootloader, perhaps it is possible to do it, since the SOCs are very similar, but I'm guessing that Tegra 2 capabilities and settings are way different than the ones in OMAP 36XX series. Other than that, you need to hope that keys are the same across different Motorola OMAP devices.
Lets hope, but, I wouldn't wait for that.
Click to expand...
Click to collapse
*sigh* it does look like it will not be of much use, and with how many views this thread has got that should be enough to show motorola we know what we want , i guess its back to spamming there facebook....
first...its not the same method to unlock.....it use tegra device for unlock and fastboot
second...no one can crack that bootloader...the only thing we got it...its the key....someone into the motorola or at&t drop the key only for atrix from at&t
the rest of atrix can't unlock
Is it possible? And if it is, how long do you think until it comes out? I don't know anything about this kind of stuff, so mostly I'm asking if there's even a slight chance of the bootloader being unlocked.
It seems like that it will be unlockable tomorrow.
See here
https://twitter.com/#!/PaulOBrien
skeetskeeet said:
Is it possible? And if it is, how long do you think until it comes out? I don't know anything about this kind of stuff, so mostly I'm asking if there's even a slight chance of the bootloader being unlocked.
Click to expand...
Click to collapse
This is XDA, we get shizz done. Or we wait for the capable people to do it, but we get it first.
ive looking and i couldnt find one. does anyone have one that i dont need to have an unlocked bootloader?
Not physically possible. If you need customization, use root with the stock rom and be very careful not to brick.
how would it not be possible? just use a stock kernel and you should be good. thats what we did with the atrix 2 since the bootloaders locked.
Don't think you can put a custom recovery on without unlocking the bootloader. No recovery = no flashing ROMs
vegandroid said:
how would it not be possible? just use a stock kernel and you should be good. thats what we did with the atrix 2 since the bootloaders locked.
Click to expand...
Click to collapse
Don't even start on that bootstrap debacle with moto phones. It was absolutely horrid for flashing anything and was not nearly powerful enough for me. The hassle of using a neutered recovery instead of the real thing is just not worth it, even considering the warrantee.
le rustle face
Keion said:
Don't even start on that bootstrap debacle with moto phones. It was absolutely horrid for flashing anything and was not nearly powerful enough for me. The hassle of using a neutered recovery instead of the real thing is just not worth it, even considering the warrantee.
le rustle face
Click to expand...
Click to collapse
.... I fail to see the point of your post. I didn't ask for your opinion on Motorola or what works best for you. Style on topic dude.
Sent from my SAMSUNG-SGH-I747 using xda premium
So there is a way to install custom ROM's without unlocking the bootloader? If so, I'd love to know how!!
Sent from my ASUS Transformer Pad TF700T using Tapatalk 2
The problem is, the methods used on those Motorola phones are very hackish, and not recommended if alternatives are present. And since the TF700 is unlockable, its extremely unlikely those methods will ever be duplicated since those who want to mod can do so without restrictions.
Just look at the OG Atrix community... the instant an unlockable bootloader was leaked, development for those hackish methods immediately halted. Someone ported 2nd init days or weeks before that happened, and nothing was ever written to use it because it simply wasnt needed anymore.
jtrosky said:
So there is a way to install custom ROM's without unlocking the bootloader? If so, I'd love to know how!!
Sent from my ASUS Transformer Pad TF700T using Tapatalk 2
Click to expand...
Click to collapse
+1. If there was any way to get around Asus's crappy unlocking the bootloader voids the warranty thing I'd jump right on it. I also didn't know that type of thing was possible...
vegandroid said:
ive looking and i couldnt find one. does anyone have one that i dont need to have an unlocked bootloader?
Click to expand...
Click to collapse
Did I read that you were going to try to port paranoidandroid to the TF700 last night or was that one of my weird obsessive Infinity dreams ?? I wish you luck if you are going to try - we need a few more devs around these parts.
I personally wasn't worrying about voiding the warranty considering it rooting voided on all the other devices I've had. I'm more waiting for a reason to unlock the boot loader. It's just a nice bonus that rooting doesn't.
I just say wait till you have a reason, and feel comfortable that the device you got is good.
Did I read that you were going to try to port paranoidandroid to the TF700 last night or was that one of my weird obsessive Infinity dreams ?? I wish you luck if you are going to try - we need a few more devs around these parts.
Click to expand...
Click to collapse
When i can get jellybean then ill work on it. Im super busy with school and work, but i need to set some time aside to port it for tf700. i just cant spare the time to completely port JB too right now.
Jotokun said:
The problem is, the methods used on those Motorola phones are very hackish, and not recommended if alternatives are present. And since the TF700 is unlockable, its extremely unlikely those methods will ever be duplicated since those who want to mod can do so without restrictions.
Just look at the OG Atrix community... the instant an unlockable bootloader was leaked, development for those hackish methods immediately halted. Someone ported 2nd init days or weeks before that happened, and nothing was ever written to use it because it simply wasnt needed anymore.
Click to expand...
Click to collapse
Makes a lot of sense, thanks!
Personally, I'm still interested in a way to flash custom ROM's without unlocking the bootloader, even if it is "hack'ish".
As a good example, I unlocked the bootloader on my original TF700 after I had it for about 3 weeks. I figured that I was good to go - no major flaws... And then about 2 weeks later, the damn thing died on me, so I was stuck with a less-than-45-day-old device that had no warranty!!
I'm just saying - if there is a way to flash ROM's without voiding my warranty, I'd be *very* interested in doing that, even if it was a little hack'ish!
Sent from my ASUS Transformer Pad TF700T using Tapatalk 2
its rather hard to install custom roms without an unlocked bootloader.
Consider this: You have a computer that boots directly into windows. Now you have administrator access to the computer however you can't change the boot priority, what disks it boots from, or anything having to do with how the thing starts up. Usually when you want to install an operating system, say windows xp, you would put the disk in, boot from the CD, and install it. Well we have no "boot from CD" option, everything pertaining to that is locked down by Asus.
I know other phones have found ways to sidetrack around that but honestly, with how unreliable they are its often not worth it. Asus has this thing locked down pretty well that its damn near impossible to get enough access to load anything custom at startup (even the unlock they gave us is garbage, if that fails your screwed).
If you want to load something custom you are best to get a third party warrenty and use the unlock.
pileot said:
its rather hard to install custom roms without an unlocked bootloader.
Consider this: You have a computer that boots directly into windows. Now you have administrator access to the computer however you can't change the boot priority, what disks it boots from, or anything having to do with how the thing starts up. Usually when you want to install an operating system, say windows xp, you would put the disk in, boot from the CD, and install it. Well we have no "boot from CD" option, everything pertaining to that is locked down by Asus.
I know other phones have found ways to sidetrack around that but honestly, with how unreliable they are its often not worth it. Asus has this thing locked down pretty well that its damn near impossible to get enough access to load anything custom at startup (even the unlock they gave us is garbage, if that fails your screwed).
If you want to load something custom you are best to get a third party warrenty and use the unlock.
Click to expand...
Click to collapse
Even with those methods, you're still restricted. For example, the Motorola phone hacks can run custom roms, but are still stuck with the stock motorola kernels. That means a (somewhat dirty) AOSP rom can be made around the kernel, but a true clean Cyanogenmod or anything requiring kernel level hacks are not possible.
Has anyone found away we can get rid of the bootloader unlocked warning? If not what's stopping people from finding out how to fix it?
Well, the Pixel has new partitions. That's about it from what I can tell.
Sadly it was already impossible with the Nexus 5X, so I would not be suprised if the same would be with Pixel. :'(
Tapatalkkal küldve az én Pixel eszközömről
I kind of like the warning. It reminds me that nothing has changed with my BL since unlocking.
zalcsooo said:
Sadly it was already impossible with the Nexus 5X, so I would not be suprised if the same would be with Pixel. :'(
Tapatalkkal küldve az én Pixel eszközömről
Click to expand...
Click to collapse
Apparently, this guy was able to change it on the 5x.
http://forum.xda-developers.com/showpost.php?p=63826602&postcount=7
mrZoSo said:
Apparently, this guy was able to change it on the 5x.
http://forum.xda-developers.com/showpost.php?p=63826602&postcount=7
Click to expand...
Click to collapse
Without reading throught that thread again, I just remembered that I was able to change the imgdata and get rid of the warning screen, but only with an older version bootloader, not the latest one. It was more like a workaround than a real "hack". (But I donno what I am talkin about when the imgdata change is also just a workaround xD)
Sent fron my Pixel
zalcsooo said:
Without reading throught that thread again, I just remembered that I was able to change the imgdata and get rid of the warning screen, but only with an older version bootloader, not the latest one. It was more like a workaround than a real "hack". (But I donno what I am talkin about when the imgdata change is also just a workaround xD)
Sent fron my Pixel
Click to expand...
Click to collapse
LOL, it's all good.
If it gets figured out, that would be nice. But as it is, I can live with it. You don't see it that often to begin with,, heh
I hope someone figures this out. I sold our MXP's after getting Pixels and it was pretty easy to change on that phone. The one downfall was in re-locking it to sale it. When I flashed it to full stock and re-locked the warning came back due to a flag being set to 2 (re-locked) instead of 1 (locked). I could still fastboot flash an image to replace it (even with a locked bootloader) but I have a feeling it's going to come back the first time the phone receives and OTA.
A little off topic, but I hope someone figures it out for this phone.
Sent from my Pixel using Tapatalk
Why is it something that needs to be fixed??
aholeinthewor1d said:
Why is it something that needs to be fixed??
Click to expand...
Click to collapse
Some people just don't like so see it. And they buy Android for the customization
I'm sure the reason that they lock this out is so that someone can't remotely unlock the bootloader and then replace the boot image somehow via malware. Not to say that I love it, but it's a nice little thing to have for people who may not recognize a hack otherwise. Not that I really think there is likely to be malware that advanced for this phone but I suppose it is theoretically possible
Shiftydogit said:
Has anyone found away we can get rid of the bootloader unlocked warning? If not what's stopping people from finding out how to fix it?
Click to expand...
Click to collapse
Not sure, but I know a lot of people are looking into it.
I've looked into the pixel's partitions and there is a litteral crap load I've been trying to see if I could get CM14 running now with CM dead and moving to LineageOS and this phone being really hard to figure out I'm not surprised the partitions are an issue and please note I'm trying to port CM to be the first custom ROM out it's just to see how the phone works and what info I can learn yet to no avail so remember it's a personal "play around" project
If they can't handle a couple seconds when booting then they can always link their bootloader again.
Hey there remaining Verizon S3 users!
Coming from my favorite device the T959V this has been quite a trip. This device's bootloader is seemingly impossible to unlock on the 4.4.2 NE1 firmware.
I've got a slightly modified Superlite rom rolling with SafeStrap already strapped. And it is great to say the least. Added some initd and utilities. Evie launcher is pretty nice btw- recommend a try :good:
However. I still really want this thing to be unlocked. The T959V has multiple working Fro, GB, ICS, JB, KK, L, M, AND Nougat ROMS. Totally different devices yes but-- even the newer S4-S6 have cracked loaders now.
There has to be a special way to change this things firmware.
Right now I have 2 ideas to throw out to the wind-
1- Would be that there could be a way to trick the device into thinking it is receiving a new update. Maybe somehow with CSC or something. Also I saw a file named authorized.xml and was reading through to find traces of knox. Would unauthorizing knox strings somehow render it useless?
2- I was reading a suggested post about AVB boots and how they can be resigned on devices such as the Google Pixel and allows the newer patches to still install. Including what was described as a forced re-sign method.
--- Could we somehow resign the bootloader on our device so as to gain control of it? Has anybody tried anything like this since around 2015?
I'll gladly talk about all of this more whenever I feel like popping on- and atm I have no web besides this service. :silly: so no DOS updates and no shiny linux for now.
Gladly tell me that it is "impossible" but I'm not asking that. I'm trying to add some ideas to possibly do the impossible.
Edit: This seems to be an interesting lead on emmc cracking this device. It's probably why people in other threads were in search of a "dev" edition.
http://forum.gsmhosting.com/vbb/f777/unlock-samsung-devices-bootloader-emmc-backdoor-2142981/
graycow9 said:
Hey there remaining Verizon S3 users!
Coming from my favorite device the T959V this has been quite a trip. This device's bootloader is seemingly impossible to unlock on the 4.4.2 NE1 firmware.
I've got a slightly modified Superlite rom rolling with SafeStrap already strapped. And it is great to say the least. Added some initd and utilities. Evie launcher is pretty nice btw- recommend a try :good:
However. I still really want this thing to be unlocked. The T959V has multiple working Fro, GB, ICS, JB, KK, L, M, AND Nougat ROMS. Totally different devices yes but-- even the newer S4-S6 have cracked loaders now.
There has to be a special way to change this things firmware.
Right now I have 2 ideas to throw out to the wind-
1- Would be that there could be a way to trick the device into thinking it is receiving a new update. Maybe somehow with CSC or something. Also I saw a file named authorized.xml and was reading through to find traces of knox. Would unauthorizing knox strings somehow render it useless?
2- I was reading a suggested post about AVB boots and how they can be resigned on devices such as the Google Pixel and allows the newer patches to still install. Including what was described as a forced re-sign method.
--- Could we somehow resign the bootloader on our device so as to gain control of it? Has anybody tried anything like this since around 2015?
I'll gladly talk about all of this more whenever I feel like popping on- and atm I have no web besides this service. :silly: so no DOS updates and no shiny linux for now.
Gladly tell me that it is "impossible" but I'm not asking that. I'm trying to add some ideas to possibly do the impossible.
Edit: This seems to be an interesting lead on emmc cracking this device. It's probably why people in other threads were in search of a "dev" edition.
http://forum.gsmhosting.com/vbb/f777/unlock-samsung-devices-bootloader-emmc-backdoor-2142981/
Click to expand...
Click to collapse
I've been around this and many many other forums for years now. If there was an unlock method it would of been found years ago. Devs have long moved on from the old S3. I still have my S3 lying around, bootloader unlocked but I really haven't messed around with it for quite a long time now
And yes the dev edition would of been nice had someone actually had one, it would of of course made it easier to crack the bootloader option maybe. I don't know much about the ins and outs of the device but I know many are permanently locked and will probably never be unlocked.
As far as certain other Samsung devices being unlocked those are far and few between. VZW got smart and started just locking them from the start. This is a huge reason why I left Verizon. The S3 was my last device on big red. I since have had a Nexus 5 and 6 and now a oneplus 3t. I really don't like locked devices and the ability to unlock them and customize them just intrigues me to no end. Good luck however in finding something that may work, but I highly doubt it will ever be cracked
Sent from my OnePlus 3T
Ya I expected your negatude Shapes. Already seen that you have been searching but it isn't just some application you run. It's an unknown exploit that I'm sure exists. There are exploits right now that can be considered viral potentially exploiting my device as we speak. Maybe not granted my semi-precautious take on things.
Quadrooter and dirty cow could be used to exploit the S3 and gain access to a quoted "all" physical memory. So I find it hard to believe that things can't work in our favor.
Being open minded here. After all, this is technically hacking your own device. Which--
Got me thinking the other day, becausr I was setting up my laptop proper- could we run a nix distro and poke through the bootloader's parameters via exploitation tools? Referencing Kali or it's elder BTrack. But I think it is possible and I just haven't gotten around this loop mounting issue.
To be clear, running a distro ON the device. My flat is already running square.
Sent from my SCH-I535 using XDA-Developers Legacy app
Also a purposely separate post- I'm building a ROM for this locked firmware and the goal is to have some specific updated apps and yet trim it nicely so as to save space and RAM it's mostly stock style-wise but it'd be cool to re-theme it. I haven't gotten things deodexed yet- being I haven't gotten my apktools working proper yet.
Is there anybody left to be interested in this? I haven't posted anything I've made before- usually just keep them lying around for emergency flashes.
Sent from my SCH-I535 using XDA-Developers Legacy app
graycow9 said:
Ya I expected your negatude Shapes. Already seen that you have been searching but it isn't just some application you run. It's an unknown exploit that I'm sure exists. There are exploits right now that can be considered viral potentially exploiting my device as we speak. Maybe not granted my semi-precautious take on things.
Quadrooter and dirty cow could be used to exploit the S3 and gain access to a quoted "all" physical memory. So I find it hard to believe that things can't work in our favor.
Being open minded here. After all, this is technically hacking your own device. Which--
Got me thinking the other day, becausr I was setting up my laptop proper- could we run a nix distro and poke through the bootloader's parameters via exploitation tools? Referencing Kali or it's elder BTrack. But I think it is possible and I just haven't gotten around this loop mounting issue.
To be clear, running a distro ON the device. My flat is already running square.
Click to expand...
Click to collapse
I don't think shapes was trying to act negative at all, just stating the obvious. Nobody is going to try to unlock the Verizon S3, it's pretty much a dead end.
The unlock method used on the S5 will most likely work on this phone, but we need a developer CID to rewrite to the emmc as the series chip used on the S3 likely has the same vulnerability. This is what happened on the S5.
If you read some of the other posts (sounds like you have), we looked for an S3 developer edition but had no luck in tracking one down. For one, it's an incredibly old device. Secondly, you'd have to be semi retarded to purchase one as the original unlock method was around before the developer edition was released.
So yes, if you can find a developer S3 this will likely be an unlock method. It tricks the S3 into thinking it's a developer phone and unlocks the bootloader if the method to write it works the same as in the S5.
As for your questions,
1. I think you're underestimating the amount of security that goes into the bootloader itself. If you want to learn a lot about Android security in general, in the Android security discussion section located under general forums, there's tons of info regarding how complex this all is. But basically, in order to send an update patch, it needs to be signed (you can't just fake the signature) and it must agree with the current bootloader. The way the bootloader is written, it simply won't allow a reversion back to earlier versions or it'll abort the boot.
An easier way to think of this is understanding that the changes made are preinstalled before the actual boot. There's no way for us to change this through normal methods as the emmc has to be written to directly. There is no way to do this from download or recovery mode. Wouldn't matter if you flashed it or used and update package, they are essentially the same thing.
So the only way to actually change the bootloader is to write to the emmc directly through use of the JTAG port. This changes the code of the entire bootloader before the boot and the phone will boot up with any version of the S3 bootloader you write.
2. I think I kind of answered that?
Hope it's clear.
BadUsername said:
I don't think shapes was trying to act negative at all, just stating the obvious. Nobody is going to try to unlock the Verizon S3, it's pretty much a dead end.
The unlock method used on the S5 will most likely work on this phone, but we need a developer CID to rewrite to the emmc as the series chip used on the S3 likely has the same vulnerability. This is what happened on the S5.
If you read some of the other posts (sounds like you have), we looked for an S3 developer edition but had no luck in tracking one down. For one, it's an incredibly old device. Secondly, you'd have to be semi retarded to purchase one as the original unlock method was around before the developer edition was released.
So yes, if you can find a developer S3 this will likely be an unlock method. It tricks the S3 into thinking it's a developer phone and unlocks the bootloader if the method to write it works the same as in the S5.
As for your questions,
1. I think you're underestimating the amount of security that goes into the bootloader itself. If you want to learn a lot about Android security in general, in the Android security discussion section located under general forums, there's tons of info regarding how complex this all is. But basically, in order to send an update patch, it needs to be signed (you can't just fake the signature) and it must agree with the current bootloader. The way the bootloader is written, it simply won't allow a reversion back to earlier versions or it'll abort the boot.
An easier way to think of this is understanding that the changes made are preinstalled before the actual boot. There's no way for us to change this through normal methods as the emmc has to be written to directly. There is no way to do this from download or recovery mode. Wouldn't matter if you flashed it or used and update package, they are essentially the same thing.
So the only way to actually change the bootloader is to write to the emmc directly through use of the JTAG port. This changes the code of the entire bootloader before the boot and the phone will boot up with any version of the S3 bootloader you write.
2. I think I kind of answered that?
Hope it's clear.
Click to expand...
Click to collapse
Truthfully after being around the forums for as long as I have I'm really surprised there is any interest in unlocking this device at this point in time. There are just so many other options and unlocked vzw s3s are not that hard to come by.
And I wasn't being negative it's about being realistic. Thanks for sticking up for me brother
Sent from my OnePlus 3T
Are there any updates to this by any chance, I am interested :C
any hope?