Database Info

[ROOT] Nexus 7 Root

I have the IO version of Nexus 7 for the next 12 hours.
Anyways, I've tried most of Nexus 7 root scripts including latest Transformer Prime, Amazon Kindle, etc...etc...
The main problem with jellybeans is that root cannot be attained through /data/local as you cannot move /data/local/tmp directory as most ICS root scripts can do.
Fastest way would be to build a ClockworkMod Recovery then flash supersu zip files. But I do not have the skills to do that, but I do have the device.
If anyone needs adb pull, let me know and also let me know how to do it.

reserved
reserved for root tomorrow hopefully, i will post some funny lol photos here.

Nexus7 root
Hi, long time no write this forum.
I uploaded root kit for Jelly beans.
you can download shell script and archives to do it.
twitter
@goroh_kun
JellyBeanGetroot.zip
https://t.co/c732G7CM
This is only for developers who can read shell script, and understand
what the script doing. It's not so difficult to understand ;-) .
---------- Post added at 07:16 PM ---------- Previous post was at 06:37 PM ----------
If anyone joinig the Google I/O 2012, I can help you to get root with your Nexus7 / GalaxyNexus(JB ver.). I'm in SF now. ( I don't need donation, but wanna be friend in same hobby !)

Thanks bud, trying this now!!! YOU ROCK!!!
goroh_kun said:
Hi, long time no write this forum.
I uploaded root kit for Jelly beans.
you can download shell script and archives to do it.
twitter
@goroh_kun
JellyBeanGetroot.zip
https://t.co/c732G7CM
This is only for developers who can read shell script, and understand
what the script doing. It's not so difficult to understand ;-) .
---------- Post added at 07:16 PM ---------- Previous post was at 06:37 PM ----------
If anyone joinig the Google I/O 2012, I can help you to get root with your Nexus7 / GalaxyNexus(JB ver.). I'm in SF now. ( I don't need donation, but wanna be friend in same hobby !)
Click to expand...
Click to collapse

(神)　what is called GOD　　:good:

script
The script didn't work so I am looking into Saurik's exploit:
https://github.com/saurik/mempodroid
If someone can just figure out how to find the offset for exit() and sysresuid() we pretty much have ROOT!
Can anyone tell me how I can find this?

Unn? I tried with newest firmware(JRN84D). and I can see # prompt in command line,
when I use "adb shell".
here is the log of the tool.
http://pastebin.com/Fka5h427
the exploit which used by mempodroid is already fixed. you can't use this tool.
thanks

Looks like somebody may have a solution over at RootzWiki... I can't post a link yet, but look for "pain in the root-n7 root" in the N7 development section.
I have no way to verify if it works... Hope this helps.

Here you go:
http://rootzwiki.com/topic/28585-cwmeasyroot-nexus-7/

jcracken said:
Here you go:
Thanks for the help! And glad you found their updated post. I noticed after I posted the name of the RootzWiki post it was already old news...
Click to expand...
Click to collapse

THANK YOU!
This is awesome, works great.
EDIT: The linked method on RootzWiki, that is. Didn't try anything else before.
DOUBLE EDIT: I can confirm that it also works on Jelly Bean on my Galaxy Nexus.

Attempted while at I/O
Download: goo.im/devs/birdman/CWM-grouper-recovery.img
After oem unlocking and rebooting....
Quote
fastboot flash recovery CWM-grouper-recovery.img
reboot immediately to recovery
to keep cwm perm:
- mount system
- adb shell
- cd /system
- mv recovery-from-boot.p recovery-from-boot.bak
for root, flash this - static.clockworkmod.com/developer/3654/3095/JB-SuperSU.zip​
I'm here at I/O on the 2nd floor trying to root both of my mobile devices. IU followed these instructions (but doing a "fastboot oem unlock" first) but after I do the flash the CWM-grouper-recovery, I volume over to "Recovery mode" on my Galaxy Nexus and select it, it reboots to a "Google" screen and just sits there forever. I've tried a few variations on the loose instructions but never with any success. Sorry if I'm missing some n00b step.
Update:
It helps if you do a "fastboot erase recovery" before flashing.
CWM-grouper-recovery.img works well for the Nexus 7 once you understand that it is touch driven. I was silly and kept using the volume rocker and power key like the old-school CWMs.
On the Galaxy Nexus S, cwm_touch_alpha2_maguro.img is the go to CWM after you've rooted. On both the "JB-SuperSU.zip" works perfectly.

zedomax said:
The script didn't work so I am looking into Saurik's exploit:
https://github.com/saurik/mempodroid
If someone can just figure out how to find the offset for exit() and sysresuid() we pretty much have ROOT!
Can anyone tell me how I can find this?
Click to expand...
Click to collapse
Now that we have the kernel source from here https://github.com/drewis/android_kernel_grouper
it looks like they have a patch in place to block zx2c4's exploit (Saurik implemented it for us, but I would still attribute it to zx2c4). It appears to be the same quick fix that was implemented on the Transformer Prime.
You can read about the original exploit here http://blog.zx2c4.com/749

sparkym3 said:
Now that we have the kernel source from here https://github.com/drewis/android_kernel_grouper
it looks like they have a patch in place to block zx2c4's exploit (Saurik implemented it for us, but I would still attribute it to zx2c4). It appears to be the same quick fix that was implemented on the Transformer Prime.
You can read about the original exploit here http://blog.zx2c4.com/749
Click to expand...
Click to collapse
So this is a security patch?

sparksco said:
So this is a security patch?
Click to expand...
Click to collapse
I'm not sure what your question is exactly, but I will still try and answer. In the new kernel that is being used on the Nexus 7, it includes a patch to block the exploit that we being referred to in that post.

I've made a guide on the forum that has worked for others. I do not see why you are all trying to find an exploit and such. It was pretty straight forward. Did it to mine, all three of my friends the third day of the conference.
http://forum.xda-developers.com/showthread.php?t=1741395

FadedLite said:
I've made a guide on the forum that has worked for others. I do not see why you are all trying to find an exploit and such. It was pretty straight forward. Did it to mine, all three of my friends the third day of the conference.
http://forum.xda-developers.com/showthread.php?t=1741395
Click to expand...
Click to collapse
The post about mempodroid was prior to anyone rooting by unlocking and flashing. I just wanted the knowledge out there that the exploit he was referring to had been patched.
Also, for some of us it is the fun of looking for those types of things and it will ultimately help secure the system in the future, as the found exploits are fixed.

When rooted can you still get OTA updates from google? Someone on here mentioned an app that let's u switch between rooting and unrooting to allow updates is that right?
Sent from my HTC One S using xda app-developers app

Netflix issues after root.

Not sure if anyone else is having problems, but after rooting the Note I haven't been able to stream Netflix on the phone. Anyone else having this issue? Any fixes?

It is a known issue.... here is a fix...
I don't recall who posted the fix originally, but I think it is a few pages before my post in this thread. I take no credit for it... but it fixed the issue for me.
http://forum.xda-developers.com/showthread.php?p=62539622
EASY STEPS >>> N920T -> AOGE -> ODIN -> TWRP -> ROOT-KERNEL -> SUPERSU -> Done!

here is a screen shot for the solution

A better screenshot for you

Here is my original post for this just so the correct source is being quoted.
http://forum.xda-developers.com/showpost.php?p=62534880&postcount=49

Worked like a charm! Thank you all!

Unable to find that file anywhere, any other ideas? Did a search using Root Explorer and no luck
---------- Post added at 08:51 AM ---------- Previous post was at 08:26 AM ----------
JcTrev3 said:
Unable to find that file anywhere, any other ideas? Did a search using Root Explorer and no luck
Click to expand...
Click to collapse
Scratch that, uninstalliing Netflix and reinstalling did the trick. Thanks for fix!!

this also seems to work for HBO GO; i can view content on my rooted SM-N920T. thanks!

what does liboemcrypto.so do exactly?

Eratrion said:
Not sure if anyone else is having problems, but after rooting the Note I haven't been able to stream Netflix on the phone. Anyone else having this issue? Any fixes?
Click to expand...
Click to collapse
Ran into this issue on Galaxy Note 5 T-Mobile and this fix worked instantly.
---------- Post added at 04:02 PM ---------- Previous post was at 04:01 PM ----------
JcTrev3 said:
Unable to find that file anywhere, any other ideas? Did a search using Root Explorer and no luck
---------- Post added at 08:51 AM ---------- Previous post was at 08:26 AM ----------
Scratch that, uninstalliing Netflix and reinstalling did the trick. Thanks for fix!!
Click to expand...
Click to collapse
I used Root Browser to locate the file and rename it.

dandroid7 said:
here is a screen shot for the solution
Click to expand...
Click to collapse
This fix worked great on my Galaxy S6 G920P, Marshmallow 6.0.1, running Renegade Rom v1.1. Netflix works again!

i got
i cant access netflix after rooting my note 4. running marshmallow 6.0.1. i read in internet that you need to remove the /system/vendor/lib/liboemcrypto.so to make it or again, but it can be deleted of removed. i read about this commands that seem to work but i dont know a thing about them.
my_computer$ adb shell
[email protected]:/ $ su
[email protected]:/ # mount -o rw,remount /system
[email protected]:/ # rm /system/vendor/lib/liboemcrypto.so
[email protected]:/ # reboot
i will appreciate if someone could tell me what software do i need to run those commands and how to use them.

Worked for me

Worked on note 4
Thanks a lot for the tip.. I searched on root explorer and added the .bak to the file and Netflix opened without any problem. I'm very happy now ?
---------- Post added at 02:26 PM ---------- Previous post was at 02:24 PM ----------
neo_on3 said:
i cant access netflix after rooting my note 4. running marshmallow 6.0.1. i read in internet that you need to remove the /system/vendor/lib/liboemcrypto.so to make it or again, but it can be deleted of removed. i read about this commands that seem to work but i dont know a thing about them.
my_computer$ adb shell
[email protected]:/ $ su
[email protected]:/ # mount -o rw,remount /system
[email protected]:/ # rm /system/vendor/lib/liboemcrypto.so
[email protected]:/ # reboot
i will appreciate if someone could tell me what software do i need to run those commands and how to use them.
Click to expand...
Click to collapse
Could be terminal emulator app

Finally root for Verizon Note 5!! (Update: False Alarm)

https://youtu.be/g2w0Hvgmk7I

sorevilo said:
https://youtu.be/g2w0Hvgmk7I
Click to expand...
Click to collapse
Sorry, I got excited but this doesn't include verizon .. disregard.

You are evil!
Sent from my SM-N920V using Tapatalk

lol the troll is strong with this one

Yeah you will really enjoy your rooted Note 5!!!! Mine kicks ass!!!!

They say the tether root AT&T has will work on Verizon. Provided you haven't taken the marshmallow ota...... Delete this damn thread so I'll quit coming back to it.
Sent from my SM-N920V using XDA-Developers mobile app

tonybahr said:
They say the tether root AT&T has will work on Verizon. Provided you haven't taken the marshmallow ota...... Delete this damn thread so I'll quit coming back to it.
Sent from my SM-N920V using XDA-Developers mobile app
Click to expand...
Click to collapse
It won't matter whether you've taken the update or not because I already proved it's possible to downgrade on Verizon from MM back to Lollipop..

So I have been actively trying to get the root for us on Verizon but I found a few things within our current kernel that I believe is what's causing the hard lock if you try to root it. These are some of the lines in the de-compiled VZW kernel.
CONFIG_LOCKUP_DETECTOR=y
CONFIG_BOOTPARAM_HARDLOCKUP_PANIC=y
There is also quite a few other things within it that I do not see in the other variants like T-Mobile for instance. At the moment it's a Little Caesars type of day while I sit here and go through thousands upon thousands of lines of code from different carriers just to see what's different and what can be accomplished.. And some people say it's easy? LOL..
Edit: I guess I'm the only dev working on the Verizon variant? Would be nice to have some help and someone to collaborate with. I'll just push on for now though.

In the defconfig, do you see Rooting Restrictions about 3/4 ways down?
Sent from my SM-G920T using XDA-Developers mobile app

The Sickness said:
In the defconfig, do you see Rooting Restrictions about 3/4 ways down?
Sent from my SM-G920T using XDA-Developers mobile app
Click to expand...
Click to collapse
Yes I seen that. In some other area's I'm seeing stuff like fake battery stats.. wtf?
fake some battery state
setprop status.battery.state Slow
setprop status.battery.level 5
setprop status.battery.level_raw 50
setprop status.battery.level_scale 9
Why would you want to 'fake' the battery stats?! I'm also seeing stuff that's making it seem like the entire system is running within a Virtual Machine or an Emulator of sorts because it keeps referencing it in the VZW kernel that I de compiled ... This is annoying..
# -Q is a special logcat option that forces the
# program to check wether it runs on the emulator
# if it does, it redirects its output to the device
# named by the androidboot.console kernel option
# if not, is simply exits immediately
service goldfish-logcat /system/bin/logcat -Q
oneshot
setprop ro.setupwizard.mode EMULATOR
# disable some daemons the emulator doesn't want
stop dund
stop akmd
.. I don't know.. I've rebuilt the kernel over and over with SELinux permissive and a lot of other changes and Odin just won't do it.
You were talking about this right?
#
# Samsung Rooting Restriction Feature
#
CONFIG_SEC_RESTRICT_ROOTING=y
CONFIG_SEC_RESTRICT_SETUID=y
CONFIG_SEC_RESTRICT_FORK=y
CONFIG_SEC_RESTRICT_ROOTING_LOG=y
#

MrMike2182 said:
Yes I seen that. In some other area's I'm seeing stuff like fake battery stats.. wtf?
fake some battery state
setprop status.battery.state Slow
setprop status.battery.level 5
setprop status.battery.level_raw 50
setprop status.battery.level_scale 9
Why would you want to 'fake' the battery stats?! I'm also seeing stuff that's making it seem like the entire system is running within a Virtual Machine or an Emulator of sorts because it keeps referencing it in the VZW kernel that I de compiled ... This is annoying..
# -Q is a special logcat option that forces the
# program to check wether it runs on the emulator
# if it does, it redirects its output to the device
# named by the androidboot.console kernel option
# if not, is simply exits immediately
service goldfish-logcat /system/bin/logcat -Q
oneshot
setprop ro.setupwizard.mode EMULATOR
# disable some daemons the emulator doesn't want
stop dund
stop akmd
.. I don't know.. I've rebuilt the kernel over and over with SELinux permissive and a lot of other changes and Odin just won't do it.
Click to expand...
Click to collapse
Ok....first are you getting a Image from your kernel build that you are converting to a boot.img? Or are you using a script in your build that does it for you?

The Sickness said:
Ok....first are you getting a Image from your kernel build that you are converting to a boot.img? Or are you using a script in your build that does it for you?
Click to expand...
Click to collapse
I'm getting a full boot.img yes.. Almost 26MB in size a little under.
I'm using the source code straight from Samsung. In the sources I downloaded in /home/mike/Downloads/SM-N920V_NA_MM_Opensource/Kernel/arch/arm64/configs the VZW source is in there .. exynos7420-nobleltevzw_defconfig
So I'm using the make ARCH=arm64 CROSS_COMPILE=arm-eabi- the_defconfig that I made.
Hmm.. I found more "rooting restrictions" within the kconfig itself and not the actual defconfig so does the kconfig override changes to the defconfig?
comment "Samsung Rooting Restriction Feature"
config SEC_RESTRICT_ROOTING
bool "Samsung Rooting Restriction Feature"
default n
help
Restrict unauthorized executions with root permission.

MrMike2182 said:
I'm getting a full boot.img yes.. Almost 26MB in size a little under.
I'm using the source code straight from Samsung. In the sources I downloaded in /home/mike/Downloads/SM-N920V_NA_MM_Opensource/Kernel/arch/arm64/configs the VZW source is in there .. exynos7420-nobleltevzw_defconfig
So I'm using the make ARCH=arm64 CROSS_COMPILE=arm-eabi- the_defconfig that I made.
Click to expand...
Click to collapse
But my question is "how" are you making a boot.img? When you build from source you get a Image or zImage that must be converted.
Reason I'm saying this, is because on my kernels my script builds the boot.img too. BUT, for some reason its off a little. So I use
mkbootimg to convert it and its fine. I build kernels for the T-Mobile S6, Sprint N5, and N9208.....and its the method I use.
You may go that route to see it helps you.

The Sickness said:
But my question is "how" are you making a boot.img? When you build from source you get a Image or zImage that must be converted.
Reason I'm saying this, is because on my kernels my script builds the boot.img too. BUT, for some reason its off a little. So I use
mkbootimg to convert it and its fine. I build kernels for the T-Mobile S6, Sprint N5, and N9208.....and its the method I use.
You may go that route to see it helps you.
Click to expand...
Click to collapse
Oh I get what you're saying now, it's a zimage.. I'll have to give that a try too!

MrMike2182 said:
Oh I get what you're saying now, it's a zimage.. I'll have to give that a try too!
Click to expand...
Click to collapse
Here it is
https://github.com/xiaolu/mkbootimg_tools

The Sickness said:
Here it is
https://github.com/xiaolu/mkbootimg_tools
Click to expand...
Click to collapse
I have those tools actually! I'll give that a shot too. In any case. I have 2 VZW 5's I'm willing to brick one in the process of trying to gain root so if you want to give it a shot I'll try it since I have nothing to lose really.
---------- Post added at 10:23 PM ---------- Previous post was at 10:20 PM ----------
Can I PM you for a sec?

MrMike2182 said:
I have those tools actually! I'll give that a shot too. In any case. I have 2 VZW 5's I'm willing to brick one in the process of trying to gain root so if you want to give it a shot I'll try it since I have nothing to lose really.
---------- Post added at 10:23 PM ---------- Previous post was at 10:20 PM ----------
Can I PM you for a sec?
Click to expand...
Click to collapse
Yep

The Sickness said:
Yep
Click to expand...
Click to collapse
Did you know that if you download terminal emulator on the Play Store, and try to do su, or adb commands for root, when you reboot the phone later, you'll be stuck in a bootloop lol.. I found that out the hard way over a simple command. I wouldn't advise no one to do what I just said unless you want to re Odin your phone and lose everything. "Not kidding either"..

The Sickness said:
Yep
Click to expand...
Click to collapse
Ok I'm curious about something.. I was wondering how Odin connects to make it's changes when you're using it so I put the phone into Download mode and I decided to try and find how it is connected which I know is by usb so I did lsusb and it listed the phone like this...
Bus 001 Device 003: ID 04e8:685d Samsung Electronics Co., Ltd GT-I9100 Phone [Galaxy S II] (Download mode)
But why Samsung Galaxy S II ?! GT-I9100..\
With the phone on and in PTP mode I get..
Bus 001 Device 005: ID 04e8:6866 Samsung Electronics Co., Ltd GT-I9300 Phone [Galaxy S III] (debugging mode)
Software mode
Bus 001 Device 006: ID 04e8:685e Samsung Electronics Co., Ltd GT-I9100 / GT-C3350 Phones (USB Debugging mode)

MrMike2182 said:
Ok I'm curious about something.. I was wondering how Odin connects to make it's changes when you're using it so I put the phone into Download mode and I decided to try and find how it is connected which I know is by usb so I did lsusb and it listed the phone like this...
Bus 001 Device 003: ID 04e8:685d Samsung Electronics Co., Ltd GT-I9100 Phone [Galaxy S II] (Download mode)
But why Samsung Galaxy S II ?! GT-I9100..\
With the phone on and in PTP mode I get..
Bus 001 Device 005: ID 04e8:6866 Samsung Electronics Co., Ltd GT-I9300 Phone [Galaxy S III] (debugging mode)
Software mode
Bus 001 Device 006: ID 04e8:685e Samsung Electronics Co., Ltd GT-I9100 / GT-C3350 Phones (USB Debugging mode)
Click to expand...
Click to collapse
Thats because its in the kernel source. It seems they believe if it aint broke, dont fix it.

!!!!!Bootloader Unlock & TWRP Achieved!!!!!

A-Team Digital Solutions
*Exclusive Release*
Idol 5 Bootloader Unlock & TWRP Recovery
Get ahold of me to see what else can be done with this phone, as I don't physically own it and can't help out getting things going unless I have the required info from someone who has one of these. I would Imagine GSI roms can now be installed on it, but more testing would need to be done. If someone would like to donate me a device, I can have something spun up in no time, otherwise there isn't much more that can be done without a device to test on.
-Bootloader Unlock & TWRP-
https://androidforums.com/threads/6060c-bootloader-unlock.1327876/
-Telegram Live Chat-
https://t.me/Android_General_Chat​

Wow! :good:

Update
[hi guys I'm the guinea pig haha,thanks to @PizzaG,and @diplomatic]
After a fun weekend of tweaking [no,not that kind] I have managed to mount the system and dev partitions to -rw and can report I've successfully managed to edit the build.prop as well as a few others by way of utilizing a multi user interactive ADB shell/terminal shell [xterm/color256term] and Ghost Commander file explorer. Not 100% sure how it's working but I'm thinking it's exploiting some loophole in the REMOTE/LOCAL-multiuser GID/UID protocols. Any ideas?

Firmware
Hi, is there anyone who has a way to install standart firmware, my phone is frozen on the initial boot screen. (Factort reset) does not work
HELPPP

Happytop said:
Hi, is there anyone who has a way to install standart firmware, my phone is frozen on the initial boot screen. (Factort reset) does not work
HELPPP
Click to expand...
Click to collapse
Yes, I have access to the alcatel stock firmware flasher and the stock firmware. Pm me for link

how can i get mtk-su?

stevegsames said:
how can i get mtk-su?
Click to expand...
Click to collapse
Experimental Software Root for HD 8 & HD 10

Thanks @diplomatic, im running out of steam, lol. Ill post the rest of what i have tonight so you idol 5 users have at least standard temp root. My tester kinda fizzled out so....... You guys have the prop line for oem unlock=1, but no fastboot access. And i cant find the intial release stock dump anywhere. I was hoping i could and it would have working fastboot like my device. Anyways, i need a new reliable tester to see if you guys are stuck with temp root or if you can have perm root

@PizzaG, you mean you can't boot your phone? If so, sorry to hear that. I don't know the details about Alcatel phones, but I hope there's some way to restore the firmware....
Also, will you have a chance to test what I proposed in my PM?

diplomatic said:
Experimental Software Root for HD 8 & HD 10
Click to expand...
Click to collapse
Thank$ for the help
---------- Post added at 05:39 PM ---------- Previous post was at 04:42 PM ----------
How can I mount the /$y$tem partition to -rw?

stevegsames said:
Thank$ for the help
How can I mount the /$y$tem partition to -rw?
Click to expand...
Click to collapse
If it's a recent phone, you probably can't due to dm-verity. You can check by running
mount | grep /system
If the first word is something like '/dev/block/dm-0', then remounting system is a no-go without unlocking the bootloader. If it doesn't say 'dm-0', but 'mmcblkXXX', then you might want to try
mount -o remount,rw /system
(BTW, I'm gonna guess your s-key is broken )

stevegsames said:
Thank$ for the help
---------- Post added at 05:39 PM ---------- Previous post was at 04:42 PM ----------
How can I mount the /$y$tem partition to -rw?
Click to expand...
Click to collapse
I'm not sure yet if you can.

diplomatic said:
If it's a recent phone, you probably can't due to dm-verity. You can check by running
mount | grep /system
If the first word is something like '/dev/block/dm-0', then remounting system is a no-go without unlocking the bootloader. If it doesn't say 'dm-0', but 'mmcblkXXX', then you might want to try
mount -o remount,rw /system
(BTW, I'm gonna guess your s-key is broken )
Click to expand...
Click to collapse
Yup key i$ broken
It i$ a recent phone and it $ay$ dm-0

So what is the process in rooting this phone

Some NEWS guys, check this out and let me know if it works for Idol 5. It's Based off the Working Temp Root Xploit, hopefully it will give you Magisk
https://github.com/JunioJsv/mtk-easy-su

Bootloader unlock and twrp
https://androidforums.com/threads/6060c-bootloader-unlock.1327876/
https://forum.xda-developers.com/idol-5/development/guide-alcatel-idol-5-6060c-bootloader-t4157411

Huawei Bootloader Brute Force

DISCLAIMER
* I am not responsible for bricked devices, dead SD cards,
* thermonuclear war, or you getting fired because the alarm app failed.
* YOU are choosing to make these modifications, and if
* you point the finger at me for messing up your device, I will laugh at you.
Click to expand...
Click to collapse
UNLOCK BOOTLOADER
This script brute forces your bootloader until it finds the code.
1.Download the python script : mega.nz/file/aoUAka4I#Tkn7fAqLGm4GtG89w-oIrymacQHlfhcfHyl8WHHUDXc
2.Download the python program from Python website.
3.Install the python program.
4.Unzip the script.
5.Write your phone FIRST IMEI down.
6.Enable developer options in Android.
7.Enable USB debugging in Android.
8.Connect your device to the computer and launch the script.
Use command: C:\your file location\your file location\ python unlock.py
9.When prompted insert your phone's FIRST IMEI
The process could take days but you don't have to pay for programs like DC-Unlocker and sooooo on.
If you get the error "unknownfail" you must edit the "unlock.py" file and modify "True" to "False" from "unknownfail" section.
GOOD LUCK!!!!
The program was created by "SkyEmie" and i just made the tutorial.

Is it safe ? Any chance of data loss ?

murali3127 said:
Is it safe ? Any chance of data loss ?
Click to expand...
Click to collapse
If it gets the good bootloader code it automatically reset the mobile phone.All the phones does this.

Ifnit takes days does it continue where left off ?

I got this.
fastboot: error: Command failed
Could not parse output.
Please check the output above yourself.
If you want to disable this feature, switch variable unknownfail to False

murali3127 said:
Is it safe ? Any chance of data loss ?
Click to expand...
Click to collapse
Don't worry. Every bootloader unlocking wipes all user data for sure!
About paid unlocking - to got you unlocking code, phone has to reboot and be wiped. After unlocking bootloader with code, in bootloader mode, phone also had to reboot and wipe all user data. Take your chance to install custom recovery and remove forced encryption if you want to try some custom rom or just backup user data.

murali3127 said:
I got this.
fastboot: error: Command failed
Could not parse output.
Please check the output above yourself.
If you want to disable this feature, switch variable unknownfail to False
Click to expand...
Click to collapse
you must edit unlock.py file (right click>edit with ide>) and at "unknownfail" line it will say "True" change it to "False"

It doesnt work on emui10, Readme says.

Hello. I was very interested in the topic.
Is it possible to unlock the bootloader on the Huawei P30 Pro in this way? I can have Emui 9
Has anyone succeeded?

Has been running for 12 hours so far on my Huawei Y560-U02.
Will update if it works...
Running on the spare PC.
Screen information did not change since it started but I can see the CPU is busy.

Hey guys,
i also have tried to bruteforce my bootloader code with the python script you mentioned. However, without any kind of success. I've tried both EMAIs and it hasn't found a fitting bootloader code. (And yes I got EMUI 5 and the EU version). Seems like my only choice is to buy a dc unlocker code.
Now back to you. Instead of using a single-core python script check out this github repository, where somebody wrote the whole thing in C# but multithreaded. IT'S WAY FASTER. Only took 5-10 Minutes compared to the 5-10 hours python script by SkyEmie. Here is the link:
h t t p s://github.com/rainxh11/HuaweiBootloader_Bruteforce (sorry but i'm new to this forum so i am not allowed to send links unobfuscated) =)
I will try it for some more times but with different methods...
I hope you will succeed and if you do, please post it to this forum.
:good:
Edit: I compiled the program so you can download it directly if you want: h t t p://www .mediafire .com/file/h0w27xk18makz79/HuaweiBootloader_Bruteforce.exe/file

LukasBBB said:
Hey guys,
i also have tried to bruteforce my bootloader code with the python script you mentioned. However, without any kind of success. I've tried both EMAIs and it hasn't found a fitting bootloader code. (And yes I got EMUI 5 and the EU version). Seems like my only choice is to buy a dc unlocker code.
Now back to you. Instead of using a single-core python script check out this github repository, where somebody wrote the whole thing in C# but multithreaded. IT'S WAY FASTER. Only took 5-10 Minutes compared to the 5-10 hours python script by SkyEmie. Here is the link:
h t t p s://github.com/rainxh11/HuaweiBootloader_Bruteforce (sorry but i'm new to this forum so i am not allowed to send links unobfuscated) =)
I will try it for some more times but with different methods...
I hope you will succeed and if you do, please post it to this forum.
:good:
Edit: I compiled the program so you can download it directly if you want: h t t p://www .mediafire .com/file/h0w27xk18makz79/HuaweiBootloader_Bruteforce.exe/file
Click to expand...
Click to collapse
I ran the c# program 3 times, i am not sure if the last number it outputs is the password but i tried it and it failed to unlock.
I am now waiting for python and will follow up with an update when something interesting happens.

It does not seem that the Python method works on my type of device.
It tried to get the C# one running but it seems that it needs to be compiled 1st. I tried to compile it but I get error messages.
Can I get some tips on how to compile or or how to run it...

Johncoool said:
It does not seem that the Python method works on my type of device.
It tried to get the C# one running but it seems that it needs to be compiled 1st. I tried to compile it but I get error messages.
Can I get some tips on how to compile or or how to run it...
Click to expand...
Click to collapse
there is a compiled version of it on github under "releases". Or you can use my compiled version which i included in my thread.
---------- Post added at 10:32 PM ---------- Previous post was at 10:28 PM ----------
Krckoo said:
I ran the c# program 3 times, i am not sure if the last number it outputs is the password but i tried it and it failed to unlock.
I am now waiting for python and will follow up with an update when something interesting happens.
Click to expand...
Click to collapse
No, it tries ALL combinations that are possible for your device given by the IMEI so the last number is just the last one tried.
Important is: your device has to be in bootloader mode for this program to work properly.
Question: what device do you have? I've got the P9 Lite and couldn't bring it to work neither.

LukasBBB said:
Hey guys,
i also have tried to bruteforce my bootloader code with the python script you mentioned. However, without any kind of success. I've tried both EMAIs and it hasn't found a fitting bootloader code. (And yes I got EMUI 5 and the EU version). Seems like my only choice is to buy a dc unlocker code.
Now back to you. Instead of using a single-core python script check out this github repository, where somebody wrote the whole thing in C# but multithreaded. IT'S WAY FASTER. Only took 5-10 Minutes compared to the 5-10 hours python script by SkyEmie. Here is the link:
h t t p s://github.com/rainxh11/HuaweiBootloader_Bruteforce (sorry but i'm new to this forum so i am not allowed to send links unobfuscated) =)
I will try it for some more times but with different methods...
I hope you will succeed and if you do, please post it to this forum.
:good:
Edit: I compiled the program so you can download it directly if you want: h t t p://www .mediafire .com/file/h0w27xk18makz79/HuaweiBootloader_Bruteforce.exe/file
Click to expand...
Click to collapse
if the program hangs at the end with something like a code, is that the code?

XDboy YT BG said:
if the program hangs at the end with something like a code, is that the code?
Click to expand...
Click to collapse
No, look at the thread above for information about how the program works.

Thanks for tip.
C# worked but it only ran through a few and then it just stopped. It created a text file and there are around 300k possible codes for this.
The device I am using is Y560-U02 from 2015 running on Kitkat.
I found a 25 sec video for P9 last week. Maybe someone can figure out how they got it to work. It seems to be running on Python program.
https://peertube.fr/videos/watch/d4d47f18-a0ff-4eda-a21e-3f5ec3064c6e
---------- Post added at 06:46 PM ---------- Previous post was at 06:10 PM ----------
I found a way to bypass when it just stops. It is stopping after 16 attempts each time.
I will test my method and then post it here.
It should work for all Windows users.
---------- Post added at 07:30 PM ---------- Previous post was at 06:46 PM ----------
If you go to task manager you will see that it creates a fastboot.exe for each attempt. So Create a batch file with the below code and it will stop all of them on a loop with the time defined. Run it as Administrator to ensure that it works. Time is in seconds
Download the nircmd from the bottom of the below link. I used the not 64 bit one and and extract it then move the exe files to the C:\Windows\system32 folder or edit the script to include the directory you extract the files to.
https://www.nirsoft.net/utils/nircmd.html
-------------------------------------------------------------------------
@Echo off
:Loop
Timeout /T 10
nircmd.exe killprocess "fastboot.exe"
Goto loop:

Johncoool said:
Thanks for tip.
C# worked but it only ran through a few and then it just stopped. It created a text file and there are around 300k possible codes for this.
The device I am using is Y560-U02 from 2015 running on Kitkat.
I found a 25 sec video for P9 last week. Maybe someone can figure out how they got it to work. It seems to be running on Python program.
https://peertube.fr/videos/watch/d4d47f18-a0ff-4eda-a21e-3f5ec3064c6e
---------- Post added at 06:46 PM ---------- Previous post was at 06:10 PM ----------
I found a way to bypass when it just stops. It is stopping after 16 attempts each time.
I will test my method and then post it here.
It should work for all Windows users.
---------- Post added at 07:30 PM ---------- Previous post was at 06:46 PM ----------
If you go to task manager you will see that it creates a fastboot.exe for each attempt. So Create a batch file with the below code and it will stop all of them on a loop with the time defined. Run it as Administrator to ensure that it works. Time is in seconds
Download the nircmd from the bottom of the below link. I used the not 64 bit one and and extract it then move the exe files to the C:\Windows\system32 folder or edit the script to include the directory you extract the files to.
https://www.nirsoft.net/utils/nircmd.html
-------------------------------------------------------------------------
@Echo off
:Loop
Timeout /T 10
nircmd.exe killprocess "fastboot.exe"
Goto loop:
Click to expand...
Click to collapse
Well in theory, the fastboot.exe files should close automatically after they tried to unlock the bootloader with the given code. Not sure wether this may be dependent from the device youre using.

It seems to be happening on all the devices that are using the C# script.
Even on yours. You mentioned that it is hanging. This is the way to bypass it. It has reached over 30k so far which is over 10%.

Johncoool said:
It seems to be happening on all the devices that are using the C# script.
Even on yours. You mentioned that it is hanging. This is the way to bypass it. It has reached over 30k so far which is over 10%.
Click to expand...
Click to collapse
Well, the funny thing is, the guy in the video also hasn't got it to work, which is not an unexpected result, since it would take decades to do it like he did (he is testing ALL codes from 0 to ?).