This probably can't be done, but just wondering if it's even been thought about yet.
The stock VRUCML1 bootloader is signed and is unable to be modified in any way. However, a developer edition phone should have a modified bootloader in place already that allows custom software to be flashed.
Isn't it possible to dump the developer edition bootloader? If that's dumped, then using Odin or a jtag service to install the bootloader on a normal phone could possibly unlock the phone. That way the bootloader isn't really modified, but completely replaced.
Sent from my SCH-I535 using Tapatalk 2
BadUsername said:
This probably can't be done, but just wondering if it's even been thought about yet.
The stock VRUCML1 bootloader is signed and is unable to be modified in any way. However, a developer edition phone should have a modified bootloader in place already that allows custom software to be flashed.
Isn't it possible to dump the developer edition bootloader? If that's dumped, then using Odin or a jtag service to install the bootloader on a normal phone could possibly unlock the phone. That way the bootloader isn't really modified, but completely replaced.
Sent from my SCH-I535 using Tapatalk 2
Click to expand...
Click to collapse
This wouldn't work as it has to do with the device specific files. Its the same thing that stops people on sprint or t-mobile being able to flash ROMS from Verizon or at&t. Also when Samsung released there new update they tripped whats called the q-fuse, this fuse, once blown trips a system flag that makes the bootloader check the signature of each file during boot. Unfortunately once this is tripped there is no going back. This is why the boot loader on the 4.3 update is locked.
Related
Hello I was wondering if I could be pointed in the right direction. I was recently cursed with Samsung's knox crap because I didn't start messing with rooting until after the 4.3 update. Knox clicked and I am forever sick with 4.3. Except, I recently got a hold of a spare jtag connector from a friend. It is not a riff box it is an msp430-jtag connector. Would there be anyway way to hook this to my computer and write over 4.3 with an unlocked 4.3? Would I lose download mode or anything? I found a video of some guy decompiling 4.3 stock from a mini s4 and if you simply delete aboot.img sm1 sm2 and sm3 it fully gets rid of Knox. That is my goal with the jtag. Is there any software I can use that will read the storage? Well a jtag work in the first place or did Samsung find a way to prevent that too. Thanks!!!
bobbyofna said:
Hello I was wondering if I could be pointed in the right direction. I was recently cursed with Samsung's knox crap because I didn't start messing with rooting until after the 4.3 update. Knox clicked and I am forever sick with 4.3. Except, I recently got a hold of a spare jtag connector from a friend. It is not a riff box it is an msp430-jtag connector. Would there be anyway way to hook this to my computer and write over 4.3 with an unlocked 4.3? Would I lose download mode or anything? I found a video of some guy decompiling 4.3 stock from a mini s4 and if you simply delete aboot.img sm1 sm2 and sm3 it fully gets rid of Knox. That is my goal with the jtag. Is there any software I can use that will read the storage? Well a jtag work in the first place or did Samsung find a way to prevent that too. Thanks!!!
Click to expand...
Click to collapse
That could work on anything other than our phone model. Tampering with the bootchain at all will cause an instant hardbrick because of the locked bootloader. We have the only variant with a locked bootloader on 4.3.
We have no such thing as an unlocked 4.3 bootchain, but if you had one your idea would work perfectly. You just overwrite the original chain and it'll boot, but flashing anything currently available with a riff box except the vrucml1 bootchain will hardbrick the device.
Sent from my SCH-I535 using Tapatalk 2
To add it is not Knox that locked the bootloader. It is Qualcom code that burnt the Q-fuse on the processor making it non rewritable through that particular fuse. Only way to unlock from my understanding would be to be able to route through another fuse as there are like 4 of them. This enables Samsung to modify the bootloader a limited amount of times.
I'm still wondering if we could boot with the insecure boot loader if we "bricked" the 4.3 one then boot from sd with the insecure one. Does the debrick image hold all of the boot chain or is it just the part that seems to be easily bricked? Sure if that could work we would be dependent on the sd card but that wouldn't matter for a lot of people. I have another related question that someone might be able to answer. Is it possible to use the debrick image on a thumb drive connected with a otg cable?
ThePagel said:
I'm still wondering if we could boot with the insecure boot loader if we "bricked" the 4.3 one then boot from sd with the insecure one. Does the debrick image hold all of the boot chain or is it just the part that seems to be easily bricked? Sure if that could work we would be dependent on the sd card but that wouldn't matter for a lot of people. I have another related question that someone might be able to answer. Is it possible to use the debrick image on a thumb drive connected with a otg cable?
Click to expand...
Click to collapse
The debrick image doesn't have a bootchain. It's just a stock system image that the bootchain verifies and force boots into.
The bootchain is still present through the regular mechanism through the system checks (ie: fuses, chips) and knows it's booting a correct system image, you can't force a bootchain through an external SD card.
Sent from my SCH-I535 using Tapatalk 2
Taking it to verizon?
BadUsername said:
That could work on anything other than our phone model. Tampering with the bootchain at all will cause an instant hardbrick because of the locked bootloader. We have the only variant with a locked bootloader on 4.3.
We have no such thing as an unlocked 4.3 bootchain, but if you had one your idea would work perfectly. You just overwrite the original chain and it'll boot, but flashing anything currently available with a riff box except the vrucml1 bootchain will hardbrick the device.
Sent from my SCH-I535 using Tapatalk 2
Click to expand...
Click to collapse
youtube.com/watch?v=75DKAGNstbM
I did not mean using a bootchain I know it'll brick it I have made that mistake before and it is possible to come back from it by the way. If you watch this video he takes the current 4.3 rom and removes knox and the bootloader and reflashes it. Of course he was able to do this because he didn't trip knox in the first place which I have. But my goal with the JTAG would be to write over the memory bypassing the processor and flash a deknoxed 4.3 from there. Also I just found out that apparently some law went through which requires your carrier to unlock the bootloader for you if you take it to them and ask. Does anybody know of this? It would make sense that it says please take your phone to an authorized verizon dealer when the bootloader stops you. If that is true and I take my phone to them, would there be a way to record everything they are flashing onto my phone without hiding a usb sniffer so that we can figure out how to unlock this crap? Thanks.
bobbyofna said:
youtube.com/watch?v=75DKAGNstbM
I did not mean using a bootchain I know it'll brick it I have made that mistake before and it is possible to come back from it by the way. If you watch this video he takes the current 4.3 rom and removes knox and the bootloader and reflashes it. Of course he was able to do this because he didn't trip knox in the first place which I have. But my goal with the JTAG would be to write over the memory bypassing the processor and flash a deknoxed 4.3 from there. Also I just found out that apparently some law went through which requires your carrier to unlock the bootloader for you if you take it to them and ask. Does anybody know of this? It would make sense that it says please take your phone to an authorized verizon dealer when the bootloader stops you. If that is true and I take my phone to them, would there be a way to record everything they are flashing onto my phone without hiding a usb sniffer so that we can figure out how to unlock this crap? Thanks.
Click to expand...
Click to collapse
That law is for the sim unlock and 99% of Verizon store employees and customer service reps will have no idea how to help you with any problem.
ThePagel said:
That law is for the sim unlock and 99% of Verizon store employees and customer service reps will have no idea how to help you with any problem.
Click to expand...
Click to collapse
Are sure? because I found someone on the forums last night who said he went to verizon and they unlocked his bootloader. let me dig for it. I am definitely going to verizon tomorrow and trying for myself.
ThePagel said:
That law is for the sim unlock and 99% of Verizon store employees and customer service reps will have no idea how to help you with any problem.
Click to expand...
Click to collapse
http://forum.xda-developers.com/showthread.php?t=2683469
Here the guy talks about asking verizon about the bootloader.
bobbyofna said:
http://forum.xda-developers.com/showthread.php?t=2683469
Here the guy talks about asking verizon about the bootloader.
Click to expand...
Click to collapse
He asked over a phone call, he was never given an unlocked bootloader. And his information isn't correct.
They will have no idea what you're talking about in a store, but if you can get a hold of a unlocked bootloader, you should ask for an S4 one also then head over to their forum to collect the $5000 bounty.
Cut me a small chunk for pointing you in the right direction though. I'd be happy with $200 or so.
Trust me, they aren't required to give you anything to unlock your bootloader. They are only required to unlock the phone for global use following termination of a plan, and the phone is already unlocked to do that.
Sent from my SCH-I535 using Tapatalk 2
fuse
Prdog1 I also have knox how can I go about modifying the fuse?
DJBurner said:
Prdog1 I also have knox how can I go about modifying the fuse?
Click to expand...
Click to collapse
You won't be able to do this without hardware knowledge and complex programming understanding.
Highly experienced developers are working on this (maybe) , there's no documented method on hardware modification for that process.
Sent from my SCH-I535 using Tapatalk 2
Thanks
Thank you very much
BadUsername said:
You won't be able to do this without hardware knowledge and complex programming understanding.
Highly experienced developers are working on this (maybe) , there's no documented method on hardware modification for that process.
Sent from my SCH-I535 using Tapatalk 2
Click to expand...
Click to collapse
I've successfully rooted my Droid RAZR MAXX HD with stock firmware version 9.30.1, but I can't seem to figure out how to unlock the bootloader.
The one catch with my phone being rooted is that it always ends up in fastboot when it boots. A simple
Code:
fastboot continue
fixes the problem, but I was wanting to flash CWM Recovery to install CM.
I have a working su/Superuser.apk, but I can't seem to fix the bootloader dilemma.
The last software version with an unlockable bootloader is 9.16.6.XT926. Sent from my Nexus 7 using xda app-developers app
Jhall8 said:
The last software version with an unlockable bootloader is 9.16.6.XT926. Sent from my Nexus 7 using xda app-developers app
Click to expand...
Click to collapse
Okay... I also have another wonderful problem: my phone consistently gets into fastboot mode upon startup, with my current workaround of doing fastboot continue. Is there any way to fix my currently locked bootloader?
impinball said:
Okay... I also have another wonderful problem: my phone consistently gets into fastboot mode upon startup, with my current workaround of doing fastboot continue. Is there any way to fix my currently locked bootloader?
Click to expand...
Click to collapse
As Jhal said, you can't "fix" your bootloader, it's locked since you're on the newest OTA and it can't be unlocked. With that being said, your phone is not booting into fastboot because you're rooted. It's booting into FB because you tried to flash something that didn't work. What other things have you done or attempted to do, besides rooting? This will help us help you, the info you provided is pretty vague.
RikRong said:
As Jhal said, you can't "fix" your bootloader, it's locked since you're on the newest OTA and it can't be unlocked. With that being said, your phone is not booting into fastboot because you're rooted. It's booting into FB because you tried to flash something that didn't work. What other things have you done or attempted to do, besides rooting? This will help us help you, the info you provided is pretty vague.
Click to expand...
Click to collapse
I have done absolutely nothing beyond rooting it, installing Superuser & SuperSU (both through a script I can attach, but I'm on the wrong computer), and backed up a slew of apps.
This first begun when I modified the script to fix a bug in it (ash in JB 4.2 doesn't have a -f switch in rm, and the script had a 'rm -f'). If that bug didn't exist, then it would've still happened the first of several times (I attempted it about 4-5 times, but only the last caused this). The rm -f was actually doing effectively (with successful root privileges) 'rm -f /system/install-script-2.sh', but the script actually had another script to be put into it at the location /system/install-script.sh.
???
Start by detailing steps in your 2nd paragraph.
Your boot is locked if it was never unlocked before you upgraded to ...79 or later
what a coincidence i just got a xt926 and im at the same spot.. 9.30.1 rooted but locked ... iguess we're screwed huh
impinball said:
I've successfully rooted my Droid RAZR MAXX HD with stock firmware version 9.30.1, but I can't seem to figure out how to unlock the bootloader.
The one catch with my phone being rooted is that it always ends up in fastboot when it boots. A simple
Code:
fastboot continue
fixes the problem, but I was wanting to flash CWM Recovery to install CM.
I have a working su/Superuser.apk, but I can't seem to fix the bootloader dilemma.
Click to expand...
Click to collapse
Looks like you either flashed a fastboot or used a tool that used the command "fastboot oem fb_mode_set" which causes the phone to boot directly into fastboot mode. It can usually be fixed with the command "fastboot oem fb_mode_clear".
skeevydude said:
Looks like you either flashed a fastboot or used a tool that used the command "fastboot oem fb_mode_set" which causes the phone to boot directly into fastboot mode. It can usually be fixed with the command "fastboot oem fb_mode_clear".
Click to expand...
Click to collapse
Didn't work. It is still booting there on its own upon start-up.
Also, I will mention that I did commit an act of stupidity: trying to flash against a bootloader that I couldn't verify was unlocked yet. I stupidly ran the command when I wasn't even 50% sure that it was unlocked yet (and is likely the cause of all my problems):
Code:
fastboot flash recovery <cwm-file>.zip
I'm trying my hardest to avoid sending this to Motorola just for them to charge me for the replacement, saying I've voided any warranty that exists with the phone. I have the original firmware to flash just in case, but I don't have the Motorola fastboot (for the dev editions).
impinball said:
Didn't work. It is still booting there on its own upon start-up.
Also, I will mention that I did commit an act of stupidity: trying to flash against a bootloader that I couldn't verify was unlocked yet. I stupidly ran the command when I wasn't even 50% sure that it was unlocked yet (and is likely the cause of all my problems):
Code:
fastboot flash recovery <cwm-file>.zip
I'm trying my hardest to avoid sending this to Motorola just for them to charge me for the replacement, saying I've voided any warranty that exists with the phone. I have the original firmware to flash just in case, but I don't have the Motorola fastboot (for the dev editions).
Click to expand...
Click to collapse
First, there is no Dev Edition Fastboot....the closest would be Bell ICS since Bell shipped unlocked/unlockable Atrix HD's.
You don't flash zip files with fastboot flash.....Why is this becoming an issue these days?* The kernel is "fastboot flash boot boot.img"
*just thinking out loud
EDIT: Just realized that this was the RAZR HD forums.....just replying to quoted posts this morning....Not sure about RAZR HD Dev Edition fastboots....
Jhall8 said:
The last software version with an unlockable bootloader is 9.16.6.XT926. Sent from my Nexus 7 using xda app-developers app
Click to expand...
Click to collapse
The shame is, I never cared about unlocking the bootloader, as I prefer to stick to OTA's, but I do require root. So that's all I've ever done. I'm successfully rooted with the locked bootloader on 9.30.1, but it seems (at least as far as I've read on here) that I'm stuck there as I can't go anywhere else and maintain root. Would love kitkat, but root is essential.
Um, you can unlock the bootloader and still stick to OTAs.
Being able to root at any time and use custom recovery is reason enough for me.
killrhythm09 said:
Um, you can unlock the bootloader and still stick to OTAs.
Being able to root at any time and use custom recovery is reason enough for me.
Click to expand...
Click to collapse
I in no way implied I was AVOIDING unlocking due to the desire to stay on OTA's - just that I had no reason to pursue unlocking. This is the first android device I've had that ended up with a sunset where you couldn't unlock it at pretty much any point, so i never had a fear of taking the OTA and losing something in the process. If i had expected that, I certainly would have unlocked prior to 9.30.1 being installed. I honestly have yet to figure out why they don't release a program that would allow unlocking the devices - I'm not sure the manufacture's fear of unlocked bootloaders and root, as any program they release would be loaded with disclaimers - and frankly, it would allow easy restorations to ANY firmware version by service staff at verizon/at&t.
crazifuzzy said:
I in no way implied I was AVOIDING unlocking due to the desire to stay on OTA's - just that I had no reason to pursue unlocking. This is the first android device I've had that ended up with a sunset where you couldn't unlock it at pretty much any point, so i never had a fear of taking the OTA and losing something in the process. If i had expected that, I certainly would have unlocked prior to 9.30.1 being installed. I honestly have yet to figure out why they don't release a program that would allow unlocking the devices - I'm not sure the manufacture's fear of unlocked bootloaders and root, as any program they release would be loaded with disclaimers - and frankly, it would allow easy restorations to ANY firmware version by service staff at verizon/at&t.
Click to expand...
Click to collapse
Talk to Verizon. They're the ones preventing the bootloader from being unlocked.
Sent from my Nexus 7 using Tapatalk
iBolski said:
Talk to Verizon. They're the ones preventing the bootloader from being unlocked.
Sent from my Nexus 7 using Tapatalk
Click to expand...
Click to collapse
This. It's no coincidence that the xt925 can be unlocked through Motorola. Carriers are always the problem here in the US.
crazifuzzy said:
I in no way implied I was AVOIDING unlocking due to the desire to stay on OTA's - just that I had no reason to pursue unlocking. This is the first android device I've had that ended up with a sunset where you couldn't unlock it at pretty much any point, so i never had a fear of taking the OTA and losing something in the process. If i had expected that, I certainly would have unlocked prior to 9.30.1 being installed. I honestly have yet to figure out why they don't release a program that would allow unlocking the devices - I'm not sure the manufacture's fear of unlocked bootloaders and root, as any program they release would be loaded with disclaimers - and frankly, it would allow easy restorations to ANY firmware version by service staff at verizon/at&t.
Click to expand...
Click to collapse
Well, in actual reality, the XT926 was never meant to be unlocked. It was only unlockable via an exploit, just like obtaining root for locked devices is an exploit in the security of the OS/device.
So, there never really was a "sunset" for unlocking this device as it wasn't meant to be. Only after the exploit was found did a patch come out to stop that exploit from being utilized on any remaining unlocked phones, current or future.
So, when there is an exploit to unlock a device, your best bet is to take advantage of it immediately.
When I got my RAZR HD, it was as a warranty replacement for my OG RAZR MAXX. When I fired it up, it stated there was an OTA available. I immediately told it no and then went straight to the forums here and on another site to investigate what my options were. When I found out that there was the possibility of my unlocking the bootloader, I immediately went to where the tool was and downloaded it. I then proceeded to read and then ask questions on if my phone couldn't unlock, would it hurt it. SamuriHL helped me out a great deal and that is how I found all his tools and how much help he provides. If it weren't for him, I wouldn't have discovered that I could unlock my bootloader.
Usually, I investigate the phone I'm interested in to see if:
1. Can the bootloader be unlocked (or is it already unlocked)?
2. Is there a known root exploit IF the bootloader cannot be unlocked?
3. What are the ROM options (safestrap, cwm, twrp recovery)?
It's definitely something I normally would look into, but I didn't know that I was going to receive the RAZR HD. Once I discovered the possibility of unlocking the bootloader, I was hoping beyond all hope that it could happen and it did. How I received a replacement phone that wasn't patched to the latest OTA was beyond me, but that is the reason I refused the OTA when I first fired up the phone. I had already read about other "horrors" of people taking an OTA and then finding they couldn't root or do other things with their phones.
Lesson learned is, NEVER take an OTA until you've fully researched what it does and what it might prevent.
So I have received a "Certified Pre-Owned" Nexus 5 from T-Mobile just a couple days ago. Within the first few hours, I rooted it. At this point I could no longer install (but still received) OTAs, and IIRC that is because the system partition has been altered. I eventually did unroot, but I still could not install OTAs. Now, there is a hardware issue with the phone: it will not vibrate properly anymore. And I have tried those solutions like pressing on the back. So will need to return this phone for a replacement or repair. I have read somewhere that T-Mobile runs a diagnostic tool to check the phone software. My phone is not rooted, and I have not unlocked it or altered the ROM in any way, but will T-Mobile know that my system partition is different? Am I still covered under warranty?
You could just flash the latest entire factory image and relock the bootloader - not sure how Tmobile would be able to tell anything different especially since the nexus 5 isn't a carrier locked device.
janjanrex said:
You could just flash the latest entire factory image and relock the bootloader - not sure how Tmobile would be able to tell anything different especially since the nexus 5 isn't a carrier locked device.
Click to expand...
Click to collapse
I don't plan to unlock my bootloader at all for a while. I unrooted with KingRoot, and now my phone is identical to stock except for a couple of files in the system partition that are traces of the root. I know this because OTA installations will result in an error. But that is the only thing that differs from a stock device. Will T-Mobile be able to access the system partition or somehow force an OTA upon it and find that it was once rooted? This is what I fear. What exactly does T-Mobile do when it receives the phone to make sure it had warranty?
Actually, what I would like to know for my peace of mind is...
Is there any way that T-Mobile can find out that I rooted?
janjanrex said:
You could just flash the latest entire factory image and relock the bootloader - not sure how Tmobile would be able to tell anything different especially since the nexus 5 isn't a carrier locked device.
Click to expand...
Click to collapse
I used the Nexus Root Toolkit to unlock, flash stock, unroot, lock, set tamper to false, etc. I can install OTAs now, and there is no way that I can think that my phone can be seen as altered. Just to confirm:
Is there any way now that T-Mobile will know that I did anything?
I have a Verizon tablet. I would like to flash a version of the firmware did not come from Verizon, the same firmware that I'd have gotten if I didn't buy it from them and is not tied to any carrier at all. Is this possible without doing anything weird that you'd have to do with a custom ROM like unlock the bootloader? Or can this be accomplished with no complications whatsoever by flashing through Odin?
counciler said:
I have a Verizon tablet. I would like to flash a version of the firmware did not come from Verizon, the same firmware that I'd have gotten if I didn't buy it from them and is not tied to any carrier at all. Is this possible without doing anything weird that you'd have to do with a custom ROM like unlock the bootloader? Or can this be accomplished with no complications whatsoever by flashing through Odin?
Click to expand...
Click to collapse
Firmwares are model number specific plus, Verizon has locked bootloader on every one of their Samsung devices younger than 2 years old and some of the older ones that have been updated to Lollipop or newer have locked bootloader, some are locked as far back as KitKat. If the device you have has a locked bootloader then it's not gonna allow you to flash anything that isn't Verizon firmware.
Sent from my SM-S903VL using Tapatalk
Got it, thank you.
I was given an AT&T I337 that had been operator unlocked by a friend. I took it back to NF1 ROM using Heimdall, acquired root with Towelroot and then used Safestrap to boot custom recovery. However, it seems that there is still no way to unlock the bootloader and install other than TW ROMs fully utilizing the phone? I came across an old thread where someone hinted that he had cracked the bootloader encryption but it seemed to fizzle out into nothing.
Am I correct in the understanding above? If so, I will put the phone away since this will not meet my needs.
hga89 said:
I was given an AT&T I337 that had been operator unlocked by a friend. I took it back to NF1 ROM using Heimdall, acquired root with Towelroot and then used Safestrap to boot custom recovery. However, it seems that there is still no way to unlock the bootloader and install other than TW ROMs fully utilizing the phone? I came across an old thread where someone hinted that he had cracked the bootloader encryption but it seemed to fizzle out into nothing.
Am I correct in the understanding above? If so, I will put the phone away since this will not meet my needs.
Click to expand...
Click to collapse
The bootloader is locked and cannot be unlocked. You are stuck with custom TW ROMS only. There was an exploit for the Android 4.2.2 jelly bean firmware that allowed custom ROMS and recovery, but the flaw was patched in later firmware builds and if you try to roll back to the 4.2.2 firmware you will brick your phone.
StoneyJSG said:
The bootloader is locked and cannot be unlocked. You are stuck with custom TW ROMS only. There was an exploit for the Android 4.2.2 jelly bean firmware that allowed custom ROMS and recovery, but the flaw was patched in later firmware builds and if you try to roll back to the 4.2.2 firmware you will brick your phone.
Click to expand...
Click to collapse
Thank you, then the information I gleaned was indeed correct. I will have to put this phone aside since I wanted to run LineageOS on it and it needed to be encrypted as well...