Hi,
I recently got a brand new s6 G920A AT&T version from an authorized reseller. To my surprise the firmware on it is very old - 5.0.2 with sw version G920AUCU1AOCE
I have heard that this firmware was a pre-release/developer/engineering version of s6 and has unlocked bootloader. Is that true?
How do I find if the bootloader is locked or unlocked in my samsung s6 or for that matter in *any Samsung* phone? Is it possible to check using Odin or some other tool on whether the bootloader is unlocked?
Please let me know your thoughts or ideas! If the above is true, I could perhaps extract the unlocked bootloader and share it with everybody else!!
Thanks!
Alright Interesting...
Use ADB:
=========================================
1. Make to go to about device and tap build number 7 times.
2. Go to developer options (Above About Device)
3. Check usb debugging and oem (Just in case)
4. Connect your phone to your computer via usb cable (Of Course)
5. Download ADB Fastboot if you haven't already =====> https://forum.xda-developers.com/showthread.php?t=2317790
6. Install it and after that it should be set-up
6. Type the command fastboot devices
7. Then type fastboot oem device-info (BTW I am sorry for letting you know now but i think you might need to be in downloading mode or something to use the commands)
8. It should tell you if it is unlocked or not
==============================================
Method 2:
1. Boot up the phone normally then open the phone application and go to the dialer
2. *#*#7378423#*#*
3. Then service info --> configuration
4. Then it should say one of the following:
---------------------------------------------------------------------------------------------------------------------------------
1. Bootloader unlock allowed --Yes >> This means that your Bootloader is Locked
2. Bootloader Unlocked - Yes >> This means that your Bootloader is unlocked
I hope i was helpful to you, if not then i'm sorry to have wasted your time.
Thanks @ROOT67! Let me try both options out and get back on this thread.
ROOT67 said:
Use ADB:
=========================================
1. Make to go to about device and tap build number 7 times.
2. Go to developer options (Above About Device)
3. Check usb debugging and oem (Just in case)
4. Connect your phone to your computer via usb cable (Of Course)
5. Download ADB Fastboot if you haven't already =====> https://forum.xda-developers.com/showthread.php?t=2317790
6. Install it and after that it should be set-up
6. Type the command fastboot devices
7. Then type fastboot oem device-info (BTW I am sorry for letting you know now but i think you might need to be in downloading mode or something to use the commands)
8. It should tell you if it is unlocked or not
==============================================
Method 2:
1. Boot up the phone normally then open the phone application and go to the dialer
2. *#*#7378423#*#*
3. Then service info --> configuration
4. Then it should say one of the following:
---------------------------------------------------------------------------------------------------------------------------------
1. Bootloader unlock allowed --Yes >> This means that your Bootloader is Locked
2. Bootloader Unlocked - Yes >> This means that your Bootloader is unlocked
I hope i was helpful to you, if not then i'm sorry to have wasted your time.
Click to expand...
Click to collapse
Both the methods did not work! Please see for details below.
ROOT67 said:
Use ADB:
=========================================
1. Make to go to about device and tap build number 7 times.
2. Go to developer options (Above About Device)
3. Check usb debugging and oem (Just in case)
4. Connect your phone to your computer via usb cable (Of Course)
5. Download ADB Fastboot if you haven't already =====> https://forum.xda-developers.com/showthread.php?t=2317790
6. Install it and after that it should be set-up
6. Type the command fastboot devices
7. Then type fastboot oem device-info (BTW I am sorry for letting you know now but i think you might need to be in downloading mode or something to use the commands)
8. It should tell you if it is unlocked or not
==============================================
Click to expand...
Click to collapse
I could not put it in fastboot mode. Do we know if the Samsung s6 supports fastboot mode? If so, how to put it in fastboot mode?
Also as a side note, in developer mode under settings, I could find check box for USB debugging but not for OEM. There was another post which said that OEM checkbox was added under developer options only after bootloader lock was introduced in 5.1.1 firmware. Not sure if this is true.
Method 2:
1. Boot up the phone normally then open the phone application and go to the dialer
2. *#*#7378423#*#*
3. Then service info --> configuration
4. Then it should say one of the following:
---------------------------------------------------------------------------------------------------------------------------------
1. Bootloader unlock allowed --Yes >> This means that your Bootloader is Locked
2. Bootloader Unlocked - Yes >> This means that your Bootloader is unlocked
Click to expand...
Click to collapse
When I dial this number, nothing happened. Is there a different number for Samsung s6?
It's not a pre-release/developer/engineering firmware. It's just a really old firmware which released for public officially.
jilebi said:
Both the methods did not work! Please see for details below.
I could not put it in fastboot mode. Do we know if the Samsung s6 supports fastboot mode? If so, how to put it in fastboot mode?
Also as a side note, in developer mode under settings, I could find check box for USB debugging but not for OEM. There was another post which said that OEM checkbox was added under developer options only after bootloader lock was introduced in 5.1.1 firmware. Not sure if this is true.
When I dial this number, nothing happened. Is there a different number for Samsung s6?
Click to expand...
Click to collapse
No other number is available that i know of, like the person above stated it is a old firmware version and with that said i would highly try to prevent any updates from installing. I would love to help you out, but since i have no idea as to what would be needed to tell if the bootloader is unlocked, but i do know since Samsung is against us rooting and using our devices the way we want, it is safe to assume the bootloader is locked and because you have at&t variant. Your best bet to get your device bootloader information is to look around on the XDA forums.
Do you have any details on whether the bootloader was locked or unlocked for this old version? How can one test or check if bootloader is locked?
forumber2 said:
It's not a pre-release/developer/engineering firmware. It's just a really old firmware which released for public officially.
Click to expand...
Click to collapse
jilebi said:
Do you have any details on whether the bootloader was locked or unlocked for this old version? How can one test or check if bootloader is locked?
Click to expand...
Click to collapse
All AT&T branded nearly-new (including S6) Samsung devices has a non-unlockable locked bootloader.
There's no way to test that.
here are a couple of test scenario that i can think of. let me know your thoughts on them
- if the device is rooted, load a custom recovery like TWRP. next, try to boot into custom recovery. if it boots into custom recovery, bootloader is unlocked. if not, try to restore factory recovery using odin.
- if the device is rooted, load a custom ROM. next, try to boot into custom ROM. if it boots into custom ROM, bootloader is unlocked. if not, try to restore factory ROM using odin.
Will these test scenarios work? If not, what are the potential issues you see?
forumber2 said:
All AT&T branded nearly-new (including S6) Samsung devices has a non-unlockable locked bootloader.
There's no way to test that.
Click to expand...
Click to collapse
jilebi said:
here are a couple of test scenario that i can think of. let me know your thoughts on them
- if the device is rooted, load a custom recovery like TWRP. next, try to boot into custom recovery. if it boots into custom recovery, bootloader is unlocked. if not, try to restore factory recovery using odin.
- if the device is rooted, load a custom ROM. next, try to boot into custom ROM. if it boots into custom ROM, bootloader is unlocked. if not, try to restore factory ROM using odin.
Will these test scenarios work? If not, what are the potential issues you see?
Click to expand...
Click to collapse
- There's no custom recovery or custom kernel for SM-G920A, because of the reason I've wrote above.
- Installing a custom ROM doesn't require an unlocked bootloader unless the ROM doesn't require custom kernel. (Custom ROMs for SM-G920A don't require custom kernel (except leaked engineering/debugging kernel from Samsung for disabling dm-verity))
forumber2 said:
- There's no custom recovery or custom kernel for SM-G920A, because of the reason I've wrote above.
- Installing a custom ROM doesn't require an unlocked bootloader unless the ROM doesn't require custom kernel. (Custom ROMs for SM-G920A don't require custom kernel (except leaked engineering/debugging kernel from Samsung for disabling dm-verity))
Click to expand...
Click to collapse
Got it. Thanks. That makes sense.
Here is another option. For making custom recovery, my understanding is that partition info is needed. If the device is rooted e.g. using Pingpong (which works for this Android version), then one can get a partition info and compile TWRP for G920A. If so, can one try to install custom recovery like TWRP and verify if bootloader is locked? It feels to me that this may work. Do you see any flaws?
One possible flaw is that if bootloader is locked, it will prevent recovery from loading. So the phone will be without a working recovery. In that case, can factory recovery be re-installed using Odin?
Also, will any of the above steps trigger the KNOX flag?
jilebi said:
Got it. Thanks. That makes sense.
Here is another option. For making custom recovery, my understanding is that partition info is needed. If the device is rooted e.g. using Pingpong (which works for this Android version), then one can get a partition info and compile TWRP for G920A. If so, can one try to install custom recovery like TWRP and verify if bootloader is locked? It feels to me that this may work. Do you see any flaws?
One possible flaw is that if bootloader is locked, it will prevent recovery from loading. So the phone will be without a working recovery. In that case, can factory recovery be re-installed using Odin?
Also, will any of the above steps trigger the KNOX flag?
Click to expand...
Click to collapse
You don't have to get partition info, and compile TWRP. All S6 variants are using same partition name scheme and there are no difference on TWRP builds between S6 variants (except kernel and DTB).
The bootloader won't allow you to flash any custom recovery image (via Odin or in Android OS). If you could flash it, It won't boot it up anyway.
I don't have any idea about the KNOX trigger on AT&T variant devices, but I think it won't increase anyway.
forumber2 said:
You don't have to get partition info, and compile TWRP. All S6 variants are using same partition name scheme and there are no difference on TWRP builds between S6 variants (except kernel and DTB).
The bootloader won't allow you to flash any custom recovery image (via Odin or in Android OS). If you could flash it, It won't boot it up anyway.
I don't have any idea about the KNOX trigger on AT&T variant devices, but I think it won't increase anyway.
Click to expand...
Click to collapse
Sorry, I perhaps misunderstood from your last post that since custom recovery is not available for G920A it implied its partition info was different from other variants. If it is the same partition structure for all variants, then I guess we can use the TWRP for the G920F international version for which bootloader is unlocked.
Now that we agree that TWRP is available for use on G920A, the next question is how to load it. My thought is that if the device is rooted that means one can use dd at root shell prompt to write TWRP to the recovery partition, without using Odin or the current bootloader. Do you agree?
Not sure I understand why you say that if one could flash TWRP it would not boot anyways. If bootloader is unlocked (which is what we are testing here), then it should boot, right?
jilebi said:
Sorry, I perhaps misunderstood from your last post that since custom recovery is not available for G920A it implied its partition info was different from other variants. If it is the same partition structure for all variants, then I guess we can use the TWRP for the G920F international version for which bootloader is unlocked.
Now that we agree that TWRP is available for use on G920A, the next question is how to load it. My thought is that if the device is rooted that means one can use dd at root shell prompt to write TWRP to the recovery partition, without using Odin or the current bootloader. Do you agree?
Not sure I understand why you say that if one could flash TWRP it would not boot anyways. If bootloader is unlocked (which is what we are testing here), then it should boot, right?
Click to expand...
Click to collapse
A custom recovery is not available for G920A, because no one could try any custom recovery on G920A due to locked bootloader.
Yes you can write the recovery image via dd at root shell prompt.
And yes, If bootloader is unlocked, it will boot it up.
Sorry to ressurect this old thread, but can you (or anybody else who is knowledgeable) answer the following?
1. Since custom recovery is not available for G920A, which of the Tmobile/Sprint/International versions of TWRP custom recovery would you recommend to use for testing if bootloader is unlocked, using either ODIN or dd method?
2. If bootloader is unlocked, you are suggesting below that it should boot up. However, if it is locked, then will the phone still boot up? i.e. if one does not go into recovery mode, will it still boot up or does the bootloader check if both recovery and kernel are signed and if it finds that the recovery is unsigned, will it also prevent the signed kernel from booting up?
Thanks!
forumber2 said:
A custom recovery is not available for G920A, because no one could try any custom recovery on G920A due to locked bootloader.
Yes you can write the recovery image via dd at root shell prompt.
And yes, If bootloader is unlocked, it will boot it up.
Click to expand...
Click to collapse
I really hate that boot screen that makes you think your phone is going to blow up because the bootloader is unlocked... I realize that having it unlocked is perfectly fine, and with Magisk, all the Google security stuff still works just fine.. I also know that an unlocked booloader makes it much easier to flash updates (flash-all but remove the -w) ... So please don't try to explain why I should leave my bootloader unlocked.
WIth my HTC phones, unlocking the bootloader would erase the phone (obviously, and just like the Pixel 2). Locking the bootloader wouldn't erase the phone on the HTC, but with the Pixel 2, the instructions say that it WILL ERASE THE PHONE.
With the HTC, the wipe happened in recovery, so if I had TWRP installed, the phone wouldn't erase... I could easily switch between locked and unlocked, and as long as I had TWRP installed, the phone would "think" it was going to erase, but I stopped it.
So my question is... Does the Pixel 2 wipe the phone on lock/unlock through recovery? If so, can I lock the phone with TWRP installed in recovery and prevent that lock? I know I can make a backup and try it and see, but since the Feb update, getting into a decrypted recovery has become a pain (remove pin/password, reboot, reboot to recovery, do what you want, reboot to system, add the pin/password, add fingerprint, open EVERY SINGLE APP THAT USES FINGERPRINT AND SET LOGIN AND REGISTER THE FINGERPRINT - it frustrates me, in case you can't tell).
You cannot flash TWRP unless you are unlocked so at this time there is no way to unlock the bootloader without a full wipe.
I think you misunderstood the question. I have unlocked the bootloader (let it wipe) and installed TWRP. I want to know if the re-lock will wipe through recovery (and therefore be stopped by TWRP) or if it does the wipe using some other method (and therefore wiping regardless).
1. You won't be able to maintain your userdata while switching between locked and unlocked states.
2. You will likely not be able to boot your device either after locking your phone.
For 1)
The Pixel 2 enables FBE (filesystem-based encryption) by default for your userdata partition. The encryption keys are derived from a hardware secret (accessible only from TrustZone), the RSA public key that was used to sign the boot image and a flag (whether it is locked or unlocked). The latter parameters are provided by the bootloader (lk) to the Keymaster trustlet (running in TrustZone).
If any of these parameters change, then the encryption keys will change as well. As a result, your files will remain inaccessible even if you were hypothetically able to flip the lock state.
For 2)
Unlocking the bootloader (fastboot flashing unlock) will disable verification of the boot image. TWRP is installed by modifying the boot image (in both the "a" and "b" slots) which invalidates the Verified Boot signature that covers this boot image (stored in the vbmeta partition). When the device is locked again, the bootloader will fail to pass the signature check and stay in the "red" boot state. At that point I guess you have a brick (I have not tried this myself for obvious reasons).
Source: reading the lk source code and various Android documentation such as https://source.android.com/security/encryption/file-based
Lekensteyn said:
When the device is locked again, the bootloader will fail to pass the signature check and stay in the "red" boot state. At that point I guess you have a brick (I have not tried this myself for obvious reasons).
Click to expand...
Click to collapse
The signature of the Custom ROM (Official LineageOS) can be integrated into the bootloader before re-locking the bootloader.
But this is the problem: "Lineage Recovery is also built in userdebug mode, that's a problem. When Lineage recovery is built this way, it allows any package, signed or unsigned, to be installed on your phone. This effectively negates the benefits of locking the bootloader. [...] In fact most custom ROMs simply use TWRP or another third party recovery which has the same issues as they are designed to never even look at the signatures of the packages they are flashing to your device."
"A discussion about bootloader locking/unlocking... AKA I want to relock my bootloader, should I?: LineageOS"
https://www.reddit.com/r/LineageOS/comments/n7yo7u
Bricked Pixel 2 - locked bootloader & no access to developer options - please help
Hello guys, I just bought myself a Pixel 2 device today and decided to have a go at some changes: I've unlocked my bootloader of my Pixel 2 to perform TWRP flashing & Magisk installation and afterwards I decided to revert to stock.
The first step that I did when trying to revert to stock was to relock the bootloader via adb because I thought (big mistake) this will also revert everything to the factory image. Problem is right now the device isn't booting anymore (so I cannot change anything in developer settings and the bootloader is locked).
Fastboot does work now (I get an "FA8271A02780 fastboot" message when typing fastboot devices) but I cannot flash anything (it always says FAILED: remote Flashing unlock is not allowed.
I tried the Deuces script and UAF but they don't work (because my bootloader is locked). Given that I cannot unlock it, is there any way of flashing the stock image on my device? Any help is appreciated. Thanks a lot.
Sadly I don't believe so. Google doesn't allow us to flash anything without bootloader being unlocked. Other OEMs either have a program or allow you flash signed roms with a locked bootloader. For the trouble iTunes is at least you flash firmware through in the event of a Brick
This is the case, I have a problem with the Flash ROM, now the phone can go into fastboot, but there is no Recovery, and the phone's bootloader is locked.
You're going to have to give a bit more detail if you want help from this community.
For example:
What phone variant do you have?
What did you have on your phone when it was running properly? i.e stock android, locked bootloader, rooted etc.
What 'Flash ROM" do you mean a factory image or custom ROM?
What had been trying to do to your phone i.e upgrade from Android 9 to 10 by sideloading an image?
Had you previously unlocked the bootloader?
I'm not saying that I will ultimately be able to resolve your issues but the more info you give the more likely someone here will.
Now,my pixel 3 can not work,the bootload is locked.when I select recovery by fastboot,The phone noticed me can not find vaild operating system,the device will not start.
I used to unlock the bootloader, it is because I locked the bootloader that this situation has occurred.
Can you unlock the bootloader again in fastboot?
wangdaning said:
Can you unlock the bootloader again in fastboot?
Click to expand...
Click to collapse
When I lock my devices bootload,then this devices auto wipe data, so I think oem unlock is not open.And I can not unlock bootload.
Is it possible to lock the bootloader with TWRP and a custom ROM installed and still use the device? Can I still flash ROMs in TWRP without hard/soft bricking my POCO?
Ungeskriptet said:
Is it possible to lock the bootloader with TWRP and a custom ROM installed and still us the device? Can I still flash ROMs in TWRP without hard/soft bricking my POCO?
Click to expand...
Click to collapse
Short Answer: No it's not feasible to do that, reason behind that is AVB 2.0 (Android Verified Boot). It checkes for a pre-existing hash of all paritions signed by the OEM key (in this case Xiaomi), If there are conflicts found and Bootloader is in Locked state, The result would be a Fatal Error and would skip booting The OS to go to repair mode (aka EDL mode), which you can access in Xiaomi devices only if you have a verified EDL account.
Besides, even if you modify the Bootloader Binery or signed the twrp.img with the oem key (which you don't have access to), you wouldn't be able to flash anything anyway, since the device would consider any modifications after that a fatal error as well and won't boot.
Long Answer: read up on the follwing topics:
1- Android verified boot https://android.googlesource.com/platform/external/avb/+/master/README.md
2- FROST attack on unlocked bootloader (The reason android implemented avb) https://www.cs1.tf.fau.de/research/system-security-group/frost/