I don't fully understand the process of unlocking a bootloader on a phone, but what makes a Samsung phone so difficult to unlock? For instance could we unlock this phone using the same method as went use on other phone with a Snapdragon 835 processor?
State.of.mind said:
I don't fully understand the process of unlocking a bootloader on a phone, but what makes a Samsung phone so difficult to unlock? For instance could we unlock this phone using the same method as went use on other phone with a Snapdragon 835 processor?
Click to expand...
Click to collapse
It's not difficult to unlock, it's impossible to unlock. The team of guys who achieved root access on an SD835 S8 used a root exploit to get root on the phone, the bootloader is still locked and they won't be able to flash anything that isn't signed by Samsung.
As for your second question, ABSOLUTELY NOT.
Each OEM has a different way of unlocking their devices bootloaders.
Sony and HTC email you an unlock code after you submit your IMEI for bootloader unlocking, only with that code you can unlock your device.
Samsung phones (on applicable devices like Exynos ones), simply have a switch in developer options for OEM Unlock, just like Google's Pixel and Nexus devices, once that option is enabled, consider the bootloader 'unlocked', and you should be able to flash whatever you want, regardless of whether it's signed by Samsung or developed by some guy in his moms basement.
TL;DR:
No.
murtaza02 said:
It's not difficult to unlock, it's impossible to unlock. The team of guys who achieved root access on an SD835 S8 used a root exploit to get root on the phone, the bootloader is still locked and they won't be able to flash anything that isn't signed by Samsung.
As for your second question, ABSOLUTELY NOT.
Each OEM has a different way of unlocking their devices bootloaders.
Sony and HTC email you an unlock code after you submit your IMEI for bootloader unlocking, only with that code you can unlock your device.
Samsung phones (on applicable devices like Exynos ones), simply have a switch in developer options for OEM Unlock, just like Google's Pixel and Nexus devices, once that option is enabled, consider the bootloader 'unlocked', and you should be able to flash whatever you want, regardless of whether it's signed by Samsung or developed by some guy in his moms basement.
TL;DR:
No.
Click to expand...
Click to collapse
If you're using a phone with an unlocked boot loader could you in theory switch between operating systems? For instance could I flash a rom to run Lollipop on one slot and on another slot run Nougat?
State.of.mind said:
If you're using a phone with an unlocked boot loader could you in theory switch between operating systems? For instance could I flash a rom to run Lollipop on one slot and on another slot run Nougat?
Click to expand...
Click to collapse
Most phones don't have 'slots'. It's not a common thing yet.
The Google Pixel and Moto Z2 are the only ones that come to mind that have A/B partitions for seamless OS updates and in theory (on a Pixel), one should be able to flash Nougat on Slot A and Android O on Slot B, however I wouldn't recommend it at all, I always like having the same sh*t on both slots.
Also, Lollipop and Nougat are too far apart and there is no device in existence that has its OEM ROM based on LP and N. So no you wouldn't be able to.
I like rooting my devices as I like having control over them and what they do. The Galaxy A32 5G is no exception so I was disappointed to see that the OEM Unlocking was not even shown in the Developer menu. I did a little research and basically if you got this phone through the 5g Trade-Up promotion (I suspect most did) then you're stuck on stock until April 19th 2023 or later when these phones get paid off. So unless you pay it of sooner or are in the military being deployed overseas, then you're stuck on stock.
Reference: https://www.t-mobile.com/responsibility/consumer-info/policies/sim-unlock-policy
Check again in a week or so. Samsung phones always block displaying the oem unlock option for that long, from what I have read.
scottyrick2 said:
Check again in a week or so. Samsung phones always block displaying the oem unlock option for that long, from what I have read.
Click to expand...
Click to collapse
There also is a special binary from T-Mobile that needs to be flashed.
I don't think we will ever see it. My A10e still has no OEM unlocking option and its been active for months.
Also as a test OEM unlock does not show up even when the A32 5G is carrier unlocked either
How about some kind of turbo sim? May be some paid services ? Really need to use with another sim... And if I pay it off I will not get credits, right?
hyelton said:
I don't think we will ever see it. My A10e still has no OEM unlocking option and its been active for months.
Also as a test OEM unlock does not show up even when the A32 5G is carrier unlocked either
Click to expand...
Click to collapse
I was able to convince T-Mobile to unlock my phone. I can confirm that network unlock does not enable OEM unlock option in Developer Options.
Elastep said:
How about some kind of turbo sim? May be some paid services ? Really need to use with another sim... And if I pay it off I will not get credits, right?
Click to expand...
Click to collapse
Wait til you get at least 1 bill credit before you pay it off just to make sure the promotional credits are active. But if you do pay off the phone, you'll still receive the promotional recurring device credits as long as that line remains active. Info here if you want to read the details by T-Mobile.
jke000 said:
Wait til you get at least 1 bill credit before you pay it off just to make sure the promotional credits are active. But if you do pay off the phone, you'll still receive the promotional recurring device credits as long as that line remains active. Info here if you want to read the details by T-Mobile.
Click to expand...
Click to collapse
That's awesome!!! Att stopped paying you promo credits as soon as you pay it off... I'll definitely give it a shot! Thanks for the hint!
Can anyone get a stock unlocked rom build from their phone that has been unlocked by T-Mobile? Even the bootloader.img? We could all flash it and it might work for us.
For example,
Taking a dump of the bootloader partition such as this:
[GUIDE] Making Dump Files Out of Android Device Partitions
Use: The main purpose is to make a file that contains all data in android specific partition. This is really handy in case of dumping leak firmwares. Pr-requirement: - Rooted device. - Knowledge of how to use adb or Terminal Emulator. The...
forum.xda-developers.com
Magnetox said:
Can anyone get a stock unlocked rom build from their phone that has been unlocked by T-Mobile? Even the bootloader.img? We could all flash it and it might work for us.
For example,
Taking a dump of the bootloader partition such as this:
[GUIDE] Making Dump Files Out of Android Device Partitions
Use: The main purpose is to make a file that contains all data in android specific partition. This is really handy in case of dumping leak firmwares. Pr-requirement: - Rooted device. - Knowledge of how to use adb or Terminal Emulator. The...
forum.xda-developers.com
Click to expand...
Click to collapse
T-Mobile phones can only be carrier unlocked, which I believe is done via the network and IMEI, not through software/boot loader. T-mobile phones can not be OEM unlocked at this time. I am not sure if a carrier unlocked T-mobile dump would get us any closer to a root, and I don't think a dump is possible via the directions you posted since it requires root.
DeadDjembe said:
T-Mobile phones can only be carrier unlocked, which I believe is done via the network and IMEI, not through software/boot loader. T-mobile phones can not be OEM unlocked at this time. I am not sure if a carrier unlocked T-mobile dump would get us any closer to a root, and I don't think a dump is possible via the directions you posted since it requires root.
Click to expand...
Click to collapse
Dumps actually don't require root AFAIK, you sure? Even then, a T-Mobile unlocked person could easily root boot.img with magisk and then pull it.
Magnetox said:
Dumps actually don't require root AFAIK, you sure? Even then, a T-Mobile unlocked person could easily root boot.img with magisk and then pull it.
Click to expand...
Click to collapse
The dump instructions you linked require root. Is there an updated guide that does not require root? I'm happy to try.
Could we use the info and resources here https://www.getdroidtips.com/stock-rom-samsung-sm-a326u-firmware/
to create an already rooted stock rom and flash it via odin?
Chad The Pathfinder said:
Could we use the info and resources here https://www.getdroidtips.com/stock-rom-samsung-sm-a326u-firmware/
to create an already rooted stock rom and flash it via odin?
Click to expand...
Click to collapse
ill look into this
It will not work, it will fail due to bad signatures.
Magnetox said:
Can anyone get a stock unlocked rom build from their phone that has been unlocked by T-Mobile? Even the bootloader.img? We could all flash it and it might work for us.
For example,
Taking a dump of the bootloader partition such as this:
[GUIDE] Making Dump Files Out of Android Device Partitions
Use: The main purpose is to make a file that contains all data in android specific partition. This is really handy in case of dumping leak firmwares. Pr-requirement: - Rooted device. - Knowledge of how to use adb or Terminal Emulator. The...
forum.xda-developers.com
Click to expand...
Click to collapse
working on this.
Any luck?
If this phone (A326U) can't have the bootloader unlocked it is of almost no use to me. I wonder if I can return it.
It will go to fastboot and can be seen via fastboot devices. Issuing fastboot flashing unlock returns
FAILED (remote: 'unknown command')
fastboot: error: Command failed
I suppose this means existing bootloader does not have these commands in it or the missing OEM locking option is preventing the command from running?
Also I am wondering if there is somewhere to buy one that can have the bootloader (like for Metro PCS or other).
T-Mobile indicates they will bring a phone in to their network that can be unlocked but their policies (as mentioned in other threads) preclude unlocking a T-Mobile sourced device that has not been on their network for 40 days or after the 2 year contract if it is a contract purchased phone. An externally sourced phone can be added to their network and unlocked for SIM and bootloader.
injuhneer said:
Any luck?
If this phone (A326U) can't have the bootloader unlocked it is of almost no use to me. I wonder if I can return it.
It will go to fastboot and can be seen via fastboot devices. Issuing fastboot flashing unlock returns
FAILED (remote: 'unknown command')
fastboot: error: Command failed
I suppose this means existing bootloader does not have these commands in it or the missing OEM locking option is preventing the command from running?
Also I am wondering if there is somewhere to buy one that can have the bootloader (like for Metro PCS or other).
T-Mobile indicates they will bring a phone in to their network that can be unlocked but their policies (as mentioned in other threads) preclude unlocking a T-Mobile sourced device that has not been on their network for 40 days or after the 2 year contract if it is a contract purchased phone. An externally sourced phone can be added to their network and unlocked for SIM and bootloader.
Click to expand...
Click to collapse
Mines rooted. theres a service for unlocking the bootloader
Buy directly from Samsung and you wont have bootloader problems
Here you can unlock bootloader
[Android][UNSAMLOCK] Bootloader Unlock for Samsung US/Canada Devices
This thread is @svetius approved Important notice: Do not update to April 2023 security update (XXXXXXXXXXWCX) or later. Examples: G998USQS6EWCA, N986USQU4HWD1. Samsung has patched the bootloader unlock again on those updates. NOTE: The OneUI...
forum.xda-developers.com
Today I used the Samsung chat option on the website and asked for the unlock code for my A32 5G on Metro POS network. They put a ticket in for unlock code request. I'll let you know how it goes!
Hello.
I need someone that has a A125U variante that would like to test crossflashing bettween fimware to bypass U model PBL-unlock-restrictions.
More info, dm me.
EDIT: Changed to GENERAL thread because it turned in to a discussion now.
i have a A125U i can test this out if you want me to
Yes I would be willing to but you would have to walk me through the steps I know nothing of what I'm doing trying to learn
Scotterd said:
Yes I would be willing to but you would have to walk me through the steps I know nothing of what I'm doing trying to learn
Click to expand...
Click to collapse
Download patched odin and flash A125F fimware even if you are on A125U model.
Patched Odin 3.13.1
For those looking for a modified, modded, or patched odin that is a newer build than all the fake and renamed prince comsy 3.12.3 versions floating around. I patch recent Odin versions to offer similar functionality to the princecomsy; in that...
forum.xda-developers.com
Samsung Galaxy A12 Firmware Download SM-A125F Free Download
Samsung Galaxy A12 Firmware Download SM-A125F Free Download ⭐ Official and fast update ⭐ Max speed and free download ⭐ Best Samsung Galaxy website
samfw.com
Clean flashing new fimware useing Odin
DISCLAIMER: I WAS NEVER, HAVE NEVER BEEN, AND WILL NEVER BE RESPONSIBLE OF ANY DAMAGES AGAINST YOUR DEVICES BY YOUR OWN MIS-OPERATIONS # Your warranty is now void # # You have been warned. # # I will laught at you if you point the finger at me...
forum.xda-developers.com
I'm not responsible for any damage don to your device
You can use the patched odin to flash any A12 FW with a matching binary, but it won't affect your ability to unlock the bootloader. The most likely option is to use the EDL method by pulling the back encasing from your phone and using a paperclip or pair of tweezers to short the EDL pin while plugging into your PC. EDL is kind of a secondary bootloader that will allow you to run a variety of functions. Since the A12 is a MediaTek processor, I've tried using the MTKClient exploit through EDL mode to force unlock the bootloader, but so far I haven't seemed to get it working.
R0GUEEE said:
You can use the patched odin to flash any A12 FW with a matching binary, but it won't affect your ability to unlock the bootloader. The most likely option is to use the EDL method by pulling the back encasing from your phone and using a paperclip or pair of tweezers to short the EDL pin while plugging into your PC. EDL is kind of a secondary bootloader that will allow you to run a variety of functions. Since the A12 is a MediaTek processor, I've tried using the MTKClient exploit through EDL mode to force unlock the bootloader, but so far I haven't seemed to get it working.
Click to expand...
Click to collapse
It is possible and a method will be found. It could be that the SBL requires a key for PBL to be unlocked, have you tried useing any exploits on this phone?
LAST_krypton said:
It is possible and a method will be found. It could be that the SBL requires a key for PBL to be unlocked, have you tried useing any exploits on this phone?
Click to expand...
Click to collapse
As far as everything I've tested so far...
Attempted to downgrade A11 to A10 (can't do it because of incompatible FW binaries)
Flashed several different model FWs & various other CSCs... the model I'm using is SM-A125U (AT&T). Currently the FW running on it is for SM-A125U1 (the carrier unlocked model) but of course still no "OEM Unlock" option in dev settings.
After I tried a few dozen builds I looked into EDL/BROM flashing, since EDL works as a ground zero primary boot interface and seems to work as a recovery/fastboot hybrud allowing both flashing & a CMD interface vs a separated Samsung "Download Mode" and Fastboot mode.
I haven't really spent much time scouring the web for different exploits (that aren't paid services) but I did come across "MTKClient" (https://github.com/bkerler/mtkclient), which I was able to successfully run. I tried using the "unlock bootloader" command, at which point it was a "success" and resulted in the device obviously being wiped, but after the following boot there still was no "OEM Unlock" option in the dev menu. Afterwards I tried flashing a custom boot.img built with Magisk, but even using EDL mode to flash, the device wouldn't boot and just gave the basic "this isn't an approved FW" error, so I had to flash the original boot back.
R0GUEEE said:
As far as everything I've tested so far...
Attempted to downgrade A11 to A10 (can't do it because of incompatible FW binaries)
Flashed several different model FWs & various other CSCs... the model I'm using is SM-A125U (AT&T). Currently the FW running on it is for SM-A125U1 (the carrier unlocked model) but of course still no "OEM Unlock" option in dev settings.
After I tried a few dozen builds I looked into EDL/BROM flashing, since EDL works as a ground zero primary boot interface and seems to work as a recovery/fastboot hybrud allowing both flashing & a CMD interface vs a separated Samsung "Download Mode" and Fastboot mode.
I haven't really spent much time scouring the web for different exploits (that aren't paid services) but I did come across "MTKClient" (https://github.com/bkerler/mtkclient), which I was able to successfully run. I tried using the "unlock bootloader" command, at which point it was a "success" and resulted in the device obviously being wiped, but after the following boot there still was no "OEM Unlock" option in the dev menu. Afterwards I tried flashing a custom boot.img built with Magisk, but even using EDL mode to flash, the device wouldn't boot and just gave the basic "this isn't an approved FW" error, so I had to flash the original boot back.
Click to expand...
Click to collapse
You can't downgrade from Android 11 to 10, because Android 10 has a lower SW_REV value. OEM unlocking shouldn't matter if you can force the PBL to be unlocked by a exploit. You can play with date and time settings in the OS and OEM unlocking may come back, as explained here:
Covering some misleading theories and issues with our A12
This thread will be updated regularly. If you don't agree with something comment and if I was proven wrong I will update the thread. Please don't comment or chat here if it isn't releated with something I said. If you need further help with...
forum.xda-developers.com
You can try editing fimware files if you can't find a exploit for downgradeing SW_REV, or you can try from booting in to PRELOADER and with SP_FLASH_TOOL flash Android 10 scattar fimware. This phone is very new so it may be more difficult for finding exploits, you can play with crossflashing fimware and PRELOADER mode. Another thing is that EDL mode is only for snapdragon chipsets.
And try disabeling thoes security locks:
MTK "secure" boot -use mtksecbypass to disable
"Secure" downloads - try MTKClient
LAST_krypton said:
You can't downgrade from Android 11 to 10, because Android 10 has a lower SW_REV value. OEM unlocking shouldn't matter if you can force the PBL to be unlocked by a exploit. You can play with date and time settings in the OS and OEM unlocking may come back, as explained here:
Covering some misleading theories and issues with our A12
This thread will be updated regularly. If you don't agree with something comment and if I was proven wrong I will update the thread. Please don't comment or chat here if it isn't releated with something I said. If you need further help with...
forum.xda-developers.com
You can try editing fimware files if you can't find a exploit for downgradeing SW_REV, or you can try from booting in to PRELOADER and with SP_FLASH_TOOL flash Android 10 scattar fimware. This phone is very new so it may be more difficult for finding exploits, you can play with crossflashing fimware and PRELOADER mode. Another thing is that EDL mode is only for snapdragon chipsets.
Click to expand...
Click to collapse
I just tried flashing twrp lol, obviously didn't work. So with the a125, it runs on a mediatek processor (MT6765) which has the EDL mode if you short the internal pin. I've tested a couple different exploits which "unlock" it, but after flashing anything custom it always boots with "you can't have custom...". So right now I'm just going around in circles
Edit: Right now I'm playing around with Miracle Box to see what all I can accomplish. I'll update if anything new comes along.
R0GUEEE said:
I just tried flashing twrp lol, obviously didn't work. So with the a125, it runs on a mediatek processor (MT6765) which has the EDL mode if you short the internal pin. I've tested a couple different exploits which "unlock" it, but after flashing anything custom it always boots with "you can't have custom...". So right now I'm just going around in circles
Edit: Right now I'm playing around with Miracle Box to see what all I can accomplish. I'll update if anything new comes along.
Click to expand...
Click to collapse
Ok, good luck with Miracle Box, hope you got the one that isn't backdoored...
EDL mode should be only for Snapdragon, mediatek has it's own PRELOADER mode, as I know of it. Some phones have META-MODE. Could be miscommunication bettwen us.
@R0GUEEE
Here I will share these links and documents that could help.
[Android][UNSAMLOCK] Bootloader Unlock for Samsung US/Canada Devices
This thread is @svetius approved Important notice: Do not update to April 2023 security update (XXXXXXXXXXWCX) or later. Examples: G998USQS6EWCA, N986USQU4HWD1. Samsung has patched the bootloader unlock again on those updates. NOTE: The OneUI...
forum.xda-developers.com
How to unlock Unisoc (SPD) bootloader using Identifier Token
This tutorial will explain how to unlock a Unisoc / Spreadtrum (SPD) Android device's bootloader using its Identifier Token. This guide is ideal for those who had tried the generic fastboot bootloader
forum.hovatek.com
Where is the "download mode" code stored?
At least Samsung Galaxy series devices support download mode(also known as Odin mode or flash mode) which usually can be accessed by pressing down specific buttons while powering on the phone. Is t...
android.stackexchange.com
How I can downgrade from U3 to U1 "oreo to nougat"
I want to downgrade my phone from Oreo to Nougat My phone is Samsung J730F. But the problem is that Samsung locked the boot-louder. Can I go back by flashing the phone combination ROM then flash my
android.stackexchange.com
http://newandroidbook.com/21-Security.pdf?aboot
Reverse Engineering Android's Aboot
How to use MTK Bypass to backup or flash secure boot MTK
This is a step by step guide showing how to flash or backup a Mediatek (MTK) secure boot device without using a custom download agent (DA). This tool disables the SLA / DAA bootrom protection A little
forum.hovatek.com
How to use an MTK Secure Boot Download Agent (DA) file
This tutorial will explain how to use that DA file you just downloaded for your Mediatek (MTK) device with Secure Boot. You'll need the DA file to backup, flash, bypass Factory Reset Protection (FRP)
forum.hovatek.com
LAST_krypton said:
@R0GUEEE
Here I will share these links and documents that could help.
[Android][UNSAMLOCK] Bootloader Unlock for Samsung US/Canada Devices
This thread is @svetius approved Important notice: Do not update to April 2023 security update (XXXXXXXXXXWCX) or later. Examples: G998USQS6EWCA, N986USQU4HWD1. Samsung has patched the bootloader unlock again on those updates. NOTE: The OneUI...
forum.xda-developers.com
How to unlock Unisoc (SPD) bootloader using Identifier Token
This tutorial will explain how to unlock a Unisoc / Spreadtrum (SPD) Android device's bootloader using its Identifier Token. This guide is ideal for those who had tried the generic fastboot bootloader
forum.hovatek.com
Where is the "download mode" code stored?
At least Samsung Galaxy series devices support download mode(also known as Odin mode or flash mode) which usually can be accessed by pressing down specific buttons while powering on the phone. Is t...
android.stackexchange.com
How I can downgrade from U3 to U1 "oreo to nougat"
I want to downgrade my phone from Oreo to Nougat My phone is Samsung J730F. But the problem is that Samsung locked the boot-louder. Can I go back by flashing the phone combination ROM then flash my
android.stackexchange.com
http://newandroidbook.com/21-Security.pdf?aboot
Reverse Engineering Android's Aboot
How to use MTK Bypass to backup or flash secure boot MTK
This is a step by step guide showing how to flash or backup a Mediatek (MTK) secure boot device without using a custom download agent (DA). This tool disables the SLA / DAA bootrom protection A little
forum.hovatek.com
How to use an MTK Secure Boot Download Agent (DA) file
This tutorial will explain how to use that DA file you just downloaded for your Mediatek (MTK) device with Secure Boot. You'll need the DA file to backup, flash, bypass Factory Reset Protection (FRP)
forum.hovatek.com
Click to expand...
Click to collapse
Yeah, I've pretty much gone around and around in circles with this. The thing that makes it curious though is after running adb shell getprop and looking through the build, I noticed most of the properties relating to oem unlocking were actually set to allow, the one outlier was sys.oem_unlock_allowed. Which kinda pushes me back towards the KG/RMM. Athough, I'm not sure if that's because I have the unlocked U1 FW flashed (it's actually an a125u), or if its the same on both. Either way, running an MTK exploit to unlock the bootloader (which I've done) doesn't actually contribute anything to whether or not OEM Unlocking is visible in dev settings, which is the primary prereq for unlocking the bootloader.
I did consider trying to update the sys.oem within build.prop in /system, but obviously without a root it's impossible, which lead me to possibly unpacking the stock FW super.img and trying to pre-edit the build within so I could re-pack and flash using the MTK Bypass exploit, but those necessary oem properties aren't even listed on either of the build files I did manage to find.
So as of now I've got one more test I'm going to try before I give up. All things considered, the most likely issue is the KG/RMM state, so I'm going to test a few different methods to try and circumnavigate those and possibly unlock the missing OEM Unlock option.
I can at least say that it's likely not an issue of manufacturer locked loaders, considering that's primarily a snapdragon issue, whereas the A12 runs on MediaTek, so fingers crossed.
R0GUEEE said:
Yeah, I've pretty much gone around and around in circles with this. The thing that makes it curious though is after running adb shell getprop and looking through the build, I noticed most of the properties relating to oem unlocking were actually set to allow, the one outlier was sys.oem_unlock_allowed. Which kinda pushes me back towards the KG/RMM. Athough, I'm not sure if that's because I have the unlocked U1 FW flashed (it's actually an a125u), or if its the same on both. Either way, running an MTK exploit to unlock the bootloader (which I've done) doesn't actually contribute anything to whether or not OEM Unlocking is visible in dev settings, which is the primary prereq for unlocking the bootloader.
I did consider trying to update the sys.oem within build.prop in /system, but obviously without a root it's impossible, which lead me to possibly unpacking the stock FW super.img and trying to pre-edit the build within so I could re-pack and flash using the MTK Bypass exploit, but those necessary oem properties aren't even listed on either of the build files I did manage to find.
So as of now I've got one more test I'm going to try before I give up. All things considered, the most likely issue is the KG/RMM state, so I'm going to test a few different methods to try and circumnavigate those and possibly unlock the missing OEM Unlock option.
I can at least say that it's likely not an issue of manufacturer locked loaders, considering that's primarily a snapdragon issue, whereas the A12 runs on MediaTek, so fingers crossed.
Click to expand...
Click to collapse
If you were able to see the settings are enabled through ADB that is the same as it showing in settings. KG/RMM state could also be the factor of why it isn't beeing shown as of what you have said. Samsung has came a long way with these dumb knox securities which just makes everything worse, you might be able to find a clue for this within their KNOX documents ( I sent a link in a post above). Maybe you can find a profesional, a person that has worked for samsung and can maybe help you with this. It just gets too complicated at one point. If you have telegram or something were we can talk further about this it would be nice because some exploits and stuff if you mention can violate xda rules... So I don't know what else to tell you, I never really was in a situation where I was required to do these type of stuff, only if I had to because of some problems I had. Maybe you can find answers for all of this on some really old forums where people use to do everything to brake apart samsungs and mediateks security locks but still dout it.
For now, hope you learned something and dm me if you want to chat on telegram or etc about this. Don't think something is impossible because you can't find a answer for it, everything is possible.
LAST_krypton said:
If you were able to see the settings are enabled through ADB that is the same as it showing in settings. KG/RMM state could also be the factor of why it isn't beeing shown as of what you have said. Samsung has came a long way with these dumb knox securities which just makes everything worse, you might be able to find a clue for this within their KNOX documents ( I sent a link in a post above). Maybe you can find a profesional, a person that has worked for samsung and can maybe help you with this. It just gets too complicated at one point. If you have telegram or something were we can talk further about this it would be nice because some exploits and stuff if you mention can violate xda rules... So I don't know what else to tell you, I never really was in a situation where I was required to do these type of stuff, only if I had to because of some problems I had. Maybe you can find answers for all of this on some really old forums where people use to do everything to brake apart samsungs and mediateks security locks but still dout it.
For now, hope you learned something and dm me if you want to chat on telegram or etc about this. Don't think something is impossible because you can't find a answer for it, everything is possible.
Click to expand...
Click to collapse
Well after trial and error, I finally got it. I had to hunt down an Android 10 firmware with a matching binary to allow a downgrade, and after a couple of tries, using the auto-date/time method, OEM unlocking finally decided to show itself in dev settings. Specifically, I used this FW, flashed with Odin https://samfw.com/firmware/SM-A125U/USC/A125USQS2AUF3
R0GUEEE said:
Well after trial and error, I finally got it. I had to hunt down an Android 10 firmware with a matching binary to allow a downgrade, and after a couple of tries, using the auto-date/time method, OEM unlocking finally decided to show itself in dev settings. Specifically, I used this FW, flashed with Odin https://samfw.com/firmware/SM-A125U/USC/A125USQS2AUF3
Click to expand...
Click to collapse
Well, you couldev done that allready out of the start. But even do you got OEM_UNLOCKING shown doesn't really mean anything on U model, unless you have exploits and methods for unlocking PBL. Which as said wasn't very sucessful at all for you. I recomend to you that you check our DMs. mtkclient has some bugs which are on the way to be fixed.
I've been working with mtkclient for months, before it even unlocked bootloaders, I was the first to unlock the stylo 6 bootloader and I had a bit of a hand in working out some of the bugs with the tool, I'm doing a full backup of the A125U model right now with mtkclient and after it's done I plan to try the unlock without having oem unlock option in dev options, but first I'll check to see what binary version I'm on, not sure if it's on android 10 or 11 right now. But I will sheet the backup
I finally finished my tutorial for the stylo 6 bootloader unlock and root so now I'm working with the A125U. I'm on 2nd binary and i think i got the bootloader unlocked, but if I flash the patched boot.img it won't boot. I'm gonna try a few ideas i have, so far no luck but I'm not gonna give up, I may crossflash, but I'm trying to find the easiest way to do this.
LAST_krypton said:
@R0GUEEE
Here I will share these links and documents that could help.
[Android][UNSAMLOCK] Bootloader Unlock for Samsung US/Canada Devices
This thread is @svetius approved Important notice: Do not update to April 2023 security update (XXXXXXXXXXWCX) or later. Examples: G998USQS6EWCA, N986USQU4HWD1. Samsung has patched the bootloader unlock again on those updates. NOTE: The OneUI...
forum.xda-developers.com
How to unlock Unisoc (SPD) bootloader using Identifier Token
This tutorial will explain how to unlock a Unisoc / Spreadtrum (SPD) Android device's bootloader using its Identifier Token. This guide is ideal for those who had tried the generic fastboot bootloader
forum.hovatek.com
Where is the "download mode" code stored?
At least Samsung Galaxy series devices support download mode(also known as Odin mode or flash mode) which usually can be accessed by pressing down specific buttons while powering on the phone. Is t...
android.stackexchange.com
How I can downgrade from U3 to U1 "oreo to nougat"
I want to downgrade my phone from Oreo to Nougat My phone is Samsung J730F. But the problem is that Samsung locked the boot-louder. Can I go back by flashing the phone combination ROM then flash my
android.stackexchange.com
http://newandroidbook.com/21-Security.pdf?aboot
Reverse Engineering Android's Aboot
How to use MTK Bypass to backup or flash secure boot MTK
This is a step by step guide showing how to flash or backup a Mediatek (MTK) secure boot device without using a custom download agent (DA). This tool disables the SLA / DAA bootrom protection A little
forum.hovatek.com
How to use an MTK Secure Boot Download Agent (DA) file
This tutorial will explain how to use that DA file you just downloaded for your Mediatek (MTK) device with Secure Boot. You'll need the DA file to backup, flash, bypass Factory Reset Protection (FRP)
forum.hovatek.com
Click to expand...
Click to collapse
GitHub - MTK-bypass/bypass_utility
Contribute to MTK-bypass/bypass_utility development by creating an account on GitHub.
github.com
I'm glad to see Hovatek being suggested, i worked with them on my stylo 6 project, they even gave me a shout out if you look in the mtkclient instruction for the K51.
Here's the scatter file for the A125U model
MT6765_A12_scatter.txt
drive.google.com
LAST_krypton said:
Well, you couldev done that allready out of the start. But even do you got OEM_UNLOCKING shown doesn't really mean anything on U model, unless you have exploits and methods for unlocking PBL. Which as said wasn't very sucessful at all for you. I recomend to you that you check our DMs. mtkclient has some bugs which are on the way to be fixed.
Click to expand...
Click to collapse
R0GUEEE said:
Well after trial and error, I finally got it. I had to hunt down an Android 10 firmware with a matching binary to allow a downgrade, and after a couple of tries, using the auto-date/time method, OEM unlocking finally decided to show itself in dev settings. Specifically, I used this FW, flashed with Odin https://samfw.com/firmware/SM-A125U/USC/A125USQS2AUF3
Click to expand...
Click to collapse
I own a a125u with FW A125USQU2BUI3. Would I be able to use this method to make oem unlock appear and then root? If so could you please assist me and help with the steps? I've been attempting to root this thing for a week and my girl friend is starting to hate me because I'm obsessed and paymore attention to this than her lol
I see that I can add user-settable root of trust to the bootloader so I can set custom secure boot keys like PCs at https://source.android.com/docs/security/features/verifiedboot/device-state , so I think I can use a user modified init_boot image (including the magisk patched one) by signing it with my own keypair.
Also, I know that some manufacturers require 7 days for new devices to be unlocked (like Xiaomi) or do not allow user unlock at all. However, authorized repairers can flash signed factory system images without unlocking it. I guess it is implemented by internal (read-only) root of trust. But can I do this with user-settable root of trust part so I can become authorized repairer to my own device?
P.S. I am using a bootloader-unlocked Pixel 4 XL as my major phone now. I have bought a Pixel 7 Pro but not yet switched to it. I am looking for a method to take both security and scalability into account.
Good and interesting question, sadly I don't have a definitive answer to it - but a few thoughts:
As to your own keypair: I would think that the bootloader checks for integrity and you would need to patch bootloader as well to accept a user-key - not sure if this is feasible.....
AFAIK for Xiaomi devices the authorized repairers use EDL mode with a separate authentification - EDL-mode is (IMO) a separate very low-level boot mode.... I don't think this is related to the "normal" boot mechanism and its keys.....
Is there any specific reason you are aiming for a re-locked bootloader ? The only aspect I could think about is some specific apps that can detect an unlocked bootloader and refuse to function.... from a pure security standpoint I don't see a benefit from re-locking a modified device, at least until you really (!) know all modifications that have been done in low-level detail.....
s3axel said:
Good and interesting question, sadly I don't have a definitive answer to it - but a few thoughts:
As to your own keypair: I would think that the bootloader checks for integrity and you would need to patch bootloader as well to accept a user-key - not sure if this is feasible.....
AFAIK for Xiaomi devices the authorized repairers use EDL mode with a separate authentification - EDL-mode is (IMO) a separate very low-level boot mode.... I don't think this is related to the "normal" boot mechanism and its keys.....
Is there any specific reason you are aiming for a re-locked bootloader ? The only aspect I could think about is some specific apps that can detect an unlocked bootloader and refuse to function.... from a pure security standpoint I don't see a benefit from re-locking a modified device, at least until you really (!) know all modifications that have been done in low-level detail.....
Click to expand...
Click to collapse
The reason why I am aiming for a re-locked bootloader is that everyone can flash a modified image at bootloader. An evil maid or cop may be able to flash a trojan boot image when I am not with my phone.
My device (Google Pixel 4a 5G) is not officially supported by KernelSU, but I want to try to build a kernel to get root access, however I cannot enable OEM unlocking. I'm new to this, however I've read some instructions on to build KernelSU (I am patching the boot.img manually).
the first thing that comes to mind is handing over all of your personal data to Google like samsung needs you to do to OEM unlock
if that isn't your forte you can try a BROM exploit (note: I don't have a quallcom device, but I do have experiance with bootrom exploitation)
here's something like mtkclient: https://github.com/bkerler/edl
it has exactly what you're looking for!
VERY IMPORTANT!!!: do a full and complete flash memory backup before doing anything else, lord knows I've borked my beloved by a full flash wipe and only having generic flash files instead of all the device specific images
Qwerty_in_me said:
the first thing that comes to mind is handing over all of your personal data to Google like samsung needs you to do to OEM unlock
if that isn't your forte you can try a BROM exploit (note: I don't have a quallcom device, but I do have experiance with bootrom exploitation)
here's something like mtkclient: https://github.com/bkerler/edl
it has exactly what you're looking for!
VERY IMPORTANT!!!: do a full and complete flash memory backup before doing anything else, lord knows I've borked my beloved by a full flash wipe and only having generic flash files instead of all the device specific images
Click to expand...
Click to collapse
I can't really do an OEM unlock because of the Verizon model. However, I do not know how to do a complete flash memory backup on the Pixel. Also I am not sure how to check for a BROM exploit in my Google Pixel 4a 5G.
webhook said:
My device (Google Pixel 4a 5G) is not officially supported by KernelSU, but I want to try to build a kernel to get root access, however I cannot enable OEM unlocking. I'm new to this, however I've read some instructions on to build KernelSU (I am patching the boot.img manually).
Click to expand...
Click to collapse
KernelSU got developed to be used on Android devices with a Linux kernel versioned 5.10+ as that the case with Google Pixel 6, 7 series. IMO KernelSU doesn't make any sense on Android devices with a Linux kernel < 5.10.
BTW:
How to unlock bootloader is several times described in Internet, among these findings also here:
Bootloader unlock method has been found for the Verizon Google Pixel/Pixel XL
A bootloader unlock method has been discovered for the Verizon Google Pixel and Verizon Google Pixel XL. This allows Verizon Pixel owners to flash TWRP, root their phone with Magisk, install Xposed Framework, and install custom ROMs.
www.xda-developers.com