Hi Friends, Ramón from Mallorca, Spain. Nice to salute you ppl.
I have a problem. Justin bought a Fresh OPPO f9.
Searching guides on internet, always are the dame steps everithung ok but... When need to unlock bootloader ...ops theres no bootloader...
Simple question:
Its possible to root that mobile today? If its possible can anyone help me with a tutorial? THX in advance.
No answers in data seems bad news
Yes, I was looking for the same! All the guides are just copypastas with steps that aren't specific to the F9 Pro. Haven't been able to find a real resource for unlocking the bootloader of the F9 Pro yet.
Bad news ... for now
So me too there are alot of incorrect solutions that wont work.
Reason
Oppo has locked the bootloader and removed fastboot acess to bootloader.
We cannot unlock the bootloader.
The only way we may be able to root this phone is with the Boot image patch method used in Magisk but Oppo also has introduced an encryption scheme to stock images called ozip. At the moment no one has been able to find a key for the oppo f9's ozip encryption.
There are a couple of python tools to decrypt ozip on github
I am not allowed to post urls yet.
None of the keys work ... I have tried to brute force by guessing random keys because i know little to nothing about encryption but no success.
Also there is a interesting git with the encryption schema itself search for ozip ecryption specks
Anyone with cracking experience might give it a go
The stock image can be downloaded from oppos support page.
Maybe we can get some support from the senior members here who have knowledge and experience.
on the specks site it is said that we can retrieve the key with :
xtract the 128-bit ECB Key (binary is here, aarch64 elf, 0x23f08)
I dont even know what that means and the link is dead.
hai,
just bought OPPO F9 Pro
wanna ask, if someone have this problem ? (check the video)
any solution how to get rid of this yellow blinking?
also i already post this on NoLed room, but still no answer .... maybe someone in here got a answer :laugh::laugh::laugh:
video link : https://drive.google.com/file/d/1plI...ew?usp=sharing
thx
PirateCat said:
So me too there are alot of incorrect solutions that wont work.
Reason
Oppo has locked the bootloader and removed fastboot acess to bootloader.
We cannot unlock the bootloader.
The only way we may be able to root this phone is with the Boot image patch method used in Magisk but Oppo also has introduced an encryption scheme to stock images called ozip. At the moment no one has been able to find a key for the oppo f9's ozip encryption.
There are a couple of python tools to decrypt ozip on github
I am not allowed to post urls yet.
None of the keys work ... I have tried to brute force by guessing random keys because i know little to nothing about encryption but no success.
Also there is a interesting git with the encryption schema itself search for ozip ecryption specks
Anyone with cracking experience might give it a go
The stock image can be downloaded from oppos support page.
Maybe we can get some support from the senior members here who have knowledge and experience.
on the specks site it is said that we can retrieve the key with :
xtract the 128-bit ECB Key (binary is here, aarch64 elf, 0x23f08)
I dont even know what that means and the link is dead.
Click to expand...
Click to collapse
thx a lot friend, but anything more complicated that using TWRP and MAGISK tutorial are chinese to me. hope we have soon a potential solution.
I got the same problem.
So frustrated when hearing this bad news.
razanon said:
Hi Friends, Ramón from Mallorca, Spain. Nice to salute you ppl.
I have a problem. Justin bought a Fresh OPPO f9.
Searching guides on internet, always are the dame steps everithung ok but... When need to unlock bootloader ...ops theres no bootloader...
Simple question:
Its possible to root that mobile today? If its possible can anyone help me with a tutorial? THX in advance.
Click to expand...
Click to collapse
I use miracle thunder to open a forgotten pin code / pattern & the method works. on the display of the miracle thunder application there is an option to open the bootloader & open root access for the device. but I have not tried to root my device. the method of using miracle thunder is required to dismantle the device to briefly connect the pin on the PCB to ground.
oppo fones are reciepe to fail,
just saw reno, over priced, strange stockrom interface! (similar to lg v20) felt heavy!
and now what i am hearing there might be no possible way to root,
then for me its a bye bye!
Somehow I can unlock the bootloader so what to do next
They said in the video below that you can easily root it with magisc and this image + spflash root.
http://downloads.oppo.com.s3.amazonaws.com/firmware/CPH1823/CPH1823EX_11_OTA_0200_all_KQk1AfKkf1ms.ozip
There is a link:
If someone did it successfully, please tell us here.
The main issue with this method, that this method erases all previous data from phones.
Quân2049 said:
Somehow I can unlock the bootloader so what to do next
Click to expand...
Click to collapse
Can you please tell me how you did it?
Related
Hello Huawei P20 Mates,
i read about it shortly, that there would be an exploit that allows root access. i read about it on this website httpx://helpnetsecurity.com/2019/10/17/android-root-cve-2019-2215/ (need to change it since new users arent allowed to use links in this forum <.<). the code for accessing root would be even available on github (i wonder why, wait - isn't this illegal?). but anyway, i read from another site that the huawei p20 with october 2019 update would be vulnerable for this one. so basically, its an now open door for us huawei p20 users to root our phones, isnt it?
i just wonder how to use this. i understand the process of compiling it, but what did he mean with "change with device code"? maybe i just didnt get it right. does anyone know what he is talking about in his github project?
p0w3r_off said:
Hello Huawei P20 Mates,
i read about it shortly, that there would be an exploit that allows root access. i read about it on this website httpx://helpnetsecurity.com/2019/10/17/android-root-cve-2019-2215/ (need to change it since new users arent allowed to use links in this forum <.<). the code for accessing root would be even available on github (i wonder why, wait - isn't this illegal?). but anyway, i read from another site that the huawei p20 with october 2019 update would be vulnerable for this one. so basically, its an now open door for us huawei p20 users to root our phones, isnt it?
i just wonder how to use this. i understand the process of compiling it, but what did he mean with "change with device code"? maybe i just didnt get it right. does anyone know what he is talking about in his github project?
Click to expand...
Click to collapse
As far as I know, at the moment No. Huawei stopped releasing boot lock codes.
On the positive side, and thing May change on Android 10
I confirmed this with one click root and some other dev database which I should be able to post her as I believe it doesn't breach the rules since its a developer sits that should imo be linked here but I don't want to post it here but I can pm you the link.
Fundermentaly speaking, I China is rumoured to merge and work hand in hand with Google after trump stepped up the game. It was posted on AC, and a feed I received from the app MEDIUM.
tldr no boot unlock, but no root.
2ISAB said:
As far as I know, at the moment No. Huawei stopped releasing boot lock codes.
On the positive side, and thing May change on Android 10
I confirmed this with one click root and some other dev database which I should be able to post her as I believe it doesn't breach the rules since its a developer sits that should imo be linked here but I don't want to post it here but I can pm you the link.
Fundermentaly speaking, I China is rumoured to merge and work hand in hand with Google after trump stepped up the game. It was posted on AC, and a feed I received from the app MEDIUM.
tldr no boot unlock, but no root.
Click to expand...
Click to collapse
did you even read what i wrote or used the link i told here? i told, that there is a 0-Day Exploit. Its *not* about boot lock codes or fastboot. its about a exploit, using to obtain root rights. then, you could easily read out the nvme file. but i dont understand how to use this relatively new exploit.
p0w3r_off said:
Hello Huawei P20 Mates,
i read about it shortly, that there would be an exploit that allows root access. i read about it on this website httpx://helpnetsecurity.com/2019/10/17/android-root-cve-2019-2215/ (need to change it since new users arent allowed to use links in this forum <.<). the code for accessing root would be even available on github (i wonder why, wait - isn't this illegal?). but anyway, i read from another site that the huawei p20 with october 2019 update would be vulnerable for this one. so basically, its an now open door for us huawei p20 users to root our phones, isnt it?
i just wonder how to use this. i understand the process of compiling it, but what did he mean with "change with device code"? maybe i just didnt get it right. does anyone know what he is talking about in his github project?
Click to expand...
Click to collapse
Yeah it might work, but if you try to modify something using root it would Brick cause of SecBoot.
madoxx77 said:
Yeah it might work, but if you try to modify something using root it would Brick cause of SecBoot.
Click to expand...
Click to collapse
you too, didnt fully read what i wrote, or did you? why are the answers always short like "no wont work because xy - but we ignore z, w and v"?
the thing is, you should *not* change the phone with this exploit. i wouldnt have any interest in changing it with this method. i have more interest in getting the nvme bootloader unlock code which most certainly is stored there since it was with the old huawei phones before that way. like you know, obtaining root rights, saving nvme partition, then open nvme partition with hex editor and then search for BL Code. then, i would unlock the phone the regular way. do you understand what im trying to do?
p0w3r_off said:
you too, didnt fully read what i wrote, or did you? why are the answers always short like "no wont work because xy - but we ignore z, w and v"?
the thing is, you should *not* change the phone with this exploit. i wouldnt have any interest in changing it with this method. i have more interest in getting the nvme bootloader unlock code which most certainly is stored there since it was with the old huawei phones before that way. like you know, obtaining root rights, saving nvme partition, then open nvme partition with hex editor and then search for BL Code. then, i would unlock the phone the regular way. do you understand what im trying to do?
Click to expand...
Click to collapse
Calm down you haven't said anything about bootloader code in original post, simply you cannot obtain BL code cause it's encrypted(not in NVME partition) ? In EMUI 8 it was possible to unlock bootloader using modified NVME but in EMUI 9 you cannot do it. There is one way to obtain BL code but you need to disassemble your phone and it costs like 30 euro, you can find it in mate 20 forum, it's called BLK-RSA
madoxx77 said:
Calm down you haven't said anything about bootloader code in original post, simply you cannot obtain BL code cause it's encrypted(not in NVME partition) In EMUI 8 it was possible to unlock bootloader using modified NVME but in EMUI 9 you cannot do it. There is one way to obtain BL code but you need to disassemble your phone and it costs like 30 euro, you can find it in mate 20 forum, it's called BLK-RSA
Click to expand...
Click to collapse
okaaay this is news to me that this changed in EMUI 9. but, if that is the case, then maybe we should really check if the exploit is maybe working for older versions than android 9? especially the version before the may/june patch 2018 may be different. so the roadmap may be:
- downgrade to EMUI 8.1 version *before* security patch May 2018
- try to use exploit to get root rights in order to read (non-encrypted? - i need more information on this) bootloader code?
two questions are rising here: is the exploit only working for android 9, or is this exploit existing for longer time and versions before? i dunno how it is here. and second thing, is the BL Code already encrypted in EMUI 8.1?
the reason why im asking all of this is, that it may be better to get these informations before i try to do something and even brick my phone in the worst case. or doing hours of work without any result (which would be simply a waste). writing a few lines takes only a few minutes - at all.
p0w3r_off said:
okaaay this is news to me that this changed in EMUI 9. but, if that is the case, then maybe we should really check if the exploit is maybe working for older versions than android 9? especially the version before the may/june patch 2018 may be different. so the roadmap may be:
- downgrade to EMUI 8.1 version *before* security patch May 2018
- try to use exploit to get root rights in order to read (non-encrypted? - i need more information on this) bootloader code?
two questions are rising here: is the exploit only working for android 9, or is this exploit existing for longer time and versions before? i dunno how it is here. and second thing, is the BL Code already encrypted in EMUI 8.1?
the reason why im asking all of this is, that it may be better to get these informations before i try to do something and even brick my phone in the worst case. or doing hours of work without any result (which would be simply a waste). writing a few lines takes only a few minutes - at all.
Click to expand...
Click to collapse
You cannot downgrade to EMUI 8.1 before May 2018cause of xloader, only way is to open your phone and flash old firmware through test points. Also it can maybe work on EMUI 8 but BL code is still encrypted in there, yeah you can unlock bootloader through NVME but you cannot obtain BL code. The only way is as I said before the BLK RSA method.
madoxx77 said:
You cannot downgrade to EMUI 8.1 before may cause of xloader, only way is to open your phone and flash old firmware through test points. Also it can maybe work on EMUI 8 but BL code is still encrypted in there, yeah you can unlock bootloader through NVME but you cannot obtain BL code. The only way is as I said before the BLK RSA method.
Click to expand...
Click to collapse
that is absolutely wrong? i did in the past via the tool from huawei and yeah that was w/o *any* problem? and that was only a few months ago "where i already had EMUI9"? are you even *want* to root/unlock it, or do you just want to say what is not possible but in reality it is?
p0w3r_off said:
that is absolutely wrong? i did in the past via the tool from huawei and yeah that was w/o *any* problem? and that was only a few months ago "where i already had EMUI9"? are you even *want* to root/unlock it, or do you just want to say what is not possible but in reality it is?
Click to expand...
Click to collapse
Why you have to be so offensive ?I just wanted to help you not to brick your phone if you try to do some **** with it. I forgot to say that you can't downgrade from EMUI 9.1 to EMUI 8.1,in past if you had EMUI 9 it was possible to downgrade to EMUI 8.1 via Hisuite
p0w3r_off said:
Hello Huawei P20 Mates,
i read about it shortly, that there would be an exploit that allows root access. i read about it on this website httpx://helpnetsecurity.com/2019/10/17/android-root-cve-2019-2215/ (need to change it since new users arent allowed to use links in this forum <.<). the code for accessing root would be even available on github (i wonder why, wait - isn't this illegal?). but anyway, i read from another site that the huawei p20 with october 2019 update would be vulnerable for this one. so basically, its an now open door for us huawei p20 users to root our phones, isnt it?
i just wonder how to use this. i understand the process of compiling it, but what did he mean with "change with device code"? maybe i just didnt get it right. does anyone know what he is talking about in his github project?
Click to expand...
Click to collapse
I tried running both the original PoC code and quickroot on my P20 Pro (EMUI 9.1.0.328, last patched 1/8/2019) but this EMUI version doesn't seem vulnerable, neither PoC yielded elevated permissions. I'm digging some more into this.
cptnfrd said:
I tried running both the original PoC code and quickroot on my P20 Pro (EMUI 9.1.0.328, last patched 1/8/2019) but this EMUI version doesn't seem vulnerable, neither PoC yielded elevated permissions. I'm digging some more into this.
Click to expand...
Click to collapse
Okay glad to hear you try that. Maybe going back to EMUI 9 would help. The dload method still should work, right?
p0w3r_off said:
Okay glad to hear you try that. Maybe going back to EMUI 9 would help. The dload method still should work, right?
Click to expand...
Click to collapse
I'm not sure, the descriptions of the vulnerability mention that the P20 is affected - one site says only on Android 8 so it's unclear. I'm not familiar with the dload method, can you post a link?
The thing is, as maddoxx77 posted earlier, even if this worked as a way to gain root we'd still have no way to obtain the BL code and possibly only brick the device while trying. Perhaps some hardware based method could work but I don't really have the knowledge or time to dig into it deeper.
F.C.K YOU HUAWEI.
Hello Guys,
long i searched for a method of unlocking the bootloader of eml-l29 Huawei P20. No i didnt find any, and qu1ckr00t didnt prove to be useful either.
it is not relevant anymore. since i did use testpoint too often in research of what is possible and what not, the device died just a few minutes ago. it always enters now only the usb huawei com mode. probably i used to much pressure on the testpoints or what or i accidentally short circuited other points with the screwdrivers.. but as a matter of fact, it is hardware bricked and the board is done for i think. so i dont search for a solution anymore.
people, see this thread as a resource what is possible without unlocking the bootloader and what not. i figured out following things are fact without unlocking the bootloader, so that you all doesn't have to try instead of me:
- you can flash with the testpoint short circuited and the software dc-phoenix and the right chipset/cpu bootloader chosen in temporary bootloader the twrp to erecovery_ramdisk and recovery_ramdisk, it will be permanently available after the process
- you cannot install magisk on it, since xloader seems to block the bootup and always sends you to recovery-mode (which means twrp if you flashed this)
- you cannot install a custom rom like OpenKirin with the testpoint recovery mode, as it - like with magisk, always will send you to recovery mode - i tried it exactly how it is explained on openkirin.net and it always turned out the same
- there is no bootloader unlock code in the nvme partition, i checked it - it seems there is encryption going on there
- the exploit qu1ckr00t is not usable, since the kernel is compiled with spinlock_debug
- and i forgot first: if you have the idea of soldering a cable for testpoint short circuit - no, letit be. you will only hang forever in huawei usb com 1.0 mode - it wont boot normally as long as you're in tp mode
so basically, there is way to get root, it is a way to get to direct data from the partitions. but at the end, the question that arises is - how much profit are you gaining from root or custom roms on this device at the end? in my case, the many tries costed my time, my nerves and now the device itself. it is gone for good. maybe this is for the best, as i never treated it right since i bought it (it had to be repaired two times in 2 years, which is a lot for a normal device at this amount of time) and i only have bad memories in my life with it (lots of things happened, but this is not the right place for such tellings).
my final message for this part of this board (not the board i damaged thou) - leave it alone, don't waste your time anymore on this. move on, there are cheap devices that are better, faster and unlockable too at this day and time. i moved on to my new Nokia 7.2, which is awesome.
so stay healthy guyz.
my journey of exploring the depths of huaweis device huawei p20 eml-l29 ends here. its sad, but at the same time i'm happy that the "horror" of an unlockable bootloader is finally over.
Thanks for your effort and sharing the info. Good luck with new phone
Note: my next phone won't be Huawei, for sure, due to bootloader locking, I am fed up with them
Yes,
I even have no sorry with them if they go down because of the Google lockout. Their strategy is to pull people away from Google PlayStore? Yes, sure. Good luck.
Unlock bootloader and promise to keep it open for P10 upwards and we are happy. Otherwise... byebye and fcku.
FearFac said:
Thanks for your effort and sharing the info. Good luck with new phone
Note: my next phone won't be Huawei, for sure, due to bootloader locking, I am fed up with them
Click to expand...
Click to collapse
What if I have my unlock code? Can I still unlock it or it's impossible now? I requested my code before they stop the bootloader unlocking, but never did anything with it.
ElChe said:
What if I have my unlock code? Can I still unlock it or it's impossible now? I requested my code before they stop the bootloader unlocking, but never did anything with it.
Click to expand...
Click to collapse
You are the lucky one who can root your phone.
FearFac said:
You are the lucky one who can root your phone.
Click to expand...
Click to collapse
Yeah I guess haha. I haven't got around doing it yet. But now I know it's a possibility! So I'll eventually do it!
FearFac said:
You are the lucky one who can root your phone.
Click to expand...
Click to collapse
How do you root it? AFAIK anything newer than EMUI8 is no longer rootable.
I'm on EMUI 10, with an unlocked bootloader, please tell me how to root.
zgomot said:
How do you root it? AFAIK anything newer than EMUI8 is no longer rootable.
I'm on EMUI 10, with an unlocked bootloader, please tell me how to root.
Click to expand...
Click to collapse
I do a query you have emui 10 with bootloader open?how did you do it ?it was not the problem that emui 10 closed the bootloader?can't root with magisk?
zgomot said:
How do you root it? AFAIK anything newer than EMUI8 is no longer rootable.
I'm on EMUI 10, with an unlocked bootloader, please tell me how to root.
Click to expand...
Click to collapse
Where did you get this info from?
I was just thinking of rooting my CLT L09 Emui 9.1.0
Hello, I bought a Mediapad T5 AGS2-L03 in a garage sale but when I started to configure it, I always have a message that I must connect it to a Google account already registered on this tablet . Unfortunately I don't have the guy's contact details and I can't do anything with the tablet. I tried several sites and videos that show us how to bypass this protection but nothing works because there is still an item missing that they show on the videos.
Can somebody help me please.
Thank you very much
This ZIP worked for me : https://forum.xda-developers.com/t/guide-frp-unlock-with-twrp.3827277/#post-85127665
You'll need to flash TWRP recovery first, using fastboot, and then boot into TWRP recovery to flash the ZIP.
That won't work since the bootloader is locked during an FRP lock with no way of enableing OEM unlock from the android settings. I'm about to try this method using the testpoint to unlock the bootloader and then I am going to use the zip from the link above to try to get TWRP on my AGS2-L03
Edit: Ah I see, yeah you'll need to unlock bootloader first. Let us know how you fare ! I did that same process with the test points and then flashing the ZIP and all went well, so hopes are high for you
Hello all,
alaing240 said:
Hello, I bought a Mediapad T5 AGS2-L03 in a garage sale but when I started to configure it, I always have a message that I must connect it to a Google account already registered on this tablet . Unfortunately I don't have the guy's contact details and I can't do anything with the tablet. I tried several sites and videos that show us how to bypass this protection but nothing works because there is still an item missing that they show on the videos.
Can somebody help me please.
Thank you very much
Click to expand...
Click to collapse
fragtion said:
Edit: Ah I see, yeah you'll need to unlock bootloader first. Let us know how you fare ! I did that same process with the test points and then flashing the ZIP and all went well, so hopes are high for you
Click to expand...
Click to collapse
Did you both succeeded to you target? How?
Thanks
Hi everyone, this question is for developers who have some bases in hexadecimal programming, I would like to know if it is possible to remove the message after unlocking the bootloader, I had an LG V20 H990DS and I had followed the tutorial on this thread and it was working fine, is there a similar solution for the ROG 5.
[Guide][MOD] Hide unlocked Bootloader warning boot screen
. This fix is for those who want to get rid of the annoying Red Corruption warning screen!!. Disclaimer: You apply the fix at your own risk. I'm not responsible for any software or hardware damage it can lead. The only thing i can assure is...
forum.xda-developers.com
zinou213 said:
Hi everyone, this question is for developers who have some bases in hexadecimal programming, I would like to know if it is possible to remove the message after unlocking the bootloader, I had an LG V20 H990DS and I had followed the tutorial on this thread and it was working fine, is there a similar solution for the ROG 5.
Click to expand...
Click to collapse
That depends. I modified a Teclast T30 bootloader (Mediatek garbage) that forced a delay and printed an orange error message about the bootloader being unlocked. A bit of Arm64 reverse-engineering and I shorted the delay to 0ms (none, basically) and just cut the string short (null-byte) and it works fine on my junker tablet. I've just bought an ASUS ROG Phone 5, getting into it, but I'm nervous about touching anything without, say, TWRP or without knowing how to do a full raw backup and restore.
Yuji Saeki said:
That depends. I modified a Teclast T30 bootloader (Mediatek garbage) that forced a delay and printed an orange error message about the bootloader being unlocked. A bit of Arm64 reverse-engineering and I shorted the delay to 0ms (none, basically) and just cut the string short (null-byte) and it works fine on my junker tablet. I've just bought an ASUS ROG Phone 5, getting into it, but I'm nervous about touching anything without, say, TWRP or without knowing how to do a full raw backup and restore.
Click to expand...
Click to collapse
RAW Firmware Collection and Guide
All fastboot / adb commands require using the side USB-C port https://developer.android.com/studio/releases/platform-tools.html#download Make sure you have fastboot installed Add platform tools to PATH (post 2) Make a backup of anything...
forum.xda-developers.com
There ya go. Good luck
twistedumbrella said:
RAW Firmware Collection and Guide
All fastboot / adb commands require using the side USB-C port https://developer.android.com/studio/releases/platform-tools.html#download Make sure you have fastboot installed Add platform tools to PATH (post 2) Make a backup of anything...
forum.xda-developers.com
There ya go. Good luck
Click to expand...
Click to collapse
Thanks. Just waiting to figure out how to do a raw backup and restore, then I can get to it. If TWRP isn't required to do a raw backup and restore, then I can also begin work on porting TWRP. I've some experience, but not the most when it comes to TWRP porting.
*Edit* I'd like to add, reverse-engineering the ASUS Unlock Tool seems to show the limits on unlocking may be artificial by ASUS. Uses a call-home to fetch data to unlock with. The logic though may be in another castle, I mean package. The FOTA app does the same thing.
*Edit* By the way, does anyone have the exact message that displays about the bootloader being unlocked? I might be able to begin work tracking it down to remove as well as any delay (if there is one).
Some mods target the abl.img (possibly Android Boot Loader) so that may be one place to start. I personally never bother with backups, so I didn't really consider that. All of the data for my apps is synced and everything else is installed from Google Play. I guess that would be a bit more difficult if this were my primary phone.
The text for fussing is in tz.img, or at least it is *one location* with it. But since this is a stupid Tencent version, I can't flash anything to test, otherwise I'd have done it by now. Ah well. Sending the Tencent POS back.
OK , So the possible partitions to see deeper are abl.img and tz.img, can anyone help us with some more informations to remove this annoying message, thanks to all for your participation
Use payload_dumper and a hex editor to compare the original to yours.
Still Waiting for help to remove this message, if anyone has the solution
Has anyone been able to successfully root or flash TWRP using QPST/QFIL without unlocking the bootloader on lmi?
jason88fr said:
Has anyone been able to successfully root or flash TWRP using QPST/QFIL without unlocking the bootloader on lmi?
Click to expand...
Click to collapse
I'd be surprised.
What is the problem?
hey @NOSS8
I'd be surprised too lol.
No problem really, I came across some info and went down a little rabbit hole and arrived at the conclusion that it seems to be possible to have root on an locked bootloader but the key is apparently some "firehose" programmer files that I can't seem to find anywhere, which when used in conjuction with QPST and a device in EDL mode would in effect allow modification of the boot.img for the sake of rooting the device.
I'm still trying to find out more because I read some time ago on how android verified boot works, so I am sceptical especially when the people that seem to be doing it on youtube are those that unlock devices for a living or are just enthusiasts, both parties seem to glean toward it being possible without any specialised equipment /box/dongle with a success rate depending on flashing order.
So I started searching for the possibility of it being done on lmi.
jason88fr said:
hey @NOSS8
I'd be surprised too lol.
No problem really, I came across some info and went down a little rabbit hole and arrived at the conclusion that it seems to be possible to have root on an unlocked bootloader but the key is apparently some "firehose" programmer files that I can't seem to find anywhere, which when used in conjuction with QPST and a device in EDL mode would in effect allow modification of the boot.img for the sake of rooting the device.
I'm still trying to find out more because I read some time ago on how android verified boot works, so I am sceptical especially when the people that seem to be doing it on youtube are those that unlock devices for a living or are just enthusiasts, both parties seem to glean toward it being possible without any specialised equipment /box/dongle with a success rate depending on flashing order.
So I started searching for the possibility of it being done on lmi.
Click to expand...
Click to collapse
You say "with a locked bootloader" and then the opposite, typos?
Possible with a MediaTek soc device, not Qualcomm.
Finally to flash in EDL mode you must have a special authorization that only repair centers have.
A few years ago it was easy to access and modify the system, then there were the dynamic partitions, then the A/B partitions and the limitations imposed by GOOGLE with A12 A13.
On You Tube you can find everything and anything unlike XDA.
An example here, of useless persistence.
https://forum.xda-developers.com/t/flashing-edl-problem.4534297/
NOSS8 said:
You say "with a locked bootloader" and then the opposite, typos?
Possible with a MediaTek soc device, not Qualcomm.
Finally to flash in EDL mode you must have a special authorization that only repair centers have.
A few years ago it was easy to access and modify the system, then there were the dynamic partitions, then the A/B partitions and the limitations imposed by GOOGLE with A12 A13.
On You Tube you can find everything and anything unlike XDA.
An example here, of useless persistence.
https://forum.xda-developers.com/t/flashing-edl-problem.4534297/
Click to expand...
Click to collapse
yep it was indeed a typo.
I did see a lot of MTK stuff.
Fair enough.
Also, "useless persistence" I believe is the main cause of so many bricks in forums I've seen in the last couple days chasing the same dream.