Related
What does the manufacturer do to the phone to make it un-rootable?
This quote: "Strictly speaking, when we talk about a platform as open as the Android OS, it is almost impossible for a manufacturer to make an ‘un-rootable’ device."
would suggest that most likely the manufacturer is not making the phone un-rootable. So then that would leave the OS, but my 4.2.2 KitKat has and is rooted on other devices.
So who and what is at fault here? Seems to me that if it was software, that would be easy. Find an exploit and root. But if it was that easy then all phones/devices would be rootable.
That brings us back to hardware and the manufacturer.
RealRobD said:
What does the manufacturer do to the phone to make it un-rootable?
This quote: "Strictly speaking, when we talk about a platform as open as the Android OS, it is almost impossible for a manufacturer to make an ‘un-rootable’ device."
would suggest that most likely the manufacturer is not making the phone un-rootable. So then that would leave the OS, but my 4.2.2 KitKat has and is rooted on other devices.
So who and what is at fault here? Seems to me that if it was software, that would be easy. Find an exploit and root. But if it was that easy then all phones/devices would be rootable.
That brings us back to hardware and the manufacturer.
Click to expand...
Click to collapse
It is more a matter of the carriers trying their hardest to prevent us from being able to unlock/root the devices they offer and less a matter of the manufacturer trying to prevent it.. They do this for several reasons. But the main reasons are to prevent security breaches, to protect the information on their customer's devices, to prevent having to repair/replace devices that have been broken due to failed rooting/flashing/modifying attempts and to prevent us from using their devices on another carrier's network.
It is considered to be impossible to make devices that absolutely can't be rooted. They are all vulnerable in some manner, these vulnerabilities are called exploits, it's just a matter of finding the right exploit. When exploits are found, the manufacturer or carrier will patch the exploit and release an update for their devices to apply the patch.
The main thing they do to make devices unrootable is to use a locked bootloader, some even use specific hardware components to prevent unapproved software from booting.
It's a combination of things really, there is not necessarily one certain thing they do to keep us from rooting, because there are many different ways to unlock/root devices, they try their best to account for them all.
Sent from my SM-S767VL using Tapatalk
It is considered to be impossible to make devices that absolutely can't be rooted. They are all vulnerable in some manner, these vulnerabilities are called exploits, it's just a matter of finding the right exploit.
Click to expand...
Click to collapse
Can you direct me to the recommended newbie reading to get my learn on?
My Alcatel onetouch has stumped current one click methods, so it's time to learn and crack this puppy on my own.
RealRobD said:
Can you direct me to the recommended newbie reading to get my learn on?
My Alcatel onetouch has stumped current one click methods, so it's time to learn and crack this puppy on my own.
Click to expand...
Click to collapse
If all one click methods have failed, the only option left is to flash some kind of customized software or methods to modify parts of your boot and/or system partitions. Flashing custom software and modifying boot or system requires the device to have an unlocked bootloader.
This means that your first step is to determine whether or not your device has an unlocked bootloader. If it is unlocked, you can flash/modify the device, if it is locked, you can't flash/modify unless you find a method to unlock the bootloader, then you can flash/modify. Do some searches for methods to check your bootloader status.
If you find that the bootloader is unlocked, then you have a few choices:
1) if you can obtain a copy of your stock firmware then you can use the Magisk rooting method to modify the boot.img from your firmware to create a patched boot.img then flash that boot.img using the appropriate flash tool for your device brand.
2) if you can find a copy of TWRP custom recovery for your specific device model number you can flash the TWRP file using the appropriate flash tool for your device brand.
3) if there is no TWRP for your specific model number, you can build your own version of TWRP if the necessary resources are available for your specific model number.
4) if the necessary resources to build TWRP for your specific model number are not available, you can try finding a TWRP for a similar device with the same exact CPU that your device has and port that TWRP to be compatible with your own device.
Do your own searching and researching about each of these options, the more you read about them, the more you will understand.
Sent from my SM-S767VL using Tapatalk
Droidriven said:
If all one click methods have failed, the only option left is to flash some kind of customized software or methods to modify parts of your boot and/or system partitions. Flashing custom software and modifying boot or system requires the device to have an unlocked bootloader.
This means that your first step is to determine whether or not your device has an unlocked bootloader. If it is unlocked, you can flash/modify the device, if it is locked, you can't flash/modify unless you find a method to unlock the bootloader, then you can flash/modify. Do some searches for methods to check your bootloader status.
If you find that the bootloader is unlocked, then you have a few choices:
1) if you can obtain a copy of your stock firmware then you can use the Magisk rooting method to modify the boot.img from your firmware to create a patched boot.img then flash that boot.img using the appropriate flash tool for your device brand.
2) if you can find a copy of TWRP custom recovery for your specific device model number you can flash the TWRP file using the appropriate flash tool for your device brand.
3) if there is no TWRP for your specific model number, you can build your own version of TWRP if the necessary resources are available for your specific model number.
4) if the necessary resources to build TWRP for your specific model number are not available, you can try finding a TWRP for a similar device with the same exact CPU that your device has and port that TWRP to be compatible with your own device.
Do your own searching and researching about each of these options, the more you read about them, the more you will understand.
Sent from my SM-S767VL using Tapatalk
Click to expand...
Click to collapse
Can't get past "Waiting on devices" when using
Code:
fastboot oem device-info
.
Device manager shows the phone is connected just fine.
The phone has no manual way to set fast boot, whether it be the buttons or entering numbers on the keypad.
Device recognized.
Code:
fastboot devices
returns nothing. I guess that means it's not in fast boot mode.
Code:
adb reboot bootloader
and
Code:
adb reboot fastboot
only reboots the phone.
On the other hand,
Code:
adb reboot recovery
does work.
RealRobD said:
Can't get past "Waiting on devices" when using
Code:
fastboot oem device-info
.
Device manager shows the phone is connected just fine.
The phone has no manual way to set fast boot, whether it be the buttons or entering numbers on the keypad.
Device recognized.
Code:
fastboot devices
returns nothing. I guess that means it's not in fast boot mode.
Code:
adb reboot bootloader
and
Code:
adb reboot fastboot
only reboots the phone.
On the other hand,
Code:
adb reboot recovery
does work.
Click to expand...
Click to collapse
Your device probably doesn't even have fastboot mode, some carriers remove fastboot from their devices, especially MVNO(subcontracted) networks.
Sent from my SM-S767VL using Tapatalk
Yep, looks like no Fastboot onboard...
galaxys said:
Yep, looks like no Fastboot onboard...
Click to expand...
Click to collapse
If it's just software, why can't it be bypassed, cracked, hacked, blown up etc?
RealRobD said:
If it's just software, why can't it be bypassed, cracked, hacked, blown up etc?
Click to expand...
Click to collapse
If you're asking about what was said about not having fastboot, it is a lack of software, as in, the software is not even there.
If you're asking if the software can be bypassed, it can, the trick is to find the right exploit. That is the problem, a working exploit has not been discovered for this device.
Without fastboot, there is no way to flash custom files such as TWRP or patched boot.img. This means, the only chance of rooting the device is if one of the one-click universal rooting apps or universal PC rooting programs has an exploit that just happens to network on this device.
Sent from my SM-S767VL using Tapatalk
Droidriven said:
If you're asking about what was said about not having fastboot, it is a lack of software, as in, the software is not even there.
If you're asking if the software can be bypassed, it can, the trick is to find the right exploit. That is the problem, a working exploit has not been discovered for this device.
Without fastboot, there is no way to flash custom files such as TWRP or patched boot.img. This means, the only chance of rooting the device is if one of the one-click universal rooting apps or universal PC rooting programs has an exploit that just happens to network on this device.
Sent from my SM-S767VL using Tapatalk
Click to expand...
Click to collapse
Have any fastboot-less phones in the past been rooted?
If so, do you have any recommended reading as far as exploit hunting is concerned?
Hi everyone.
I'm thinking in buying a phone from CAT (CAT S42) and I'm not sure if I can unlock its bootloader. But I've seen on another forum that the CAT S31 has root available for it through Magisk, and I didn't see anyone mentioning having unlocked the bootloader. S42 has a MediaTek chipset and S31 has a Qualcomm chipset, if that helps.
So my question is: is unlocking bootloader MANDATORY to root a device? Can I just run a custom recovery, root the phone with that, and then the recovery gets overwritten on system boot? Or can I root through USB debugging without even needing custom recovery?
The CAT S31 I mentioned was rooted with Magisk, and as I said, I didn't see anyone talking about unlocked bootloader. But I also read Magisk changes the boot partition and the bootloader checks if it was modified. So I'm a bit confused with this too. It's also written that MiracleBox was used and I'm not sure that's the reason that I'm getting confused or not (I had never heard of this tool until now).
A set of software for obtaining ROOT privileges.
Driver_Qualcom_m.7z (9.27 MB) [link]
Enter HS QDSLoad 9008 mode from Vol + and Vol- off state and connect without releasing to USB
MiracleBox [link]
The Boot image is processed on the phone by the Magisk manager, then uploaded to the phone using Miracle again from the computer.
MagiskManager-v7.3.2.apk (2.71 MB) [link]
Just in case,
Backup firmware without / Data partition
Attached files
XposedInstaller_3.1.5-Magisk.apk (2.96 MB) [link]
Click to expand...
Click to collapse
How may they have done that?
I'm sorry, I don't understand a lot of the root requirements part, since I was lucky and my 1st phone had the bootloader unlocked alreaedy for some reason and the second was as easy as writting a single command. But about this phone there's almost nothing and I'd like to know the general about this. If it's really necessary to have the bootloader unlocked, for example. And if it's not, then what methods can I use with it still locked?
Thanks in advance for any help!
Hello DADi590,
Unfortunately I can't answer all of your questions about S42. I have one of them and I am also looking for and confused with root procedures. But I can tell you that unlock boot loader was just a matter of get developer options on (tapping version # 10 times), and inside you can toogle lock/unlock bootloader...
How to root it safely is what I do not know yet.
good luck!
@DADi590
Rooting the Android OS of a device in practice is nothing more than adding the su cmdlet known from Linux OS to the Android OS. To root Android OS in no case requires device's bootloader must get unlocked to do so.
FYI: The bootloader of an Android device is comparable to the BIOS of a Windows computer.
Actually, after some time I decided to leave CAT alone and buy a Blackview one. If I'd break the phone, at least it wouldn't be as expensive as the CAT S42 (I bought a BV9500 - not Pro or Plus, the normal one).
Since then (with help of adventures with a tablet of mine) I've learned some more things. One of them I was suspecting and was now confirmed (thank you @jwoegerbauer) which is to root the device, just a binary file is needed to be on the correct place: su. I didn't know it was on other Linux OSes though. Interesting!
So the idea is that just a recovery must be installed to root a device. That's it and nothing else, I believe. To install the recovery is the part where one might need to unlock the bootloader - or not, if the chipset manufacturer left a tool to write partitions directly, like MediaTek or Rockchip. On these 2 it's possible to write partitions directly with a locked bootloader (this means the bootloader on my 1st phone was and still is probably locked - like my BV9500 one is, and I flashed various partitions on it already, one of them, a TWRP recovery).
This explanation is for anyone else like me who would have this question. Bootloader is just to flash partitions and I think run modified ROMs too, but not too sure about that (I never use custom ROMs). [Btw, if I said something wrong, I'm happy to be corrected!]
armandrix said:
Hello DADi590,
Unfortunately I can't answer all of your questions about S42. I have one of them and I am also looking for and confused with root procedures. But I can tell you that unlock boot loader was just a matter of get developer options on (tapping version # 10 times), and inside you can toogle lock/unlock bootloader...
How to root it safely is what I do not know yet.
good luck!
Click to expand...
Click to collapse
I believe I asked this because I prefer that it's not required to unlock a bootloader to do stuff. If you screw the phone somehow with the bootloader locked and there's no tool to flash partitions on it and you must be on fastboot with an unlocked bootloader or whatever, you just bricked the phone. And I'd prefer that not to happen. That's why I chose to buy phones that don't need me to unlock the bootloader to do anything on them. That might mean I can't ever brick them (at least I never bricked my 1st phone with the various things I did on it which I later found out not being recommended at all XD).
I've unlocked the bootloader on my Cat S42. Can be done.
Hello.
I need someone that has a A125U variante that would like to test crossflashing bettween fimware to bypass U model PBL-unlock-restrictions.
More info, dm me.
EDIT: Changed to GENERAL thread because it turned in to a discussion now.
i have a A125U i can test this out if you want me to
Yes I would be willing to but you would have to walk me through the steps I know nothing of what I'm doing trying to learn
Scotterd said:
Yes I would be willing to but you would have to walk me through the steps I know nothing of what I'm doing trying to learn
Click to expand...
Click to collapse
Download patched odin and flash A125F fimware even if you are on A125U model.
Patched Odin 3.13.1
For those looking for a modified, modded, or patched odin that is a newer build than all the fake and renamed prince comsy 3.12.3 versions floating around. I patch recent Odin versions to offer similar functionality to the princecomsy; in that...
forum.xda-developers.com
Samsung Galaxy A12 Firmware Download SM-A125F Free Download
Samsung Galaxy A12 Firmware Download SM-A125F Free Download ⭐ Official and fast update ⭐ Max speed and free download ⭐ Best Samsung Galaxy website
samfw.com
Clean flashing new fimware useing Odin
DISCLAIMER: I WAS NEVER, HAVE NEVER BEEN, AND WILL NEVER BE RESPONSIBLE OF ANY DAMAGES AGAINST YOUR DEVICES BY YOUR OWN MIS-OPERATIONS # Your warranty is now void # # You have been warned. # # I will laught at you if you point the finger at me...
forum.xda-developers.com
I'm not responsible for any damage don to your device
You can use the patched odin to flash any A12 FW with a matching binary, but it won't affect your ability to unlock the bootloader. The most likely option is to use the EDL method by pulling the back encasing from your phone and using a paperclip or pair of tweezers to short the EDL pin while plugging into your PC. EDL is kind of a secondary bootloader that will allow you to run a variety of functions. Since the A12 is a MediaTek processor, I've tried using the MTKClient exploit through EDL mode to force unlock the bootloader, but so far I haven't seemed to get it working.
R0GUEEE said:
You can use the patched odin to flash any A12 FW with a matching binary, but it won't affect your ability to unlock the bootloader. The most likely option is to use the EDL method by pulling the back encasing from your phone and using a paperclip or pair of tweezers to short the EDL pin while plugging into your PC. EDL is kind of a secondary bootloader that will allow you to run a variety of functions. Since the A12 is a MediaTek processor, I've tried using the MTKClient exploit through EDL mode to force unlock the bootloader, but so far I haven't seemed to get it working.
Click to expand...
Click to collapse
It is possible and a method will be found. It could be that the SBL requires a key for PBL to be unlocked, have you tried useing any exploits on this phone?
LAST_krypton said:
It is possible and a method will be found. It could be that the SBL requires a key for PBL to be unlocked, have you tried useing any exploits on this phone?
Click to expand...
Click to collapse
As far as everything I've tested so far...
Attempted to downgrade A11 to A10 (can't do it because of incompatible FW binaries)
Flashed several different model FWs & various other CSCs... the model I'm using is SM-A125U (AT&T). Currently the FW running on it is for SM-A125U1 (the carrier unlocked model) but of course still no "OEM Unlock" option in dev settings.
After I tried a few dozen builds I looked into EDL/BROM flashing, since EDL works as a ground zero primary boot interface and seems to work as a recovery/fastboot hybrud allowing both flashing & a CMD interface vs a separated Samsung "Download Mode" and Fastboot mode.
I haven't really spent much time scouring the web for different exploits (that aren't paid services) but I did come across "MTKClient" (https://github.com/bkerler/mtkclient), which I was able to successfully run. I tried using the "unlock bootloader" command, at which point it was a "success" and resulted in the device obviously being wiped, but after the following boot there still was no "OEM Unlock" option in the dev menu. Afterwards I tried flashing a custom boot.img built with Magisk, but even using EDL mode to flash, the device wouldn't boot and just gave the basic "this isn't an approved FW" error, so I had to flash the original boot back.
R0GUEEE said:
As far as everything I've tested so far...
Attempted to downgrade A11 to A10 (can't do it because of incompatible FW binaries)
Flashed several different model FWs & various other CSCs... the model I'm using is SM-A125U (AT&T). Currently the FW running on it is for SM-A125U1 (the carrier unlocked model) but of course still no "OEM Unlock" option in dev settings.
After I tried a few dozen builds I looked into EDL/BROM flashing, since EDL works as a ground zero primary boot interface and seems to work as a recovery/fastboot hybrud allowing both flashing & a CMD interface vs a separated Samsung "Download Mode" and Fastboot mode.
I haven't really spent much time scouring the web for different exploits (that aren't paid services) but I did come across "MTKClient" (https://github.com/bkerler/mtkclient), which I was able to successfully run. I tried using the "unlock bootloader" command, at which point it was a "success" and resulted in the device obviously being wiped, but after the following boot there still was no "OEM Unlock" option in the dev menu. Afterwards I tried flashing a custom boot.img built with Magisk, but even using EDL mode to flash, the device wouldn't boot and just gave the basic "this isn't an approved FW" error, so I had to flash the original boot back.
Click to expand...
Click to collapse
You can't downgrade from Android 11 to 10, because Android 10 has a lower SW_REV value. OEM unlocking shouldn't matter if you can force the PBL to be unlocked by a exploit. You can play with date and time settings in the OS and OEM unlocking may come back, as explained here:
Covering some misleading theories and issues with our A12
This thread will be updated regularly. If you don't agree with something comment and if I was proven wrong I will update the thread. Please don't comment or chat here if it isn't releated with something I said. If you need further help with...
forum.xda-developers.com
You can try editing fimware files if you can't find a exploit for downgradeing SW_REV, or you can try from booting in to PRELOADER and with SP_FLASH_TOOL flash Android 10 scattar fimware. This phone is very new so it may be more difficult for finding exploits, you can play with crossflashing fimware and PRELOADER mode. Another thing is that EDL mode is only for snapdragon chipsets.
And try disabeling thoes security locks:
MTK "secure" boot -use mtksecbypass to disable
"Secure" downloads - try MTKClient
LAST_krypton said:
You can't downgrade from Android 11 to 10, because Android 10 has a lower SW_REV value. OEM unlocking shouldn't matter if you can force the PBL to be unlocked by a exploit. You can play with date and time settings in the OS and OEM unlocking may come back, as explained here:
Covering some misleading theories and issues with our A12
This thread will be updated regularly. If you don't agree with something comment and if I was proven wrong I will update the thread. Please don't comment or chat here if it isn't releated with something I said. If you need further help with...
forum.xda-developers.com
You can try editing fimware files if you can't find a exploit for downgradeing SW_REV, or you can try from booting in to PRELOADER and with SP_FLASH_TOOL flash Android 10 scattar fimware. This phone is very new so it may be more difficult for finding exploits, you can play with crossflashing fimware and PRELOADER mode. Another thing is that EDL mode is only for snapdragon chipsets.
Click to expand...
Click to collapse
I just tried flashing twrp lol, obviously didn't work. So with the a125, it runs on a mediatek processor (MT6765) which has the EDL mode if you short the internal pin. I've tested a couple different exploits which "unlock" it, but after flashing anything custom it always boots with "you can't have custom...". So right now I'm just going around in circles
Edit: Right now I'm playing around with Miracle Box to see what all I can accomplish. I'll update if anything new comes along.
R0GUEEE said:
I just tried flashing twrp lol, obviously didn't work. So with the a125, it runs on a mediatek processor (MT6765) which has the EDL mode if you short the internal pin. I've tested a couple different exploits which "unlock" it, but after flashing anything custom it always boots with "you can't have custom...". So right now I'm just going around in circles
Edit: Right now I'm playing around with Miracle Box to see what all I can accomplish. I'll update if anything new comes along.
Click to expand...
Click to collapse
Ok, good luck with Miracle Box, hope you got the one that isn't backdoored...
EDL mode should be only for Snapdragon, mediatek has it's own PRELOADER mode, as I know of it. Some phones have META-MODE. Could be miscommunication bettwen us.
@R0GUEEE
Here I will share these links and documents that could help.
[Android][UNSAMLOCK] Bootloader Unlock for Samsung US/Canada Devices
This thread is @svetius approved Important notice: Do not update to April 2023 security update (XXXXXXXXXXWCX) or later. Examples: G998USQS6EWCA, N986USQU4HWD1. Samsung has patched the bootloader unlock again on those updates. NOTE: The OneUI...
forum.xda-developers.com
How to unlock Unisoc (SPD) bootloader using Identifier Token
This tutorial will explain how to unlock a Unisoc / Spreadtrum (SPD) Android device's bootloader using its Identifier Token. This guide is ideal for those who had tried the generic fastboot bootloader
forum.hovatek.com
Where is the "download mode" code stored?
At least Samsung Galaxy series devices support download mode(also known as Odin mode or flash mode) which usually can be accessed by pressing down specific buttons while powering on the phone. Is t...
android.stackexchange.com
How I can downgrade from U3 to U1 "oreo to nougat"
I want to downgrade my phone from Oreo to Nougat My phone is Samsung J730F. But the problem is that Samsung locked the boot-louder. Can I go back by flashing the phone combination ROM then flash my
android.stackexchange.com
http://newandroidbook.com/21-Security.pdf?aboot
Reverse Engineering Android's Aboot
How to use MTK Bypass to backup or flash secure boot MTK
This is a step by step guide showing how to flash or backup a Mediatek (MTK) secure boot device without using a custom download agent (DA). This tool disables the SLA / DAA bootrom protection A little
forum.hovatek.com
How to use an MTK Secure Boot Download Agent (DA) file
This tutorial will explain how to use that DA file you just downloaded for your Mediatek (MTK) device with Secure Boot. You'll need the DA file to backup, flash, bypass Factory Reset Protection (FRP)
forum.hovatek.com
LAST_krypton said:
@R0GUEEE
Here I will share these links and documents that could help.
[Android][UNSAMLOCK] Bootloader Unlock for Samsung US/Canada Devices
This thread is @svetius approved Important notice: Do not update to April 2023 security update (XXXXXXXXXXWCX) or later. Examples: G998USQS6EWCA, N986USQU4HWD1. Samsung has patched the bootloader unlock again on those updates. NOTE: The OneUI...
forum.xda-developers.com
How to unlock Unisoc (SPD) bootloader using Identifier Token
This tutorial will explain how to unlock a Unisoc / Spreadtrum (SPD) Android device's bootloader using its Identifier Token. This guide is ideal for those who had tried the generic fastboot bootloader
forum.hovatek.com
Where is the "download mode" code stored?
At least Samsung Galaxy series devices support download mode(also known as Odin mode or flash mode) which usually can be accessed by pressing down specific buttons while powering on the phone. Is t...
android.stackexchange.com
How I can downgrade from U3 to U1 "oreo to nougat"
I want to downgrade my phone from Oreo to Nougat My phone is Samsung J730F. But the problem is that Samsung locked the boot-louder. Can I go back by flashing the phone combination ROM then flash my
android.stackexchange.com
http://newandroidbook.com/21-Security.pdf?aboot
Reverse Engineering Android's Aboot
How to use MTK Bypass to backup or flash secure boot MTK
This is a step by step guide showing how to flash or backup a Mediatek (MTK) secure boot device without using a custom download agent (DA). This tool disables the SLA / DAA bootrom protection A little
forum.hovatek.com
How to use an MTK Secure Boot Download Agent (DA) file
This tutorial will explain how to use that DA file you just downloaded for your Mediatek (MTK) device with Secure Boot. You'll need the DA file to backup, flash, bypass Factory Reset Protection (FRP)
forum.hovatek.com
Click to expand...
Click to collapse
Yeah, I've pretty much gone around and around in circles with this. The thing that makes it curious though is after running adb shell getprop and looking through the build, I noticed most of the properties relating to oem unlocking were actually set to allow, the one outlier was sys.oem_unlock_allowed. Which kinda pushes me back towards the KG/RMM. Athough, I'm not sure if that's because I have the unlocked U1 FW flashed (it's actually an a125u), or if its the same on both. Either way, running an MTK exploit to unlock the bootloader (which I've done) doesn't actually contribute anything to whether or not OEM Unlocking is visible in dev settings, which is the primary prereq for unlocking the bootloader.
I did consider trying to update the sys.oem within build.prop in /system, but obviously without a root it's impossible, which lead me to possibly unpacking the stock FW super.img and trying to pre-edit the build within so I could re-pack and flash using the MTK Bypass exploit, but those necessary oem properties aren't even listed on either of the build files I did manage to find.
So as of now I've got one more test I'm going to try before I give up. All things considered, the most likely issue is the KG/RMM state, so I'm going to test a few different methods to try and circumnavigate those and possibly unlock the missing OEM Unlock option.
I can at least say that it's likely not an issue of manufacturer locked loaders, considering that's primarily a snapdragon issue, whereas the A12 runs on MediaTek, so fingers crossed.
R0GUEEE said:
Yeah, I've pretty much gone around and around in circles with this. The thing that makes it curious though is after running adb shell getprop and looking through the build, I noticed most of the properties relating to oem unlocking were actually set to allow, the one outlier was sys.oem_unlock_allowed. Which kinda pushes me back towards the KG/RMM. Athough, I'm not sure if that's because I have the unlocked U1 FW flashed (it's actually an a125u), or if its the same on both. Either way, running an MTK exploit to unlock the bootloader (which I've done) doesn't actually contribute anything to whether or not OEM Unlocking is visible in dev settings, which is the primary prereq for unlocking the bootloader.
I did consider trying to update the sys.oem within build.prop in /system, but obviously without a root it's impossible, which lead me to possibly unpacking the stock FW super.img and trying to pre-edit the build within so I could re-pack and flash using the MTK Bypass exploit, but those necessary oem properties aren't even listed on either of the build files I did manage to find.
So as of now I've got one more test I'm going to try before I give up. All things considered, the most likely issue is the KG/RMM state, so I'm going to test a few different methods to try and circumnavigate those and possibly unlock the missing OEM Unlock option.
I can at least say that it's likely not an issue of manufacturer locked loaders, considering that's primarily a snapdragon issue, whereas the A12 runs on MediaTek, so fingers crossed.
Click to expand...
Click to collapse
If you were able to see the settings are enabled through ADB that is the same as it showing in settings. KG/RMM state could also be the factor of why it isn't beeing shown as of what you have said. Samsung has came a long way with these dumb knox securities which just makes everything worse, you might be able to find a clue for this within their KNOX documents ( I sent a link in a post above). Maybe you can find a profesional, a person that has worked for samsung and can maybe help you with this. It just gets too complicated at one point. If you have telegram or something were we can talk further about this it would be nice because some exploits and stuff if you mention can violate xda rules... So I don't know what else to tell you, I never really was in a situation where I was required to do these type of stuff, only if I had to because of some problems I had. Maybe you can find answers for all of this on some really old forums where people use to do everything to brake apart samsungs and mediateks security locks but still dout it.
For now, hope you learned something and dm me if you want to chat on telegram or etc about this. Don't think something is impossible because you can't find a answer for it, everything is possible.
LAST_krypton said:
If you were able to see the settings are enabled through ADB that is the same as it showing in settings. KG/RMM state could also be the factor of why it isn't beeing shown as of what you have said. Samsung has came a long way with these dumb knox securities which just makes everything worse, you might be able to find a clue for this within their KNOX documents ( I sent a link in a post above). Maybe you can find a profesional, a person that has worked for samsung and can maybe help you with this. It just gets too complicated at one point. If you have telegram or something were we can talk further about this it would be nice because some exploits and stuff if you mention can violate xda rules... So I don't know what else to tell you, I never really was in a situation where I was required to do these type of stuff, only if I had to because of some problems I had. Maybe you can find answers for all of this on some really old forums where people use to do everything to brake apart samsungs and mediateks security locks but still dout it.
For now, hope you learned something and dm me if you want to chat on telegram or etc about this. Don't think something is impossible because you can't find a answer for it, everything is possible.
Click to expand...
Click to collapse
Well after trial and error, I finally got it. I had to hunt down an Android 10 firmware with a matching binary to allow a downgrade, and after a couple of tries, using the auto-date/time method, OEM unlocking finally decided to show itself in dev settings. Specifically, I used this FW, flashed with Odin https://samfw.com/firmware/SM-A125U/USC/A125USQS2AUF3
R0GUEEE said:
Well after trial and error, I finally got it. I had to hunt down an Android 10 firmware with a matching binary to allow a downgrade, and after a couple of tries, using the auto-date/time method, OEM unlocking finally decided to show itself in dev settings. Specifically, I used this FW, flashed with Odin https://samfw.com/firmware/SM-A125U/USC/A125USQS2AUF3
Click to expand...
Click to collapse
Well, you couldev done that allready out of the start. But even do you got OEM_UNLOCKING shown doesn't really mean anything on U model, unless you have exploits and methods for unlocking PBL. Which as said wasn't very sucessful at all for you. I recomend to you that you check our DMs. mtkclient has some bugs which are on the way to be fixed.
I've been working with mtkclient for months, before it even unlocked bootloaders, I was the first to unlock the stylo 6 bootloader and I had a bit of a hand in working out some of the bugs with the tool, I'm doing a full backup of the A125U model right now with mtkclient and after it's done I plan to try the unlock without having oem unlock option in dev options, but first I'll check to see what binary version I'm on, not sure if it's on android 10 or 11 right now. But I will sheet the backup
I finally finished my tutorial for the stylo 6 bootloader unlock and root so now I'm working with the A125U. I'm on 2nd binary and i think i got the bootloader unlocked, but if I flash the patched boot.img it won't boot. I'm gonna try a few ideas i have, so far no luck but I'm not gonna give up, I may crossflash, but I'm trying to find the easiest way to do this.
LAST_krypton said:
@R0GUEEE
Here I will share these links and documents that could help.
[Android][UNSAMLOCK] Bootloader Unlock for Samsung US/Canada Devices
This thread is @svetius approved Important notice: Do not update to April 2023 security update (XXXXXXXXXXWCX) or later. Examples: G998USQS6EWCA, N986USQU4HWD1. Samsung has patched the bootloader unlock again on those updates. NOTE: The OneUI...
forum.xda-developers.com
How to unlock Unisoc (SPD) bootloader using Identifier Token
This tutorial will explain how to unlock a Unisoc / Spreadtrum (SPD) Android device's bootloader using its Identifier Token. This guide is ideal for those who had tried the generic fastboot bootloader
forum.hovatek.com
Where is the "download mode" code stored?
At least Samsung Galaxy series devices support download mode(also known as Odin mode or flash mode) which usually can be accessed by pressing down specific buttons while powering on the phone. Is t...
android.stackexchange.com
How I can downgrade from U3 to U1 "oreo to nougat"
I want to downgrade my phone from Oreo to Nougat My phone is Samsung J730F. But the problem is that Samsung locked the boot-louder. Can I go back by flashing the phone combination ROM then flash my
android.stackexchange.com
http://newandroidbook.com/21-Security.pdf?aboot
Reverse Engineering Android's Aboot
How to use MTK Bypass to backup or flash secure boot MTK
This is a step by step guide showing how to flash or backup a Mediatek (MTK) secure boot device without using a custom download agent (DA). This tool disables the SLA / DAA bootrom protection A little
forum.hovatek.com
How to use an MTK Secure Boot Download Agent (DA) file
This tutorial will explain how to use that DA file you just downloaded for your Mediatek (MTK) device with Secure Boot. You'll need the DA file to backup, flash, bypass Factory Reset Protection (FRP)
forum.hovatek.com
Click to expand...
Click to collapse
GitHub - MTK-bypass/bypass_utility
Contribute to MTK-bypass/bypass_utility development by creating an account on GitHub.
github.com
I'm glad to see Hovatek being suggested, i worked with them on my stylo 6 project, they even gave me a shout out if you look in the mtkclient instruction for the K51.
Here's the scatter file for the A125U model
MT6765_A12_scatter.txt
drive.google.com
LAST_krypton said:
Well, you couldev done that allready out of the start. But even do you got OEM_UNLOCKING shown doesn't really mean anything on U model, unless you have exploits and methods for unlocking PBL. Which as said wasn't very sucessful at all for you. I recomend to you that you check our DMs. mtkclient has some bugs which are on the way to be fixed.
Click to expand...
Click to collapse
R0GUEEE said:
Well after trial and error, I finally got it. I had to hunt down an Android 10 firmware with a matching binary to allow a downgrade, and after a couple of tries, using the auto-date/time method, OEM unlocking finally decided to show itself in dev settings. Specifically, I used this FW, flashed with Odin https://samfw.com/firmware/SM-A125U/USC/A125USQS2AUF3
Click to expand...
Click to collapse
I own a a125u with FW A125USQU2BUI3. Would I be able to use this method to make oem unlock appear and then root? If so could you please assist me and help with the steps? I've been attempting to root this thing for a week and my girl friend is starting to hate me because I'm obsessed and paymore attention to this than her lol
I've bought one of those locked Pixel 4As running on ArcaneOS and it's got a locked bootloader but the issue is that like everybody else, I can't do much with the phone. So I'm wondering if there's a way to get a phone into the EDL and then flash the stock firmware through QPST?
Todos123 said:
I've bought one of those locked Pixel 4As running on ArcaneOS and it's got a locked bootloader but the issue is that like everybody else, I can't do much with the phone. So I'm wondering if there's a way to get a phone into the EDL and then flash the stock firmware through QPST?
Click to expand...
Click to collapse
Don't think it's possible as Google doesn't release the firehose (needed by qfil) for pixel phones.
Numerous other device mfg do release the firehose file. Some of them use the same chip as what's in the 4a, but from what I read (I've never tried this), the other mfg file, even though it's for the same chip, won't work.
So ArcaneOS is locking the bootloader and u are now unable to unlock it?
AsItLies said:
Don't think it's possible as Google doesn't release the firehose (needed by qfil) for pixel phones.
Numerous other device mfg do release the firehose file. Some of them use the same chip as what's in the 4a, but from what I read (I've never tried this), the other mfg file, even though it's for the same chip, won't work.
So ArcaneOS is locking the bootloader and u are now unable to unlock it?
Click to expand...
Click to collapse
I've found an mbn file for the pixel 4a and it may be possible to do something with it in qfil (?) but I am unsure. Haven't managed to boot my phone in EDL.
As for the ArcaneOS, I am unsure if it locks the bootloader itself or you need to lock it manually after flashing it. Mine has ArcaneOS installed with no build number which means no access to developer options. There are some articles on pixel phones with this ROM on them and they were apparently used by the FBI undercover agents to sell them to the criminals and catch them.
As of writing this reply, the options for making the device usable are either changing the UFS chip or getting your hands on a broken pixel 4a with a working motherboard. Those usually go from 70 - 100€ from what I've seen. I haven't been able to find one in my country yet.
The issue with changing the UFS chip is that it's hard to find one. I've only found a couple on Ali Express for about 25€. Another issue is that apparently where I live they charge anywhere between 100 - 400€ for a memory chip replacement. What a joke
Todos123 said:
I've found an mbn file for the pixel 4a and it may be possible to do something with it in qfil (?) but I am unsure. Haven't managed to boot my phone in EDL.
As for the ArcaneOS, I am unsure if it locks the bootloader itself or you need to lock it manually after flashing it. Mine has ArcaneOS installed with no build number which means no access to developer options. There are some articles on pixel phones with this ROM on them and they were apparently used by the FBI undercover agents to sell them to the criminals and catch them.
As of writing this reply, the options for making the device usable are either changing the UFS chip or getting your hands on a broken pixel 4a with a working motherboard. Those usually go from 70 - 100€ from what I've seen. I haven't been able to find one in my country yet.
The issue with changing the UFS chip is that it's hard to find one. I've only found a couple on Ali Express for about 25€. Another issue is that apparently where I live they charge anywhere between 100 - 400€ for a memory chip replacement. What a joke
Click to expand...
Click to collapse
edit to add: didn't realize but yes it does look like the proper mbn file *might* allow u to flash stock firmware? Not sure, haven't done it, from what I read the appropriate xml would be needed also... not sure.
... end edit
Just got finished reading the entire Arcane OS thread in same forum. Getting the device into EDL mode shouldn't be a problem, and qualcomm device is capable of that and afaik, it's impossible to defeat that.
but, it's no help if u don't have the programmer firehose file, as u simply can't access the device without it. I've used edl / firehose files for LG devices, but they somehow (the firehose files) become 'leaked' (probably by LG).
But google, nope, I've looked due to the pix 3 (and some others) inadvertently bricking themselves (no one sure why), where u just pick up the device and u have a blank screen. But if u plug it into pc it will connect as QLoader etc (it's basically stuck in edl mode).
But those devices can't be fixed either, same issue in that there's no firehose programmer file for it. So u simply can't access the device.
AsItLies said:
edit to add: didn't realize but yes it does look like the proper mbn file *might* allow u to flash stock firmware? Not sure, haven't done it, from what I read the appropriate xml would be needed also... not sure.
... end edit
Just got finished reading the entire Arcane OS thread in same forum. Getting the device into EDL mode shouldn't be a problem, and qualcomm device is capable of that and afaik, it's impossible to defeat that.
but, it's no help if u don't have the programmer firehose file, as u simply can't access the device without it. I've used edl / firehose files for LG devices, but they somehow (the firehose files) become 'leaked' (probably by LG).
But google, nope, I've looked due to the pix 3 (and some others) inadvertently bricking themselves (no one sure why), where u just pick up the device and u have a blank screen. But if u plug it into pc it will connect as QLoader etc (it's basically stuck in edl mode).
But those devices can't be fixed either, same issue in that there's no firehose programmer file for it. So u simply can't access the device.
Click to expand...
Click to collapse
Ah that's very unfortunate. Well, might as well wait some time. Someone may figure out how to forcefully unlock the bootloader or the firehose file might gets leaked. Who knows... If no, then hopefully I can get a broken pix 4a and just swap the motherboard to my locked one.
Thanks anyways!
Todos123 said:
Ah that's very unfortunate. Well, might as well wait some time. Someone may figure out how to forcefully unlock the bootloader or the firehose file might gets leaked. Who knows... If no, then hopefully I can get a broken pix 4a and just swap the motherboard to my locked one.
Thanks anyways!
Click to expand...
Click to collapse
IMO, the device was flashed with a custom public key to the avb_custom_key partition.
Hi guys,
Man oh man this phone...
So basically I'm trying to unlock my bootloader without waiting the 7 days, since I simply don't trust this phone to give me the OEM Unlock option after 7 days...
Before I decided to unlock my bootloader I had been using this phone for about 2 months like normal, sure I uninstalled a ton of bloatware and system apps that I didn't need which MIGHT have been the reason it didn't show the OEM Unlock after months, but the battery life was amazing.
But recently I've been considering rooting my phone, and before I started factory resetting and trying many different things to show the OEM Unlock option, keep in mind I've bee using this phone normally for a couple months, I checked the developer options and not a surprise, OEM Unlock wasn't there.
So ever since, I've tried sooo many things to show the OEM Unlock:
( I reflashed the stock firmware with Odin in between all these methods I've tried )
Also before I list everything I've tried heres the full specs of this phone and the drivers I've installed on my Windows 10
Samsung Galaxy A32 5G (SM-A326U)
T-Mobile, MTK, Network locked, No SIM, NOT Snapdragon
Drivers I've installed on my PC: Google USB Driver, ADB Interface, Samsung Android USB Driver, MTK Driver, USBDk and a few more can't remember the names...
1. Changing date, checking for an update and changing the date back, tried restarting the phone in between, tried turning wifi on and off in between.
2. Combination firmware, got unauthorized error on the download mode screen talking about the pit file.
3. Tried running:
adb reboot bootloader
fastboot devices (It successfully recognized my phone)
fastboot oem unlock: Unknown command
Didn't even run the command...
4. Since its a MTK CPU I had hope for mtkclient https://github.com/bkerler/mtkclient
It just kept asking to connect my phone, tried connecting with recovery mode, download mode and fastboot mode, none of them were recognized
The reason I need a quick way to unlock the bootloader, is cause I will be doing stuff with this phone that might result in me having to reflash the firmware which I can't risk it relocking and have to wait 7 days each time something goes wrong.
I heard that T-Mobile phones bootloader's are impossible to unlock, someone please tell me that is not true...
So basically,
Is there any way to unlock the bootloader? If not why and if yeah, what have I been doing wrong and how?
Thanks guys
7 days what? Tmo A326U doesnt have the option to unlock the bootloader, you need to pay the people here that provide the service. They are the only ones that seemingly know how to get it unlocked, and I can vouch for it.
Seriously... So there's no way to unlock for free, or by waiting...?
Not a bootloader unlock. Its not just Tmo that are locking these down tighter.
You can unlock it for free if you can figure out whatever they do ;-)
Nah idc about a network unlock since I don't have service for this phone, I just wanna know if its possible to unlock the bootloader... I've tried everything
Who is talking about a network unlock?
TimmyP said:
Who is talking about a network unlock?
Click to expand...
Click to collapse
You said not a "bootloader unlock" so I was assuming you're talking about network unlock... Sorry, but should I just give up, there's seemingly NO WAYY to unlock the bootloader of a T-Sh*t phone.
Oh just misunderstanding my bad. I meant you cant wait for a bootloader unlock, but you can wait and maybe they would carrier unlock it later... but thats not what you want anyways.
TimmyP said:
Oh just misunderstanding my bad. I meant you cant wait for a bootloader unlock, but you can wait and maybe they would carrier unlock it later... but thats not what you want anyways.
Click to expand...
Click to collapse
That's kinda sad, I think I'm gonna just give up, but thanks for the information... Hopefully something happens in the future that allows it to be unlocked soon... Thanks man
I doubt they'll bring it back. OEM unlock that is. My phone is over 7 days old and I did the factory reset by holding the volume down and power buttons and then the volume up and power button and did the full factory reset. OEM unlock is still gone. Yes I got the developer options turned on. I rooted a couple of Nexus 6p's which of course are obsolete now since they were 3G and there is no backward capability. At least I got them used, replaced the batteries myself and can use them as WiFi phones with Talkatone through my WiFi. Read some blurbs about Kingo root working but I'd like to see that someone has pulled it off with the A32. Am under a 2 year obligation but I bought a second one to experiment on. I did that before I found out there was no OEM unlock. Well, if I break one, I'll have a backup. Except the phone is tied to the SIMM and I'd have to bring the backup in to have it reprogrammed.
TimmyP said:
Who is talking about a network unlock?
Click to expand...
Click to collapse
Any good service to network unlock SM-A236U or U1. Flashed XAA t no avail the Carrier_ID stays at DSH...
iabhua said:
Any good service to network unlock SM-A236U or U1. Flashed XAA t no avail the Carrier_ID stays at DSH...
Click to expand...
Click to collapse
I am working on unlock for it but I need root or a device on low security update. I am almost close to an solution if your device security patch is low please let me know
TimmyP said:
7 days what? Tmo A326U doesnt have the option to unlock the bootloader, you need to pay the people here that provide the service. They are the only ones that seemingly know how to get it unlocked, and I can vouch for it.
Click to expand...
Click to collapse
Do you have any device with an unlock bootloader or unlock? I am trying to get a ram dimp for days nobody have an device.
andioshelp said:
I am working on unlock for it but I need root or a device on low security update. I am almost close to an solution if your device security patch is low please let me know
Click to expand...
Click to collapse
I have two SM-A236U’s but unfortunately one has binary 6 FW and the other binary 7.
1.fuxk_ said:
Hi guys,
Man oh man this phone...
So basically I'm trying to unlock my bootloader without waiting the 7 days, since I simply don't trust this phone to give me the OEM Unlock option after 7 days...
Before I decided to unlock my bootloader I had been using this phone for about 2 months like normal, sure I uninstalled a ton of bloatware and system apps that I didn't need which MIGHT have been the reason it didn't show the OEM Unlock after months, but the battery life was amazing.
But recently I've been considering rooting my phone, and before I started factory resetting and trying many different things to show the OEM Unlock option, keep in mind I've bee using this phone normally for a couple months, I checked the developer options and not a surprise, OEM Unlock wasn't there.
So ever since, I've tried sooo many things to show the OEM Unlock:
( I reflashed the stock firmware with Odin in between all these methods I've tried )
Also before I list everything I've tried heres the full specs of this phone and the drivers I've installed on my Windows 10
Samsung Galaxy A32 5G (SM-A326U)
T-Mobile, MTK, Network locked, No SIM, NOT Snapdragon
Drivers I've installed on my PC: Google USB Driver, ADB Interface, Samsung Android USB Driver, MTK Driver, USBDk and a few more can't remember the names...
1. Changing date, checking for an update and changing the date back, tried restarting the phone in between, tried turning wifi on and off in between.
2. Combination firmware, got unauthorized error on the download mode screen talking about the pit file.
3. Tried running:
adb reboot bootloader
fastboot devices (It successfully recognized my phone)
fastboot oem unlock: Unknown command
Didn't even run the command...
4. Since its a MTK CPU I had hope for mtkclient https://github.com/bkerler/mtkclient
It just kept asking to connect my phone, tried connecting with recovery mode, download mode and fastboot mode, none of them were recognized
The reason I need a quick way to unlock the bootloader, is cause I will be doing stuff with this phone that might result in me having to reflash the firmware which I can't risk it relocking and have to wait 7 days each time something goes wrong.
I heard that T-Mobile phones bootloader's are impossible to unlock, someone please tell me that is not true...
So basically,
Is there any way to unlock the bootloader? If not why and if yeah, what have I been doing wrong and how?
Thanks guys
Click to expand...
Click to collapse
There was a similar procedure to unlock bootloader on a samsung mtk (A125U) same carrier as yours (T-Mobile TMB and the same applies to MetroPCS TMB) basicaly, you had to flash BL files from the A125W (canadian version) then unlocking bootloader using testpoint (bootrom mode) then using any paid or free app (in my case i use a paid one because i run a repair shop). even if you unlock bootloader using paid tools, it gets locked again when it turns on. (i tested it without flashing BL files)
sadly, i dont have a A326U lying arround to test said procedure.
1.fuxk_ said:
Hi guys,
Man oh man this phone...
So basically I'm trying to unlock my bootloader without waiting the 7 days, since I simply don't trust this phone to give me the OEM Unlock option after 7 days...
Before I decided to unlock my bootloader I had been using this phone for about 2 months like normal, sure I uninstalled a ton of bloatware and system apps that I didn't need which MIGHT have been the reason it didn't show the OEM Unlock after months, but the battery life was amazing.
But recently I've been considering rooting my phone, and before I started factory resetting and trying many different things to show the OEM Unlock option, keep in mind I've bee using this phone normally for a couple months, I checked the developer options and not a surprise, OEM Unlock wasn't there.
So ever since, I've tried sooo many things to show the OEM Unlock:
( I reflashed the stock firmware with Odin in between all these methods I've tried )
Also before I list everything I've tried heres the full specs of this phone and the drivers I've installed on my Windows 10
Samsung Galaxy A32 5G (SM-A326U)
T-Mobile, MTK, Network locked, No SIM, NOT Snapdragon
Drivers I've installed on my PC: Google USB Driver, ADB Interface, Samsung Android USB Driver, MTK Driver, USBDk and a few more can't remember the names...
1. Changing date, checking for an update and changing the date back, tried restarting the phone in between, tried turning wifi on and off in between.
2. Combination firmware, got unauthorized error on the download mode screen talking about the pit file.
3. Tried running:
adb reboot bootloader
fastboot devices (It successfully recognized my phone)
fastboot oem unlock: Unknown command
Didn't even run the command...
4. Since its a MTK CPU I had hope for mtkclient https://github.com/bkerler/mtkclient
It just kept asking to connect my phone, tried connecting with recovery mode, download mode and fastboot mode, none of them were recognized
The reason I need a quick way to unlock the bootloader, is cause I will be doing stuff with this phone that might result in me having to reflash the firmware which I can't risk it relocking and have to wait 7 days each time something goes wrong.
I heard that T-Mobile phones bootloader's are impossible to unlock, someone please tell me that is not true...
So basically,
Is there any way to unlock the bootloader? If not why and if yeah, what have I been doing wrong and how?
Thanks guys
Click to expand...
Click to collapse
Did you tried, instead of fastboot oem unlock, fastboot flashing unlock
DjoFight said:
Did you tried, instead of fastboot oem unlock, fastboot flashing unlock
Click to expand...
Click to collapse
In case people need the procedures for those processes, I wrote this up recently to help others do it easier than it was for me to figure out.
How to un-freeze an unresponsive Samsung Galaxy A32 5G with reboot, reset, factory reset, odin mode, download mode, android recovery mode & debug mode
Has any one made any progress regarding the missing oem unlock? I know what parameters to add to our kernel v1 to v3 during building to enable oem unlock and add access to fastbootd. Because of project treble our options have changed.
Sources:
Moving Fastboot to Userspace | Android Open Source Project
source.android.com
Locking/Unlocking the Bootloader | Android Open Source Project
source.android.com
Sign in
DOCUMENTATION
Docs
More
Getting Started
Security
Core Topics
Compatibility
Android Devices
Reference
GO TO CODE ➚
Overview
Architecture
Overview
Hardware Abstraction Layer (HAL)
Kernel
HIDL (General)
HIDL (C++)
HIDL (Java)
Configuration
Device Tree Overlays
Vendor NDK
Vendor Interface Object
AIDL
Bootloader
Overview
Boot Reason
Boot Image Header
Implementing Bootconfig
Recovery Images
DTB Images
Supporting OTA Updates
Locking and Unlocking the Bootloader
Version Information in AVB Properties
Fastboot in Userspace
Partitions
Audio
Camera
Connectivity
Data
Display
Fonts
Graphics
Interaction
Media
Performance
Permissions
Power
Runtime
Settings
Storage
Virtualization
Tests
Updates
AOSP
Docs
Core Topics
Was this helpful?
Locking/Unlocking the Bootloaderbookmark_border
On this page
Unlocking the bootloader
Locking the bootloader
Setting lock/unlock properties
Protecting critical sections
By default, most Android devices ship with a locked bootloader, meaning that users can't flash the bootloader or device partitions. If needed, you (and device users with Developer options enabled) can unlock the bootloader to flash new images.
Unlocking the bootloaderTo unlock the bootloader and enable partitions to be reflashed, run the fastboot flashing unlock command on the device. After setting, the unlock mode persists across reboots.
Devices should deny the fastboot flashing unlock command unless the get_unlock_ability is set to 1. If set to 0, the user needs to boot to the home screen, open the Settings > System > Developer options menu and enable the OEM unlocking option (which sets the get_unlock_ability to 1). After setting, this mode persists across reboots and factory data resets.
When the fastboot flashing unlock command is sent, the device should prompt users to warn them that they might encounter problems with unofficial images. After the user acknowledges the warning, the device should perform a factory data reset to prevent unauthorized data access. The bootloader should reset the device even if it can't reformat it properly. Only after a reset can the persistent flag be set so that the device can be reflashed.
All RAM not already overwritten should be reset during the fastboot flashing unlock process. This measure prevents attacks that read leftover RAM contents from the previous boot. Similarly, unlocked devices should clear RAM at every boot (unless this creates an unacceptable delay), but should leave the region used for the kernel's ramoops.
Locking the bootloaderTo lock the bootloader and reset the device, run the fastboot flashing lock command on the device. Devices intended for retail should be shipped in the locked state (with get_unlock_ability returning 0) to ensure that attackers can't compromise the device by installing a new system or boot image.
Setting lock/unlock propertiesThe ro.oem_unlock_supported property should be set at build time based on whether the device supports flashing unlock.
If the device supports flashing unlock, set ro.oem_unlock_supported to 1.
If the device doesn't support flashing unlock, set ro.oem_unlock_supported to 0.
If the device supports flashing unlock, then the bootloader should indicate the lock status by setting the kernel command line variable androidboot.flash.locked to 1 if locked or to 0 if unlocked. This variable must be set in bootconfig instead of in the kernel command line in Android 12.
For devices that support dm-verity, use ro.boot.verifiedbootstate to set the value of ro.boot.flash.locked to 0; this unlocks the bootloader if the verified boot state is orange.
I have the A32 5G (64Gb Int. Stg.) & it's the Tracfone Only version or SM-S326DL. After recently receiving word that Android 13 was awaiting us, I quickly allowed my device to receive this very kool OTA operating system update. I mention this, because a week earlier I received an email from my prepaid wireless provider instructing me in detail how to manually unlock my A32 5G handset. So, to be clear, Tracfone notified me in their email how to unlock my device, but whan
this happens to often, to write this off as an app-mishap xda...why?!
(pls. explain this to me, what is really going on)?
evnStevn said:
I have the A32 5G (64Gb Int. Stg.) & it's the Tracfone Only version or SM-S326DL. After recently receiving word that Android 13 was awaiting us, I quickly allowed my device to receive this very kool OTA operating system update. I mention this, because a week earlier I received an email from my prepaid wireless provider instructing me in detail how to manually unlock my A32 5G handset. So, to be clear, Tracfone notified me in their email how to unlock my device, but whan
this happens to often, to write this off as an app-mishap xda...why?!
(pls. explain this to me, what is really going on)?
Click to expand...
Click to collapse
I'm wondering too. Could you please pm me what you were trying to post?