Ever since Huawei shut down their bootloader unlocking service. it's become relatively impossible to get a bootloader unlock going on most if not all Huawei devices. Then again, my Mediapad T5 doesn't even have an IMEI since it's Wi-Fi only so I don't even know if it would've worked back then. Are there any other methods currently in the works?
I was thinking maybe it's possible to either check Huawei's source code (but that might only be for the Linux kernel, I'm not sure) or pull the oem binary through fastboot and decompile it in order to maybe get a working key generator going?
I'm not very familiar with Android and this is essentially a shot in the dark, but I thought it might be a question worth asking anyway
Creating a generator might be tricky.
Bootloader can be unlocked with PotatoNV for free.
Unfortunately i haven't found a free FRP solution, but the price for a code isn't that bad, it starts from like 15$
Interesting might be DC-UNLOCK offer, where for 19EUR u get 3 days license for DC-phenix and HCU, giving you some time to do all the funky stuff with your device (not necessary only one), including easier way to install new system on it (which BTW u can do with phenix without perm unlocking the device)
Related
Hey there remaining Verizon S3 users!
Coming from my favorite device the T959V this has been quite a trip. This device's bootloader is seemingly impossible to unlock on the 4.4.2 NE1 firmware.
I've got a slightly modified Superlite rom rolling with SafeStrap already strapped. And it is great to say the least. Added some initd and utilities. Evie launcher is pretty nice btw- recommend a try :good:
However. I still really want this thing to be unlocked. The T959V has multiple working Fro, GB, ICS, JB, KK, L, M, AND Nougat ROMS. Totally different devices yes but-- even the newer S4-S6 have cracked loaders now.
There has to be a special way to change this things firmware.
Right now I have 2 ideas to throw out to the wind-
1- Would be that there could be a way to trick the device into thinking it is receiving a new update. Maybe somehow with CSC or something. Also I saw a file named authorized.xml and was reading through to find traces of knox. Would unauthorizing knox strings somehow render it useless?
2- I was reading a suggested post about AVB boots and how they can be resigned on devices such as the Google Pixel and allows the newer patches to still install. Including what was described as a forced re-sign method.
--- Could we somehow resign the bootloader on our device so as to gain control of it? Has anybody tried anything like this since around 2015?
I'll gladly talk about all of this more whenever I feel like popping on- and atm I have no web besides this service. :silly: so no DOS updates and no shiny linux for now.
Gladly tell me that it is "impossible" but I'm not asking that. I'm trying to add some ideas to possibly do the impossible.
Edit: This seems to be an interesting lead on emmc cracking this device. It's probably why people in other threads were in search of a "dev" edition.
http://forum.gsmhosting.com/vbb/f777/unlock-samsung-devices-bootloader-emmc-backdoor-2142981/
graycow9 said:
Hey there remaining Verizon S3 users!
Coming from my favorite device the T959V this has been quite a trip. This device's bootloader is seemingly impossible to unlock on the 4.4.2 NE1 firmware.
I've got a slightly modified Superlite rom rolling with SafeStrap already strapped. And it is great to say the least. Added some initd and utilities. Evie launcher is pretty nice btw- recommend a try :good:
However. I still really want this thing to be unlocked. The T959V has multiple working Fro, GB, ICS, JB, KK, L, M, AND Nougat ROMS. Totally different devices yes but-- even the newer S4-S6 have cracked loaders now.
There has to be a special way to change this things firmware.
Right now I have 2 ideas to throw out to the wind-
1- Would be that there could be a way to trick the device into thinking it is receiving a new update. Maybe somehow with CSC or something. Also I saw a file named authorized.xml and was reading through to find traces of knox. Would unauthorizing knox strings somehow render it useless?
2- I was reading a suggested post about AVB boots and how they can be resigned on devices such as the Google Pixel and allows the newer patches to still install. Including what was described as a forced re-sign method.
--- Could we somehow resign the bootloader on our device so as to gain control of it? Has anybody tried anything like this since around 2015?
I'll gladly talk about all of this more whenever I feel like popping on- and atm I have no web besides this service. :silly: so no DOS updates and no shiny linux for now.
Gladly tell me that it is "impossible" but I'm not asking that. I'm trying to add some ideas to possibly do the impossible.
Edit: This seems to be an interesting lead on emmc cracking this device. It's probably why people in other threads were in search of a "dev" edition.
http://forum.gsmhosting.com/vbb/f777/unlock-samsung-devices-bootloader-emmc-backdoor-2142981/
Click to expand...
Click to collapse
I've been around this and many many other forums for years now. If there was an unlock method it would of been found years ago. Devs have long moved on from the old S3. I still have my S3 lying around, bootloader unlocked but I really haven't messed around with it for quite a long time now
And yes the dev edition would of been nice had someone actually had one, it would of of course made it easier to crack the bootloader option maybe. I don't know much about the ins and outs of the device but I know many are permanently locked and will probably never be unlocked.
As far as certain other Samsung devices being unlocked those are far and few between. VZW got smart and started just locking them from the start. This is a huge reason why I left Verizon. The S3 was my last device on big red. I since have had a Nexus 5 and 6 and now a oneplus 3t. I really don't like locked devices and the ability to unlock them and customize them just intrigues me to no end. Good luck however in finding something that may work, but I highly doubt it will ever be cracked
Sent from my OnePlus 3T
Ya I expected your negatude Shapes. Already seen that you have been searching but it isn't just some application you run. It's an unknown exploit that I'm sure exists. There are exploits right now that can be considered viral potentially exploiting my device as we speak. Maybe not granted my semi-precautious take on things.
Quadrooter and dirty cow could be used to exploit the S3 and gain access to a quoted "all" physical memory. So I find it hard to believe that things can't work in our favor.
Being open minded here. After all, this is technically hacking your own device. Which--
Got me thinking the other day, becausr I was setting up my laptop proper- could we run a nix distro and poke through the bootloader's parameters via exploitation tools? Referencing Kali or it's elder BTrack. But I think it is possible and I just haven't gotten around this loop mounting issue.
To be clear, running a distro ON the device. My flat is already running square.
Sent from my SCH-I535 using XDA-Developers Legacy app
Also a purposely separate post- I'm building a ROM for this locked firmware and the goal is to have some specific updated apps and yet trim it nicely so as to save space and RAM it's mostly stock style-wise but it'd be cool to re-theme it. I haven't gotten things deodexed yet- being I haven't gotten my apktools working proper yet.
Is there anybody left to be interested in this? I haven't posted anything I've made before- usually just keep them lying around for emergency flashes.
Sent from my SCH-I535 using XDA-Developers Legacy app
graycow9 said:
Ya I expected your negatude Shapes. Already seen that you have been searching but it isn't just some application you run. It's an unknown exploit that I'm sure exists. There are exploits right now that can be considered viral potentially exploiting my device as we speak. Maybe not granted my semi-precautious take on things.
Quadrooter and dirty cow could be used to exploit the S3 and gain access to a quoted "all" physical memory. So I find it hard to believe that things can't work in our favor.
Being open minded here. After all, this is technically hacking your own device. Which--
Got me thinking the other day, becausr I was setting up my laptop proper- could we run a nix distro and poke through the bootloader's parameters via exploitation tools? Referencing Kali or it's elder BTrack. But I think it is possible and I just haven't gotten around this loop mounting issue.
To be clear, running a distro ON the device. My flat is already running square.
Click to expand...
Click to collapse
I don't think shapes was trying to act negative at all, just stating the obvious. Nobody is going to try to unlock the Verizon S3, it's pretty much a dead end.
The unlock method used on the S5 will most likely work on this phone, but we need a developer CID to rewrite to the emmc as the series chip used on the S3 likely has the same vulnerability. This is what happened on the S5.
If you read some of the other posts (sounds like you have), we looked for an S3 developer edition but had no luck in tracking one down. For one, it's an incredibly old device. Secondly, you'd have to be semi retarded to purchase one as the original unlock method was around before the developer edition was released.
So yes, if you can find a developer S3 this will likely be an unlock method. It tricks the S3 into thinking it's a developer phone and unlocks the bootloader if the method to write it works the same as in the S5.
As for your questions,
1. I think you're underestimating the amount of security that goes into the bootloader itself. If you want to learn a lot about Android security in general, in the Android security discussion section located under general forums, there's tons of info regarding how complex this all is. But basically, in order to send an update patch, it needs to be signed (you can't just fake the signature) and it must agree with the current bootloader. The way the bootloader is written, it simply won't allow a reversion back to earlier versions or it'll abort the boot.
An easier way to think of this is understanding that the changes made are preinstalled before the actual boot. There's no way for us to change this through normal methods as the emmc has to be written to directly. There is no way to do this from download or recovery mode. Wouldn't matter if you flashed it or used and update package, they are essentially the same thing.
So the only way to actually change the bootloader is to write to the emmc directly through use of the JTAG port. This changes the code of the entire bootloader before the boot and the phone will boot up with any version of the S3 bootloader you write.
2. I think I kind of answered that?
Hope it's clear.
BadUsername said:
I don't think shapes was trying to act negative at all, just stating the obvious. Nobody is going to try to unlock the Verizon S3, it's pretty much a dead end.
The unlock method used on the S5 will most likely work on this phone, but we need a developer CID to rewrite to the emmc as the series chip used on the S3 likely has the same vulnerability. This is what happened on the S5.
If you read some of the other posts (sounds like you have), we looked for an S3 developer edition but had no luck in tracking one down. For one, it's an incredibly old device. Secondly, you'd have to be semi retarded to purchase one as the original unlock method was around before the developer edition was released.
So yes, if you can find a developer S3 this will likely be an unlock method. It tricks the S3 into thinking it's a developer phone and unlocks the bootloader if the method to write it works the same as in the S5.
As for your questions,
1. I think you're underestimating the amount of security that goes into the bootloader itself. If you want to learn a lot about Android security in general, in the Android security discussion section located under general forums, there's tons of info regarding how complex this all is. But basically, in order to send an update patch, it needs to be signed (you can't just fake the signature) and it must agree with the current bootloader. The way the bootloader is written, it simply won't allow a reversion back to earlier versions or it'll abort the boot.
An easier way to think of this is understanding that the changes made are preinstalled before the actual boot. There's no way for us to change this through normal methods as the emmc has to be written to directly. There is no way to do this from download or recovery mode. Wouldn't matter if you flashed it or used and update package, they are essentially the same thing.
So the only way to actually change the bootloader is to write to the emmc directly through use of the JTAG port. This changes the code of the entire bootloader before the boot and the phone will boot up with any version of the S3 bootloader you write.
2. I think I kind of answered that?
Hope it's clear.
Click to expand...
Click to collapse
Truthfully after being around the forums for as long as I have I'm really surprised there is any interest in unlocking this device at this point in time. There are just so many other options and unlocked vzw s3s are not that hard to come by.
And I wasn't being negative it's about being realistic. Thanks for sticking up for me brother
Sent from my OnePlus 3T
Are there any updates to this by any chance, I am interested :C
any hope?
So I just got a Zenphone6 and I'm following this guide to install LineageOS
https://wiki.lineageos.org/devices/I01WD/install
but got hold up at the "Unlocking the bootloader" step, because while running the app on the device it wanted me to agree to a number of terms and also connect to Asus to report my IMEI and possible other info. As I hadn't setup any network connection the app wouldn't proceed.
This disturbed me quite a bit, I've just parted with a fair amount of hard earned cash to buy a piece of hardware and it turned out I couldn't take full control of it.
So my question is, is there any way to sidestep the official unlocking tool?
No
Marlin79 said:
So I just got a Zenphone6 and I'm following this guide to install LineageOS
but got hold up at the "Unlocking the bootloader" step, because while running the app on the device it wanted me to agree to a number of terms and also connect to Asus to report my IMEI and possible other info. As I hadn't setup any network connection the app wouldn't proceed.
This disturbed me quite a bit, I've just parted with a fair amount of hard earned cash to buy a piece of hardware and it turned out I couldn't take full control of it.
So my question is, is there any way to sidestep the official unlocking tool?
Click to expand...
Click to collapse
I want to join this question, I really disappointed by such ASUS's policy. Too bad I can't give the phone back. If I wanted this kind of policy, I'd buy half priced Xiaomi.
By the way, have you tried 'fastboot oem unlock' command after allowing unlocking in Developer Options?
I don't see "Allow OEM Unlock" anywhere in Developer Settings.
Also interested in this. I figured since Asus is supporting devs, they would make unlocking as easy as Google/Oneplus does with their phones. Guess not.
Anyone tried this "unofficial" method?
https://forum.xda-developers.com/showpost.php?p=80113454&postcount=51
Satoso said:
Also interested in this. I figured since Asus is supporting devs, they would make unlocking as easy as Google/Oneplus does with their phones. Guess not.
Anyone tried this "unofficial" method?
https://forum.xda-developers.com/showpost.php?p=80113454&postcount=51
Click to expand...
Click to collapse
I took a plunge and got the phone, and this method doesn't work. Only the official one does, which as OP says will require an internet connect and probably does transmit the IMEI number and so on.
However, it doesn't require you to connect to a Google account as mentioned in the official Lineage instructions. So I guess that's a partial consolation.
Still, since Asus is in touch with the devs here, it would be great if someone can put forth a suggestion to drop this "phone-home" requirement. It's the only way they can compete with the more dev-friendly Oneplus.
I wish that there was a way. I really want to unlock the bootloader but I'm on the 10 beta and the official unlock tool does not work because of this. There doesn't appear to be a way to roll back to P either unfortunately so I'm stuck for now I guess
www.github.com/SkyEmie/huawei-honor-unlock-bootloader
Has anyone tried this method? I'm sure this MIGHT work on p20 pro.
I have a broken screen p20 pro on my desk... Maybe I'll try and use it as a test bed and try this out. Good find.
Sent from my CLT-L04 using Tapatalk
Edit: well the screen is not just fuzzy, its dead ha so I cant test it until I fix it.
That tool isn't working as such. It's just a brute force way... it's not for definite and to be honest I don't see how it would work without the algorithm being correct.
When I requested (and received) my code from Huawei they required IMEI number, serial number and product ID. That tool only asks you for your IMEI number. So either that's a red herring from Hauwei or you need all 3.
Also, the P20 pro bootloader freeze for a couples of secs if you get past 4 try. Then after the phone will do a complete reboot without returning into the bootloader.
I edited that code some time ago to make it work with this evidence. If you have a year and want to try it, leave me a PM.
From what I saw he added this:
Code:
if i == 'reboot':
print('\n\nSorry, your bootloader has additional protection that other models don\'t have\nI can\'t do anything.. :c\n\n')
input('Press any key to exit..\n')
exit()
So after 4 tries you will end on that print() then exit().
My version can continue and run for years without any interaction and is a lot more cleaner.
But we have zero proof that this thing work.
Edit: I need to add to the list that you have more chance to kill your phone/screen (on a perfect phone) because of this.
Even with a success I won't do it because it take times, a lot of screen time. (always on)
From a logical point of view this is not a suitable way to get your bootloader code.
Best regards.
fb
fbriere56 said:
Also, the P20 pro bootloader freeze for a couples of secs if you get past 4 try. Then after the phone will do a complete reboot without returning into the bootloader.
I edited that code some time ago to make it work with this evidence. If you have a year and want to try it, leave me a PM.
From what I saw he added this:
Code:
if i == 'reboot':
print('\n\nSorry, your bootloader has additional protection that other models don\'t have\nI can\'t do anything.. :c\n\n')
input('Press any key to exit..\n')
exit()
So after 4 tries you will end on that print() then exit().
My version can continue and run for years without any interaction and is a lot more cleaner.
But we have zero proof that this thing work.
Edit: I need to add to the list that you have more chance to kill your phone/screen (on a perfect phone) because of this.
Even with a success I won't do it because it take times, a lot of screen time. (always on)
From a logical point of view this is not a suitable way to get your bootloader code.
Best regards.
fb
Click to expand...
Click to collapse
Not to mention, there is practically speaking zero benefit to doing so. There is no dev support for this ****box phone and there never will be.
If you want to mod your phone, you need to just bite the bullet and buy something which is less anti-customer.
pablo_max said:
anti-customer
Click to expand...
Click to collapse
Agree, bricked a Y6 pro
pablo_max said:
Not to mention, there is practically speaking zero benefit to doing so. There is no dev support for this ****box phone and there never will be.
If you want to mod your phone, you need to just bite the bullet and buy something which is less anti-customer.
Click to expand...
Click to collapse
Well, I cannot afford most devices sold in my region so I will probably start digging some old ones in the trash.
I've had this Pixel 2 for years now and like it a bit but I still can't root it because of Verizon locking the ability to enable OEM Unlocking. I've tried to unlock via usb and using lock/unlock critical and such. I've tried downgrading and it fails to do so.
Couldn't I just root it without using OEM Unlocking? I'd rather risk a brick than not root it honestly. Or if there is a way to unlock it, it'd be appreciated.
BLUF: no way to unlock right now.
I'm coming back to this phone because I'm trying to put a different OS on it, like lineageOS, since google has given up on updating their products. I've come to the conclusion, at this time, there is no patch/exploit to get around a locked bootloader. No my case is different, I picked this up on google fi and fi support notes the IEMI as being unlocked, but my phone is still locked at the bootloader. I've scanned the fourms, I've searched the google and I think we're not going to be happy right now
Sorry, hopefully someone has a different solution.
TL;DR - read BLUF
FynxSyndct said:
BLUF: no way to unlock right now.
I'm coming back to this phone because I'm trying to put a different OS on it, like lineageOS, since google has given up on updating their products. I've come to the conclusion, at this time, there is no patch/exploit to get around a locked bootloader. No my case is different, I picked this up on google fi and fi support notes the IEMI as being unlocked, but my phone is still locked at the bootloader. I've scanned the fourms, I've searched the google and I think we're not going to be happy right now
Sorry, hopefully someone has a different solution.
TL;DR - read BLUF
Click to expand...
Click to collapse
Dang. That's unfortunate. I'll be going for a new phone soon anyways. Thinking ASUS Rog Phone 2/3.
eM-Krow said:
I've had this Pixel 2 for years now and like it a bit but I still can't root it because of Verizon locking the ability to enable OEM Unlocking. I've tried to unlock via usb and using lock/unlock critical and such. I've tried downgrading and it fails to do so.
Couldn't I just root it without using OEM Unlocking? I'd rather risk a brick than not root it honestly. Or if there is a way to unlock it, it'd be appreciated.
Click to expand...
Click to collapse
SkipSoft Download Page | SkipSoft.net
skipsoft.net
If I lose my phone or it gets stolen how secure is my pin protected data with an unlocked bootloader as opposed to a locked bootloader?
Pretty sure you have to wipe all to get rid of a pin, so I would say it is almost the same.
Connorsdad said:
If I lose my phone or it gets stolen how secure is my pin protected data with an unlocked bootloader as opposed to a locked bootloader?
Click to expand...
Click to collapse
There are two schools of thought on locked vs. unlocked bootloader security (both which I quote below) that I saw discussed a while back on the subject. It may not directly speak on pin protecting your data -- they discuss some on how your device is encrypted behind your pin so even if stolen, it should still be secure (enough) -- but at the very least there are ways around EFS so your device might still be of some use and/or, maybe given enough time you never know what can happen; which is discussed a bit in the quote & discussion (in the thread they do it in) below...
You could click on either posts (they are made in the same thread) to follow the discussion more (they go on for a bit, but not to too much more of a degree)...
96carboard said:
Everything will work perfectly with an unlocked bootloader. It will just give you an annoying warning screen briefly when powering on.
If you want to know about security risks, they're fairly small, and ONLY apply if your phone is handled physically by someone untrusted for an extended period of time, in which the only thing they could actually do is install a modified boot image. Under those circumstances, the device security has to be assumed compromised whether the bootloader is unlocked or not.
An unlocked bootloader will NOT allow a 3rd party to access data on the device, since it is encrypted and requires your security code to unlock.
Now, you can actually tell if they've rebooted the device, which they would HAVE to do in order to install a different boot image; the unlock screen (which they are NOT able to modify without resulting in boot failure) will tell you!
And I absolutely disagree that it is shortsighted to advise immediate unlocking. Nothing of real benefit comes from having a locked bootloader. Any sense of security you gain from it is smoke and mirrors. It can only be tampered with if someone has physical access, and if somebody has physical access, it has to be assumed compromised regardless of whether it is unlocked or not. If anything, your security is improved because it is now on your mind that it could potentially be tampered with, and you are reminded of it with the id10t warning every time it reboots.
Click to expand...
Click to collapse
bobby janow said:
Everything will not work perfectly. Let's be honest here. Look it up, some banking apps work mine doesn't. Pay will work one day and not the next. And if your bank finds out your account was hacked and your phone is unlocked and/or bypasses bank security protocols who will pay for the missing funds when they find out?
A missing device can be booted into a custom recovery and adb commands will be available to take everything on your device bypassing any security you have. With a locked bootloader that is not possible. So if you know your phone can be compromised you feel more secure? That is ludicrous and really doesn't make sense. I mean talk about smoke and mirrors.
Now that being said there are a lot of folks in your camp that say you're living a pipe dream if you think the phone is more easily hacked or info stolen. I understand that argument entirely and it's possibly correct to a certain degree. But to summarily say immediately unlock your bootloader if you don't plan on rooting because.. well just in case, is really disingenuous to a great many individuals. At the very least look up some articles on why to keep your bootloader locked, especially for someone that hasn't done it in some time, if ever. The beauty of Android is the possibility if you so desire. Just be conscience of the advice you give. Many years ago Chainfire said in his blog that if you have an unlocked bootloader and have financial apps on your device you're asking for trouble and you might want to rethink that. (not in so many words) That weekend I locked my bootloader and never looked back. I haven't missed anything.. well other than flashing MVK kernel for my 6a. ;-) But then I'd need root and that brings a host of other issues.
Click to expand...
Click to collapse