I unluckly discovered that with the may security update, both unlocking and locking the bootloader will result in a complete wipe of all user data.
Is this intended? Will this be the standard for all the next updates? It's really a shame that unlocking ther bootloader is now a relatively pricey and hard thing to do.
Or did I just do something wrong? Lost data... twice in a day
What about GCam and root if the bootloader can't be altered without clearing all user data? Does this mean I'll have to dump my data every time I update my system (and so root again)?
Hope someone knows better than me :crying:
_MrAlpha_ said:
I unluckly discovered that with the may security update, both unlocking and locking the bootloader will result in a complete wipe of all user data.
Is this intended? Will this be the standard for all the next updates? It's really a shame that unlocking ther bootloader is now a relatively pricey and hard thing to do.
Or did I just do something wrong? Lost data... twice in a day
What about GCam and root if the bootloader can't be altered without clearing all user data? Does this mean I'll have to dump my data every time I update my system (and so root again)?
Hope someone knows better than me :crying:
Click to expand...
Click to collapse
Yes, from now it's "normal"
On all devices you lose all data for locking/unlocking BL, our Mi A1 was lucky.
Its upgrading security
Wiping FRP was a piece of cake
I've had my Zenfone 6's bootloader unlocked for quite a while, but I relocked it a couple of days ago using the "fastboot oem asus back" command.
Everything went as expected and the phone did a reset. However, I can now not add any sort of lock to the screen.
Whenever I add a pattern, pin or password, the settings app crashes. Because I can't add one of these, I also cannot add fingerprint...
I've tried doing another factory reset without any luck and the phone seems to be working fine in all other ways...
Can anyone help?
Ask Asus team on ZenTalk. I haven't seen anything related in there. They should be able to clarify the issue.
Downgrade to pie and then let it upgrade to Q again. Fixed it for me when unlocking the bootloader. Something about locking/unlocking bootloader on Q breaks the fingerprint sensor but Pie doesn't have the issue.
DaConcho said:
Downgrade to pie and then let it upgrade to Q again. Fixed it for me when unlocking the bootloader. Something about locking/unlocking bootloader on Q breaks the fingerprint sensor but Pie doesn't have the issue.
Click to expand...
Click to collapse
Yes, what DaConcho said worked for me, trust him
Anyone in the US tried downgrading to pie using the firmware on Asus site?
Hi, ever since bootloader unlock in my Zenfone 6 fingerprint crashes all apps that use it (like Settings or OneTimeInit). Currently running pure stock. If I relock it with asus-back it returns to life, however I'd like to keep this state after unlock too. After second lock I've removed all phone security in case something blocked fp reader from there but no luck. Any ideas?
Also, is there any way to unlock the bootloader n-th time without using that apk unlocker/without internet conenction? I know the relock command but things that unlock it like asus-go don't work.
Probably downgrading to pie and then upgrading to Q will fix it according to https://forum.xda-developers.com/zenfone-6-2019/help/relocked-zenfone-6-lockscreen-t4033321
Oh, I will downgrade it to Pie allright. Just bricked my phone and messed up dm verity on locked bootloader. I prefer Samsungs to play with...
Edit: You were right. I've unlocked it on Pie and works great. I don't know why xda search couldn't find that thread for me. Thank you.
Hello Guys,
long i searched for a method of unlocking the bootloader of eml-l29 Huawei P20. No i didnt find any, and qu1ckr00t didnt prove to be useful either.
it is not relevant anymore. since i did use testpoint too often in research of what is possible and what not, the device died just a few minutes ago. it always enters now only the usb huawei com mode. probably i used to much pressure on the testpoints or what or i accidentally short circuited other points with the screwdrivers.. but as a matter of fact, it is hardware bricked and the board is done for i think. so i dont search for a solution anymore.
people, see this thread as a resource what is possible without unlocking the bootloader and what not. i figured out following things are fact without unlocking the bootloader, so that you all doesn't have to try instead of me:
- you can flash with the testpoint short circuited and the software dc-phoenix and the right chipset/cpu bootloader chosen in temporary bootloader the twrp to erecovery_ramdisk and recovery_ramdisk, it will be permanently available after the process
- you cannot install magisk on it, since xloader seems to block the bootup and always sends you to recovery-mode (which means twrp if you flashed this)
- you cannot install a custom rom like OpenKirin with the testpoint recovery mode, as it - like with magisk, always will send you to recovery mode - i tried it exactly how it is explained on openkirin.net and it always turned out the same
- there is no bootloader unlock code in the nvme partition, i checked it - it seems there is encryption going on there
- the exploit qu1ckr00t is not usable, since the kernel is compiled with spinlock_debug
- and i forgot first: if you have the idea of soldering a cable for testpoint short circuit - no, letit be. you will only hang forever in huawei usb com 1.0 mode - it wont boot normally as long as you're in tp mode
so basically, there is way to get root, it is a way to get to direct data from the partitions. but at the end, the question that arises is - how much profit are you gaining from root or custom roms on this device at the end? in my case, the many tries costed my time, my nerves and now the device itself. it is gone for good. maybe this is for the best, as i never treated it right since i bought it (it had to be repaired two times in 2 years, which is a lot for a normal device at this amount of time) and i only have bad memories in my life with it (lots of things happened, but this is not the right place for such tellings).
my final message for this part of this board (not the board i damaged thou) - leave it alone, don't waste your time anymore on this. move on, there are cheap devices that are better, faster and unlockable too at this day and time. i moved on to my new Nokia 7.2, which is awesome.
so stay healthy guyz.
my journey of exploring the depths of huaweis device huawei p20 eml-l29 ends here. its sad, but at the same time i'm happy that the "horror" of an unlockable bootloader is finally over.
Thanks for your effort and sharing the info. Good luck with new phone
Note: my next phone won't be Huawei, for sure, due to bootloader locking, I am fed up with them
Yes,
I even have no sorry with them if they go down because of the Google lockout. Their strategy is to pull people away from Google PlayStore? Yes, sure. Good luck.
Unlock bootloader and promise to keep it open for P10 upwards and we are happy. Otherwise... byebye and fcku.
FearFac said:
Thanks for your effort and sharing the info. Good luck with new phone
Note: my next phone won't be Huawei, for sure, due to bootloader locking, I am fed up with them
Click to expand...
Click to collapse
What if I have my unlock code? Can I still unlock it or it's impossible now? I requested my code before they stop the bootloader unlocking, but never did anything with it.
ElChe said:
What if I have my unlock code? Can I still unlock it or it's impossible now? I requested my code before they stop the bootloader unlocking, but never did anything with it.
Click to expand...
Click to collapse
You are the lucky one who can root your phone.
FearFac said:
You are the lucky one who can root your phone.
Click to expand...
Click to collapse
Yeah I guess haha. I haven't got around doing it yet. But now I know it's a possibility! So I'll eventually do it!
FearFac said:
You are the lucky one who can root your phone.
Click to expand...
Click to collapse
How do you root it? AFAIK anything newer than EMUI8 is no longer rootable.
I'm on EMUI 10, with an unlocked bootloader, please tell me how to root.
zgomot said:
How do you root it? AFAIK anything newer than EMUI8 is no longer rootable.
I'm on EMUI 10, with an unlocked bootloader, please tell me how to root.
Click to expand...
Click to collapse
I do a query you have emui 10 with bootloader open?how did you do it ?it was not the problem that emui 10 closed the bootloader?can't root with magisk?
zgomot said:
How do you root it? AFAIK anything newer than EMUI8 is no longer rootable.
I'm on EMUI 10, with an unlocked bootloader, please tell me how to root.
Click to expand...
Click to collapse
Where did you get this info from?
I was just thinking of rooting my CLT L09 Emui 9.1.0
There is some sort of weird magic where unlocking the bootloader instantly breaks Widevine but locking it again fixes it.
How does that even work? How is it possible that NOBODY has figured out how to fix Widevine with an unlocked bootloader? You can emulate anything in software, right? Surely the information must be retained on the device somewhere if relocking the bootloader brings it back?
Is there still no solution to this? (please provide a more detailed answer than "it's not possible")
There is no way to hide a unlocked bootloader and because of that, it's not possible to have widevine l1 with an unlocked bootloader.
matze19999 said:
There is no way to hide a unlocked bootloader and because of that, it's not possible to have widevine l1 with an unlocked bootloader.
Click to expand...
Click to collapse
What do you mean there's no way to hide it? I don't think OnePlus uses like hardware secure environment stuff, especially because the 7 Pro doesn't have hardware backed SafetyNet...
@LoganDark Only OnePlus can fix it, at first 8 series didn't had Widevine L1 while having unlocked bootloader, OnePlus patched it in 10.5.11 (8) & 10.5.13 (8Pro) specifically, so ya the answer is Only OnePlus fix/patch it & they should do it for 7 Series as well IMO!
aaryan45 said:
@LoganDark Only OnePlus can fix it, at first 8 series didn't had Widevine L1 while having unlocked bootloader, OnePlus patched it in 10.5.11 (8) & 10.5.13 (8Pro) specifically, so ya the answer is Only OnePlus fix/patch it & they should do it for 7 Series as well IMO!
Click to expand...
Click to collapse
I mean, OnePlus can do it but that doesn't necessarily mean that nobody else can, right? I'm curious to know where these claims came from, that it's completely impossible to fake a locked bootloader...
My best guess is that the unlocked state of the bootloader prevents it from sharing the widevine keys with Android (something like that), but it should be possible to extract those keys if they are stored in such a way that relocking the bootloader restores L1 functionality. That is, of course, only possible if they aren't locked away with TrustZone or similar.
I hope the 7 series continues to receive updates and attention because it's the only good phone on the market right now with no notch or screen cutout. Nothing else compares... But since OnePlus is already starting to leave it out of OxygenOS beta tests, I feel EOL is not too far away. :/
I doubt they will add any new features or fix any functionality like Widevine support... They will just backport code they write for newer devices, until the update window is over.
LoganDark said:
I mean, OnePlus can do it but that doesn't necessarily mean that nobody else can, right? I'm curious to know where these claims came from, that it's completely impossible to fake a locked bootloader...
My best guess is that the unlocked state of the bootloader prevents it from sharing the widevine keys with Android (something like that), but it should be possible to extract those keys if they are stored in such a way that relocking the bootloader restores L1 functionality. That is, of course, only possible if they aren't locked away with TrustZone or similar.
I hope the 7 series continues to receive updates and attention because it's the only good phone on the market right now with no notch or screen cutout. Nothing else compares... But since OnePlus is already starting to leave it out of OxygenOS beta tests, I feel EOL is not too far away. :/
I doubt they will add any new features or fix any functionality like Widevine support... They will just backport code they write for newer devices, until the update window is over.
Click to expand...
Click to collapse
I did some research on widevine L1 on unlocked bootloader and if I'm not wrong,
liboemcrypto.so is the file which needs to be patched!
aaryan45 said:
I did some research on widevine L1 on unlocked bootloader and if I'm not wrong,
liboemcrypto.so is the file which needs to be patched!
Click to expand...
Click to collapse
Yeah, that might be the case, but the hard part is figuring out what patch to apply.
Possible sure, but this isn't really something you can just spoof or emulate through software.
This is very complicated things, both of a software and hardware level. Really the only people who discovers exploits of this are responsible security researchers who disclose this to Qualcomm and Google. Which I don't blame them for, they get a pretty juicy bounty.
I guess you can hope OnePlus messes up like they did for OP8/Pro and accidentally(?) enable L1 for unlocked bootloaders, but I am pretty sure they just implemented TEE differently to actually do that.
If you're curious, here;
https://googleprojectzero.blogspot.com/2017/07/trust-issues-exploiting-trustzone-tees.html?m=1
https://research.checkpoint.com/2019/the-road-to-qualcomm-trustzone-apps-fuzzing/
Lossyx said:
Possible sure, but this isn't really something you can just spoof or emulate through software.
This is very complicated things, both of a software and hardware level. Really the only people who discovers exploits of this are responsible security researchers who disclose this to Qualcomm and Google. Which I don't blame them for, they get a pretty juicy bounty.
I guess you can hope OnePlus messes up like they did for OP8/Pro and accidentally(?) enable L1 for unlocked bootloaders, but I am pretty sure they just implemented TEE differently to actually do that.
If you're curious, here;
https://googleprojectzero.blogspot.com/2017/07/trust-issues-exploiting-trustzone-tees.html?m=1
https://research.checkpoint.com/2019/the-road-to-qualcomm-trustzone-apps-fuzzing/
Click to expand...
Click to collapse
So it is implemented with complicated hardware stuff?
Okay, well, the only way to get L1 back is to lock the bootloader again. I know that now. All L1 stuff is handled in hardware. I'm working on a solution for custom ROMs and rooted OOS though, stay tuned
LoganDark said:
Okay, well, the only way to get L1 back is to lock the bootloader again. I know that now. All L1 stuff is handled in hardware. I'm working on a solution for custom ROMs and rooted OOS though, stay tuned
Click to expand...
Click to collapse
That sounds interesting. Can I help you with that?
sToRm1nG said:
That sounds interesting. Any way I could help you with that?
Click to expand...
Click to collapse
Yes, you can definitely help - the main blocker for me is that this is my daily driver so I haven't done anything in months, but if you're willing to be my "guinea pig" for a while, that would be a huge help.
LoganDark said:
Yes, you can definitely help - the main blocker for me is that this is my daily driver so I haven't done anything in months, but if you're willing to be my "guinea pig" for a while, that would be a huge help.
Click to expand...
Click to collapse
I'll be switching from my OP7Pro to my new OP8Pro shortly. So I'll be able to test what ever you need.
Do you think this research will also be applicable to the OP8Pro?
sToRm1nG said:
I'll be switching from my OP7Pro to my new OP8Pro shortly. So I'll be able to test what ever you need.
Click to expand...
Click to collapse
Niiiice~ Contact me on Discord: LoganDark#4357
sToRm1nG said:
Do you think this research will also be applicable to the OP8Pro?
Click to expand...
Click to collapse
Honestly I'm not sure. I haven't even confirmed if L1 will come back on the OP7Pro. It's just a rumor, after all, and I think OnePlus spent literally all of their benevolence on the 7.
Edit: It looks like OP might have made it so that the OP8 still has L1 even with an unlocked bootloader. Major oof
LoganDark said:
Niiiice~ Contact me on Discord: LoganDark#4357
Honestly I'm not sure. I haven't even confirmed if L1 will come back on the OP7Pro. It's just a rumor, after all, and I think OnePlus spent literally all of their benevolence on the 7.
Edit: It looks like OP might have made it so that the OP8 still has L1 even with an unlocked bootloader. Major oof
Click to expand...
Click to collapse
Yeah there is still a chance to get L1 with an unlocked bootloader on the OP8Pro though I'm not part of the lucky ones.
I'll contact you ASAP.
This is big for me, I was just watching Prime and saw 1080p HD on the overlay.
I checked DRM info to find I am on L1.
I am rooted obviously with an unlocked bootloader.
7T 256gB
OP7T_O2_BETA_3.
Amazing.
Tagtag123 said:
This is big for me, I was just watching Prime and saw 1080p HD on the overlay.
I checked DRM info to find I am on L1.
I am rooted obviously with an unlocked bootloader.
7T 256gB
OP7T_O2_BETA_3.
Amazing.
Click to expand...
Click to collapse
Did you unlock boot loader freshly after you updated to beta 3 or u were unlocked before that?
antonyben006 said:
Did you unlock boot loader freshly after you updated to beta 3 or u were unlocked before that?
Click to expand...
Click to collapse
Was unlocked from day 1 of using the device. Installed OB3 and noticed prime play 1080p. Checked DRM Info to see I have got L1, checked Netflix(it still showed L3, so I cleared cache and then it showed L1).
I've seen people managed to have l1 certification with unlocked bootloader with the oos 11 ob 3 or newer than that even with custom rom. It seemed so simple that I've tried it myself
but then when I was in oos 11 with bootloader unlocked, the widevine was still l3.
I even went as far as installing fresh oos 10 with msm tool, unlock the bootloader and then immediately install twrp, flash oos 11 ob4/stable 11.0.0.0/stable 11.0.0.2 + dfe + magisk, turned on magisk hide but unfortunately it was still in l3, and whenever I locked the bootloader it always successfully went back to l1..
Can someone please tell me the step by step instruction to gain l1 on unlocked bootloader ?
I got the oneplus 7 pro 1910 chinese version 128/6
Griffiths_Anna said:
I've seen people managed to have l1 certification with unlocked bootloader with the oos 11 ob 3 or newer than that even with custom rom. It seemed so simple that I've tried it myself
but then when I was in oos 11 with bootloader unlocked, the widevine was still l3.
I even went as far as installing fresh oos 10 with msm tool, unlock the bootloader and then immediately install twrp, flash oos 11 ob4/stable 11.0.0.0/stable 11.0.0.2 + dfe + magisk, turned on magisk hide but unfortunately it was still in l3, and whenever I locked the bootloader it always successfully went back to l1..
Can someone please tell me the step by step instruction to gain l1 on unlocked bootloader ?
I got the oneplus 7 pro 1910 chinese version 128/6
Click to expand...
Click to collapse
Got L1 on OOS 11 rooted