Related
Hi guys,
Newbie here. I've never tinkered with any of my old Nexus phones, but just recently upgraded to the Pixel 2 on Verizon.
According to this thread, I should be able to unlock the bootloader since my build number is OPM1.171019.011 (Android version 8.1.0, December 5th 2017) correct?
I don't know if I want/need to root since I've always been content with stock android. However...
1. Should I unlock the bootloader now, just in case I change my mind in the future?
2. Once I run the first update, I lose the ability to unlock the Verizon bootloader forever right?
3. Can I freely lock and unlock the Verizon bootloader any time afterwards?
4. Will I only receive OTA updates automatically when the bootloader is locked?
Thanks!
SEE BELOW
rickyoo said:
Hi guys,
Newbie here. I've never tinkered with any of my old Nexus phones, but just recently upgraded to the Pixel 2 on Verizon.
According to this thread, I should be able to unlock the bootloader since my build number is OPM1.171019.011 (Android version 8.1.0, December 5th 2017) correct?
I don't know if I want/need to root since I've always been content with stock android. However...
1. Should I unlock the bootloader now, just in case I change my mind in the future? It's entirely up to you, but I would. This would allow you to have the super user flexibility later, even if you decide not to root right now. Also allows you the peace of mind for you to apply the latest android updates, as you will not be able to unlock the bootloader with the patched updates.
2. Once I run the first update, I lose the ability to unlock the Verizon bootloader forever right? YES! NO SOUP FOR YOU!
3. Can I freely lock and unlock the Verizon bootloader any time afterwards? You may lock it again, but beware of the caveats. You will want to be entirely on stock with no modifications. If you have made modifications, and without any way to unlcock the bootloader again, you could end up bricking your device (bootlooping)
You will not be able to unlock the device...see above. NO SOUP FOR YOU!
So just because you can unlock it, doesn't mean that you will forever have the ability to go back and forth. Once it's patched, you lose.... This doesn't apply to the Google versions...just big red
4. Will I only receive OTA updates automatically when the bootloader is locked? technically speacking Bootloader will not effect the ability for updates to be installed. However ROOT'ing your device after your bootloader is unlocked will. So... Here is the link for how to apply updates with and unlocked bootloader https://forum.xda-developers.com/pixel-2/how-to/guide-updating-pixel-2-to-factory-image-t3761154
Thanks!
Click to expand...
Click to collapse
Does this mean that my Verizon Pixel 2, on the current public release of Android 9, cannot enable the "OEM Unlocking" setting in the Developer settings? and therefore I cannot unlock my bootloader?
wo0ts said:
Does this mean that my Verizon Pixel 2, on the current public release of Android 9, cannot enable the "OEM Unlocking" setting in the Developer settings? and therefore I cannot unlock my bootloader?
Click to expand...
Click to collapse
Uhhhh.... correct. See the OP. The command was patched
I believe this article outlines how to unlock after patch
https://alephsecurity.com/2018/01/22/qualcomm-edl-2/
This article outlines how to read all partitions as well as change the dev info partitions. Can someone make a guide to help me use this to allow for oem unlocking?
alecthenice said:
https://alephsecurity.com/2018/01/22/qualcomm-edl-2/
This article outlines how to read all partitions as well as change the dev info partitions. Can someone make a guide to help me use this to allow for oem unlocking?
Click to expand...
Click to collapse
Sure...
1. Build a programmer
2. Develop an exploit to take advantage of a CVE
3. Develop the necessary encrypted signature key to write to the partition
4. Document everything rinse and repeat
In other words there simply no guides out there
BestBuy is selling *NEW* (Verizon) Pixel 2 XLs for $399 at the moment and i was thinking about picking 1 up until a SD855 device I like comes out.
Does the (Verizon) OG PIXEL Rule still apply to the Pixel 2 XL (VZW) that if you 1st boot the device with my TMO SIM, removing the pre-installed VZW SIM, it will register as an UNLOCKED Google Edition Version so I can Unlock the BL as I could with the OG Pixel XL?
I know this is an old thread but I see that there is a GITHUB for this firehorse project.
GitHub - alephsecurity/firehorse: Research & Exploitation framework for Qualcomm EDL Firehose programmers
Research & Exploitation framework for Qualcomm EDL Firehose programmers - GitHub - alephsecurity/firehorse: Research & Exploitation framework for Qualcomm EDL Firehose programmers
github.com
They have target payloads for similar processors, I wonder if someone better at programming would be able to get it working. Banana Hackers has a good repo of EDL files too which might be used as a cross reference perhaps? https://edl.bananahackers.net/
Cprager said:
I know this is an old thread but I see that there is a GITHUB for this firehorse project.
GitHub - alephsecurity/firehorse: Research & Exploitation framework for Qualcomm EDL Firehose programmers
Research & Exploitation framework for Qualcomm EDL Firehose programmers - GitHub - alephsecurity/firehorse: Research & Exploitation framework for Qualcomm EDL Firehose programmers
github.com
They have target payloads for similar processors, I wonder if someone better at programming would be able to get it working. Banana Hackers has a good repo of EDL files too which might be used as a cross reference perhaps? https://edl.bananahackers.net/
Click to expand...
Click to collapse
It's entirely possible. QPST is generally used to flash binary images to the NAND devices, and this functions at the hardware level, so it's entirely possible this could flash an unlocked bootloader.
So long story short
I purchased the tencent version from a reseller, that had unlocked the bootloader and flashed the WW firmware, changed the FP & then relocked it.
Now I'm f##### and don't know what to do.
Can anyone please assist me with any information in regards to "how to unlock without the unlock tool"
Or, direct me to someone/website that I can pay to have it done.
Muchly appreciated
Aussieboi9 said:
So long story short
I purchased the tencent version from a reseller, that had unlocked the bootloader and flashed the WW firmware, changed the FP & then relocked it.
Now I'm f##### and don't know what to do.
Can anyone please assist me with any information in regards to "how to unlock without the unlock tool"
Or, direct me to someone/website that I can pay to have it done.
Muchly appreciated
Click to expand...
Click to collapse
I know one person who unlock bootloader by Edl Firmware and use some command.
HunterTik said:
I know one person who unlock bootloader by Edl Firmware and use some command.
Click to expand...
Click to collapse
who is he? can he help me?
The rumor is that once the bootloader is unlocked and locked again, it can no longer be unlocked a second time. It may work to flash a new bootloader (which is what the EDL restore does as part of the process).
I would suggest taking a look into https://forum.xda-developers.com/t/repair-your-asus-rog-phone-5-with-edl-mode.4271121/ but know that the directions are pretty rough. Make sure to read everything twice before clicking buttons and if you watch the video, make sure to wait until he moves to the next step before following along because it looks like the video was his first time doing it.
twistedumbrella said:
The rumor is that once the bootloader is unlocked and locked again, it can no longer be unlocked a second time. It may work to flash a new bootloader (which is what the EDL restore does as part of the process).
I would suggest taking a look into https://forum.xda-developers.com/t/repair-your-asus-rog-phone-5-with-edl-mode.4271121/ but know that the directions are pretty rough. Make sure to read everything twice before clicking buttons and if you watch the video, make sure to wait until he moves to the next step before following along because it looks like the video was his first time doing it.
Click to expand...
Click to collapse
Sorry to say that , the file I share those file have missing "prog firehose ddr.elf" so it's can't flashed.
saitates1903 said:
who is he? can he help me?
Click to expand...
Click to collapse
Yeah , still no one share the right Edl Firmware.
HunterTik said:
Sorry to say that , the file I share those file have missing "prog firehose ddr.elf" so it's can't flashed.
Click to expand...
Click to collapse
I actually have the firehose ddr for the SDM660 (which Is rog phone 5) >> https://mega.nz/file/0L4W3QoL#B8mDljFa7Tr1I9HiaXkHS8Vgi56oUQE1RhUAc6mpAII which I used alongside your tutorial - I just, can't unlock the bootloader
Aussieboi9 said:
I actually have the firehose ddr for the SDM660 (which Is rog phone 5) which I used alongside your tutorial - I just, can't unlock the bootloader
Click to expand...
Click to collapse
Thanks for adding that
twistedumbrella said:
Might be worthwhile to post it. Sounds like it's needed.
Click to expand...
Click to collapse
just did
Aussieboi9 said:
I actually have the firehose ddr for the SDM660 (which Is rog phone 5) >> https://mega.nz/file/0L4W3QoL#B8mDljFa7Tr1I9HiaXkHS8Vgi56oUQE1RhUAc6mpAII which I used alongside your tutorial - I just, can't unlock the bootloader
Click to expand...
Click to collapse
You need to use "SM8350" firehose for my share files. Then hopefully it will work.
HunterTik said:
You need to use "SM8350" firehose for my share files. Then hopefully it will work.
Click to expand...
Click to collapse
So, Is the file that i shared, the correct file?
If I follow, you have the file for a 660 and need the one for an 888.
twistedumbrella said:
If I follow, you have the file for a 660 and need the one for an 888.
Click to expand...
Click to collapse
Sorry, i understand what you mean.. I thought 660 was the snapdragon version, but It's actually the vulkan version.
my mistake... I'll so some more digging, and hopefully come up with a resolve.
Aussieboi9 said:
So, Is the file that i shared, the correct file?
Click to expand...
Click to collapse
No it's snapdragon 660 files
HunterTik said:
No it's snapdragon 660 files
Click to expand...
Click to collapse
But you've got the files everyone needs, yes?
Aussieboi9 said:
But you've got the files everyone needs, yes?
Click to expand...
Click to collapse
I don't think he does. Meanwhile I was searching the net desperately & stumbled upon some clues. Try searching hydra tools & ROG 5.
Aussieboi9 said:
So long story short
I purchased the tencent version from a reseller, that had unlocked the bootloader and flashed the WW firmware, changed the FP & then relocked it.
Now I'm f##### and don't know what to do.
Can anyone please assist me with any information in regards to "how to unlock without the unlock tool"
Or, direct me to someone/website that I can pay to have it done.
Muchly appreciated
Click to expand...
Click to collapse
Have you got it done yet, mate?
twistedumbrella said:
The rumor is that once the bootloader is unlocked and locked again, it can no longer be unlocked a second time.
Click to expand...
Click to collapse
Question concerning the above.
I unlocked BL, flashed Magisk, but now, without any action from my side I see "unlock OEM" option is not greyed as it was during unlocking BL.
Does it mean it locked itself?
Mentioned rumor I hear first time, but it is good anyway that I've read it early enough, before playing too far with my smartphone.
Hello.
I need someone that has a A125U variante that would like to test crossflashing bettween fimware to bypass U model PBL-unlock-restrictions.
More info, dm me.
EDIT: Changed to GENERAL thread because it turned in to a discussion now.
i have a A125U i can test this out if you want me to
Yes I would be willing to but you would have to walk me through the steps I know nothing of what I'm doing trying to learn
Scotterd said:
Yes I would be willing to but you would have to walk me through the steps I know nothing of what I'm doing trying to learn
Click to expand...
Click to collapse
Download patched odin and flash A125F fimware even if you are on A125U model.
Patched Odin 3.13.1
For those looking for a modified, modded, or patched odin that is a newer build than all the fake and renamed prince comsy 3.12.3 versions floating around. I patch recent Odin versions to offer similar functionality to the princecomsy; in that...
forum.xda-developers.com
Samsung Galaxy A12 Firmware Download SM-A125F Free Download
Samsung Galaxy A12 Firmware Download SM-A125F Free Download ⭐ Official and fast update ⭐ Max speed and free download ⭐ Best Samsung Galaxy website
samfw.com
Clean flashing new fimware useing Odin
DISCLAIMER: I WAS NEVER, HAVE NEVER BEEN, AND WILL NEVER BE RESPONSIBLE OF ANY DAMAGES AGAINST YOUR DEVICES BY YOUR OWN MIS-OPERATIONS # Your warranty is now void # # You have been warned. # # I will laught at you if you point the finger at me...
forum.xda-developers.com
I'm not responsible for any damage don to your device
You can use the patched odin to flash any A12 FW with a matching binary, but it won't affect your ability to unlock the bootloader. The most likely option is to use the EDL method by pulling the back encasing from your phone and using a paperclip or pair of tweezers to short the EDL pin while plugging into your PC. EDL is kind of a secondary bootloader that will allow you to run a variety of functions. Since the A12 is a MediaTek processor, I've tried using the MTKClient exploit through EDL mode to force unlock the bootloader, but so far I haven't seemed to get it working.
R0GUEEE said:
You can use the patched odin to flash any A12 FW with a matching binary, but it won't affect your ability to unlock the bootloader. The most likely option is to use the EDL method by pulling the back encasing from your phone and using a paperclip or pair of tweezers to short the EDL pin while plugging into your PC. EDL is kind of a secondary bootloader that will allow you to run a variety of functions. Since the A12 is a MediaTek processor, I've tried using the MTKClient exploit through EDL mode to force unlock the bootloader, but so far I haven't seemed to get it working.
Click to expand...
Click to collapse
It is possible and a method will be found. It could be that the SBL requires a key for PBL to be unlocked, have you tried useing any exploits on this phone?
LAST_krypton said:
It is possible and a method will be found. It could be that the SBL requires a key for PBL to be unlocked, have you tried useing any exploits on this phone?
Click to expand...
Click to collapse
As far as everything I've tested so far...
Attempted to downgrade A11 to A10 (can't do it because of incompatible FW binaries)
Flashed several different model FWs & various other CSCs... the model I'm using is SM-A125U (AT&T). Currently the FW running on it is for SM-A125U1 (the carrier unlocked model) but of course still no "OEM Unlock" option in dev settings.
After I tried a few dozen builds I looked into EDL/BROM flashing, since EDL works as a ground zero primary boot interface and seems to work as a recovery/fastboot hybrud allowing both flashing & a CMD interface vs a separated Samsung "Download Mode" and Fastboot mode.
I haven't really spent much time scouring the web for different exploits (that aren't paid services) but I did come across "MTKClient" (https://github.com/bkerler/mtkclient), which I was able to successfully run. I tried using the "unlock bootloader" command, at which point it was a "success" and resulted in the device obviously being wiped, but after the following boot there still was no "OEM Unlock" option in the dev menu. Afterwards I tried flashing a custom boot.img built with Magisk, but even using EDL mode to flash, the device wouldn't boot and just gave the basic "this isn't an approved FW" error, so I had to flash the original boot back.
R0GUEEE said:
As far as everything I've tested so far...
Attempted to downgrade A11 to A10 (can't do it because of incompatible FW binaries)
Flashed several different model FWs & various other CSCs... the model I'm using is SM-A125U (AT&T). Currently the FW running on it is for SM-A125U1 (the carrier unlocked model) but of course still no "OEM Unlock" option in dev settings.
After I tried a few dozen builds I looked into EDL/BROM flashing, since EDL works as a ground zero primary boot interface and seems to work as a recovery/fastboot hybrud allowing both flashing & a CMD interface vs a separated Samsung "Download Mode" and Fastboot mode.
I haven't really spent much time scouring the web for different exploits (that aren't paid services) but I did come across "MTKClient" (https://github.com/bkerler/mtkclient), which I was able to successfully run. I tried using the "unlock bootloader" command, at which point it was a "success" and resulted in the device obviously being wiped, but after the following boot there still was no "OEM Unlock" option in the dev menu. Afterwards I tried flashing a custom boot.img built with Magisk, but even using EDL mode to flash, the device wouldn't boot and just gave the basic "this isn't an approved FW" error, so I had to flash the original boot back.
Click to expand...
Click to collapse
You can't downgrade from Android 11 to 10, because Android 10 has a lower SW_REV value. OEM unlocking shouldn't matter if you can force the PBL to be unlocked by a exploit. You can play with date and time settings in the OS and OEM unlocking may come back, as explained here:
Covering some misleading theories and issues with our A12
This thread will be updated regularly. If you don't agree with something comment and if I was proven wrong I will update the thread. Please don't comment or chat here if it isn't releated with something I said. If you need further help with...
forum.xda-developers.com
You can try editing fimware files if you can't find a exploit for downgradeing SW_REV, or you can try from booting in to PRELOADER and with SP_FLASH_TOOL flash Android 10 scattar fimware. This phone is very new so it may be more difficult for finding exploits, you can play with crossflashing fimware and PRELOADER mode. Another thing is that EDL mode is only for snapdragon chipsets.
And try disabeling thoes security locks:
MTK "secure" boot -use mtksecbypass to disable
"Secure" downloads - try MTKClient
LAST_krypton said:
You can't downgrade from Android 11 to 10, because Android 10 has a lower SW_REV value. OEM unlocking shouldn't matter if you can force the PBL to be unlocked by a exploit. You can play with date and time settings in the OS and OEM unlocking may come back, as explained here:
Covering some misleading theories and issues with our A12
This thread will be updated regularly. If you don't agree with something comment and if I was proven wrong I will update the thread. Please don't comment or chat here if it isn't releated with something I said. If you need further help with...
forum.xda-developers.com
You can try editing fimware files if you can't find a exploit for downgradeing SW_REV, or you can try from booting in to PRELOADER and with SP_FLASH_TOOL flash Android 10 scattar fimware. This phone is very new so it may be more difficult for finding exploits, you can play with crossflashing fimware and PRELOADER mode. Another thing is that EDL mode is only for snapdragon chipsets.
Click to expand...
Click to collapse
I just tried flashing twrp lol, obviously didn't work. So with the a125, it runs on a mediatek processor (MT6765) which has the EDL mode if you short the internal pin. I've tested a couple different exploits which "unlock" it, but after flashing anything custom it always boots with "you can't have custom...". So right now I'm just going around in circles
Edit: Right now I'm playing around with Miracle Box to see what all I can accomplish. I'll update if anything new comes along.
R0GUEEE said:
I just tried flashing twrp lol, obviously didn't work. So with the a125, it runs on a mediatek processor (MT6765) which has the EDL mode if you short the internal pin. I've tested a couple different exploits which "unlock" it, but after flashing anything custom it always boots with "you can't have custom...". So right now I'm just going around in circles
Edit: Right now I'm playing around with Miracle Box to see what all I can accomplish. I'll update if anything new comes along.
Click to expand...
Click to collapse
Ok, good luck with Miracle Box, hope you got the one that isn't backdoored...
EDL mode should be only for Snapdragon, mediatek has it's own PRELOADER mode, as I know of it. Some phones have META-MODE. Could be miscommunication bettwen us.
@R0GUEEE
Here I will share these links and documents that could help.
[Android][UNSAMLOCK] Bootloader Unlock for Samsung US/Canada Devices
This thread is @svetius approved Important notice: Do not update to April 2023 security update (XXXXXXXXXXWCX) or later. Examples: G998USQS6EWCA, N986USQU4HWD1. Samsung has patched the bootloader unlock again on those updates. NOTE: The OneUI...
forum.xda-developers.com
How to unlock Unisoc (SPD) bootloader using Identifier Token
This tutorial will explain how to unlock a Unisoc / Spreadtrum (SPD) Android device's bootloader using its Identifier Token. This guide is ideal for those who had tried the generic fastboot bootloader
forum.hovatek.com
Where is the "download mode" code stored?
At least Samsung Galaxy series devices support download mode(also known as Odin mode or flash mode) which usually can be accessed by pressing down specific buttons while powering on the phone. Is t...
android.stackexchange.com
How I can downgrade from U3 to U1 "oreo to nougat"
I want to downgrade my phone from Oreo to Nougat My phone is Samsung J730F. But the problem is that Samsung locked the boot-louder. Can I go back by flashing the phone combination ROM then flash my
android.stackexchange.com
http://newandroidbook.com/21-Security.pdf?aboot
Reverse Engineering Android's Aboot
How to use MTK Bypass to backup or flash secure boot MTK
This is a step by step guide showing how to flash or backup a Mediatek (MTK) secure boot device without using a custom download agent (DA). This tool disables the SLA / DAA bootrom protection A little
forum.hovatek.com
How to use an MTK Secure Boot Download Agent (DA) file
This tutorial will explain how to use that DA file you just downloaded for your Mediatek (MTK) device with Secure Boot. You'll need the DA file to backup, flash, bypass Factory Reset Protection (FRP)
forum.hovatek.com
LAST_krypton said:
@R0GUEEE
Here I will share these links and documents that could help.
[Android][UNSAMLOCK] Bootloader Unlock for Samsung US/Canada Devices
This thread is @svetius approved Important notice: Do not update to April 2023 security update (XXXXXXXXXXWCX) or later. Examples: G998USQS6EWCA, N986USQU4HWD1. Samsung has patched the bootloader unlock again on those updates. NOTE: The OneUI...
forum.xda-developers.com
How to unlock Unisoc (SPD) bootloader using Identifier Token
This tutorial will explain how to unlock a Unisoc / Spreadtrum (SPD) Android device's bootloader using its Identifier Token. This guide is ideal for those who had tried the generic fastboot bootloader
forum.hovatek.com
Where is the "download mode" code stored?
At least Samsung Galaxy series devices support download mode(also known as Odin mode or flash mode) which usually can be accessed by pressing down specific buttons while powering on the phone. Is t...
android.stackexchange.com
How I can downgrade from U3 to U1 "oreo to nougat"
I want to downgrade my phone from Oreo to Nougat My phone is Samsung J730F. But the problem is that Samsung locked the boot-louder. Can I go back by flashing the phone combination ROM then flash my
android.stackexchange.com
http://newandroidbook.com/21-Security.pdf?aboot
Reverse Engineering Android's Aboot
How to use MTK Bypass to backup or flash secure boot MTK
This is a step by step guide showing how to flash or backup a Mediatek (MTK) secure boot device without using a custom download agent (DA). This tool disables the SLA / DAA bootrom protection A little
forum.hovatek.com
How to use an MTK Secure Boot Download Agent (DA) file
This tutorial will explain how to use that DA file you just downloaded for your Mediatek (MTK) device with Secure Boot. You'll need the DA file to backup, flash, bypass Factory Reset Protection (FRP)
forum.hovatek.com
Click to expand...
Click to collapse
Yeah, I've pretty much gone around and around in circles with this. The thing that makes it curious though is after running adb shell getprop and looking through the build, I noticed most of the properties relating to oem unlocking were actually set to allow, the one outlier was sys.oem_unlock_allowed. Which kinda pushes me back towards the KG/RMM. Athough, I'm not sure if that's because I have the unlocked U1 FW flashed (it's actually an a125u), or if its the same on both. Either way, running an MTK exploit to unlock the bootloader (which I've done) doesn't actually contribute anything to whether or not OEM Unlocking is visible in dev settings, which is the primary prereq for unlocking the bootloader.
I did consider trying to update the sys.oem within build.prop in /system, but obviously without a root it's impossible, which lead me to possibly unpacking the stock FW super.img and trying to pre-edit the build within so I could re-pack and flash using the MTK Bypass exploit, but those necessary oem properties aren't even listed on either of the build files I did manage to find.
So as of now I've got one more test I'm going to try before I give up. All things considered, the most likely issue is the KG/RMM state, so I'm going to test a few different methods to try and circumnavigate those and possibly unlock the missing OEM Unlock option.
I can at least say that it's likely not an issue of manufacturer locked loaders, considering that's primarily a snapdragon issue, whereas the A12 runs on MediaTek, so fingers crossed.
R0GUEEE said:
Yeah, I've pretty much gone around and around in circles with this. The thing that makes it curious though is after running adb shell getprop and looking through the build, I noticed most of the properties relating to oem unlocking were actually set to allow, the one outlier was sys.oem_unlock_allowed. Which kinda pushes me back towards the KG/RMM. Athough, I'm not sure if that's because I have the unlocked U1 FW flashed (it's actually an a125u), or if its the same on both. Either way, running an MTK exploit to unlock the bootloader (which I've done) doesn't actually contribute anything to whether or not OEM Unlocking is visible in dev settings, which is the primary prereq for unlocking the bootloader.
I did consider trying to update the sys.oem within build.prop in /system, but obviously without a root it's impossible, which lead me to possibly unpacking the stock FW super.img and trying to pre-edit the build within so I could re-pack and flash using the MTK Bypass exploit, but those necessary oem properties aren't even listed on either of the build files I did manage to find.
So as of now I've got one more test I'm going to try before I give up. All things considered, the most likely issue is the KG/RMM state, so I'm going to test a few different methods to try and circumnavigate those and possibly unlock the missing OEM Unlock option.
I can at least say that it's likely not an issue of manufacturer locked loaders, considering that's primarily a snapdragon issue, whereas the A12 runs on MediaTek, so fingers crossed.
Click to expand...
Click to collapse
If you were able to see the settings are enabled through ADB that is the same as it showing in settings. KG/RMM state could also be the factor of why it isn't beeing shown as of what you have said. Samsung has came a long way with these dumb knox securities which just makes everything worse, you might be able to find a clue for this within their KNOX documents ( I sent a link in a post above). Maybe you can find a profesional, a person that has worked for samsung and can maybe help you with this. It just gets too complicated at one point. If you have telegram or something were we can talk further about this it would be nice because some exploits and stuff if you mention can violate xda rules... So I don't know what else to tell you, I never really was in a situation where I was required to do these type of stuff, only if I had to because of some problems I had. Maybe you can find answers for all of this on some really old forums where people use to do everything to brake apart samsungs and mediateks security locks but still dout it.
For now, hope you learned something and dm me if you want to chat on telegram or etc about this. Don't think something is impossible because you can't find a answer for it, everything is possible.
LAST_krypton said:
If you were able to see the settings are enabled through ADB that is the same as it showing in settings. KG/RMM state could also be the factor of why it isn't beeing shown as of what you have said. Samsung has came a long way with these dumb knox securities which just makes everything worse, you might be able to find a clue for this within their KNOX documents ( I sent a link in a post above). Maybe you can find a profesional, a person that has worked for samsung and can maybe help you with this. It just gets too complicated at one point. If you have telegram or something were we can talk further about this it would be nice because some exploits and stuff if you mention can violate xda rules... So I don't know what else to tell you, I never really was in a situation where I was required to do these type of stuff, only if I had to because of some problems I had. Maybe you can find answers for all of this on some really old forums where people use to do everything to brake apart samsungs and mediateks security locks but still dout it.
For now, hope you learned something and dm me if you want to chat on telegram or etc about this. Don't think something is impossible because you can't find a answer for it, everything is possible.
Click to expand...
Click to collapse
Well after trial and error, I finally got it. I had to hunt down an Android 10 firmware with a matching binary to allow a downgrade, and after a couple of tries, using the auto-date/time method, OEM unlocking finally decided to show itself in dev settings. Specifically, I used this FW, flashed with Odin https://samfw.com/firmware/SM-A125U/USC/A125USQS2AUF3
R0GUEEE said:
Well after trial and error, I finally got it. I had to hunt down an Android 10 firmware with a matching binary to allow a downgrade, and after a couple of tries, using the auto-date/time method, OEM unlocking finally decided to show itself in dev settings. Specifically, I used this FW, flashed with Odin https://samfw.com/firmware/SM-A125U/USC/A125USQS2AUF3
Click to expand...
Click to collapse
Well, you couldev done that allready out of the start. But even do you got OEM_UNLOCKING shown doesn't really mean anything on U model, unless you have exploits and methods for unlocking PBL. Which as said wasn't very sucessful at all for you. I recomend to you that you check our DMs. mtkclient has some bugs which are on the way to be fixed.
I've been working with mtkclient for months, before it even unlocked bootloaders, I was the first to unlock the stylo 6 bootloader and I had a bit of a hand in working out some of the bugs with the tool, I'm doing a full backup of the A125U model right now with mtkclient and after it's done I plan to try the unlock without having oem unlock option in dev options, but first I'll check to see what binary version I'm on, not sure if it's on android 10 or 11 right now. But I will sheet the backup
I finally finished my tutorial for the stylo 6 bootloader unlock and root so now I'm working with the A125U. I'm on 2nd binary and i think i got the bootloader unlocked, but if I flash the patched boot.img it won't boot. I'm gonna try a few ideas i have, so far no luck but I'm not gonna give up, I may crossflash, but I'm trying to find the easiest way to do this.
LAST_krypton said:
@R0GUEEE
Here I will share these links and documents that could help.
[Android][UNSAMLOCK] Bootloader Unlock for Samsung US/Canada Devices
This thread is @svetius approved Important notice: Do not update to April 2023 security update (XXXXXXXXXXWCX) or later. Examples: G998USQS6EWCA, N986USQU4HWD1. Samsung has patched the bootloader unlock again on those updates. NOTE: The OneUI...
forum.xda-developers.com
How to unlock Unisoc (SPD) bootloader using Identifier Token
This tutorial will explain how to unlock a Unisoc / Spreadtrum (SPD) Android device's bootloader using its Identifier Token. This guide is ideal for those who had tried the generic fastboot bootloader
forum.hovatek.com
Where is the "download mode" code stored?
At least Samsung Galaxy series devices support download mode(also known as Odin mode or flash mode) which usually can be accessed by pressing down specific buttons while powering on the phone. Is t...
android.stackexchange.com
How I can downgrade from U3 to U1 "oreo to nougat"
I want to downgrade my phone from Oreo to Nougat My phone is Samsung J730F. But the problem is that Samsung locked the boot-louder. Can I go back by flashing the phone combination ROM then flash my
android.stackexchange.com
http://newandroidbook.com/21-Security.pdf?aboot
Reverse Engineering Android's Aboot
How to use MTK Bypass to backup or flash secure boot MTK
This is a step by step guide showing how to flash or backup a Mediatek (MTK) secure boot device without using a custom download agent (DA). This tool disables the SLA / DAA bootrom protection A little
forum.hovatek.com
How to use an MTK Secure Boot Download Agent (DA) file
This tutorial will explain how to use that DA file you just downloaded for your Mediatek (MTK) device with Secure Boot. You'll need the DA file to backup, flash, bypass Factory Reset Protection (FRP)
forum.hovatek.com
Click to expand...
Click to collapse
GitHub - MTK-bypass/bypass_utility
Contribute to MTK-bypass/bypass_utility development by creating an account on GitHub.
github.com
I'm glad to see Hovatek being suggested, i worked with them on my stylo 6 project, they even gave me a shout out if you look in the mtkclient instruction for the K51.
Here's the scatter file for the A125U model
MT6765_A12_scatter.txt
drive.google.com
LAST_krypton said:
Well, you couldev done that allready out of the start. But even do you got OEM_UNLOCKING shown doesn't really mean anything on U model, unless you have exploits and methods for unlocking PBL. Which as said wasn't very sucessful at all for you. I recomend to you that you check our DMs. mtkclient has some bugs which are on the way to be fixed.
Click to expand...
Click to collapse
R0GUEEE said:
Well after trial and error, I finally got it. I had to hunt down an Android 10 firmware with a matching binary to allow a downgrade, and after a couple of tries, using the auto-date/time method, OEM unlocking finally decided to show itself in dev settings. Specifically, I used this FW, flashed with Odin https://samfw.com/firmware/SM-A125U/USC/A125USQS2AUF3
Click to expand...
Click to collapse
I own a a125u with FW A125USQU2BUI3. Would I be able to use this method to make oem unlock appear and then root? If so could you please assist me and help with the steps? I've been attempting to root this thing for a week and my girl friend is starting to hate me because I'm obsessed and paymore attention to this than her lol
I've bought one of those locked Pixel 4As running on ArcaneOS and it's got a locked bootloader but the issue is that like everybody else, I can't do much with the phone. So I'm wondering if there's a way to get a phone into the EDL and then flash the stock firmware through QPST?
Todos123 said:
I've bought one of those locked Pixel 4As running on ArcaneOS and it's got a locked bootloader but the issue is that like everybody else, I can't do much with the phone. So I'm wondering if there's a way to get a phone into the EDL and then flash the stock firmware through QPST?
Click to expand...
Click to collapse
Don't think it's possible as Google doesn't release the firehose (needed by qfil) for pixel phones.
Numerous other device mfg do release the firehose file. Some of them use the same chip as what's in the 4a, but from what I read (I've never tried this), the other mfg file, even though it's for the same chip, won't work.
So ArcaneOS is locking the bootloader and u are now unable to unlock it?
AsItLies said:
Don't think it's possible as Google doesn't release the firehose (needed by qfil) for pixel phones.
Numerous other device mfg do release the firehose file. Some of them use the same chip as what's in the 4a, but from what I read (I've never tried this), the other mfg file, even though it's for the same chip, won't work.
So ArcaneOS is locking the bootloader and u are now unable to unlock it?
Click to expand...
Click to collapse
I've found an mbn file for the pixel 4a and it may be possible to do something with it in qfil (?) but I am unsure. Haven't managed to boot my phone in EDL.
As for the ArcaneOS, I am unsure if it locks the bootloader itself or you need to lock it manually after flashing it. Mine has ArcaneOS installed with no build number which means no access to developer options. There are some articles on pixel phones with this ROM on them and they were apparently used by the FBI undercover agents to sell them to the criminals and catch them.
As of writing this reply, the options for making the device usable are either changing the UFS chip or getting your hands on a broken pixel 4a with a working motherboard. Those usually go from 70 - 100€ from what I've seen. I haven't been able to find one in my country yet.
The issue with changing the UFS chip is that it's hard to find one. I've only found a couple on Ali Express for about 25€. Another issue is that apparently where I live they charge anywhere between 100 - 400€ for a memory chip replacement. What a joke
Todos123 said:
I've found an mbn file for the pixel 4a and it may be possible to do something with it in qfil (?) but I am unsure. Haven't managed to boot my phone in EDL.
As for the ArcaneOS, I am unsure if it locks the bootloader itself or you need to lock it manually after flashing it. Mine has ArcaneOS installed with no build number which means no access to developer options. There are some articles on pixel phones with this ROM on them and they were apparently used by the FBI undercover agents to sell them to the criminals and catch them.
As of writing this reply, the options for making the device usable are either changing the UFS chip or getting your hands on a broken pixel 4a with a working motherboard. Those usually go from 70 - 100€ from what I've seen. I haven't been able to find one in my country yet.
The issue with changing the UFS chip is that it's hard to find one. I've only found a couple on Ali Express for about 25€. Another issue is that apparently where I live they charge anywhere between 100 - 400€ for a memory chip replacement. What a joke
Click to expand...
Click to collapse
edit to add: didn't realize but yes it does look like the proper mbn file *might* allow u to flash stock firmware? Not sure, haven't done it, from what I read the appropriate xml would be needed also... not sure.
... end edit
Just got finished reading the entire Arcane OS thread in same forum. Getting the device into EDL mode shouldn't be a problem, and qualcomm device is capable of that and afaik, it's impossible to defeat that.
but, it's no help if u don't have the programmer firehose file, as u simply can't access the device without it. I've used edl / firehose files for LG devices, but they somehow (the firehose files) become 'leaked' (probably by LG).
But google, nope, I've looked due to the pix 3 (and some others) inadvertently bricking themselves (no one sure why), where u just pick up the device and u have a blank screen. But if u plug it into pc it will connect as QLoader etc (it's basically stuck in edl mode).
But those devices can't be fixed either, same issue in that there's no firehose programmer file for it. So u simply can't access the device.
AsItLies said:
edit to add: didn't realize but yes it does look like the proper mbn file *might* allow u to flash stock firmware? Not sure, haven't done it, from what I read the appropriate xml would be needed also... not sure.
... end edit
Just got finished reading the entire Arcane OS thread in same forum. Getting the device into EDL mode shouldn't be a problem, and qualcomm device is capable of that and afaik, it's impossible to defeat that.
but, it's no help if u don't have the programmer firehose file, as u simply can't access the device without it. I've used edl / firehose files for LG devices, but they somehow (the firehose files) become 'leaked' (probably by LG).
But google, nope, I've looked due to the pix 3 (and some others) inadvertently bricking themselves (no one sure why), where u just pick up the device and u have a blank screen. But if u plug it into pc it will connect as QLoader etc (it's basically stuck in edl mode).
But those devices can't be fixed either, same issue in that there's no firehose programmer file for it. So u simply can't access the device.
Click to expand...
Click to collapse
Ah that's very unfortunate. Well, might as well wait some time. Someone may figure out how to forcefully unlock the bootloader or the firehose file might gets leaked. Who knows... If no, then hopefully I can get a broken pix 4a and just swap the motherboard to my locked one.
Thanks anyways!
Todos123 said:
Ah that's very unfortunate. Well, might as well wait some time. Someone may figure out how to forcefully unlock the bootloader or the firehose file might gets leaked. Who knows... If no, then hopefully I can get a broken pix 4a and just swap the motherboard to my locked one.
Thanks anyways!
Click to expand...
Click to collapse
IMO, the device was flashed with a custom public key to the avb_custom_key partition.
Has anyone been able to successfully root or flash TWRP using QPST/QFIL without unlocking the bootloader on lmi?
jason88fr said:
Has anyone been able to successfully root or flash TWRP using QPST/QFIL without unlocking the bootloader on lmi?
Click to expand...
Click to collapse
I'd be surprised.
What is the problem?
hey @NOSS8
I'd be surprised too lol.
No problem really, I came across some info and went down a little rabbit hole and arrived at the conclusion that it seems to be possible to have root on an locked bootloader but the key is apparently some "firehose" programmer files that I can't seem to find anywhere, which when used in conjuction with QPST and a device in EDL mode would in effect allow modification of the boot.img for the sake of rooting the device.
I'm still trying to find out more because I read some time ago on how android verified boot works, so I am sceptical especially when the people that seem to be doing it on youtube are those that unlock devices for a living or are just enthusiasts, both parties seem to glean toward it being possible without any specialised equipment /box/dongle with a success rate depending on flashing order.
So I started searching for the possibility of it being done on lmi.
jason88fr said:
hey @NOSS8
I'd be surprised too lol.
No problem really, I came across some info and went down a little rabbit hole and arrived at the conclusion that it seems to be possible to have root on an unlocked bootloader but the key is apparently some "firehose" programmer files that I can't seem to find anywhere, which when used in conjuction with QPST and a device in EDL mode would in effect allow modification of the boot.img for the sake of rooting the device.
I'm still trying to find out more because I read some time ago on how android verified boot works, so I am sceptical especially when the people that seem to be doing it on youtube are those that unlock devices for a living or are just enthusiasts, both parties seem to glean toward it being possible without any specialised equipment /box/dongle with a success rate depending on flashing order.
So I started searching for the possibility of it being done on lmi.
Click to expand...
Click to collapse
You say "with a locked bootloader" and then the opposite, typos?
Possible with a MediaTek soc device, not Qualcomm.
Finally to flash in EDL mode you must have a special authorization that only repair centers have.
A few years ago it was easy to access and modify the system, then there were the dynamic partitions, then the A/B partitions and the limitations imposed by GOOGLE with A12 A13.
On You Tube you can find everything and anything unlike XDA.
An example here, of useless persistence.
https://forum.xda-developers.com/t/flashing-edl-problem.4534297/
NOSS8 said:
You say "with a locked bootloader" and then the opposite, typos?
Possible with a MediaTek soc device, not Qualcomm.
Finally to flash in EDL mode you must have a special authorization that only repair centers have.
A few years ago it was easy to access and modify the system, then there were the dynamic partitions, then the A/B partitions and the limitations imposed by GOOGLE with A12 A13.
On You Tube you can find everything and anything unlike XDA.
An example here, of useless persistence.
https://forum.xda-developers.com/t/flashing-edl-problem.4534297/
Click to expand...
Click to collapse
yep it was indeed a typo.
I did see a lot of MTK stuff.
Fair enough.
Also, "useless persistence" I believe is the main cause of so many bricks in forums I've seen in the last couple days chasing the same dream.