Can someone explain why unlocking hardlocked bootloader is such a hard task? - General Questions and Answers

People are hacking things left and right to effortlessly gain root or remove pattern locks on their Androids and thanks to devs of this wonderful resource they're not spending a dime in the process, but for some reason unlocking a hardlocked bootloader, an age-old problem, has no other method but the one costing $30. I'd love if someone could explain to me what makes it such a conundrum to figure out and why aren't more people trying to come up with a free solution for everyone.

Hi @4qx.
For devices that have OEM Unlocking grayed out (so you can't unlock the bootloader), there can never be a single solution that would work for every device. Different device manufacturers have their own ideas about security and contain proprietory code specific to that manufacturer, and it's further refined as new models from the same manufacturer come out.
Sometimes a device-specific vulnerability is found and can be taken advantage of to gain root. Sometimes the manufacturer makes a very specific but easy-to-find mistake on one particular version of Android on a single device that lets users officially unlock their bootloader, but that mistake is corrected with the next update for the device.
Even though you might not hear of someone working to root particular devices, it doesn't mean that no one is trying. It's common and expected that attempts that involve vulnerabilities would be kept as secret as possible so that a manufacturer can't patch them before developers can take advantage of what they found.
So the combination of different manufacturers, different models, different variations of models, different Android versions, and different manufacturer or device-specific security makes it near impossible to find a way to root all devices without exception.
Lastly, the easiest and universal method to start the path to being rooted is to have a device that lets you unlock the bootloader officially - preferably with no penalties like some manufacturers do. Anyone who buys devices that you can unlock the bootloader officially probably has no interest in finding a way to root other ways since it's so easy to do with an unlocked bootloader.
Edit: Also, regarding "free for everyone", it takes developers time to achieve what they do, so finding a way to root a device usually isn't a way to make money to live, so they do what they can when they can.

give it a try
https://github.com/bkerler/edl#for-generic-unlocking

If you're citizien of EU and bought an Android device in the territory of EU you never will have troubles with unlocking a phone's bootloader and rooting phone's Android.

Huawei will stop providing bootloader unlocking for all new devices
Earlier this month, we wrote about Huawei and Honor users not being unable to access the page for generating bootloader unlock codes. Now, they will stop providing unlock codes completely.
www.xda-developers.com

You shouldn't post here if you've NO knowledge about current legal situation in EU.

I am from germany too and can tell you Vodafone still sells Huawei devices. There are other brands with non-unlockable bootloader (Google, Samsung, Vivo, Oppo). OEMs tend to lock down their devices entirely for reason

aIecxs said:
give it a try
https://github.com/bkerler/edl#for-generic-unlocking
Click to expand...
Click to collapse
Unless I misinterpret what it says, it seems to be for enabling OEM unlocking. I was referring to unlocking a hardlocked bootloader.

Sorry maybe I didn't get you right. kindly share definition / example or at least descripe what you mean with "hardlocked bootloader"?

roirraW edor ehT said:
For devices that have OEM Unlocking grayed out
Click to expand...
Click to collapse
Was talking about something different, though I appreciate the info.
@aIecxs check this out. Some Xperia models, mostly Japanese ones, have unlockable OEM but are not allowed to have their bootloader unlocked.

Fairly enough there exist quit few devices where manufacturer provides official unlock code, but carrier locked down bootloader by ignoring, disabling or hiding OEM unlock toggle or other device specific methods. I feel "hardlocked bootloader" is a good way to differ from "non-unlockable bootloader" where bootloader is locked from manufacturer entirely (like Huawei)
If you can have it unlocked for £23 obviously XZ1C is unlockable, so if you can find sony leaked prog_ufs_firehose_8998_ddr.elf I would give it a try at least. Björn Kerler is a leading reverse engineer in scene and did good job to oppo rooting.
(you can check /dev/block/bootdevice/by-name/* if devinfo or config exist and decide if it's worth a try)

Related

Bootloader unlocking discussion thread

I made this thread to try and get the get the flame burning again on this topic. It seems since we've achieved safestrap people don't seem too interested in pursuing an unlocked bootloader. I understand that if i want AOSP i should try trading my phone for one with an unlocked bootloader (knowing that somebody is going to comment saying that). But what does that do for the community? Nothing productive. Speaking theoretically here, how is a bootloader unlock achieved with the bootloader lock key? Is there some way of inputting it to unlock the bootloader? What happens if you have the wrong key? Is there a way to create script a keygen that goes through every possibility of however many digit of a code the bootloader lock key is? Or can it only be done via exploit?
Thank you very much for taking the time to read this. Let the discussion begin.
Travisholt92 said:
I made this thread to try and get the get the flame burning again on this topic. It seems since we've achieved safestrap people don't seem too interested in pursuing an unlocked bootloader. I understand that if i want AOSP i should try trading my phone for one with an unlocked bootloader (knowing that somebody is going to comment saying that). But what does that do for the community? Nothing productive. Speaking theoretically here, how is a bootloader unlock achieved with the bootloader lock key? Is there some way of inputting it to unlock the bootloader? What happens if you have the wrong key? Is there a way to create script a keygen that goes through every possibility of however many digit of a code the bootloader lock key is? Or can it only be done via exploit?
Thank you very much for taking the time to read this. Let the discussion begin.
Click to expand...
Click to collapse
If you took the time to read the numerous discussions on this you'd know the answers. People are dropping the unlocked bootloader since even the S4's hasn't been unlocked (since MDK baseband). Regarding the five key questions, it would take a super computer thousands of years to try every possibility. Wrong one would equal bricked phone. Exploit would be only way, and now that Geohot works for Google, he's out of the picture and I'm sure the other Devs aren't going to bother. SS is fine for now, you can always switch carriers if you care that much.
So the community on this device will never progress. Awesome.
Travisholt92 said:
So the community on this device will never progress. Awesome.
Click to expand...
Click to collapse
That is a real possibility. Now with this lesson learned, look for a carrier or device next time that does not lock the bootloader. HTC locks their bootloader but is good enough to provide us users with a way to unlock it. As mentioned, bootloaders are WAY different than obtaining root and there is a very real chance of killing the device in the trial and error process.
I feel where you are coming from i felt the same way. Switched for an HTC One m8 and besides the fact that the bootloader can be unlocked, it's just a much better phone. Should give it a shot! A GS5 is an equal trade for an m8 on craigslist so it shouldn't be too hard. It does seem the general consensus is that the dev's have given up on even trying to unlock it so i would just accept it and move on unfortunately.

What's legal and illegal?

What's legal and illegal when it comes to hacking android (in USA)? I want to unlock the bootloader on my Verizon gs3. Is that illegal?
If you can point me to some definitive or authoritative resources, I would appreciate that. I have been googling this topic for a couple weeks, and as far as I can tell, it's currently legal to unlock your phone for use on another wireless carrier, but it is technically illegal to root or unlock bootloaders (by hacking). But what doesn't fit with that are the bounties I see offered for these activities, so I'm very uncertain either way.
bump
Its legal to do anything to your own device.
You can unlock the bootloader, root the phone, install custom firmwares, or break it to pieces with a hammer as long as it's yours...
Worst case scenario you can always start a new life in Mexico
ishaang said:
Worst case scenario you can always start a new life in Mexico
Click to expand...
Click to collapse
That just made my day.
ishaang said:
Its legal to do anything to your own device.
You can unlock the bootloader, root the phone, install custom firmwares, or break it to pieces with a hammer as long as it's yours...
Worst case scenario you can always start a new life in Mexico
Click to expand...
Click to collapse
Are you allowed to post the info of how to do it?
squebler said:
What's legal and illegal when it comes to hacking android (in USA)? I want to unlock the bootloader on my Verizon gs3. Is that illegal?
If you can point me to some definitive or authoritative resources, I would appreciate that. I have been googling this topic for a couple weeks, and as far as I can tell, it's currently legal to unlock your phone for use on another wireless carrier, but it is technically illegal to root or unlock bootloaders (by hacking). But what doesn't fit with that are the bounties I see offered for these activities, so I'm very uncertain either way.
Click to expand...
Click to collapse
The real issue is with the contract you sign with your carrier. As long as you are in the subsidised portion of your contract (generally 2yrs), the phone technically still belongs to them, not you.
Are they going to look for you to make an issue of it, no. If you need to make a warranty claim though, and they find out it's modified, they have the right to not honor the warranty if they choose (happens occasionally, but not widespread).
I mod my phones all the time, but I do it without any expectation of help from vzw if I break something and can't fix it.
Jmo, hope that helps
squebler said:
What's legal and illegal when it comes to hacking android (in USA)? I want to unlock the bootloader on my Verizon gs3. Is that illegal?
If you can point me to some definitive or authoritative resources, I would appreciate that. I have been googling this topic for a couple weeks, and as far as I can tell, it's currently legal to unlock your phone for use on another wireless carrier, but it is technically illegal to root or unlock bootloaders (by hacking). But what doesn't fit with that are the bounties I see offered for these activities, so I'm very uncertain either way.
Click to expand...
Click to collapse
In my opinion, as long as you have warranty, don't root your phone because it will void the warranty.
Its legal, but can void your warranty with the manufacturer or if you have bought your phone through a carrier they may have a clause in the agreement related to this.
Sony as a manufacturer is cool with you unlocking your bootloader, and they offer the instructions and code on their own website officially, here -http://developer.sonymobile.com/unlockbootloader/unlock-yourboot-loader/
So that's an example of it being legal.
Very helpful info, thanks! Now I think I'll switch to Sony instead of Samsung.
No problem, and good idea!
I've been a Sony user for a very long time, and generally their devices have never failed to deliver. On top of that they are very developer friendly and support the open source community a lot. This has been referenced in XDA also, many times. Besides that I do feel the build quality of Sony products is superior, and in phones their hardware specs and stock UI is also pretty decent.
oh it's good:highfive:
ite's legal to do anything on your phones of course (like unlock bootloader),
but if you want to test(hack) on other's phones, make sure you get their permission ^^

Why Sony makes devices, whose bootloaders cannot be unlocked at all?

So, as the title states, why sony does this? I mean, they provide official instructions about how to unlock your bootloader, but in the same time they sell devices that cant be unlocked at all (The notorious: "bootloader unlock allowed: no"). And I don't mean the devices that are simlocked by the operator, but the devices you buy from a store that has nothing to do with your carrier eg. amazon or e-bay. What they get from it?
Cmon guys.. Lets have a discussion
Hmm...
Sounds like a attempt by Sony to keep you running stock. Reminds me of the old PSP days. Each new model had additional security to prevent modders and homebrew creators from running unauthorized Operating Systems and software. Knowing this track history, I would stay away from Sony for phones
It also seems LG for the most part also does this. For modding Go with anything s6 or older

Calling all of you with unlocked bootloaders!

Hey guys, I'm a rookie coder/reverse engineer who is going to try his hand/luck at cracking the V20 variants with locked bootloaders. I'm with US Cellular and was disappointed when I upgraded this past weekend to a locked-out V20. I'm digging through the internals, decompiling some system apps, and scratching my head in attempts to find a root exploit somewhere. I'm trying multiple methods, but of course I'm only one man, and a busy one at that. These things take time, as I'm sure other developers could vouch for...
...which brings me here to you guys. If you would, please, provide me with the information you used to unlock your bootloader:
- IMEI (settings > about phone > status > imei or dial *#06#).
- device-id (found with fastboot oem device-id). Just copy-pasting the terminal/command prompt output is fine.
- and most importantly, the unlock.bin that LG emailed to you.
You can post/upload everything in this thread or email it to me at [email protected] (mods, this is not my primary email, so don't worry about spam/private info disclosure). If it's not inconvenient, throw "LG V20" somewhere in the title so I can sort out what I need from the other junk. The bigger sample size, the better, so don't be afraid to contribute just because other people have.
With enough time, effort, and of course luck, I may be able to find a way to generate my own .bin files, and ultimately generate .bin files for the locked bootloader variants.
Thanks so much in advance!
http://forum.xda-developers.com/g4/help/unlock-technical-steps-to-make-unlocked-t3165391/page9
Look at post #88
Unlock.bin has already been reversed engineered.. And useless unless some one leaks the private key..
Darn, thanks for the sad news... oh well. Of course, I've already learned that nothing is ever easy in this field.
Guess I'm off to try some other things, but I'll stick around in case I find anything interesting.
I'm even more of a rookie, so I'm a little confused. Isn't "onlocking the bootloader" the same as "Enable OEM Unlock" option in the developer setting? My question is can I then use ( www (dot) installandroidrom (dot) co (dot) uk/2016/11/how-to-root-lg-v20-without-pc.html (can't post URL's Grrrrrrrr) ) this to get root access? Mine is the H915 (canadian) version, so that may have a baring on both these statements.
I'm really looking forward to hopefully some day maybe with a little luck, getting full control over the product I own.
whatsgnu said:
I'm even more of a rookie, so I'm a little confused. Isn't "onlocking the bootloader" the same as "Enable OEM Unlock" option in the developer setting? My question is can I then use ( www (dot) installandroidrom (dot) co (dot) uk/2016/11/how-to-root-lg-v20-without-pc.html (can't post URL's Grrrrrrrr) ) this to get root access? Mine is the H915 (canadian) version, so that may have a baring on both these statements.
I'm really looking forward to hopefully some day maybe with a little luck, getting full control over the product I own.
Click to expand...
Click to collapse
OEM unlock only is for using the phones cell service on carrier's other than the one the phone was designed for. It's not the same as a bootloader unlock or root though. Nor are root and bootloader unlock the same thing.
imucarmen said:
OEM unlock only is for using the phones cell service on carrier's other than the one the phone was designed for. It's not the same as a bootloader unlock or root though. Nor are root and bootloader unlock the same thing.
Click to expand...
Click to collapse
Hmm. That doesn't seem to jive with "OEM Unlock is a protective in Android Lollipop and later that is usually a step that users need to enable in order to officially unlock the bootloader of their device" which I read on other sites.
whatsgnu said:
Hmm. That doesn't seem to jive with "OEM Unlock is a protective in Android Lollipop and later that is usually a step that users need to enable in order to officially unlock the bootloader of their device" which I read on other sites.
Click to expand...
Click to collapse
You are right OEM unlock is for bootloader unlock..
But the oem unlock present in developer option in our phones do not work..
Consider this it is a door to bootloader unlock but lg and carries have not jus locked but jammed the door..
It gets ticked but doesn't do anything in system and bootloader levels..
adds08 said:
You are right OEM unlock is for bootloader unlock..
But the oem unlock present in developer option in our phones do not work..
Consider this it is a door to bootloader unlock but lg and carries have not jus locked but jammed the door..
It gets ticked but doesn't do anything in system and bootloader levels..
Click to expand...
Click to collapse
It's more like the OEM Unlock switch is a mere door knob towards opening the door to the free lands of unlocked bootloaders. But the carrier's like AT&T, VZW, and Sprint placed not just a simple lock - but 5 locks all of different arrangements to make it super hard to get it unlocked. That knob ain't going to do you any good until you figure out the 5 locks first.
But yeah that switch was just there to give us a false sense of happiness that they might have given us a chance.
has anyone tried dirty santa? if you do im not responsie if anything goes wrong lol

Skyuniverse Devices Rooting Assistance Requested

I have a Skyuniverse Elite A5 that i want to root. I've reached out to manufacturer several times with no luck on instructions to unlock boot-loader. its running android 9 (go edition) currently. Id like to root with magisk so i would need the stock boot.img however there is very, very minimal information on this device. where to begin on a device that has this many speed bumps? i need instructions on how to unlock my boot loader, clone my stock firmware to acquire necessary files, and rooting a ARM Cortex-A53 device with build ID: Elite_A5_1700_V1.0_202000618 Kernel Version 4.4.147 (24414) kernel architecture armv71. Thanks in advance
nonamemaddox5446 said:
I have a Skyuniverse Elite A5 that i want to root. I've reached out to manufacturer several times with no luck on instructions to unlock boot-loader. its running android 9 (go edition) currently. Id like to root with magisk so i would need the stock boot.img however there is very, very minimal information on this device. where to begin on a device that has this many speed bumps? i need instructions on how to unlock my boot loader, clone my stock firmware to acquire necessary files, and rooting a ARM Cortex-A53 device with build ID: Elite_A5_1700_V1.0_202000618 Kernel Version 4.4.147 (24414) kernel architecture armv71. Thanks in advance
Click to expand...
Click to collapse
You have to get the bootloader unlocked first, there is nothing you can do until that happens. There is no "other way".
Sent from my SM-S767VL using Tapatalk
Droidriven said:
You have to get the bootloader unlocked first, there is nothing you can do until that happens. There is no "other way".
Sent from my SM-S767VL using Tapatalk
Click to expand...
Click to collapse
What would you recomend I try if manufacturer, carrier, and OS proprietary owner's all are not willing to provide any assistance? I've tried every fastboot command I could find, not even a specific code is given like some devices and even if I did acquire some special code there is no avenue to request unlocking from anyone. I'm finding it hard to believe that they are legally allowed to control how i use my device that i paid for. I can't stand not being in control of my phone. i feel like im being left in the dark about all the processes that are running because i literally am. i cant even view logs of anything. just what is running; not what exactly they are doing. this isnt right
nonamemaddox5446 said:
What would you recomend I try if manufacturer, carrier, and OS proprietary owner's all are not willing to provide any assistance? I've tried every fastboot command I could find, not even a specific code is given like some devices and even if I did acquire some special code there is no avenue to request unlocking from anyone. I'm finding it hard to believe that they are legally allowed to control how i use my device that i paid for. I can't stand not being in control of my phone. i feel like im being left in the dark about all the processes that are running because i literally am. i cant even view logs of anything. just what is running; not what exactly they are doing. this isnt right
Click to expand...
Click to collapse
You have no choice but to do what we all do here when we have a device that has no valid bootloader unlock method, that is to just accept the fact that you are not going to unlock the bootloader without an unlock code from the manufacturer/carrier or paying for a bootloader unlock service from a shop/website that is not guaranteed to successfully unlock the bootloader.
The manufacturer and the carrier don't "have" to provide us with bootloader unlock information if they don't want to.
As a matter of fact, not giving us the bootloader unlock information actually protects their interests as far as network security and their warranty on the device is concerned.
Manufacturers lose a lot of money repairing/replacing devices that have been hardbricked due to user error/ignorance during the user's attempt to unlock and modify the device. When I device has been hardbricked, the manufacturer has no way to know that the device has been modified and that the warranty is now no longer valid due to the device being modified. Therefore, they end up paying to repair/replace devices that have technically had their warranty voided by the users modifications.
Sent from my SM-S767VL using Tapatalk
Well I completely understand where you're coming from and also understand that that is the normal methods that most users must abide by however I will do everything in my power to ensure that I can do what I want with my device. Of course manufacturers and cell phone carriers do not want users to unlock the bootloader and acquire root privileges. They hide behind the facade that they are limiting a devices use to prevent improper user operations in which could malfunction the device. That's the official statement, however if one were to acquire root privileges one would be able to view and stop all the data acquisition processes that are running in the background and everyone's device currently without their knowledge or permission. Every single application has a main objective and a more important secondary function, "capture any information that they can sell". I'm beginning the process of litigation in this matter. Manufacturer's, cell phone carrier's, and all of Google's various Android Operations cannot provide any legal documentation regarding terms and conditions and policies on rooting or installing custom operating systems. Now is the time to force them to update their policies while they do not have any currently implemented. They are no rules written about this matter they are just going with the flow essentially, mostly because nobody is aware of this. It's time you and everyone else take ownership of their devices and prevent others from profiting without your knowledge, permission, and stipulations if you choose to share your information. It's important to remember that it is okay to share information as long as you are compensated for it and are aware of its intentions. Imagine buying a pair of shoes and when you begin lacing them how you wish you are somehow unable to do so. The holes are there, the strings are in your hands, but the manufacturer doesn't want you to lace them up how you wish because if you did they wouldn't be able to make any more money off of the shoes. They have already sold the shoes, they are not in possession of them anymore; you are, however they are still trying to tell you what to do with your shoes. If you can't graspe the audacity of all this I suggest you begin researching. I used you as a framing device to convey my message so if you are offended by any of my statements please know that I was also referring to the general public as well as you. Nothing I said was intended to hurt or bother you.

Categories

Resources