Related
It's probably common knowledge so no one thought to write it down, cause I can't seem to find the answer- the phone doesn't generate a new lock code or anything like that right?
AE1282 said:
It's probably common knowledge so no one thought to write it down, cause I can't seem to find the answer- the phone doesn't generate a new lock code or anything like that right?
Click to expand...
Click to collapse
I'm confused by what you're asking... Are you trying to relock the bootloader? or something else...? Because to my knowledge, once you relock it, you can use the same .bin file to unlock it later.
I think I need to relock it and RUU back to stock, I think I basically flashed part of a gsm ROM. A couple organs Asia's I have a new SIM card but obviously I don't, I have data, but no signal, Network info in settings shows signal strength, in service and not roaming, phone I Dee identity info shows stuff normal until you get to the phone number and IMSI. Unknown for the number, and IMSI is listed as 111111111110111.
Basically I'm hoping for an RUU miracle save, so I don't have to test the geek squad's root policy.
1.55 hboot, 0913 or 1108 baseband.
AE1282 said:
I think I need to relock it and RUU back to stock, I think I basically flashed part of a gsm ROM. A couple organs Asia's I have a new SIM card but obviously I don't, I have data, but no signal, Network info in settings shows signal strength, in service and not roaming, phone I Dee identity info shows stuff normal until you get to the phone number and IMSI. Unknown for the number, and IMSI is listed as 111111111110111.
Basically I'm hoping for an RUU miracle save, so I don't have to test the geek squad's root policy.
1.55 hboot, 0913 or 1108 baseband.
Click to expand...
Click to collapse
I've kept my One with a S-OFF policy just in case I mess anything up and need to flash RUU's. But I updated to the latest Firmware and Radio, without the updates to the firmware and radio, it is possible that your phone is reaching the required satellites but is having a problem showing it on the phone and making it usable with the hardware/software versions you are running. Everytime I flash a new ROM, I always Update Profile and Update PRL just ensure a working network connection.
Currently I'm on the 1108 baseband with the 1.55 hboot as well.
Ran into the problem I was worried about...
I relocked my One, flashed the firmware update from the bad boyz thread, and every thing looked fine.
Next step, unlock the boot loader, FAILED.
S-off, 1.55 hboot, used the same token that originally unlocked my device. looks like I still have my custom recovery active, but I'm afraid to flash anything or rest k or recover. As nice as the One looks, I prefer it as a phone rather than a paper weight
You didnt need to lock your bootloader already having soff
Sent from my HTCONE using xda app-developers app
hmmm
did you ever solve the way to get the number to come back and the imsi to stop being 111111111110111 ? My htc one max is doing the same thing now and I cannot get it to come back. I have reset the programming with ##786# and ##72786#, nothing. Tried with a different sim card, nothing. Added it to a different account and tried profile update, nothing. I have also RUU'd my device, it completed and still no change.
Looking to unlock an AT&T version of the HTC One to T-Mobile. I do have an unlock code but it's not working. The phone is rooted and running ARHD 51. I just flashed a different stock rom, tried the code once again but still no luck.
Any suggestions?
WreakerofHavoc said:
Any suggestions?
Click to expand...
Click to collapse
I heard you need to be stock to use a sim-unlock code so you might want to try back to 100% stock then use the code. If it still don't work then maybe you could purchase a new code.
WreakerofHavoc said:
Looking to unlock an AT&T version of the HTC One to T-Mobile. I do have an unlock code but it's not working. The phone is rooted and running ARHD 51. I just flashed a different stock rom, tried the code once again but still no luck.
Click to expand...
Click to collapse
Check your IMEI number and cross reference it with your original to make sure they match. My phone is doing the same thing and it came back from mobile tech videos jtag repair and my numbers are all wrong. Looking for a solution now but my serial number and IMEI numbers are different.
Just a thought, Shot in the dark
alray said:
I heard you need to be stock to use a sim-unlock code so you might want to try back to 100% stock then use the code. If it still don't work then maybe you could purchase a new code.
Click to expand...
Click to collapse
I thought the Rom I used was stock, will try again. Thanks.
cannonofcourse said:
Check your IMEI number and cross reference it with your original to make sure they match. My phone is doing the same thing and it came back from mobile tech videos jtag repair and my numbers are all wrong. Looking for a solution now but my serial number and IMEI numbers are different.
Just a thought, Shot in the dark
Click to expand...
Click to collapse
Will check it out, Thanks.
WreakerofHavoc said:
I thought the Rom I used was stock, will try again. Thanks.
Click to expand...
Click to collapse
Do some searching here (in the Q&A) section, there were quite a few SIM Unlock threads solved (quite a while ago), I can't exactly remember, but it used to be a combo of
1- stock rom (or very close) but matching to firmware version
2- possibly stock recovery
3- possibly locked/relocked bootloader
4- s-off / s-on doesn't matter
I believe number 1 was the most important, can't say/remember about 2 and 3, and quite sure S-Off won't matter.
nkk71 said:
Do some searching here (in the Q&A) section, there were quite a few SIM Unlock threads solved (quite a while ago), I can't exactly remember, but it used to be a combo of
1- stock rom (or very close) but matching to firmware version
2- possibly stock recovery
3- possibly locked/relocked bootloader
4- s-off / s-on doesn't matter
I believe number 1 was the most important, can't say/remember about 2 and 3, and quite sure S-Off won't matter.
Click to expand...
Click to collapse
Ok. Thanks.
restored the original rom, still no luck.
Any suggestions?
Returned to stock rom and recovery, still no luck.
WreakerofHavoc said:
Returned to stock rom and recovery, still no luck.
Click to expand...
Click to collapse
Are you RUU'ing back to stock ?
if your 4.3 try this
http://www.androidruu.com/getdownlo...13_10.38j.1157.04_release_334235_signed_2.exe
if your 4.4 try this
http://www.androidruu.com/getdownlo...09_10.26.1718.01L_release_356565_signed_2.exe
clsA said:
Are you RUU'ing back to stock ?
if your 4.3 try this
http://www.androidruu.com/getdownlo...13_10.38j.1157.04_release_334235_signed_2.exe
if your 4.4 try this
http://www.androidruu.com/getdownlo...09_10.26.1718.01L_release_356565_signed_2.exe
Click to expand...
Click to collapse
Haven't RUU'ed to stock yet. S-Off is need for RUU right? Going to S-Off and then try this. Thanks.
WreakerofHavoc said:
Haven't RUU'ed to stock yet. S-Off is need for RUU right? Going to S-Off and then try this. Thanks.
Click to expand...
Click to collapse
you don't need s-off, you just need to relock the bootloader
Hmmm still no luck. Been working at this for a while now, not sure what the problem is. Selling it is the only solution I can think of right now, but there must be a way to unlock this for my carrier.
Hello. I have a similar issue, so I don't think I should create another topic.
I just purchased a 64gb HTC One and purchased the unlock code from the same vendor as always. I was always able to unlock other devices (One XL, One X+, Windows phone 8X) easily, and even other Ones, since this is my fouth (first one I gave to my brother, second slipped off my pocket while in a tunnel riding my motorcycle and the third is 32gb, so I decided to sell it and buy a 64gb).
This one is used like new, everything stock, s-on, nothing unusual. Well, except the led seems to be smaller (very hard to see the red dot while charging) and the system may be newer, since it doens't find any update available.
But the code doesn't work. I tried twice thinking I could be misspelling the numbers, but returned wrong anyway.
So...
1-What happens if I try again and it returns wrong, since it's showing it's my last try?
2-Any clue?
Thanks in advance.
Does your phone work on any network? What carrier is it branded?
Best thing is to email (carrier) support and get a code from them.
This thread is for devices that have a security cross reference back end problems.
Does your phone say it accepts the code then restarts then asks for the code again?
Sent from my unknown using xda app-developers app
mefxes said:
Hello. I have a similar issue, so I don't think I should create another topic.
I just purchased a 64gb HTC One and purchased the unlock code from the same vendor as always. I was always able to unlock other devices (One XL, One X+, Windows phone 8X) easily, and even other Ones, since this is my fouth (first one I gave to my brother, second slipped off my pocket while in a tunnel riding my motorcycle and the third is 32gb, so I decided to sell it and buy a 64gb).
This one is used like new, everything stock, s-on, nothing unusual. Well, except the led seems to be smaller (very hard to see the red dot while charging) and the system may be newer, since it doens't find any update available.
But the code doesn't work. I tried twice thinking I could be misspelling the numbers, but returned wrong anyway.
So...
1-What happens if I try again and it returns wrong, since it's showing it's my last try?
2-Any clue?
Thanks in advance.
Click to expand...
Click to collapse
In my experience, I'm not getting anything showing my number of attempts or last attempt. I've tried the unlock code about 8-10 times on different roms stock and non stock and stock recovery. I really have no idea.
WreakerofHavoc said:
In my experience, I'm not getting anything showing my number of attempts or last attempt. I've tried the unlock code about 8-10 times on different roms stock and non stock and stock recovery. I really have no idea.
Click to expand...
Click to collapse
Thanks for your answer.
All my HTCs always shown a counter.
Today, after restoring the phone to stock ruu, it wasn't showing any counter anymore, so I decided to try again the code I purchased (and other code sellers confirmed) and it worked.
Very strange... but now it's unlocked.
mefxes said:
Thanks for your answer.
All my HTCs always shown a counter.
Today, after restoring the phone to stock ruu, it wasn't showing any counter anymore, so I decided to try again the code I purchased (and other code sellers confirmed) and it worked.
Very strange... but now it's unlocked.
Click to expand...
Click to collapse
You have the at&t version too? Can you link me to the ruu you used?
nkk71 said:
Do some searching here (in the Q&A) section, there were quite a few SIM Unlock threads solved (quite a while ago), I can't exactly remember, but it used to be a combo of
1- stock rom (or very close) but matching to firmware version
2- possibly stock recovery
3- possibly locked/relocked bootloader
4- s-off / s-on doesn't matter
I believe number 1 was the most important, can't say/remember about 2 and 3, and quite sure S-Off won't matter.
Click to expand...
Click to collapse
After a lot of painstaking effort, I managed to flash a stock RUU, got back to a stock recovery, and locked the bootloader. Got the same unlock code from two separate vendors. No dice. Incredibly frustrating, don't know what's wrong with my phone but now I have to sell it.
850csi said:
After a lot of painstaking effort, I managed to flash a stock RUU, got back to a stock recovery, and locked the bootloader. Got the same unlock code from two separate vendors. No dice. Incredibly frustrating, don't know what's wrong with my phone but now I have to sell it.
Click to expand...
Click to collapse
well you can sim-unlock using the sieempi method instead of the unlock code, like many others successfully did
http://forum.xda-developers.com/showpost.php?p=53043418&postcount=601
Hi, I'm having trouble trying to flash the google play edition rom onto my HTC One (Verizon). I have tried unlocking the bootloader with htcdev.com and it gives me the error: Error Code: 160. Error Reason: MID Not Allowed. I tried to change the cid to 11111111 but that doesn't work either. Also rumrunner doesn't work. I have done a lot of research and can't find any fix for the problem.
Other information:
Android Version 4.4.2
Hboot Version 1.56
Any help is appreciated, thank you in advance.
njcelso said:
Hi, I'm having trouble trying to flash the google play edition rom onto my HTC One (Verizon). I have tried unlocking the bootloader with htcdev.com and it gives me the error: Error Code: 160. Error Reason: MID Not Allowed. I tried to change the cid to 11111111 but that doesn't work either. Also rumrunner doesn't work. I have done a lot of research and can't find any fix for the problem.
Other information:
Android Version 4.4.2
Hboot Version 1.56
Any help is appreciated, thank you in advance.
Click to expand...
Click to collapse
if you can't unlock bootloader you can't do much else. pretty much everything else is dependant on it.
I think the error message you're getting when you try and unlock bootloader is because Verizon (through your device MID) does not allow it.
njcelso said:
Hi, I'm having trouble trying to flash the google play edition rom onto my HTC One (Verizon). I have tried unlocking the bootloader with htcdev.com and it gives me the error: Error Code: 160. Error Reason: MID Not Allowed. I tried to change the cid to 11111111 but that doesn't work either. Also rumrunner doesn't work. I have done a lot of research and can't find any fix for the problem.
Other information:
Android Version 4.4.2
Hboot Version 1.56
Any help is appreciated, thank you in advance.
Click to expand...
Click to collapse
Look, on a locked bootloader, you cannot do anything what ur trying. Verizon phones cannot be unlocked using dev unlock. Only Rumrunner. Make sure that u have HTC Sync Manager installed on ur PC. Run rumrunner again. Rumrunner is the only bootloader unlock solution fr Verizon. Also, make sure USB debugging is enabled and fast boot in power settings is off
raghav kapur said:
Look, on a locked bootloader, you cannot do anything what ur trying. Verizon phones cannot be unlocked using dev unlock. Only Rumrunner. Make sure that u have HTC Sync Manager installed on ur PC. Run rumrunner again. Rumrunner is the only bootloader unlock solution fr Verizon. Also, make sure USB debugging is enabled and fast boot in power settings is off
Click to expand...
Click to collapse
Correct me if I'm wrong but Rumrunner won't work for him either because he is on 4.4.2. That version can't achieve root which is required to s-off. And until s-off is achieved, you can't flash any ROMs...
666564692
số cid của bạn thì up tất cả các vùng,còn muốn root ,tôi không nhớ nhầm thì phải unlock boot s-off
Yep....
After hours of research I feel stupid because this can't be done at the moment. Anyone who is a Verizon subscriber is SOL after updating to 4.4. Can't be done. End of story. Untill then I'll patiently wait. Glad I have an AT&T S4 running CM11 which was done without using a PC so I'm happy about that. The phone I have with Verizon is through work and sense is garbage and battery life is abysmal with all that blotware. I really want CM11 on my HTC One :-/
Does firewater work?!?!?! Use firewater!!!! It works I'm pretty sure with the newest update!!! Link here!!! http://firewater-soff.com/instructions/ Use firewater and see if it works on 4.4.2 if it does then ??????????????
Sent from my Rezound using xda-developers app. CyanogenMod 11. S-off
Firewater does not work either. Really hit a brick wall with this one. Its a shame because I was really looking to use CM11 with the HTC one with the nice display its got and everything
There's a way.... Me and my friend are getting closer to possibly downgrade bootloaders on moto but keep the operating system....... Sorry for that off topic, but there's always a way!!! Unless its Samsung lol, sorry for the off topic OP
Sent From Rezound Running Sense 4. S-Off
Not if you have a Verizon HTC one running 4.4 anytime soon lol
Bet somebody could crack it... Blow the qfuse.... Or is that only moto? I also find it funny how my phone can run the same as the top of the line smart phone running sense 4 now I has sense 5!!! and cyanogenmod 11.
Sent From Rezound Running Sense 4. S-Off
When that happens please let us know. So wait you're running CM11 with sense? How does that work? Also are you able to use the remote app that runs on sense stock? I have used the smart IR remote app on my S4 running CM11 which works great with smart TV's but not so great with non smart TVs at least from my experience with it. that's the only thing I'm worried about losing when and if I'll ever be able to get CM11 on my HTC one
ThatArchVillan said:
When that happens please let us know. So wait you're running CM11 with sense? How does that work? Also are you able to use the remote app that runs on sense stock? I have used the smart IR remote app on my S4 running CM11 which works great with smart TV's but not so great with non smart TVs at least from my experience with it. that's the only thing I'm worried about losing when and if I'll ever be able to get CM11 on my HTC one
Click to expand...
Click to collapse
Okay lol, were getting all of our info for moto right now, reading boot sequences the way in which everything boots, the structure of the bootloader, where the qfuse is located and how we can possibly fry it. My question is. What actually unlocks the HTC bootloader. I know the unlock code.bin But what "actually" let's you unlock the phone? Questions to think thats where you get into the thought of how to hex or trick something such as rum runner/firewater does. Its unlocks and makes you s-off. I read somewhere that it just makes your phone think its s-off, could this be or not to be? I'm finding all these answers..... Were going to try something tomorrow, could possibly brick moto or allow us to unlock WISH ME LUCK!!! I have rooted romed a HTC one, can someone answer one question on the HTC one. When in FULL stock recovery or when someone goes into it, does it just do like my phone and set it back to when I go it (not factory reset) or does it allow options just like wipe cache factory reset and stuff like that? Please someone answer that for me
Also I know how to write the code and make exploits and everything, but how in gods name do you edit a .bin file and see what the ACTUAL ORIGINAL code was. I know its not just some computer person is going to sit down and write ¢=¥=€℅£{`¶¥°`°©=¥ ain't no way in hell nobody gonna read that, then there's the way to change that to hex which is like CB190 FD240 something like that idk, the thing is, there's over 50,000 lines of that, but that simplifies to binary. I can't get anything to change my hex to binary. Because im pretty sure you can change binary to text but i cant get anything to change hex to bainary properly. I can change binary to hex then whatever the foop that symbol crap is. But not do it backwards. It simpily wont work for me.sorry for that noob question, but i havr an idea and need to know. Sorry if my words are wrong I'm tired.
With the IR blaster I'm unsure. I didn't test it. With 4 ROMs I switch back and forth from my SD card. I can backup restore/install and be rebooted with a totally different ROM in 10 minutes like I got bored with sense 4 last night, now I'm on sense 5 woot.
Sent from my Rezound running sense 5. S-OFF
I picked up a used HTC One M7 yesterday, locked to T-Mobile, thinking I could do what I usually do, buy an unlock code for $4 on eBay and use the phone.
Problem is, when I tried to get the unlock code, sellers told me they couldn't find the unlock code for the IMEI I gave them.
So I compared it to the one on the box, and it is different.
I loaded up bootloader, and saw it's unlocked, so now I know someone messed with the phone.
My problem is this:
If I want to use an official unlock code, it will only work with a stock ROM. Now, in order to change the IMEI back to the original one, I have to root (already done) and switch S-OFF. However, when I attempted to run Firewater, it told me I have to try a different kernel, because the one that's installed has an anti-firewater lock.
If I change the kernel, the ROM will no longer be stock, and then I won't be able to use the unlock code anymore, correct?
I did find another way to unlock the phone which uses a custom Config.dat file, but that's a last resort and I'm not certain if it will work or not, so I'm not really sure what I should do at this point to actually get this phone unlocked.
Originally, my plan was to unlock it and then install Cyanogenmod.
Can someone please help? I've spent hours on this today already and I'm running on empty.
Ok, I got the unlock code and tried it but it says it's invalid, so it definitely won't work with the modified IMEI (wasn't really expecting it would).
So I'm left with the challenge of reverting the IMEI back to factory. In order to do that, S-OFF needs to be set, and for that I need to run firewater, however, this is what I keep getting:
ERROR: kernel contains HTC anti-firewater patch!
****** Try again with a different kernel ******
I've tried installing the elemental kernel, and it gives me the same error.
I'm running 4.4.3, Sense 6, bootloader 1.57
Really not sure what to do next.
You won't find anything here. Changing the IMEI is illegal and not to be talked about here
Well that's lame. I'm not asking because I want to perform an illegal act, I just want to restore my phone to it's proper settings so I can actually use it.
kloan said:
Well that's lame. I'm not asking because I want to perform an illegal act, I just want to restore my phone to it's proper settings so I can actually use it.
Click to expand...
Click to collapse
Well that's the thing. Changing it in any way is an illegal act. Any tool that could help has been banned from the site for years and if no original backup was made sending it in for repair is the only option I can offer.
Yeah, I suppose if I can't figure it out I'll try to find a tech in town that can help.
But I don't necessarily need specific step by step instructions on how to modify the IMEI, just some general guidance with getting S-OFF working properly, and making sure I don't mess anything up so that when I do revert back to stock I can still use the unlock code I got.
I just re-locked the bootloader and am now installing the RUU_M7_UL_JB43_SENSE50_MR_TMOUS_3.24.531.3_Radio_4A.21.3263.03_10.38m.1157.04_release_336982_signed_2(2).exe I downloaded, which I'm running in Parallels, since Mac seems to be fairly limited with some things.
After I get that installed and working, I'm going to see if I can go through the steps of unlocking the bootloader, rooting and trying firewater again.
If that doesn't work, maybe I'll try installing the latest cyanogenmod build, and trying to get firewater to set S-OFF after that.
You may have many issues if you doing all this on a mac.
Ref lashing the stock ROM has been known to help some. Not all but a few it worked on.
The IMEI change could also be a main board replacement. Then the IMEI on device would be correct and the one on the box would be wrong.
The serial number is still the same.
I re-locked the bootloader to try and install that ruu, but it got stuck and now it won't boot past hboot.
I'm running the cyanogenmod installer now because I don't know what else to do.
You could also try to S-OFF with revone, which got stuck for me at a certain point, but I went S-OFF anyway.
I tried revone because I had the same issue with firewater as you had.
Alright, I'm not going to get into all the crap I went through trying to get s-off, but suffice to say it was a colossal waste of time.
Ended up buying Sunshine and that worked like a charm when I ran it after restoring the factory T-Mobile rom.
Changing the IMEI back was ridiculously easy once I had s-off.
HOWEVER, the unlock code doesn't work! It tells me it's invalid.
I looked into using SamDunk for unlocking the bootloader for my AT&T galaxy s5 but noticed that the code posted on the git was Verizon-specific (in that the bits it writes over in the cid of the phone is verizon-specific). This makes it to where running the code does not unlock the bootloader on a AT&T galaxy s5.
I wrote some python code parsing my original cid and the cid resulting from the current exploit code and noticed that the only difference pertained to the product's serial number (bits 47-16 of the cid). Even then, only certain bits within the product serial number are different. I suspect that some bits within product serial pertain to carrier, and some bits pertain to the bootloader, but I could be wrong.
My hunch is that if I can figure out which bits from the original cid's product serial number correspond to developer bootloader access then I may be able to modify the SamDunk code to allow for unlocking AT&T bootloaders. Or provide some method of calculating a dev bootloader cid from an original.
Has anyone else looked into this, and is this worth pursuing?
edit: looking further through SamDunk code. It appears that there is a dev signature associated with the cid (?) that gets written to aboot. Not sure if this is different between phones... If so then experimenting with only the cid may be futile.
product serial numbers are different for the first 12 bits then bits 25-32. I could post a link to my git if anyone is interested in experimenting with their cids
_ibis said:
I looked into using SamDunk for unlocking the bootloader for my AT&T galaxy s5 but noticed that the code posted on the git was Verizon-specific (in that the bits it writes over in the cid of the phone is verizon-specific). This makes it to where running the code does not unlock the bootloader on a AT&T galaxy s5.
I wrote some python code parsing my original cid and the cid resulting from the current exploit code and noticed that the only difference pertained to the product's serial number (bits 47-16 of the cid). Even then, only certain bits within the product serial number are different. I suspect that some bits within product serial pertain to carrier, and some bits pertain to the bootloader, but I could be wrong.
My hunch is that if I can figure out which bits from the original cid's product serial number correspond to developer bootloader access then I may be able to modify the SamDunk code to allow for unlocking AT&T bootloaders. Or provide some method of calculating a dev bootloader cid from an original.
Has anyone else looked into this, and is this worth pursuing?
edit: looking further through SamDunk code. It appears that there is a dev signature associated with the cid (?) that gets written to aboot. Not sure if this is different between phones... If so then experimenting with only the cid may be futile.
product serial numbers are different for the first 12 bits then bits 25-32. I could post a link to my git if anyone is interested in experimenting with their cids
Click to expand...
Click to collapse
I wouldn't mind taking a look.
NavSad said:
I wouldn't mind taking a look.
Click to expand...
Click to collapse
Thanks man, I appreciate all the help I can get.
I read further into the Verizon S5 bootloader unlock thread and it appears that only changing the cid may not work. If I remember correctly (looked at it yesterday) the cid is hashed/compared to the aboot somehow to determine whether its a developer edition or not. If we could get a regular cid/aboot and compare it to the verizon regular cid/aboot, then cross compare to the verizon dev edition cid/aboot then we may have a shot at possibly re-creating a at&t dev edition cid/aboot
_ibis said:
Thanks man, I appreciate all the help I can get.
I read further into the Verizon S5 bootloader unlock thread and it appears that only changing the cid may not work. If I remember correctly (looked at it yesterday) the cid is hashed/compared to the aboot somehow to determine whether its a developer edition or not. If we could get a regular cid/aboot and compare it to the verizon regular cid/aboot, then cross compare to the verizon dev edition cid/aboot then we may have a shot at possibly re-creating a at&t dev edition cid/aboot
Click to expand...
Click to collapse
If the bootloader uses SHA1 it may be easier.
Meanwhile us CID 11s over here just watching you guys from the distance..lol
AptLogic said:
Meanwhile us CID 11s over here just watching you guys from the distance..lol
Click to expand...
Click to collapse
I'm CID 11 too.
NavSad said:
I'm CID 11 too.
Click to expand...
Click to collapse
Oh okay lol.. really wish we could unlock all of the S5 bootloaders instead of just CID 15... what if we try doing like MultiROM with the "no-hardboot" thing like they do on HTC devices? We wouldn't need to patch the Kernel so we'd be able to flash other ROMs.
I know we have Odin mode instead of fastboot and we can not do the "OEM Unlock" in the Developer Options as it does not show up in there. I found this thread (https://www.xda-developers.com/how-to-discover-hidden-fastboot-commands/) on how to discover hidden fastboot commands.
So I followed the instructions there to extract the aboot.img (bootloader) and then "read" the contents of that to see what fastboot commands are available. To my surprise, it has "oem unlock" listed and a few other oem options, see attached image. Although, back to the beginning of my post, we can not fastboot in.
I would assume we could unlock the bootloader via fastboot commands if we only had a way in for it. I am not that experienced with Odin but I think that is only to flash images. I spent most of this weekend searching for any way to alternately try to fastboot in or use Odin but came up with nothing feasible. I used ADB to reboot the phone into all modes and tried doing "fastboot devices" in all modes but it just came back with nothing.
I just wanted to post this in the case of being useful in our attempt to unlock the bootloader.
What do you mean by a way in ?
There is no way, that I know of, to put the s5 in fastboot mode. I was thinking that if there is a way to boot to fastboot, or at least have the phone listed as a fastboot device in ADB, we could possibly run the oem unlock command.
Ok that's what I thought u had meant .... I used to have a few HTC devices I believe was the my touch 4g I'm thinking about ...Anyway some of the roms I had to use ADB and fastboot to flash a kernal sometimes ADB wouldn't pick up device to communicate with fastboot someone had found that by installing PDA.net (I think this was name of app for Windows) it enabled ADB to see the device at any rate .... I no it's a long shot but something to look into if your bored sometime lol I'm not sure why or how it worked or if wouldn't help us at all but I no for a fact it worked on a HTC device so felt was worth mentioning
I'll have a look at that when I get a chance. Anything is worth mentioning as you never know what little piece completes the puzzle!
sorry guys, been out of it for the last two weeks. Projects got crazy but should be able to begin working on this again soon.
I'm fairly certain Thier is still a bounty on this .... I no I pledged 100 bux to whoever unlocks my bootloader and saves me from having to buy a new phone lol but been waiting damn near 4 years not gonna start holding my breath now lol
Towelroot gives kernel memory access, downgrade, use kexec.
This is the easiest way and only one that is guaranteed to work since all exploits have already been made.
Guicrith said:
Towelroot gives kernel memory access, downgrade, use kexec.
This is the easiest way and only one that is guaranteed to work since all exploits have already been made.
Click to expand...
Click to collapse
If, of course, we could get kexec to WORK. Any modification of the Kernel breaks the chain of trust and the phone goes into a bootloop.
We dont need to modify the kernel, TowelRoot would write kexec from a file(/system/userlandbootloader.img) into the kernel after boot, then the kernel would boot a new kernel from /system/oskernel.img (which is writable on rooted 4.4-5.0)
The only kernel being modified is the one running in ram and that is deleted and replaced every reboot so trust chain is never broken.
Guicrith said:
We dont need to modify the kernel, TowelRoot would write kexec from a file into the kernel after boot, then the kernel would boot a new kernel from /system/oskernel.img (which is writable on rooted 4.4-5.0)
The only kernel being mdifyed is the one running in ram and that is deleted and replaced every reboot so trust chain is never broken.
Click to expand...
Click to collapse
But for everything to work correctly we need to be able to hardboot to the new kernel, so we need to patch the existing one to support it.
Why?
If you have kernel access you can just set all values to there boot time default.(unless there is hardware locked values like the gameboy color bootloader)
Clear the mmu mappings.
memset((void*)0x00000000, 0x00, sizeof(systemram));
Now it is in a pre boot state.
If that does not work triggering a crash that does not reload the kernel from rom but hardboots the system may work too.
Guicrith said:
Why?
If you have kernel access you can just set all values to there boot time default.(unless there is hardware locked values like the gameboy color bootloader)
Clear the mmu mappings.
memset((void*)0x00000000, 0x00, sizeof(systemram));
Now it is in a pre boot state.
If that does not work triggering a crash that does not reload the kernel from rom but hardboots the system may work too.
Click to expand...
Click to collapse
If we can code this and get consistent successful results we'd basically have a workaround for most locked BL devices to boot a custom ROM.
Of course the only theoretical hurdle left would be to actually code something like this.