I looked into using SamDunk for unlocking the bootloader for my AT&T galaxy s5 but noticed that the code posted on the git was Verizon-specific (in that the bits it writes over in the cid of the phone is verizon-specific). This makes it to where running the code does not unlock the bootloader on a AT&T galaxy s5.
I wrote some python code parsing my original cid and the cid resulting from the current exploit code and noticed that the only difference pertained to the product's serial number (bits 47-16 of the cid). Even then, only certain bits within the product serial number are different. I suspect that some bits within product serial pertain to carrier, and some bits pertain to the bootloader, but I could be wrong.
My hunch is that if I can figure out which bits from the original cid's product serial number correspond to developer bootloader access then I may be able to modify the SamDunk code to allow for unlocking AT&T bootloaders. Or provide some method of calculating a dev bootloader cid from an original.
Has anyone else looked into this, and is this worth pursuing?
edit: looking further through SamDunk code. It appears that there is a dev signature associated with the cid (?) that gets written to aboot. Not sure if this is different between phones... If so then experimenting with only the cid may be futile.
product serial numbers are different for the first 12 bits then bits 25-32. I could post a link to my git if anyone is interested in experimenting with their cids
_ibis said:
I looked into using SamDunk for unlocking the bootloader for my AT&T galaxy s5 but noticed that the code posted on the git was Verizon-specific (in that the bits it writes over in the cid of the phone is verizon-specific). This makes it to where running the code does not unlock the bootloader on a AT&T galaxy s5.
I wrote some python code parsing my original cid and the cid resulting from the current exploit code and noticed that the only difference pertained to the product's serial number (bits 47-16 of the cid). Even then, only certain bits within the product serial number are different. I suspect that some bits within product serial pertain to carrier, and some bits pertain to the bootloader, but I could be wrong.
My hunch is that if I can figure out which bits from the original cid's product serial number correspond to developer bootloader access then I may be able to modify the SamDunk code to allow for unlocking AT&T bootloaders. Or provide some method of calculating a dev bootloader cid from an original.
Has anyone else looked into this, and is this worth pursuing?
edit: looking further through SamDunk code. It appears that there is a dev signature associated with the cid (?) that gets written to aboot. Not sure if this is different between phones... If so then experimenting with only the cid may be futile.
product serial numbers are different for the first 12 bits then bits 25-32. I could post a link to my git if anyone is interested in experimenting with their cids
Click to expand...
Click to collapse
I wouldn't mind taking a look.
NavSad said:
I wouldn't mind taking a look.
Click to expand...
Click to collapse
Thanks man, I appreciate all the help I can get.
I read further into the Verizon S5 bootloader unlock thread and it appears that only changing the cid may not work. If I remember correctly (looked at it yesterday) the cid is hashed/compared to the aboot somehow to determine whether its a developer edition or not. If we could get a regular cid/aboot and compare it to the verizon regular cid/aboot, then cross compare to the verizon dev edition cid/aboot then we may have a shot at possibly re-creating a at&t dev edition cid/aboot
_ibis said:
Thanks man, I appreciate all the help I can get.
I read further into the Verizon S5 bootloader unlock thread and it appears that only changing the cid may not work. If I remember correctly (looked at it yesterday) the cid is hashed/compared to the aboot somehow to determine whether its a developer edition or not. If we could get a regular cid/aboot and compare it to the verizon regular cid/aboot, then cross compare to the verizon dev edition cid/aboot then we may have a shot at possibly re-creating a at&t dev edition cid/aboot
Click to expand...
Click to collapse
If the bootloader uses SHA1 it may be easier.
Meanwhile us CID 11s over here just watching you guys from the distance..lol
AptLogic said:
Meanwhile us CID 11s over here just watching you guys from the distance..lol
Click to expand...
Click to collapse
I'm CID 11 too.
NavSad said:
I'm CID 11 too.
Click to expand...
Click to collapse
Oh okay lol.. really wish we could unlock all of the S5 bootloaders instead of just CID 15... what if we try doing like MultiROM with the "no-hardboot" thing like they do on HTC devices? We wouldn't need to patch the Kernel so we'd be able to flash other ROMs.
I know we have Odin mode instead of fastboot and we can not do the "OEM Unlock" in the Developer Options as it does not show up in there. I found this thread (https://www.xda-developers.com/how-to-discover-hidden-fastboot-commands/) on how to discover hidden fastboot commands.
So I followed the instructions there to extract the aboot.img (bootloader) and then "read" the contents of that to see what fastboot commands are available. To my surprise, it has "oem unlock" listed and a few other oem options, see attached image. Although, back to the beginning of my post, we can not fastboot in.
I would assume we could unlock the bootloader via fastboot commands if we only had a way in for it. I am not that experienced with Odin but I think that is only to flash images. I spent most of this weekend searching for any way to alternately try to fastboot in or use Odin but came up with nothing feasible. I used ADB to reboot the phone into all modes and tried doing "fastboot devices" in all modes but it just came back with nothing.
I just wanted to post this in the case of being useful in our attempt to unlock the bootloader.
What do you mean by a way in ?
There is no way, that I know of, to put the s5 in fastboot mode. I was thinking that if there is a way to boot to fastboot, or at least have the phone listed as a fastboot device in ADB, we could possibly run the oem unlock command.
Ok that's what I thought u had meant .... I used to have a few HTC devices I believe was the my touch 4g I'm thinking about ...Anyway some of the roms I had to use ADB and fastboot to flash a kernal sometimes ADB wouldn't pick up device to communicate with fastboot someone had found that by installing PDA.net (I think this was name of app for Windows) it enabled ADB to see the device at any rate .... I no it's a long shot but something to look into if your bored sometime lol I'm not sure why or how it worked or if wouldn't help us at all but I no for a fact it worked on a HTC device so felt was worth mentioning
I'll have a look at that when I get a chance. Anything is worth mentioning as you never know what little piece completes the puzzle!
sorry guys, been out of it for the last two weeks. Projects got crazy but should be able to begin working on this again soon.
I'm fairly certain Thier is still a bounty on this .... I no I pledged 100 bux to whoever unlocks my bootloader and saves me from having to buy a new phone lol but been waiting damn near 4 years not gonna start holding my breath now lol
Towelroot gives kernel memory access, downgrade, use kexec.
This is the easiest way and only one that is guaranteed to work since all exploits have already been made.
Guicrith said:
Towelroot gives kernel memory access, downgrade, use kexec.
This is the easiest way and only one that is guaranteed to work since all exploits have already been made.
Click to expand...
Click to collapse
If, of course, we could get kexec to WORK. Any modification of the Kernel breaks the chain of trust and the phone goes into a bootloop.
We dont need to modify the kernel, TowelRoot would write kexec from a file(/system/userlandbootloader.img) into the kernel after boot, then the kernel would boot a new kernel from /system/oskernel.img (which is writable on rooted 4.4-5.0)
The only kernel being modified is the one running in ram and that is deleted and replaced every reboot so trust chain is never broken.
Guicrith said:
We dont need to modify the kernel, TowelRoot would write kexec from a file into the kernel after boot, then the kernel would boot a new kernel from /system/oskernel.img (which is writable on rooted 4.4-5.0)
The only kernel being mdifyed is the one running in ram and that is deleted and replaced every reboot so trust chain is never broken.
Click to expand...
Click to collapse
But for everything to work correctly we need to be able to hardboot to the new kernel, so we need to patch the existing one to support it.
Why?
If you have kernel access you can just set all values to there boot time default.(unless there is hardware locked values like the gameboy color bootloader)
Clear the mmu mappings.
memset((void*)0x00000000, 0x00, sizeof(systemram));
Now it is in a pre boot state.
If that does not work triggering a crash that does not reload the kernel from rom but hardboots the system may work too.
Guicrith said:
Why?
If you have kernel access you can just set all values to there boot time default.(unless there is hardware locked values like the gameboy color bootloader)
Clear the mmu mappings.
memset((void*)0x00000000, 0x00, sizeof(systemram));
Now it is in a pre boot state.
If that does not work triggering a crash that does not reload the kernel from rom but hardboots the system may work too.
Click to expand...
Click to collapse
If we can code this and get consistent successful results we'd basically have a workaround for most locked BL devices to boot a custom ROM.
Of course the only theoretical hurdle left would be to actually code something like this.
Related
Hey all
A little background :
I have a Nexus and a Desire. Both phones are pretty much identical when you look at the hardware. The Desire (GSM) version has a way to repartition its NAND chip in order to resize the /system , /data and /cache partitions on the device. Details can be found in alpharev. The method requires 2 hacks to be implemented,
1. to unlock the security and obtain s-off status
2. to fastboot flash a modified hboot that repartitions the NAND.
My question is:
Is it possible for us to do the same with the N1, seeing that with just "fastboot oem unlock", we can flash anything we want from the fastboot interface, negating the need to implement the first part of the alpharev hack.
all we need is a modified hboot image.
Check the alpharev page for the 4 choices of partition sizes.
str4vag said:
Hey all
A little background :
I have a Nexus and a Desire. Both phones are pretty much identical when you look at the hardware. The Desire (GSM) version has a way to repartition its NAND chip in order to resize the /system , /data and /cache partitions on the device. Details can be found in alpharev. The method requires 2 hacks to be implemented,
1. to unlock the security and obtain s-off status
2. to fastboot flash a modified hboot that repartitions the NAND.
My question is:
Is it possible for us to do the same with the N1, seeing that with just "fastboot oem unlock", we can flash anything we want from the fastboot interface, negating the need to implement the first part of the alpharev hack.
all we need is a modified hboot image.
Check the alpharev page for the 4 choices of partition sizes.
Click to expand...
Click to collapse
Probably not easy as this requires updating fastboot whose source code is not available.
Probably, but seeing as the HW of N1 and Desire is so similar, there is a chance that the code used in the alpharev hack might work, after a little modification to fit the N1.
But then I don't know anything about coding/hacking. I need more input from the dev community.
This requires modification of the bootloader, which wasn't done and requires quite a lot of effort with unknown results. Checking Desire bootloader compatibility might (and probably will) result in a bricked N1, I don't know many people that are willing to take the risk. I know I wouldn't. Without bootloader, repartitioning isn't possible.
Jack_R1 said:
This requires modification of the bootloader, which wasn't done and requires quite a lot of effort with unknown results. Checking Desire bootloader compatibility might (and probably will) result in a bricked N1, I don't know many people that are willing to take the risk. I know I wouldn't. Without bootloader, repartitioning isn't possible.
Click to expand...
Click to collapse
I understand. But what I mean was not flashing the desire bootloader directly to a N1, but using it (or the code base) as a reference for a modified N1 bootloader.
Again, more input is needed from people who have done this kind of thing before.
If i remember correctly,
Firerat has something like this for the G1.
Nobody bothered trying to hack N1 bootloader until now because it has the unlock function built-in - the main reason for reverse-engineering bootloaders isn't there. Bootloader code is binary, no code base there.
Given those facts, the future of bootloader modifications on N1 doesn't look too promising.
I see. Cool.
Thanks for the answers
Hi,
Normally I would post this question in a developer forum, but I don't have sufficient privileges to do that (I have less than 10 posts), so I'm posting here.
I'm new to Android kernels (and Linux in general) so please bear with me. I'm trying to build a kernel for the AT&T Samsung Note 3 (SM-N900A) on an Ubuntu 14.10 (Linux 3.16) 64 bit VM (VirtualBox on a Windows 7 system). The reason I'm trying to build the kernel is because I wrote a kernel module that I want to install on my rooted phone. Right now it's just a simple "hello world" kernel module to see if it works.
I installed the Android NDK (android-ndk-r10d) and am using the arm-linux-androideabi-4.9 toolchain. I prepended the toolchain path to my PATH variable and set CROSS_COMPILE=arm-linux-androideabi- and ARCH=arm in the Makefile. When I unpacked the toolchain, the symbolic links weren't right (they were unpacked as files, not symlinks) so I made symlinks to point to the proper compiler, assembler, linker and loader. It all seems to be working properly, and the toolchain's stuff is being used (i.e. arm-linux-androideabi-gcc, arm-linux-androideabi-as, arm-linux-androideabi-ld.gold, etc)
I'm using the following commands to build the kernel (according to the documentation supplied by Samsung):
$ make msm8974_sec_defconfig VARIANT_DEFCONFIG=msm8974_sec_hlteatt_defconfig SELINUX_DEFCONFIG=selinux_defconfig TIMA_DEFCONFIG=tima_defconfig
$ make
I'm getting a linker error:
LD init/mounts.o: fatal error: no input files
My understanding is that the input file to the linker is init/mounts.o and it doesn't exist. I looked in init, and mounts.o isn't there. I'm not sure when it's supposed to be generated or what it's used for.
Just for grins and giggles, I went into the Makefile and commented out the part that tries to link init/mounts.o and go this error:
LD init/built-in.o: fatal error: no input files
When I looked in init, built-in.o wasn't there. I don't know when this file is supposed to be generated (but after looking at the Makefile, it looks like it has something to do with vmlinux, with which I'm not familiar...I need to do some Googling).
I'd appreciate and advice or comments anyone has. If you need more details (like the expanded output, exact software version, etc), let me know and I'd be more than happy to supply it.
Thanks for your help,
csi.agent32
I'm not a developer but I've seen enough on the forums to know that it's not possible to flash custom kernels on a locked bootloader, so that may be the problem.
pre4speed said:
I'm not a developer but I've seen enough on the forums to know that it's not possible to flash custom kernels on a locked bootloader, so that may be the problem.
Click to expand...
Click to collapse
Thanks for the response, but I'm not trying to flash my device, I'm just trying to build the kernel. My bootloader isn't locked and my phone is rooted, so if I do decide to install the kernel (after I modify it), I shouldn't have a problem.
csi.agent32 said:
Thanks for the response, but I'm not trying to flash my device, I'm just trying to build the kernel. My bootloader isn't locked and my phone is rooted, so if I do decide to install the kernel (after I modify it), I shouldn't have a problem.
Click to expand...
Click to collapse
If you have at&t variant of note 3 your bootloader is lock. You can root but this dose not mean your bootloader is unlock. If you have lock bootloader you can't flash custom recovery exempt SS and you can't flash custom kernel.
Notes from Note 4
norbarb said:
If you have at&t variant of note 3 your bootloader is lock. You can root but this dose not mean your bootloader is unlock. If you have lock bootloader you can't flash custom recovery exempt SS and you can't flash custom kernel.
Notes from Note 4
Click to expand...
Click to collapse
Hi,
I'm not trying to flash my phone with a custom kernel, I'm just trying to build the kernel. I'm aware that AT&T Samsung phones come with a locked bootloader, but I unlocked my bootloader and I rooted my phone. But the problem I'm having has nothing to do with locked a bootloader. I'm not even at the point where I'm trying to flash my phone with a custom kernel...I'm just trying to build the kernel.
csi.agent32 said:
Hi,
I'm not trying to flash my phone with a custom kernel, I'm just trying to build the kernel. I'm aware that AT&T Samsung phones come with a locked bootloader, but I unlocked my bootloader and I rooted my phone. But the problem I'm having has nothing to do with locked a bootloader. I'm not even at the point where I'm trying to flash my phone with a custom kernel...I'm just trying to build the kernel.
Click to expand...
Click to collapse
Can you please share with all community how did you unlock bootloader on your phone ? Lot of developers trying to unlock bootloader since At&t Samsung galaxy S4 , so please share if you did and help some who do try those who trying to achieve this over 3 years on Samsung phones. . I don't believe you have UNLOCK bootloader on At&t samsung Note 3. Your custom kernel will be useless to any At&t samsung phone Galaxy S4 and newer.
Mod: can you please close this thread unless OP really find way to unlock bootloaders on At&t Samsung phones.
norbarb said:
Can you please share with all community how did you unlock bootloader on your phone ? Lot of developers trying to unlock bootloader since At&t Samsung galaxy S4 , so please share if you did and help some who do try those who trying to achieve this over 3 years on Samsung phones. . I don't believe you have UNLOCK bootloader on At&t samsung Note 3. Your custom kernel will be useless to any At&t samsung phone Galaxy S4 and newer.
Mod: can you please close this thread unless OP really find way to unlock bootloaders on At&t Samsung phones.
Click to expand...
Click to collapse
Why would it be closed? You're the one who's off-topic. OP has a valid question about kernel compilation. (P.S. OP if you have an unlocked bootloader on the AT&T model share it with us in a new thread)
benwaffle said:
Why would it be closed? You're the one who's off-topic. OP has a valid question about kernel compilation. (P.S. OP if you have an unlocked bootloader on the AT&T model share it with us in a new thread)
Click to expand...
Click to collapse
He have valid question, but threat is useless unless he really have way to unlock bootloader on At&t samsung phones like Note 3. What we can do with custom kernels for note 3 if we can't use them. This way is road to nowhere.
Notes from Note 4
@csi.agent32 I think you don't need a compiled kernel to compile a module
So the bootloader unlock exploit has been released today, link to the PDF detailing it here, and the Galaxy S5 on Verizon was bootloader unlocked. The paper describes that any phone with Samsung eMMC is vulnerable to the exploit, so that extends to the Note 3, however it is detailed that only select models can take advantage of the exploit. In short, the exploit is able to overwrite the device identification (CID) that is "permanently" (good job Samsung) written to the eMMC. When the phone is booted, info from the aboot is read that verifies if the CID matches what a "Developer Edition" phone would have and then unlocks the bootloader. There is a couple limitations.
A Developer Edition aboot is required.
We need to be able to flash that aboot with ODIN
A matching Developer Edition CID to go with that aboot
It is questionable whether this will apply to the Note 3, or if it will apply to our variant. My biggest concern is the DE aboot and CID. Our variant doesn't have a Developer Edition, so we may be getting hyped up for nothing. The paper has a link to a github repo that contains the required code to change the CID. Let's hope for the best and hopefully find out if we can do it for our phones.
Wow. Waiting patiently.
I've had this phone since launch waiting specifically for CM. I just shattered the screen 3 days ago. I guess the universe doesn't want me to have nice things.
So it turns out that we are out of luck. We possibly have the ability to change the CID, I just checked and my device has Samsung eMMC. However, we don't have a developer edition counterpart so we can't do anything. Looks like we are still going to be locked down.
Thread for the release here: http://forum.xda-developers.com/ver...t/rd-unlocking-galaxys-s5-bootloader-t3337909
https://www.xda-developers.com/motorola-moto-g7-plus-t-mobile/
It has NFC and B71 which G7 doesn't have.
Hopefully bootloader will be unlockable. If so, I may get one and paid in full and have it SIM unlocked, and flash RETAIL ROM
Any update on this? Been holding out on upgrading for this if it's true
If this is right it could be the revvl 3 or 3 plus as product sku is tmo revvl this is from wifi alliance
It's the g7 plus and g7 play https://www.tmonews.com/2019/07/t-mobile-revvlry-official-specs-price/
Can we root it using g7 plus method and unlock bootloader same way I currently have the phone
You can try to get bootloader unlock code it won't hurt nothing but as far as rooting I don't know but should be the same
krazy_smokezalot said:
Can we root it using g7 plus method and unlock bootloader same way I currently have the phone
Click to expand...
Click to collapse
If you can unlock the bootloader, then rooting will be the easy part as you can usually just flash Magisk (or create a patched boot.img in Magisk Manager and flash the patched boot.img). TWRP may even work too, assuming T-Mo didn't heavily modify the underlying software and kernel.
The only question is gonna be unlocking the bootloader as it's not technically branded a Moto device (although is allegedly has the same codename). Moto may not ship a bootloader code to you, you may need to go thru T-Mobile in some way first.
Jleeblanch said:
If you can unlock the bootloader, then rooting will be the easy part as you can usually just flash Magisk (or create a patched boot.img in Magisk Manager and flash the patched boot.img). TWRP may even work too, assuming T-Mo didn't heavily modify the underlying software and kernel.
The only question is gonna be unlocking the bootloader as it's not technically branded a Moto device (although is allegedly has the same codename). Moto may not ship a bootloader code to you, you may need to go thru T-Mobile in some way first.
Click to expand...
Click to collapse
But T-MOBILE don't offer bootloader unlock I work for them. Well just gonna try cause it's given the code name lake on cpu z and the manufacturer is Motorola
krazy_smokezalot said:
But T-MOBILE don't offer bootloader unlock I work for them. Well just gonna try cause it's given the code name lake on cpu z and the manufacturer is Motorola
Click to expand...
Click to collapse
Knowing they (as in T-Mo) doesn't offer codes, which I figured they didn't, then I'd at least try to paste your unlock code on Moto's site. Worst that'll happen is a message will pop up saying you device doesn't qualify.
t mobile g7 plus bootloader unlock
i can confirm that the bootloader for the t mobile moto g7 plus is locked and could not get a unlock from Motorola website it probably has to be paid for to get a unlock. i am unable to confirm at this time if you can get a unlock i got mine on JOD jump on demand. if someone out there gets one paid for and trys for a bootloader unlock please confirm if you can or not after it is paid for. i think you could but i cant confirm that at this time please any ones feed back would be a big help we should all work to gather on this i hope for a bootloader unlock or a work around if someone figures something out but as fas as i know at this time if you owe on 1 there is no boot loader unlock but just maybe the possibility after it is paid i am not shure if you would have to go though t mobile first to get a unlock thanks and anyone's feed back would be very much appreciated.
Also this is probably the same moto g7 build lake as the one off there website but with t mobile branding and a locked down bootloader so twrp and magisk root should work if you can get a bootloader unlock. if someone does please confirm here if it does work or not thanks and i welcome your feedback from anyone.
REVVLRY+ is indeed G7 plus
Jimhackthorn said:
i can confirm that the bootloader for the t mobile moto g7 plus is locked and could not get a unlock from Motorola website it probably has to be paid for to get a unlock. i am unable to confirm at this time if you can get a unlock i got mine on JOD jump on demand. if someone out there gets one paid for and trys for a bootloader unlock please confirm if you can or not after it is paid for. i think you could but i cant confirm that at this time please any ones feed back would be a big help we should0 all work to gather on this i hope for a bootloader unlock or a work around if someone figures something out but as fas as i know at this time if you owe on 1 there is no boot loader unlock but just maybe the possibility after it is paid i am not shure if you would have to go though t mobile first to get a unlock thanks and anyone's feed back would be very much appreciated.
Also this is probably the same moto g7 build lake as the one off there website but with t mobile branding and a locked down bootloader so twrp and magisk root should work if you can get a bootloader unlock. if someone does please confirm here if it does work or not thanks and i welcome your feedback from anyone.
Click to expand...
Click to collapse
Ok I'll try it cause it got it for free and it's paid off. Got it from my job as a gift. So I'll definitely check it out then I'm even more interested. But I kinda doubt it cause the bootloader has the name revvl in it in CPU Z. Bootloader goes by MBM-3.0lake_revvl-43c7c77-190517
Ok so no I tried fastboot oem unlock and nothing happens on the phone anyone else has any idea they want me to try. I'm able to check oem unlock but in fastboot the command oem unlock does nothing on the phone
unlock instructions
krazy_smokezalot said:
Ok so no I tried fastboot oem unlock and nothing happens on the phone anyone else has any idea they want me to try. I'm able to check oem unlock but in fastboot the command oem unlock does nothing on the phone
Click to expand...
Click to collapse
That's because you got to get a unlock key from Motorola. you will first need to make a account with Motorola https://motorola-global-portal.custhelp.com/app/standalone%2Fbootloader%2Funlock-your-device-b
here is your instructions on how to get a key
Put your device in fastboot mode (power off, then press the power and volume down buttons simultaneously).
On your desktop, open a command prompt or terminal, and go to the directory where you installed the Android ADB (or make sure fastboot is in your $PATH)
At the prompt, type $ fastboot oem get_unlock_data
The returned string will be used to retrieve your unlock key.
Paste together the 5 lines of output into one continuous string without (bootloader) or ‘INFO’ or white spaces. Your string needs to look like this: 0A40040192024205#4C4D355631323030373731363031303332323239#BD008A672BA4746C2CE02328A2AC0C39F951A3E5#1F532800020000000000000000000000 EXAMPLE
Check if your device can be unlocked by pasting this string in the field below, and clicking “Can my device be unlocked?”
If your device is unlockable, a "REQUEST UNLOCK KEY" button will now appear at the bottom of this page.
then get the key put in your email address and you will get UNIQUE_KEY
then in adb put in fastboot oem unlock ((UNIQUE_KEY)) here
then fastboot reboot
If yours is paid for please let me know if it works mine is not paid for.
Jimhackthorn said:
That's because you got to get a unlock key from Motorola. you will first need to make a account with Motorola https://motorola-global-portal.custhelp.com/app/standalone/bootloader/unlock-your-device-b
here is your instructions on how to get a key
Put your device in fastboot mode (power off, then press the power and volume down buttons simultaneously).
On your desktop, open a command prompt or terminal, and go to the directory where you installed the Android ADB (or make sure fastboot is in your $PATH)
At the prompt, type $ fastboot oem get_unlock_data
The returned string will be used to retrieve your unlock key.
Paste together the 5 lines of output into one continuous string without (bootloader) or ‘INFO’ or white spaces. Your string needs to look like this: 0A40040192024205#4C4D355631323030373731363031303332323239#BD008A672BA4746C2CE02328A2AC0C39F951A3E5#1F532800020000000000000000000000 EXAMPLE
Check if your device can be unlocked by pasting this string in the field below, and clicking “Can my device be unlocked?”
If your device is unlockable, a "REQUEST UNLOCK KEY" button will now appear at the bottom of this page.
then get the key put in your email address and you will get UNIQUE_KEY
then in adb put in fastboot oem unlock ((UNIQUE_KEY)) here
then fastboot reboot
If yours is paid for please let me know if it works mine is not paid for.
Click to expand...
Click to collapse
Cool thanks for this I'll follow this instructions to unlock bootloader. I'll post back my findings
krazy_smokezalot said:
Cool thanks for this I'll follow this instructions to unlock bootloader. I'll post back my findings
Click to expand...
Click to collapse
This is a common method to unlock Motorola smartphone bootloader.
Hopefully you will be lucky to get the code, but you may wait up to 2 weeks after initial release.
I can confirm that Motorola will give you the unlock code.
Findings
UNLOCKING AND LOCKING BOOTLOADER WILL WIPE YOUR DEVICE> BACKUP PERSONAL DATA IF YOU WANT TO KEEP IT.
I unlocked the bootloader and flashed the moto G7 plus RETAIL firmware. Everything worked fine except google pay, and verity being disabled.
Installing TWRP would always give me a recovery boot loop, so I stopped trying, instead just booting into TWRP with fastboot.
I cannot get verity enabled, even after flashing stock and locking the bootloader, so that means no Google Pay, no Google Fi, no whatever else requires verity.
Looking at
Code:
fastboot getvar all
Shows a flag that verity is disabled and another flag that warranty is void, even after flashing stock.
The stock firmware I found in a firmware repo, because I failed to do a full backup of my system (I only backed up boot, system, and data).
Would anyone be willing to unlock their bootloader, boot into TWRP, do a full backup, and share it, to see if I can get back to stock with verity enabled? I'd love Google Pay back.
BanterJSmoke said:
I can confirm that Motorola will give you the unlock code.
Click to expand...
Click to collapse
Wow!!!
This is HUGE!!!
Pay in full to get SIM unlocked first followed by bootloader unlock and flash RETAIL ROM and become G7 Plus
CDMA support is unknown
mingkee said:
Wow!!!
This is HUGE!!!
Pay in full to get SIM unlocked first followed by bootloader unlock and flash RETAIL ROM and become G7 Plus
CDMA support is unknown
Click to expand...
Click to collapse
Except it's nearly $100 less expensive to just buy an unlocked g7+
I was wondering if it is possible to flash G781U firmware on G781B since they have the same specs.
would love to hear what you think (or know).
Thanks
I'd keep the B model as it is as it can have it's bootloader unlocked. if you're taking that phone to the states someone would gladly buy it off you as is.
if you wanted updates after moving they could easily be manually downloaded and flashed. if you concerned about frequency bands then maybe there are ways to tackle that.
3mel said:
I'd keep the B model as it is as it can have it's bootloader unlocked. if you're taking that phone to the states someone would gladly buy it off you as is.
if you wanted updates after moving they could easily be manually downloaded and flashed. if you concerned about frequency bands then maybe there are ways to tackle that.
Click to expand...
Click to collapse
Thanks for the reply, I know its better to keep it that way but if I wanted to change it anyway, will it be possible or would I just brick the phone?
idaneli2 said:
Thanks for the reply, I know its better to keep it that way but if I wanted to change it anyway, will it be possible or would I just brick the phone?
Click to expand...
Click to collapse
not sure to be honest, I suspect that the existing bootloader would generate a fail error before or just after you started but I can't say for sure.
if it did fail after starting to flash you'd need B firmware on hand to make it useable again.
Trying the same but switching from 781W to 781B. Had no success so far. Odin is failing to flash. At least so far I did not brick the device. Any advice is welcome
igordashaar said:
Trying the same but switching from 781W to 781B. Had no success so far. Odin is failing to flash. At least so far I did not brick the device. Any advice is welcome
Click to expand...
Click to collapse
Hey, glad to see im not alone.
did you try to unlock the bootloader first?
idaneli2 said:
Hey, glad to see im not alone.
did you try to unlock the bootloader first?
Click to expand...
Click to collapse
tried, but so far without success. I'm missing the "OEM unlocking" option that is stated in the manual. Trying now to update to latest firmware. Maybe this will enable the unlocking option.
hm... I just learned that there may be no OEM unlocking option on my snapdragon device. There really is a lot to consider... Somehow OEM unlocking does not work on snapdragon devices from north america. In latin america although this might work. I don't really get what the point of all this is. [some sauce]
edit: maybe it is possible to unlock it through fastboot, but so far i only get a command not found error when using ´´´fastboot oem unlock´´´
igordashaar said:
hm... I just learned that there may be no OEM unlocking option on my snapdragon device. There really is a lot to consider... Somehow OEM unlocking does not work on snapdragon devices from north america. In latin america although this might work. I don't really get what the point of all this is. [some sauce]
edit: maybe it is possible to unlock it through fastboot, but so far i only get a command not found error when using ´´´fastboot oem unlock´´´
Click to expand...
Click to collapse
Yeah, from what I understand devices with U at the end of their model number are missing the OEM unlocking option. I think its stupid to only block the option to some of the world, I mean either block it completely or dont block it at all.
Maybe it is possible to change your model to W and then unlock it, I im not wrong you are supposed to be able to flash W firmware on your U device without unlocking the bootloader.
Just make sure you download firmware with the same binary number in the baseband (the fifth number from the right)
igordashaar said:
tried, but so far without success. I'm missing the "OEM unlocking" option that is stated in the manual. Trying now to update to latest firmware. Maybe this will enable the unlocking option.
Click to expand...
Click to collapse
if it was that easy everyone would be doing it... (if they couldn't unlock).
idaneli2 said:
Yeah, from what I understand devices with U at the end of their model number are missing the OEM unlocking option. I think its stupid to only block the option to some of the world, I mean either block it completely or dont block it at all.
Maybe it is possible to change your model to W and then unlock it, I im not wrong you are supposed to be able to flash W firmware on your U device without unlocking the bootloader.
Just make sure you download firmware with the same binary number in the baseband (the fifth number from the right)
Click to expand...
Click to collapse
Unlike the original poster I am trying to go from SM-G781W to SM-G781B (or anything else that has german language).
To my understanding Samsung does this as the carriers in North America are requiring it, but not sure why.