NEVERMIND, I don't need unlocked bootloader -- Note 5 LTE - Galaxy Note5 Q&A, Help & Troubleshooting

If you happen to obtain a copy of your unlocked bootloader and you wouldn't mind posting it here please still do. I think for this to work I would have to spend a ton of time error checking, circumventing and so on..
I thought I had it, I don't.. nothing to see here
Old, no need to read
I need help. I need copies of unlocked bootloaders pulled straight from the device using dd .. If you can't access it but you are vulnerable to dirtycow and you are willing to forcefully pull it for me I will write some code to just take it.
why?
I can dd write without verification using dirtycow but I need a copy of an unlocked bootloader. I will carefully pick it apart, make sure the numbers match mine and then dd write an unlocked bootloader. Along side that I will be writing twrp recovery.img to both the boot.img and recovery.img .. upon success AT&T / Verizon Note 5 will be freed!!!

Related

Relock Droid Turbo Bootloader

What's the process for going about it? I did do a search, but didn't find anything useful. Any help would be appreciated.
Reasoning: I'm going to be upgrading and turning in the phone, so it's time to put it back to factory.
mlw4428 said:
What's the process for going about it? I did do a search, but didn't find anything useful. Any help would be appreciated.
Reasoning: I'm going to be upgrading and turning in the phone, so it's time to put it back to factory.
Click to expand...
Click to collapse
1. Go back to stock everything by following section 0 of this guide: http://forum.xda-developers.com/droid-turbo/general/guide-how-to-unlock-bootloader-install-t3292684
2. While in bootloader mode, use the fastboot command "fastboot oem lock"
If you're turning in the phone to Verizon, this method is okay. However, don't do this if you plan on selling the phone to someone else. If they were to try and unlock the phone again, they would most likely brick it.
According to jcase relocking the bootloader it still shows a modified status code. Your warranty is permanently voided.
Are you on an Edge plan? Otherwise I don't know why you would be returning the phone to upgrade. Also not sure what their rules are on permanently modifying the software of one of these essentially "lease-to-own" devices, so might want to check the terms and conditions if this applies to you. If you are just trading it in for credit toward a new phone, I'd just sell it yourself unlocked and get a lot more for it.
Sent from my XT1254 using Tapatalk
SpyderPride said:
If you are just trading it in for credit toward a new phone, I'd just sell it yourself unlocked and get a lot more for it.
Click to expand...
Click to collapse
A bootloader unlocked, rooted XT1254 would be more valuable to a buyer than one locked down. You've already done all the hard work.
TheSt33v said:
1. Go back to stock everything by following section 0 of this guide: http://forum.xda-developers.com/droid-turbo/general/guide-how-to-unlock-bootloader-install-t3292684
2. While in bootloader mode, use the fastboot command "fastboot oem lock"
If you're turning in the phone to Verizon, this method is okay. However, don't do this if you plan on selling the phone to someone else. If they were to try and unlock the phone again, they would most likely brick it.
Click to expand...
Click to collapse
Heya so I'm in a serious bind.
I skipped your step 1 and locked my bootloader. I have an unlocked bootloader. I recently upgraded through the normal verizon pushed update the marshmallow update. Anyhow. I now want to return the phone for an upgrade and well... I locked the bootloader. Then turn the phone off and turned it back on and it now says locked, but it says failed to validate system image. I then got freaked out and downloaded all the step 1 files and tried to flash the stock rom (which i already had installed!) and that doesn't seem to work. Did I brick my phone? Is there any way to get it working now that it is locked with any kind of android at all?
You're probably fine @droidfun1. You just need to use the marshmallow firmware package instead of the lollipop one. Get it here: https://forum.xda-developers.com/dr...-official-stock-firmware-6-0-1-mcg24-t3531571
Yup, I tried flashing the stock 6.0.1 rom with fastboot on my mac but I got all kinds of fails.
I found a mac compatible command line version of RSDLite and it totally worked! Not sure why fastboot couldn't successfully flash the same stock rom?
Now I just need to remove the bootloader unlocked warning (my phone is now locked status 2), but not sure if I can now that it is locked.
TheSt33v said:
You're probably fine @droidfun1. You just need to use the marshmallow firmware package instead of the lollipop one. Get it here: https://forum.xda-developers.com/dr...-official-stock-firmware-6-0-1-mcg24-t3531571
Click to expand...
Click to collapse
droidfun1 said:
Yup, I tried flashing the stock 6.0.1 rom with fastboot on my mac but I got all kinds of fails.
I found a mac compatible command line version of RSDLite and it totally worked! Not sure why fastboot couldn't successfully flash the same stock rom?
Now I just need to remove the bootloader unlocked warning (my phone is now locked status 2), but not sure if I can now that it is locked.
Click to expand...
Click to collapse
Strange. As far as I understand it, RSDlite just automates fastboot, so even if you're using RSDlite, you're actually using fastboot. Whatever works though.
As for the unlocked bootloader message, see my response to that post you made.

Bootloader unlocked message, but bootloader status code 2 - what to do?

Hi,
I have bought a droid turbo 32GB red from ebay. It works, no problem. But I want to install custom rom.
So, the blue bootloader unlocked message is there when I start the phone. In fastboot mode device is locked, status code 2.
I have already used sunshine to unlock the bootloader again. Sunshine told me it was a success, but status code is always 2.
When I want to flash TWRP recovery via fastboot I get message (bootloader) preflash validation failed.
What can I do?
Thanks and greetings from germany.
Only one little tip, please.
Once a Droid Turbo XT1254 bootloader is unlocked, if the previous owner relocked it can not be unlocked again.
Status 2 means unlocked at one point and then relocked, yes?
I don`t know what it means...
It means someone unlocked it, relocked it, and now it cannot be unlocked again.
Polarisfff said:
Hi,
I have bought a droid turbo 32GB red from ebay. It works, no problem. But I want to install custom rom.
So, the blue bootloader unlocked message is there when I start the phone. In fastboot mode device is locked, status code 2.
I have already used sunshine to unlock the bootloader again. Sunshine told me it was a success, but status code is always 2.
When I want to flash TWRP recovery via fastboot I get message (bootloader) preflash validation failed.
What can I do?
Thanks and greetings from germany.
Click to expand...
Click to collapse
Try this I have never done it and have no idea how to the thred I grabbed this from is in this section of the forum under something like relocked bootloader bricked?? So if u need more guidance check that thread but here is the info.
Re Unlock
I did the same thing on my xt1254 this is what Beaups told me from sunshine and it worked for me. I did it from terminal emulated on the device and then was ablebto reflash twrp
Beaups (TheRootNinja Support)
Dec 29, 17:10
tested this on my device and it worked. Keep in mind we can't guarantee it will work for you and also can't guarantee it won't kill your device (but I don't see why it should). Copy paste this command, do NOT make any errors.
From a ROOT adb shell (if you don't have root you'll need to figure out how to get it, kingroot, etc):
dd if=/dev/zero of=/dev/block/platform/msm_sdcc.1/by-name/sp bs=1 seek=8
It should hang for a few seconds and then you should see something like:
dd: /dev/block/platform/msm_sdcc.1/by-name/sp: No space left on device
1048569+0 records in
1048568+0 records out
1048568 bytes transferred in 7.203 secs (145573 bytes/sec)
At that point reboot to bootloader and hopefully your problem is solved. Do NOT relock that device again in the future.
--beaups
Grynch13 said:
Try this I have never done it and have no idea how to the thred I grabbed this from is in this section of the forum under something like relocked bootloader bricked?? So if u need more guidance check that thread but here is the info.
Re Unlock
I did the same thing on my xt1254 this is what Beaups told me from sunshine and it worked for me. I did it from terminal emulated on the device and then was ablebto reflash twrp
Beaups (TheRootNinja Support)
Dec 29, 17:10
tested this on my device and it worked. Keep in mind we can't guarantee it will work for you and also can't guarantee it won't kill your device (but I don't see why it should). Copy paste this command, do NOT make any errors.
From a ROOT adb shell (if you don't have root you'll need to figure out how to get it, kingroot, etc):
dd if=/dev/zero of=/dev/block/platform/msm_sdcc.1/by-name/sp bs=1 seek=8
It should hang for a few seconds and then you should see something like:
dd: /dev/block/platform/msm_sdcc.1/by-name/sp: No space left on device
1048569+0 records in
1048568+0 records out
1048568 bytes transferred in 7.203 secs (145573 bytes/sec)
At that point reboot to bootloader and hopefully your problem is solved. Do NOT relock that device again in the future.
--beaups
Click to expand...
Click to collapse
Hi ok,
i will test this. Another Problem is actually that I didn`t get it rooted...
Polarisfff said:
Hi ok,
i will test this. Another Problem is actually that I didn`t get it rooted...
Click to expand...
Click to collapse
Makes sense, since your bootloader is still locked.
but "From a ROOT adb shell (if you don't have root you'll need to figure out how to get it, kingroot, etc)". So, kingroot rooted the device, but I get problems with closing apps etc...
So, I am sorry, but I dont not know how I get adb root access? Is it a terminal emulator which root king gave root access or is it a special ADB command when the phone is in fastboot mode? In fastboot mode there is also (Secure)...
puh! :-/
Polarisfff said:
but "From a ROOT adb shell (if you don't have root you'll need to figure out how to get it, kingroot, etc)". So, kingroot rooted the device, but I get problems with closing apps etc...
So, I am sorry, but I dont not know how I get adb root access? Is it a terminal emulator which root king gave root access or is it a special ADB command when the phone is in fastboot mode? In fastboot mode there is also (Secure)...
puh! :-/
Click to expand...
Click to collapse
If you can get root through king root even if its just temporary make sure all programs you can close are closed then use a terminal emulator on your phone and should be able to type in the command there I will do some more searching and see what else I can find out u may also want to go to rootninja website and ask them they could probably explain it better than me. Should have asked this first but I assume your on the latest version of lollipop if not that could be a problem and we will need to get u up to date on that first
Hi Grynch, yes, you nailed it. I will test it what you wrote. THX a lot!
Polarisfff said:
Hi Grynch, yes, you nailed it. I will test it what you wrote. THX a lot!
Click to expand...
Click to collapse
You can also use Sunshine to get root access. Just start it and follow the directions until it says that it has root access.
Grynch, your steps did work. Now I have flashed TWRP with success. Thank you all guys. You are saved my weekend!!!!!!!!!!
Great!
Polarisfff said:
Grynch, your steps did work. Now I have flashed TWRP with success. Thank you all guys. You are saved my weekend!!!!!!!!!!
Great!
Click to expand...
Click to collapse
Awesome good to know it works glad your unlocked enjoy your phone and if you haven't been there yet check out the moto maxx forum as well most of the ROMs are over there.
Grynch13 said:
Awesome good to know it works glad your unlocked enjoy your phone and if you haven't been there yet check out the moto maxx forum as well most of the ROMs are over there.
Click to expand...
Click to collapse
Was gonna link him the same tutorial.
Glad to see now three people succeed with this method.

Expanding SamDunk bootloader unlock exploit to AT&T Galaxy S5?

I looked into using SamDunk for unlocking the bootloader for my AT&T galaxy s5 but noticed that the code posted on the git was Verizon-specific (in that the bits it writes over in the cid of the phone is verizon-specific). This makes it to where running the code does not unlock the bootloader on a AT&T galaxy s5.
I wrote some python code parsing my original cid and the cid resulting from the current exploit code and noticed that the only difference pertained to the product's serial number (bits 47-16 of the cid). Even then, only certain bits within the product serial number are different. I suspect that some bits within product serial pertain to carrier, and some bits pertain to the bootloader, but I could be wrong.
My hunch is that if I can figure out which bits from the original cid's product serial number correspond to developer bootloader access then I may be able to modify the SamDunk code to allow for unlocking AT&T bootloaders. Or provide some method of calculating a dev bootloader cid from an original.
Has anyone else looked into this, and is this worth pursuing?
edit: looking further through SamDunk code. It appears that there is a dev signature associated with the cid (?) that gets written to aboot. Not sure if this is different between phones... If so then experimenting with only the cid may be futile.
product serial numbers are different for the first 12 bits then bits 25-32. I could post a link to my git if anyone is interested in experimenting with their cids
_ibis said:
I looked into using SamDunk for unlocking the bootloader for my AT&T galaxy s5 but noticed that the code posted on the git was Verizon-specific (in that the bits it writes over in the cid of the phone is verizon-specific). This makes it to where running the code does not unlock the bootloader on a AT&T galaxy s5.
I wrote some python code parsing my original cid and the cid resulting from the current exploit code and noticed that the only difference pertained to the product's serial number (bits 47-16 of the cid). Even then, only certain bits within the product serial number are different. I suspect that some bits within product serial pertain to carrier, and some bits pertain to the bootloader, but I could be wrong.
My hunch is that if I can figure out which bits from the original cid's product serial number correspond to developer bootloader access then I may be able to modify the SamDunk code to allow for unlocking AT&T bootloaders. Or provide some method of calculating a dev bootloader cid from an original.
Has anyone else looked into this, and is this worth pursuing?
edit: looking further through SamDunk code. It appears that there is a dev signature associated with the cid (?) that gets written to aboot. Not sure if this is different between phones... If so then experimenting with only the cid may be futile.
product serial numbers are different for the first 12 bits then bits 25-32. I could post a link to my git if anyone is interested in experimenting with their cids
Click to expand...
Click to collapse
I wouldn't mind taking a look.
NavSad said:
I wouldn't mind taking a look.
Click to expand...
Click to collapse
Thanks man, I appreciate all the help I can get.
I read further into the Verizon S5 bootloader unlock thread and it appears that only changing the cid may not work. If I remember correctly (looked at it yesterday) the cid is hashed/compared to the aboot somehow to determine whether its a developer edition or not. If we could get a regular cid/aboot and compare it to the verizon regular cid/aboot, then cross compare to the verizon dev edition cid/aboot then we may have a shot at possibly re-creating a at&t dev edition cid/aboot
_ibis said:
Thanks man, I appreciate all the help I can get.
I read further into the Verizon S5 bootloader unlock thread and it appears that only changing the cid may not work. If I remember correctly (looked at it yesterday) the cid is hashed/compared to the aboot somehow to determine whether its a developer edition or not. If we could get a regular cid/aboot and compare it to the verizon regular cid/aboot, then cross compare to the verizon dev edition cid/aboot then we may have a shot at possibly re-creating a at&t dev edition cid/aboot
Click to expand...
Click to collapse
If the bootloader uses SHA1 it may be easier.
Meanwhile us CID 11s over here just watching you guys from the distance..lol
AptLogic said:
Meanwhile us CID 11s over here just watching you guys from the distance..lol
Click to expand...
Click to collapse
I'm CID 11 too.
NavSad said:
I'm CID 11 too.
Click to expand...
Click to collapse
Oh okay lol.. really wish we could unlock all of the S5 bootloaders instead of just CID 15... what if we try doing like MultiROM with the "no-hardboot" thing like they do on HTC devices? We wouldn't need to patch the Kernel so we'd be able to flash other ROMs.
I know we have Odin mode instead of fastboot and we can not do the "OEM Unlock" in the Developer Options as it does not show up in there. I found this thread (https://www.xda-developers.com/how-to-discover-hidden-fastboot-commands/) on how to discover hidden fastboot commands.
So I followed the instructions there to extract the aboot.img (bootloader) and then "read" the contents of that to see what fastboot commands are available. To my surprise, it has "oem unlock" listed and a few other oem options, see attached image. Although, back to the beginning of my post, we can not fastboot in.
I would assume we could unlock the bootloader via fastboot commands if we only had a way in for it. I am not that experienced with Odin but I think that is only to flash images. I spent most of this weekend searching for any way to alternately try to fastboot in or use Odin but came up with nothing feasible. I used ADB to reboot the phone into all modes and tried doing "fastboot devices" in all modes but it just came back with nothing.
I just wanted to post this in the case of being useful in our attempt to unlock the bootloader.
What do you mean by a way in ?
There is no way, that I know of, to put the s5 in fastboot mode. I was thinking that if there is a way to boot to fastboot, or at least have the phone listed as a fastboot device in ADB, we could possibly run the oem unlock command.
Ok that's what I thought u had meant .... I used to have a few HTC devices I believe was the my touch 4g I'm thinking about ...Anyway some of the roms I had to use ADB and fastboot to flash a kernal sometimes ADB wouldn't pick up device to communicate with fastboot someone had found that by installing PDA.net (I think this was name of app for Windows) it enabled ADB to see the device at any rate .... I no it's a long shot but something to look into if your bored sometime lol I'm not sure why or how it worked or if wouldn't help us at all but I no for a fact it worked on a HTC device so felt was worth mentioning
I'll have a look at that when I get a chance. Anything is worth mentioning as you never know what little piece completes the puzzle!
sorry guys, been out of it for the last two weeks. Projects got crazy but should be able to begin working on this again soon.
I'm fairly certain Thier is still a bounty on this .... I no I pledged 100 bux to whoever unlocks my bootloader and saves me from having to buy a new phone lol but been waiting damn near 4 years not gonna start holding my breath now lol
Towelroot gives kernel memory access, downgrade, use kexec.
This is the easiest way and only one that is guaranteed to work since all exploits have already been made.
Guicrith said:
Towelroot gives kernel memory access, downgrade, use kexec.
This is the easiest way and only one that is guaranteed to work since all exploits have already been made.
Click to expand...
Click to collapse
If, of course, we could get kexec to WORK. Any modification of the Kernel breaks the chain of trust and the phone goes into a bootloop.
We dont need to modify the kernel, TowelRoot would write kexec from a file(/system/userlandbootloader.img) into the kernel after boot, then the kernel would boot a new kernel from /system/oskernel.img (which is writable on rooted 4.4-5.0)
The only kernel being modified is the one running in ram and that is deleted and replaced every reboot so trust chain is never broken.
Guicrith said:
We dont need to modify the kernel, TowelRoot would write kexec from a file into the kernel after boot, then the kernel would boot a new kernel from /system/oskernel.img (which is writable on rooted 4.4-5.0)
The only kernel being mdifyed is the one running in ram and that is deleted and replaced every reboot so trust chain is never broken.
Click to expand...
Click to collapse
But for everything to work correctly we need to be able to hardboot to the new kernel, so we need to patch the existing one to support it.
Why?
If you have kernel access you can just set all values to there boot time default.(unless there is hardware locked values like the gameboy color bootloader)
Clear the mmu mappings.
memset((void*)0x00000000, 0x00, sizeof(systemram));
Now it is in a pre boot state.
If that does not work triggering a crash that does not reload the kernel from rom but hardboots the system may work too.
Guicrith said:
Why?
If you have kernel access you can just set all values to there boot time default.(unless there is hardware locked values like the gameboy color bootloader)
Clear the mmu mappings.
memset((void*)0x00000000, 0x00, sizeof(systemram));
Now it is in a pre boot state.
If that does not work triggering a crash that does not reload the kernel from rom but hardboots the system may work too.
Click to expand...
Click to collapse
If we can code this and get consistent successful results we'd basically have a workaround for most locked BL devices to boot a custom ROM.
Of course the only theoretical hurdle left would be to actually code something like this.

Guide SIM UNLOCK T-MOBILE version all type of IMEI supported

I was trying to sim unlock bad IMEI (financed) all services refused to unlock I managed to sim unlock very easy
1 you need to convert to international version follow this thread By AnonymousTipster ( great thanks ) (https://forum.xda-developers.com/oneplus-6t/how-to/t-mobile-6t-to-international-t3888307 )
2 unlock bootloader
3 type this commands
adb reboot bootloader
fastboot erase modemst1
fastboot erase modemst2
fastboot reboot
thats all
you can also backup modemst1 and modemst2 files before this steps
you won't loose imei or have some problem phone works without any problem just tested
Congrats bro
Alright bro, I thought this was an early April fool's joke at first but it's apparently not. Congrats n sorry for the early doubts... I had just read your posts about trying a sim unlock thru some company and it being successful but the tmo app wasn't working so I figured that's where your sim got unlocked it had just carried over to the international version but apparently not. It's crazy that this is how easy it is to bootloader unlock & unlock your sim. Definitely backup your modemst with readback mode in msm
I can help you do what you need as I've done it before. pm me.
gigilie said:
No guide ends with the user deleting their modem. I mean come on man dont mess with people. You've been all over the forum last few days with a stolen phone with a bad imei trying to get it unlocked. U just said blowfish finally came thru n u got it unlocked. How r u gonna claim someone elses work tell everyone it does something it really doesn't do (which is sim unlock the device!) And then have them delete their modems and ask for a donation.... Too funny April fool's ISN'T for a week dude.
Click to expand...
Click to collapse
1 phone is not stolen its financed ordered from ebay as unlocked I was scammed was not able to return from oversies
2 you can backup your modems and then try deleting with this commands they are not deleting I tryed 2 times
3 after blowfish confirmed that phone was unlocked opened unlock app > permanent unlock was receiving same error delleted app data same error factory reset - same error reflashed firmware same error after that this commands worked
all unlock services included blowfish unlock cellunlocker few one from ebay . tyed many of them they refunded money (blowfish returned credits to account) main reason wan device was not active 40 days this services can unlock bad imei phones but if device was not active 40 days they can't more than month I was trying to unlock but only this commands worked if you think you will loose modems to backup try this method
Download & Open up Terminal Emulator on your phone
Once it's open you'll be greeted with a command line prompt, in which you can enter text commands, the first thing you need to do is enable root access by entering this line (press the enter key on your on-screen keyboard after each command to issue it):
Code:
su
If this is the first time you've used Terminal Emulator a Superuser or SuperSU popup will appear, make sure you grant root access.
Now enter these two commands:
Code:
dd if=/dev/block/sdf2 of=/sdcard/modemst1.bin bs=2048
Code:
dd if=/dev/block/sdf3 of=/sdcard/modemst2.bin bs=2048
Deleted doubting post #2 lol
gigilie said:
Bro ur funny we use magisk n we don't dd modems thru terminal to back anything up.... Tell me technically what sense would it make to delete your modem how would that unlock your sim? See if u really did unlock ur sim n bootloader for free by flashing to international and then deleting ur modems (lol) then you would have put twrp on and actually rooted upgraded to beta 7 or flashed an aosp (at least that's what I'd assume cause that's what we unlock the bootloader for) so post some screenshots of whatever ROM ur on or a video of the process with u proving ur not lying. Cause as far as I know absolutely no information regarding the devices unlocked sim state reside in the modem. Imei in Efs maybe or on the board in the phone but not on a piece of a stock rom that some of the best developers on here just overlooked but u magically figured it out.... Quit it dude go home
Click to expand...
Click to collapse
Yes bro I was very funny looking when this worked Im using non T-Mobile sim my number is not covered txt me for for instructions One guy from my country have same phone tmo locked I will take video for you
Hi, I believe you, and I want to try this method... but where are the source of your information? How did you know puting those comands will work?
Thank you!!!
robbie1104 said:
Hi, I believe you, and I want to try this method... but where are the source of your information? How did you know puting those comands will work?
Thank you!!!
Click to expand...
Click to collapse
40+ days I was trying everything Don't know how this phone survived
nika_bego said:
40+ days I was trying everything Don't know how this phone survived
Click to expand...
Click to collapse
Hi again, just one more question: How did you root the device (to make modem backup) with locked bootloader??
robbie1104 said:
Hi again, just one more question: How did you root the device (to make modem backup) with locked bootloader??
Click to expand...
Click to collapse
I didn't backup modems copied this first found instructions for annoying users ?
robbie1104 said:
Hi again, just one more question: How did you root the device (to make modem backup) with locked bootloader??
Click to expand...
Click to collapse
Before phone turned on I was searching modem files I was ready that phone doesn't turns on. But everything was good i don't lost my imei and phone is sim unlocked
nika_bego said:
Before phone turned on I was searching modem files I was ready that phone doesn't turns on. But everything was good i don't lost my imei and phone is sim unlocked
Click to expand...
Click to collapse
Some people I know discovered this work around in November if u make a modemst back up of both modems first, use msm readback to backup imei, then wipe modem, then sim unlocked, restore modem files and imei with msm readback mode. It's just very risky. So if u know how to use msm readback mode and smt mode then go for this, @nika_bego you are correct. For the haters, grow up man, u are incorrect, this man is correct. There are multiple ways to do things in android. I was part of the initial team that first achieved root with this phone with a locked bootloader via aging kernel. Which then led to wiping the modems..we had to keep it between ourselves or chaos would erupt on xda. Plus the mods get so upset if u talk about hacks, modded apps, imei anything and restoring stuff.
Thanks, good job man
fullofhell said:
Some people I know discovered this work around in November if u make a modemst back up of both modems first, use msm readback to backup imei, then wipe modem, then sim unlocked, restore modem files and imei with msm readback mode. It's just very risky. So if u know how to use msm readback mode and smt mode then go for this, @nika_bego you are correct. For the haters, grow up man, u are incorrect, this man is correct. There are multiple ways to do things in android. I was part of the initial team that first achieved root with this phone with a locked bootloader via aging kernel. Which then led to wiping the modems..we had to keep it between ourselves or chaos would erupt on xda. Plus the mods get so upset if u talk about hacks, modded apps, imei anything and restoring stuff.
Thanks, good job man
Click to expand...
Click to collapse
:good:
thanks
gigilie said:
No guide ends with the user deleting their modem. I mean come on man dont mess with people. You've been all over the forum last few days with a stolen phone with a bad imei trying to get it unlocked. U just said blowfish finally came thru n u got it unlocked. How r u gonna claim someone elses work tell everyone it does something it really doesn't do (which is sim unlock the device!) And then have them delete their modems and ask for a donation.... Too funny April fool's ISN'T for a week dude.
Click to expand...
Click to collapse
Modemst1 and 2 is settings, not modem.
fullofhell said:
Some people I know discovered this work around in November if u make a modemst back up of both modems first, use msm readback to backup imei, then wipe modem, then sim unlocked, restore modem files and imei with msm readback mode. It's just very risky. So if u know how to use msm readback mode and smt mode then go for this, @nika_bego you are correct. For the haters, grow up man, u are incorrect, this man is correct. There are multiple ways to do things in android. I was part of the initial team that first achieved root with this phone with a locked bootloader via aging kernel. Which then led to wiping the modems..we had to keep it between ourselves or chaos would erupt on xda. Plus the mods get so upset if u talk about hacks, modded apps, imei anything and restoring stuff.
Thanks, good job man
Click to expand...
Click to collapse
can confirm same.
robbie1104 said:
Hi again, just one more question: How did you root the device (to make modem backup) with locked bootloader??
Click to expand...
Click to collapse
I don't believe this guy either. However it is actually true that converting the TMO variant to the International using this: https://forum.xda-developers.com/oneplus-6t/how-to/t-mobile-6t-to-international-t3888307 will allow a simple
Code:
fastboot oem unlock
instead of having to go through OnePlus/TMO to get unlock.bin file.
Doing the conversion, then unlocking the bootloader, then rooting as normal. However I do not for one second believe that erasing the modem will unlock the SIM.
Edit: Looks like it might be possible to SIM unlock with this HOWEVER it requires MORE STEPS not only what is listed in the OP.
OP - Can you please update your post with a full, detailed list, of what to do?
nika_bego said:
I was trying to sim unlock bad IMEI (financed) all services refused to unlock I managed to sim unlock very easy
1 you need to convert to international version follow this thread By AnonymousTipster ( great thanks ) (https://forum.xda-developers.com/oneplus-6t/how-to/t-mobile-6t-to-international-t3888307 )
2 unlock bootloader
3 type this commands
adb reboot bootloader
fastboot erase modemst1
fastboot erase modemst2
fastboot reboot
thats all
you can also backup modemst1 and modemst2 files before this steps
you won't loose imei or have some problem phone works without any problem just tested
Click to expand...
Click to collapse
It is really necessary to unlock bootloader first?? I flashed 9.0.12 and OEM unlock under Developer settings is grayed and disabled... Do i have to flash 9.0.11 to unlock OEM?? In what version of OxygenOS did you make this procedure??
Thank you!!!
robbie1104 said:
It is really necessary to unlock bootloader first?? I flashed 9.0.12 and OEM unlock under Developer settings is grayed and disabled... Do i have to flash 9.0.11 to unlock OEM?? In what version of OxygenOS did you make this procedure??
Thank you!!!
Click to expand...
Click to collapse
I flashed 9.0.11 done this steps and then locked bootloader after updated to 9.0.12
sandix said:
I don't believe this guy either. However it is actually true that converting the TMO variant to the International using this: https://forum.xda-developers.com/oneplus-6t/how-to/t-mobile-6t-to-international-t3888307 will allow a simple instead of having to go through OnePlus/TMO to get unlock.bin file.
Doing the conversion, then unlocking the bootloader, then rooting as normal. However I do not for one second believe that erasing the modem will unlock the SIM.
Edit: Looks like it might be possible to SIM unlock with this HOWEVER it requires MORE STEPS not only what is listed in the OP.
OP - Can you please update your post with a full, detailed list, of what to do?
Click to expand...
Click to collapse
U gotta use readback mode on msm to back it up first. Then wipe smt wipe it then use it to restore the modemst. A and b and then u have to restore imei. A quick Google search will help u with that

(US) T-Mobile version G7+ may come

https://www.xda-developers.com/motorola-moto-g7-plus-t-mobile/
It has NFC and B71 which G7 doesn't have.
Hopefully bootloader will be unlockable. If so, I may get one and paid in full and have it SIM unlocked, and flash RETAIL ROM
Any update on this? Been holding out on upgrading for this if it's true
If this is right it could be the revvl 3 or 3 plus as product sku is tmo revvl this is from wifi alliance
It's the g7 plus and g7 play https://www.tmonews.com/2019/07/t-mobile-revvlry-official-specs-price/
Can we root it using g7 plus method and unlock bootloader same way I currently have the phone
You can try to get bootloader unlock code it won't hurt nothing but as far as rooting I don't know but should be the same
krazy_smokezalot said:
Can we root it using g7 plus method and unlock bootloader same way I currently have the phone
Click to expand...
Click to collapse
If you can unlock the bootloader, then rooting will be the easy part as you can usually just flash Magisk (or create a patched boot.img in Magisk Manager and flash the patched boot.img). TWRP may even work too, assuming T-Mo didn't heavily modify the underlying software and kernel.
The only question is gonna be unlocking the bootloader as it's not technically branded a Moto device (although is allegedly has the same codename). Moto may not ship a bootloader code to you, you may need to go thru T-Mobile in some way first.
Jleeblanch said:
If you can unlock the bootloader, then rooting will be the easy part as you can usually just flash Magisk (or create a patched boot.img in Magisk Manager and flash the patched boot.img). TWRP may even work too, assuming T-Mo didn't heavily modify the underlying software and kernel.
The only question is gonna be unlocking the bootloader as it's not technically branded a Moto device (although is allegedly has the same codename). Moto may not ship a bootloader code to you, you may need to go thru T-Mobile in some way first.
Click to expand...
Click to collapse
But T-MOBILE don't offer bootloader unlock I work for them. Well just gonna try cause it's given the code name lake on cpu z and the manufacturer is Motorola
krazy_smokezalot said:
But T-MOBILE don't offer bootloader unlock I work for them. Well just gonna try cause it's given the code name lake on cpu z and the manufacturer is Motorola
Click to expand...
Click to collapse
Knowing they (as in T-Mo) doesn't offer codes, which I figured they didn't, then I'd at least try to paste your unlock code on Moto's site. Worst that'll happen is a message will pop up saying you device doesn't qualify.
t mobile g7 plus bootloader unlock
i can confirm that the bootloader for the t mobile moto g7 plus is locked and could not get a unlock from Motorola website it probably has to be paid for to get a unlock. i am unable to confirm at this time if you can get a unlock i got mine on JOD jump on demand. if someone out there gets one paid for and trys for a bootloader unlock please confirm if you can or not after it is paid for. i think you could but i cant confirm that at this time please any ones feed back would be a big help we should all work to gather on this i hope for a bootloader unlock or a work around if someone figures something out but as fas as i know at this time if you owe on 1 there is no boot loader unlock but just maybe the possibility after it is paid i am not shure if you would have to go though t mobile first to get a unlock thanks and anyone's feed back would be very much appreciated.
Also this is probably the same moto g7 build lake as the one off there website but with t mobile branding and a locked down bootloader so twrp and magisk root should work if you can get a bootloader unlock. if someone does please confirm here if it does work or not thanks and i welcome your feedback from anyone.
REVVLRY+ is indeed G7 plus
Jimhackthorn said:
i can confirm that the bootloader for the t mobile moto g7 plus is locked and could not get a unlock from Motorola website it probably has to be paid for to get a unlock. i am unable to confirm at this time if you can get a unlock i got mine on JOD jump on demand. if someone out there gets one paid for and trys for a bootloader unlock please confirm if you can or not after it is paid for. i think you could but i cant confirm that at this time please any ones feed back would be a big help we should0 all work to gather on this i hope for a bootloader unlock or a work around if someone figures something out but as fas as i know at this time if you owe on 1 there is no boot loader unlock but just maybe the possibility after it is paid i am not shure if you would have to go though t mobile first to get a unlock thanks and anyone's feed back would be very much appreciated.
Also this is probably the same moto g7 build lake as the one off there website but with t mobile branding and a locked down bootloader so twrp and magisk root should work if you can get a bootloader unlock. if someone does please confirm here if it does work or not thanks and i welcome your feedback from anyone.
Click to expand...
Click to collapse
Ok I'll try it cause it got it for free and it's paid off. Got it from my job as a gift. So I'll definitely check it out then I'm even more interested. But I kinda doubt it cause the bootloader has the name revvl in it in CPU Z. Bootloader goes by MBM-3.0lake_revvl-43c7c77-190517
Ok so no I tried fastboot oem unlock and nothing happens on the phone anyone else has any idea they want me to try. I'm able to check oem unlock but in fastboot the command oem unlock does nothing on the phone
unlock instructions
krazy_smokezalot said:
Ok so no I tried fastboot oem unlock and nothing happens on the phone anyone else has any idea they want me to try. I'm able to check oem unlock but in fastboot the command oem unlock does nothing on the phone
Click to expand...
Click to collapse
That's because you got to get a unlock key from Motorola. you will first need to make a account with Motorola https://motorola-global-portal.custhelp.com/app/standalone%2Fbootloader%2Funlock-your-device-b
here is your instructions on how to get a key
Put your device in fastboot mode (power off, then press the power and volume down buttons simultaneously).
On your desktop, open a command prompt or terminal, and go to the directory where you installed the Android ADB (or make sure fastboot is in your $PATH)
At the prompt, type $ fastboot oem get_unlock_data
The returned string will be used to retrieve your unlock key.
Paste together the 5 lines of output into one continuous string without (bootloader) or ‘INFO’ or white spaces. Your string needs to look like this: 0A40040192024205#4C4D355631323030373731363031303332323239#BD008A672BA4746C2CE02328A2AC0C39F951A3E5#1F532800020000000000000000000000 EXAMPLE
Check if your device can be unlocked by pasting this string in the field below, and clicking “Can my device be unlocked?”
If your device is unlockable, a "REQUEST UNLOCK KEY" button will now appear at the bottom of this page.
then get the key put in your email address and you will get UNIQUE_KEY
then in adb put in fastboot oem unlock ((UNIQUE_KEY)) here
then fastboot reboot
If yours is paid for please let me know if it works mine is not paid for.
Jimhackthorn said:
That's because you got to get a unlock key from Motorola. you will first need to make a account with Motorola https://motorola-global-portal.custhelp.com/app/standalone/bootloader/unlock-your-device-b
here is your instructions on how to get a key
Put your device in fastboot mode (power off, then press the power and volume down buttons simultaneously).
On your desktop, open a command prompt or terminal, and go to the directory where you installed the Android ADB (or make sure fastboot is in your $PATH)
At the prompt, type $ fastboot oem get_unlock_data
The returned string will be used to retrieve your unlock key.
Paste together the 5 lines of output into one continuous string without (bootloader) or ‘INFO’ or white spaces. Your string needs to look like this: 0A40040192024205#4C4D355631323030373731363031303332323239#BD008A672BA4746C2CE02328A2AC0C39F951A3E5#1F532800020000000000000000000000 EXAMPLE
Check if your device can be unlocked by pasting this string in the field below, and clicking “Can my device be unlocked?”
If your device is unlockable, a "REQUEST UNLOCK KEY" button will now appear at the bottom of this page.
then get the key put in your email address and you will get UNIQUE_KEY
then in adb put in fastboot oem unlock ((UNIQUE_KEY)) here
then fastboot reboot
If yours is paid for please let me know if it works mine is not paid for.
Click to expand...
Click to collapse
Cool thanks for this I'll follow this instructions to unlock bootloader. I'll post back my findings
krazy_smokezalot said:
Cool thanks for this I'll follow this instructions to unlock bootloader. I'll post back my findings
Click to expand...
Click to collapse
This is a common method to unlock Motorola smartphone bootloader.
Hopefully you will be lucky to get the code, but you may wait up to 2 weeks after initial release.
I can confirm that Motorola will give you the unlock code.
Findings
UNLOCKING AND LOCKING BOOTLOADER WILL WIPE YOUR DEVICE> BACKUP PERSONAL DATA IF YOU WANT TO KEEP IT.
I unlocked the bootloader and flashed the moto G7 plus RETAIL firmware. Everything worked fine except google pay, and verity being disabled.
Installing TWRP would always give me a recovery boot loop, so I stopped trying, instead just booting into TWRP with fastboot.
I cannot get verity enabled, even after flashing stock and locking the bootloader, so that means no Google Pay, no Google Fi, no whatever else requires verity.
Looking at
Code:
fastboot getvar all
Shows a flag that verity is disabled and another flag that warranty is void, even after flashing stock.
The stock firmware I found in a firmware repo, because I failed to do a full backup of my system (I only backed up boot, system, and data).
Would anyone be willing to unlock their bootloader, boot into TWRP, do a full backup, and share it, to see if I can get back to stock with verity enabled? I'd love Google Pay back.
BanterJSmoke said:
I can confirm that Motorola will give you the unlock code.
Click to expand...
Click to collapse
Wow!!!
This is HUGE!!!
Pay in full to get SIM unlocked first followed by bootloader unlock and flash RETAIL ROM and become G7 Plus
CDMA support is unknown
mingkee said:
Wow!!!
This is HUGE!!!
Pay in full to get SIM unlocked first followed by bootloader unlock and flash RETAIL ROM and become G7 Plus
CDMA support is unknown
Click to expand...
Click to collapse
Except it's nearly $100 less expensive to just buy an unlocked g7+

Categories

Resources