Related
Man, I've really done research until my eyes are ready to pop out lol. Can someone please help me.
I'm using this guide to try and unlock my bootloader: https://www.youtube.com/watch?v=cfpehEkhfyg
Problem is, it's for a verizon version, mine's a note 4 T-mobile sm-n910t3
I'm just a noob and never had to do this unlock bootloader crap on my note 2. I need help.
I just want to unlock the bootloader, and flash recovery, supersu, and a cool rom like res. remix or CM remix.
On the video, the part I'm stuck on is he's using a file: "samsung_unlock_n4-2" with no file extension (.xxx)
I'm assuming this is a bootloader file?? I found a bootloader for my version which is a folder with contents:
FOLDER: BL_N910T3_DOK2 CONTENTS: aboot.mbn / NON-HLOS.bin / rpn.mbn / sbl1.mbn / sdi.mbn / tz.mbn
He goes on to use a CMD and fastboot to temporarily root the phone to install TWRP recovery,
but when he pushes this command: "adb push samsung_unlock_n4-fix /data/local/tmp/"
I don't think I can do that with a folder and I don't know which file to use.
QUESTION:
-DOES ANYONE KNOW WHICH FILE I NEED
-OR-
IS THERE A BETTER WAY TO FLASH A CUSTOM KERNEL THAT UNLOCKS THE BOOTLOADER, THEN ROOT, FLASH ROM AND EVERYTHING A LOT EASIER.
Side note, I didn't know I had to unlock FRP and tried to flash recovery. I also tried CFautoroot.
Both are blocked from working so I'm just assuming the bootloader is locked, otherwise it would say "mode developer" on the stock recovery. Off topic, I started reading about CyanogenMod Installer.... wtf ever happened with this program?!?!?! It sounds awesome!! It said it even would unlock bootloaders and everything. It was only after reading that it was put out of service that I stopped doing my happy dance. why in the fudge brownie cheesecake would you delete something so awesome? Anyway, can you guys plesaea help before I commit android suicide. That would be great.
I CAN'T BOOT INTO CUSTOM RECOVERY. IF I COULD DO THAT I COULD DO ANYTHING. UGGGGG
Anything, whatever...
I'm at a loss here......
It's been days and I'm frustrated.
910T3 versions are locked down for good after 6.0.1MM update but you could DO2 it and then just be stuck without wireless and NFC. Lol, its just so dumb isnt it lol. Pretty soon in the future maybe they'll jusf give us an option to have our devices custom made by your own specs??
djscottallen said:
Man, I've really done research until my eyes are ready to pop out lol. Can someone please help me.
I'm using this guide to try and unlock my bootloader: https://www.youtube.com/watch?v=cfpehEkhfyg
Problem is, it's for a verizon version, mine's a note 4 T-mobile sm-n910t3
I'm just a noob and never had to do this unlock bootloader crap on my note 2. I need help.
I just want to unlock the bootloader, and flash recovery, supersu, and a cool rom like res. remix or CM remix.
On the video, the part I'm stuck on is he's using a file: "samsung_unlock_n4-2" with no file extension (.xxx)
I'm assuming this is a bootloader file?? I found a bootloader for my version which is a folder with contents:
FOLDER: BL_N910T3_DOK2 CONTENTS: aboot.mbn / NON-HLOS.bin / rpn.mbn / sbl1.mbn / sdi.mbn / tz.mbn
He goes on to use a CMD and fastboot to temporarily root the phone to install TWRP recovery,
but when he pushes this command: "adb push samsung_unlock_n4-fix /data/local/tmp/"
I don't think I can do that with a folder and I don't know which file to use.
QUESTION:
-DOES ANYONE KNOW WHICH FILE I NEED
-OR-
IS THERE A BETTER WAY TO FLASH A CUSTOM KERNEL THAT UNLOCKS THE BOOTLOADER, THEN ROOT, FLASH ROM AND EVERYTHING A LOT EASIER.
Side note, I didn't know I had to unlock FRP and tried to flash recovery. I also tried CFautoroot.
Both are blocked from working so I'm just assuming the bootloader is locked, otherwise it would say "mode developer" on the stock recovery. Off topic, I started reading about CyanogenMod Installer.... wtf ever happened with this program?!?!?! It sounds awesome!! It said it even would unlock bootloaders and everything. It was only after reading that it was put out of service that I stopped doing my happy dance. why in the fudge brownie cheesecake would you delete something so awesome? Anyway, can you guys plesaea help before I commit android suicide. That would be great.
I CAN'T BOOT INTO CUSTOM RECOVERY. IF I COULD DO THAT I COULD DO ANYTHING. UGGGGG
Anything, whatever...
I'm at a loss here......
It's been days and I'm frustrated.
Click to expand...
Click to collapse
So far i know is N910T3 bootloader is not locked unlike verizon or at&t .
All you have to do is go to settings/about device and hit on build number 7 times .
You will see in settings "developer options" go to OEM UNLOCK and just turn it on this will unlock your bootloader and make sure reactivation lock is turned off in settings/security.
Thats it now you can go to download mode and flash twrp recovery and flash any rom from twrp compatible for your model.
Trex888 said:
So far i know is N910T3 bootloader is not locked unlike verizon or at&t .
All you have to do is go to settings/about device and hit on build number 7 times .
You will see in settings "developer options" go to OEM UNLOCK and just turn it on this will unlock your bootloader and make sure reactivation lock is turned off in settings/security.
Thats it now you can go to download mode and flash twrp recovery and flash any rom from twrp compatible for your model.
Click to expand...
Click to collapse
Did this work, as in actually unlocking the bootloader right then, just by checking that box? I thought that option only got the phone ready for unlocking or something like that. I'm trying to root a T3 and don't want to flash over an unlocked bootloader, of course.
Trex888 said:
So far i know is N910T3 bootloader is not locked unlike verizon or at&t .
All you have to do is go to settings/about device and hit on build number 7 times .
You will see in settings "developer options" go to OEM UNLOCK and just turn it on this will unlock your bootloader and make sure reactivation lock is turned off in settings/security.
Thats it now you can go to download mode and flash twrp recovery and flash any rom from twrp compatible for your model.
Click to expand...
Click to collapse
Has anyone tried this? I have an 910T3 running a custom ROM on lollipop 5.1.1. I wish to try and upgrade to marshmallow 6.0.1, and eventually a new custom ROM, but I am hesitant to do so as I have read that the 910T3 cannot be downgraded, should I like to return back to lollipop.
After setting OEM unlock , don't you need to use a procedure with adb fastboot through a terminal interface to unlock the bootloader?
I would love to know more about this before I attempt and irreversible upgrade.
Any help or advice would be greatly appreciated.
580guy said:
Has anyone tried this? I have an 910T3 running a custom ROM on lollipop 5.1.1. I wish to try and upgrade to marshmallow 6.0.1, and eventually a new custom ROM, but I am hesitant to do so as I have read that the 910T3 cannot be downgraded, should I like to return back to lollipop.
After setting OEM unlock , don't you need to use a procedure with adb fastboot through a terminal interface to unlock the bootloader?
I would love to know more about this before I attempt and irreversible upgrade.
Any help or advice would be greatly appreciated.
Click to expand...
Click to collapse
Once you upgrade to marshmallow you cannot downgrade to lollipop forget it.
To unlock bootloader you just have to turn on oem unlock thats it no need adb.
If you are already running custom rom as you mentioned your bootloader should be already unlocked.
Trex888 said:
Once you upgrade to marshmallow you cannot downgrade to lollipop forget it.
To unlock bootloader you just have to turn on oem unlock thats it no need adb.
If you are already running custom rom as you mentioned your bootloader should be already unlocked.
Click to expand...
Click to collapse
So, trying to clarify, what you are saying is once you upgrade to marshmallow bootloader is permanently locked? From what I understand, locked bootloaders are what prevent you from changing ROMs, so I assume you are saying that OEM unlock will not work under marshmallow?
So no way I could reflash DOK2 Bootloader and return to Lollipop again? Or just flash a stock Lollipop ROM with ODIN?
580guy said:
So, trying to clarify, what you are saying is once you upgrade to marshmallow bootloader is permanently locked? From what I understand, locked bootloaders are what prevent you from changing ROMs, so I assume you are saying that OEM unlock will not work under marshmallow?
So no way I could reflash DOK2 Bootloader and return to Lollipop again? Or just flash a stock Lollipop ROM with ODIN?
Click to expand...
Click to collapse
Oem unlock will work no problem on marshmallow and you can root & flash roms easily same as lollipop.
But you can only flash marshmallow roms once you upgrade.
I was saying only you cannot downgrade from marshmallow to lollipop.
odin will fail if you try to downgrade
Trex888 said:
Oem unlock will work no problem on marshmallow and you can root & flash roms easily same as lollipop.
But you can only flash marshmallow roms once you upgrade.
I was saying only you cannot downgrade from marshmallow to lollipop.
odin will fail if you try to downgrade
Click to expand...
Click to collapse
Thanks for the reply. In doing more searching around I found one of your older posts from 2016 and it sounds to me like it is a idiosyncrasy of the 910t3. I believe you stated you sold the T3 and ended up getting a 910T for that reason, so you could downgrade if you wished. Looks like I will be sticking with lollipop, unless I get another motherboard or phone. Thanks again for the response.
I know that there are a lot of the missing OEM Unlock posts, but this isn't about how to force it to appear.
What I would like to know is that if I want to stay on the stock ROM, but I don't have the OEM unlocked option, would I be able to factory reset to clear out encryption and then root with Magisk?
The guide says that I need to have OEM unlocked to be able to root, so I'm curious what would happen if I tried to root with the OEM still being locked? Would I soft brick it?
This is quite different from the other phones I've used and it's extremely frustrating that Samsung decided to pull this kind of bs on everyone and so far, there's no solution to it.
Thanks
If the OEM switch is not visible and switched on, then you cannot flash any non-official binaries, which means you can't flash TWRP or Magisk, which at this point means you can't get root. That's why everything boils down to the OEM switch being enabled. Please contact Samsung expressing your dissatisfaction about this OEM issue. All of us should, until they react to remedy this.
If we can get to fastboot, why can't we boot TWRP, install Supersu/magisk and dm-verity thus gaining root.
This wouldn't replace the stock recovery.
I believe this was how the Axon 7 was rooted prior to bootloader unlock being presented/found.
I do this on one of my phones (not Samsung) as I only want root access and still be able to get OTA updates.
Would booting TWRP instead of flashing it trip Knox and would root be gained or would you find the boot partition or other system files be altered and you get the error that seems to popping up on these devices?
Just throwing this out there as food for thought.
ultramag69 said:
If we can get to fastboot, why can't we boot TWRP, install Supersu/magisk and dm-verity thus gaining root.
This wouldn't replace the stock recovery.
I believe this was how the Axon 7 was rooted prior to bootloader unlock being presented/found.
I do this on one of my phones (not Samsung) as I only want root access and still be able to get OTA updates.
Would booting TWRP instead of flashing it trip Knox and would root be gained or would you find the boot partition or other system files be altered and you get the error that seems to popping up on these devices?
Just throwing this out there as food for thought.
Click to expand...
Click to collapse
Having an unlocked bootloader is what would allow us to use fastboot to boot or flash an image. Just because we can access fastboot, doesn't mean we can get it to write to partitions, even temporarily. I haven't messed with a Samsung phone for years, so I could be wrong. This has been my experience with google bootloader in general.
fragtion said:
If the OEM switch is not visible and switched on, then you cannot flash any non-official binaries, which means you can't flash TWRP or Magisk, which at this point means you can't get root. That's why everything boils down to the OEM switch being enabled. Please contact Samsung expressing your dissatisfaction about this OEM issue. All of us should, until they react to remedy this.
Click to expand...
Click to collapse
From what I did read from other threads, if you don't see the option in the Developer Option Settings, then you shouldn't need to enable it
77Eric77 said:
From what I did read from other threads, if you don't see the option in the Developer Option Settings, then you shouldn't need to enable it
Click to expand...
Click to collapse
I was reading about this as well and what I got from that was in regards to custom roms, the oem unlock option is default to unlock and hidden. but for the stock rom, it's locked by default unless visibly given the option. otherwise when you go into download mode, it'll show FRP Lock: On.
Sent from my SM-G930F using Tapatalk
di11igaf said:
Having an unlocked bootloader is what would allow us to use fastboot to boot or flash an image. Just because we can access fastboot, doesn't mean we can get it to write to partitions, even temporarily. I haven't messed with a Samsung phone for years, so I could be wrong. This has been my experience with google bootloader in general.
Click to expand...
Click to collapse
Ah, but if I want to just root and nothing else, would I still need to have the bootloader unlocked? I'm used to rooting stuff but the technicalities and mechanics of the process escapes mr.
my hope is to atleast root the stock rom and factory reset including wiping the internal sd to start fresh. but if I factory reset on a stock rom, the internal storage would still be encrypted right?
Sent from my SM-G930F using Tapatalk
mputtr said:
Ah, but if I want to just root and nothing else, would I still need to have the bootloader unlocked? I'm used to rooting stuff but the technicalities and mechanics of the process escapes mr.
my hope is to atleast root the stock rom and factory reset including wiping the internal sd to start fresh. but if I factory reset on a stock rom, the internal storage would still be encrypted right?
Sent from my SM-G930F using Tapatalk
Click to expand...
Click to collapse
This is why I want to know if we can boot TWRP. It boots TWRP but leaves the stock recovery.
However, I'm not sure if the boot image is altered when flashing root. I know Magisk seems to alter the boot image but not sure if SuperSU does.
Would this trigger KNOX?
If it does trip KNOX, it's not worth booting into TWRP, might as well just bite the bullet and install but only if bootloader is unlocked 1st... Too expensive to just brick it for an experiment...
ultramag69 said:
This is why I want to know if we can boot TWRP. It boots TWRP but leaves the stock recovery.
However, I'm not sure if the boot image is altered when flashing root. I know Magisk seems to alter the boot image but not sure if SuperSU does.
Would this trigger KNOX?
If it does trip KNOX, it's not worth booting into TWRP, might as well just bite the bullet and install but only if bootloader is unlocked 1st... Too expensive to just brick it for an experiment...
Click to expand...
Click to collapse
personally I don't care about knox. I just want to be able to root and restore my apps so I can transfer my stuff from my s7 to the note 8 and freeze all the bloatware like touchwiz and stuff.
from what I gleaned from reading the threads is magisk makes a copy of the boot image as a backup.
but again I just want root and I can wait for a longer term solution in how to fix this moronic 7 day jail bs.
but I think knox will get tripped the moment you root
Sent from my SM-G930F using Tapatalk
mputtr said:
I was reading about this as well and what I got from that was in regards to custom roms, the oem unlock option is default to unlock and hidden. but for the stock rom, it's locked by default unless visibly given the option. otherwise when you go into download mode, it'll show FRP Lock: On.
Sent from my SM-G930F using Tapatalk
Click to expand...
Click to collapse
I didn't have OEM option as well (FRP lock was ON), I just followed me2151 guide but I was getting the partition error, so in first part I also added BL and after that everything went smoothly.
KNOX wasn't tripped, it's rooted as of this moment and tomorrow I will be installing custom rom.
PS: And yes it was an experiment but I was willing to take the risk because after reading half a day about no OEM option in developer options everyone was saying if it's not there you don't need it, I wasn't 100% sure but I was 98% sure I'm not going to brick it. btw I'm using Telus N950W note8 (locked)
I think you might want to be careful on that. I'm not sure who "everyone" is but the others like Dr.Ketan did not even recommend rooting without unlocking the option first and it seems to me that the general gist of the other thread (the 150+ page thread) was that you need it explicitly unlocked.
The ones who talked about not seeing the option means you probably don't need it are talking about custom roms (like renovate) that purposefully hid the option since it's already defaulted to unlocked on that rom.
I haven't used any custom roms yet, but that seems to be what I'm reading.
77Eric77 said:
I didn't have OEM option as well (FRP lock was ON), I just followed me2151 guide but I was getting the partition error, so in first part I also added BL and after that everything went smoothly.
KNOX wasn't tripped, it's rooted as of this moment and tomorrow I will be installing custom rom.
PS: And yes it was an experiment but I was willing to take the risk because after reading half a day about no OEM option in developer options everyone was saying if it's not there you don't need it, I wasn't 100% sure but I was 98% sure I'm not going to brick it. btw I'm using Telus N950W note8 (locked)
Click to expand...
Click to collapse
just following up. Were you able to root and flash a custom rom with OEM Unlocked checked after all?
Sent from my SM-G930F using Tapatalk
mputtr said:
just following up. Were you able to root and flash a custom rom with OEM Unlocked checked after all?
Sent from my SM-G930F using Tapatalk
Click to expand...
Click to collapse
I was able to root it but the boot loader is still locked. It's faster without the bloatware and what not. KNOX is disabled. There is still no twrp and custom rom for Snapdragon to the best of my knowledge. It did change the model of the phone from N950W to N950U1.
finally got the OEM Unlock option and rooted + stock recovery... i had to restart my phone to bring my android ID back to the one I always used.. and got locked out...
so 7 more days for me. And all I wanted to do was to have Titanium backup up and running so i can transfer my phone over....
i am hating what samsung has done
I had a rooted (magisk) X4 (google_fi) with twrp 3.2.1. I removed root and reflashed the stock rom (OPW27.1) and relocked the bootloader.
Everything works fine even the OTA updates (I OTA'd back up to OPWS27.1.3, but there is an annoying yellow startup screen that displays "My device has loaded a different operating system." From what I read it's because the ROM isn't digitally signed? Is that correct?
Any way to remove this screen on startup?
**FYI this is not the unlocked bootloader screen this is something else.
Thanks.
Ok so google pay won't work. It says I have an unlocked bootloader and/or custom software. I have a stock rom, recovery, bootloader, and the bootloader is locked. Shouldn't it work? I never had this problem after flashing stock and relocking my old Moto X Pure.
ptn107 said:
reflashed the stock rom (OPW27.1)
Click to expand...
Click to collapse
I am not able to help with removing the boot message you're seeing, but is that copy of the stock rom you flashed still available and is it for Android One/Fi?
Yes and yes.
https://firmware.center/firmware/Mo...ubsidy-DEFAULT_regulatory-DEFAULT_CFC.xml.zip
did you managed to remove the message? I'm having the same problem
My theory:
You've flashed an original signed stock rom, but that stock rom signature is not the same of the bootloader.
CypherPotato said:
My theory:
You've flashed an original signed stock rom, but that stock rom signature is not the same of the bootloader.
Click to expand...
Click to collapse
Hi, I have the same problem and I have flashed the rom of this post. How could it be solved?. Thanks.
ptn107 said:
Yes and yes.
https://firmware.center/firmware/Mo...ubsidy-DEFAULT_regulatory-DEFAULT_CFC.xml.zip
Click to expand...
Click to collapse
Does this help?
jsis83 said:
Hi, I have the same problem and I have flashed the rom of this post. How could it be solved?. Thanks.
Click to expand...
Click to collapse
How have u flashed it?
My payton bootloader is blocked and I can't unlock it.
How did u unlocked your bootloader?
CypherPotato said:
How have u flashed it?
My payton bootloader is blocked and I can't unlock it.
How did u unlocked your bootloader?
Click to expand...
Click to collapse
https://www.getdroidtips.com/unlock-bootloader-moto-x4/
CypherPotato said:
My theory:
You've flashed an original signed stock rom, but that stock rom signature is not the same of the bootloader.
Click to expand...
Click to collapse
How to solve this?
so are we all mad? I've googled for hours, it seems to be you need a factory image of our phones to correct this problem.
figured it out, you need to supply your own keystore to remove the message in fastboot
https://youtu.be/OfWFmhucWlg?t=15m33s
how do you match rom to the correct bootloader? I've installed the 8.0.0 rom I get the same boot error as stated above. I'm trying to get everything back to stock to get the 8.1 update
we would need a factory image, that Motorola never will provide..
squanchy said:
we would need a factory image, that Motorola never will provide..
Click to expand...
Click to collapse
Isn't this exactly that?
https://forum.xda-developers.com/moto-x4/development/flash-official-frmware-moto-x4-t3730750
jhedfors said:
Isn't this exactly that?
https://forum.xda-developers.com/moto-x4/development/flash-official-frmware-moto-x4-t3730750
Click to expand...
Click to collapse
if it was a real factory image it would contain a developer keystore in the image, and people wouldn't get the yellow bootloader warning message..
Like I get from all these images posted on this Forum.
If the Keystore doesn't match your original phones Hardware Keystore, it uses the Image's keystore instead. A factory Image, has no keystore or sometimes a universal keystore, and you won't get the mentioned error.
I obtained all this information just watching a Android Developer talk about Verified Booting, but it never goes into detail how to remedy this issue. So unless I spend hours and hours learning how to re-compile an image from source, or figure out where my keystore is located, I'll be stuck with this message.
Because each manufacturer is different, they don't always follow the same Practices.
Hi, is there anyone who fix it finally? I have exactly the same problem. After update on Pie, the message "verity mode is set to disable" is displayed while booting. I'm desperate, I really don't know how to fix it. I tried almost everything
PlaviiCZ said:
Hi, is there anyone who fix it finally? I have exactly the same problem. After update on Pie, the message "verity mode is set to disable" is displayed while booting. I'm desperate, I really don't know how to fix it. I tried almost everything
Click to expand...
Click to collapse
You can't just ignore it? It does not affect functionality.
ptn107 said:
You can't just ignore it? It does not affect functionality.
Click to expand...
Click to collapse
I think it does, Google Pay cannot add my debet card cause it says "Your device is rooted or customized".
In the FAQ thread it was stated that once you unlock the bootloader you can NOT completely return to a pre-unlocked state.
Coming from Nexus, I usually unlock my bootloader and leave it that way, just in case I do something stupid and bootloop the phone. I run everything stock, except for systemless root access which I occasionlly need. If I want to go back to stock, I flash the factory images (mostly just boot.img since I am running systemless root), and relock the bootloader.
On the Moto X4 is there some sort of one-way tripwire when you unlock the bootloader that doesn't get reset when you relock the bootloader?
Is it really the case that the Motorola factory images that are hosted on AndroidFileHost are not factory signed? Is that the source of the issue mentioned in the FAQ? I saw some people mention they were able to flash those images even with bootloader locked, which I thought meant they must have passed some signature verification.
I saw people were able to apply OTAs after flashing to those stock images. If the stock images (flashed through fastboot) weren't factory signed, by the time you successfully flash an OTA wouldn't the result be factory signed? It is just the kernel/boot image that needs to be signed right? The system image is protected by signed dm-verity hash tree that has to be shipped with any update or reading /system partition would just throw up I/O errors.
I don't mind needing to run Magisk to get around Safety Net while I have the bootloader unlocked, but I want the option to flash one of the stock images, relock the bootloader, and have everything work the same as if I never unlocked.
I don't mind the warranty being potentially voided, just want to be able to get back to pre-unlocked state.
I don't want to be relegated to a lifetime of Safety Net workarounds just because I unlocked the bootloader once to try things out.
Can someone clarify this question?
https://forum.xda-developers.com/moto-x4/help/moto-x4-f-q-s-thread-t3814393
Neffy27 said:
4. Can I unlock the bootloader and how do I do that?
The only way to know if your variant can be unlock is via Motorola's website, via their instructions. There is no alternative method. This is the definitive way to find out if yours can be unlock. Typically, users are reporting that the Amazon model cannot be unlocked.
Lenovo has not released factory signed stock images. Once you unlock the bootloader, THERE IS NO RETURN. Safety Net will not pass, modified flag is tripped, and orange bootloader msg will appear at boot. Even when you perform #9.
9. How do I go back to stock?
[Guide][Video/Text] How to Flash Official/Factory Firmware (Moto X4) by @munchy_cool
Click to expand...
Click to collapse
Until Lenovo releases their official signed factory images, the same is not possible as it is with the Nexus and Pixel lines.
sfhub said:
In the FAQ thread it was stated that once you unlock the bootloader you can NOT completely return to a pre-unlocked state.
Coming from Nexus, I usually unlock my bootloader and leave it that way, just in case I do something stupid and bootloop the phone. I run everything stock, except for systemless root access which I occasionlly need. If I want to go back to stock, I flash the factory images (mostly just boot.img since I am running systemless root), and relock the bootloader.
On the Moto X4 is there some sort of one-way tripwire when you unlock the bootloader that doesn't get reset when you relock the bootloader?
Is it really the case that the Motorola factory images that are hosted on AndroidFileHost are not factory signed? Is that the source of the issue mentioned in the FAQ? I saw some people mention they were able to flash those images even with bootloader locked, which I thought meant they must have passed some signature verification.
I saw people were able to apply OTAs after flashing to those stock images. If the stock images (flashed through fastboot) weren't factory signed, by the time you successfully flash an OTA wouldn't the result be factory signed? It is just the kernel/boot image that needs to be signed right? The system image is protected by signed dm-verity hash tree that has to be shipped with any update or reading /system partition would just throw up I/O errors.
I don't mind needing to run Magisk to get around Safety Net while I have the bootloader unlocked, but I want the option to flash one of the stock images, relock the bootloader, and have everything work the same as if I never unlocked.
I don't mind the warranty being potentially voided, just want to be able to get back to pre-unlocked state.
I don't want to be relegated to a lifetime of Safety Net workarounds just because I unlocked the bootloader once to try things out.
Can someone clarify this question?
https://forum.xda-developers.com/moto-x4/help/moto-x4-f-q-s-thread-t3814393
Click to expand...
Click to collapse
AFAIK if you flash a stock image and re-lock the bootloader SafetyNet will pass verification.
Neffy27 said:
Until Lenovo releases their official signed factory images, the same is not possible as it is with the Nexus and Pixel lines.
Click to expand...
Click to collapse
I don't think signed images is necessarily the issue. Even if the images released so far weren't signed (which I haven't verified is the case signed or unsinged), by the time you apply an OTA, they would be signed. Otherwise, it would be impossible for the stock (never bootloader unlocked) units to have a signed image after applying the OTA. The result of applying an OTA must be a factory signed image or it wouldn't pass bootloader check. I saw that people were able to apply an OTA after flashing these images.
It sounds more like some flag is set by bootloader under certain conditions and that doesn't get reset when you re-lock.
On HTC I believe they had something similar where verity mode got switched to logging instead of enforcing (in the bootloader params, not the fstab) and you needed to clear devinfo for things to go back to stock behavior.
AvenidaDelGato said:
AFAIK if you flash a stock image and re-lock the bootloader SafetyNet will pass verification.
Click to expand...
Click to collapse
Based on your personal experience with doing that on an X4 or based on your understanding of how it should work?
That's the way it has worked on other platforms I've used, but I've seen a couple of posts where people say that isn't the case here. They say you still get a warning message on boot after flashing stock. then relocking, and then subsequently when they test safety net it fails.
I know I can do cat and mouse with Magisk and Safety Net for a while to workaround and I don't mind doing that while I have my bootloader unlocked. I am thinking though, I might just get tired of doing that and want to go back to stock and have everything work.
This is also the first platform I've used where the bootloader will erase userdata when you re-lock. All other platforms I've used only erase userdata when you initially unlock (which makes sense)
sfhub said:
Based on your personal experience with doing that on an X4 or based on your understanding of how it should work?
That's the way it has worked on other platforms I've used, but I've seen a couple of posts where people say that isn't the case here. They say you still get a warning message on boot after flashing stock. then relocking, and then subsequently when they test safety net it fails.
I know I can do cat and mouse with Magisk and Safety Net for a while to workaround and I don't mind doing that while I have my bootloader unlocked. I am thinking though, I might just get tired of doing that and want to go back to stock and have everything work.
This is also the first platform I've used where the bootloader will erase userdata when you re-lock. All other platforms I've used only erase userdata when you initially unlock (which makes sense)
Click to expand...
Click to collapse
Based on both. But anyways, I went ahead and flashed the stock OPW28.46-21 image from AFH, made sure to flash the logo.bin file (because I have a modified boot logo), and relocked the bootloader. Here is a screenshot from Magisk Manager showing that SafetyNet passes without Magisk installed after reverting to stock, etc.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
AvenidaDelGato said:
Based on both. But anyways, I went ahead and flashed the stock OPW28.46-21 image from AFH, made sure to flash the logo.bin file (because I have a modified boot logo), and relocked the bootloader. Here is a screenshot from Magisk Manager showing that SafetyNet passes without Magisk installed after reverting to stock, etc.
Click to expand...
Click to collapse
Thanks so much for trying that out for me.
Two other quick questions:
1) did the bootloader stop complaining about boot verification after relocking
2) under play store->hamburger->settings, at the bottom does it say Device certification - Certified?
Thank you very much.
sfhub said:
Thanks so much for trying that out for me.
Two other quick questions:
1) did the bootloader stop complaining about boot verification after relocking
2) under play store->hamburger->settings, at the bottom does it say Device certification - Certified?
Thank you very much.
Click to expand...
Click to collapse
The bootloader still gave an error message saying it has been re-locked (yellow warning text), but that doesn't affect SafetyNet. Not sure about Device Certification as I've already unlocked the bootloader and restored root. However, I'm fairly confident it would be certified based on Google's description of Device Certification.
AvenidaDelGato said:
Based on both. But anyways, I went ahead and flashed the stock OPW28.46-21 image from AFH, made sure to flash the logo.bin file (because I have a modified boot logo), and relocked the bootloader. Here is a screenshot from Magisk Manager showing that SafetyNet passes without Magisk installed after reverting to stock, etc.
Click to expand...
Click to collapse
This conflicts with what other users have reported. Do you mind opening up Google pay to see if it lets you add a card? Your don't have to complete the process.
---------- Post added at 07:13 AM ---------- Previous post was at 07:10 AM ----------
sfhub said:
I don't think signed images is necessarily the issue. Even if the images released so far weren't signed (which I haven't verified is the case signed or unsinged), by the time you apply an OTA, they would be signed. Otherwise, it would be impossible for the stock (never bootloader unlocked) units to have a signed image after applying the OTA. The result of applying an OTA must be a factory signed image or it wouldn't pass bootloader check. I saw that people were able to apply an OTA after flashing these images.
It sounds more like some flag is set by bootloader under certain conditions and that doesn't get reset when you re-lock.
On HTC I believe they had something similar where verity mode got switched to logging instead of enforcing (in the bootloader params, not the fstab) and you needed to clear devinfo for things to go back to stock behavior.
Click to expand...
Click to collapse
What you typed does make sense. I don't have much else to say. If I get another confirmation safety net works, I'll update the FAQs thread.
I was going off this post when I wrote that piece of the FAQs thread, I'll have to keep digging for more reports. Though, people who unlock are most likely rooted, and the safetynet is such an easy work around with Magisk. Thank you @AvenidaDelGato for going through that. Let me know if Google Pay allows you to start the process of adding a card, which model do you have, and I'll update the FAQs thread.
The not being able to go back completely stock is what has kept me from unlocking my 2nd moto x4. 1st one was warranty returned before all these guides were made.
AvenidaDelGato said:
Based on both. But anyways, I went ahead and flashed the stock OPW28.46-21 image from AFH, made sure to flash the logo.bin file (because I have a modified boot logo), and relocked the bootloader. Here is a screenshot from Magisk Manager showing that SafetyNet passes without Magisk installed after reverting to stock, etc.
Click to expand...
Click to collapse
Yep. I was doubtful at first cuz I swore I tried going back to stock, locked bootloader and all and safetynet was failing. I flashed the latest a1 stock image, relocked bootloader and now gpay works.
AvenidaDelGato said:
The bootloader still gave an error message saying it has been re-locked (yellow warning text), but that doesn't affect SafetyNet. Not sure about Device Certification as I've already unlocked the bootloader and restored root. However, I'm fairly confident it would be certified based on Google's description of Device Certification.
Click to expand...
Click to collapse
Thanks again for your feedback. It is appreciated.
Awesome. Thanks to all for feedback. I'll update FAQs thread sometime tomorrow.
funkymonkey_01 said:
Yep. I was doubtful at first cuz I swore I tried going back to stock, locked bootloader and all and safetynet was failing. I flashed the latest a1 stock image, relocked bootloader and now gpay works.
Click to expand...
Click to collapse
Hate to dig up a necro thread but I feel the need to correct a lot of confused information in here. Not sure what version of Android this is referring to back in 2018 (probably Android 8), but Magisk showing SafetyNet passes hasn't been proof of anything at least since that time, as evidenced here. Google Pay still doesn't work which means SafetyNet wasn't really passing.
In my situation on the Moto X4, as soon as I unlocked and flashed the so-called "stock" ROM (which doesn't exist, as it is mentioned above -- Motorola has never released them), initially on Android 8, verity mode went to "logging". While on Android 8, SafetyNet checks (Google's, not Magisk's) passed, and OTA's could take it all the way to Android 9. All of the Android 8 OTA's kept verity mode at "logging" and SafetyNet checks passing, but the Android 9 OTA turned verity mode to "disabled". At that point, SafetyNet checks failed with reason code RESTORE_TO_FACTORY_ROM, and failing CTS profile match while passing basic integrity (here, the bootloader was relocked, not rooted).
sfhub said:
Is it really the case that the Motorola factory images that are hosted on AndroidFileHost are not factory signed? Is that the source of the issue mentioned in the FAQ? I saw some people mention they were able to flash those images even with bootloader locked, which I thought meant they must have passed some signature verification.
I saw people were able to apply OTAs after flashing to those stock images. If the stock images (flashed through fastboot) weren't factory signed, by the time you successfully flash an OTA wouldn't the result be factory signed? It is just the kernel/boot image that needs to be signed right? The system image is protected by signed dm-verity hash tree that has to be shipped with any update or reading /system partition would just throw up I/O errors.
Click to expand...
Click to collapse
The entire problem is that the firmwares floating around aren't signed correctly. I'm not sure what conclusion can be drawn on OTA's succeeding. Verity checks are performed on various partitions and then at different times. It's possible OTA's do not check everything, or that Android 8 or below did not check everything. Maybe unlocking again could help with respect to self-signed firmware, but it would seem that custom firmware on Moto X4 is a risky one-way street with respect to everything that relies on SafetyNet.
However if anyone has updates as of 2022 on any stable Moto X4 firmware with a reliable mechanism to fully pass SafetyNet (e.g. with Universal SafetyNet Fix), I would like to know.
I uninstalled all mods safely and correctly (took a **** ton of research to make sure I did it the correct way), totally unrooted and uninstalled magisk, re-flashed the stock boot and stock db-whatever files both to both slots.
Now I want to use google pay but I can't because the device has been modified--and I assume it's referring to its still unlocked state.
Is it perfectly safe to just lock the bootloader via fastboot? I don't know why it shouldn't be, but I've come across posts saying people have bricked their devices by attempting to re-lock.
finshan said:
I uninstalled all mods safely and correctly (took a **** ton of research to make sure I did it the correct way), totally unrooted and uninstalled magisk, re-flashed the stock boot and stock db-whatever files both to both slots.
Now I want to use google pay but I can't because the device has been modified--and I assume it's referring to its still unlocked state.
Is it perfectly safe to just lock the bootloader via fastboot? I don't know why it shouldn't be, but I've come across posts saying people have bricked their devices by attempting to re-lock.
Click to expand...
Click to collapse
I would flash the full image from Google not just the boot. You don't want to brick your phone. After that you will need to relock the bootloader to pass safety net.
finshan said:
I uninstalled all mods safely and correctly (took a **** ton of research to make sure I did it the correct way), totally unrooted and uninstalled magisk, re-flashed the stock boot and stock db-whatever files both to both slots.
Now I want to use google pay but I can't because the device has been modified--and I assume it's referring to its still unlocked state.
Is it perfectly safe to just lock the bootloader via fastboot? I don't know why it shouldn't be, but I've come across posts saying people have bricked their devices by attempting to re-lock.
Click to expand...
Click to collapse
Install factory image
Fastboot -w (or reset in recovery)
Fastboot flashing lock
Reboot
finshan said:
I uninstalled all mods safely and correctly (took a **** ton of research to make sure I did it the correct way), totally unrooted and uninstalled magisk, re-flashed the stock boot and stock db-whatever files both to both slots.
Now I want to use google pay but I can't because the device has been modified--and I assume it's referring to its still unlocked state.
Is it perfectly safe to just lock the bootloader via fastboot? I don't know why it shouldn't be, but I've come across posts saying people have bricked their devices by attempting to re-lock.
Click to expand...
Click to collapse
Magisk is passing saftey net.