Related
I just want to know the difference
Sent from my Wildfire S using XDA
There is no difference. If you unlock bootloader you can gain root.
Sent from my Wildfire S using XDA
SanderTheNinja said:
There is no difference. If you unlock bootloader you can gain root.
Sent from my Wildfire S using XDA
Click to expand...
Click to collapse
Of course there is a difference. Rooting lets you have complete admin rights on your phone, eg access to write files to the system partition for example or delete all the files. Or uninstall system apps.
Unlocking lets you flash an entire new rom or a custom recovery.
OP - There is plenty of info elsewhere, don't be lazy, just do some reading
with an unlocked bootloader, then you are able to root your phone and install custom roms and overclock and root stuff.
an unlocked bootloader is something you must do before having full access to your phone
scott_doyland said:
Of course there is a difference. Rooting lets you have complete admin rights on your phone, eg access to write files to the system partition for example or delete all the files. Or uninstall system apps.
Unlocking lets you flash an entire new rom or a custom recovery.
OP - There is plenty of info elsewhere, don't be lazy, just do some reading
Click to expand...
Click to collapse
I mean, you can only get root if you unlock your bootloader.
Sent from my Wildfire S using XDA
Root
Rooting a device is a method to gain full access to the operating system. With root you can do all the administrative stuff, write to locations normally restricted to the system and customize your device deeper.
Root enhances your privileges and you are able to change almost anything inside of your rom.
The rooting, however, affects ONLY your operating system (Android)
Unlocked Bootloader
In most devices, the Bootloader is the instance that calls the operating system (Android) and manages direct access to the device's partitions. Having an unlocked bootloader enables you to flash custom roms, custom kernels, recoveries and so on.
Bootloader and Rooting Teamplay
Often it is the case, and so, too in our devices, that a locked bootloader also locks write access to several partitions like the system partition. This is the reason why rooting is not able without unlocked bootloader. Rooting needs write access to the system partition (for storing the superuser binary and the superuser app)
Without unlocked bootloader, only a temporary half-root can be achieved.
Thanks alot guys
Sent from my Wildfire S using XDA
How to unlock bootloader ,but the way that I can lock it again
prdonja said:
How to unlock bootloader ,but the way that I can lock it again
Click to expand...
Click to collapse
Do some research. There are hundreds of posts on this topic.
scott_doyland said:
Of course there is a difference. Rooting lets you have complete admin rights on your phone, eg access to write files to the system partition for example or delete all the files. Or uninstall system apps.
Unlocking lets you flash an entire new rom or a custom recovery.
OP - There is plenty of info elsewhere, don't be lazy, just do some reading
Click to expand...
Click to collapse
19 months after the question was asked, i just happened to be wanting to answer the same question for myself, so I searched and found this thread...
I am happy he asked the question, as it was the first answer I saw in google search... so maybe he could also have done a search 19 months ago, but his question was useful to me, and your response seemed rude and unnecessary. You never know who may benefit from a little generosity.
Mark.
scott_doyland said:
Do some research. There are hundreds of posts on this topic.
Click to expand...
Click to collapse
I know that you're not rude (even though you sounded so). You replied what was correct and appropriate.
But my research for the question in question (pun unintended) on google pointed me straight to this very thread.
So, it would be greater if someone had posted some more good links besides their rude looking remark (again, not rude, but just looking so).
theq86 said:
Root
Rooting a device is a method to gain full access to the operating system. With root you can do all the administrative stuff, write to locations normally restricted to the system and customize your device deeper.
Root enhances your privileges and you are able to change almost anything inside of your rom.
The rooting, however, affects ONLY your operating system (Android)
Unlocked Bootloader
In most devices, the Bootloader is the instance that calls the operating system (Android) and manages direct access to the device's partitions. Having an unlocked bootloader enables you to flash custom roms, custom kernels, recoveries and so on.
Bootloader and Rooting Teamplay
Often it is the case, and so, too in our devices, that a locked bootloader also locks write access to several partitions like the system partition. This is the reason why rooting is not able without unlocked bootloader. Rooting needs write access to the system partition (for storing the superuser binary and the superuser app)
Without unlocked bootloader, only a temporary half-root can be achieved.
Click to expand...
Click to collapse
Thanks for this useful info
I agree. It is the autumn of 2014, and I've been reading webpages until my eyes are bleary. This is the 1st thread that actually explains how the two concepts relate rather than descending into buttonology. I think the OP's question hits the nail on the head (well, one of them at least) and he doesn't need to be treated in a demeaning manner.
Wow, 1 year after last post, I thanked he asked this question! Was thinking as same as u, loll
fredphoesh said:
19 months after the question was asked, i just happened to be wanting to answer the same question for myself, so I searched and found this thread...
I am happy he asked the question, as it was the first answer I saw in google search... so maybe he could also have done a search 19 months ago, but his question was useful to me, and your response seemed rude and unnecessary. You never know who may benefit from a little generosity.
Mark.
Click to expand...
Click to collapse
Root vs bootloader
If i have an unlocked bootloader can i install apps that require root. Will they still work even though im not rooted?
Deogracias said:
If i have an unlocked bootloader can i install apps that require root. Will they still work even though im not rooted?
Click to expand...
Click to collapse
I'm not an expert, but here's my understanding from months of reading up on this: Unlocking the bootloader lets you install a program known as Recovery, which is another program that lets you install operating systems, e.g., stock Android, CyanogenMod. Whether you have root or not is determined by settings made after the operating system is installed. So unlocking a bootloader is different from root. You can have either one without the other. However, I am also left with the impression that software that helps you unlock the bootloader also give you root (and perhaps vice-versa). This dual functionality is designed into the software, but they are separate things which don't have to both happen.
I just reviewed my answer and realized that it doesn't really address the quoted question very directly. Unfortunately, there is no "delete" function. So hopefully, it helps a bit. As further info, I unlocked bootloader, changed the Recovery, and replaced the native Android OS from Koodo with CyanogenMode. However, I did not root. Hopefully, someone else can chime in with further experience.
I've been wondering about this for years, as well. I don't feel confident doing things to my phone that I don't understand. I'm sure I'll never have a thorough understanding, as I'm not a programmer, but even a rough one would suffice. This is the same reason why I will only attempt certain operations on my car -- if I muck it up, I'm boned.
I rooted my phone (or maybe unlocked the bootloader?) a couple years ago, and never got around to doing anything else with it, because I couldn't figure out how to "do a recovery" (still don't know what that means, exactly). Or maybe I unlocked the bootloader, and never rooted it? I'm still confused. I see LOADS of folks who throw the terms around, whom I suspect, actually have no clue. I have a Verizon S4 MDK 4.2.2, and I just now finished the process -_- Better late than never? Now, I'm trying to decide if it's worth the headache, and possible risk, of installing custom ROMs, etc. Also, I know my phone is "SO old!!' and blah-blah-blah. At least if I screw things up now, I can get a new phone with a new contract, etc.
I really wish Verizon weren't such dirtbags about the locked bootloader thing.
No
SanderTheNinja said:
There is no difference. If you unlock bootloader you can gain root.
Sent from my Wildfire S using XDA
Click to expand...
Click to collapse
Heee is full difference between rooting and unlocking bootloader
Rooting - Administrative access to the entire file system including the ability to change system files such as installing system-wide ad-blocker by modifying the host file on your device, or uninstalling system apps, such as bloatware that comes pre-installed on your device. Without root, one can only see files in root directory instead of editing them. Some alps and mods only work with root.
Unlocking bootloader- To understand this term, one need to know the meaning of bootloader first. In simple terms, bootloader is like a person which checks many functions at the time of boot. It's on of the most important part and boots the first. Unlocking bootloader means asking that person to give us rights to do some modifications in our device like flashing custom recovery, rom etc.
prdonja said:
How to unlock bootloader ,but the way that I can lock it again
Click to expand...
Click to collapse
ADB
Hi all, I've done a fair bit of searching and reading up but not sure I can find definitive answers to whether there are any downsides to rooting my One X.
I am thinking similar to tethered jailbreaks in the iOS world, where if you run out of juice you have to cable up to get it to boot up etc.
I would like to root, so I have the freedom to use a few of the tweaks and mods on xda (such as the tweak to change the default - read too high - auto brightness levels), not sure I will actually replace my entire rom at this stage, just root so I can use some of these minor tweaks.
so, is there anything that I need to genuinely consider before making the leap, some specific questions that spring to mind are;
1. Can I always easily revert it ?
2. Read some posts where people are struggling to charge once it hits 0% ? Is this an actual problem if I just root ? I do not want to brick a phone or have to prize open the case to take batteries out etc
3. If I chose to replace ROM's in the future, are there actual apps that more or less backup all your apps and settings so you can just reload that one app after a new ROM is installed, restore a backup and I am good to go, or do you have to manually setup everything from scratch again ?
Thanks for any advice you guys can offer.
ta
Mart
The only downside to rooting is you get hooked on flashing. It's very easy to get back to stock. As long as you have proper RUU for your region that goes with your CID and all is fine.
At present, the only rooting method involves unlocking the bootloader. It can be locked again. But it's 'relocked' rather than 'locked'. So your warranty is still void in some cases.
I'm waiting for root method which doesn't require an unlocked bootloader. Or non HTCDEV Unlocked bootloader and S-OFF before I do mine, but that's just me
Sentinel196 said:
So your warranty is still void in some cases
Click to expand...
Click to collapse
HTC will only refuse your warranty if you balls up your phone as a result of flashing roms. Everything else such as hardware defects will leave the warranty in tact.
not wanting to wait for a software exploit that may never come,user Sonic2756 has stepped up and purchased an htc service card,or java card,to provide the vzw one community with a "right now!" s off option. make sure yuo thank him in this thread: Purchased a JavaCard for S_OFF
this method uses an official htc java card to turn off the phones security data. the card exists as a legitimate tool for cell phone shops and re-sellers,primarily for the purpose of removing the phones simlock.
since this method of s off is somewhat unusual,this thread is intended to help support folks that are unsure of the differences and similarities.
first and foremost,these are my words,sonic has not helped with these posts,tho i hope he will let me know if theres anything he wants changed. if any info you see here and use melts your phone into a little pile of aluminum goo,its not sonics fault,nor is it mine. use this info at your own risk.
in this first post,i thot a few FAQs needed to be put in one place,as they are being asked over and over again in the thread.
Frequently Asked Questions
Q: what is s off?what does it do for me?
A: in a nutshell,s-off=security off. it removes all security checks and allows access to all partitions of the phone this means you can:
-change hboot
-change splash inage
-change radios
-flash unsigned files
-go backwards in firmware versions
-other things that maybe ill add later
Q: is this legit??
A:yes,it is. as mentioned above,the java card is a legitimate tool used by some large cell phone repair shops and re-sellers.
Q: how does this work?
A:the java card is plugged into a USB On The Go cable,and plugged into the phone. the java card contains htc-signed diagnostic files wich are used to clear security data. when the phone is booted to hboot with the java card plugged in,it finds the diagnostic file and jumps to a mode where the user can clear "s58" data. this removes any simlock,changes the CID to a generic "supercid",and most importantly,turns off the phones radio secure flag. hooray!
this not sonic,nor is this an htc one. it is a one X using the same method,it will give you a good idea what the process looks like:
HTC One X S-OFF
Q: what exactly is a java card?
A: simply,a java card is an sd card with a microprocessor in it. if someone wishes to provide a more detailed definition,id be happy to put it here. a bit more info here
Q: can we clone the java card so everyone can have s off?
A: yes. but its complicated,and the card to begin with is expensive. there have been some technical discussions about this in sonic's original thread. the simple answer is that it is not easy,or practical to clone the java card.
Q: why do i have to pay for this?? shouldnt s off be free?
A: if you have a prollem paying for this service,you are welcome to purchase your own java card and offer the service for free. as has been stated,the java card is expensive- upwards of $1000 depending how may credits are included.
further,even if a software exploit was available,it is good custom to donate to the devs who brought you the tool. remember,no one here owes you custom roms,s-off,etc. support your devs and what they bring you. in this case,sonic has purchased an expensive htc tool,shipping supplies,and has to invest a great deal of time getting your phone s-offed,packed up,and hauled back to the post office. not to mention the website he has set up for the service. there is nothing wrong with making his $$ back,and a bit extra for his time and efforts.
Q: is the card good forever?
A: NO! the java card has a limited number of uses. he has stated he can sell about 250 s off services,and do 10 developer phones for free. after those credist are gone,you are SOL unless a new exploit is found,or there is enuff interest for sonic to buy a second card.
Q: how do i know how many credits are left?
A:Sonic's website shows the number of avaiable spots left, right above the quantity select/add to cart,in the "product description". simply go to the website,then click the htc one picture.
Q: if im allready unlocked,should i still get s off?
A: in my opinion,yes. s off is better. it allows more options to recover soft-bricked devices,and allows access to all partitions. an s on phone is still doing plenty of security checks. it also allows a permantly installed recovery to install the boot image. the downside is that your phone WILL let you brick it if your not careful. know what your flashing and why. double check md5 sums to verify the integrity of your downloads. a corrupt bootloader ot radio can damage your phone,potentially unrecoverably. if you just asked "what is an md5sum?" stop and google it now. there are numerous md5summers avaialable for free on the vast interweb,download one and start using it.
Q: if im allready unlocked and running a custom rom and recovery,do i need to take any precautions?
A: yes. the diag file is designed to work on stock software and firmware. i would strongly recomend to:
-restore a bone stock nandroid,or flash a bone stock rom
-reflash your stock recovery
-reflash your stock boot image if you were running a custom kernel
-select 'factory reset' option from hboot
Q: will this wipe my phone?
A: yes it will. so back up your sd card to the pc,and be prepaired to have to re-set everything up when you get it back.
Q: does my phone need to be active?
A: no it does not.
Q: do you need my sim card?
A: no he does not.
Q: what is the turn around time?
A: again,these are my words. from the thread,5-7 days. please remember sonic has real life activities to attend to,so you may want to wait until the initial wave has subsided. if he has alot of phones to do,it may take him longer.
Q: im a tight ass,can i use cheaper shipping?
A: yes,you can. the initial shipping is picked and paid for by you. be as tight as you want. the return shipping is priority mail with $600 worth of isurance. if you have such faith in the united states post office,and humanity that you do not feel this is needed,then you can chose the cheaper return shipping option sonic has provided.
Q: how do i activate a spare phone while mine is away?
A:it depends on the phone. if you have another 4g vzw phone,you can simply swap over your active sim. if the sim is larger in the spare phone,adapters do exist for extremely cheap on ebay and amazon. alternately,you can call vzw or go to their website to activate an older 3g device.
Q: how do i activate my phone when it comes back?
A: like you normally would. s off by itself does not change anything about the phone or how it oporates. its what you do afterward/modify that can have an impact on "normal" operation. so if you moved your sim into another phone,just move it back. if you mailed your phone directly to sonic with the protective film still on it,then take everything out of the box and activate just like you would if it had just come from vzw.
Q: will i be able to unlock the bootloader if my phone is s off?
A: yes. when the phone comes back,it will have "supercid". this ignores the mid(model id) check that htcdev does on the phone,and will let you get a token and unlock.
Q: are there advantages to unlocking the bootloader?
A: you have a couple extra fastboot commands you can use:
fastboot flash partition imagename.img
and
fastboot boot imagename.img
these commands are useful to install recovery,and boot images into phone memory. with fastboot bootfor example,you can temporarily launch recovery on the phone to flash su if you dont want to permantly install it.
Q: so do i NEED to unlock the bootloader to install recovery?
A: no,you do not. you can install recoveries and all other partitions as zip files. more info on that later.
Q: does superCID give you any benefits?
A: in a word,no. on a gsm device where you have multiple carrier and regional firmwares that will work,supercid is of value. with a device on vzw,you can only use vzw ruus anyway since this is a unique cdma/lte device. further,accepting an OTA with supercid could leave you unrecoverably bricked,plus it may interfer some some verizon functions(i remember inc 4g users having issue,but the details escape me)
IMO,after unlocking your bootloader,if you choose to do so,you should change your CID back to stock VZW__001 (thats 2 underscores- cid is always 8 digits)
Q: is my cid unique to my particulare phone?
A: no,it is not. it is unique to a carrier or region. all verizon phones ever made have a cid of VZW__001
Q: how do i change my cid back to stock?
A: with this fastboot command:
fastboot oem writecid VZW__001
Q: why is my cid always present on the hboot screen?
A: i dont know htc's logic,but this is simply what the phone does while its s off. it will display whatever your cid is,and is not dependent of your bootloader being locked or unlocked.
Q: what about the TAMPERED and unlocked/relocked badges?
A: if your phone was unlocked when you sent it in, youll get it back factory fresh locked. the tampered badge,i am unsure of at this time,and will update as more info is obtained.
if you sent in a brand new phone,it obviously wont be different(with exception of s off)
one of the big advantages of s off,is that the tampered flag is not triggered by adding a custom recovery or kernel,and since s off removes the various write protections that exist,it is posible to reset either flag. more info on the lock status flag here
Q: will an OTA change my s-off or lock status?
A: it is possible. altho,it is highly unlikely since turning the radio secure flags on via an OTA would also do so on legitimate pre-release test phones.
however...
it really is not reccomended that you try and take an OTA while rooted. a custom recovery is unable to install HTC's OTA pacakage,and attempting to do so ca jam you up horribly. taking an OTA with bloat and system files remove will typicaly result in failure,and taking an OTA with supercid could lead to a processor "do not boot" mode,wich is very effectively a hard brick only recoverable via jtag. or a new device.
the best way to update a rooted device is to update the rom with a recovery-flashable zip file,and the firmware extracted from the OTA package. this will update you just like taking the OTA. there is nothing magical about over the air updates. please,just do it manually. leave the OTAs for the stock crowd.
last and not least!
Q: im convinced! what do i do once i get back my stock,s-off phone?
A: please see post 2
_____________________________________________________________________________________________
the above was just off the top of my head,ill add to them later as they come to me,feel free to post if you have further questions,costructuve criticism,or feedback.
once you have recieved your stock,s off device back,your basic steps are:
1)change CID back to stock verizon
2)install a recovery
3)install a rom or root access
you have 2 options to install recovery:
1)unlock the bootloader and use fastboot commands
2)leave the bootloader locked,and flash a recovery as a zip file in RUU mode
either way works. i personally always keep my bootloader unlocked so i can use fastboot commands,but we dont know for sure if the lock status flag can be reset,so the bootloader screen reads locked again.
its remotely possible that it may be difficult to reset the lock status flag,so if being locked for a possible warranty exchange is important to you,dont unlock just yet. relocked is the best you can do without some trickery.
to "root by recovery" is not a new concept. once there are no write protections,its easy to install a custom recovery,and use that recovery to either insert the superuser files into the stock rom,or replace the rom entirely.
1) change cid back to stock verizon
this is actually very easy. simply put the phone in fastboot,change to fastboot directory,and enter in a cmd window:
fastboot oem writecid VZW__001
yes,those must be capital letters,and there are 2 underscores.
2) install a recovery
via one of these 2 methods:
1)unlock the bootloader
your phone has come back from sonic with "supercid",wich will allow you to unlock the bootloader natuarally via the htcdev website. see this post for a bit more info on that.
unlocking the bootloader is fairly straightforward,just make sure you use a vzw one specific image. download from one of the following threads:
twrp
clockworkmod touch or classic
the image is easily installed via an unlocked bootloader with the following command:
fastboot flash recovery imagename.img
for example,recovery named CW_touch_recovery:
fastboot flash recovery CW_touch_recovery.img
the image must be in your fastboot working directory.
if you need more specific help with unlock/recovery flashing you can use this guide.
2) keep locked bootloader
the bootloader can stay locked for this method. you can in fact use this to install a new image to any partition,as long as the image is packed up in a proper file.
this assumes a working adb/fastboot and drivers installed. if you dont have these things,you can use this guide from above,downloading the files in post 1,and following the set up adb and prepair to root part in step 2.
once you have adb and fastboot working,download one of the following recovery zip files. do NOT unzip or extract.
twrp: http://www.mediafire.com/download/6gbk9s5y6angyf9/openrecovery-twrp-2.6.0.1-m7vzw.zip
CW touch: http://www.mediafire.com/download/43h8k47blfboci9/recovery-clockwork-touch-6.0.3.6-m7vzw.zip
CW classic: http://www.mediafire.com/download/w57cqx7cpmxbz44/recovery-clockwork-6.0.3.6-m7vzw.zip
your zip file is flashed in the following manner:
if youre working with a booted,operational phone,you can flsh the file in the following manner:
-open a cmd window
-change to adb/fastboot directory
cd c:\foldername
(cd c:\mini-adb if youve used any of my guides )
-place the zip file you want to flash into adb/fastboot directory
-enable usb debug,disable fastboot,plug in phone
-check for connectivity
adb devices (should return serial number)
-boot to fastboot
adb reboot bootloader
-check for connectivity again
fastboot devices
-flash the file
fastboot erase cache
fastboto oem rebootRUU (will put you in ruu mode,black screen silver htc letters)
fastboot flash zip zipfilename.zip (will send and flash the file. dont interupt it while the cmd window shows its writinging,and the green status bar is moving on the phone screen)
*sometimes a file will fail with a pre-update error. this is normal,just enter again:
fastboot flash zip zipfilename.zip
and this time it will finish
-when you get "finished" and "OK"
fastboot reboot-bootloader (takes you back to fastboot)
-reboot back to the OS
fastbooot reboot
you can use this if you dont have an operational phone as well. you just need to manually put the phone in fastboot(select from hboot menu) then skip the "adb" commands and start with fastboot devices
Click to expand...
Click to collapse
3) install a rom or root access
this is a simple matter of using recovery to either flash superuser,or flash a new rom. in either case,MAKE A BACKUP OF YOUR STOCK UNROOTED ROM!
flash superuser just as you would a rom,after a cache/dalvik wipe. theres tons of info out there on using recovery,so im not going in to great detail on that here.
i dont have this device(well,i dont have the vzw version) so dont ask me whats the best rom to flash. browse the development and original development sections and pick a couple out to try.
if you wish to just run rooted stock,i perosnally prefer superSU to other versions of superuser. you can download it from this thread
_____________________________________________________________________________________________
optional:
if you sent in your phone with a custom recovery installed,and it still is displaying the tampered banner,see this thread to remove it: http://forum.xda-developers.com/showthread.php?p=46182709#post46182709
if you want to lock,or unlock your bootloader without messing with htcdev,see this thread for those directions: http://forum.xda-developers.com/showthread.php?t=2470340
if you want to restore your supermid from PN073**** back to stock verizon,see this thread:
http://forum.xda-developers.com/showthread.php?t=2490777
_____________________________________________________________________________________________
*work in progress. there will likely be some revisions,but i wanted to get something up for the folks whose devices are coming back
mine too!
thanks for this. Guess I need to order a sim adapter so I can mail my phone off.
nrfitchett4 said:
thanks for this. Guess I need to order a sim adapter so I can mail my phone off.
Click to expand...
Click to collapse
your welcome. ill get some more added to it,how tos and such in the next day or 2. but for now im tired and 5am comes early,lol.
for what its worth,ive used sim adapters like these:
http://www.amazon.com/Micro-card-ad...=1378950374&sr=8-14&keywords=sim+card+adapter
and these:
http://www.amazon.com/eForCity-Micr...=1378950374&sr=8-13&keywords=sim+card+adapter
and personally found the ones with an open back to be a lil easier to use. i switch my sim around alot(to the point its wearing out and ill prolly need a new one soon )
saved
thank you!
Thanks
Sent from my HTC6500LVW using Tapatalk 4
scotty1223 said:
your welcome. ill get some more added to it,how tos and such in the next day or 2. but for now im tired and 5am comes early,lol.
for what its worth,ive used sim adapters like these:
http://www.amazon.com/Micro-card-ad...=1378950374&sr=8-14&keywords=sim+card+adapter
and these:
http://www.amazon.com/eForCity-Micr...=1378950374&sr=8-13&keywords=sim+card+adapter
and personally found the ones with an open back to be a lil easier to use. i switch my sim around alot(to the point its wearing out and ill prolly need a new one soon )
Click to expand...
Click to collapse
yeah, just found one that has adapters for nano up to mini. Will be here friday. Will have to live with the rezound for a week.
Thanks so much for making this!
I'm working with Sonic on this (mainly setting up and maintaining the website), but I would like to offer some insight on the JavaCard:
A Javacard is a special type of microsd card (smart card, this is the same thing as those NFC wallets or whatever that use a smart cards) that contains a microprocessor. It also has a signed and encrypted java applet that is set up to run whatever the maker wants it to. In this case HTC set it up to communicate with the phone for diagnostic services. It is also capable of carrier unlocking the phone. Due to digital signatures (when this card is almost burned I'm planning on taking a look at it) the card only has a certain number of phones that can be s offed or unlocked (it works on a credit system - 2 credits s off 1 credit carrier unlock). Everything on the card is locked up like fort knox to my knowledge but we shall see!
We also currently have the diag files needed for several other phones and can S-off them too. Not sure of all of them atm but Sonic posted it in the other thread a few days ago.
Cheers!
Sent from my SGH-M919 using xda app-developers app
Question, If where s-offed then HTCdev unlock with super sid then change the sid to VZW but somehow get locked again I.e. OTA update, is it possible to unlock again or change the sid back to super sid to unlock?
Sent from my ADR6425LVW using Tapatalk 2 - my one is out getting' s-offed
RebelShadow said:
Question, If where s-offed then HTCdev unlock with super sid then change the sid to VZW but somehow get locked again I.e. OTA update, is it possible to unlock again or change the sid back to super sid to unlock?
Click to expand...
Click to collapse
+1 I had the same question.
And again, why would you take said OTA to begin with? It goes against every principle of rooting. If you root, you NEVER take OTA's.
If you get it, either post the ota zip or link and wait for someone to patch the base up with it. It doesn't make the update better if you take the one that downloads to your phone versus flashing an updated rom.
I don't know what it is about OTA's that makes people willing to jump through hoops just to take the "official" one.
CNexus said:
And again, why would you take said OTA to begin with? It goes against every principle of rooting.
If you get it, either post the ota zip or link and wait for someone to patch the base up with it. It doesn't make the update better if you take the one that downloads to your phone versus flashing an updated rom.
I don't know what it is about OTA's that makes people willing to jump through hoops just to take the "official" one.
Click to expand...
Click to collapse
I can't speak for RebelShadow but I meant more along the lines of if we S-OFF and something happens - via VZW - that reestablishes S-ON.. can it be S-OFF'd again without the Java Card?
I mean I don't know if there is anything VZW could do to reestablish S-ON, and I've heard even if they could they wouldn't because they would mess with legitimate developers.
It's not that I want to take OTA's, I'd refuse them and wait for the community to provide it. It was more of a 'what happens if S-OFF is switched back to S-ON'?
If S-OFF ever gets toggled back to s-on, the game is over. You would need some updated exploit or another java card round.
It's like leaving your house with your keys inside. There's no way back in unless you find some back door.
So I originally had an unlocked bootloader with Twrp recovery and sent it to sonic for s-off. He did his java card magic and now I'm good. Mine has tampered now and just curious what is the best way, if possible right now, to get rid of it?
isoh said:
Thanks so much for making this!
I'm working with Sonic on this (mainly setting up and maintaining the website), but I would like to offer some insight on the JavaCard:
A Javacard is a special type of microsd card (smart card, this is the same thing as those NFC wallets or whatever that use a smart cards) that contains a microprocessor. It also has a signed and encrypted java applet that is set up to run whatever the maker wants it to. In this case HTC set it up to communicate with the phone for diagnostic services. It is also capable of carrier unlocking the phone. Due to digital signatures (when this card is almost burned I'm planning on taking a look at it) the card only has a certain number of phones that can be s offed or unlocked (it works on a credit system - 2 credits s off 1 credit carrier unlock). Everything on the card is locked up like fort knox to my knowledge but we shall see!
We also currently have the diag files needed for several other phones and can S-off them too. Not sure of all of them atm but Sonic posted it in the other thread a few days ago.
Cheers!
Sent from my SGH-M919 using xda app-developers app
Click to expand...
Click to collapse
your quite welcome! just my little part to help you guys out,this is a great service that is being offered. sonic has done my one x,but i was unsure the extent that he is willing to do other devices,i figure folks can contact him prior to purchasing the service if they wish for other models to be done. better way to say it,i was unsure how much he wanted to advertise the other models he had the diags for. if the vzw s-offs slow down,id be happy to add the list of phones to the OP,and replicate this in other forums. im sure the tegra 3 one x and x+ crowds would have some interest,those devices have been out a long time with no exploit for s off,and no real hope on the horizon.
my one x is one of my favorite all time devices. i use it at work,and use my one in the evenings. im actually considering seeking out a black one x to send him as well
thanks for the insight on the java card,ill add it,or a link to it,in the OP
RebelShadow said:
Question, If where s-offed then HTCdev unlock with super sid then change the sid to VZW but somehow get locked again I.e. OTA update, is it possible to unlock again or change the sid back to super sid to unlock?
Sent from my ADR6425LVW using Tapatalk 2 - my one is out getting' s-offed
Click to expand...
Click to collapse
one4thewings said:
+1 I had the same question.
Click to expand...
Click to collapse
an OTA is unlikely to change your lock status,or your radio secure flag. while it is technically possible,this would also break legitimate test devices functionality,so the chances of it are slim to none.
there is not much reason to relock your bootloader with s off. you can run an ruu with the phone unlocked. to directly answer your question,however,if you did relock the bootloader,you can easily change the cid back to 11111111 with the same comand and re-unlock
fastboot oem writecid xxxxxxxx
or
fastboot oem writecid 11111111
to re-supercid
Thank you for answering without the "OTA" rant. I not not concerned with taking an OTA as I'm planning on using a custom ROM but was asking as a what if / just in case scenario.
Sent from my ADR6425LVW using Tapatalk 2
deleted due to dumb post
andybones said:
so once we get the phone back and we have unlocked with htc dev to get unlocked bootloader, and want to go back to stock CID
the fastboot command is
"fastboot oem writecid xxxxxxxx"
and not just "fastboot oem writecid"
or do you have to have those (8) "x"'s?
Click to expand...
Click to collapse
Not quite sure if I know what you're saying, but to go back to the stock CID is:
fastboot oem writecid VZW__001
I think the x's he put are just to show that you can put in any 8 numbers, as long as they're all the same (ie. 22222222, 77777777) to get Super-CID back.
Nevermind, 11111111 is Super, VZW__001 is stock.
PapaSmurf6768 said:
Not quite sure if I know what you're saying, but to go back to the stock CID is:
fastboot oem writecid VZW__001
I think the x's he put are just to show that you can put in any 8 numbers, as long as they're all the same (ie. 22222222, 77777777) to get Super-CID back.
Click to expand...
Click to collapse
ahh sh*t I am a dumb$$, thank you
I see now that the "VZW__001" is the 8 x's and different for each carrier, thank you!
got confused for a second there.
Hi,
My wife HTC m9(UK, Vodaphone, latest stock ROM, No root) was turned off last night to charge.
When booted up it does the below. It does not load into the OS. Every boot loops into the below.
https://drive.google.com/file/d/0B8n21CQX7535cjF4MnZqV2E1dGM/view?usp=sharing
It says the software has been modified?
My wife was very insistent that I never root or change ROMS on her phone.
Does anyone have a fix or is this send off for replacement?
Any advice would be greatly appreciated.
Thanks
Ca1v
ca1v said:
Hi,
My wife HTC m9(UK, Vodaphone, latest stock ROM, No root) was turned off last night to charge.
When booted up it does the below. It does not load into the OS. Every boot loops into the below.
https://drive.google.com/file/d/0B8n21CQX7535cjF4MnZqV2E1dGM/view?usp=sharing
It says the software has been modified?
My wife was very insistent that I never root or change ROMS on her phone.
Does anyone have a fix or is this send off for replacement?
Any advice would be greatly appreciated.
Thanks
Ca1v
Click to expand...
Click to collapse
What happens if you try to boot to Download Mode? I guess you see the black screen that is mentioned in Q7, right? If that's the case there isn't much you can do...
Download mode seems to be working (https://drive.google.com/file/d/0B8n21CQX7535cEFhTlpnajF5anM/view?usp=sharing)
If this is the case, can you point me in the right direction to get resolved?
Many thanks for the help
Flippy498 said:
What happens if you try to boot to Download Mode? I guess you see the black screen that is mentioned in Q7, right? If that's the case there isn't much you can do...
Click to expand...
Click to collapse
Download mode seems to be working (https://drive.google.com/file/d/0B8n...ew?usp=sharing)
If this is the case, can you point me in the right direction to get resolved?
Many thanks for the help
Interesting. Your video in post 1 shows a security warning. That means that the OS got deleted. This is only possible if you unlock the bootloader and delete it manually via TWRP or if the EMMC gets broken. Since the phone's S-ON and its bootloader is locked and not unlocked or relocked I assumed that the latter happened*.
As long as the download mode is working you can restore the system with the help of a RUU. Instructions can be found in the thread I linked in my last post. Be aware that all data on the phone is going to get erased.
* Well, it is possible to get the phone's status back to S-ON and locked with S-OFF but you said you never tinkered with that phone...
Flippy498 said:
Interesting. Your video in post 1 shows a security warning. That means that the OS got deleted. This is only possible if you unlock the bootloader and delete it manually via TWRP or if the EMMC gets broken. Since the phone's S-ON and its bootloader is locked and not unlocked or relocked I assumed that the latter happened*.
As long as the download mode is working you can restore the system with the help of a RUU. Instructions can be found in the thread I linked in my last post. Be aware that all data on the phone is going to get erased.
* Well, it is possible to get the phone's status back to S-ON and locked with S-OFF but you said you never tinkered with that phone...
Click to expand...
Click to collapse
Just thought I'd bring to your attention that apps are now being written that will try to obtain root without you knowing. The reason is that they can steal any information they want and sell it to corporations for as little as 4 pence/6c a record.
It is possible that it is a failed root by an app.
"I'm safe, I only download my apps from google playstore" - nope, you're not.
"I only use signed apps and the checksum is always correct" - nope, checksum can be matched with padding.
"I only use external sources to update genuine apps" - nope, see the Google playstore comment above.
"I have all my security and privacy set to super strict, I have my apps verified by google" - nope, still not secure because alerts are only written when the malicious/bad code is found.
Be warned, my fellow xda'ers. There is a whole new breed of security breach and it is terminal to root as a whole. Apps like kingoroot etc are issuing the wrong type of people with the wrong type of information and they are using it for the wrong purposes.
Google will stuggle to put a lid on these types of apps because they attack the hardware for access to software (a simple memory buffer overflow attack), inject a few lines of code and you're in, permanently. It will eventually result in a total lockdown at the manufacturer and bye bye root access, roms, mods etc, you'll get what you're given.
How do we prevent this?. We don't and we can't. We just have to sit back and watch as the world takes our privacy while bricking our devices one by one just to "try" to earn a poxy 4p.
Beamed in by telepathy.
@shivadow: I'm actually not sure what you're trying to achieve with your post. Malicious apps that can root your device without letting the user know about that exist since several years now. (Click here for a random example from 2011) Smartphones aren't completely safe and they never were. Everyone who's claiming the opposite either doesn't know what he/she is talking about or is simply lying.
To name just a few more android security flaws/exploits that emerged in the past: rageagainstthecage, gingerbreak, heartbleed, stagefright, the master key vulnerability, the futex bug, rootnik...
All of these have more or less been used for manipulating android phones. There is no absolute security. Android is still as secure/insecure as it's always been.
In addition, several OEMs are already trying to prevent their customers from rooting their phones since several years. Samsung's KNOX is a perfect example. (I don't want to discuss whether they're successful. That's a whole different topic.)
But let's get back to the deleted OS of the OP's phone: I've never heard about failed root attempts that erase a complete system partition. Therefore, I highly doubt that a malicious app caused all the trouble. Failed root attempts may cause a bootloop but they don't wipe your phone. Just think about the following: How should the dev of such app gain money if the app deletes OSes? Without OS there is no information you can steel and if you have no information you could sell/abuse/whatsoever you don't gain any money. Oh and not to forget that most apps on the play store already collect more than enough data from your phone they can sell afterwards without having to root it.
I meant failed root could be the cause, if the op didn't then who did?. If no-one modded it then dead nand is the only player..
I agree with every thing else but I don't trust those apps that try to gain root in the background to steal data and I think it's too easy for them to bugger your phone just for the sake of making a few coins. Face it, if I was doing it, once I had what I wanted I wouldn't care about the device. Sod the gracious exit and all that jazz.. No evidence, no conviction.
Maybe I'm being ott but my questions and points are still valid.
This is a proper "who dunnit" because I doubt it died of its own accord.
Knox is for businesses btw. If knox is triggered, which is very easy to do, the business is advised not to buy the device as it "may" have been compromised. But if no company secrets are being held on the device then it's still good to use. Knox protection was counteracted by supersu. In a nutshell, unless you run a company knox is of no concern to the everyday user.
Just thought I'd chuck that in there, I'm versed in the arts of the s3 i9300. I moved from that phone to this m9.
Beamed in by telepathy.
Hi, I understand that the G-2PW2100s all share identical hardwares, but are the bootloader partitions interchangeable between the Verizon ones & non-Verizon ones? (<- This is question #1) i.e. Can I for example use NJH47F factory image instead of NHG47Q (Verizon) from https://developers.google.com/android/images#marlin on a Verizon marlin assuming the bootloader is unlocked? Or if the stock rom is already rooted and I can overwrite the bootloader partitions via dd? Or perhaps fastboot boot twrp and then dd the bootloader partitions?
If so, can one say there are then no differences between these G-2PW2100 variants? (<- This is question #2)
Update 1: Since everyone focuses on the unlockability and ignores what's asked above, let me state that I know there's currently no way to unlock the bootloader or root the Verizon Pixel, and the purpose of this thread is to collect information in order to help those stuck with a locked bootloader on Verizon Pixels. If you have such information, feel free to share; repeating "you can't unlock/root" is not helpful. I do not own a Verizon Pixel, and I have absolutely nothing to gain from this; I merely want to give back to the community.
Rooting gives one access to read/write the partitions on the eMMC, therefore gives the ability to overwrite the bootloader partitions, which allows unlocking the bootloader.
Unlocking the bootloader also grants read/write access to the partitions on the eMMC, therefore allowing one to overwrite the partitions on the eMMC.
Sneaking an OTA pre-rooted image may or may not be possible, so is finding another way to gain access such as disabling signature check.
The point is, it comes down to the ability to write the partitions on eMMC; once it's writable, you own everything that's on the eMMC. Most people tend to think it's only about the ability to root/unlock, which isn't exactly false, but it's not exactly true either.
Update 2: According to aboot.c, the last byte of the eMMC controls whether a device can be unlocked or not (assuming the compiled aboot in your device uses this logic) For future reference, code is attached.
I don't think you can fastboot boot twrp img with lock bootloader.
Sent from my SM-G950U using Tapatalk
Nochis said:
I don't think you can fastboot boot twrp img with lock bootloader.
Sent from my SM-G950U using Tapatalk
Click to expand...
Click to collapse
Right, but if there's a way to flash or write to the partitions, it should be able to convert a Verizon Pixel to a non-Verizon Pixel. That's what I'm trying to confirm.
AncientDeveloper said:
Right, but if there's a way to flash or write to the partitions, it should be able to convert a Verizon Pixel to a non-Verizon Pixel. That's what I'm trying to confirm.
Click to expand...
Click to collapse
You can't overwrite a locked bootloader...that is the very definition of a locked bootloader. Yes, you need root. Root either temporary or permanent is what is needed to unlock the VZ phones. This has been covered a million times here.
TonikJDK said:
You can't overwrite a locked bootloader...that is the very definition of a locked bootloader. Yes, you need root. Root either temporary or permanent is what is needed to unlock the VZ phones. This has been covered a million times here.
Click to expand...
Click to collapse
The question asked in the post was that if this was doable, then there should be no differences between the 2 variants? I have not asked if unlocking the bootloader is possible at the moment.
Go ahead, brick it. You can't. Same hardware doesn't mean same software, there's still a difference.
martinez5241 said:
Go ahead, brick it. You can't. Same hardware doesn't mean same software, there's still a difference.
Click to expand...
Click to collapse
The Verizon image is obviously different than the non-Verizon one. That's a proven as the checksums are different. The question asked was that by loading the non-Verizon image into a Verizon Pixel, does it effectively make the phone non-Verizon since the hardware is the same?
Lets clear up some misconceptions here.
The phones ship with exactly the same image. It is not until you put in a VZ SIM do you get the different image. And it is only changes to radio and some network settings. Don't matter where you bought it, and it has nothing to do with locking.
Verizon does not lock the phone. They all ship locked including Googles. When you start it up it phones home to Google and Google decides if the phone qualifies to be unlocked. If so it unlocks. Verified with packet captures.
You will not unlock this phone without root. You will not flash anything other than OTA's without root.
If Rooted
yes on the first
NO on the second
TonikJDK said:
Lets clear up some misconceptions here.
The phones ship with exactly the same image. It is not until you put in a VZ SIM do you get the different image. And it is only changes to radio and some network settings. Don't matter where you bought it, and it has nothing to do with locking.
Verizon does not lock the phone. They all ship locked including Googles. When you start it up it phones home to Google and Google decides if the phone qualifies to be unlocked. If so it unlocks. Verified with packet captures.
You will not unlock this phone without root. You will not flash anything other than OTA's without root.
Click to expand...
Click to collapse
chazall1 said:
If Rooted
yes on the first
NO on the second
Click to expand...
Click to collapse
Since we're on the "unlockability" subject, we know that once it normal boots with a Verizon SIM, it becomes not unlockable; but does anyone know if it's because the phone contacts Verizon/Google & received "you can't unlock" command, or the baked-in factory image is pre-programmed to do this once the phone boots with a Verizon SIM?
Technically, one would just need to gain access to write to the eMMC; rooting is one way to gain such access.
AncientDeveloper said:
Since we're on the "unlockability" subject, we know that once it normal boots with a Verizon SIM, it becomes not unlockable; but does anyone know if it's because the phone contacts Verizon/Google & received "you can't unlock" command, or the baked-in factory image is pre-programmed to do this once the phone boots with a Verizon SIM?
Technically, one would just need to gain access to write to the eMMC; rooting is one way to gain such access.
Click to expand...
Click to collapse
It has nothing to do with the sim. This has been covered a million times. Some think it's the cid. Others think it's the IMEI. Either way it's nothing you can get around without temp root.
toknitup420 said:
It has nothing to do with the sim. This has been covered a million times. Some think it's the cid. Others think it's the IMEI. Either way it's nothing you can get around without temp root.
Click to expand...
Click to collapse
I don't have a Verizon Pixel to verify what you're saying, but according to this post, what you said is not true. Either way, I'm just trying to study the specifics and help the community, and I have nothing to gain or lose by either helping or not helping the community.
As mentioned, "rooting" is one way to gain access to write the system onto eMMC, unlocking bootloader is another; there may or may not be other methods. Saying one cannot get around without temp root is quite an absolute statement. And yes, I have also read most of the "million" threads.
AncientDeveloper said:
I don't have a Verizon Pixel to verify what you're saying, but according to this post, what you said is not true. Either way, I'm just trying to study the specifics and help the community, and I have nothing to gain or lose by either helping or not helping the community.
As mentioned, "rooting" is one way to gain access to write the system onto eMMC, unlocking bootloader is another; there may or may not be other methods. Saying one cannot get around without temp root is quite an absolute statement. And yes, I have also read most of the "million" threads.
Click to expand...
Click to collapse
Okay let me definitively explain this.
VZW Pixel's run the EXACT same software Google Store Pixel's that insert a VZW SIM get. The factory image you run doesn't affect your unlock ability at all.
A Google Store Pixel will update to the VZW build if a VZW SIM is inserted.
DISCLAIMER: From here down is conjecture based on my findings, reverse engineering, and things said/found around the forums.
/** begin my thoughts **/
A few things affect unlock ability (this isn't a catch all list, just from my findings):
1. Is the device SIM locked? - if yes, return grey out "Allow OEM Unlock" switch, if no, continue.
2. Is the device IMEI/MEID on approved by Google to be unlocked? - if this is met, allow "Allow OEM Unlock" to be checked, if not, continue checks.
3. Is the CID a non-unlockable CID (CID = Carried ID ex. VZW___001 on VZW sold Pixels) - if this is met (meaning that the CID is on a specific list of CID's like VZW's for example), grey out "Allow OEM Unlock", if not, allow "Allow OEM Unlock" to be checked.
If when the device connects to Google's servers it passes the above checks, the switch can be toggled.
If the switch can be toggled, you can unlock your device.
Hence why random VZW Pixels are unlockable for no apparent reason, their IMEI isn't VZW's or it doesn't have the VZW MEID (which comically is "vzwmeid"), then the CID being one of a locked device doesn't matter, because that check is never reached.
/** end my thoughts, back to cold hard facts **/
Though I may not be certain of the exact order/magnitude of the checks, the same basic principle applies, its a list of if/then statements. "Flashing an unlocked bootloader" doesn't even make sense in the context of 99% of devices. If you were on a VZW Pixel, and magically were able to flash a non-VZW generic factory image, bootloader set and all, you'd still be unable to unlock all the same.
Now, what else do we know? The device's switch can be toggled if /data/system/users/ 0.xml reports <restrictions> as "false".
This file cannot be edited without root, which many will say "...requires an unlocked bootloader...", but that isn't right.
Currently there are 3 main methods to root access:
- /system/ root - in which the SU binary is put in /system/, as /system/ already has the set-suid capability (which allows SU to actually work), this used to be the go to way, but as of DM-Verity's unveiling in Android 6.0 Marshmallow, we can't remount the system partition read/write, as the verity contexts would be changed, and the device would refuse to boot (and I haven't seen any public DM-Verity bypasses/vulnerabilities). An example of this is SuperSU installed in "System Mode". This can't be used on Locked Bootloader devices (running higher than Android 6.0 Marshmallow), because DM-Verity is enforced in the kernel (which is signature checked).
- Boot Image Root - in which the SU binary is put in the ramdisk, which has the set-suid capability (which allows SU to actually work), this was ChainFire (and later everyone else's) method to root Android 6.0 Marshmallow and beyond while respecting DM-Verity, with this method, we still can't remount the system partition read/write, as the verity contexts would be changed, and the device would refuse to boot (and I haven't seen any public DM-Verity bypasses/vulnerabilities). An example of this is SuperSU installed in "System-less Mode", or any Magisk installation. This can't be used on Locked Bootloader devices because the ramdisk is signature checked.
- Temporary Root - in which the SU binary is either put in /system/ in memory (like we saw with the DirtyCow vulnerability/exploits), or in the /data/ partition (this won't work unless we use some method to give /data/ the set-suid capability). To explain a little more, you've likely seen devices with Locked Bootloaders and /system/ write protection making use of these temp-root setups, like carrier editions of the Samsung Galaxy Note 4/5 with locked bootloaders, and of HTC phones that are S-ON/Bootloader locked. On these devices the exploit needs to be re-run after each boot (hence the "temp" part of temp-root).
The Pixel's can't be rooted with the top two methods due to the combination of DM-Verity and the bootloader being Locked. Though, temp-root can work.
All dePixel8 did was temp-root the Pixel's, remove the restrictions in that file (no proof of this one, though I believe it did), and manually set the "unlockable" bit that the "Allow OEM Unlock" sets when flipped on.
Hence why JCase (one of its creators) said "If anyone hands us a temp-root, we will release another unlock for the Pixel's.". It is literally as simple as plugging in the new temp-root exploit.
Now, the problem with finding a temp-root solution for the Pixel's is that they are one of the most secure and updated devices on the market, often getting Android's monthly security patches before any other device. What I would do it I were serious about it (and let me tell you, I am not), is surf the Android security bulletins and CVE boards for "Privilege Escalation" vulnerabilities that have public PoC's or exploits, and then either further reverse dePixel8 to figure out what bit they set, or just ask JCase, because if you can prove you have temp-root working, I'd bet he'd be friendly enough to talk it through with you. Now granted, that train of thought will only result in an unlock for a previous month's security patch level, but it is better than nothing.
As I noted above, I am not putting this here to express interest in me working on this (for those that might recognize me from my S4 research, or other security ventures), but have seen so much misinformation on these forums, and so much general misunderstanding that I felt it would be helpful to throw this out publically.
Tl;DR: Please link the confused to this post.
npjohnson said:
Tl;DR: Please link the confused to this post.
Click to expand...
Click to collapse
Thank you for your time and effort. I did not want to explain all that. I was attempting to collect information, but instead ended up explaining myself and replying replies that weren't related to the questions I asked.
Anyway, here's a minor update: According to the aboot.c code (and assuming the logic is not modified), the last byte of the eMMC controls whether the device is unlockable. Having root would be nice as it allows the user to write anything onto the eMMC, which makes this rather easy if it's a matter of overwriting one byte.
AncientDeveloper said:
Thank you for your time and effort. I did not want to explain all that. I was attempting to collect information, but instead ended up explaining myself and replying replies that weren't related to the questions I asked.
Anyway, here's a minor update: According to the aboot.c code (and assuming the logic is not modified), the last byte of the eMMC controls whether the device is unlockable. Having root would be nice as it allows the user to write anything onto the eMMC, which makes this rather easy if it's a matter of overwriting one byte.
Click to expand...
Click to collapse
Which aboot.c are you analyzing?
1. Google uses its own lock/unlock mechanism, much alike many other OEM's.
2. msm8996 uses non-standard LK, so it the public LK logic isn't necessarily what we use.
npjohnson said:
Which aboot.c are you analyzing?
1. Google uses its own lock/unlock mechanism, much alike many other OEM's.
2. msm8996 uses non-standard LK, so it the public LK logic isn't necessarily what we use.
Click to expand...
Click to collapse
Yes, in fact, the public aboot.c requires OEM implementation in order for it to work as some functions are merely defined as interfaces where OEM has to implement the actual code.
Perhaps I should've been more clear on "assuming the logic is not modified". What I meant was, if the OEM did not change the specific position of the unlock byte, this is where it'd be. Of course, there's no way to verify this without (1) obtaining the OEM aboot.c or (2) experimenting it on a device. One of the OnePlus for example, stores it at position 0x000FFE10.
This particular aboot.c is listed under quic/la from codeaurora under a late enough branch, where marlin is under.
Hope this clears things up a bit.
AncientDeveloper said:
Yes, in fact, the public aboot.c requires OEM implementation in order for it to work as some functions are merely defined as interfaces where OEM has to implement the actual code.
Perhaps I should've been more clear on "assuming the logic is not modified". What I meant was, if the OEM did not change the specific position of the unlock byte, this is where it'd be. Of course, there's no way to verify this without (1) obtaining the OEM aboot.c or (2) experimenting it on a device. One of the OnePlus for example, stores it at position 0x000FFE10.
This particular aboot.c is listed under quic/la from codeaurora under a late enough branch, where marlin is under.
Hope this clears things up a bit.
Click to expand...
Click to collapse
If you need some one to test this theory out for ya, I've got a VZW Pixel xl. I've also got a Nexus 6p I can fall back on if we "F UP" my Pixel. Plus I've brought back a lot of phones from brick. Even the Bootloader locked LG Flex. And those Flex owners thought it couldn't be done.
mattwheat said:
If you need some one to test this theory out for ya, I've got a VZW Pixel xl. I've also got a Nexus 6p I can fall back on if we "F UP" my Pixel. Plus I've brought back a lot of phones from brick. Even the Bootloader locked LG Flex. And those Flex owners thought it couldn't be done.
Click to expand...
Click to collapse
That's very brave of you. I've been exploring the possibility of using EDL (QDLoader 9008) mode to overwrite the whole eMMC with an already-unlocked image. Pixel is in an unique position to try this as all US versions share the same hardware (except marlin vs sailfish), so there shouldn't be a reason why they can't run the same image.
Shameless bump.