Related
I have read that unlocking BL breaks BE2 and camera enhancements for Z series. But since no such things exist on our XMD, I wanted to know what else would I lose in the process.
Also I have read that miracast is not working properly after unlocking BL !!
I am currently rooted on 4.3 LB.
You lose, everything on /data partitions.
DRM keys, so things like gracenote in the Music app.
Ability to OTA
Warranty!
Remember to flash stock atleast once, immediately after unlocking, so it can repair the /data.
Can't think of anything else. I only used unlocked stock for an hour.
And finally, DON'T FORGET TA BACKUP!!!!
I've seen a lot of cases where the NAND memory breaks after unlocking the bootloader. Be aware of that.
gamer649 said:
I've seen a lot of cases where the NAND memory breaks after unlocking the bootloader. Be aware of that.
Click to expand...
Click to collapse
I know what you are talking about, but I don't think anyone came to the conclusion that Unlocking BL causes it. Personally, I think that it was a faulty batch of NAND, but no-one knows.
p.s. I'd more more than happy to be corrected, so long as you can prove what the cause of this is.
theperson333 said:
I know what you are talking about, but I don't think anyone came to the conclusion that Unlocking BL causes it. Personally, I think that it was a faulty batch of NAND, but no-one knows.
p.s. I'd more more than happy to be corrected, so long as you can prove what the cause of this is.
Click to expand...
Click to collapse
I don't think there is one explicit cause of the NAND breaking. And I don't think there is any proof that unlocking the bootloader causes this. But if you look at the correlation between users reporting the 0017 message from flashtool and those who had unlocked their bootloader it is a strong correlation. However, correlation does not equal cause and as I said, I don't think there is an explicit cause, just strong correlation.
TBH I think my NAND had started to fail on the Xperia M I had (and still have as a back up). It was starting to miss symlinks by the looks of it, and my bootloader was locked. But then again, I was doing some pretty heavy experimenting on it.
theperson333 said:
You lose, everything on /data partitions.
DRM keys, so things like gracenote in the Music app.
Ability to OTA
Warranty!
Remember to flash stock atleast once, immediately after unlocking, so it can repair the /data.
Can't think of anything else. I only used unlocked stock for an hour.
And finally, DON'T FORGET TA BACKUP!!!!
Click to expand...
Click to collapse
TA Backup done. Actually the phone belongs to my father, and losing gracenote is not troublesome for him (or me either).
I just want to swap the internal memory w/ sd card which is not possible w/o unlocking BL. Tried the method by zeyad xu but it resulted in a bootloop.
---------- Post added at 05:38 PM ---------- Previous post was at 05:28 PM ----------
gamer649 said:
I've seen a lot of cases where the NAND memory breaks after unlocking the bootloader. Be aware of that.
Click to expand...
Click to collapse
Even if I use the official method ?
n4beel said:
TA Backup done. Actually the phone belongs to my father, and losing gracenote is not troublesome for him (or me either).
I just want to swap the internal memory w/ sd card which is not possible w/o unlocking BL. Tried the method by zeyad xu but it resulted in a bootloop.
---------- Post added at 05:38 PM ---------- Previous post was at 05:28 PM ----------
Even if I use the official method ?
Click to expand...
Click to collapse
Yes, even with official method. BTW, for internel, extrnal swap, try http://forum.xda-developers.com/xperia-m/development/mounts2sd-increase-internal-storage-t3006303
Not sure that ext4 for second partition works with stock. You'd have to use vfat on STOCK.
* facepalm *
Guys, unlocking bootloader won't cause NAND problems. You may be stuck in a bootloop because unlocking bootloader wipes data partition and sometimes the device won't automatically format the partition. In that case, just reflash dafa partition from FTF and device gets working again -- by the way, you can also unlock bootloader through FlashTool, in most cases bootloader can be unlocked without wiping data if you use FlashTool (confirmed this behaviour on Xperia E, M, E3 and Z3)...
About error 0017: most times it can be bypassed by disabling data verification in FlashTool, so, not really related to bootloader unlocking. When my device was brand new (only two weeks of use) I also got some 0017 errors and all of them gone away by simply disabling data verification in FlashTool. My device has around 2 years now and still working without any problem or defect...
And finally, unlocking bootloader in Xperia M results in broken "Download music info" from Walkman app, all Gracenote related services in Movies app, Screen Mirroring (aka Miracast) won't connect anymore (unless you have a device that doesn't enforce HDCP) and location services from MMS app. Also, if you use Bravia Engine or X-Reality engine (there are ports available for Xperia M) it won't work anymore too...
Hello everyone!
First: This is not about how you could unlock your bootloader in a few steps! Specially for the LG G4, now where we have root.
This is a technical basic knowledge question to experienced developers in this topic!
I wanted to know how one of the experienced devs would act in his first steps to get an unlocked bootloader.
What knowledges are needed?
Opening the device to get physical access to the flash memory?
Connection probably hidden or physically disabled (by burned fuse) JTAG to dump the flash?
Just dd the bootloader partition?
Is bootloader signed and/or compressed and/or encrypted?
How would you proceed this way (when bootloader is encrypted)? Would you try to get out some secrets from the (probably used) high security cryptography co-processor chips by very expensive equipment? Or am I expecting way too much by the manufacturers?
When bootloader is a plain binary file: Is it enough to throw it into IDA Pro ARM disassembler and analyse where the kernel signature is validated to place some jump instructions there?
Or would it just be enough to compare a T-Mobile bootloader binary (which seems to be factory unlocked) with an locked bootloader from other carriers and find out whats the magic (maybe just a bit flag)?
And after you have done a successful unlock, how to write it back into flash with a proper and safe method? I guess this partition has special security and write permissions? Or is this also very simple by writing it from inside the running android system by dd?
I expect this last step is the most difficult and complicated step? And probably the most risky step.
I'm interested in this because I'm currently studying computer science, but didn't go that deep into the android device world
We mostly see the finished product of very skilled developers here, but I'm interested in how to start such a project. Where can you get the important informations you need to know to make the bootloader loading an unsigned kernel image and so on...
So, what's the common thread to bring such a thing to success?
I can understand if these devs don't want to discuss this in public, because they fear that the manufacturers will use this knowledge as well to make their devices even harder to unlock. But maybe you can give me some hints
Thank you!
If you can get into fastboot, the G4 might be vulnerable to CVE-2015-0567.
Hashbang173 said:
If you can get into fastboot, the G4 might be vulnerable to CVE-2015-0567.
Click to expand...
Click to collapse
Hopefully this will not be patched in a future update. Hope its possible. Verizon g4 tester here when needed.
Okay thank you!
Do you have any ideas about how to get the bootloader Image?
Is it possible to dump it with root and dd?
isnt bootloader in kdz file?
2nd Sky said:
isnt bootloader in kdz file?
Click to expand...
Click to collapse
I don't know, I thought KDZ files contain firmware for hardware controllers like GSM, camera and so on. I thought they are of interest because they differe from country to country and their different models.
KonterBiER said:
Okay thank you!
Do you have any ideas about how to get the bootloader Image?
Is it possible to dump it with root and dd?
Click to expand...
Click to collapse
Yes, you can back it up to your sdcard using dd, and you can pull it to your computer using and pull. I can't give you the specific commands unless you give me a the partitions in /dev/block/
Hashbang173 said:
Yes, you can back it up to your sdcard using dd, and you can pull it to your computer using and pull. I can't give you the specific commands unless you give me a the partitions in /dev/block/
Click to expand...
Click to collapse
Okay, I've some linux knowledges.
I'm just interested to see if the official unlock.bin of LG is encrypted in some way (what implies that the bootloader has some decryption code in it), and if it is possible to make some changes on the raw dump.
If you give me the output of
ls -l /dev/block/platform/f9824900.sdhci/by-name
I can give you the dd command to backup a bootloader partition such as aboot
KDZ has all partitions inside, not spezific like imei, so bootloader also. why is there noone who can bring unlocked BL and pack it into a kdz again to flash for all... (and btw with root and twrp)
on nx4 i mean there where people who can modify bl? right? mhmmm letz discuss more about, its interesting
For Sprint LS991, this command autoprime suggested worked to pull boot.img to sd
su
dd if=/dev/block/bootdevice/by-name/boot of=/sdcard/boot-ls991zv5.img
2nd Sky said:
KDZ has all partitions inside, not spezific like imei, so bootloader also. why is there noone who can bring unlocked BL and pack it into a kdz again to flash for all... (and btw with root and twrp)
on nx4 i mean there where people who can modify bl? right? mhmmm letz discuss more about, its interesting
Click to expand...
Click to collapse
That will not work @ flashforall because the bootloader will reject anything that is not signed by the Carrier/LG, so if you tried to flash it it would automatically reject it due to the non C/LG signed signature and would potentially leave you in some sort of emergency mode. At least this is how my other phones have worked, I can't verify it does it like this on LG phones but yeah. If anything, from my post here you at least learned how other BL's work haha.
What exactly does the signature prevent you from doing?
Does it prevent installing a modified bootloader in the first place, or does it prevent a modified bootloader from working if it is installed?
Knowbody42 said:
What exactly does the signature prevent you from doing?
Does it prevent installing a modified bootloader in the first place, or does it prevent a modified bootloader from working if it is installed?
Click to expand...
Click to collapse
I guess it is preventing to install a modified one.
The old bootloader seems to have some loading code for new bootloaders. This code creates a checksum of the new bootloader code and uses a public key to decrypt a special pre or appended area in which a precalculated checksum was placed, encrypted by an unknow private key.
The interesting question is: Is it possible to write into the bootloader memory from an upstartet system, e.g. with dd? Or is some special procedure needed to disable a write protection?
It looks like the bootloader code is not encrypted on the first view:
New idea (remember: i flashed on my e975 optimus G (rollout with jb) a F180 (korean, hw more or less same..) ics kdz. Most worked (no signalwrong modem..)
What if we flash tmobile kdz? Is hardware same enough? Cause when we flash we should have unlocked bl. Then we need only to root and flash recovery then we can flash right modemandall should work...?
But dont know difference between h815 and the unlocked tmobile g4...
Thx for reading and hope u understand what i mean @KonterBiER my german friend xD
Griang ma scho hi dass ma wos findn zum unlocken...
Hi 2nd Sky,
I don't know much about the LG KDZ files, what they contain and how important it is to have the correct one for your device model. The G4 is my first LG device. The last 5 years I used a HTC Desire HD
But if the devices are identical from the hardware site, and the KDZ contains the bootloader, it should be worth to try.
But who want's to test it? Is there a risk to brick the device?
OT:
Oha, auch noch bayerisch
When u look in the folder: all images are in kdz:http://downloads.codefi.re/autoprime/LG/LG_G4/H815/H81510C/ (not the zip files)
Theres also kdz extractor at xda. Dont know if he works on g4 kdz's
I think my option is one of the only ways to become unlocked bl because of signature u cant edit kdz
But if the methode like low effort root works for other partitions its also way...
When u try somethink i would first backup efs partitions (imei and othrs) and have all files on sd so ucan put out sd...
And if you brick it, go to service and say update failed normally u will become new mainboard. So try and risk something
OT ja bayrisch hoffe dass ich bald an meinen pc kann und werd mich mal mit dem irc?! channel/chat auseinandersetzen und mit den chefs hier mal reden
I just downloaded the "LG-H81510C-Flashable.Bootloader.zip" and extracted it.
How is this file created?
It seems like aboot.bin contains some references to lg root certificates. Maybe such a dump of the T-Mobile variant would be very interesting!
Any input @autoprime?
How to unlock bootloader on Sony Xperia M5.
How to unlock bootloader
1.In http://developer.sonymobile.com/unlockbootloader/ choose Sony Xperia M2.
2.Submit Email
3.Submit IMEI
4.And unlock bootloader with intruction.
You get the code? Then we continue.
Download the latest version here or Flashtool http://www.flashtool.net/downloads.php
After installation, go the path C: \ Users \ username \ .flashTool \ registeredDevices here and create a folder with the code-name of your machine (you can find out if flashtool click on BLU and see where in the log are in line «Current device» for example, in line 09/045/2015 23:45:08 - INFO - Current device: C2104 - AB100C2DE3 - 1272-4136_R5B - 1269-5420_15.3.A.1.17 - WORLD-a_15.3.A.1.17 code machine will AB100C2DE3. Code which will write your name and location).
Later in this folder, create a text file and name it «ulcode» (without the quotes). Open, and in it write your unlock code, that you have on the site Sony. Save. Write code very carefully.
Now open flashtool and press the BLU. If everything is correct, in line you should write your code, pressing unlock. All should be ready to unlock.
Working on:E5633
I am not responsible for the broken device. Whatever you do, you do at your own risk
After unlocking bootloader will void the warranty
I forgot write. I get unlock code with my IMEI.
Interesting, I checked my Rooting Info as per the guide and it does say allowed.
I think giving Sony my IMEI will potentially void my warranty claims? Let me think about it.
ykphuah said:
Interesting, I checked my Rooting Info as per the guide and it does say allowed.
I think giving Sony my IMEI will potentially void my warranty claims? Let me think about it.
Click to expand...
Click to collapse
I think, in service centre check bootloader. If bootloader not unlocked, warranty is valid.
This method is working also on M5 dual, 6533
But the next step should be how to gain the root =)
---------- Post added at 03:19 PM ---------- Previous post was at 03:15 PM ----------
ykphuah said:
Interesting, I checked my Rooting Info as per the guide and it does say allowed.
I think giving Sony my IMEI will potentially void my warranty claims? Let me think about it.
Click to expand...
Click to collapse
Probably no.
You could reLock your device from flashtool simply, before visiting the service center.
vsm778 said:
This method is working also on M5 dual, 6533
But the next step should be how to gain the root =)
---------- Post added at 03:19 PM ---------- Previous post was at 03:15 PM ----------
Probably no.
You could reLock your device from flashtool simply, before visiting the service center.
Click to expand...
Click to collapse
Maybe 5633 ?
DukeMcWood said:
Maybe 5633 ?
Click to expand...
Click to collapse
yep, you're right, thanks
hello guys. when you unlock bootloader, can you than record 4k video in H.264 not H.265 and upload it to youtube?
vsm778 said:
This method is working also on M5 dual, 6533
Probably no.
You could reLock your device from flashtool simply, before visiting the service center.
Click to expand...
Click to collapse
Yes, you can relock your bootloader with Flash Tool but your DRM keys are gone forever, proprietary Sony features won't work even after relocking...
Also, it's veeeeeery unlikely, but they may check if your DRM keys still exist in Sony Service Center, in case they don't find them they'll know you've unlocked your bootloader...
How about port TWRP or CWM on Xperia M5 ? If we port recovery, we can get root.
mbc07 said:
Yes, you can relock your bootloader with Flash Tool but your DRM keys are gone forever, proprietary Sony features won't work even after relocking...
Also, it's veeeeeery unlikely, but they may check if your DRM keys still exist in Sony Service Center, in case they don't find them they'll know you've unlocked your bootloader...
Click to expand...
Click to collapse
I think there's a way to do it by backing up the TA partition. That's how Sony Xperia Z1 started. We root, unlock bootloader, backup TA and when we relock, we can actually restore the TA and DRM key
firdyRAY said:
I think there's a way to do it by backing up the TA partition. That's how Sony Xperia Z1 started. We root, unlock bootloader, backup TA and when we relock, we can actually restore the TA and DRM key
Click to expand...
Click to collapse
Err, no. To preserve your DRM keys you need a way to root without unlocking the bootloader (e.g. using an exploit), then you make a backup of your TA partition which will contain your DRM keys. If you unlocked your bootloader without a taking a TA backup first, your DRM keys are gone forever, even if you root your device afterwards and make a backup of your TA partition you won't have any keys at all because they already were wiped when you unlocked the bootloader, this applies to any Sony device.
In other words, currently there's no way of unlocking M5 bootloader and keeping your DRM keys, the hope is Xperia Z5 series or other flagship devices, they draw attention of many developers and like what happened with Z2 and Z3, for example, locked bootloader users probably gonna start a bounty or some kind of incentive for a way to root the locked variant of those flagships, eventually they'll find an exploit that probably can be ported to other devices with less development activity, like Xperia M4/M5.
It's the cat-and-mouse game, new flagships are released, devs will research possible exploits to those new flagship devices and when one is found it's very likely to work with most devices released at the same time (and that probably are unpatched too). Also, in Sony devices, if you have root in one firmware version, you'll automatically have root in any new firmware too (using tools like PRFCreator or dd Flasher)...
(as record, towelroot, developed originally for Galaxy S5, could be used in a lot of Xperia devices from that time, and the Xperia Z3 exploit was successfully ported to Xperia E3 as well and could probably be used in similar devices released around the same time like Xperia C3 and others)
Thank you! What's the chance of the M5 properly supported by custom rom, like FreeXperia and CyanogenMod?
optionalmgrr.la said:
Thank you! What's the chance of the M5 properly supported by custom rom, like FreeXperia and CyanogenMod?
Click to expand...
Click to collapse
I dont know. But, I want port flyme os from meizu devices.
camping here to get notified of root asap..
DukeMcWood said:
How to unlock bootloader on Sony Xperia M5.
How to unlock bootloader
Click to expand...
Click to collapse
Hello Duke,
On Sonymobile page for M5 it is showing that it is due to update to Android 6.0 Marshmellow which is coming soon.
So what do you think? I heard root isnt possible on Android 6.0 , and if rooted they will make it hard for the users.
Is it going to be well? or Rooting is history?
p.s - When I asked a youtube user for the bootloader for M5, he said " root method has been out for months, it would be great if you can put Google to use. no offense". Is this true? whats going on?
thank you.
Ketansa said:
Hello Duke,
On Sonymobile page for M5 it is showing that it is due to update to Android 6.0 Marshmellow which is coming soon.
So what do you think? I heard root isnt possible on Android 6.0 , and if rooted they will make it hard for the users.
Is it going to be well? or Rooting is history?
p.s - When I asked a youtube user for the bootloader for M5, he said " root method has been out for months, it would be great if you can put Google to use. no offense". Is this true? whats going on?
thank you.
Click to expand...
Click to collapse
I dont know about 6.0, because i dont have 6.0. In the near future i maybe port recovery. But i dont have original recovery.img from Xperia M5 for port.
mbc07 said:
Err, no. To preserve your DRM keys you need a way to root without unlocking the bootloader (e.g. using an exploit), then you make a backup of your TA partition which will contain your DRM keys. If you unlocked your bootloader without a taking a TA backup first, your DRM keys are gone forever, even if you root your device afterwards and make a backup of your TA partition you won't have any keys at all because they already were wiped when you unlocked the bootloader, this applies to any Sony device.
In other words, currently there's no way of unlocking M5 bootloader and keeping your DRM keys, the hope is Xperia Z5 series or other flagship devices, they draw attention of many developers and like what happened with Z2 and Z3, for example, locked bootloader users probably gonna start a bounty or some kind of incentive for a way to root the locked variant of those flagships, eventually they'll find an exploit that probably can be ported to other devices with less development activity, like Xperia M4/M5.
It's the cat-and-mouse game, new flagships are released, devs will research possible exploits to those new flagship devices and when one is found it's very likely to work with most devices released at the same time (and that probably are unpatched too). Also, in Sony devices, if you have root in one firmware version, you'll automatically have root in any new firmware too (using tools like PRFCreator or dd Flasher)...
(as record, towelroot, developed originally for Galaxy S5, could be used in a lot of Xperia devices from that time, and the Xperia Z3 exploit was successfully ported to Xperia E3 as well and could probably be used in similar devices released around the same time like Xperia C3 and others)
Click to expand...
Click to collapse
That's very lengthy but good to know. Thank you!
Ketansa said:
Hello Duke,
On Sonymobile page for M5 it is showing that it is due to update to Android 6.0 Marshmellow which is coming soon.
So what do you think? I heard root isnt possible on Android 6.0 , and if rooted they will make it hard for the users.
Is it going to be well? or Rooting is history?
p.s - When I asked a youtube user for the bootloader for M5, he said " root method has been out for months, it would be great if you can put Google to use. no offense". Is this true? whats going on?
thank you.
Click to expand...
Click to collapse
Well i personally don't trust any advice from any other source except for XDA just to be safe because we the internet have too many smart alecks who know nothing and try to act smart by being sarcastic. So i guess the safest thing to do is to check on XDA for root methods and go through the forum to see if it works for others
Ketansa said:
p.s - When I asked a youtube user for the bootloader for M5, he said " root method has been out for months, it would be great if you can put Google to use. no offense". Is this true? whats going on?
thank you.
Click to expand...
Click to collapse
I don't think he have a rooted M5. Before we get root, we must unlock the bootloader first, and this is the part that is not done yet.
firdyRAY said:
That's very lengthy but good to know. Thank you!
Well i personally don't trust any advice from any other source except for XDA just to be safe because we the internet have too many smart alecks who know nothing and try to act smart by being sarcastic. So i guess the safest thing to do is to check on XDA for root methods and go through the forum to see if it works for others
Click to expand...
Click to collapse
Hello Thank you,
Yes you are right, may be he is being Sarcastic or some kind of adware developer for corporates.
Looking in XDA forums.
Hello, I am completely new so I apologize if this is the wrong place.
I wanted to be able to lock my bootloader but still use cyanogenmod, specifically, only allow roms that I have compiled myself and signed with my cert to work on my phone. I unpacked the stock recovery.img, and made the necessary changes to the ramdisk to replace the stock OnePlus key with my own. I then was then able to confirm that only my signed zips could be sideloaded, both official CM and OxygenOS zips failed - just as I wanted.
The issue is then that this only worked with an unlocked bootloader. When I locked it, the OP3 entered a boot cycle, with a strange graphical glitch appearing then the screen going black, again and again. I could then no longer boot to either recovery or cyanogenmod, nor could I unlock fastboot. This amazing guide got my phone working again.
I now have three questions. What prevented my phone booting after I locked it, how does the unbrick tool work, and is there anything I can alter, like certifications or hashes, lower down in the boot sequence to allow only my signed images to work (using the previous tool. I am unsure what QLoader is, some form of serial interface to the 820 to write to the storage chip?).
Thanks for any advice you can offer!
Update: I have unpacked boot.img provided in the unbrick tool. I cannot find any keys to modify in /res but I have found a file called "verify_keys". Does anyone know what I need to change in boot.img to allow my self-signed recovery and os to boot? Thanks
UPDATE 2:
From reading some Android notes it appears that instead of replacing the OEM key, you can also just use fastboot to flash keystores for self-signed recovery and roms. This still allows OEM signed images to run, but is certainly a step in the right direction. I have run into an issue with building a correct keystore. I can use keytool and import my previous certs, but "fastboot flash keystore examplename.keystore" fails. I saw "fastboot flash ssd keystore.dat" used, and it works with my current dot keystore file, but then after locking it fails to boot. I'm going to see how I can convert my .keystore to a .dat.
I've been meaning to ask this same question for a while now also, so I'm eager to see the response. I suspect the official OnePlus forums might be a good place to ask as well, since they are visited by engineers from OnePlus. For anyone else who's curious as to what's being discussed and better the understand the risks of an unlocked bootloader (and how to mitigate them), there's a brief article here as well as a paper.
It is always suggested that never re-lock the bootloader until there is valid reason to do it
JumboMan said:
It is always suggested that never re-lock the bootloader until there is valid reason to do it
Click to expand...
Click to collapse
Have you read any of the attached links in my last post? There are valid reasons for doing so.
Just to pose an oversimplified hypothetical, imagine going through immigration/customs in Saudi Arabia (or maybe even the U.S.) with a Android device that has an unlocked bootloader. The officer examines your possesions, then takes your laptop and phone into a back room. Your phone is powered down and encrypted so it's not like they can do anything, right? Wrong. They plug it into a forensics device and flash a surreptitious malware app onto /system before returning it back to you. Then, the next time you turn on your phone your encryption keys and all your data, all your communications are secretly transmitted. You never have a clue... With a locked bootloader and appropriate precautions, that would never be possible.
Update 3:
I am now following the official Android guide for creating a keystore. They show how to create a "keystore.img" not .dat, bu the error I got when trying "fastboot flash keystore ..." said something along the lines of the keystore not being a valid image. Hopefully this will work. After I get this working, I will move on to removing or damaging the OEM key, hence not even allowing OnePlus images to be sideloaded.
JumboMan said:
It is always suggested that never re-lock the bootloader until there is valid reason to do it
Click to expand...
Click to collapse
I do have a valid reason - security. An unlocked bootloader means any code can be flashed to my device. Even with encryption it is vulnerable to cold boot attacks, it makes it easier to bruteforce, and pulling encryption keys from memory.
chocol4te said:
I do have a valid reason - security. An unlocked bootloader means any code can be flashed to my device. Even with encryption it is vulnerable to cold boot attacks, it makes it easier to bruteforce, and pulling encryption keys from memory.
Click to expand...
Click to collapse
sir prefer not rooting and staying on stock ROM with locked bootloader.
emptyragnarok said:
sir prefer not rooting and staying on stock ROM with locked bootloader.
Click to expand...
Click to collapse
Look, I'm sorry, I don't need any more useless comments saying the solution to my problem is to not do anything like on every other forum I've tried. I am perfectly aware of how to lock the bootloader with a stock rom, but I don't want to use the stock rom. I want to use custom roms. From what I have done so far it appears to be possible, so don't tell me it's not, at least without a good reason.
In addition, the stock method isn't even the most secure the phone can be. OnePlus can still sign any code and run it on my device and hence requires my trust in a third party that I am unwilling to give. I only want my own code to run.
Update 4:
Using the unbrick utility, I have updated the MD5 partition with the checksums of my modified boot and recovery partitions. Unfortunately, I am now getting a checksum failed error, with both the MD5 and recovery partitions highlighted in red. So I was wrong about the checksum being compared with hashes in the MD5 partition. Does anyone know where the lowest level checksums are stored? Hopefully if I can change that, then locking the bootloader will be no issue.
chocol4te said:
Update 4:
Using the unbrick utility, I have updated the MD5 partition with the checksums of my modified boot and recovery partitions. Unfortunately, I am now getting a checksum failed error, with both the MD5 and recovery partitions highlighted in red. So I was wrong about the checksum being compared with hashes in the MD5 partition. Does anyone know where the lowest level checksums are stored? Hopefully if I can change that, then locking the bootloader will be no issue.
Click to expand...
Click to collapse
Bro I am not a prolike you but I understand your vision now,... and I am with you in that.... Open Source stuff and ANdroid as an Open source impify that only... We should have our custom code for locking and unlocking our bootloader so we can have the full control over our device.... If not and the guy that said that you can lock the bootloader with the stock rom didn't get that .. even with stock rom and recovery anyone can have the access of the phone by just unlocking the boot loader and that is simple. SO I GOT YOUR VISION AND I AM WITH YOU I WILL TRY TO UNDERSTAND THE LOCKING SYSTEM OF THE BOOT-LOADER AND I WILL TRY TO FIND THE LOCATION OF LOWER LEVEL CHECKSLUMS... WE will try and try untill we succeed.... I AM WITH YOU BRO!!!!!
indroider said:
Bro I am not a prolike you but I understand your vision now,... and I am with you in that.... Open Source stuff and ANdroid as an Open source impify that only... We should have our custom code for locking and unlocking our bootloader so we can have the full control over our device.... If not and the guy that said that you can lock the bootloader with the stock rom didn't get that .. even with stock rom and recovery anyone can have the access of the phone by just unlocking the boot loader and that is simple. SO I GOT YOUR VISION AND I AM WITH YOU I WILL TRY TO UNDERSTAND THE LOCKING SYSTEM OF THE BOOT-LOADER AND I WILL TRY TO FIND THE LOCATION OF LOWER LEVEL CHECKSLUMS... WE will try and try untill we succeed.... I AM WITH YOU BRO!!!!!
Click to expand...
Click to collapse
Thanks! I'm glad to hear it!
chocol4te said:
Thanks! I'm glad to hear it!
Click to expand...
Click to collapse
You're most welcome bro.
Did I just witness a major bro-down?
Awsome thread, I'd also like to put my OP3 in a state where only ROMs I signed my self will run...
Any further development??
Sent from my Pixel XL using XDA-Developers mobile app
---------- Post added at 05:42 PM ---------- Previous post was at 05:41 PM ----------
indieross said:
Did I just witness a major bro-down?
Click to expand...
Click to collapse
Whats a bro down?
Sent from my Pixel XL using XDA-Developers mobile app
indroider said:
Any further development??
Sent from my Pixel XL using XDA-Developers mobile app
---------- Post added at 05:42 PM ---------- Previous post was at 05:41 PM ----------
Whats a bro down?
Sent from my Pixel XL using XDA-Developers mobile app
Click to expand...
Click to collapse
Sorry, other stuff came up. I am still very interested in getting this to work, but I am really stuck if I can't understand why the MD5 verification error occurs when I use Loader to flash the modified images. I looked at CopperheadOS, and in their documentation they show how to re-lock the bootloader with a custom ROM. Here is the shell script they use to upload the OS.
Code:
fastboot flash bootloader bootloader-bullhead-bhz11f.img
fastboot reboot-bootloader
sleep 5
fastboot flash radio radio-bullhead-m8994f-2.6.33.2.14.img
fastboot reboot-bootloader
sleep 5
fastboot -w update image-bullhead-nbd90z.zip
As you can see they flash two images, boot loader and radio, then update the main ROM. Then apparently it boots fine and the bootloader is OEM locked inside the OS. This was for the Nexus 5X, but I want to find out if a similar process is possible on the OP3.
I may also begin work on porting CopperheadOS to the OnePlus 3. I know it sounds unrealistic, but since OnePlus released the binaries and kernels it should make it slightly easier.
chocol4te said:
Sorry, other stuff came up. I am still very interested in getting this to work, but I am really stuck if I can't understand why the MD5 verification error occurs when I use Loader to flash the modified images. I looked at CopperheadOS, and in their documentation they show how to re-lock the bootloader with a custom ROM. Here is the shell script they use to upload the OS.
As you can see they flash two images, boot loader and radio, then update the main ROM. Then apparently it boots fine and the bootloader is OEM locked inside the OS. This was for the Nexus 5X, but I want to find out if a similar process is possible on the OP3.
I may also begin work on porting CopperheadOS to the OnePlus 3. I know it sounds unrealistic, but since OnePlus released the binaries and kernels it should make it slightly easier.
Click to expand...
Click to collapse
Ok.. Great to hear... Let me if you need any help.. I m here
chocol4te said:
Sorry, other stuff came up. I am still very interested in getting this to work ... ...
I may also begin work on porting CopperheadOS to the OnePlus 3. I know it sounds unrealistic, but since OnePlus released the binaries and kernels it should make it slightly easier.
Click to expand...
Click to collapse
This sounds exactly like what I was looking for. Have you been able to progress? Do you think that the bootloader and the radio are somehow linked in the boot verification sequence?
---------- Post added at 05:51 AM ---------- Previous post was at 05:43 AM ----------
chocol4te said:
UPDATE 2:
From reading some Android notes it appears that instead of replacing the OEM key, you can also just use fastboot to flash keystores for self-signed recovery and roms. This still allows OEM signed images to run, but is certainly a step in the right direction. I have run into an issue with building a correct keystore. I can use keytool and import my previous certs, but "fastboot flash keystore examplename.keystore" fails. I saw "fastboot flash ssd keystore.dat" used, and it works with my current dot keystore file, but then after locking it fails to boot. I'm going to see how I can convert my .keystore to a .dat.
Click to expand...
Click to collapse
Have you read this: https://mjg59.dreamwidth.org/31765.html
Hi all,
not long ago the update to 10.0.8.0 seriously bricked my Mi A2 Lite.
I still do not really know why, but I have managed to get it alive again - mostly. The only thing no longer working is - the mobile phone part
When inserting a SIM, the IMEI gets shown as 00 (on both slots).
Reading the qcn via Qualcomm-Tools crashes the tool after 16kb - so I guess that part is corrupted also? (And no, I got no idea how a "normal" EDL-flash could do this).
And as I only learned about all this AFTER having the trouble - of course I have no valid qcn-Backup of my own
So, could anybody send me a backup of their qcn-File (of course, set your IMEIs to 000000000000)? I still have my IMEIs (as numbers), so this would probably enable me to revive my phone.
The only MiA2Lite qcn file I could find on the internet seems to be for another hardware revision ...
Hmm, as nobody answered, ca at least somebody provide me with images of modemst1 and modemst2?
dd if=/dev/block/bootdevice/by-name/modemst1 of=/storage/emulated/0/Download/modemst1.img
dd if=/dev/block/bootdevice/by-name/modemst2 of=/storage/emulated/0/Download/modemst2.img
Afterwards, there should be modemst1.img and modemst2.img in the "Download" directory of your internal Storage
Of course, needs root to do it - or twrp ...
Many thanks!
This guide seems to indicate you don't need modemst?
https://forum.xda-developers.com/mi-a2-lite/how-to/guide-to-fix-efs-corruption-sim-card-t3928910
Thanks for the link.
I flashed via EDL "from the beginning" (i.e. the first version), but I did not erase modem before ...
So, I'll definitely try that - it's not that I could "destroy" much more
So - no luck
Even after following the instructions in the thread to the letter, my IMEI still shows as 0
But if that thread really worked for other people that means that it's probably NOT the modemst1/modemst2 partitions that got corrupted on my phone.
Of course, there are a LOT of other partitions that do NOT get flashed during a fastboot-Recovery (fsc, fsg, ssd, ...).
After learning all this, I made a backup of all of them for my other phone(s), but the Mi A2 Lite is still dead.
Ah, I guess if no one has a qcn-File it's time to re-lock the bootloader and send it in for repairs ... luckily I have a BQ X2 Pro that still works great ...
merlinwv said:
Hi all,
not long ago the update to 10.0.8.0 seriously bricked my Mi A2 Lite.
I still do not really know why, but I have managed to get it alive again - mostly. The only thing no longer working is - the mobile phone part
When inserting a SIM, the IMEI gets shown as 00 (on both slots).
Reading the qcn via Qualcomm-Tools crashes the tool after 16kb - so I guess that part is corrupted also? (And no, I got no idea how a "normal" EDL-flash could do this).
And as I only learned about all this AFTER having the trouble - of course I have no valid qcn-Backup of my own
So, could anybody send me a backup of their qcn-File (of course, set your IMEIs to 000000000000)? I still have my IMEIs (as numbers), so this would probably enable me to revive my phone.
The only MiA2Lite qcn file I could find on the internet seems to be for another hardware revision ...
Click to expand...
Click to collapse
You just need MiFlash.exe and "daisy_global_images_V10.0.3.0.PDLMIXM_9.0" thats it, when you flash the device, you can unlock the bootloader again or update via OTA if you want, i brick my device 3 times, and i had no problem with that, if you need a tutorial send PM and i give you instructions
Links
MiFlash: https://en.miui.com/thread-2197836-1-1.html (portable)
V10.0.3.0.PDLMIXM ROM: https://en.miui.com/download-354.html
Jaie55 said:
You just need MiFlash.exe and "daisy_global_images_V10.0.3.0.PDLMIXM_9.0" thats it, when you flash the device, you can unlock the bootloader again or update via OTA if you want, i brick my device 3 times, and i had no problem with that, if you need a tutorial send PM and i give you instructions
Click to expand...
Click to collapse
I think you misunderstood my post. My phone boots again and everything - It's just the mobile network part that's no longer working.
I do not think that flashing 10.0.3.0 will change something with that?
merlinwv said:
I think you misunderstood my post. My phone boots again and everything - It's just the mobile network part that's no longer working.
I do not think that flashing 10.0.3.0 will change something with that?
Click to expand...
Click to collapse
I understand, but, when you flash again, you fix all problems
https://drive.google.com/open?id=189zN6FrXniO8KTq7lhNXkk6_56-GQnkp