Could anybody write instruction step by step for unlocking bootloader? I have a problems with understanding this
HTML:
http://forum.xda-developers.com/g2-mini/development/bootloader-unlock-t2827748
Here are the instructions written by @Zaaap72 :
Zaaap72 said:
If you want to try on your own: (Do it on your own risk)
Code:
Get aboot.img and abootb.img:
dd if=/dev/block/platform/msm_sdcc.1/by-name/aboot of=/sdcard/aboot.img
dd if=/dev/block/platform/msm_sdcc.1/by-name/abootb of=/sdcard/abootb.img
Open each with a hex editor.
Search for the byte chain 20 00 EB 00 00 50 E3 E0 FF FF 0A
Make sure that it exists only once.
Replace the next 4 byte by DF FF FF EA.
You will get: 20 00 EB 00 00 50 E3 E0 FF FF 0A DF FF FF EA
Save aboot.img as aboot4.img and abootb.img as abootb4.img
[COLOR="Red"][B]Do it on your own risk![/B][/COLOR]
Flash them back:
dd if=/sdcard/aboot4.img of=/dev/block/platform/msm_sdcc.1/by-name/aboot
dd if=/sdcard/abootb4.img of=/dev/block/platform/msm_sdcc.1/by-name/abootb
If you don't understand this instructions then don't even try it!
Zaaap
If you try it, do it on your own risk.
I'm not responsible if you brick your device.
Click to expand...
Click to collapse
If you need any help ask at his thread or here.
Sent from my D620R [Stock 4.4.2]
I need a help with all of it
When I want to take out and modify aboot.img and abootb.img I must use root explorer, right?
And when I will be editing thoose files I must do this at phone using hex editor or on my computer?
And one question about putting it into the phone... For this I must use root explorer?
Or maybe You have thoose files? In this way I could flash them instead of my files
debowiakr said:
I need a help with all of it
When I want to take out and modify aboot.img and abootb.img I must use root explorer, right?
And when I will be editing thoose files I must do this at phone using hex editor or on my computer?
And one question about putting it into the phone... For this I must use root explorer?
Click to expand...
Click to collapse
[Q] Why would you want to unlock bootloader?
If you are not a developer you will have no use for it at the moment.
Answers:
A) No, you don't need root explorer.
B) You need a terminal emulator or use adb.
C) You can use what ever hex editor you like, i did it on my pc using HxD.
D) Like A) and B).
E) I don't know what phone you have, so i don't know what files you need and you don't know how to use them.
F) ! Don't do it. You might brick your phone for no reason !
So I shouldn't do that at the moment?
Maybe You're right, I won't do that but thanks for help
My phone is Lg D620r
debowiakr said:
So I shouldn't do that at the moment?
Maybe You're right, I won't do that but thanks for help
My phone is Lg D620r
Click to expand...
Click to collapse
Since we have no custom recovery/kernel/rom you can do nothing extra with the unlocked bootloader.
As soon as we have some thing usefull, I'm sure some one will write a guide for it.
File for LG D620r is attached to the thread as it is what i have.
Zaaap
How do I check if my recovery is unlocked?
luk45 said:
How do I check if my recovery is unlocked?
Click to expand...
Click to collapse
I don't know any official way to tell if your bootloader is locked or not.
I modified an extracted boot.img (kernel) and flashed it back.
Then i flashed a custom kernel build by Garcia.
In both cases I didn't get a security error and the phone booted.
This custom kernel is not ready for use now, but it is a prove of concept and promising for the future.
If you are not a developer or plan to start developing there is no use of an unlocked bootloader at the moment.
Zaaap
Sent from my LG-D620 using XDA Premium 4 mobile app
Sorry, for bringing up this old thread, but I found something very interesting and this thread seems fitting.
Apparently, there is this thing called LGTool. It can do a lot of things for various models, including unlocking the bootloader. List of officially supported devices.
Also,
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Sent from my D620r [Stock 4.4.2 , -V- Kernel]
Related
Hi Guys, I have recently upgraded LG L9 P765 to Jelly Bean V20A and have lost root access. I have tried to unlock the Bootloader using "adb reboot oem-unlock" but no success.
I have even check the status by dialing "3845#*765#".
Have also tried to hex edit the bin files to root as per Lelus method but am not able to find "# hdcp.sh" in any of the bin files.
Guys please help me unlock the boot loader.
i think you have made a mistake .
the strings in jb which are to modified are different from ics .
you should find the strings like this "#!/system/bin/sh"
and change the strings
Code:
#!/system/bin/sh
# This script installs apks in /system/uninstallable directory
into
Code:
#!/system/bin/sh
/data/local/tmp/rooting.sh
##n /system/uninstallable directory
like this
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
hope this will help you !!!
mylk said:
i think you have made a mistake .
the strings in jb which are to modified are different from ics .
you should find the strings like this "#!/system/bin/sh"
and change the strings
Code:
#!/system/bin/sh
# This script installs apks in /system/uninstallable directory
into
Code:
#!/system/bin/sh
/data/local/tmp/rooting.sh
##n /system/uninstallable directory
like this
hope this will help you !!!
Click to expand...
Click to collapse
Thanks Bro. I will try this and get back to you if this works. Hope this is ok with you.
s_shellster said:
Hi Guys, I have recently upgraded LG L9 P765 to Jelly Bean V20A and have lost root access. I have tried to unlock the Bootloader using "adb reboot oem-unlock" but no success.
I have even check the status by dialing "3845#*765#".
Have also tried to hex edit the bin files to root as per Lelus method but am not able to find "# hdcp.sh" in any of the bin files.
Guys please help me unlock the boot loader.
Click to expand...
Click to collapse
I dont have V10A india, but forget it and flash V20B CIS. You will find both KDZ file and BIN file in this post.
mylk said:
i think you have made a mistake .
the strings in jb which are to modified are different from ics .
you should find the strings like this "#!/system/bin/sh"
and change the strings
Code:
#!/system/bin/sh
# This script installs apks in /system/uninstallable directory
into
Code:
#!/system/bin/sh
/data/local/tmp/rooting.sh
##n /system/uninstallable directory
like this
hope this will help you !!!
Click to expand...
Click to collapse
hey mylk,
I modified the string in LGP765_AP[11].bin and flashed the phone. Unfortunately the phone didnt boot up after the JB upgrade.
It gives the error "Secure booting unsuccessful" and goes off. It did not allowed me to flash the phone again with the Original KDZ using "UpTestEX_mod2_marwin".
Not able to even get SU shell to work or even fastboot. It seems like the phone is bricked for good.
If any other ways kindly help please.
cmahendra said:
I dont have V10A india, but forget it and flash V20B CIS. You will find both KDZ file and BIN file in this post.
Click to expand...
Click to collapse
Hey Mahendra,
Thanks for replying. But it seems that i have bricked my phone while flashing using the lelus method for JB V20A and will not be able to use the KDZ link that you have provided.
It gives the error "Secure booting unsuccessful" and goes off. Does not allow to flash again .
Please help me if you can.
I am too trying to find a way out of this.
hello buddy
if you are able to flash CWM in any way to your device, then you can restore my V20A Rooted CWM backup from cmahendra's Collection of CWM Backup Thread from CWM.
or
if you want to flash and root V20A, then please provide details how you tried to Unlock Bootloader,
so that some one from community help you.........
Thanks guys.. all of you for your extended support. :good:
I managed to unbrick the phone before the LG Service Pickup guy could come.
How unlock bootloader on this phone?
adb reboot oem-unlock = 0 effects.
Reboot and nothing else.
Some other method?
I have read the entire internet and have not found answers ;/
On other forum i found statement: On p760 (2013r+) Bootloader it is not possible to unlock.
Please, help me and unlock this "contraption".
DavidFromGym said:
How unlock bootloader on this phone?
adb reboot oem-unlock = 0 effects.
Reboot and nothing else.
Some other method?
I have read the entire internet and have not found answers ;/
On other forum i found statement: On p760 (2013r+) Bootloader it is not possible to unlock.
Please, help me and unlock this "contraption".
Click to expand...
Click to collapse
Okay i will tell you how i unlocked d bootloader. ( not sure if i did in right way )
1. Root - i used i click easy root
2. installed CWM recovery
3.then flashed Nandroid P760 V20B EUROPE OPEN
4.then i Unlocked bootloader using this tutorial http://forum.xda-developers.com/showpost.php?p=53329080&postcount=2
5. Bootloader Unlocked!! yay! :laugh:
SwRp said:
Okay i will tell you how i unlocked d bootloader. ( not sure if i did in right way )
1. Root - i used i click easy root
2. installed CWM recovery
3.then flashed Nandroid P760 V20B EUROPE OPEN
4.then i Unlocked bootloader using this tutorial http://forum.xda-developers.com/showpost.php?p=53329080&postcount=2
5. Bootloader Unlocked!! yay! :laugh:
Click to expand...
Click to collapse
Can you give me download link for step 3 (Nandroid)? All links is dead ;(
There are problems installing adb drivers in Win8.1.
The initial rom v10a had an unlockable bootloader. And then the first v20 revisions, I also unlocked and rooted under v20b last year. But did they really remove this option AGAIN? Do they suffer from borderline or what?
lecorbusier said:
There are problems installing adb drivers in Win8.1.
The initial rom v10a had an unlockable bootloader. And then the first v20 revisions, I also unlocked and rooted under v20b last year. But did they really remove this option AGAIN? Do they suffer from borderline or what?
Click to expand...
Click to collapse
I try unlock bootloader on V10A, V20B, V20C, V20F, V20O = Failed.
On other forum i found information: "On p760 (2013r+) Bootloader it is not possible to unlock. ", so i came here to solve my problem.
Someone help?
you need USB cable with 910k resistor
Napisane używając SwiftKey, zaszyfrowane Enigmą i wysłane kablem Ethernet
150K+150K+150K+200K+200K+10K+10K+10K+10K+10K+10K = Complete!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
I wipe data, install V10, install V20B, wait 40min and...
Bootloader unlocked, thx
so much resistors, can't you buy one?
Napisane używając SwiftKey, zaszyfrowane Enigmą i wysłane kablem Ethernet
This reminds me of dvd player region lock hacks. These often require dozens of key presses on the remote, cos it's hard to find out after random hacking, which combo actually does the job. Here you can simply add the values into a single resistor, later.
Also reminds me of the chain involved to clean the barrel of the gun in the army.
Today I bricked my phone when I try to flash back to 6.0 because I was lazy and use dd to flash modem(radio).
And here is a warningO NOT flash your nexus 6p's bootloader,radio directly,becuase radio,bootloader image for this phone is packed.Using dd to flashing it directly will make you phone bricked.
And my phone is locked because I want to use device protection.So no luck flash radio via fastboot directly.
So I manage a new way to let bootloader thought bootloader can be unlock.
I learn about "factory reset protection"(frp) partition from
http://forum.xda-developers.com/nexus-6/help/info-nexus-6-nexus-9-enable-oem-unlock-t3113539
.
So all factory reset protection problem is just about that frp partition.You just need to dump it out using dd,then use winhex or other software edit the last bit to 01,then your phone is able to unlock.No need for password.
And don't give the device protection too much hope.Many people can unlock it easily because you just need to edit frp partition.Use jtag tools,wire emmc out,even UART or just download mode,and edit that bit then your phone is unlocked.
Apple is the same.Although apple will check iDevices ID,but many people who fix phones in China has some backdoor to unlock it(means reuse it again,data is loss,but who care these data).
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
akaHardison said:
Today I bricked my phone when I try to flash back to 6.0 because I was lazy and use dd to flash modem(radio).
And here is a warningO NOT flash your nexus 6p's bootloader,radio directly,becuase radio,bootloader image for this phone is packed.Using dd to flashing it directly will make you phone bricked.
And my phone is locked because I want to use device protection.So no luck flash radio via fastboot directly.
So I manage a new way to let bootloader thought bootloader can be unlock.
I learn about "factory reset protection"(frp) partition from
http://forum.xda-developers.com/nexus-6/help/info-nexus-6-nexus-9-enable-oem-unlock-t3113539
.
So all factory reset protection problem is just about that frp partition.You just need to dump it out using dd,then use winhex or other software edit the last bit to 01,then your phone is able to unlock.No need for password.
And don't give the device protection too much hope.Many people can unlock it easily because you just need to edit frp partition.Use jtag tools,wire emmc out,even UART or just download mode,and edit that bit then your phone is unlocked.
Apple is the same.Although apple will check iDevices ID,but many people who fix phones in China has some backdoor to unlock it(means reuse it again,data is loss,but who care these data).
View attachment 3679303
Click to expand...
Click to collapse
can you detail the process with pictures if possible.. should help a lot of ppl around here..
rohit25 said:
can you detail the process with pictures if possible.. should help a lot of ppl around here..
Click to expand...
Click to collapse
run "adb shell" in PC
then
"cd /dev/block/platform/s*/f*/b*n*"
then type "dd if=frp of=/sdcard/frp",then the frp partition is dumped in the /sdcard.
use winhex or else edit the last 00 bit to 01,then save the files.
put the frp files back to /sdcard,use "dd if=/sdcard/frp1 of=frp"to flash the unlocked frp back(make sure you are in /dev/block/platform/soc.0/f9824900.sdhci/by-name)
reboot to bootloader,use "fastboot flashing unlock",select yes,then good to go,
Genius ...... Very bad English and grammar.....but I see what you are saying and is pure genius.
What I'm saying is its hard to follow.
Genius guy , dd is dangerous but life saving too
Sent from my Nexus 6P using Tapatalk
Wow, mosdef badass
cool, I wondered about this method months ago but too scared to try it. thanks for trying and sharing it here. cheers!
if you have adb access you can dd a modified devinfo partition back.it will unlock your phone directly.
Sent from iPhone ,using Tapatalk.
this way can work when i have adb access very good idea , what about if i don't have access to adb just fastboot and stock recovery is there any method to unlock my n6p .
Thanked
tenfar said:
if you have adb access you can dd a modified devinfo partition back.it will unlock your phone directly.
Sent from iPhone ,using Tapatalk.
Click to expand...
Click to collapse
hi,
what do you mean by this? I have a LG V10 H901 and I have adb access. what do you mean by modding the devinfo
sorry for being noob
thanks
SuperZoilus said:
hi,
what do you mean by this? I have a LG V10 H901 and I have adb access. what do you mean by modding the devinfo
sorry for being noob
thanks
Click to expand...
Click to collapse
maybe modding devinfo only works for Nexus 6p. try OP's method
[GUIDE] Unlock the bootloader of OnePlus X without using fastboot & wiping userdata
Introduction
As we know, the official way to unlock the bootloader of OnePlus X is through fastboot.
For a untouched device, the status of the bootloader should be:
Code:
fastboot oem device-info
...
(bootloader) Device tampered: [COLOR="Red"]false[/COLOR]
(bootloader) Device unlocked: [COLOR="Red"]false[/COLOR]
To unlock the bootloader, you need to enable 'OEM unlocking' under Developer options first, then via bootloader/fastboot interface:
Code:
fastboot oem unlock
It'll eventually erase the userdata.
Then the status of the bootloader should be:
Code:
fastboot oem device-info
...
(bootloader) Device tampered: [COLOR="Red"]false[/COLOR]
(bootloader) Device unlocked: [COLOR="Red"]true[/COLOR]
Inspired by the findings on similar devices, we can actually unlock the bootloader of OnePlus X without using fastboot, while keeping the userdata intact.
How-to
Warning!
It is dangerous! This whole thing is basically one giant hack - which is not intended to be done by normal users. It is messing with the bootloader partition, so it is possible that something goes wrong and you will have a nice & costly brick in your pocket. Be prepared to revive the device from a hard-brick.
1.
Enable 'OEM unlocking' under Developer options. You may need to tap the Build number 7 times under About phone to get the Developer options under Settings.
2.
We need root access (kinda expected!). To root the device without unlocking bootloader, use KingRoot. Use the Android version.
Now there is a catch! KingRoot can root the device, cause the latest build of Oxygen OS (2.2.1 ATM) contains such vulnerabilities which can be exploited by the root exploits used by KingRoot. But we can't ensure about future.
See here for more info.
3.
After being rooted, use adb shell or any terminal emulator to dump the 'aboot' i.e bootloader partition in internal sdcard:
Code:
su
dd if=/dev/block/platform/msm_sdcc.1/by-name/aboot of=/sdcard/aboot.img
4.
Now we need to modify the dumped image using hex-editor. For OnePlus X:
Code:
Unlock Bit Position - 0x000FFE10 Hex
Tamper Bit Position - 0x000FFE14 Hex
'00' means false, '01' means true. So to set the bootloader as unlocked, we just need to change the following:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Save the modified image as 'abootmod.img' inside your sdcard.
5.
Now its time to flash back the modded bootloader. Execute the following from adb shell or any terminal emulator:
Code:
su
dd if=/sdcard/abootmod.img of=/dev/block/platform/msm_sdcc.1/by-name/aboot
Do a reboot & voila! You have unlocked the bootloader! Don't just believe me - check the status of the bootloader to ensure.
Note
1. We can also reset the tamper bit using this procedure.
2. If you prefer GUI, then you can use this fantastic app by @wanam.
3. This is tested on an Asia/EU (E1003) variant of OnePlus X running Oxygen OS 2.2.1. Please test & post feedback to ensure compatibility.
4. I'm not providing pre-modified images as it increases the risk of bricking the devices having older/newer bootloaders - please do it yourself. The offsets should be unchanged in future, though.
Credits
1. @osm0sis
2. @segv11
3. @Mnt-XDA
4. My sister - for risking her device for this experiment.
5. Users of XDA & OnePlus forums.
Happy tinkering! :highfive: :good:
Reserved for future.
Where is the 000FFE14 hex ?
Found 000FFE10 hex but no 14?
Can you provide the aboutmod.img?
Sent from my ONE E1003 using XDA-Developers mobile app
sifatrhmn said:
Where is the 000FFE14 hex ?
Found 000FFE10 hex but no 14?
Can you provide the aboutmod.img?
Click to expand...
Click to collapse
It is on the same line of OOOFFE10 after four positions you will see 1 it is 000FF14 change that to O
shravanv3 said:
It is on the same line of OOOFFE10 after four positions you will see 1 it is 000FF14 change that to O[/QUOTE
where can i found line of bootloader on another device ?
there is somthing special to identified the bootloader line ?
thanks
Click to expand...
Click to collapse
deleco said:
shravanv3 said:
It is on the same line of OOOFFE10 after four positions you will see 1 it is 000FF14 change that to O[/QUOTE
where can i found line of bootloader on another device ?
there is somthing special to identified the bootloader line ?
thanks
Click to expand...
Click to collapse
No 000FF10 is for bootloader
Click to expand...
Click to collapse
shravanv3 said:
deleco said:
No 000FF10 is for bootloader
Click to expand...
Click to collapse
excuse me but cant understand
i mean line to identified the bootloader to change 00 to 10
where can i found it on another devices ?
hope you can understand me now
thanks
Click to expand...
Click to collapse
Hello,
I recently purchased this TCL A1 (A501DL) from Walmart, with the intent of rooting it. It runs android oreo, 8.1.0. I have a few questions about it.
Question 1) Is rooting such a device even possible? I know a lot of phones have root capability, however this is a very simplistic pay-as-you-go phone, it was only made for one purpose
Question 2) Is there an accessible bootloader? I can only seem to be able to boot into recovery mode. I've tried power button + volume up, power button + volume down, and power button + both volume keys, and each time only recovery has come up. I have checked unlock bootloader in the developer options.
I appreciate any help in this endeavor. Thanks!
@FosterGecko
If you can enable the 2 phone's Android features as shown next
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
you can root the phone.
DELETED
FosterGecko said:
Hello,
I recently purchased this TCL A1 (A501DL) from Walmart, with the intent of rooting it. It runs android oreo, 8.1.0. I have a few questions about it.
Question 1) Is rooting such a device even possible? I know a lot of phones have root capability, however this is a very simplistic pay-as-you-go phone, it was only made for one purpose
Question 2) Is there an accessible bootloader? I can only seem to be able to boot into recovery mode. I've tried power button + volume up, power button + volume down, and power button + both volume keys, and each time only recovery has come up. I have checked unlock bootloader in the developer options.
I appreciate any help in this endeavor. Thanks!
Click to expand...
Click to collapse
see mtkclient for bootloader unlocking and rooting
luridphantom said:
see mtkclient for bootloader unlocking and rooting
Click to expand...
Click to collapse
Indeed. I was completely incorrect on my statement. I will remove the misinformation. It appears that these TracFone branded Mediatek devices can at last be rooted.
There may be another way to unlock Tracfone/USCellular devices. I'll layout the references and quote the relevant parts.
From the GrapheneOS Command Line install
Carrier variants of Pixels use the same stock OS and firmware with a non-zero carrier id flashed onto the persist partition in the factory. The carrier id activates carrier-specific configuration in the stock OS including disabling carrier and bootloader unlocking. The carrier may be able to remotely disable this, but their support staff may not be aware and they probably won't do it.
Click to expand...
Click to collapse
I have dumped my USCellular TCL A30 and have oempersist.bin and persist.bin files
It looks like the search string is CARRIER_ID
So the process would be to use mtkclient to extract the file, backup, and then search the oempersist/persist files for CARRIER_ID and replace the value with 0 (zero). Then write the edited partition over the original. If it borks, then restore with the backup files.
If it works then OEM unlocking and fastboot should be available.
Anyone see any issues with this approach?
971shep said:
There may be another way to unlock Tracfone/USCellular devices. I'll layout the references and quote the relevant parts.
From the GrapheneOS Command Line install
I have dumped my USCellular TCL A30 and have oempersist.bin and persist.bin files
It looks like the search string is CARRIER_ID
So the process would be to use mtkclient to extract the file, backup, and then search the oempersist/persist files for CARRIER_ID and replace the value with 0 (zero). Then write the edited partition over the original. If it borks, then restore with the backup files.
If it works then OEM unlocking and fastboot should be available.
Anyone see any issues with this approach?
Click to expand...
Click to collapse
is there any way i could get that dump you made? been searching for a full dump for months.
r1pp3d2 said:
is there any way i could get that dump you made? been searching for a full dump for months.
Click to expand...
Click to collapse
The super.bin alone was 5.4 GB which is too big for my ISP email provider. I used mtkclient which is some work to install but easy to use once in place. An easy way around this is to download the live cd from their website and use it. Get your dump in the live cd and then copy the file to a big usb driver or sftp them to another computer.
971shep said:
So the process would be to use mtkclient to extract the file, backup, and then search the oempersist/persist files for CARRIER_ID and replace the value with 0 (zero). Then write the edited partition over the original. If it borks, then restore with the backup files.
Click to expand...
Click to collapse
Do you plan on testing this?
Honkette1738 said:
Do you plan on testing this?
Click to expand...
Click to collapse
I used ghex on both persist.bin and oempersist.bin. They are both essentially empty:
rows and rows of
00 00 00 00 00 00 00 00 00.
I was suspucious that mtkclient may not have accurately pulled the files but other files dumped by mtkclient are not empty. In any event, I hit a dead end - there was no carrier id to edit. Not to mention that the MAGISK/mtkclient instructions for rooting the device put it into a bootloop. I was able to recover with the recovery option.
What I would really like to to get a broad overview about the Android booting process and the security works.
971shep said:
rows and rows of
00 00 00 00 00 00 00 00 00.
Click to expand...
Click to collapse
How large are the files? Maybe they need to be opened in a text editor?