Better Mobile App

[help] Softbricked Z5C bootloader/remote state: unlocked

Hi guys, so I seem to have scewed up my phone quite badly. I tried to deodex running the new nougat firmware (with drm-fix and ric-off) by flashing a zip in the nougat firmware thread. Somehow I ended up with not being able to fastboot anymore.
I found out that my bootloader seems to be locked again. Thus I am not able to approach the fastboot mode, but failed to do any flash, as it says [FAILED (remote: not allowed)].
I checked the service menu and found the [Bootloader unlock allowed:no] and [Remote Lock State: Locked] after reflashing the nougat firmware.
So I wanted to unlock the device, how ever I ended up with flashing back to Lollipop and the device boots and then power off after a few seconds of use.
Could this due to "remote lock state: not allowed"?

Try relocking via flashtool?

So. Tried to lock and relock via flashtool. Checked drivers which are working fine.
I was trying to relock and then unlock again using flashtool after updating to .305 Marshmallow firmware . However this does nothing to the bootloader states. The weird thing is that there are no errors showing up in flashtool when unlocking/relocking. I can't even unlock via OEM because when I tick OEM unlock in the developer options this doesn't do any change (Rooting status: Bootloader unlock allowed : No, Remote Lock State: Locked). My DRM keys are gone as well. However I do have a TA Backup but can't restore because after downgrading to lollipop the device shuts down after 30 seconds.
I'm really annoyed because I bought the device with an locked bootloader (without carrier costumizations) and unlocked it via OEM unlock then updated to . Is there any chance to unlock the device again? Restore TA? Any recommendations what I could have done wrong would be helpful.

iArvee said:
Try relocking via flashtool?
Click to expand...
Click to collapse
[solved ] Bootloader is now sucessfully relocked andBootloader states are back to [Bootloader unlock allowed: Yes] and [Remote Lock State: UnLocked].
I need to mention that I bought a phone without carrier lock with [Bootloader unlock allowed: Yes].
So, for anyone who is interested or might face the issue in the future, here's what I did.
You will need your backed up TA-Partition-Image to restore via iovyroot:
1. Downgrade to Lollipop (32.0.A.6.200 / R2B (STOREFRONT GENERIC)) using Flashtool .
->Therfore select/tick everything in the wipe section when selecting the Lollipop-tft
2. Unmount your SIM, reboot the device
3. Skip everything on the welcome/configuration screen as fast as you can to get beyond the Android configuration screen
(skip wif config, Google-Account setup, untick myXperia services! etc.)
The phone might power off only after a few seconds because of the downgrade. So be fast!!!
4. Once you end up on the home screen, unlock developer options, and activate ADB debugging, grant ADB access (check via cmd: fastboot devices)
again: be fast! --> Don't worry if the phone shuts down again. Just reboot if you were not fast enough.
5. Download iovy.root ( iovy.root. Place TA-backup.img in the iovyroot-folder.
Then I modified "tarestore. bat" to save some time regarding the shutdowns. I used notepad++:
...
set response=
set /p response=Type "y" if you want to restore this file:
if "%response%" == "y" (
echo Starting restore
echo.
adb push "root/iovyroot" "/data/local/tmp/iovyroot" > NUL 2> NUL
adb push "root/restore.sh" "/data/local/tmp/restore.sh" > NUL 2> NUL
...
5. Run CMD as admin. CD to Iovyroot folder.
Restore using tarestore.bat (tarestore.bat TA-2016-xxx.img) as soon as your device boots up to home screen and seems to be connected as ADB device.
( I checked this by running the windows device manager simultaniously)
Wait to end the process.
-->When the restore was sucessfull, the device shouldn't shutdown again.
6. Reboot. Your bootloader is now locked again (but able to unlock via OEM unlock). DRM keys/functionality is restored.

I have the same problem (after i had nougat working incl drm fix and root, also the deodex, tried flashing lower ftf files too when i got this problem, noticed the rebooting, which it does not do at 305 kernel or higher..
I would have hope in your solution, if I could find my ta backups (i have from some other phones, this one, may have been on a crashed laptop, already searched through old hdds)
Could this be because of fastboot flash recovery twrp.img (cause that is something i never done before on the z5c.)
If anyone has a solution other than restoring the ta partition, i would like to know. Because i am very uncertain that i can find those files again...

Same case here z5c unlocked since +/- 1 year and I don't have any TAbackup too
I will try to downgrade to .200 But with bootloader unlock allowed : no ... I don't have much hope
edit : no chance, I tried .200 but without tabackup, I can't do nothing

When I faced this problem I noticed it happened because I wiped TA options with Flashtool. Never do that if you don't want to lose TA partition and all other things connected to it. I could fix it only by flashing TA backup even though I hadn't the timing issue zegovernator had for flashing back TA.
I actually wonder why Flashtool allows to wipe these critical partitions/options

ric69 said:
Same case here z5c unlocked since +/- 1 year and I don't have any TAbackup too
I will try to downgrade to .200 But with bootloader unlock allowed : no ... I don't have much hope
edit : no chance, I tried .200 but without tabackup, I can't do nothing
Click to expand...
Click to collapse
I'm sorry for you. I would recommend updating back to MM since LP gives you immediate shut downs when recognising that your TA is lost/wiped. It's sometime a pain in the ass that stuff gets posted before testing. Nonetheless, you could still try to send in your device back to Sony Costumer Service if you are under warranty (after flashing .200, say that it is "broken" and keeps crashing). However, I would not trust on them sending you a new device.
jutphaas said:
I have the same problem (after i had nougat working incl drm fix and root, also the deodex, tried flashing lower ftf files too when i got this problem, noticed the rebooting, which it does not do at 305 kernel or higher..
I would have hope in your solution, if I could find my ta backups (i have from some other phones, this one, may have been on a crashed laptop, already searched through old hdds)
Could this be because of fastboot flash recovery twrp.img (cause that is something i never done before on the z5c.)
If anyone has a solution other than restoring the ta partition, i would like to know. Because i am very uncertain that i can find those files again...
Click to expand...
Click to collapse
I sorry to say that, but if you lost your TA-backup or didn't even back it up before unlocking the bootloader there is no hope at the moment. You simply can't fastboot because of the Remote State: Locked. It keeps you from accessing the bootloader.

I found my iovyroot TA-backup.img file, I did have a .200 storefront ftf and tried it on that one, which was very anoying as it wants to start a demo , i found an other .200 ftf online which I tried, and the iovyroot seems to work, at that time no reboot, in service menu, the drm keys now seem fine there, Bootloader unlock allowed : No, Remote Lock State: unLocked , fastboot boot or oem unlock still seemed not working well i think that is what it said, (flashtool unlock always seems to, i did try) now i flash a new ftf and try my luck there with the unlock status.
flashing ftf 5.11 flashtool says
03/005/2017 05:05:49 - INFO - Loader : S1_Root_f936 - Version : MSM8994_50 / Boot version : S1_Boot_MSM8994_LA1.2_119 / Bootloader status : ROOTED
And now in 5.11 it also says bootloader unlocked : Yes Lost my drm again
So I am back in flashing and rooting (with drmfix etc) Android 7 again Thanks for sharing this solution!!

So you confirm that TA backup is the only solution to solve the "unlock allowed" bad state, don't you?
This is good for other people because when I faced the problem I was really scared to have messed up my phone!!!

i want to confirm the solution here
i had the same problem and the only way back of it was to downgrade to Lollipop and restore the TA-Partition
i dont think there is a solution if you did not backup your TA and have an image of it.

Yes, the TA restore is the only known solution, and I am glad Zegovernator shared his solution here

Losing and Regaining an IMEI

So, here's my cautionary tale of why jumping into things without research is a bad idea.
TLDR: Nougat Android Pay doesn't like unlocked bootloaders; locking the bootloader can be a bad idea, and IMEI restoration seems to work (at least, if it partially worked with IMEI 0)
I just upgraded to an A2017U from a Nexus 5 on Marshmallow, which had its bootloader unlocked, with SuperSu installed but root disabled and hidden, and Android Pay set up. All fine and dandy.
When I got my Axon 7, I thought it'd be a good idea to unlock the bootloader in case I needed to recover data, so using the Axon 7 Toolkit and some guides, that went just fine.
However, when I tried using Android pay, I found out that it didn't work on bootloader unlocked devices on Nougat, so I thought I'd just lock the bootloader again.
One "fastboot oem lock" later, I found myself in a world of trouble. The phone wouldn't boot, but at least I still had the stock recovery. Tried putting one of the EDL zips on an SDcard to see if it would flash. Nope.
Tried the Axon7Toolkit's EDL mode unbricker, but due to MD5 mismatches/missing files, it wouldn't take.
Tried Tenfar's official B07 EDL flash. Got "Error: Bad format" when I tried it after deleting the two files he mentioned, so somehow, I thought it'd be a good idea to add those files back in and try again. Nope.
Then I tried flashing the B15 EDL image. Somehow got dropped into "Factory Test Mode" and couldn't leave.
Then I flashed the B19 EDL image, which, finally got me back onto a working OS, with a locked bootloader.
At this point, everything connected fine, but I found out that my IMEI was 0 in both SIM 1 and SIM 2. Didn't think about it too much at the time, since everything worked, until I realized I couldn't receive any calls (placing them was fine). The culprit? Wi-Fi calling and VoLTE (on my carrier, T-Mobile) was on. Disabling those worked, but I realized that these technologies probably needed a valid IMEI to work.
Thus, it was time to go back into the business of unlocking bootloaders; I followed the GizDev guide to reprogramming IMEIs, which worked on the rooted, stock B19 image (the only thing the guide doesn't mention is that you need to manually install the 901D driver from device manager; it showed up in the list of already-installed drivers, probably from the XiaoMi flash tool installation).
Now, with the original IMEI back in place, I was elated to find out that Wi-Fi calling and VoLTE worked again! And now, here I am, exasperated yet excited, to have restored the functionality of my Axon before that fated "fastboot oem lock". Now, only if I could find a way to get Android Pay working again...

Use Magisk. If you want to stay stock you have to use an older version. Look at the version used by bad boyz.

I have the same problem that was the method he used to restore his image and helped me to thank infinitely

please help not able to root / not able to boot into recovery

Hi Fellow Users!
I just bought LG v10 yesterday with international warranty even though i live in UAE, the problem is i am following all the steps from "step by step guide to root for tmo" but unfortunately i am not able to boot into phone recovery which is odd for me as i am a long time user of android, is that possible my phone doesn't have one? I tried everything adb, manually but nothing worked, i once booted my phone into recovery via adb but i saw green android picture with no command written on it and fastboot didn't worked there so there is that.
1) i tried dirty_cow but stuck at getenforce "permissive didn't appeared which is must needed, i think its related to my bootloader"
2) should i follow LGUP procedure even i am not sure my bootloader is unlocked?
P.S my phone is TMO although its unlocked to use any network.
Please advise, thank you

Unfortunately flashing KDZ file bricked my phone, :crying:
Now its just off it doesn't turn on tried everything any advise?

Update: Went to LG TechServe and handed over my phone to re-flash the original firmware, bad thing they don't cover international warranties as i live in UAE and the model i have is TMO with international warranty so there's that.
Reason to share the story, may people learn from this.

Have you tried with Kingroot app or kingoroot app? These apps can root many devices.

[Xiaomi MI 5] No IMEI after flashing (bricked phone) / blocked bootloader

Hi All,
at the beginning I'll write a brief what happened. I'm using Xiaomi MI 5. Last week phone just turn off and after this I was unable to turn it on - no response. I started with checking battery contacts and after pushing plugs device turn on, but unfortunately in bootloop. I started to search for any information how to repair, so at first I tried to wipe all data by recovery mode, but it not helped. At next step I flashed phone with new firmawe - I had to do it by testpoints method, because bootloader is blocked and I was unable to unlock this since device is broken (as I saw in tutorial it's needed to bind device with account by Android which wasn't work obviously). Device with new firmware started to work but not recognizing any SIM card - I've checked in options an there is no IMEI. I found tutorial how to repair IMEI and for now I have ready QCN file to upgrade device by QPST software, but there is a problem with entering a phone in diagnostic mode. I used a code "*#*#717717#*#*" but I have a problem with part listed below, because it's demanding super user account:
"adb shell
su
dd if=/dev/zero of=/dev/block/sde28
dd if=/dev/zero of=/dev/block/sdf3
dd if=/dev/zero of=/dev/block/sdf5"
I don't have a root and for now it isn't possible to root device, because there is still blocked bootloader. I tried to unlock device since Android is working again but because there is no IMEI I get errors during binding, so i suppose it's impossible to do without IMEI.
In QPST device is only visible when it's in EDL mode by testpoints method, but I can't upload QCN file bacause I get error: Phone isn't in diagnostic mode.
So what I need for now is to enter device into diagnostic mode somehow and that's why I decided to make a new topic, because at first I've searched many forums and threads but I was unable to find working solution. Please help me if you have any ideas. Thanks!

Resolved
Hi all,
I've manage this problem.
This is how I succeed - maybe it will be helpful for someone
First of all I found a Thread with Mi 5 qualcolm diagnostic drivers. After installing these drivers device was recognized by QPST as in diagnostic mode. Unfortunately another problem came up. "Invalid command from device". I did quick research and it was related to broken EFS, so I needed reapair/reset EFS - but theorically it was impossible without root and for rooting device unlocked bootloader is needed (my is blocked). So finally I found a dial code for EFS reset:
*#*#25327337#*#*
It helped. After this all what I needed to do was to check box in QPST "Allow ESN mismatch" and it successfully wrote QCN file.
Now my IMEI is back
Regards

Corrupted Bootloader & Missing IMEI (But phone still works)

So basicaly I was being lazy and in a rush. I had done something like this before on much older phone(s) with no issues...
I backed up my working LG G5 in TWRP all partitions. I brought exactly the same model for my wife and wanted to restore my backup to that phone (I have made many customisations on my rom and didnt want to have to manually do it all again for her)
However after unlocking the bootloader, flashing TWRP and installing new base rom (all went fine) I then went to restore my old backup onto this new phone, stupidly I ticked all partitions to restore. I have a feeling that I should have only done the larger partitions. Once I rebooted I got the "cant be trusted" message, I reflashed in UPPERCUT but then the phone booted and then had secureboot enabled. I hit the wrong password (as there was none) 30 times which then forced a format. Now the phone boots fine and works 100% BUT...BUT....
I now can no longer unlock the bootloader as I think its trying to use MY phones bootloader (as its unlock.img says its the wrong one, I have tried both MY phones original unlock.img and my wifes new phones unlock.img but both dont work) I cannot relock the bootloader as it says its already locked... this also now means that through LG official software I cannot recover the phone. Only UPPERCUT can see the phone. I can get to download mode and fastboot.
Also the phones IMEI now says 0, this worried me however her SIM card is working 100% fine (I guess that the IMEI
is cached somewhere, but im worried that if I use some cleaning tools it may scrub it and then she will have no network access)
So basicaly if her phone starts to play up (or I want to upgrade it to Oreo / Lineage at a later date) can anyone offer me advice on how to...
A: Fix / Restore the bootloader (I dont mean recovery) Im confused as to if this is stored on a chip or can be reflashed from the kdz firmware images.
B: Resore the IMEI (I have it written down) incase we get any network issues in the future. Can it be resored or regenerated without some fancy hardware, ie only through software.
C: I dont have Root or TWRP access it seems, any way of Getting Magisk or Super SU on a phone without bootloader unlock, root access or TWRP?
I have had many years experience and never bricked a phone but almost did this time.

I decided to post a solution here, because it was one of the first Google results when I was looking for some help.
Long story short, I did exactly same mistake of restoring all partitions, including the EFS, between two same LG devices. Turns out it messes with IMEI, which is a big no no and phone locks. Now you can't unlock the device again, because there is no IMEI to use in unlocking. Also no flashing or erasing anymore, because it just fails.
So the IMEI needs to be restored first.
My phone was in a bootloop constantly showing the "cant be trusted" message, but I managed to fix that using LGUP. Apparently not all partitions are locked, because trying to flash the same system with LGUP fixed the bootloop, but failed to flash clean system and the data that TWRP flashed was still there. Trying to restore system to factory settings also fails, but it doesn't matter.
Fortunately I was able boot the system, which made fixing it easier than you'd expect:
1. Fixing the IMEI from booted system (no root or unlocking needed):
- Access the hidden menu on your device by dialing a proper number. For LG G5 H850 it is *#546368#*#850#
Where 850 in the last part is your phone model. The number will vary for different models.
- Go to SVC Menu -> CRCWIZARD Test
- Switch tab to Auto MID
- Here you can enter your new IMEI and WiFi and BT MAC addresses, or you can just generate it.
You can also use the generate option for all values and then manually change only the IMEI for the original one.
- Press MID Write button and reboot your device.
- That's it. IMEI issue should be fixed now.
2. Now that you restored your original IMEI, you can again unlock your device using the same unlock.bin file that you used to unlock bootloader the first time.
Voila. From now on the device is again unlocked and you can just go back to flashing whatever you need.