DAN ROSENBERG HAS FOUND AN EXPLOIT TO UNLOCK THE MOTO X (AND OTHER DEVICES) BOOTLOADER!!!
Will he release it? Your guess is as good as mine...
Per jcase: Support to be added soon to "Sunshine" unlock app for Moto devices!
jcase said:
Motorola support is yet to be added to the version on the site, stay tuned (and dont update your phones)
Click to expand...
Click to collapse
DO NOT UPDATE YOUR DEVICE OR TAKE ANY OTAS IN THE MEANTIME!!!!!
EDIT 9/22/14: Unlock now available for Droid Maxx, Mini, Ultra, and THE MOTO X!!!
Find the tool at http://theroot.ninja
Cost is $25 per device. Works on 4.4.3 and BELOW, and *some* 4.4.4. You have to try the app to find out. You do NOT pay unless the tool confirms compatibility.
EcHoFiiVe said:
AN EXPLOIT HAS BEEN FOUND BY DAN ROSENBERG EVERYONE.
Sent from my XT1058 using XDA Free mobile app
Click to expand...
Click to collapse
EcHoFiiVe said:
He officially unveiled it at the Black Hat conference
Sent from my XT1058 using XDA Free mobile app
Click to expand...
Click to collapse
samwathegreat said:
AMAZING NEWS!!! Thanks!!!!! I'm researching this now, and will post here as soon as more info is found. THANK YOU FOR THE HEADS UP!!!!!
EDIT: Confirmation posted to REDDIT, HERE: http://www.reddit.com/r/Android/comments/2csyiq/
Click to expand...
Click to collapse
Lots of interest in the Moto X forums.........none here???
Well, when I entered this thread my opinion was "WTF, again, what chance this guy has against Motorola cryptography?" BUT, why not? There is nothing can be gathered from my unlock code, except my IMEI (reverse calculate from the unlock token or database match - both of which are unlikely) which could be used by Moto to re-lock my BL but if they wanted to, they would've done it with the latest update.
I'm going with it!
Good luck, @samwathegreat
CrazyRussianXDA said:
Well, when I entered this thread my opinion was "WTF, again, what chance this guy has against Motorola cryptography?" BUT, why not? There is nothing can be gathered from my unlock code, except my IMEI (reverse calculate from the unlock token or database match - both of which are unlikely) which could be used by Moto to re-lock my BL but if they wanted to, they would've done it with the latest update.
I'm going with it!
Good luck, @samwathegreat
Click to expand...
Click to collapse
Thanks. Keep in mind, we are NOT attempting to crack Moto's cryptography, as I well know that this isn't possible (in my lifetime, at least). Instead, we are trying to find if a single code has successfully unlocked more than one device. There isn't any proof, based on Dan Rosenburg's (author of the Razr M Bootloader Exploit) analysis of the "token validation" logic, that the code is based on the IMEI.....although it COULD be the case. This whole thing is quite the mystery - especially the "China Middleman" aspect of it.
Dan suggests it is based on the particular certificate / key / hash / q-fuses for said devices. And once again....this is ALL based on complete speculation (as I've stated many times (don't care to count how many). )
Thanks to anyone who contributes and thanks for creating this effort! I have a BL locked Mini and it's a 2013 version so not only can I not pay (he only unlocks 2014s right now), but I don't have PayPal and I don't have $45. Really, this might work and so please post your codes if you want to help people like me... we can never know if it works until we try.
Sent from my XT1030 (Droid Mini)
Is there a way to retrieve the code? I'm unlocked via the Tao bao site on the first go around. I used the IM feature on the site to communicate so I don't have the code in an email. I can't remember for the life of me how I signed on to look to see if it's still there. Is the code stored on the device anywhere once unlocked?
Sent From My Droid Ultra
Caseyk621 said:
Is there a way to retrieve the code? I'm unlocked via the Tao bao site on the first go around. I used the IM feature on the site to communicate so I don't have the code in an email. I can't remember for the life of me how I signed on to look to see if it's still there. Is the code stored on the device anywhere once unlocked?
Sent From My Droid Ultra
Click to expand...
Click to collapse
No way to retrieve it from the device itself....and I'm not familiar with Taobao (or how to look up a prior purchase from there). You can try searching your email (if you even received one) for your IMEI, as he usually included it along with the unlock token.
Aside from that, I don't have any suggestions. Thanks for trying to help though.
If moto x gets a way to unlock bl for free, it could help us a lot!
I just wanted to say "THANKS!" to all the ---jerks--- that are putting bogus info into the form.....like "12345", or the most recent "1".....yeah, thanks for the humor you're giving me. Including Mr. XDA username "a"...how original....
Nice to get a good laugh every now and then.....knowing I can simply erase your bogus data away with one simple keystroke... LMAO
Collecting just unlock code make no sense. I think that code AT LEAST a hash code of IMEI. Well it might be not a IMEI but serial number or what ever. They run hashing on security chip and verify the signature. The chance of two phones having the same code is veeeeery low. In another words you won't find equal codes, I know for sure. The only way is to get how they calcualte the code but that would be hard because you don't know what it comes from and you have nothing at all, not even IMEI or serial.
Dragon31337 said:
Collecting just unlock code make no sense. I think that code AT LEAST a hash code of IMEI. Well it might be not a IMEI but serial number or what ever. They run hashing on security chip and verify the signature. The chance of two phones having the same code is veeeeery low. In another words you won't find equal codes, I know for sure. The only way is to get how they calcualte the code but that would be hard because you don't know what it comes from and you have nothing at all, not even IMEI or serial.
Click to expand...
Click to collapse
You might want to re-read the first post...specifically here:
samwathegreat said:
Also, I'm not suggesting that I'm right about this, or even COULD be right about this -- I'm merely suggesting a POSSIBILITY. It is entirely possible (probable, even) that I'm completely wrong / off-track about this. I wouldn't be surprised in the least. In fact, I'm actually EXPECTING it.
Click to expand...
Click to collapse
and here:
samwathegreat said:
OK, sure, we understand that. Now examine the logic. Nowhere does Dan Rosenburg suggest that the TOKEN is unique to a particular IMEI, OR in any way validated or hashed against the IMEI. Only that it is based on certificates / keys / hashes STORED in the CID partition, and blown Q-fuses.
Click to expand...
Click to collapse
and here:
samwathegreat said:
And finally, I'll end this post by saying that curiosity is very important to achieve any new breakthroughs. Making "educated guesses" based on analysis of available data is the only way to make innovations and new discoveries. It's OK to be wrong, as long you use what you have learned to build upon your knowledge and use this information to improve future analytics.
This is a hypothesis based on the [small amount of] data currently available. Nothing more.
Click to expand...
Click to collapse
and in response to:
Dragon31337 said:
The only way is to get how they calcualte the code but that would be hard because you don't know what it comes from and you have nothing at all, not even IMEI or serial.
Click to expand...
Click to collapse
Please consider that we have no interest in what you are suggesting....which is actually breaking Moto's encryption / master key. Based off my knowledge of key / certificate - based cryptography, I am well aware that even IF we had 10,000 VALID unlock token / IMEI combinations, it would STILL likely take -longer than our combined lifetimes- to crack the master key. And that's assuming you are correct about there being a correlation between Token & Serial / IMEI. Have you considered "q-fuses"? Moto very well could have blown q-fuses (identically) in more than one device...
Personally, I have no interest in -that-. I'm not seeing what purpose collecting the IMEI combinations would have, other than deterring people from actually participating in this because they don't want to share their IMEI...
So my questions really is: What are you trying to say that I haven't already? Self-admittedly, this probably won't work....said it more times than I care to count in the first post alone...
And finally, EVERYONE is entitled to their opinion, and I welcome to you "speculate" however you wish! Lets just please not clog up this thread with any more of it. This thread has a specific purpose, and I'd like to keep it at that. Thanks
Many of the Motorola Users who have msm8960 devices unlocked their bootloaders using this method...
http://blog.azimuthsecurity.com/2013/04/unlocking-motorola-bootloader.html?m=1
iAjayIND said:
Many of the Motorola Users who have msm8960 devices unlocked their bootloaders using this method...
http://blog.azimuthsecurity.com/2013/04/unlocking-motorola-bootloader.html?m=1
Click to expand...
Click to collapse
Which doesn't apply at all to this device. That is for the RAZR HD.
iAjayIND said:
Many of the Motorola Users who have msm8960 devices unlocked their bootloaders using this method...
http://blog.azimuthsecurity.com/2013/04/unlocking-motorola-bootloader.html?m=1
Click to expand...
Click to collapse
Topsnake said:
Which doesn't apply at all to this device. That is for the RAZR HD.
Click to expand...
Click to collapse
That is Dan Rosenberg's method. I've mentioned his name multiple times in the OP, as well as his "Token Validation Logic".
Since the Razr M/HD AND the Moto X have the exact same SoC (MSM8960), his token validation logic likely still applies. @Topsnake is correct in that it will not work on the Moto X, but its because that method exploited a vulnerability in TrustZone to write to (blow) q-fuses in the secure area, thereby unlocking the BL.
All of this is described in the OP, but thanks for trying to add some useful info
Hello everybody. This idea is getting alot more interest in the Moto X section, and one user asked if we would be willing to share some details on the data collected so far. Here it is:
samwathegreat said:
Sure! I think everyone deserves to know the current status....
As of RIGHT NOW, we have:
86 submissions
of which 5 are completely and purposely BOGUS
and 2 sets (4 submissions) are -complete duplicates- and were posted from the same IP, within seconds of each other (I wonder if they really thought I wouldn't look at the timestamps / IP addresses?)
zero correlations
What I can also tell you is that IF the build dates entered are correct, we do have 3 sets (6 submissions) that have the same build date and are completely unique codes. This would seem to rule out the previously suggested idea that perhaps all units from a particular build date might use the same unlock-token.
Still need much more data to make any further (useful) correlations.
Hope everyone appreciates the update.... :good:
Click to expand...
Click to collapse
Keep those submissions coming!
MAY I HAVE YOUR ATTENTION EVERYONE:
I've just received word that DAN ROSENBERG has found a bootloader-unlock exploit, and has just unveiled it at the BlackHat conference!!!!!!
I haven't verified it 100% yet, but if true, this is AMAZING!!!!
This means that until patched, we can all now unlock our bootloaders for FREE!!!!!!!!!!!!!!!
:highfive: :highfive: :highfive: :good: :good: :good: :laugh: :laugh: :laugh:
EDIT: Guys, it appears to be 100% True!!!!!!
See the Reddit article here: http://www.reddit.com/r/Android/comments/2csyiq/
He just demonstrated this LIVE @ the Blackhat Conference!!!!
Hopefully it will be released soon for all the guys that missed the China boat.
sent from "my kungfu is stronger than yours" XT1080
That's great news. Hope it pans out for everyone!!
Sent from My Droid Ultra
OMG!!! this is GREAT NEWS FOR EVERYONE WITH A DROID MAXX ULTRA MINI X!!!!!!!
and its only a 3 page document (lol)
i hope he releases it to the public for free!
a new wave of unlocked BL are coming!
thanks for the heads up!
Having missed the China Boat as someone said earlier... This 2013 Maxx owner is hoping anxiously for this to come true quickly.
Related
Okay so I've got a theory about Motorola encrypted bootloaders like the ones on DX and Milestone. What I'm looking for is definitive information on the droid x lockout mechanism. Any information would be greatly appreciated. Also, if anyone knows of a broken DX to utilize for this experiment please let me know. It involves a hardware based process so a complete functional phone is not necessary. This method has been known to work with RSA encryption so it shows promise. Thank you.
MrKaz
From what I've heard, the "key" so to speak, in burned into the CPU itself. Its my understanding the only true way to unlock the BL is with Moto's keys, which we wont be getting any time soon. Whatever your plan is, I wish you the best. But we've had roughly 20+ of these threads come and go on here with everyone thinking they can crack it, and nothing ever pans out. Its a matter of the right people with knowledge and the right equipment to do the job, but those things have just not come together yet.
Once again, I wish you the best!
You may want to contact @aliasxerog, @_mrbirdman_, and/or @nenolod on twitter as they have all worked on trying to break/circumvent the bootloader. @P3Droid may be knowledgeable as well.
Yeah, I realize there's been a lot of threads on this. Having read a good deal of them I've determined that for the most part the consensus is that it can't be done, or at least not by any brute force means. However, I'm interested in other ways like signal injection and other hardware based avenues. After all, it is a chip and chips have flaws... Maybe I don't know enough to realize what it would take, and maybe being too stupid to understand that it can't be done is exactly what is required...
Thanks for all your input
MrKaz
MrKazman said:
Yeah, I realize there's been a lot of threads on this. Having read a good deal of them I've determined that for the most part the consensus is that it can't be done, or at least not by any brute force means. However, I'm interested in other ways like signal injection and other hardware based avenues. After all, it is a chip and chips have flaws... Maybe I don't know enough to realize what it would take, and maybe being too stupid to understand that it can't be done is exactly what is required...
Thanks for all your input
MrKaz
Click to expand...
Click to collapse
MrKaz,
+1 to your idea. Hey, who knows what will work.. with all that is going on, I wouldn't be surprised if the one idea that works..is some off the wall idea such as a chip flaw... Go for it man... I say take the idea and run with it.
best of luck
Your idea is one that I have been working on. All that needs to happened is find a way to dump the info to a computer and resign or make a dummy key to patch and inject back in.. unfortunately I have yet been able to inject anything because once dumped and cleared it doesn't regonize still active.. blah DX
MrKazman said:
Okay so I've got a theory about Motorola encrypted bootloaders like the ones on DX and Milestone. What I'm looking for is definitive information on the droid x lockout mechanism. Any information would be greatly appreciated. Also, if anyone knows of a broken DX to utilize for this experiment please let me know. It involves a hardware based process so a complete functional phone is not necessary. This method has been known to work with RSA encryption so it shows promise. Thank you.
MrKaz
Click to expand...
Click to collapse
Is this the electron starvation method that you speak of? From my understanding, that's a server exploit. Not really useful for a DX.
You want to be gamed up with the isht? #milestone-modders on freenode
gpaulu said:
You may want to contact @aliasxerog, @_mrbirdman_, and/or @nenolod on twitter as they have all worked on trying to break/circumvent the bootloader. @P3Droid may be knowledgeable as well.
Click to expand...
Click to collapse
Boooooooooooooooo...
_mrbirdman_ & nenolod dropped the ball and jumped ship.
P3Droid is better at BS and espionage than development. I mean, who actually uses tranquility? Or hasn't been bricked by it? Beside, what's been the biggest draw TBH has had to their app? The tether patch? If you were me, you'd be LYAO... LOL
As for @aliasxerog, from what I've seen, I've got very little faith that his efforts will pan out. Unless he stops looking to the above mentioned "devs", and starts working with the milestone guys. Especially yakk, who's probably done the most work on the kexec kernel module(Funny, aliasxerog's src makes no mention. He just says he ported it from the milestone efforts.). Yakk hasn't even released all of his code for kexec, so what aliasxerog is working with is incomplete, and certainly not up-to-date. His source doesn't even compile. Not even on my trusty build system that built the first DX overclock kernel module for Froyo, which jumped off JRummy's DX career(Jared didn't even bother to say "hey, mind if I use the module you built?"). Gotta love the DX devs! They bring so much laughter into my life!
.....
With that said, MrKazman, good luck in your efforts.
http://www.and-developers.com/boot:boot_chain
You may want to take a look at this. I think it's about the milestone, but it is similar to if not the same as the droid x
tekahuna said:
Is this the electron starvation method that you speak of? From my understanding, that's a server exploit. Not really useful for a DX.
You want to be gamed up with the isht? #milestone-modders on freenode
Boooooooooooooooo...
_mrbirdman_ & nenolod dropped the ball and jumped ship.
P3Droid is better at BS and espionage than development. I mean, who actually uses tranquility? Or hasn't been bricked by it? Beside, what's been the biggest draw TBH has had to their app? The tether patch? If you were me, you'd be LYAO... LOL
As for @aliasxerog, from what I've seen, I've got very little faith that his efforts will pan out. Unless he stops looking to the above mentioned "devs", and starts working with the milestone guys. Especially yakk, who's probably done the most work on the kexec kernel module(Funny, aliasxerog's src makes no mention. He just says he ported it from the milestone efforts.). Yakk hasn't even released all of his code for kexec, so what aliasxerog is working with is incomplete, and certainly not up-to-date. His source doesn't even compile. Not even on my trusty build system that built the first DX overclock kernel module for Froyo, which jumped off JRummy's DX career(Jared didn't even bother to say "hey, mind if I use the module you built?"). Gotta love the DX devs! They bring so much laughter into my life!
.....
With that said, MrKazman, good luck in your efforts.
Click to expand...
Click to collapse
I love your honesty!
Sent from my DROIDX using Tapatalk
Syco54645 said:
I love your honesty!
Sent from my DROIDX using Tapatalk
Click to expand...
Click to collapse
Beesley doesn't... LOL
http://twitter.com/TheRealBeesley/status/30036655129763840#
@LexusBrian400
build.prop edits vs. Droid X Froyo Overclocking & AP Mode Tethering
Maybe I should put up a donation link, huh? LOL
P.S. I can't help but think your username is a reference to B-Legit's verse on Sideways... Little known fact: The Ambassador himself gave me the handle FreeWELL.
http://www.youtube.com/watch?v=3YXGvsbSjLw
Didn't notice that you mentioned jared. I rather like him. Let's just leave it at that...
Sent from my DROIDX using Tapatalk
Update
I'm getting more and more familiar with this situation every day. I'm also starting to realize what a big problem this is. I've spent a good deal of time pouring over the work they're doing with the Milestone which is kind of the same thing but isn't. Nonetheless I applaud the work they do and donate my CPU to Androinc. After that I've been reading and collecting every Block Diagram, Datasheet, Whitepaper, and post about mbmloader, m-shield, omap, and the like. Yeah, its complicated alright. The fact is though that its just a lock. A lock is a system based on deterrent not prevention. Systems built for mass production have accepted flaws to keep costs down. Chips aren't perfect, code is not perfect. Use the weakness against the system and the lock is picked. The more complex the system the more chances to get in....
Eh, I digress...
Anyone wanting to learn more about this let me know.
The search continues....
Kaz
Motorola, I paid for the Hardware. I can handle my own software and security...
The Bootloader has been bypassed, its just that the custom kernel has no drivers to run.
Ubermicro13 said:
The Bootloader has been bypassed, its just that the custom kernel has no drivers to run.
Click to expand...
Click to collapse
Well ill drive to help out...as long as someone has some snaps on the petro!
Sent from my DROIDX using XDA App
If this is anything like any other locked software, it's based around asymmetric encryption: Motorola HQ has a super-secret key that they use to encrypt their bootloaders, and they put the decryption key on every device, so that only things that are encrypted with their key will be decrypted correctly. The only way we're going to get the encryption key is by sleeping with the CEO of Motorola. It is - by design - not on the device.
The only way to replace the bootloader would be to replace the decryption key with one of our own or by bypassing it completely(using a buffer overflow or something similar).
As much as I want to believe that this can be done, its close to impossible and honestly not worth the persons time to try it, they did a good, well great, job of locking this thing down but ill say that liberty actually makes this feel like a new phone.
Sent from my DROIDX using XDA App
IWHBYD said:
If this is anything like any other locked software, it's based around asymmetric encryption: Motorola HQ has a super-secret key that they use to encrypt their bootloaders, and they put the decryption key on every device, so that only things that are encrypted with their key will be decrypted correctly. The only way we're going to get the encryption key is by sleeping with the CEO of Motorola. It is - by design - not on the device.
The only way to replace the bootloader would be to replace the decryption key with one of our own or by bypassing it completely(using a buffer overflow or something similar).
Click to expand...
Click to collapse
Just take one for the team there buddy.... lol
Sent from my DROIDX using XDA App
what does the CEO of motorola look like?
Enjoy
http://mediacenter.motorola.com/Executive-Team/Sanjay-Jha-31da.aspx
openbox9 said:
Enjoy
http://mediacenter.motorola.com/Executive-Team/Sanjay-Jha-31da.aspx
Click to expand...
Click to collapse
not it *noses*
As you've probably seen, the2dCour has a very tasty morsel of what's to come for us all. He's one of the many great people in #moto-atrix, including Jug6, Edgan, Sogarth, unknown, Brandon15811, and helpful friends, Pauly, dasmoover, cranch, YellowGTO and more, who have been helping me poke at the Atrix for many weeks. Also, if I know anything at all (I don't) it's thanks to [mbm] and Skrilax and xvilka and the others who implemented the hard work of 2nd init and kexec and beat their head against Motorola's signature chain on the previous generation of phones.
But our biggest thanks go to Motorola. A very friendly 'community-minded engineer' at Motorola posted an interesting message in hex on their support forums yesterday. Turns out, maybe it's no joke after all.
(http://forum.xda-developers.com/showthread.php?t=1134786)
This got me to thinking. I was already looking through some of the ascii / hex of the bootloaders. Search for VOID and you'll find something completely new in the HKTW (Hong Kong / Taiwan) build, which is not in the CGs for any prior Atrix bootloader:
Code:
$ strings CG42.img | grep INFO
...
INFOUnlocking your device can permanently VOID your warranty.
INFOThis process cannot be reversed. If you wish to proceed,
INFOreissue the unlock OEM command containing the unique ID
INFOof your device:
On Edgan's engineering phone, the HKTW build enables a command you may all be familiar with:
fastboot oem unlock
It looks as if it asks you to issue the command twice, after giving you a unique ID (based on your phone) you must enter in. Surrounding parts of the CG suggest this will wipe your userdata much like a "fastboot -w" currently does. Our hypothesis about the fuses may also be backwards, and it is unlocking which burns a fuse, thus making this an operation which "cannot be reversed."
So, I think we can all look forward to Gingerbread's release for many reasons!!!
PS. Beyond voiding the warranty, or access to support, such an operation could potentially make your phone ineligible for OTAs, future retail .sbfs, etc... and we do not yet know which carriers will get it. So don't get TOO excited
PPS. If this is headed to the official release, I'd like to give a HUGE thanks to Irwin Proud and all the others who petitioned Motorola to make this happen!
But there's no time to rest. Now we must pressure all the carriers!
Confirmed working for AT&T users!! Eval emailed me the good news this morning, so we tried it on leaked GB for the Atrix 4G on AT&T.
http://briefmobile.com/exclusive-atrix-4g-bootloader-unlocked-with-android-2-3-update
I tested it out on my Gingerbread beta builds.
This is excellent news everyone.
Be patient, we need to see if this update hits all our devices, but when it does, I guarantee there will be no shortage of Roms and Mods that will come as a result.
I actually think Motorola may see a spike in sales when 2.3.3 hits their Atrix phones.
Thank you everyone who showed your support for the Unlock Motorola campaign and went out of their way to make their voices heard. Together we stand and together we claim victory.
Thank you Motorola.
Intresting
Yay!
Of course, the question becomes... what next?
Sogarth said:
Yay!
Of course, the question becomes... what next?
Click to expand...
Click to collapse
Now that Moto's on our side I will (proudly) use my lapdock. How's your awesome Webtop2SD with my mknod sdcard hack going?
But yes, someone must do the much more time-consuming work of porting CM or other AOSP forks. And we have to pray AT&T lets this happen...
eval- 4 president
eval- said:
But yes, someone must do the much more time-consuming work of porting CM or other AOSP forks. And we have to pray AT&T lets this happen...
Click to expand...
Click to collapse
When this happens, I WILL pinch myself to make sure I'm not dreaming!!
If Bell, lets say, got this and at&t didn't, would we be able to somehow port it?
Swyped from my HoneyGlowed Atrix
Way to guy team This kicks ass!
P.S. the2d is a troll..but a damn good one.
Has this been actually verified, (is there a way to verify on an engineering phone?), as unlocking a bootloader, or is this at the moment still speculation as to what might be possible after the GB update?
Could this just be Moto laying the groundwork for a future update which unlocks the bootloader without us having to do it ourselves voiding warranties, etc?
wakka wakka wakka
crossing fingers
wow! That's awesome news! Can't wait to hear if it's verified.
Verified -- http://briefmobile.com/exclusive-atrix-4g-bootloader-unlocked-with-android-2-3-update
Video in a bit.
kennethpenn said:
Verified -- http://briefmobile.com/exclusive-atrix-4g-bootloader-unlocked-with-android-2-3-update
Video in a bit.
Click to expand...
Click to collapse
Im cheesing so hard right now
Sent from my Moto Atrix using XDA Premium App
Very interesting! Of course, if we have Gingerbread, not much point in CM7 for me, is there an ice cream sandwich or whatever in between or after any time soon from the CyanogenMod bunch?
Cheers!
kennethpenn said:
Confirmed working for AT&T users!!
http://briefmobile.com/exclusive-atrix-4g-bootloader-unlocked-with-android-2-3-update
I tested it out on my Gingerbread beta builds.
Click to expand...
Click to collapse
Holy freakin hell!!! Awesome just awesome!! Can ATT actually stop this from happening though?
joshyy_rey said:
Im cheesing so hard right now
Sent from my Moto Atrix using XDA Premium App
Click to expand...
Click to collapse
I have a raging clue right now
Just as I put my Atrix up for sale . Good news if the OTA comes out like this. I'll keep it and see i think!
Now let's get that CWM Recovery on it!
hi everyone, so i recently saw motorola razr m. the thing is, it had motorola markings on it like it is some kind of prototype or test device. it was running jellybean. just the markings were a bit curious, if someone can shed some light on what it was. thanks !
mikeverne said:
hi everyone, so i recently bought a second hand motorola razr m. the thing is, it has motorola markings on it like it is some kind of prototype or test device. it works totally fine, gsm unlocked and its running jellybean. everything runs as it should, just the markings are a bit curious. ive attached a pic to see if someone can shed some light on what it is. thanks !
Click to expand...
Click to collapse
Seems kinda fishy lol
https://forums.motorola.com/posts/0dc68e3f0d?commentId=716757#716757
Somber73 said:
Seems kinda fishy lol
https://forums.motorola.com/posts/0dc68e3f0d?commentId=716757#716757
Click to expand...
Click to collapse
yea i saw that too. but that doesn't really tell me anything apart from the fact that other phones like mine were also sold(which i already knew).
It would be best to just drop the subject. You have something rare, and if you want to keep it, I would keep it quiet. The guys on the Motorola forum are launching a pretty big investigation into this. I would delete your pic and edit your OP. Don't get me wrong, I DO NOT condone illegal activity, but there is a reason these are out in the open...
Regardless of the circumstances surrounding where or how he got the phone, there ought to be someplace where this guy can get answers as to its origin or what it is exactly without everybody overreacting.
Sent from my XT907 using xda app-developers app
It is an Engineering model device and it will have a fully unlocked bootloader Status 1 when you boot into AP Fastboot mode from the boot menu.
It will also have engineering firmware with userdebug testkeys builds unless it was flashed by prior owner to stock or a custom build.
These are very valuable devices to a developer because they can run any firmware, including the engineering bootloaders and radio images, which cannot be run even on devices with unlocked bootloaders via exploit or the official Development edition devices, all of which have a Status 3 bootloader.
The good news is you can run any firmware you like safely on them, but you must flash them manually and you can't run any OTA updates until you do so because they will fail signatures and checksums on engineering builds.
There is also usually a lot of debugging binaries and apps and monitoring components on these builds that you want to disable generally.
It's a great opportunity, but comes with some greater responsibility.
The official forum, as noted above, is an extremely poor place to get this kind of information and is basically useless, as you discovered.
More of these devices have been showing up lately and I have seen several posts by confused users like yourself regarding such phones.
Consider yourself lucky and start learning how to take advantage of your rare device!
It would seem, especially from the reaction by Motorola, that it is indeed an internal phone. I'm guessing they want the IMEI so they can take someone's head off.
I doubt Motorola would go after any end users, they didn't seem too mad at the guy who posted there. Someone inside will probably not be happy after that investigation though
Sent from my XT907 using Tapatalk 4 Beta
cellzealot said:
It is an Engineering model device and it will have a fully unlocked bootloader Status 1 when you boot into AP Fastboot mode from the boot menu.
It will also have engineering firmware with userdebug testkeys builds unless it was flashed by prior owner to stock or a custom build.
These are very valuable devices to a developer because they can run any firmware, including the engineering bootloaders and radio images, which cannot be run even on devices with unlocked bootloaders via exploit or the official Development edition devices, all of which have a Status 3 bootloader.
The good news is you can run any firmware you like safely on them, but you must flash them manually and you can't run any OTA updates until you do so because they will fail signatures and checksums on engineering builds.
There is also usually a lot of debugging binaries and apps and monitoring components on these builds that you want to disable generally.
It's a great opportunity, but comes with some greater responsibility.
The official forum, as noted above, is an extremely poor place to get this kind of information and is basically useless, as you discovered.
More of these devices have been showing up lately and I have seen several posts by confused users like yourself regarding such phones.
Consider yourself lucky and start learning how to take advantage of your rare device!
Click to expand...
Click to collapse
thank you! and btw, that wasn't me who posted in the official forums lol. thats the lase place i would think of posting if i had a prototype haha.
sloosecannon said:
It would seem, especially from the reaction by Motorola, that it is indeed an internal phone. I'm guessing they want the IMEI so they can take someone's head off.
I doubt Motorola would go after any end users, they didn't seem too mad at the guy who posted there. Someone inside will probably not be happy after that investigation though
Sent from my XT907 using Tapatalk 4 Beta
Click to expand...
Click to collapse
thank you! and yea, i agree.
that convo on the motorola forum is hilarious!
buyer claimed he got it from someone he does not know that placed an ad on pakistani forum.
jco23 said:
that convo on the motorola forum is hilarious!
buyer claimed he got it from someone he does not know that placed an ad on pakistani forum.
Click to expand...
Click to collapse
uh, actually im pretty sure he is telling the truth. its sort of a Pakistani craigslist.
RSD is proprietary software, owned by Motorola. While I know it's very easy to find online, it's not intended for public use. The rules of this site forbid discussion of software installation or use unless that software is distributed by Motorola or one of its partners.
That pretty much sums it up. Had he come to xda, he'd have gotten help. He didn't seem too open to helping the Motorola guys out though, so they didn't help him. Don't see why he would lie about that, he's just a poor guy who wants his confidential Motorola property to work for him... By asking the people that someone stole it from... Yeah...
Sent from my XT907 using Tapatalk 4 Beta
guys, i am going to buy a similar "confidential" razr m phone. what do you suggest? is this going to cause software issues like installing new roms or gapps?
dasche said:
guys, i am going to buy a similar "confidential" razr m phone. what do you suggest? is this going to cause software issues like installing new roms or gapps?
Click to expand...
Click to collapse
Nope. Since it's factory unlocked, you should be able to install TWRP and go about flashing whatever you want. It might be a wiser choice to buy a regular handset, since you want have Motorola property all over the front.
EDIT: Long story short, if Motorola website says your phone does not qualify for bootloader unlocking, retry in 24 hours. If your phone is an unlockable version you should receive the unlock code. Thanks to mschumacher69.
mschumacher69 said:
It is common for the website to say an unlockable model is not eligible at first, this has happened in the past to me and to other people. You just wait (for 24 hrs usually) and then it would give you the unlock code. I think it has to do with when you register your phone with the Moto ID. I think it takes 24 hrs for the phone to become unlockable (as long as it is an unlockable model) after you register it with the Moto ID..
Click to expand...
Click to collapse
ORIGINAL POST:
I have a Moto X (2013) with Android 4.4.4 and read here that the I cant root because of the locked bootloader and it seemed I cant unlock it too.
On the Motorola webpage (here) where I can request the unlock code for the bootloader I got this message:
"Your device does not qualify for bootloader unlocking"
I tried submitting the form with the string many times. It failed every time. I restarted the browser, cleared the cache etc until I tried again (probably for the 40th time) and finally a button to request the unlock code showed up. I clicked on it and got some network error being shown that the page cannot be displayed. I then copied the link the browser was trying to open, which looked like this:
(I have no idea if its a good or bad practice to post information which can identify my particular phone, So I have changed the numbers a little for the purpose of this thread)
HTML:
https://motorola-global-portal.custhelp.com/cc/productRegistration/unlockPhone/2E45000111111111/6A5B46010E0001000000000000000000/4AA31B911E16D2EC12A111121C16CB1111FED4E4/?rad=Yes
This is how my original string looked like:
2E45000111111111#1111117363011304D111100581131303131000000#4AA31B911E16D2EC12A111121C16CB1111FED4E4#6A5B46010E0001000000000000000000
I copied this link and in the next hour tried to open it a couple of times. It did not work until the 5th or 6th time when I got to the page which said I should now have received an email with the unlock code (Please note that on the Motorola website I was logged in with a Motorola ID account). Unlock code worked perfectly and I now have the bootloader unlocked (And the phone restored to its defaults, so make sure you BACKUP before unlocking the bootloader!).
I don't know why it worked. My impression is that the webpage where you request the unlock code is just working differently at different times. Why else did I get the code when I was first told that my device could not have it?
Hope this helps somebody in the future.
What moto x variant did you have?
didn't work for me kept saying device does not qualify.
huzaifaaleem said:
What moto x variant did you have?
Click to expand...
Click to collapse
XT1053 -Unlocked Sim International version.
What was written on my receipt when I ordered the phone was Any Carrier/T-Mobile/AT&T
When I contacted Motorola Support they asked for the IMEI and said it did not qualify for bootloader unlock.
I tried many times in the morning and throughout the day. It worked late in the evening. Maybe try more and it could work for you too?
pavel4444 said:
XT1053 -Unlocked Sim International version.
What was written on my receipt when I ordered the phone was Any Carrier/T-Mobile/AT&T
When I contacted Motorola Support they asked for the IMEI and said it did not qualify for bootloader unlock.
I tried many times in the morning and throughout the day. It worked late in the evening. Maybe try more and it could work for you too?
Click to expand...
Click to collapse
Dude, this variant is unlockable, u didn't uncover the secrets of the universe in here...
mschumacher69 said:
Dude, this variant is unlockable, u didn't uncover the secrets of the universe in here...
Click to expand...
Click to collapse
I was told by Motorola website that the phone is not eligible for unlocking the bootloader. I have also searched through any information I could find on this forum and elsewhere on how to unlock it. Nothing I found was helpful. If you step outside of this forum for a minute you would probably realize most people would give up right there. In the end the same webpage worked and gave the code, whats wrong with letting others know?
I am not often around this forum, but maybe for you it is very obvious that a webpage can say no 10 times and then say yes for whatever reason.
got it to work!
Thanks for the info man. I just bought a XT1060 last week and stumbled upon this. First time I tried last night the page wouldnt load. I retired today after work and it sent me the email!
pavel4444 said:
I was told by Motorola website that the phone is not eligible for unlocking the bootloader. I have also searched through any information I could find on this forum and elsewhere on how to unlock it. Nothing I found was helpful. If you step outside of this forum for a minute you would probably realize most people would give up right there. In the end the same webpage worked and gave the code, whats wrong with letting others know?
I am not often around this forum, but maybe for you it is very obvious that a webpage can say no 10 times and then say yes for whatever reason.
Click to expand...
Click to collapse
I'm not saying it's wrong, I'm just saying that it's not this secret link that allowed you to unlock, it's the fact that your model is unlockable that allowed you to unlock. If you kept trying the normal way without going through this "special" link, you would have also been able to unlock.
It is common for the website to say an unlockable model is not eligible at first, this has happened in the past to me and to other people. You just wait (for 24 hrs usually) and then it would give you the unlock code. I think it has to do with when you register your phone with the Moto ID. I think it takes 24 hrs for the phone to become unlockable (as long as it is an unlockable model) after you register it with the Moto ID.
All I'm saying is that trying this hidden link with a model that is not unlockable (i.e: AT&T variant) will not spit the unlock code out.
I am now even more depressed... no CM for me :c we need a hero.
mschumacher69 said:
I'm not saying it's wrong, I'm just saying that it's not this secret link that allowed you to unlock, it's the fact that your model is unlockable that allowed you to unlock. If you kept trying the normal way without going through this "special" link, you would have also been able to unlock.
It is common for the website to say an unlockable model is not eligible at first, this has happened in the past to me and to other people. You just wait (for 24 hrs usually) and then it would give you the unlock code. I think it has to do with when you register your phone with the Moto ID. I think it takes 24 hrs for the phone to become unlockable (as long as it is an unlockable model) after you register it with the Moto ID.
All I'm saying is that trying this hidden link with a model that is not unlockable (i.e: AT&T variant) will not spit the unlock code out.
Click to expand...
Click to collapse
Thanks for the clear explanation.
If I had found this information when I was trying to unlock the bootloader, I would have not posted this thread.
I have included it in the original post so it is easier to find.
wildblade64 said:
I am now even more depressed... no CM for me :c we need a hero.
Click to expand...
Click to collapse
We do, man!
I don't have a Droid Maxx 2 because I only use rootable phones but I stumbled on the instructions on the page at the link below and wondered if this could be a valid method. I know NOTHING about the site, the tools, the instructions, etc. I'm just curious and look around for a breakthrough from time to time.
http://kidapso.com/how-to-unlock-motorola-droid-maxx-2-bootloader/
Doesn't unlock the bootloader, sadly. This phone is on lockdown until Motorola / Verizon decides to give customers the unlock key or until someone figures out a way to hack it but seems doubtful.
This phone is getting nougat though!
turborush said:
Doesn't unlock the bootloader, sadly. This phone is on lockdown until Motorola / Verizon decides to give customers the unlock key or until someone figures out a way to hack it but seems doubtful.
This phone is getting nougat though!
Click to expand...
Click to collapse
Im surprised someone even posted in this forum sadly lol. Have they announced when nougat should be rolling out yet?
Not sure, man. Hoping soon though!
I did explore this option some time back and thanks for posting it.
Unfortunately, that website is just full bull s***. There's no auto root tools, its just click bait.
You go through all the hoops of "click here" and you google all kinds of things trying to find out whether this is malware only to find that when you click on "download" its the age-old scumbag scam of "complete one of the 3 surveys to activate link."
Don't fall for it if you have no idea how to spot a scam. If you do know how to navigate that crap, by all means check it out to see if I'm wrong as I often am. Should you be able to download this alleged auto root tools, reply with instructions, and i'll try to use it on my droid maxx 2.
thanks