Since we are using engboot, write protection seems to be off, so it appears you can use dd to write to normally write protected partitions such as the bootloaders (ex: "dd if=/sdcard/aboot of=/dev/block/sdd10"). In my testing I was successfully "dd" a backed up aboot (secondary bootloader) partition and also write to the modem partition and have it stick (which means write protection should be off akaik). If you were to "dd" the Chinese bootloaders, you might be able to flash and re-partition onto the Chinese firmware and then use the CROM service to unlock the bootloader from there. I personally don't know too much about this type of stuff and haven't tried to actually "dd" the Chinese bootloader, but for those more knowledgeable, could this potentially work?
Partitions likely needed are:
- rpm (Resource and Power Manager / Primary Bootloader) located at /dev/block/sdd1 (/dev/block/bootdevice/by-name/rpm)
- aboot (AP Bootloader / Secondary Bootloader) located at /dev/block/sdd10 (/dev/block/bootdevice/by-name/aboot)
- xbl (Extended Bootloader) located at /dev/block/sdb1 (/dev/block/bootdevice/by-name/xbl)
- ? located at /dev/block/sdc1
Modifying the bootloader is dangerous and could permanently brick your device. I take no responsibility if you try this and it breaks your device.
Edit 5: Additional Details
qwewqa said:
Since we are using engboot, write protection seems to be off, so it appears you can use dd to write to normally protected partitions (ex: "dd if=/sdcard/aboot of=/dev/block/sdd10"). In my testing I was successfully dd a backed up aboot (secondary bootloader) partition and also write zeros to the modem partition and have it stick (which means write protection should be off). If you were to dd a Chinese bl/ap, you might be able to flash/re-partition onto the Chinese firmware and then use the CROM service to unlock the bootloader from there. I personally don't know too much about and haven't tried to actually dd the Chinese bootloader, but for those more knowledgeable, would this work?
Edit: Modem partition sticks after reboot.
Click to expand...
Click to collapse
@Binary100100 you probably know somebody that knows little bit more about this, tell them to check it out
Magnifik81 said:
@Binary100100 you probably know somebody that knows little bit more about this, tell them to check it out
Click to expand...
Click to collapse
Nope. Don't know anyone specific.
Wish I had the $175 for my insurance deductible, I'd give it a try. All in all, it should work. The hardware is the same.
thescorpion420 said:
Wish I had the $175 for my insurance deductible, I'd give it a try. All in all, it should work. The hardware is the same.
Click to expand...
Click to collapse
Well, if it WORKS, I'm sure the bounty on unlocking the bootloader is a lot higher than $175! ?
DOMF said:
Well, if it WORKS, I'm sure the bounty on unlocking the bootloader is a lot higher than $175!
Click to expand...
Click to collapse
Lets start a thread . . . I am willing to contribute $25.00 :good: into a pool with others here at XDA to the developer who can produce an unlocked bootloader that is rooted with a decent rom that works great and better than stock, something that will fix all of the untold bugs and address the known issues.
Anyone else?
serendipityguy said:
Lets start a thread . . . I am willing to contribute $25.00 :good: into a pool with others here at XDA to the developer who can produce an unlocked bootloader that is rooted with a decent rom that works great and better than stock, something that will fix all of the untold bugs and address the known issues.
Anyone else?
Click to expand...
Click to collapse
$25? Hell think about how much we spend on the phone itself and bill every month.. I'd easily pledge $100 for an unlocked bootloader with twrp support.
That's the 1 thing I don't understand.. this is the most highly sought after phone right now with 0 developer support. I understand the limitations with the locked bootloader but other phones have overcome the same through the works of various motivated individuals. There is no one even interested in trying it seems on ANY carrier forum. Instead we have countless threads with people more interested in getting the nougat update early which will hardly provide anything useful compared to an unlocked bootloader with working root.
serendipityguy said:
Lets start a thread . . . I am willing to contribute $25.00 :good: into a pool with others here at XDA to the developer who can produce an unlocked bootloader that is rooted with a decent rom that works great and better than stock, something that will fix all of the untold bugs and address the known issues.
Anyone else?
Click to expand...
Click to collapse
"Start?" It was started ages ago and it thousands of dollars. https://forum.xda-developers.com/tmobile-s7-edge/how-to/bounty-unlocked-bootloader-s7edge-t3339857
bdvince said:
$25? Hell think about how much we spend on the phone itself and bill every month.. I'd easily pledge $100 for an unlocked bootloader with twrp support.
That's the 1 thing I don't understand.. this is the most highly sought after phone right now with 0 developer support. I understand the limitations with the locked bootloader but other phones have overcome the same through the works of various motivated individuals. There is no one even interested in trying it seems on ANY carrier forum. Instead we have countless threads with people more interested in getting the nougat update early which will hardly provide anything useful compared to an unlocked bootloader with working root.
Click to expand...
Click to collapse
Root right now is just too impractical for most people. I'm still rooted, but for most people it isn't worth the hassle and trade-offs, for many it's worse than stock. I think most people who are really into root probably switched devices. Switching to android N could actually prevent bootloader unlock in this way, unless root for N comes out. That is if this unlock method could actually work, hard to say without anyone experienced in bootloaders and write protection though.
I'd like to find someone with a sm-g9350 to DD a dump of sdd10.
thescorpion420 said:
I'd like to find someone with a sm-g9350 to DD a dump of sdd10.
Click to expand...
Click to collapse
Sdd1 is the primary bootloader, probably also necessary.
Came to the realization that the Chinese bootloader is v2 where all US models are v4. I'd imagine the Chinese nougat update will make it v4, so we wait to try.
Don't want to a be downer or anything but I'm pretty sure you can't just replace the bootloader, even if write protection is off on the Eng kernel. Even if you did replace it you'll have probably bricked your phone.
Sent from my SM-G935T using Tapatalk
dogredwing1 said:
Don't want to a be downer or anything but I'm pretty sure you can't just replace the bootloader, even if write protection is off on the Eng kernel. Even if you did replace it you'll have probably bricked your phone.
Click to expand...
Click to collapse
The thinking is that since the devices are virtually the same hardware wise, there is a chance the bootloader could be replaced. I do agree that there is a good chance of hard bricking though. I haven't done any testing other than apparently successfully dding a backed up version of the same bootloader.
If I wasn't on nougat I would try it if someone posted instructions and devs confirmed the directions are correct..
Sent from my SM-G935T using Tapatalk
I was actually playing with the bootloader, and found this thread when I went to post. I'm going to be pulling fastboot commands also to see if I can find anything interesting. I'm tired of not being able to use a custom kernel
My device is on nougat. Bit I can easily downgrade and test if someone has a rock solid idea. I don't mind bricking as the device has a cracked screen and I have my s6 edge plus to use until the s8 drops...
Sent from my SM-G935T using Tapatalk
Count me in as well!
I have a theory that we can open the BL file in WinRAR and extract the rpm.mbn file from G9350 odin file,
and flash to our device. But I cannot determine which one is for aboot. I have not tested this yet.
aaron007 said:
Count me in as well!
I have a theory that we can open the BL file in WinRAR and extract the rpm.mbn file from G9350 odin file,
and flash to our device. But I cannot determine which one is for aboot. I have not tested this yet.
Click to expand...
Click to collapse
What I know is:
RPM = Resource and Power Manager = Primary Bootloader
ABoot = AP Bootloader = Secondary Bootloader
I believe the boot process is "RPM > ABoot > boot.img (Main OS)", so both the rpm and aboot file would be needed. Also I think the partition layout in the Chinese version is slightly different, so a flash and repartition would be needed after replacing bootloader to actually root. I don't know what the chances success are though, the devices are virtually the same hardware wise, and the Chinese rom with the U.S. bootloader works according to the Verizon fourm, but there is a chance there are other differences what might prevent this from working.
Flippy125 said:
I was actually playing with the bootloader, and found this thread when I went to post. I'm going to be pulling fastboot commands also to see if I can find anything interesting. I'm tired of not being able to use a custom kernel
Click to expand...
Click to collapse
Isn't fastboot disabled on the s7. Also, were your results the same?
qwewqa said:
What I know is:
Isn't fastboot disabled on the s7. Also, were your results the same?
Click to expand...
Click to collapse
Yes, found that out when I started playing with it more. I'm currently reading sdd10 line by line. I did find an entry "Device is unlocked! Skipping verification...". I'm starting to think we need to look into recovery-side exploits. I'm too scared to try and mess with the bootloader too much.
EDIT: If we can find a way to get fastboot working, possibly piggybacking off of Odin, I found a command written in the aboot code 'fastboot oem unlock-go'
EDIT2: Using that command requires some sort of key. May be a dead end.
EDIT3: I'd be willing to test modifying the recovery image to see if it triggers the bootloader's hash checking. If anything, this could lead to writing a custom boot image that would open TWRP.
Related
According to this review, the Australian Razr M can be bootloader unlocked.
http://ausdroid.net/2012/10/30/motorola-razr-m-review/
I went on motodev and can't find any instructions pertaining. I assume this is not the developer version, so how do we unlock or check whether its possible? Does anyone know / has anyone tried on an Australian Razr M?
Is it as simple as fastboot oem unlock? I tried that and this is what happened
C:\Users\jlo.APBC\Dropbox\android\fastboot>fastboot devices
TA676001L3 fastboot
C:\Users\jlo.APBC\Dropbox\android\fastboot>fastboot oem unlock
...
(bootloader) fastboot oem unlock [ unlock code ]
OKAY [ 0.014s]
finished. total time: 0.014s
??? I didn't get any prompt to unlock or anything.
This is for the RAZR i, but the process is the same. You have to get the Device ID, enter that on Motorola's website, and then it will give you the data you need to unlock. Just follow their instructions, and use the thread as a guide also.
http://forum.xda-developers.com/showthread.php?t=1928551
thanks, got the code in my hand
Waiting for some goodies to actually come out ROM wise before taking the plunge, also run the hardware in a bit and be sure 100% no hardware issues
Does anyone know, does simply unlocking the bootloader bar the path for future OTAs? (if you don't do anything else).
Hmm...just by getting the code, you may have already voided your warranty. I'm not sure, though, so don't quote me on that.
As far as OTAs go, no, you will still be able to get OTAs. You would only not be able to get OTAs if you rooted and uninstalled some stock apps, or if you installed a custom ROM. I wouldn't be doing either of those right now, anyway, since I don't think there's a fastboot for the Australian M yet. Once somebody puts that up, you're safe to do whatever you want.
freak4dell said:
Hmm...just by getting the code, you may have already voided your warranty. I'm not sure, though, so don't quote me on that.
As far as OTAs go, no, you will still be able to get OTAs. You would only not be able to get OTAs if you rooted and uninstalled some stock apps, or if you installed a custom ROM. I wouldn't be doing either of those right now, anyway, since I don't think there's a fastboot for the Australian M yet. Once somebody puts that up, you're safe to do whatever you want.
Click to expand...
Click to collapse
Yep by fastboot you mean fastboot flashable system image right?
Always been my rule as well.
I just reread the fine print and it does seem that they want to screw you out of it if you even request the code. That is so lame...
(I get mixed up between different vendors and methods lol... RUU for HTC... fastboot image for moto... odin image for sammy etc.)
wintermute000 said:
Yep by fastboot you mean fastboot flashable system image right?
Always been my rule as well.
I just reread the fine print and it does seem that they want to screw you out of it if you even request the code. That is so lame...
(I get mixed up between different vendors and methods lol... RUU for HTC... fastboot image for moto... odin image for sammy etc.)
Click to expand...
Click to collapse
Yup, a fastboot is a flashable image. The stock fastboots allow you to go back to stock just in case you flash something else and you can't boot up again. It's a good rule to have. Hopefully, the devs here will get the fastboot. I think there's a way to make a fastboot from a stock phone, so even if we don't get a leak, maybe that's a possibility. If you think you might be interested in helping, talk to mattlgroff or p3droid (jimmydafish on here).
And yeah, I figured that would be how they determined to void the warranty. Motorola doesn't have a way to know that you actually did unlock your bootloader, because you can technically relock it. So, the request for the code is their way of keeping track. Lame, but I can understand the reasoning.
freak4dell said:
Yup, a fastboot is a flashable image. The stock fastboots allow you to go back to stock just in case you flash something else and you can't boot up again. It's a good rule to have. Hopefully, the devs here will get the fastboot. I think there's a way to make a fastboot from a stock phone, so even if we don't get a leak, maybe that's a possibility. If you think you might be interested in helping, talk to mattlgroff or p3droid (jimmydafish on here).
And yeah, I figured that would be how they determined to void the warranty. Motorola doesn't have a way to know that you actually did unlock your bootloader, because you can technically relock it. So, the request for the code is their way of keeping track. Lame, but I can understand the reasoning.
Click to expand...
Click to collapse
Well for HTC if you relock, it says 'relocked' not 'locked' in hboot.
Still I guess they warned you but in small print, I was expecting to not pop my warranty until I actually flashed my damned unit.
I'm curious about how much dev work we'll get bearing in mind we're a different variant to the US razr M and different radio, or we will get ROMs that don't touch the radio, etc. etc.
freak4dell said:
Yup, a fastboot is a flashable image. The stock fastboots allow you to go back to stock just in case you flash something else and you can't boot up again. It's a good rule to have. Hopefully, the devs here will get the fastboot. I think there's a way to make a fastboot from a stock phone, so even if we don't get a leak, maybe that's a possibility. If you think you might be interested in helping, talk to mattlgroff or p3droid (jimmydafish on here).
Click to expand...
Click to collapse
OK so I'm unlocked and have recovery installed. I'm keen to help others and make a flashable fastboot of Telstra's stock ICS system. Can anyone give me any tips on how to do it if it's not too difficult and I'll then upload for everyone to safeguard their phones.
pjcons said:
OK so I'm unlocked and have recovery installed. I'm keen to help others and make a flashable fastboot of Telstra's stock ICS system. Can anyone give me any tips on how to do it if it's not too difficult and I'll then upload for everyone to safeguard their phones.
Click to expand...
Click to collapse
I recently purchased a Telstra RAZR M (My first Android) and am keen to look into flashing a custom rom. I'm willing to help out with an upload of the stock rom as well if needed, lets get this ball rolling.
pjcons said:
OK so I'm unlocked and have recovery installed. I'm keen to help others and make a flashable fastboot of Telstra's stock ICS system. Can anyone give me any tips on how to do it if it's not too difficult and I'll then upload for everyone to safeguard their phones.
Click to expand...
Click to collapse
This is a rather uncomplicated thing and I'd be glad to help you get stock images. would you care to get me a little information?
P3Droid made an app that backs up the partition images into and XML.zip and we can use it to make a set of images from the Telstra M.
We are particularly interested in the radio image to see if its possible to flash onto VZW hardware to have an unlocked GSM/HSPA radio.
The process is very simple, you just run the app and it creates the zip file and then you can upload the images for examination.
These images can then also be used in fast boot to restore your phone as well, of course.
Edit: I see he has responded above. Thanks!
Ok will check the app and get to work.
Can't seem to find the app... Any help?
Sent from my Razr M machine
---------- Post added at 06:57 AM ---------- Previous post was at 06:52 AM ----------
jimmydafish said:
This is a rather uncomplicated thing and I'd be glad to help you get stock images. would you care to get me a little information?
Click to expand...
Click to collapse
What info u want? Unlocked, rooted Razr M (Australian version) running stock telstra firmware. Have recovery installed.
Sent from my Razr machine
pj i'm guessing as you have changed your recovery whatever you extract can't be the 100% stock all in one fastboot image though probably possible if you reflash the stock telstra recovery. just guessing
I'm sorry, the app is not available in the market. He posted instructions in the thread in the general forum for the AU fastboot images for pulling the radio image.
He will probably release the app soon too, I was just suggesting it as an easy way to get this done...and now it has been taken care of.
Thanks!
so back to basics: how/when can we get a fastboot stock Aussie M image so paranoid/scaredy cat guys like me can unlock and flash with peace of mind of having an easy stock image rollback option?
BEFORE YOU COMMENT ON THIS THREAD - PLEASE READ THIS POST AND UNDERSTAND WHAT THE DIFFERENCE IS BETWEEN THE BOOTLOADER, PARTITION TABLE, SYSTEM AND KERNEL/RAMDISK!!!!
This post is not about downgrading from lollipop to kit kat in general. It is SPECIFICALLY about and it is ONLY about downgrading the BOOTLOADER (motoboot.img) and the PARTITION TABLE (gpt.bin). The system (system.img) and kernel/ramdisk (boot.img) are NOT the subject of this thread. If you don't understand the difference b/t the bootloader, partition table, system and kernel/ramdisk, then please refrain from posting on this thread and simply read until you understand the difference.
Please do not comment if you do not even know the version of the bootloader you are running b/c you have nothing substantive to contribute then. If you know the version of the bootloader you are running now and know what it was before you upgraded and after you downgraded, great, please let us all know your experience. But if you don't, AGAIN, you have nothing of value to contribute to this thread.
The Moto X 2014 is not a Nexus device - you CANNOT safely downgrade your bootloader (motoboot.img) or partition table (gpt.bin). You risk bricking if you do, especially if you downgrade the bootloader!!!
You need to understand what you are flashing. If you don't understand what you are flashing, read and ask questions before you flash until you do understand what you are flashing. You also need to know what version of the bootloader you currently have before you flash.
Also, you should not attempt to have a bootloader-partition table mismatch in terms of versions. Both your bootloader and your partition table should be the same version - i.e., if your bootloader is the 5.0 bootloader, your partition table should be the 5.0 partition table.
Edited - it looks like mfastboto and maybe even regular fastboot have checks in them to prevent a bootloader or partition table downgrade. However, the OTA updater scripts may or may not have sufficient checks in them to prevent bricking if you have previously upgraded then downgraded the system/kernel/radios and then attempted to take an OTA. For instance, people have reported bricking after flashing to 5.1 then downgrading system/kernel/radios to 4.4.4 then taking the 5.0 OTA = brick.
I've seen alot of stuff about that in the threads. Are you saying that you can't downgrade back to 5.0 or 4.4? Cause I have successfully flashed back to stock KitKat from the 5.1 soak several times. Even flashing partition and motoboot. It just downgraded the tz.
Sent from my XT1095
dustin_b said:
I've seen alot of stuff about that in the threads. Are you saying that you can't downgrade back to 5.0 or 4.4?
Click to expand...
Click to collapse
I am saying exactly what I said in the OP - you can't safely downgrade your bootloader or partition table. And you can't have a bootloader/partition table version mismatch. There are rare exceptions to that like the one for the MX13 that jcase used to root 4.4.
dustin_b said:
Cause I have successfully flashed back to stock KitKat from the 5.1 soak several times. Even flashing partition and motoboot. It just downgraded the tz.
Click to expand...
Click to collapse
Did you use RSDLite to flash motoboot.img and gpt.bin? If so, like I said in the OP, it has checks built into it and it will prevent you from downgrading your bootloader and partition table. mfastboot may have the same checks built in, idk, but I don't think fastboot from the SDK does and that is where people are getting into trouble.
What did you use to flash?
Also, can you post a video showing you doing this w/o bricking? Show your BL version on 5.1, which from what has been reported is 60.14, and then flash the 5.0 BL, which is 60.1 1 and show us that you were able to downgrade your bootloader back to 60.11 w/o bricking. Then once you do that, downgrade the bootloader down to 4.4.4 (I am not sure what the version number is, but once you successfully downgrade you can tell us).
The Q&A forum is littered with people who bricked their devices when they attempted to downgrade their bootloaders.
I think people would be foolish to believe that it is safe to downgrade the bootloader of a Moto X given all the bricks unless you post some proof it is safe.
It might be awhile before I could do a video but I just used fastboot from the SDK. I don't know if it actually downgrades the bootloader. Maybe just the trust zone. I've never actually checked. I wonder if people have noticed but on the 5.1 soak you have to go into developer options and check OEM unlocking now.
Sent from my XT1095
In the past when I downgraded to KK from 5.0, if I tried to flash the old bootloader, it would simply fail to flash. It never bricked. I have also flashed the gpt from KK when downgrading in the beginning. It flashed fine and didn't brick. I don't flash gpt now that I know what it is but the first few times I downgraded, I did flash it.
Edit: I always used fastboot/mfastboot. I can't get RDSLite to detect my Moto X. MDM doesn't detect it either.
dustin_b said:
It might be awhile before I could do a video but I just used fastboot from the SDK. I don't know if it actually downgrades the bootloader. Maybe just the trust zone. I've never actually checked.
Click to expand...
Click to collapse
Honestly, I would not try this as there is no reason to do it. It is dangerous and it doesn't provide any benefit. If you don't believe me that it it dangerous, read on the Q&A forums when people ask for help after bricking their devices - almost always they were attempting a bootloader or partition table downgrade when they bricked. It is just not worth it IMO. You do what you want of course as you seem to believe it is possible but it is not something I would do.
dustin_b said:
I wonder if people have noticed but on the 5.1 soak you have to go into developer options and check OEM unlocking now.
Click to expand...
Click to collapse
That is how it is on the Nexus 6 too.
walrusmonarch said:
In the past when I downgraded to KK from 5.0, if I tried to flash the old bootloader, it would simply fail to flash. It never bricked.
Click to expand...
Click to collapse
why some people get a failed flash and others get a brick, idk, but all you have to do is read on the Q&A forums how many people brick attempting to downgrade the BL and/or PT.
JulesJam said:
why some people get a failed flash and others get a brick, idk, but all you have to do is read on the Q&A forums how many people brick attempting to downgrade the BL and/or PT.
Click to expand...
Click to collapse
Yeah, I've seen people brick it that way. I think I just got lucky the few times I have done it
walrusmonarch said:
I have also flashed the gpt from KK when downgrading in the beginning. It flashed fine and didn't brick. I don't flash gpt now that I know what it is but the first few times I downgraded, I did flash it.
Edit: I always used fastboot/mfastboot. I can't get RDSLite to detect my Moto X. MDM doesn't detect it either.
Click to expand...
Click to collapse
I just don't see why it is ever necessary to mess with the BL or PT. System, recovery, radios, kernel, sure I see why you would do that. If downgrading your BL or PT doesn't provide any benefit to you, why do it?
JulesJam said:
I just don't see why it is ever necessary to mess with the BL or PT. System, recovery, radios, kernel, sure I see why you would do that. If downgrading your BL or PT doesn't provide any benefit to you, why do it?
Click to expand...
Click to collapse
I agree with you. I did it mostly because I didn't know what the heck I was doing back then. I was just flashing away hoping everything would work
walrusmonarch said:
I agree with you. I did it mostly because I didn't know what the heck I was doing back then. I was just flashing away hoping everything would work
Click to expand...
Click to collapse
My first device was a Nexus (GNex) so I flashed with abandon w/o knowing what I was doing and never bricked. When I got my Moto X 2013, I went to the MX13 XDA forum and started to read and am damn glad I did b/c I would have never known. There were tons of people who bricked trying to downgrade. I am sure Motorola had to do a lot of warranty replacements for this reason. Really, there should have been more checks that would prevent bricking and the flash would just fail. There weren't though except with RSDLite. IMO Motorola deserved having the added cost of these warranty replacements.
Hopefully, Motorola has built more checks into the system now where the flash will fail rather than bricking the device, but clearly whatever they have done isn't enough. Again, idk why some people report being able to do this and others end up with bricks, but I don't see the need to do it at all and until it becomes universally safe to do this across the board every time, I wouldn't do it.
JulesJam said:
My first device was a Nexus (GNex) so I flashed with abandon w/o knowing what I was doing and never bricked. When I got my Moto X 2013, I went to the MX13 XDA forum and started to read and am damn glad I did b/c I would have never known. There were tons of people who bricked trying to downgrade. I am sure Motorola had to do a lot of warranty replacements for this reason. Really, there should have been more checks that would prevent bricking and the flash would just fail. There weren't though except with RSDLite. IMO Motorola deserved having the added cost of these warranty replacements.
Hopefully, Motorola has built more checks into the system now where the flash will fail rather than bricking the device, but clearly whatever they have done isn't enough. Again, idk why some people report being able to do this and others end up with bricks, but I don't see the need to do it at all and until it becomes universally safe to do this across the board every time, I wouldn't do it.
Click to expand...
Click to collapse
Yeah, my first android device was a N7 (2012). I flashed away at it like crazy. Sometimes multiple times a day... I guess I just had that same mentality when I started trying to flash the Moto X... It is a good idea to read before flashing. I've been trying out Windows phone recently and managed to flash a rom on my lumia 635 without bricking. I barely read anything, and I probably just got lucky again...
RSDLite seems convenient. I wish I could get it to work for me, along with MDM. Sigh... oh well.
walrusmonarch said:
RSDLite seems convenient. I wish I could get it to work for me, along with MDM. Sigh... oh well.
Click to expand...
Click to collapse
The only thing with RSDLite if you don't want your data overwritten, you have to edit the xml file.
As far as the driver issue, you can try downloading the drivers from root junky's site to see if you can install them that way.
http://rootjunkysdl.com/?device=Android Drivers&folder=Motorola
JulesJam said:
The only thing with RSDLite if you don't want your data overwritten, you have to edit the xml file.
As far as the driver issue, you can try downloading the drivers from root junky's site to see if you can install them that way.
http://rootjunkysdl.com/?device=Android Drivers&folder=Motorola
Click to expand...
Click to collapse
Yep, I have tried those too. No luck. I have at least got fastboot and adb working fine, so its not so bad. Thanks for trying to help!
OK, I changed the title from stating "you will brick" to "you risk bricking".
JulesJam said:
Honestly, I would not try this as there is no reason to do it. It is dangerous and it doesn't provide any benefit. If you don't believe me that it it dangerous, read on the Q&A forums when people ask for help after bricking their devices - almost always they were attempting a bootloader or partition table downgrade when they bricked. It is just not worth it IMO. You do what you want of course as you seem to believe it is possible but it is not something I would do.
Click to expand...
Click to collapse
Ok, so after attempting again I have discovered a couple of things. First, I had to use the fastboot commands from withn the mfastboot folder. I did not use mfastboot commands though. Secondly, it doesnt actually downgrade the bootloader. I think it just downgrades the tz (there is a message about this on the fastboot screen). It did not brick though and I have done this multiple times. But it obviously doesnt make a difference so I'm with you. No one should try this at the risk of bricking their device! My apologies to you @JulesJam. I wasn't trying to be offensive but just thought I would throw it out there since I thought I had done it before. I am far from an expert on these things especially fastboot cause I was on Galaxy devices before this so i never had to use it. I'm kind of like the other guy I have always went by another guide on returning to stock and just thought it should be that way. So again, DO NOT DO THIS AT THE RISK OF BRICKING YOUR PHONE:good:
dustin_b said:
Ok, so after attempting again I have discovered a couple of things. First, I had to use the fastboot commands from withn the mfastboot folder. I did not use mfastboot commands though.
Click to expand...
Click to collapse
I am not sure what you mean fastboot commands w/in the mfastboot folder. Mfastboot
is just motorola's version of fastboot that allows the system image to be flashed as a single image file instead of being broken down into chunks. Unless you manually rename it, it is called fastboot, however some people have manually renamed it and then uploaded it in a zip file and you can find links to it online. I manually renamed mine mfastboot.exe so as to avoid confusion with fastboot.exe from the SDK.
dustin_b said:
I was on Galaxy devices before this so i never had to use it. I'm kind of like the other guy I have always went by another guide on returning to stock and just thought it should be that way. So again, DO NOT DO THIS AT THE RISK OF BRICKING YOUR PHONE:good:
Click to expand...
Click to collapse
Did you use ODIN before? I think RSDLite is similar to ODIN but since I have never used ODIN I don't really know.
But yes, what Samsung does and what Motorola does wrt the bootloaders is completely different as the bootloaders are proprietary. I am just glad to see that there are more checks now than there used to be that prevent you from downgrading at least some of the time.
There are some very sad people on the Q&A forum right now searching for the signed binary files to restore their bootloaders but those have to be leaked and so far, they do not seem to be anywhere accessible by outsiders.
I've done it loads of times too. Everytime I tried to flash back the gpt or motoboot, it just failed (was trying to relock bootloader, never would let me), normal fastboot. Also with the newest version of fastboot it can flash the system files, no need to use mfastboot at all anymore.
nbell13 said:
I've done it loads of times too. Everytime I tried to flash back the gpt or motoboot, it just failed (was trying to relock bootloader, never would let me), normal fastboot.
Click to expand...
Click to collapse
Yeah, again I can't explain why some people just get a failure and others get a brick, but on the Q&A forum you will see there are those who brick attempting to downgrade.
nbell13 said:
Also with the newest version of fastboot it can flash the system files, no need to use mfastboot at all anymore.
Click to expand...
Click to collapse
Last time I tried the latest version of fastboot, it cannot flash the single file system.img. It can flash the system if it is broken down into chunks. So if you are using the fxz with the single system.img, you have to use mfastboot last I checked.
While I am an advocate for device customization and modifications, I also believe there is an inherent need for locked bootloaders. When we unlock a BL and leave it that way so we can run custom ROMs, root etc, we sacrafice the security it provides allowing our devices to be tampered with or redistributed after a theft. I've seen the PSA advising people not relock their bootloaders on anything except stock. That is entirely true for Verizon and EE pixels that were never intended to be unlocked in first place. However I believe its entirely possible to boot properly self signed images on unlockable devices after re-locking.
Now, I'm not saying we should go around re-locking bootloaders with custom firmware installed there's a process. I've done a bit of reading on verified boot. I am interested in utilizing the "YELLOW STATE" so we can run self signed boot images using an "embedded certificate" along with dm-verity disabled. The problem is how can we self sign our boot images allowing boot to continue without compiling from source?
https://source.android.com/security/verifiedboot/verified-boot.html
https://mjg59.dreamwidth.org/31765.html
I found some information & maybe a more experienced DEV can shed some light on if its possible with our Pixel devices. That's really the goal of this thread, to start a discussion which I think is extremely important & hopefully turn into a guide or tool. We shouldn't completely sacrafice security to utilize root or custom ROMs. On my N5X I have a locked bootloader and modified boot/system with Allow OEM unlock disabled. Difference with our Pixels and Nougat BLs is verified boot is strictly enforced.
Please excuse me if this thread seems jumbled or all over the place. I really do want help with this idea tho to help inform and keep us secure. Any input is appreciated.
Well if anybody is interested in re-locking their boot loader with a custom ROM and kernel in place I basically figured out how
Refer to this post
If anybody plans to attempt this and has ANY questions or concerns regarding re-locking their bootloaders in a custom state please don't hesitate to post here. I successfully re-locked my bootloader with custom ROM and Kernel. I also modified TWRP in my kernel to only start via locked down adb with key access. This allows my pixel to be highly secure and still recoverable. Might start a new post highlighting my proceedures and research on this subject.
I still wouldn't do this. What's the point? You will still pass safety net with custom kernel.
As for security you, your device still needs to be decrypted to use TWRP. It should still be as secure. I guess someone can wipe your device if they get ahold of it but that's not really a security risk.
Risk is still huge locking your device with a custom OS.
Sent from my Pixel using Tapatalk
milan187 said:
I still wouldn't do this. What's the point? You will still pass safety net with custom kernel.
As for security you, your device still needs to be decrypted to use TWRP. It should still be as secure. I guess someone can wipe your device if they get ahold of it but that's not really a security risk.
Risk is still huge locking your device with a custom OS.
Sent from my Pixel using Tapatalk
Click to expand...
Click to collapse
It has nothing to do with passing safety net. TWRP can only access the data after the pin is input, true, but leaving a device with an unlocked boot loader leaves the ability to flash modified boot images (a huge attack vector). This is to keep your device yours if it falls into a theives hands. You can not have device protection features on a unlocked Allow OEM unlock device. You're right there is risk but being careful can alleviate the risk. I do this because I want my phone to be a trackable paper weight if somebody takes it. I have established my own chain of trust outside of googles. I have even modified my TWRP side of boot.img to only start with my PC using adb-keys.
Which risk is greater. The risk of losing an unlocked device and it falling into the hands of someone that knows what to do or bricking it relocking it.
I vote the latter.
Its not re-locking that bricks... Its disabling the allow OEM unlock in dev options & screwing with stuff afterwards that may cause a bootloop. As long as you have a signed boot image in place with TWRP or stock recovery that uses your own keys the risk is minimal.
Simple rule... With a locked boot loader on a device where verification is strictly enforced always leave that option ticked if modifying anything.
I'm sorry but people are misinformed. Locking the boot loader doesn't brick if you have a custom ROM in place any more than a stock ROM. Its screwing with things or using a poorly dev'd ROM. If you are like me and can set something up the way you like once and not screw with it you'll be fine. If you do wanna screw with something remember to check allow OEM unlock in dev opts. Don't uncheck until you're 100% sure. It really is that simple.
If you are leaving the toggle open what have you accomplished when it gets stolen? They just issue the fastboot command to unlock it. Yea, it wipes data at that point. But I honestly can't think of anything on my phone that is confidential.
When I'm out n about and using my phone normally (i.e. not modding, flashing etc) I put the toggle to off. If I'm planning on changing anything I toggle it back on & if something causes a bootloop (most probably user error) I can recover. I don't think most people who steal phones care about data either but I keep a lot of keys, passwords etc to networks in my devices storage. I admit its not for everybody, just a way to be more secure and protect a $700+ investment. My phones bootloader isn't just locked, its locked with a persistent root ssh backdoor integrated into system so I can maintain control in the event.
want to re-lock my boot loader ?
Geofferey said:
Well if anybody is interested in re-locking their boot loader with a custom ROM and kernel in place I basically figured out how
Refer to this post
If anybody plans to attempt this and has ANY questions or concerns regarding re-locking their bootloaders in a custom state please don't hesitate to post here. I successfully re-locked my bootloader with custom ROM and Kernel. I also modified TWRP in my kernel to only start via locked down adb with key access. This allows my pixel to be highly secure and still recoverable. Might start a new post highlighting my proceedures and research on this subject.
Click to expand...
Click to collapse
hey,
I as well as plenty of others thought I was clever unlocking it as I mainly wanted to unlock it from EE UK network , its not been touched since ,no custom rooms or root but after reading people are trying to Re-lock it and getting bricked im too scared too try lol its only phone ive got ? Appreciate any help please x
---------- Post added at 10:57 AM ---------- Previous post was at 10:21 AM ----------
sally76 said:
hey,
I as well as plenty of others thought I was clever unlocking it as I mainly wanted to unlock it from EE UK network , its not been touched since ,no custom rooms or root but after reading people are trying to Re-lock it and getting bricked im too scared too try lol its only phone ive got ? Appreciate any help please x
Click to expand...
Click to collapse
Sorry Duhhhh !! Custom u said lol
Geofferey said:
Well if anybody is interested in re-locking their boot loader with a custom ROM and kernel in place I basically figured out how
Refer to this post
If anybody plans to attempt this and has ANY questions or concerns regarding re-locking their bootloaders in a custom state please don't hesitate to post here. I successfully re-locked my bootloader with custom ROM and Kernel. I also modified TWRP in my kernel to only start via locked down adb with key access. This allows my pixel to be highly secure and still recoverable. Might start a new post highlighting my proceedures and research on this subject.
Click to expand...
Click to collapse
Geofferey, Do you happen to know if these commands are still right with LOS 17.1 / Android 10?
(Or does anyone else know?)
PS: Sorry everyone for pumping such an old thread
nullstring2 said:
Geofferey, Do you happen to know if these commands are still right with LOS 17.1 / Android 10
Click to expand...
Click to collapse
Unfortunately no. Now there is avbtool and the process is actually a bit more complicated. Somebody wrote a guide on how to use it externally for another device but I couldn't even follow. I actually find it easier to get the sources for whatever ROM it is I'm trying to sign and set the signing params in config before build.
Here is the guy who did it usually avbtool externally
https://forum.hovatek.com/thread-32664.html
Many instructions here
https://android.googlesource.com/platform/external/avb/+/master/README.md
Geofferey said:
...but I couldn't even follow. /QUOTE]
Well, thats an intimidating introduction, but I'll take look.
That guide appears to be talking about mediatek CPUs which makes it a little confusing.
Any hint on how to get the vbmeta signing key for the google pixel?
Click to expand...
Click to collapse
nullstring2 said:
Any hint on how to get the vbmeta signing key for the google pixel?
Click to expand...
Click to collapse
If you mean how to make your own key to perform signing then
Code:
openssl genrsa -des3 -out avb.pem 2048
If you're asking how to get the same key that Google used to sign vbmeta, it ain't ever gonna happen.
Geofferey said:
Well if anybody is interested in re-locking their boot loader with a custom ROM and kernel in place I basically figured out how
Refer to this post
If anybody plans to attempt this and has ANY questions or concerns regarding re-locking their bootloaders in a custom state please don't hesitate to post here. I successfully re-locked my bootloader with custom ROM and Kernel. I also modified TWRP in my kernel to only start via locked down adb with key access. This allows my pixel to be highly secure and still recoverable. Might start a new post highlighting my proceedures and research on this subject.
Click to expand...
Click to collapse
Is there ANY way to do this on Xperias or LGs?
Geofferey said:
It has nothing to do with passing safety net. TWRP can only access the data after the pin is input, true, but leaving a device with an unlocked boot loader leaves the ability to flash modified boot images (a huge attack vector). This is to keep your device yours if it falls into a theives hands. You can not have device protection features on a unlocked Allow OEM unlock device. You're right there is risk but being careful can alleviate the risk. I do this because I want my phone to be a trackable paper weight if somebody takes it. I have established my own chain of trust outside of googles. I have even modified my TWRP side of boot.img to only start with my PC using adb-keys.
Click to expand...
Click to collapse
It has ALL to do with safetynet/play integrity.
I wouldn't care to leave my bootloader unlocked otherwise.
But I want a rom that passes all security standards without "tricks".
As far as I'm aware, this device (Verizon variant of the T377) has a locked bootloader meaning that getting custom recovery is out of the question. Does anybody know of any way to root this tablet, or of any way to unlock the bootloader?
I need to be schooled.
I know this is the Verizon model and that complicates thi b a but I rooted my Verizon s7 with Odin (prince comsy), and with that I struggled with the same thing I struggled with here. Finding an image for my specific build number. With the s7 I eventually found an IMG that seemed to be one size fits all G930X boot.tar. I tried with other builds from cf auto root before I had found this image with no success. I found images specific to sprint T-Mobile at&t G930T, G930P, etc. No G930v for Verizon. But this G930X worked perfect, well, a few bugs, but worked really well. How could an IMG be modded to be a one size fits all type thing for this tablet? I realize the Tut's for this tablet involve flashing a recovery.img rather than a boot.img but the process can't be much different or more difficult could it be for modding the T377P (sprint) .img to fit the T377V (Verizon) model ? Or am I comparing apples and oranges here? Could a dev give me a quick 101 on this ? Any help would be really awesome.
wastedf4ther said:
I know this is the Verizon model and that complicates thi b a but I rooted my Verizon s7 with Odin (prince comsy), and with that I struggled with the same thing I struggled with here. Finding an image for my specific build number. With the s7 I eventually found an IMG that seemed to be one size fits all G930X boot.tar. I tried with other builds from cf auto root before I had found this image with no success. I found images specific to sprint T-Mobile at&t G930T, G930P, etc. No G930v for Verizon. But this G930X worked perfect, well, a few bugs, but worked really well. How could an IMG be modded to be a one size fits all type thing for this tablet? I realize the Tut's for this tablet involve flashing a recovery.img rather than a boot.img but the process can't be much different or more difficult could it be for modding the T377P (sprint) .img to fit the T377V (Verizon) model ? Or am I comparing apples and oranges here? Could a dev give me a quick 101 on this ? Any help would be really awesome.
Click to expand...
Click to collapse
I am as well very confused. I have no idea where to even start with rooting this tablet.
In the year 2020.
tomiga said:
I am as well very confused. I have no idea where to even start with rooting this tablet.
Click to expand...
Click to collapse
It amazes me how long some devices go without any development. Let's pick this back up.
COMING SOON. Information on any development for this device.
Casper Young said:
It amazes me how long some devices go without any development. Let's pick this back up.
COMING SOON. Information on any development for this device.
Click to expand...
Click to collapse
There's no development because nobody cares enough to try to crack open or otherwise work around the locked bootloader for this device. I got rid of mine years ago for a Tab S4.
Well ****! As I give Samsung the middle fingure and want to run over it with a steam-roller, smash it with a sledge-hammer and shoot it with a 12 guage, then send it to them in itty bitty pieces. My bad! I didn't even look to see if it had OEM Unlock..Drat!
So in response to Casper's post, my T-377V is showing OEM unlock and it activates. I am not sure what that means only is it just false hope? To be honest, this tablet was rescued from the recycling pile and duly erased.
I don't mind taking chances with it b/c I have nothing invested in it. I really haven't gone anywhere with this tablet b/c I have read so many conflicting opinions.
Anybody have any suggestions, I would be oh so grateful.
Its a fake unlocked with false hopes, I own 3 verzions and even tho its says unlocked it really is not. The only thing you can do is flash oem 5.1.1 and temporary root with king root that's about all you can do just enough to side load commands to uninstall blotware and clean it up a little bit.
what about flashing combination file would that make any difference with the bootloader unlocking
pokeperil420 said:
what about flashing combination file would that make any difference with the bootloader unlocking
Click to expand...
Click to collapse
As far as I know that answer would be a no. Combination files are for repairing firmware (in a sense) and not changing OEM status. I wish it were easy to change carriers because T-Mobile devices usually allows me to unlock the OEM. I have since moved on from this device and currently use my S10 Plus or the Samsung Note 10. Good luck.
Casper Young said:
As far as I know that answer would be a no. Combination files are for repairing firmware (in a sense) and not changing OEM status. I wish it were easy to change carriers because T-Mobile devices usually allows me to unlock the OEM. I have since moved on from this device and currently use my S10 Plus or the Samsung Note 10. Good luck.
Click to expand...
Click to collapse
Enable ADB and OEM Unlocking
To execute any tweaks on your device, you will first have to unlock the device’s bootloader. All Samsung devices shipped with a locked bootloader. So in order to perform the unlock process, you will have to enable the OEM Unlock Toggle. Along the same lines, near about every major modifications, calls for the execution of the ADB commands.
But for that, your device needs to be recognized by your PC in the first place in the ADB Mode. In which case, you will have to enable the USB Debugging toggle. The thing with both these options is that they are baked deep into the Developer Options which itself is hidden. So enabling both these toggles calls for a lot of effort. Well, not anymore. Using the Samsung Combination ROM, you could easily do so without any issues as such.
reference source
pokeperil420 said:
Enable ADB and OEM Unlocking
To execute any tweaks on your device, you will first have to unlock the device’s bootloader. All Samsung devices shipped with a locked bootloader. So in order to perform the unlock process, you will have to enable the OEM Unlock Toggle. Along the same lines, near about every major modifications, calls for the execution of the ADB commands.
But for that, your device needs to be recognized by your PC in the first place in the ADB Mode. In which case, you will have to enable the USB Debugging toggle. The thing with both these options is that they are baked deep into the Developer Options which itself is hidden. So enabling both these toggles calls for a lot of effort. Well, not anymore. Using the Samsung Combination ROM, you could easily do so without any issues as such.
reference source
Click to expand...
Click to collapse
It can be done but why would you. It's a glorified kindle lol.
Hey guys, I found this quick and tidy way to get a fastboot console inside the bootloader. You can use it to do stuff like "fastboot format (partition)", etc.
GUIDE:
Go to fastboot mode on your Pixel XL
Open a CMD on the computer in fastboot directory and write in "fastboot flash bootloader pixelcustombootloader.img" (make sure the bootloader is in the directory or else it will not flash!)
Download: s000.tinyupload.com/index.php?file_id=44700284262726497364
Note: I am NOT responsible if this screws up anything.
Also I do NOT know if theres and copyright trouble with this, if there is, Mods go take this down.
I wonder if this is the bootloader that was seen in screenshots that was used to downgrade a Verizon pixel to unlock it?
DR3W5K1 said:
I wonder if this is the bootloader that was seen in screenshots that was used to downgrade a Verizon pixel to unlock it?
Click to expand...
Click to collapse
If the bootloader is locked you can't flash anything or boot anything that isn't signed by Verizon/Google/whoever.
As far as I know there's never been a downgrade workaround available where pixel8 wasn't patched, but could be wrong.
bobbarker2 said:
If the bootloader is locked you can't flash anything or boot anything that isn't signed by Verizon/Google/whoever.
As far as I know there's never been a downgrade workaround available where pixel8 wasn't patched, but could be wrong.
Click to expand...
Click to collapse
There was a guy positing pictures of someone from a cell phone shop where he was recording the procedure that they did to his phone it was a signed bootloader that allowed him to downgrade for an unlock. It was labeled HTC which people thought was weird.
DR3W5K1 said:
There was a guy positing pictures of someone from a cell phone shop where he was recording the procedure that they did to his phone it was a signed bootloader that allowed him to downgrade for an unlock. It was labeled HTC which people thought was weird.
Click to expand...
Click to collapse
Eh.. 3rd party pictures that don't come with a detailed "how to" are 99% BS or marketing.
Like I said I'm not all knowing but I'm pretty in touch with the goings-ons of the pixel and have never heard of a downgrade method for a locked bootloader.
If this shop has a private method of doing so then they sure as hell wouldn't let someone take pictures of the process.
Yea like u said the guy said they were spy shots that he snuck in. Probably bs like you said. I could careless for myself my Verizon pixel is unlocked. Feel bad for those stuck locked though. Wishful thinking I suppose.
Yeah, don't flash your bootloader with anything other than stock google imgs. If your bootloader is messed up, how do you get into fastboot to fix it? Can't change slots either afaik.
Thanks for sharing, this has loads of potential - could be used on-the-go to temporarily recover from the freeze/reboot glitch (flashing stock images tends to lower the probability of the glitch for a day or two), plus we could actually have tetherless TWRP support for Oreo with this as you could use it to fastboot boot the TWRP boot img.
That being said, I'm reluctant to flash a random bootloader on my phone with no info on where it came from. Did you make this? If so is it a patched version of the most recent bootloader? If not, where'd you find it? We need more info.