Hello. I unpacked bootloader image and get all oem commands:
Code:
oem unlock
oem lock
oem enable-charger-screen
oem disable-charger-screen
oem off-mode-charge
oem select-display-panel
oem device-info
oem poweroff
oem reboot-recovery
oem lkmsg
oem lpmsg
oem edl
LexS007 said:
Hello. I unpacked bootloader image and get all oem commands:
Code:
oem unlock
oem lock
oem enable-charger-screen
oem disable-charger-screen
oem off-mode-charge
oem select-display-panel
oem device-info
oem poweroff
oem reboot-recovery
oem lkmsg
oem lpmsg
oem edl
Click to expand...
Click to collapse
hello bro
where you got those commands?
LEENO said:
hello bro
where you got those commands?
Click to expand...
Click to collapse
Seems like from lk.bin and not abl at all. ABL can't be read like text, while lk can be.
Related
Hello,
my phone has the problem that when i enter fastboot and try to unlock it with "fastboot -i 0x2b4c flashing unlock" it only says "..." and doesn't do anything - for hours.
so is there a way to reset the fastboot mode? (i have the correct driver on the pc and it finds it under devices with "fastboot -i 0x2b4c devices")
The right command is fastboot -i 0x2b4c oem unlock-go
You could also use one of the toolboxes.
Thank you, problem solved!
I was taking a look through the aboot for the Pixel XL, and I have not seen the fastboot command list out yet. This doesn't look like a full list of the available commands, more IDA config testing is needed. I have not tested any of these yet.
Here are the commands listed in the fastboot jump table in aboot:
Code:
flash:bootloader
flash:bootloader_a
flash:bootloader_b
flash:radio
flash:radio_a
flash:radio_b
flash:kstoken
flash:frp-unlock
flash:kernel
flash:ramdisk
erase:
boot
continue
reboot
reboot-bootloader
set_active
oem reboot-download
oem reboot-ftm
oem rebootRUU
dump
oem listpartition
oem listram
oem dmesg
oem last_dmesg
oem update_emmc_partition
oem read_mmc
oem write_mmc
oem test_emmc
oem ufs_get_lun
oem ufs_set_lun
oem erase_phone_storage
oem unlock
oem lock
flashing unlock
flashing lock
flashing lock_critical
flashing unlock_critical
flashing get_unlock_ability
flashing get_unlock_bootloader_nonce
flashing unlock_bootloader
flashing lock_bootloader
oem device-info
oem show-barcodes
oem ramdump
oem getcolorid
oem setcolorid
oem getcid
oem setcid
oem enable-charger-screen
oem disable-charger-screen
oem off-mode-charge
oem select-display-panel
oem readconfig
oem writeconfig
oem easydump
oem readunlock
oem dumpDataCode
oem dsiw
oem dsir
oem ddrtest
oem dump_ram_full
oem get_ks_token
oem get_anti_theft_status
oem sha1sum
oem readmeid
oem refurbish
The following are not listed in the jump table, but listed in plain text:
Code:
oem batt_enable_fast_charge
oem batt_test_pwr_supply
oem batt_for_pa_test
oem batt_disable_safty_timer
oem batt_keep_charge_on
oem uart
oem htc_radio_debug_func
oem htcramdump
oem autordump2storage
Hey there folks, i was trying to find the white bootlogo of pixel in the bootloader img and exploring stuff meanwhile i came through some interesting fastboot secrets....
on a linux machine...
Code:
strings bootloader-marlin-8996-012001-1702151126.img | grep "flashing"
gives output:
Code:
cmd_flashing_get_unlock_bootloader_nonce
cmd_flashing_unlock_bootloader
cmd_flashing_lock_bootloader
%s: flashing kernel
%s: flashing ramdisk
%s: invalid flashing type
invalid flashing type
flashing unlock
flashing lock
flashing lock_critical
flashing unlock_critical
flashing get_unlock_ability
flashing get_unlock_bootloader_nonce
flashing unlock_bootloader
flashing lock_bootloader
Code:
strings bootloader-marlin-8996-012001-1702151126.img | grep "oem"
gives output:
Code:
cmd_oem_flag_batt_disable_safty_timer
cmd_oem_flag_htc_radio_debug_func
cmd_oem_flag_batt_for_pa_test
cmd_oem_flag_batt_disable_tbatt_protect
cmd_oem_flag_batt_keep_charge_on
cmd_oem_flag_uart
cmd_oem_flag_batt_test_pwr_supply
cmd_oem_dsir add=0x%x, value=0x%x
fastboot oem dsir 53
fastboot oem dsiw 51 FF
Usage: oem get_ks_token [frp|ftm|download] [reboot count]
Reset the stored oem panel in device info
cmd_oem_ramdump failed
oem unlock is not allowed
write_allow_oem_unlock failed
oem reboot-download
oem reboot-ftm
oem rebootRUU
oem listpartition
oem listram
oem dmesg
oem last_dmesg
oem update_emmc_partition
oem read_mmc
oem write_mmc
oem test_emmc
oem ufs_get_lun
oem ufs_set_lun
oem erase_phone_storage
oem unlock
oem lock
oem device-info
oem show-barcodes
oem ramdump
oem getcolorid
oem setcolorid
oem getcid
oem setcid
oem enable-charger-screen
oem disable-charger-screen
oem off-mode-charge
oem select-display-panel
oem readconfig
oem writeconfig
oem easydump
oem readunlock
oem dumpDataCode
oem dsiw
oem dsir
oem ddrtest
oem dump_ram_full
oem get_ks_token
oem get_anti_theft_status
oem sha1sum
oem readmeid
oem refurbish
oem batt_enable_bms_charger_log
oem batt_disable_tbatt_protect
oem batt_enable_fast_charge
oem batt_test_pwr_supply
oem batt_for_pa_test
oem batt_disable_safty_timer
oem batt_keep_charge_on
oem uart
oem htc_radio_debug_func
oem htcramdump
oem autordump2storage
cmd_oem_easydump
cmd_oem_flag_autordump2storage
cmd_oem_flag_batt_enable_bms_charger_log
cmd_oem_flag_batt_enable_fast_charge
cmd_oem_ramdump
cmd_oem_flag_htcramdump
oemerr_%x
androidboot.oem_unlock_support=
oemerr_99
Usage: oem ddrtest 0x<addr> 0x<size> <round> [<break>]
Default test: oem ddrtest 0 0 0
ABT_Propdata_oem
NOCError_Propdata_oem
BIMCError_Propdata_oem
use_oem_external_hdcp
oem_pshold_config
/tz/oem
oem=M
/secboot/oem_secapp
/secboot/oem_general
/tz/oem
macchiato_read_oem_pk_hash() failed {0x%x}
oem_pshold_config
ABT_Propdata_oem
NOCError_Propdata_oem
BIMCError_Propdata_oem
i dont want to fire up my device by giving random commands so if you are curious enough and have a spare device, i'd love to know further outputs...
for example the command:
fastboot flashing unlock_critical (will it forcefully unlock?? even verizon???)
please share output of this command if you are on unlocked bootloader (this can help me to find out splash image and other hidden partitions)
fastboot oem listpartition
so far i found two image like files (.rgb) inside bootloader...
dead_battery.rgb
dead_battery_charging.rgb
Thanks in advance if you are going to help me...
the get/setcolorid seems would be useful if someone wants to replace their backplate with an ebay one that has a different colour, my HTC One M9 also has this command.
unfortunately it require the bootloader to be unlocked even if I just wanna use the getcolorid command (which from what it says make no changes to the device)
PS D:\Desktop\platform-tools> .\fastboot.exe oem getcolorid
...
(bootloader) Command is not supported.
(bootloader) Please unlock device to enable this command.
FAILED (remote failure)
finished. total time: 0.097s
This is some good info. If you have anything else please do share with us Verizon Pixelerz because we do have a few members trying to figure out an exploit.. looks like this could help with reverse engineering the lock/unlock method for us. It's a start, right? Thank you very much OP. ?
I tried some of these commands too but many needed the boot loader to be unlocked.
This was on Pixel 2 XL
AndroidUser00110001 said:
I tried some of these commands too but many needed the boot loader to be unlocked.
This was on Pixel 2 XL
Click to expand...
Click to collapse
Too bad we can't get a script to execute these commands in some sequence to trigger a bug that let's us in... I just don't know..
Sent from my Pixel XL using Tapatalk
this is actually a pretty cool post...
my pixel is unlocked and so I haven't had much interest in poking around with the bootloader... unfortunately, I don't have an extra pixel, otherwise I would fir sure be investigating this. very curious. (but unwilling to sacrifice my phone. lol).
C:\platform-tools>fastboot oem device-info
...
(bootloader) Device tampered: false
(bootloader) Device unlocked: false
(bootloader) Device critical unlocked: false
(bootloader) Charger screen enabled: true
(bootloader) Display panel:
OKAY [ 0.190s]
finished. total time: 0.191s
C:\platform-tools>fastboot oem get_ks_token
...
(bootloader) INFO< Please cut following message >
(bootloader) INFO<<<< Identifier Token Start >>>>
(bootloader) INFO83BC9A76DAD508F92D65EA158E53B949
(bootloader) INFO3213EC77833C57857662EC575FCE27DE
(bootloader) INFOB6C64EEAEFE22ABEF859991CF5E5AFDC
(bootloader) INFO31B8E07AD21F9DDBDD3D91EC7E0988BF
(bootloader) INFO50F15CB886907DC162D0C5C2AB5E59B4
(bootloader) INFO8375E5CBB99EA10B59A1A1B83C3E7E5E
(bootloader) INFOD488BA89360F8974A8A35EDBC85A86FE
(bootloader) INFO75AD4F0F53D59445BB84BDB4BAAB2121
(bootloader) INFOCB045E978F029B644B5AD3D136207261
(bootloader) INFO0B93906FECFA423F8A4E6EBA9CB1CA80
(bootloader) INFO3F0FCDF5515506C0DA0343CC52367921
(bootloader) INFO2696BDA5F7D1812757A849C261AB05D4
(bootloader) INFO3CE67FFEC33948BB60BC2EEF5C8599E2
(bootloader) INFOC94C568D143811064ABFFA9734C4FEBB
(bootloader) INFO7F7D3233DC8235B225A5C0A918F0A56D
(bootloader) INFO072D7C6B52AC38761AA25F672150BAAB
(bootloader) INFO<<<<< Identifier Token End >>>>>
OKAY [ 0.540s]
finished. total time: 0.541s
How to Relock Bootloader Moto G4 Plus...
Using Fast boot
And only Relock the Bootloader Don't Replace the Stock ROM....
Please Help....
How to Relock Bootloader Moto G4 Plus
Download firware from here
drive[dot]google[dot]com/open?id=0B6TKJzgog8cjYWZseC1JSTBDd1k
now flash this Official Rom using fastboot by entering following commands.
fastboot oem lock begin
fastboot oem lock begin
fastboot flash partition gpt.bin
fastboot flash bootloader bootloader.img
fastboot flash logo logo.bin
fastboot flash boot boot.img
fastboot flash recovery recovery.img
fastboot flash dsp adspso.bin
fastboot flash oem oem.img
fastboot flash system system.img_sparsechunk.0
fastboot flash system system.img_sparsechunk.1
fastboot flash system system.img_sparsechunk.2
fastboot flash system system.img_sparsechunk.3
fastboot flash system system.img_sparsechunk.4
fastboot flash system system.img_sparsechunk.5
fastboot flash system system.img_sparsechunk.6
fastboot flash system system.img_sparsechunk.7
fastboot flash modem NON-HLOS.bin
fastboot erase modemst1
fastboot erase modemst2
fastboot flash fsg fsg.mbn
fastboot erase cache
fastboot erase userdata
fastboot erase customize
fastboot erase clogo
fastboot oem lock
fastboot reboot
This method is replaced the Stock ROM
And I need only Relock Bootloader
Jayesh143 said:
This method is replaced the Stock ROM
And I need only Relock Bootloader
Click to expand...
Click to collapse
You can only lock it if you have OEM image flshed into the system, which, by default requires all of the commands to be executed and will restore the OEM. You cannot lock it with custom ROM
my boot-loader was unlock in another pc and now i want to relock it but i dont have any files what should i do?
piyu8897 said:
my boot-loader was unlock in another pc and now i want to relock it but i dont have any files what should i do?
Click to expand...
Click to collapse
Just download the files and relock the bootloader. You can do this from any PC.
ZTE Blade S7 impossible to unlock ("fastboot oem unlock" is an unknown command)...
Hi all,
I tried to unlock the bootloader of my ZTE Blade S7, but had no luck.
Followed some similar guides in Internet basically.
When I reboot into the bootloader, I issue "fastboot devices" and I can get the correct information below.
C:\Program Files (x86)\Minimal ADB and Fastboot>fastboot devices
bd9bc873 fastboot
Instead when I try to issue the "fastboot oem unlock" command I get the error message below.
C:\Program Files (x86)\Minimal ADB and Fastboot>fastboot oem unlock
...
FAILED (remote: unknown command)
finished. total time: 0.000s
I tried also with "fastboot oem unlock-go" and "fastboot oem device-info", but they did not work too.
I allowed the "OEM Unlock" option of course.
Any ideas?
Thanks in advance.
Emanuele
same
I'd look through the source code to see what commands it has.