Database Users

DX Bootloader encryption key idea

So I had an idea today...I'm sure the geniuses that have gotten the Dx and D2 this far have already tried it; but I cannot find any information on it. What if we tried the good old fashioned trick of cold booting:
Google princeton cold boot. I cannot paste links.
I am going to make my best efforts to try this, but I know there are many people that are far better than I. I will let you know of my results, if I ever achieve any.

I think this is an interesting idea, and have read a lot about this being done on laptops... would be interested to see if this works for the android system...
It would only work if the keys are stored in RAM tho... and I think the keys are hard coded into a chip (thought I heard this somewhere...could be 100% wrong)
Anyways...would be interested to see some of the devs try this...

No idea if this would work but if this could be pulled off it would be a pretty epic hack

This looks to rely on the ability to run custom OS/Software. Since our current hacks involve loading *after* the kernel, I doubt this would work.
Kinda like a chicken before the egg problem.

It requires custom rims on another host. Realistically all you need is for the princeton program to read the ram from a different partition. Im sure it can be modified to mount the phone and read the ram from there.

Kinda as an acknowledgement/off-shoot of what zaphod has said...
What if a second init process could be kicked off to hijack the boot process kinda like what koush did..
If the ram could be dumped quick enough... Would this work? I'm not a dev, but do a lot of sys admin work and understand many of the concepts for kernels, and boot processes...
Just trying to help throw out ideas and get the creative juices florin for those who can develop.
Ps, zaphod, thnx for all ur contributions on this forum, many of ur posts have helped me.a TON

Just Chiming In
That's kind of what unrevoked did:
I know we have completely different phones, but this is basically how they cracked HTC:
They found out that in the booting of the phone, during the init, adb would start, but then immediately get killed off by HTC's init. what they did then was found out that if they inserted an SD card into the phone at the precisely exact time (between when ADB started and got killed off by MOTO) so that it would be read right before ADB was killed by MOTO, it would hang MOTO's init, so they had full adb access during the init process, which allowed them to run the phones STOCK recovery alongside ADB. Firstly it allowed them to get root, then once they got root what they basicall did was kick off a LEGIT system update through the phones recovery and then SWAP it for a payload right in between when the phone finished the key checks and started writing the new system....
I know that we have two different things going on here.... but if they did this, I'm sure we could pull something like swapping kernels during load.....
MAN I wish Unrevoked got and tried to crack the X, but they focus on HTC phones.

Any way to send this idea the devs' way without looking pushy? I think from a technical stand-point this is a worthwhile idea to look into...or at least give some thought to it...

thinking about it further
After thinking about this more I think the answer has to lay in this exploit. We are right in stating that the key is actually burnt into a chip somewhere. However, we must remember that there is some key generation going on during the bootloader phase. Thus: at some point the correct key is stored in memory as the phone correctly boots. If the phone boots, the key is laying someplace in memory. It's just a matter of finding it.
I haven't had time to play with this yet, hopefully I will have some time this week or weekend. I am very confident that this will work, it's just a matter of figuring out how to get the program that reads the memory to look at my phone, not my computer.

lilott8 said:
After thinking about this more I think the answer has to lay in this exploit. We are right in stating that the key is actually burnt into a chip somewhere. However, we must remember that there is some key generation going on during the bootloader phase. Thus: at some point the correct key is stored in memory as the phone correctly boots. If the phone boots, the key is laying someplace in memory. It's just a matter of finding it.
I haven't had time to play with this yet, hopefully I will have some time this week or weekend. I am very confident that this will work, it's just a matter of figuring out how to get the program that reads the memory to look at my phone, not my computer.
Click to expand...
Click to collapse
Liliott,
I'm really glad you are looking into this. I've read about this hack for pc's and think there may actually be something to this. I feel like if we could have something that hijacked the boot process real similar to Koush's recovery then if someone could write a program that would dump NVRAM (I think this is the equivalent to the phone RAM) this would work. With this said, I believe that the devs originally working on cracking the bootloader were able to get NVRAM into "engineering mode" (don't remember the exact terminology off the top of my head)....but I still am thinking this idea should definitely be given more credit and looked into.
I would love to help, but I don't have any dev experience, so I'm somewhat at a loss there....Thanks for pursuing this!

The key you need (presumably an RSA key) wont be stored anywhere on the phone at all.
What happens is that Motorola produce new software for the phone and sign it with their private key (that only Motorola have). This is then sent to the phone. (OTA or whatever they do) The phone verifies the signature using a public key burned into the ROM of the phone (i.e. you cant change it without physically modifying the hardware somehow)
The best hope to break the bootloader on this phone is to reverse engineer it and look for an explot, as has been done on Moto phones in the past (various Motorola MOTOMAGX linux phones have been cracked open this way)

jfwfreo said:
The key you need (presumably an RSA key) wont be stored anywhere on the phone at all.
What happens is that Motorola produce new software for the phone and sign it with their private key (that only Motorola have). This is then sent to the phone. (OTA or whatever they do) The phone verifies the signature using a public key burned into the ROM of the phone (i.e. you cant change it without physically modifying the hardware somehow)
The best hope to break the bootloader on this phone is to reverse engineer it and look for an explot, as has been done on Moto phones in the past (various Motorola MOTOMAGX linux phones have been cracked open this way)
Click to expand...
Click to collapse
Question:
Ok, I know that this will pretty much fall flat, but I have to ask. The Milestone, and OG Droid are pretty much the same phone. Do they have the same boot loader, just unlocked? If so is it the same as the X? The reason I'm asking is it might be easier to crack the Droid since it's already unlocked?
It might be like looking at the lock from inside out trying to figure out how it opens, vs trying to open the lock by looking at it from the outside.
Also, does the MOTO use "goldkeys" like HTC did at one point in time, or have they moved on from that?
On another point, MOTO changed their keys from 2.1 to 2.2, and the phone accepted them. That tells me that it's possible. How much time that will take, I don't know.
Finally, is there any way to "intercept" the process like unrevoked did? I mean if we could get adb working while recovery is working, we could start the recovery process using a legit OTA, and overwrite the zip through adb AFTER verification and before the actual copying. That shouldn't set off the fuse, right?
ideas?

dreamersipaq said:
Question:
Ok, I know that this will pretty much fall flat, but I have to ask. The Milestone, and OG Droid are pretty much the same phone. Do they have the same boot loader, just unlocked? If so is it the same as the X? The reason I'm asking is it might be easier to crack the Droid since it's already unlocked?
It might be like looking at the lock from inside out trying to figure out how it opens, vs trying to open the lock by looking at it from the outside.
Also, does the MOTO use "goldkeys" like HTC did at one point in time, or have they moved on from that?
On another point, MOTO changed their keys from 2.1 to 2.2, and the phone accepted them. That tells me that it's possible. How much time that will take, I don't know.
Finally, is there any way to "intercept" the process like unrevoked did? I mean if we could get adb working while recovery is working, we could start the recovery process using a legit OTA, and overwrite the zip through adb AFTER verification and before the actual copying. That shouldn't set off the fuse, right?
ideas?
Click to expand...
Click to collapse
The Milestone has a locked bootloader, and hasn't been cracked for a year.
Sent from Eris with Froyo

TheSonicEmerald said:
The Milestone has a locked bootloader, and hasn't been cracked for a year.
Sent from Eris with Froyo
Click to expand...
Click to collapse
I really am not trying to sound (too) rude when I say this, but
Did you even READ my whole post?
Yes, the Milestone is locked, but the Droid (the Milestone's US twin) is not.

*Golf clap*
Gotta love it when people reply to a post without even reading a few sentances of the post they are directly replying to. It is understood that the Milestone's bootloader is locked, he was questioning how close the hardware and programming were between the OD (Original Droid) and Milestone aside from the lock being activated in the Milestone. It is the general consensus that the same lock and efuse functions exist in the OD but they are not activated. If this is true then it might be beneficial to see if any of the developers out there with a spare OD test to see if they can figure out how to activate the lock on an OD and then potentially have a better understanding of what might be involved with de-activating it.

Thanks!!!
JinxtPhoto said:
*Golf clap*
Gotta love it when people reply to a post without even reading a few sentances of the post they are directly replying to. It is understood that the Milestone's bootloader is locked, he was questioning how close the hardware and programming were between the OD (Original Droid) and Milestone aside from the lock being activated in the Milestone. It is the general consensus that the same lock and efuse functions exist in the OD but they are not activated. If this is true then it might be beneficial to see if any of the developers out there with a spare OD test to see if they can figure out how to activate the lock on an OD and then potentially have a better understanding of what might be involved with de-activating it.
Click to expand...
Click to collapse
rant
*Bow*
I'm glad that there are still people out there that have a reading comprehension above that of a wet mop. I won't insult them and say they have a low IQ though
I hate it when you take the time to put something that you though about up and someone comes along, reads the first sentence, and (without making any effort to finish the paragraph or REALLY think about what the person is trying to say) spew up crap equivalent to that of the "First" post on blog comment boards.....
/rant
Any haxzors? is this liable, possible, waste of time?
*please don't reply with "waste of time". give us some reasoning, otherwise your post does not help us at all*

The reason it might now
The reason why it actually might not fail is this:
When the system boots, it runs it magic RSA/PGP/AES encryption. It then takes that and compares that to its bootloader routine that it loads. Where does it store the bootloader encryption result to compare to the system boot key? If you guessed memory you would be correct. Now if it stays in memory we will have the golden ticket. If Motorola is smart, and wipe that part of the memory upon OS boot, then it's a matter of timing. If we can get that key, we can, potentially, intercept the bootloader, present the key that we stole and boot our own bootloader/cooked rom.
I think there is quite a bit of potential here.

*Clapping continued...*
I'm glad to see more people finally chiming in on this topic. Call me naive...but when it comes to the dev communities, it seems like "where there's a will...there's a way"
They had made decent progress on cracking this (kinda...) maybe this idea is one that should be looked into (probably said this like 5x in this thread now...oh well)
Thank you to dreamerispaq and Jinxt, appreciate you guys throwing some comments in here

did the release of the 2.2 SBF help at all? If there was a kernel change from 2.1 to 2.2, wouldn't a method be inside of the SBF? Is there any way to hijack the SBF to allow installation of a custom Kernel and ROM?
Shouldn't there basically be an entire phone image inside of the SBF file? If so, would it be possible to alter pieces of that to create some kind of exploit, or use RSD Lite itself and altered SBF's to load up custom kernels and ROMS?
I'm just chucking stones blindly here, I know this is way above my skill level, but I can't help thinking that a full SBF should help similar to the way you can pull the system image from an HTC RUU.

giventofly17 said:
did the release of the 2.2 SBF help at all? If there was a kernel change from 2.1 to 2.2, wouldn't a method be inside of the SBF? Is there any way to hijack the SBF to allow installation of a custom Kernel and ROM?
Shouldn't there basically be an entire phone image inside of the SBF file? If so, would it be possible to alter pieces of that to create some kind of exploit, or use RSD Lite itself and altered SBF's to load up custom kernels and ROMS?
I'm just chucking stones blindly here, I know this is way above my skill level, but I can't help thinking that a full SBF should help similar to the way you can pull the system image from an HTC RUU.
Click to expand...
Click to collapse
Unfortunately, I don't think so. The issue is that both sets of keys are probably hashed and encrypted.... so even if we pulled out the private key out of the SBF that motorolla used, we'd have to brute force it to decrypt it. If, let's say they were smart and used something like RSA as stated above, it'd take a super computer a couple of decades to crack it.
A brute force attack is not going to be helpful here I'm afraid. I'ts going to be more of a lets look at the code, and see if we can find a flaw somewhere in moto's coding that we can use to our advantage.
That's why I recommended looking at the OD. If it shares the same bootloaded, it's already uncloked. Maybe we could take it, reverse engineer it, and look at the calls it makes, where it looks for files, what order it loads things in, etc.... THIS would be more beneficial IMHO.

Questions on rooting and SIM unlocking (S4 eumk2 4.3)

Hey guys,
I'm new to this forum. A while back I found a phone in the gas station bathroom that I was working at. I kept it under the desk with a note and of course the camera watching it in case it disappeared without a customer picking it up. No one ever came for it and after 2 weeks (company policy) I took it home with me. Anyway, I've just been using it on my wireless internet and playing games, however my phone contract just ran out on my crappy verizon old flip phone and I want to go to straight talk and use this one.
So, I bought the Straight talk byop kit which includes a sim card for the phone, however, the SIM card that's meant for AT&T phones is too small for this one for some reason, however the TMobile one fits in it perfectly fine. The problem is that it's a tmobile sim card and I'm sure you all know that I need to unlock the phone to get it. So, last night I spent about 4 hours searching for ways to unlock it. I see it's possible to do it for free using the system settings phone codes, but the code combinations don't seem to work for me.
*#0011# - When i key enter 1 it doesn't do what the video I was watching says it's supposed to do.
*#9090# - Restarts my phone after I hit the what I'm told to.
There's another I tried however, I can't remember the code, it takes me to the debug menu, however option 6 isn't there to give me access to phone options or whatever.
So, I gave up as my laptop battery started to waiver around 10% and went to sleep.
Now, today, I hopped on and attempted to figure it out again, but got bored really quick, stumbling accross the same stuff I tried last night, so I tried rooting it thinking that getting admin access to my phone would make option 6 appear when I entered that number. I was wrong, but hey, I successfully rooted my phone so it's cool.
Anyway, I just want the SIM card to work. I really don't care if I have to unlock my phone or whatever, I just want my phone to be able to make calls. So if unlocking my phone works, please help me, if there's a way to get the super small AT&T SIM card to work, then that's be great.
I'm sure you need some of my phone info to help me out so here we go.
It's a Samsung S4 on 4.3 firmware, rooted. It's an I337 and the baseband version says I337UCUEMK2.
If you need any other information to help me out, please feel free to ask. I tried calling AT&T already btw, they said without a phone number they won't provide me with an unlock code.

http://forum.xda-developers.com/showthread.php?t=2595457
I have tried this and it works
Sent from my SAMSUNG-SGH-I467 using Tapatalk

jmjoyas said:
http://forum.xda-developers.com/showthread.php?t=2595457
I have tried this and it works
Sent from my SAMSUNG-SGH-I467 using Tapatalk
Click to expand...
Click to collapse
I honestly don't understand 90% of the words in that post... Is there a post or article that'll teach me the basics to rooting and unlocking? I'd really love to do custom roms and everything. I honestly thought when I rooted my phone it'd give me admin access and the hidden system management options would become open to me.
Anyway, hope you can help, my wife is getting on my case about getting it unlocked. If I don't have it done tonight, she's going to make me add the straight talk to a different phone instead of this one and I really don't want to use a cheap piece of junk straight talk phone.

NeoGriim said:
I honestly don't understand 90% of the words in that post... Is there a post or article that'll teach me the basics to rooting and unlocking? I'd really love to do custom roms and everything. I honestly thought when I rooted my phone it'd give me admin access and the hidden system management options would become open to me.
Anyway, hope you can help, my wife is getting on my case about getting it unlocked. If I don't have it done tonight, she's going to make me add the straight talk to a different phone instead of this one and I really don't want to use a cheap piece of junk straight talk phone.
Click to expand...
Click to collapse
I'm doing research on getting a custom rom installed right now, I'm looking at Carbon ROM. I guess I have another question, is there any roms that give me full access to system manager or whatever it's called when you enter those numbers?

Okay, I made an attempt to use your walkthrough, method 2. I went and downloaded odin, and tried to flash the mdl modem however they don't exactly explain in the walkthrough how to do that, I figured I'd take a hit at it and went to do it and odin says it failed.
Is there a walk through I can read through to find how to flash?
I'm not sure what safestrap is, I can't find it on my phone and google only brings up droid ones for me as far as I've seen. It sounds like if I get the mdl modem on my phone that because it unlocks the hidden options in system manager I just have to do that and use the system manager walkthroughs I've seen to go ahead and unlock it.
EDIT: Okay, I got safestrap installed, now I'm just trying to figure out how to get a different modem installed, any help there? I'm looking and asking around but I'm not seeing anything.

Please Help! Note4 (SM-N910P) Messed Up by 6.0.1 MM update!

I am a cancer survivor, trying to rebuild my career after 3 yrs in hospital and 7 months in intensive care ( I was NOT expected to live had last rites read 3 times)
I, now back and trying to get real work going, was making my Proposal and new Graphics and VR Scenes, and was just about to apply for funding for my VR Startup (focused on creating Teaching and Training Tools Ironically) and suddenly, my ONLY WAY TO VIEW MY WORK my Note 4 has gone to pot! The thing never worked right after the 6.0.1 update, I may have over filled the internal chip too and that was the last straw,..
Symptoms:
1) It Reboots over and Over,.
2) When I go into recovery boot mode, it 1st shows Android guy and says 'Installing Updates' then into boot menu
3) Whenever I boot I see it saying 'FINALIZING UPDATES' then second window pops up 'Updates Installed Successfully' This should not happen every time I boot.
4) Will take forever then NOT Boot at All, I have to take battery out for 1+ minutes then it will boot
I have gone to EVERY Conceivable Website, (I have been trying to fix it for 8 days 16-18 hours a day and pot after pot of coffee tearing my hair out, My entire career rests on the line right now. Took me over 3 days of non stop Rebooting trying to get into Developer mode and turn on USB Debugging. Allow Unknown Sources and Delete Caches. All thing that 1 of the 30 Youtube and WWW AndroidFLASHING Step by Step videos and webpages I have completed repeatedly all to no avail (ODIN ALWAY FAILS< I TRIED EVERY SINGLE RELEASE OF ODIN 'FAIL FAIL FAIL FAIL'. The info out there is so sparse and inadequate, the 'EASY STEP by STEP sites send one to to SITES LIKE THIS: https://samsung-firmware.org/model/SM-N910P/ I suppose I am to GUESS which of the 20 files WON'T BRICK MY PRECIOUS WORK TOOL.. Which one for my NOTE 4 SM-N910P???
and send me to sites like this: http://odindownload.com/Samsung-Odin/#.WKq-728rKOk I suppose I'm to GUESS which of the 8 versions WON'T BRICk MY PRECIOUS WORK TOOL.
Someone please help! ACTUAL REAL HELP, THE HELP I GET IS always:
"Just go FIND ONE OF THE STEP BY STEP Android FLASHING WEB PAGES." Great,../. Been there done that, 50 times... (and nearly every site)
ODIN Fails Every Time. I see the option for: 'flash from SD card', but there seems to be NO Info out there about that, (sparse at best certainly NONE of the type of info I remember from the 1990's when Step-By-Steps included ALL THE STEPS< and no, language shortcuts, or half terms , or GOD FORBID acronyms the person has to waste time asking about and waiting again for a response...)..)
Somehow I don't think I've bricked my phone, in all this 'trial and error' step by step garbage,.. It will still boot into the 'factory reset I did 8 days ago,. (still reboots spontaneously within a few moments) , uses battery too fast, all the bad stuff mentioned by the HUNDREDS OF PEOPLE online about what happened to their Note 4 when MarshMallow 6.0.1 came out,.. I wish I could go back to 5.1.1 but 5 days trying tell me that will not happen. (of course simply REFLASHING 6.0.1 to try to get a perfect copy hasn't worked either,.. Anyways, like all online info, the info about ODIN is so sparse and incomplete I am essentially GUESSING and doing Trail and Error, (there are FOUR sometimes 5 slots in Odin whee you can link to an MD5 file (?) or etc.. and I have yet to find a page that mentions WHAT the Categories are, (they say : BL, AP, CP, CSC, UMS,. Means nothing to me and I after over a week haven't found anything actually helpful..
I am an Animator and CGI Artist that worked in Hollywood for 20+_ years, if you need an Animated LOG or a VR Advertisement for your service, you help me get back up and running I will create you a Logo, or Animated Character Avatar or Environment and Advertisement in a Virtual Reality Video for upload to Youtube VR and Facebook VR,..? Scratch my back get back scratched! I am also a Orchestral Composer and recording Artist I can make you a custom score piece, Page opening, or? , or music for your Youtube page etc, I can sound like a Full Orchestra so realistic you will think its the real deal! .
SORRY if I sound upset or frustrated, ( I am,) My life is breaking and my career is dying right before my eyes, I can NOT afford a new VR device of any kind, I was trying to GET FUNDING - though this week introduced by the dam bad or corrupt update has probably made my funding impossible, that was the time I had to work... but I have to keep trying anyways ;~) PLEASE HELP! THANK YOU IN ADVANCE
EDIT: I found out one thing here at XDA so far!
"They are they same except for csc settings.
SPR will give you sprint branding and csc.
XAS will give you regular samsung branding. "
COOL, THANKS XDA< I hate Anything to do with Sprint, I use my Note 4 for developing VR ONLY in the new 2016 Gear VR - I'm one step closer I sense,.. ;~)
update 2:
i BOOTED MY PHONE TO TRY TOP TAKE THE NEXT STEP (THAT I CAN'T EVEN REMEMBER NOW IT'S GOTTEN SO CRAZY) ooops caps, and it took up the whole screen with:
"UPDATE AVAILABLE: Download and Install" I about jumped up and down happy thinking, surely they noticed the the 6.0.1 update nearly destroyed the Note 4's (and if not the hundreds of people complaining about it online should have told them) UNFORTUNATELY< it crashed halfway through, I re-booted it finished downloading, I finally clicked APPLY NOW, it seemed to do all the usual stuff and turned it self off, then 'UPDATING Android'
It got to 25% and DIED> (Literally there is the 'DEAD ANDROID with ERROR underneath it'
Whoever makes these updates must have hired that programmer that sent out the Windows NT Death By UPDATE LOOP mistake a decade or so back,. . Well, that's it. I can't do the HOME+Volume up+Power trick anymore, in order to have any control,. the HOME+Volume Down+Power still brings me to the download screen, but as 8 days of frustration tells me that is a useless setting and the whole ODIN thing is a joke (perhaps an actual joke by some hackers or something)/// Even if ODIN DID Work, I am unable to get any of the files i need, I get 'network errors' on downloading the Flash File from https://samsung-firmware.org/model/SM-N910P/ It will NOT DOWNLOAD< I have tried every day for days,.. (If anyone knows of a source for the file (s) I Need for ODIN and a SM-N910P that doesn't want to Charge $ to download, (or take forever then cancel out). I would surely appreciate it,. Be nice to at least TRY the binary that is supposed to be the 'correct' file,..
Though I think I am beating a dead horse. I am afraid of myself tonight, I want relief, I want peace and this damn stress to go away,.. I want to end it so badly now, I see no future, no hope, nothing good will ever happen again in my life and I cant even see the Virtual Worlds I create,. There finally, Truly is no reason to continue.
THANKS SAMSUNG FOR DESTROYING MY TOOL AND MY ART AND MY WORK AND MY FUTURE.
and my LIFE.
Robert

just found this thread. so.. are you ok? have you solved this?

Broken Phone HELP PLZ ?*♂️

Hi, so I recently smashed the H*** out of my Essential Phone. I put my sim in my wife's old Nexus to try and get back into the Gmail account I've had for 10+ years, and they've forced 2 step verification onto my account and will not let me use my number for recovery. The ONLY way to complete this verification is to use my Broken Essential Phone to accept screen prompt. So here's my question... I was rooted, with TWRP and Custom rom but do have Full Back ups on my computer, so if I were able to get another essential phone and root it, would I be able to then restore the factory image and back ups I had created for this old essential phone onto the new device and gain access to my Gmail account that way, or am I totally out of luck unless I fix my smashed phone enuf to get to the screen on to accept screen prompt to verify my identity....? Any insight here is greatly appreciated. I have 1000's of $$ invested in that Gmail and have been unable to access it for a week now. Google has been zero help. Sorry if. This is posted in the wrong space, I haven't been here in a while.

Kushmin05h said:
Hi, so I recently smashed the H*** out of my Essential Phone. I put my sim in my wife's old Nexus to try and get back into the Gmail account I've had for 10+ years, and they've forced 2 step verification onto my account and will not let me use my number for recovery. The ONLY way to complete this verification is to use my Broken Essential Phone to accept screen prompt. So here's my question... I was rooted, with TWRP and Custom rom but do have Full Back ups on my computer, so if I were able to get another essential phone and root it, would I be able to then restore the factory image and back ups I had created for this old essential phone onto the new device and gain access to my Gmail account that way, or am I totally out of luck unless I fix my smashed phone enuf to get to the screen on to accept screen prompt to verify my identity....? Any insight here is greatly appreciated. I have 1000's of $$ invested in that Gmail and have been unable to access it for a week now. Google has been zero help. Sorry if. This is posted in the wrong space, I haven't been here in a while.
Click to expand...
Click to collapse
A few years back you used to be able to get a new phone install TWRP create a backup on new phone and then copy the files from the old phones backup into the new backup folder (with the new unique file number). But think I read this doesn't work anymore on new version (but not sure you'll have to check yourself or hopefully someone here knows)
Even if that works what type of 2FA is it? Authenticator or SMS?
https://support.google.com/accounts/troubleshooter/4430955?hl=en
without a backup code it may not work anyhow
if you can see your screen but touch is not working just plug a mouse into the usb & click away! If screen is blacked out but rest of hardware good easiest to buy a replacement screen as cheap or use usb-hdmi hub to mirror screen (not sure if Essential phone requires any input to set up as haven't tried with this phone)
If other hardware damage it will depend, but as rooted you are in with a chance. Is usb debugging on?

Thanks for your response, Google has been zero help and I've definitely considered ordering a screen to see if I can get the old device to work, but the og screen is detached from the chip board, as far as I can tell it will power on with some serious prompting, but idk if it's actually trying to boot up or in some kind of safe mode detecting the screen is missing, or just wrecked completely...? Lol the notification Light stays red until the battery dies. I've considered maybe trying to clone the esn of my old essential phone to another phone to try to trick their servers that way but idk if they recognize the device via that (The ESN) or tokens generated locally on the device, and the more I think about it, the more I think the latter sounds more logical considering the nature of the beast I'm fighting here... Seems It would b wildly irresponsible of them to rely solely on esn to identify a "Trusted" device. Idk what to do, lol except cry... I'm basically at a loss at this point, so I will order a screen and go from there I guess, if the screen option doesn't work. You'd think with the money they have, they'd have some type of account recovery team, or a way to recover in the event something like this happens, or someone to speak to at the very least, the can verify my account in seconds over the phone, but do literally nothing for me, nor let me speak with or point me towards anyone who can.... And this is a pretty common issue it seems after lookin at their "Community help section" it's literally top to bottom ppl complaining about what I'm looking to "get help" with. There is zero reason they should be forcing 2fv on my account it's shut off in my account settings, I can get far enuf to c them, just doesn't let me change anything with out "Signing in" and verifying. Nor does it give me the option to use my only ACTUAL set up recovery option on the account, a code via text. It's almost like theyre protecting all my own s***, from me. The owner. Makes zero sense to me.

It sounds like when you setup the essential, you configured your Google account to use the *device* (via the Google app) for verification. I've done this also, but I have an old device also configured to authenticate. So the pop-up screen appears on both.
If you use a computer to log into your Google account (not gmail) on the screen that is waiting for verification, there should be a link to try a different method. Hopefully you setup a secondary email address in addition to the gmail account one.
Edit: start here https://support.google.com/accounts/answer/7682439?hl=en
OT: I realize you are frustrated, but it would be easier to pick out the relevant information in your posts if they were not one long paragraph.

Bypass the lock screen

Hi all - I imagine this has been asked a thousand times before, but I am new here and in need of some real help.
My brother recently passed away, and his phone (Huwei P Smart 2019) mysteriously went into Airplane Mode, and has no sim card. The lock screen is on and none of the 'usual' numbers or patterns he used appear to work. This phone was his lifeline before he died, using it to speak to doctors and care workers - which is why I do not think he set it to airplane mode himself.
Shortly after he died a 'friend' went to his house to 'secure valuable belongings' and he had my blessing to do so. When I managed to get there, and secure those belongings myself, lo and behold the phone was locked.
Apparently, it does this when it powers up after the battery drains. Apparently, (according to the 'friend') on a reboot it shows a lock screen... and somehow goes into airplane mode. All I know is his two other older android phones do not have passcodes and all are open and accessible after a reboot - I've already been able to check these for data easily enough. I cannot even see what version of the OS is installed, but I'd guess it is the default that the phone came with.
I am not an Android user, and am certainly not a 'power' user of any device, so I don't know if what the 'friend' is telling me is total BS or not. What I do know is there is likely to be some essential information stored on that phone, let alone photos and memories that his family would like - I am specifically looking for any details of his medical treatments and messages he might have received just before he died.
I've trawled around countless 'phone repair' booths in countless malls, and everyone tells me the same thing - it can be opened, but you have to wipe the phone. Obviously, I don't think that'll help as a) I don't want to reuse the phone and b) I need the data from it to help with an ongoing case.
So, the question is, can it be done... and if so, how?
Thanks in advance to all who reply.

Not sure if I believe the story.
Probably with testpoint, with unlocktool, with chimera, with EFT dongle.

I've tried some methods the testpoint methods I tried all erase the data.
All other working methods are on youtube search for huawei frp without data loss and similar search strings, and click on Related videos.
Don't connect the Android to Internet to avoid security update.
Try the method with sim card with PIN however that may need a previous version security.
If there is important data wait some time and check youtube again however there are fake videos on there.
If it's too important probably someone can attack it through some method.
However if you have no good reason to attack this device better move on I do not believe the story with deceased relative and whatever is on the device maybe it's water under the bridge move forward. If not then it is a high cost in your time effort money patience better invested elsewhere.
Whatever the case not judging