1. You want that $100.00 in your pocket or an Amazon Fire TV don't you? Well here's the deal. With our new updated look we are in desperate need of an updated logo. The 'old' one has certainly served us well, but it's time. Find all the details here: bit.ly/1q0k6Wa
  2. DroidForums.net is currently undergoing a major software upgrade. If you are experiencing any problems logging in please: Contact Us

unlocking the bootloader?

Discussion in 'Droid Bionic Hacks' started by denpth, Nov 10, 2011.

  1. denpth
    Offline

    denpth New Member

    Joined:
    Feb 2, 2010
    Messages:
    74
    Likes Received:
    0
    Trophy Points:
    0
    so i was looking at some stuff in these update packages and there is a few lines of code i am curious if they hold the key to this

    ifelse(motorola.omapdevtype() == "HS", ui_print("updating HS mbmloader..."));
    ifelse(motorola.omapdevtype() == "HS", assert(package_extract_file("mbmloader_hs.bin", "/tmp/mbmloader.img"),
    write_raw_image("/tmp/mbmloader.img", "mbmloader"),
    delete("/tmp/mbmloader.img")));
    ifelse(motorola.omapdevtype() == "NS", ui_print("updating NS mbmloader..."));
    ifelse(motorola.omapdevtype() == "NS", assert(package_extract_file("mbmloader_ns.bin", "/tmp/mbmloader.img"),
    write_raw_image("/tmp/mbmloader.img", "mbmloader"),
    delete("/tmp/mbmloader.img")));

    it seems there are options here omapdevtype hs and ns and the loader is different for both. any ideas?
  2. dstreng
    Offline

    dstreng New Member

    Joined:
    Sep 22, 2010
    Messages:
    174
    Likes Received:
    1
    Trophy Points:
    0
    Its possible. Where are these lines exactly
  3. denpth
    Offline

    denpth New Member

    Joined:
    Feb 2, 2010
    Messages:
    74
    Likes Received:
    0
    Trophy Points:
    0
    at the end of updater-script in the updates.
  4. dstreng
    Offline

    dstreng New Member

    Joined:
    Sep 22, 2010
    Messages:
    174
    Likes Received:
    1
    Trophy Points:
    0
    hmmm. mine seems to be encrypted. urs isnt?
  5. denpth
    Offline

    denpth New Member

    Joined:
    Feb 2, 2010
    Messages:
    74
    Likes Received:
    0
    Trophy Points:
    0
    the updater-script not updater-binary
  6. dstreng
    Offline

    dstreng New Member

    Joined:
    Sep 22, 2010
    Messages:
    174
    Likes Received:
    1
    Trophy Points:
    0
    cant find these
  7. denpth
    Offline

    denpth New Member

    Joined:
    Feb 2, 2010
    Messages:
    74
    Likes Received:
    0
    Trophy Points:
    0
    meta-inf/google/android/updater-script
  8. denpth
    Offline

    denpth New Member

    Joined:
    Feb 2, 2010
    Messages:
    74
    Likes Received:
    0
    Trophy Points:
    0
    just got a tweet back from p3droid this string infact determines if your device is a dev device or consumer device, i am going to go on a limb and say that dev devices have unlocked bootloaders, so now we just need to figure out a way to load the unlocked bootloader vs the locked one? am i right in thinking the mbmloader is a bootloader?
  9. brad92
    Offline

    brad92 New Member

    Joined:
    Sep 29, 2010
    Messages:
    4,498
    Likes Received:
    16
    Trophy Points:
    0
    Location:
    TEXAS
    Didn't they try to do that with the D3 and it bricked?

    Boot Manager
  10. denpth
    Offline

    denpth New Member

    Joined:
    Feb 2, 2010
    Messages:
    74
    Likes Received:
    0
    Trophy Points:
    0
    im not sure, i literally just discovered this today. it really seems viable considering there is two versions in our update packages, we would have to find a way to load this, or trick the string into returning a different value.
  11. dstreng
    Offline

    dstreng New Member

    Joined:
    Sep 22, 2010
    Messages:
    174
    Likes Received:
    1
    Trophy Points:
    0
    I think ur correct. The eFuse I believe is what bricked the D3. I may be wrong though

    Sent from my DROID BIONIC using DroidForums
  12. denpth
    Offline

    denpth New Member

    Joined:
    Feb 2, 2010
    Messages:
    74
    Likes Received:
    0
    Trophy Points:
    0
    if what i read is correct efuse blows the device if its unapproved software, but what i am talking about is a motorola developed mbmloader thats in NS mode which then in turn unlocks the bootloader. (did a little more research, the mbmloader seems to be the "keys" persay that let the mbm know if its running in locked or unlocked mode.) so by us getting the mbmloader to go in NS mode (non secure) by loading in the mbmloader_ns.bin we should effectively unlock the phone and then from then on, the device will stay unlocked because the phone will report that is is a dev phone. So either we need to trick the update into thinking these are dev phones, or manually load them ourselves, which seems to be a kernel thing if i am reading correct. So that last option is out because we cannot load custom kernels. So basically we need to trick the update patch into thinking its a dev phone, or change the script to load the NS version instead of the HS version. Can CWM run this kind of code?
  13. dstreng
    Offline

    dstreng New Member

    Joined:
    Sep 22, 2010
    Messages:
    174
    Likes Received:
    1
    Trophy Points:
    0
    Very unsure but this sounds promising

    Sent from my DROID BIONIC using DroidForums
  14. denpth
    Offline

    denpth New Member

    Joined:
    Feb 2, 2010
    Messages:
    74
    Likes Received:
    0
    Trophy Points:
    0
    likewise now if we can just get a dev in on this. Because this is about as far as my skill takes me, i can understand but i cant do much more.
  15. 1KDS
    Offline

    1KDS Premium Member Premium Member

    Joined:
    Jan 1, 2011
    Messages:
    355
    Likes Received:
    20
    Trophy Points:
    0
    Does p3 have anything else to say about this or just that it is there to determine dev or consumer phone?
  16. denpth
    Offline

    denpth New Member

    Joined:
    Feb 2, 2010
    Messages:
    74
    Likes Received:
    0
    Trophy Points:
    0
    He says that it determines which device it is. He also basically said it cant be done, but I just think that this route has to be possible. It is possible to flash a bootloader. Yes there was a bricked 3 but that was with unofficial firmware. This is technically official. I tried flashing it but the file knew that this wasnt a dev phone. So basically if we can find out where the status of dev vs consumer is and hack this we can flash it. I still cling to the notion that there is hope here. I feel this is closer than we have gotten, so its worth exploring further if only to just find out that this is just another way it wont happen u know? the question is how did the guy that bricked his 3 flash the mbmloader with a custom. The chip will fry if its unofficial firmware hence his.being fried but.the process must be similar for our phones and this is official firmware so if we cqn write it the.same way it should work.

    Sent from my DROID BIONIC using DroidForums
  17. sos567656765
    Offline

    sos567656765 New Member

    Joined:
    Dec 22, 2009
    Messages:
    115
    Likes Received:
    0
    Trophy Points:
    0
    What i am curious about is if we were to simply rename the hs and ns copy of the bootloaders what would happen?

    Will the update see that it is a consumer phone and flash the hs bootloader that is now actually the ns loader... food for thought.
    I have actually been working on this for a while as well as a few other things that i am making very little headway on.
  18. sos567656765
    Offline

    sos567656765 New Member

    Joined:
    Dec 22, 2009
    Messages:
    115
    Likes Received:
    0
    Trophy Points:
    0
    I have been analyzing the two bootloaders and the differences are minimal. if we can get the right people working together this might be a really viable option.
  19. denpth
    Offline

    denpth New Member

    Joined:
    Feb 2, 2010
    Messages:
    74
    Likes Received:
    0
    Trophy Points:
    0
    Unfortunately we cannot modify the update packages in any way. If u do it messes with the signature verification of the stock recovery. Basically we either need to write it in the same way they tried on the 3 or somehow finding out where the value (motorola.omapdevtype()) is located and changing the value. Any thoughts on how to start.
    Sent from my DROID BIONIC using DroidForums
  20. denpth
    Offline

    denpth New Member

    Joined:
    Feb 2, 2010
    Messages:
    74
    Likes Received:
    0
    Trophy Points:
    0
    Bump for hope.

    Sent from my DROID BIONIC using DroidForums
Search tags for this page

motorola ns or hs

,

ns-14t004 bootloader

,

omap bootloader ns

,

sensei raw bootloader device

,

unlock bootloader xt910