unlocking the bootloader?

Discussion in 'Droid Bionic Hacks' started by denpth, Nov 10, 2011.

  1. denpth
    Offline

    denpth Member

    Joined:
    Feb 2, 2010
    Messages:
    74
    Likes Received:
    0
    Trophy Points:
    6
    Ratings:
    +0
    so i was looking at some stuff in these update packages and there is a few lines of code i am curious if they hold the key to this

    ifelse(motorola.omapdevtype() == "HS", ui_print("updating HS mbmloader..."));
    ifelse(motorola.omapdevtype() == "HS", assert(package_extract_file("mbmloader_hs.bin", "/tmp/mbmloader.img"),
    write_raw_image("/tmp/mbmloader.img", "mbmloader"),
    delete("/tmp/mbmloader.img")));
    ifelse(motorola.omapdevtype() == "NS", ui_print("updating NS mbmloader..."));
    ifelse(motorola.omapdevtype() == "NS", assert(package_extract_file("mbmloader_ns.bin", "/tmp/mbmloader.img"),
    write_raw_image("/tmp/mbmloader.img", "mbmloader"),
    delete("/tmp/mbmloader.img")));

    it seems there are options here omapdevtype hs and ns and the loader is different for both. any ideas?
     
  2. dstreng
    Offline

    dstreng Member

    Joined:
    Sep 22, 2010
    Messages:
    174
    Likes Received:
    1
    Trophy Points:
    18
    Ratings:
    +1
    Its possible. Where are these lines exactly
     
  3. denpth
    Offline

    denpth Member

    Joined:
    Feb 2, 2010
    Messages:
    74
    Likes Received:
    0
    Trophy Points:
    6
    Ratings:
    +0
    at the end of updater-script in the updates.
     
  4. dstreng
    Offline

    dstreng Member

    Joined:
    Sep 22, 2010
    Messages:
    174
    Likes Received:
    1
    Trophy Points:
    18
    Ratings:
    +1
    hmmm. mine seems to be encrypted. urs isnt?
     
  5. denpth
    Offline

    denpth Member

    Joined:
    Feb 2, 2010
    Messages:
    74
    Likes Received:
    0
    Trophy Points:
    6
    Ratings:
    +0
    the updater-script not updater-binary
     
  6. dstreng
    Offline

    dstreng Member

    Joined:
    Sep 22, 2010
    Messages:
    174
    Likes Received:
    1
    Trophy Points:
    18
    Ratings:
    +1
    cant find these
     
  7. denpth
    Offline

    denpth Member

    Joined:
    Feb 2, 2010
    Messages:
    74
    Likes Received:
    0
    Trophy Points:
    6
    Ratings:
    +0
    meta-inf/google/android/updater-script
     
  8. denpth
    Offline

    denpth Member

    Joined:
    Feb 2, 2010
    Messages:
    74
    Likes Received:
    0
    Trophy Points:
    6
    Ratings:
    +0
    just got a tweet back from p3droid this string infact determines if your device is a dev device or consumer device, i am going to go on a limb and say that dev devices have unlocked bootloaders, so now we just need to figure out a way to load the unlocked bootloader vs the locked one? am i right in thinking the mbmloader is a bootloader?
     
  9. brad92
    Offline

    brad92 Silver Member

    Joined:
    Sep 29, 2010
    Messages:
    4,496
    Likes Received:
    16
    Trophy Points:
    153
    Location:
    TEXAS
    Ratings:
    +16
    Didn't they try to do that with the D3 and it bricked?

    Boot Manager
     
  10. denpth
    Offline

    denpth Member

    Joined:
    Feb 2, 2010
    Messages:
    74
    Likes Received:
    0
    Trophy Points:
    6
    Ratings:
    +0
    im not sure, i literally just discovered this today. it really seems viable considering there is two versions in our update packages, we would have to find a way to load this, or trick the string into returning a different value.
     
  11. dstreng
    Offline

    dstreng Member

    Joined:
    Sep 22, 2010
    Messages:
    174
    Likes Received:
    1
    Trophy Points:
    18
    Ratings:
    +1
    I think ur correct. The eFuse I believe is what bricked the D3. I may be wrong though

    Sent from my DROID BIONIC using DroidForums
     
  12. denpth
    Offline

    denpth Member

    Joined:
    Feb 2, 2010
    Messages:
    74
    Likes Received:
    0
    Trophy Points:
    6
    Ratings:
    +0
    if what i read is correct efuse blows the device if its unapproved software, but what i am talking about is a motorola developed mbmloader thats in NS mode which then in turn unlocks the bootloader. (did a little more research, the mbmloader seems to be the "keys" persay that let the mbm know if its running in locked or unlocked mode.) so by us getting the mbmloader to go in NS mode (non secure) by loading in the mbmloader_ns.bin we should effectively unlock the phone and then from then on, the device will stay unlocked because the phone will report that is is a dev phone. So either we need to trick the update into thinking these are dev phones, or manually load them ourselves, which seems to be a kernel thing if i am reading correct. So that last option is out because we cannot load custom kernels. So basically we need to trick the update patch into thinking its a dev phone, or change the script to load the NS version instead of the HS version. Can CWM run this kind of code?
     
  13. dstreng
    Offline

    dstreng Member

    Joined:
    Sep 22, 2010
    Messages:
    174
    Likes Received:
    1
    Trophy Points:
    18
    Ratings:
    +1
    Very unsure but this sounds promising

    Sent from my DROID BIONIC using DroidForums
     
  14. denpth
    Offline

    denpth Member

    Joined:
    Feb 2, 2010
    Messages:
    74
    Likes Received:
    0
    Trophy Points:
    6
    Ratings:
    +0
    likewise now if we can just get a dev in on this. Because this is about as far as my skill takes me, i can understand but i cant do much more.
     
  15. 1KDS
    Offline

    1KDS Premium Member Rescue Squad Premium Member

    Joined:
    Jan 1, 2011
    Messages:
    355
    Likes Received:
    20
    Trophy Points:
    18
    Ratings:
    +20
    Does p3 have anything else to say about this or just that it is there to determine dev or consumer phone?
     
Search tags for this page

droid bionic mbmloader

,
motorola ns or hs
,
ns-14t004 bootloader
,
omap bootloader ns
,
sensei raw bootloader device
,
unlock bootloader xt910
,
unlock xt910 bootloader