unlocking the bootloader?

[denpth]

so i was looking at some stuff in these update packages and there is a few lines of code i am curious if they hold the key to this

ifelse(motorola.omapdevtype() == "HS", ui_print("updating HS mbmloader..."));
ifelse(motorola.omapdevtype() == "HS", assert(package_extract_file("mbmloader_hs.bin", "/tmp/mbmloader.img"),
write_raw_image("/tmp/mbmloader.img", "mbmloader"),
delete("/tmp/mbmloader.img")));
ifelse(motorola.omapdevtype() == "NS", ui_print("updating NS mbmloader..."));
ifelse(motorola.omapdevtype() == "NS", assert(package_extract_file("mbmloader_ns.bin", "/tmp/mbmloader.img"),
write_raw_image("/tmp/mbmloader.img", "mbmloader"),
delete("/tmp/mbmloader.img")));

it seems there are options here omapdevtype hs and ns and the loader is different for both. any ideas?

 

[dstreng]

Its possible. Where are these lines exactly

 

[denpth]

at the end of updater-script in the updates.

 

[dstreng]

at the end of updater-script in the updates.

hmmm. mine seems to be encrypted. urs isnt?

 

[denpth]

the updater-script not updater-binary

 

[dstreng]

cant find these

 

[denpth]

meta-inf/google/android/updater-script

 

[denpth]

just got a tweet back from p3droid this string infact determines if your device is a dev device or consumer device, i am going to go on a limb and say that dev devices have unlocked bootloaders, so now we just need to figure out a way to load the unlocked bootloader vs the locked one? am i right in thinking the mbmloader is a bootloader?

 

[brad92]

just got a tweet back from p3droid this string infact determines if your device is a dev device or consumer device, i am going to go on a limb and say that dev devices have unlocked bootloaders, so now we just need to figure out a way to load the unlocked bootloader vs the locked one? am i right in thinking the mbmloader is a bootloader?

Didn't they try to do that with the D3 and it bricked?

Boot Manager

 

[denpth]

im not sure, i literally just discovered this today. it really seems viable considering there is two versions in our update packages, we would have to find a way to load this, or trick the string into returning a different value.

 

[dstreng]

Didn't they try to do that with the D3 and it bricked?

Boot Manager

I think ur correct. The eFuse I believe is what bricked the D3. I may be wrong though

Sent from my DROID BIONIC using DroidForums

 

[denpth]

if what i read is correct efuse blows the device if its unapproved software, but what i am talking about is a motorola developed mbmloader thats in NS mode which then in turn unlocks the bootloader. (did a little more research, the mbmloader seems to be the "keys" persay that let the mbm know if its running in locked or unlocked mode.) so by us getting the mbmloader to go in NS mode (non secure) by loading in the mbmloader_ns.bin we should effectively unlock the phone and then from then on, the device will stay unlocked because the phone will report that is is a dev phone. So either we need to trick the update into thinking these are dev phones, or manually load them ourselves, which seems to be a kernel thing if i am reading correct. So that last option is out because we cannot load custom kernels. So basically we need to trick the update patch into thinking its a dev phone, or change the script to load the NS version instead of the HS version. Can CWM run this kind of code?

 

[dstreng]

Very unsure but this sounds promising

Sent from my DROID BIONIC using DroidForums

 

[denpth]

likewise now if we can just get a dev in on this. Because this is about as far as my skill takes me, i can understand but i cant do much more.

 

[1KDS]

Does p3 have anything else to say about this or just that it is there to determine dev or consumer phone?