China Middleman Back??
- Thread starter megazero
- Start date
I am also interested in unlocking a Moto X bootloader (AT&T) and would be willing to pay. Let me know!
D
Darth
Guest
Your only option at the moment is sunshine, if it works for you. There's lots of info on it. Google "sunshine moto x".....add "xda" if you want to read stuff about it here. :good:
Similar threads
Top Liked Posts
-
There are no posts matching your filters.
-
15Just FYI everybody:
jcase has confirmed that support for Moto BL unlock is being added to the "Sunshine" unlock app SOON.
The cost is $25. Much cheaper than middleman.
Caveats: It MIGHT not work for those of you who updated to 4.4.4 - we will have to wait and see. Anyone who hasn't already updated, HOLD OFF ON ANY AND ALL OTA UPDATES UNTIL YOU GET UNLOCKED.
Discussion taking place here: http://xdaforums.com/moto-x/general/request-help-exploit-moto-x-bl-t2828471
Cross your fingers! And don't update. Remember: I warned everyone long ago to not take any OTAs if you wanted to be able to use a future exploit.
It hasn't been completely confirmed that 4.4.4 patches the exploit, but it is likely. Especially for the carriers that recently got the update: Sprint & AT&T. Fingers crossed that the VZW variants (who received 4.4.4 first) are not patched. Only time will tell - so please don't ask. No one knows, and probably won't know until the exploit is released.
If you appreciate this news being brought to your attention, hit the THANKS button!12I just got an email from that China middleman back from this thread http://xdaforums.com/moto-x/general/verizon-moto-maker-bootloader-unlock-t2680651
Titled: moto bootloader work back 2014/05/15
Subject: price:45usd paypal:sbdnyy@163.com notes:IMEI+ email !!!! in 12-48H reply
Its $5 more and he's saying hes back!
I have emailed him and I will post results but im very hopeful!
Edit: ONLY AVAILABLE FOR 2014 DEVICES
and some 2013 if your lucky9OK guys, this may be a rather long post...but its time this idea gets some consideration.
First, before I get FLAMED for even considering this idea, realize that I have contributed much to the android community, have a very high reputation, and I'm very well versed in the previous bootloader-exploits for the Razr M. So unless you know something I don't, which is doubtful considering that this whole "china-middleman bootloader unlock" thing is completely shrouded in MYSTERY, I'd appreciate it if you would refrain from blasting/flaming me for suggesting this.
Also, I'm not suggesting that I'm right about this, or even COULD be right about this -- I'm merely suggesting a POSSIBILITY. It is entirely possible (probable, even) that I'm completely wrong / off-track about this. I wouldn't be surprised in the least. In fact, I'm actually EXPECTING it.
OK. So what got me thinking about this were a couple things.
First, I've observed that at least one individual in this thread was sent *the same code* as another individual. According to the info, IIRC, it was sent to one member after the first code sent by the middleman did NOT work, and this second code DID work. The second individual advised that this code did NOT work for him. (This could just be a fluke - the middleman could have sent the wrong code to first individual by mistake...could have just been an accident......but maybe NOT?)
Second, nobody seems to be interested in sharing their "unlock codes". In fact, most of the time someone posts a screen shot of the terminal when they are attempting to fastboot oem unlock their device, they often "BLANK OUT" their unlock code.....I'm not sure why??? There really isn't any personally identifiable data that can be derived based off your unlock code, so I don't understand the hesitance or fear of sharing/posting these.
Because of this, we don't even know if any other individuals have been given the SAME unlock code from the middleman, and if so, whether or not the same code worked to unlock more than one device.
Now, we know that the logic of TOKEN validation (TOKEN = UNLOCK CODE) is the same (or at least SIMILAR) to that of the RAZR M. Granted, the bootloader-unlock exploit used to unlock the Razr M does NOT work on the Moto X, but this is because the vulnerability was in TrustZone and not the bootloader itself.
According to Dan Rosenburg (author of the famous "Razr M Bootloader Exploit") the "logic" of TOKEN Validation is as follows:
1) The CID partition is read from the device.
2) A digital signature on the CID partition is verified using a certificate stored in the CID partition.
3) The authenticity of the certificate is verified by validating a trust chain rooted in cryptographic values stored in blown QFuses.
4) The user-provided token is hashed together with a key blown into the QFuses using a variant of SHA-1.
5) This hash is compared against a hash in the CID partition, and if it matches, success is returned.
As such, "there is no way for a user to generate his or her own valid unlock token without either breaking RSA to violate the integrity of the CID partition, or by performing a pre-image attack against SHA-1, both of which are computationally infeasible in a reasonable amount of time." (Quote from Dan Rosenburg)
OK, sure, we understand that. Now examine the logic. Nowhere does Dan Rosenburg suggest that the TOKEN is unique to a particular IMEI, OR in any way validated or hashed against the IMEI. Only that it is based on certificates / keys / hashes STORED in the CID partition, and blown Q-fuses.
Following this logic, there is at least a POSSIBILITY that a particular TOKEN could unlock either a range of IMEIs (sequential), or a group of non-sequential IMEIs based on the particular certificate / key / hash / q-fuses for said devices.
Once again, the following is COMPLETE SPECULATION, but I think it deserves consideration nonetheless.
It is possible that we will find that more users have received an identical TOKEN, and that perhaps a single token *worked* for more than one person. If so, we could build upon this idea, creating a "database" of unlock codes. If there proved to be any merit to this idea, users could try each TOKEN, and might eventually find that one of them worked to unlock them.
Just think about how much money the middleman has actually made off this enterprise. $45 a pop! Anyone have any idea HOW MANY people have used his service? I'd say he's doing quite well financially.
I'm beyond certain that everyone would prefer to be able to unlock for FREE, rather than paying.
Now, once more (I can't stress this enough), this might be COMPLETELY off-base, BUT we won't know unless we gather additional data. Again, this whole middleman thing is a complete mystery to EVERYONE, --except-- the middleman, his associates and, of course, Motorola.
So here's the deal. Anyone that is comfortable enough to SHARE their unlock code, I'd like to start some kind of database for comparison. Perhaps another user could create a public spreadsheet in Google Docs or something similar, and we can start adding to the database. ONLY THEN will we actually KNOW if any of us have received identical TOKENS from the middleman. (I'd like help from another user to make available a Public spreadsheet for us to start the documentation - I don't use Google Docs personally. Preferably, it would be WRITE-ONLY, so users could ADD their unlock code, but no "Bad Apples" could come along and erase data.)
I'll start. I've received TWO unlock tokens from the middleman. Both were for Republic Wireless Moto X's. Here are the TOKENS I received:
KXVYDH5SYWYQJ2EB4643 (Republic Wireless XT1049)
AXZ3JJ3QE2GBZEWEG2IU (Republic Wireless XT1049)
Has anyone else received unlock TOKENS identical to these?
And finally, I'll end this post by saying that curiosity is very important to achieve any new breakthroughs. Making "educated guesses" based on analysis of available data is the only way to make innovations and new discoveries. It's OK to be wrong, as long you use what you have learned to build upon your knowledge and use this information to improve future analytics.
This is a hypothesis based on the [small amount of] data currently available. Nothing more.
PLEASE DON'T POST YOUR CODE TO THIS THREAD. IT WILL CLUTTER IT UP! Instead, please add your info to the database created for this purpose HERE < Courtesy of @dier325 (Thanks!)7F.A.Q.
I think a recap is due...
Some background... For the Developer Editions Moto X, and some carrier editions (Like T-Mobile, Sprint, Rogers Wireless, and others), Motorola freely gives away the BootLoader Unlock codes when requested On Motorola's Web Site. In the case of the Non-Developer Editions, it voids their warranty to request the code.
I'm not going to go into the reasons why, but Moto does NOT give out the bootloader unlock code for the Retail and Moto Maker X for Verizon, ATT and a few other carriers. That is where this China Middle Man, and the Chinese web site/seller, comes in... Its a way to possibly get your bootloader unlock code if Moto can't/wont give it to you. If you are successful in getting your code from the Middle Man, it will be exactly like the code you would have received from Moto, except for the cost and the source.
If your X is NOT from Verizon, ATT, or Republic wireless, its worth checking Motorola's Web Site first, as either way voids your warranty when your phone is not a developer edition. If you can't get the bootloader unlock code from Motorola, then this China Middleman is your only other option right now (and for who knows how long).
What phones does this work with?
Based on replies and posts to this thread, it has been confirmed to work for most, but not all, Moto X, Droid Maxx, Droid Mini and G which have been assembled between January and June 2014 that have been submitted. Some others assembled out-side that range have been reported to work.
Republic Wireless X assembled in 2013 have had a fair success rate, at least enough that it is worth trying.
Since the middle man has restarted selling codes, users with Moto X from Verizon, ATT that were assembled in 2013 have rarely been able to receive a code. So you can try, but you will likely get a "no code available" response.
Update 10-21-2014: As time goes on, we are seeing an increase in post from users who have been "unsuccessful." (either they couldn't get a code, or the code they got didn't work). Its still worth a try.
This does NOT work for the 2nd Generation X or the "2014 Moto X" with the 5.2" screen.
Does it matter what ROM is on my phone?
Unlike using hacks and exploits to root, when using a Bootloader Unlock Code (from Moto or the Middle Man) your phone can be on ANY firmware version. Updates will not patch the ability to use the bootloader unlock code. And future Updates will NOT LOCK your bootloader.
On the Moto X, to find your assembled date...
Boot into FastbootAP/Bootloader mode
Option 1: power off, then press the power and volume down buttons simultaneously NOTE: you may need to have the USB cable disconnected first.
Option 2: If USB debugging option on your phone is turned on, and you have a properly setup ADB, AndroidSDK Platform tools, and moto drivers on your pc... Open a command prompt and type... adb reboot-bootloader The phone will restart into the bootloader/fastboot menu.
Option 3: You must already be rooted: you can use an application like Quick Boot (Reboot) which is available for free in the Google Play Store. It has options to reboot your phone normally, reboot into recovery, or reboot into bootloader.
Once on the FastbootAP/Booloader screen, Use the VOL DOWN to scroll and highlight Bar Codes, then use VOL UP to select it. There will be a date listed there. (use vol up or vol down to exit the screen).
How long will this be an option? or... How long will the China Middleman continue offering the codes?
We don't have any insight on that. When the China web site, and then middleman, originally started it was up for a while, then suddenly and without warning, stopped on April 1. When it restarted, this thread was born, and it has been going ever since. However, this time around, we've seen a lower success rate with getting codes.
How to send a request/payment..
The price is 45usd. (he will receive slightly less due to fees)
Send Paypal for goods/services to sbdnyy@163.com
In the notes, include your IMEI and Email.
NOTE: be sure to use Goods/Services so you can dispute if you have any issues. Payment sent as GIFT can NOT be disputed!
How long does it take to get my code, or get a response?
Response times have varied from less than an hour, to almost a week. So be patient. If its been over a week, you can try to add the person to Skype and message.
I got a response that my code wasn't available. Now what?
Usually he refunds the money when replying your code wasn't available. If not, you'll need to file a PayPal dispute.
If your phone is only two or three weeks old, you can try waiting a month, try again and see if he gets a new batch of codes which contains yours.
Otherwise, you are out of luck.
UPDATE: You can try Sunshine which is being discussed in -> http://xdaforums.com/moto-x/general/request-help-exploit-moto-x-bl-t2828471 That thread has the information, link to the Sunshine tool, and discussion.
Sunshine only works with certain ROM versions, but when it works on your phone it DOES UNLOCK the bootloader just like using the code would.
If Sunshine doesn't work, then you are out of luck.
I got my code, now what?
Most emailed responses containing the code have included your IMEI code and unique unlock code. The unlock code is 20 digits long and is case sensitive. Please Copy/Paste when using it, rather than typing it.
Back up your phone! the Bootloader Unlock process WILL WIPE all data, apps, settings, etc!! BACK UP FIRST!!
- Make sure you have a working Android SDK/PlatformTools/ADB setup
- Boot your phone into FastbootAP/Bootloader mode
- Connect your phone to your PC via USB cord
- From a command prompt on your PC issue the following command... fastboot oem unlock UniqueCode NOTE: please replace "UniqueCode" with a copy/paste of your code from the email!
- after the process is successful, your phone will reboot and you will see the Unlocked Bootloader warning logo.
Keep your code in a safe place. While there should be no need to relock the bootloader, if you ever need to unlock the bootloader again, you'll use that same code.
So now that I've unlocked my phone, is it now the same as a "Developer Edition"?
For all intents and purposes, Yes. From the standpoint of rooting, flashing, custom roms, hacks, etc. You can use the same instructions and do the same things. The same caveats and rules that apply to a developer edition, apply to you.
Unlike a developer edition, your warranty will be voided because you've unlocked your bootoader (if the warranty provider notices you've unlocked your bootloader).
So now that I've unlocked my phone, HOW DO I ROOT?
Download the latest TWRP Recovery from -> http://teamw.in/project/twrp2/234 (under the Download-Fastboot heading) and the latest SuperSU from -> http://download.chainfire.eu/supersu or the latest CWM / TWRP / MobileODIN installable ZIP from http://xdaforums.com/showthread.php?t=1538053
And use them while following the instructions in this post -> http://xdaforums.com/moto-x/moto-x-qa/step-step-instructions-unlocking-t2649738
Thats great, but I still have questions...
When this first came about, I put together this post in the old thread -> http://xdaforums.com/showpost.php?p=51363645&postcount=394
I've added to it, clarified a few things and re-posted here -> http://mark.cdmaforums.com/MotoX-Unlock1.htm
Those two versions contain pretty much all of the questions/answers I've seen asked.
EDITED: Aug 13, 2014 Reason: added Background, Moved "what phones does it work with.." section, added "Does it matter what rom.." section, and added rooting info
EDITED: Aug 28, 2014 Reason: moved "how long a response could take" to its own section so it stands out more
---------- Post added at 02:01 PM ---------- Previous post was at 01:53 PM ----------
Nothing will be known until the X+1 comes out and someone tries to unlock it.
And this service could stop at any time.
My advice is something I got flamed in this thread for in the past.. but since you asked... Since you'll have to pay full price anyway (to keep unlimited data) Consider getting a Dev Edition X for Verizon while they are still on sale for $324.99. Its definately cheaper than buying a full price X+1 when they come out, and you can certainly unlock the bootloader without voiding the warranty.7I've been a long-time lurker here, but finally felt the need to register to share this thought: to those that cannot figure out how to request a code after reading the thread, and those that do not know how to find your IMEI, you are probably better off NOT rooting your phone. No offense intended.
