I've recently read on how Dan Rosenberg unlocked the bootloader on Motorola Phones with Qualcomm chipsets. I'm pretty sure this exploit exists in the Motorola Fire XT530 and Motorola Defy Mini XT320.
http://blog.azimuthsecurity.com/2013/04/unlocking-motorola-bootloader.html
Chipset Specification:
Motorola Fire XT530- Qualcomm MSM7227-T, 800MHz ARM11, Adreno 200 GPU
Motorola Defy Mini XT320- Qualcomm MSM7225A-1, 600MHz ARM Cortex-A5, Adreno 200 enhanced GPU
I have decided to combine the unlocking of Motorola Fire XT530 and Motorola Defy Mini XT320 bootloaders in one place as there are more experienced developers in C++ in Motorola Fire XT530 users than the Defy Mini XT320 users so we can help each other.
I've done the initial work of dumping appsbootsec.mbn from the Motorola Fire XT530 sbf and the Motorola Defy Mini XT320 sbf.
Now it requires the work of using Interactive Disassembler to locate the QFuse addresses but unfortunately I don't know how to use it so I can't disassemble appsbootsec.mbn
@djrbliss if you have time to read this thread and help us users to try and use Interactive Disassembler, this would be greatly appreciated.
Here's the link to the memory addresses for Motorola Defy Mini XT320:
http://www.droidevelopers.com/f412/13117-defy-mini-xt320-tinboost-memory-map.html
The sbf files that I've used to extract appsbootsec.mbn:
Motorola Fire XT530: DMP-4480-0-4017-A01_RFM.sbf
Motorola Defy Mini XT320: TNBST_4_0A.1F.10RPS_flex_WE_Retail_CEE_v2.sbf
All these sbf files have fastboot support.
At the bottom, I have attached appsbootsec.mbn from the prerequisite phones.
Guys please don't ask for an ETA or when the bootloader is going to be unlocked as this depends on time.
@Bernd.Defy I've uploaded the rest of the Bootloader Files, would you please take a view of it using a hex viewer thanks.
http://blog.azimuthsecurity.com/2013/04/unlocking-motorola-bootloader.html
Chipset Specification:
Motorola Fire XT530- Qualcomm MSM7227-T, 800MHz ARM11, Adreno 200 GPU
Motorola Defy Mini XT320- Qualcomm MSM7225A-1, 600MHz ARM Cortex-A5, Adreno 200 enhanced GPU
I have decided to combine the unlocking of Motorola Fire XT530 and Motorola Defy Mini XT320 bootloaders in one place as there are more experienced developers in C++ in Motorola Fire XT530 users than the Defy Mini XT320 users so we can help each other.
I've done the initial work of dumping appsbootsec.mbn from the Motorola Fire XT530 sbf and the Motorola Defy Mini XT320 sbf.
Now it requires the work of using Interactive Disassembler to locate the QFuse addresses but unfortunately I don't know how to use it so I can't disassemble appsbootsec.mbn
@djrbliss if you have time to read this thread and help us users to try and use Interactive Disassembler, this would be greatly appreciated.
Here's the link to the memory addresses for Motorola Defy Mini XT320:
http://www.droidevelopers.com/f412/13117-defy-mini-xt320-tinboost-memory-map.html
The sbf files that I've used to extract appsbootsec.mbn:
Motorola Fire XT530: DMP-4480-0-4017-A01_RFM.sbf
Motorola Defy Mini XT320: TNBST_4_0A.1F.10RPS_flex_WE_Retail_CEE_v2.sbf
All these sbf files have fastboot support.
At the bottom, I have attached appsbootsec.mbn from the prerequisite phones.
Guys please don't ask for an ETA or when the bootloader is going to be unlocked as this depends on time.
@Bernd.Defy I've uploaded the rest of the Bootloader Files, would you please take a view of it using a hex viewer thanks.
Last edited: