FORUMS
Remove All Ads from XDA

 View Poll Results: Did it work?

Yes
 
21 Vote(s)
53.85%
No
 
18 Vote(s)
46.15%

Unlock Bootloader, Even without code!

1,247 posts
Thanks Meter: 875
 
By hackintosh5, Senior Member on 28th October 2018, 07:28 PM
Post Reply Email Thread
--- Please don't quote this entire post ---


I have, with the help of two people who's XDA I don't know, just unlocked an Honor 9 Lite without an unlock code! The method follows:
Initial revision

0. Prepare adb and fastboot. On windows, change all
Code:
fastboot
commands to
Code:
.\fastboot
and similarly for
Code:
adb
(skip to step 2 if you have the June 2018 patch or earlier)

1a. Downgrade firmware to 8.0.0.xxx (June patch) via androidhost.ru - search for your device, get a C432 version.

1b. Downgrade, instructions are in the 'ReleaseDoc' folder. Use the forced install method

(do not reboot the phone until step 3a is complete)

2a. Enter
Code:
fastboot
2b. Enter powershell or terminal and type:
Code:
fastboot oem hwdog certify begin;fastboot oem get-product-model
2c. Send the result to @huaweihax telegram group or in this thread (telegram will have faster response times)
2d. We will send you your slock when we gets a chance. Please be patient, we have real lives. Download it on the same pc as you have fastboot on.
2e. Copy the slock to your working directory
2f. Type in your shell:
Code:
fastboot flash slock <slock_filename>
(Download twrp on the pc that has fastboot, copy to working directory)

3a.
Code:
fastboot flash erecovery_ramdisk <twrp filename>
3b. Read step 3c and 3d
3c.
Code:
fastboot reboot
3d. Hold volume up AFTER the phone vibrates
3e. Twrp should boot up. If not, reboot it and try 3d again

(Each reboot until step 4 is complete, you will restart step 4)

4a. Connect usb
4b.
Code:
adb shell dd if=/dev/block/bootdevice/by-name/nvme of=/tmp/nvme
4c.
Code:
adb pull /tmp/nvme
You may now reboot the device, if you want.

5a. Open the nvme file in a hex editor. Find 'FBLOCK' in the file. There should be '8' shortly before the fblock. Move down exactly one line from '8' and you will see 01. Change that to 00 and repeat for all instances of fblock in the file. Save the file.
5c.
Code:
adb push nvme /tmp/nvme
5d.
Code:
adb shell dd if=/tmp/nvme of=/dev/block/bootdevice/by-name/nvme
6. Reboot!

CONGRATS! YOUR DEVICE IS NOW UNLOCKED!


Latest revision:
0. Prepare adb and fastboot. On windows, change all fastboot commands to ./fastboot and similarly for adb

Skip to step 2 if you have the June 2018 patch or earlier

1a. Downgrade firmware to June patch via androidhost.ru - search for your device, any C number should work.
1b. Downgrade, instructions are in the 'ReleaseDoc' folder. Use the forced install method

2a. Enter fastboot
2b. DO NOT REBOOT THE PHONE UNTIL STEP 3a is complete!!! Failing to follow this will result in anger!
2c. Enter powershell or terminal and type:
Code:
fastboot oem hwdog certify begin;fastboot oem get-product-model;fastboot oem get-build-number
2c. Send the result in the telegram group @huaweiHax (link to the public group is at the start of the channel), or, if that's entirely impossible, PM @OldDroid on XDA.
2d. A nice guy will send you your slock. Please be patient, they have real lives. Download it on the same pc as you have fastboot on.
2e. Copy the slock to your working directory
2f.
Code:
fastboot flash slock <slock_filename>
(Download twrp on the pc that has fastboot, copy to working directory)

3a.
Code:
fastboot flash erecovery_ramdisk <twrp filename>
3b. Read step 3c and 3d
3c.
Code:
fastboot reboot
3d. Hold volume up AFTER the phone vibrates
3e. Twrp should boot up. If not, reboot it and try 3d again

4a. Connect usb
4b.
Code:
adb shell dd if=/dev/block/bootdevice/by-name/nvme of=/tmp/nvme
4c.
Code:
adb pull /tmp/nvme

WARNING: FOLLOW THESE STEPS VERY CAREFULLY AND DOUBLE-CHECK EVERYTHING!
5a. Open the nvme file with a hex editor. Repeat step 5b until you have done all the instances of FBLOCK.
5b. Search the file for FBLOCK. For each instance, you should see the character 8 shortly before. Go down exactly one line from the 8. Select the .. You should see 01 become highlighted in the hex area. Change the 01 to 00 and repeat 6 more times (7 in total). Save the file as nvmepatched
5c.
Code:
adb push nvmepatched /tmp/nvme
5d.
Code:
adb shell dd if=/tmp/nvme of=/dev/block/bootdevice/by-name/nvme
6. Reboot!

CONGRATS! YOUR DEVICE IS NOW UNLOCKED!


----------------------------------------------------------------


Files you might find useful:
nvme.zip: a twrp flashable zip that automates step 5 of the instructions. I have tested it and it works fine for me. If TWRP crashes and restarts, that's fine, but idk why it happens. If it happens to you, please send /tmp/recovery.log to me in pm or here, or in telegram
autoroot.zip: a zip file containing a python script and related files to automatically unlock Huawei's. To use it, put a twrp file called 'twrp-kirin.img' in the 'files' subfolder. I cannot upload that file due to XDA file size restrictions.
https://www.androidfilehost.com/?w=files&flid=285583: thanks to @mrmazak, this is a windows batch tool version of autoroot.zip
Attached Files
File Type: zip autoroot.zip - [Click for QR Code] (62.8 KB, 1176 views)
File Type: zip nvme.zip - [Click for QR Code] (7.1 KB, 996 views)
The Following 12 Users Say Thank You to hackintosh5 For This Useful Post: [ View ] Gift hackintosh5 Ad-Free
 
 
28th October 2018, 10:18 PM |#2  
mrmazak's Avatar
Honor Addict
Senior Member
Thanks Meter: 1,190
 
More
In the attached photos you will see correct and incorrect converted "slock files"

When you follow the guide from above. Between 2-C and 2-D.
If the you get just a long string of letters and numbers (512 characters to be exact). That string of numbers it that state is "text" it needs to be "HEX". , to do this there are command line tools to do it. But it can be done in a user friendly way in a hex editor program. But this needs to done as hex and not text. The photos show both examples.

In the correct edited photo the long string is written to the left side (the hex area)

In the incorrect edited photo the long string is written to the right side (the text area).

SLOCK CONVERSION
FOR command line use

Copy the long string of text as regular txt file NO EXTRA SPACES -- for this example name it slock.txt

Command line code for linux: Needs "XDD" It should already be installed on most systems.(inside VIM)
Code:
cat  slock.txt | xxd -r -p > binary-slock.bin

Command line code for Windows: Needs "XDD.exe" It canbe found inside VIM http://www.vim.org/
Code:
type slock.txt  | xxd.exe -r -p > binary-slock.bin

NVME EDITS

Linux terminal

Code:
sed 's/\x46 \x42 \x4C \x4F \x43 \x4B \x00 \x00 \x01 \x00 \x00 \x00 \x01/\x46 \x42 \x4C \x4F \x43 \x4B \x00 \x00 \x01 \x00 \x00 \x00 \x00/g' nvme > temp
Windows cmd version needs GNU-SED
OR
reg-expression-tool LIKE "jrepl.bat" (one of my favorite little tools)

Code:
files\JREPL.BAT "\x46\x42\x4C\x4F\x43\x4B\x00\x00\x01\x00\x00\x00\x01" "\x46\x42\x4C\x4F\x43\x4B\x00\x00\x01\x00\x00\x00\x00" /m /x /f modified-nvme /o -
Scripted method
Windows batch file tool
Use newest version in the folder. And allow tool to update, when first ran.
.
.
Attached Thumbnails
Click image for larger version

Name:	correct-slock-as-hex.png
Views:	2440
Size:	66.3 KB
ID:	4641255   Click image for larger version

Name:	incorrect-slock-as-text.png
Views:	2394
Size:	90.8 KB
ID:	4641256  
The Following 4 Users Say Thank You to mrmazak For This Useful Post: [ View ] Gift mrmazak Ad-Free
28th October 2018, 10:50 PM |#3  
hackintosh5's Avatar
OP Senior Member
Thanks Meter: 875
 
Donate to Me
More
Quote:
Originally Posted by mrmazak

this sounds like great news for continuing custom roms on Huawei.

Just want to ask about the above section.
Are you saying just the sending of data will be rolled into an app, or the whole thing will be self contained in an app?

Just the second stage of sending data, olddroid is 'thinking' about making them both automated, but right now, neither is.
The Following 2 Users Say Thank You to hackintosh5 For This Useful Post: [ View ] Gift hackintosh5 Ad-Free
29th October 2018, 05:35 PM |#4  
Fredin_'s Avatar
Senior Member
Thanks Meter: 56
 
More
Quote:
Originally Posted by hackintosh5

Just the second stage of sending data, olddroid is 'thinking' about making them both automated, but right now, neither is.

It'd be really helpful if he did that. And by the way thanks for sharing.
29th October 2018, 07:40 PM |#5  
Junior Member
Thanks Meter: 2
 
More
Hi my phone version is c185 what should i do?
29th October 2018, 07:51 PM |#6  
hackintosh5's Avatar
OP Senior Member
Thanks Meter: 875
 
Donate to Me
More
Quote:
Originally Posted by moonknight01

Hi my phone version is c185 what should i do?

Try to use the c00 firmware, it may or may not dload. If it fails, theres not much you can do.
The Following User Says Thank You to hackintosh5 For This Useful Post: [ View ] Gift hackintosh5 Ad-Free
29th October 2018, 07:57 PM |#7  
Junior Member
Thanks Meter: 2
 
More
Quote:
Originally Posted by hackintosh5

Try to use the c00 firmware, it may or may not dload. If it fails, theres not much you can do.

In c185 wouldnt work?

Sent from my LLD-L21 using Tapatalk
29th October 2018, 08:00 PM |#8  
hackintosh5's Avatar
OP Senior Member
Thanks Meter: 875
 
Donate to Me
More
Quote:
Originally Posted by moonknight01

In c185 wouldnt work?

There's no c185 dloadfirmware, so try c432. It may fail the install, it might not. I just don't know.
The Following User Says Thank You to hackintosh5 For This Useful Post: [ View ] Gift hackintosh5 Ad-Free
30th October 2018, 01:08 PM |#9  
Junior Member
Thanks Meter: 0
 
More
Honor 9 lite c636
Can C636 work?
30th October 2018, 06:43 PM |#10  
hackintosh5's Avatar
OP Senior Member
Thanks Meter: 875
 
Donate to Me
More
Quote:
Originally Posted by aldinista

Can C636 work?

Again, try another firmware like c432 or c00, but it all depends on whether the dload works or not. If it doesn't install, you'll have to find one that does. If it installs you'll be ok. Just flash the correct model firmware after completing the exploit
The Following User Says Thank You to hackintosh5 For This Useful Post: [ View ] Gift hackintosh5 Ad-Free
30th October 2018, 06:53 PM |#11  
Junior Member
Thanks Meter: 0
 
More
Quote:
Originally Posted by hackintosh5

Again, try another firmware like c432 or c00, but it all depends on whether the dload works or not. If it doesn't install, you'll have to find one that does. If it installs you'll be ok. Just flash the correct model firmware after completing the exploit

Oke i try.. 😀
Hehehe, sorry because I'm not yet so familiar.
I'm still a beginner 😀😀
Post Reply Subscribe to Thread

Tags
bootloader, hack, hacking, huawei, unlock

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes