FORUMS
Remove All Ads from XDA

[LG G5] Bruteforce 'Unlock.bin' for Offline Bootloader Unlock

15 posts
Thanks Meter: 15
 
By aac_j, Junior Member on 9th May 2017, 05:46 AM
Post Reply Email Thread
Welcome!

We are attempting to create a bruteforce binary generator that will allow for users to unlock their LG devices without requiring online access to LG's official unlock method.

Note: This is not a way of avoiding any kind of payment! Unlocking the official way is already free, however there is a chance LG servers will go down one day and we will all be stuck without, so an alternative is required for offline use!

In order to achieve this feat, we require sample Unlock.bin files to examine for correlations between the IMEI and Device ID and the generated Unlock.bin file.


Please send us your Unlock.bin file in this format in a PRIVATE MESSAGE:
Code:
Device Model: {make} {model} {variant} {region code} {carrier}
Device IMEI: {16-digit code} (optional)
Device ID: {64-digit code} (optional)
Unlock.bin File: {download link to file}
Example:
Code:
Device Model: LG G5 H850 EU (Carrier Unlocked)
Device IMEI: 1234567890123456
Device ID: CD58B679A38D6B613ED518F37A05E013F93190BD558261DBBC5584E8EF8789B1
Unlock.bin File: https://expirebox.com/download/d1df98075154bd12cd4985f583d729da.html
Our HEX Editor displays the content of the only sample Unlock.bin file we could find:
HEX | Unlock.BIN

Quote:

Any knowledge you have of the bootloader unlock process that could be useful to this project, or any kind of programming that could be used to create a fast and efficient file generator with a bridge to the ADB interface is welcome!

Thank you for your help and consideration!

Edit:
We're happy to announce that we've managed to figure out that the leading 20 bytes of the files are the same for every Unlock.bin file, so we can safely rule it out as the file header! That means we're left with a neat 256 byte (2048 bit) key! That narrows down the combinations from 4.7^664 down to a measly 3.2^616!
Hopefully with more files and more technical help we will figure out how the ID numbers work out to the 2048 bit encryption key


Edit 2: Please do not PM me asking to unlock your bootloader!
The Following 11 Users Say Thank You to aac_j For This Useful Post: [ View ] Gift aac_j Ad-Free
 
 
9th May 2017, 03:17 PM |#2  
Wire1122's Avatar
Senior Member
Thanks Meter: 28
 
More
Device model: LG G5 SE H840 EU ITA (carriera unlocked)
Device IMEI: 357975075028334
Device id: A6D683D5609A8129DC378DE177CCA4E9674C366D4802797DF5 713C360B8A3979
unlock.bin: http://www54.zippyshare.com/v/Y9N7cyTe/file.html
The Following 2 Users Say Thank You to Wire1122 For This Useful Post: [ View ] Gift Wire1122 Ad-Free
9th May 2017, 04:22 PM |#3  
OP Junior Member
Flag Nicosia
Thanks Meter: 15
 
More
12
The Following 3 Users Say Thank You to aac_j For This Useful Post: [ View ] Gift aac_j Ad-Free
9th September 2017, 09:05 PM |#4  
Junior Member
Thanks Meter: 0
 
More
send me unlock.bin
IMEI:357657070128166


(bootloader) Device-ID
(bootloader) 11013E42409049EB21B1A8E42B6F737C
(bootloader) F9FDBCDBE0F5607D5BB430B0A5B167B7
(bootloader) ----------------------------------

[email protected]

---------- Post added at 09:05 PM ---------- Previous post was at 09:01 PM ----------

lg g5 eu h850
IMEI:357657070128166


(bootloader) Device-ID
(bootloader) 11013E42409049EB21B1A8E42B6F737C
(bootloader) F9FDBCDBE0F5607D5BB430B0A5B167B7
(bootloader) ----------------------------------

email::: [email protected]
10th September 2017, 12:31 AM |#5  
TheMadScientist's Avatar
Senior Member
Flag VT
Thanks Meter: 3,807
 
More
Guys please dont post your IMEIs in the open like this. At least pm them.
10th September 2017, 07:21 PM |#6  
ChristopherXI's Avatar
Senior Member
Flag Ha Noi
Thanks Meter: 155
 
More
Wonder if this succeed will it be compatible to ALL models?
11th September 2017, 07:53 AM |#7  
OP Junior Member
Flag Nicosia
Thanks Meter: 15
 
More
Quote:
Originally Posted by ChristopherXI

Wonder if this succeed will it be compatible to ALL models?

If brute forcing the code was plausible than the possibility exists to unlock any LG device that has the option Enable OEM Unlock in developer options.
11th September 2017, 08:01 AM |#8  
OP Junior Member
Flag Nicosia
Thanks Meter: 15
 
More
Quote:
Originally Posted by raheel naseer

lg g5 eu h850
IMEI:357************


(bootloader) Device-ID
(bootloader) 1******************************C
(bootloader) F******************************7
(bootloader) ----------------------------------

email::: i************[email protected]

We are currently still receiving Unlock.bin files and comparing them with your phone details, we are not sending them out to people.
If you'd like to unlock your phone, please use this official method instead until we've figured it out!
11th September 2017, 10:26 AM |#9  
memi_pt's Avatar
Senior Member
Flag Ark
Thanks Meter: 14
 
More
Hi
Is it work on H860??
11th September 2017, 11:34 AM |#10  
ChristopherXI's Avatar
Senior Member
Flag Ha Noi
Thanks Meter: 155
 
More
Quote:
Originally Posted by aac_j

If brute forcing the code was plausible than the possibility exists to unlock any LG device that has the option Enable OEM Unlock in developer options.

Yeah. Just need to get the math and the algorithm down to the point that it's matches the algorithm LG uses.

Wonder if the wrong unlock file can mess up the bootloader tho. If not, i'm willing to be the lab rat.
12th September 2017, 08:17 AM |#11  
OP Junior Member
Flag Nicosia
Thanks Meter: 15
 
More
Quote:
Originally Posted by ChristopherXI

Yeah. Just need to get the math and the algorithm down to the point that it's matches the algorithm LG uses.

Wonder if the wrong unlock file can mess up the bootloader tho. If not, i'm willing to be the lab rat.

Well, if the developers did things correctly, I suspect an incorrect Unlock.bin would be rejected the same way as an incorrect password on a lock screen.
One thing to consider is whether there are only a certain amount of tries until some kind of device block.

Bearing these things in mind, please follow these steps in reproducing the scenario, but when asked for an Unlock.bin, use one from a different device of the same model.
You will then judge by the output of fastboot flash unlock Unlock.bin on whether you may continue the experiment. If you do, try and see how quickly an incorrect try can be established and whether there is a timeout after each consecutive incorrect try or whether there is an upper limit to the amount of tries in total.

Post your findings here when possible
Thanks!

Quote:

Disclaimer:
I bear no responsibility for any damage or negative impact to your device or self for any reason relating to the instructions and text contained within this post.

Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes