Fastboot Unlocked?

Search This thread

mxgoldman

Member
Apr 24, 2009
39
4
So I decided just to see what my fastboot looked like - attached.
4NQUv.jpg


Is that normal for it to be unlocked? Everything I've heard says this is supposed to be super locked down.
 

danifunker

Senior Member
Sep 12, 2011
893
242
41
Toronto
www.funkervogt.com
So I decided just to see what my fastboot looked like - attached.
4NQUv.jpg


Is that normal for it to be unlocked? Everything I've heard says this is supposed to be super locked down.

I think it says "bootloader LOCKED" in the fastboot screen. That means, you can ONLY flash motorola compiled operating systems (specifically kernels).;

If you want to try, run a fastboot unlock-bootloader command when running in fastboot. A locked bootloader will tell you something along the lines of "command not valid"
 

jsnweitzel

Senior Member
Apr 22, 2012
264
311
South Carolina
I emailed someone who knows these things. He says its an engineering model. So it doesn't help the rest of us.

Sent from my DROID4 using Tapatalk 2
 

mxgoldman

Member
Apr 24, 2009
39
4
I think he meant "don't flash anything that might overwrite your unlocked bootloader" :laugh:

Anyway we could pull it or something? Probably not eh? OP, where did you get?!

Makes more sense.

That's my little secret. ;)

I could probably pull whatever from it, but I'd need some help for what you'd like pulled. Haven't rooted it or anything yet.
 

dewhashish

Senior Member
Jan 29, 2012
197
18
didnt this happen with a GSM RAZR before? dont get me wrong, i'd love to unlock my bootloader! someone bring this to their attention
 

Mioze7Ae

Retired Recognized Developer
Dec 27, 2010
2,153
2,053
Queen City of the West
Google Pixel 7
FYI, on Milestone XT720, Motorola left a partially working fastboot--we can "fastboot boot boot.img" to boot self-built kernels and this bypasses the signature checks. But you have to boot via USB each time, if you use "fastboot flash boot.img" fastboot will write the kernel and reboot, but the signature check will fail after reboot.

http://xdaforums.com/showthread.php?t=821210

Here's one way to muck with a kernel to change uname strings:
http://xdaforums.com/showthread.php?p=11975260#post11975260
 
Last edited:

gdeeble

Senior Member
Oct 8, 2011
95
7
Rzrbck, how so, if it could be retrieved from the phone? Maybe I'm not understanding, but if we had that bootloader is it not like the normal S model with full permissions to the phone?
 

dewhashish

Senior Member
Jan 29, 2012
197
18
what makes it an engineering model? are the physical components the same, or is it a software setting that if we changed could unlock the phone?
 

niai_mack

Senior Member
Feb 19, 2011
78
5
would it be possible via hardware to dump an SE bootloader, and flash it to a S devic? I would be willing to give this a go if its possible.
 

rightonred

Senior Member
Jun 27, 2012
115
59
if we could get the bootloader images off that phone an unlock for the Droid 4 might be possible. Assuming, of course that both the S and the SE model use the same keys.
 
Last edited:

rightonred

Senior Member
Jun 27, 2012
115
59
I wish I knew what to do, but in the mean time, here's some literature on how the lock works (it's for the milestone, but the d4 might use the same infrastructure).

The bootchain:
http://www.droid-developers.org/wiki/Booting_chain
The mbmloader: this loads the bootloader, if this is replaced with a version that doesn't check signatures, the bootloader can be permanently replaced:
http://www.droid-developers.org/wiki/Mbmloader
The mbm (bootloader) does it's own signature check of the kernel before booting it.

If either the key burned into the phone's fuse, or the key the mbmloader uses to check the mbm are the same on both devices, one or both of those partitions can be flashed with with the unlocked version. If they're both different, this is a dead end.

The only other option after this (aside from espionage)would be to crack the signature system directly by either creating an unlocked version of the bootloader and patching it in a way that it generates the same hash, or discover a new way to factorize large (2048 bit) numbers, and reverse engineer motorola's private signing key. (If you were to discover this factoring method, nearly every security company would have to retool.)

edit: careful updating your phone, an OTA can relock your phone. The more I read, it seems less likely that the bootloader is encrypted. Dumps should be made, but this is going to require someone with greater knowledge than I.
 
Last edited: