Help with Moto G bootloader unlock keygen

markofei · Feb 7, 2016

DROID_4_UsEr said:
This seemed to me like it would go no where and hit a dead end.....For one reason how is it that a random Chinese fellow was sending people Unlock codes while those people were just providing him with IMEI numbers? We have to think like that Chinese man. We know now that the IMEI numbers have something to do with the codes but we might never know unless we are provided with enough info... Maybe you should provide you IMEI number along with this thread. I believe that the IMEI number plays a big role in reaching the Unlock code.

---------- Post added at 05:35 AM ---------- Previous post was at 05:24 AM ----------

I noticed that when you use fastboot cmd: fastboot oem get_unlock_data we get a long bootloader data code which provides the 1st 14 numbers of the IMEI number and ending with 2 zeros where we all know one of the zeros gets replace with the letter A. The IMEI number provided to our Devices is a 15 character number phrase. The second zero provided is the last number in our IMEI numbers which comes out to 16 characters as providing with using the fastboot cmd. This is the way they are returned to a consumer edition device. A developer edition device returns with the proper Unlock data. I think Motorola scrambles the numbers and puzzles it out. Well we now know how to generate our 1st line in our Unlock data. What do you think of this?

Can you explain with this example how you can get the 1st line (K) in this unlock data. I will really like to understand it better. the data below is provided by another user on page 3.
fastboot oem get_unlock_data

3A45890085904167#
54413838333041324D5A00585431303332000000#
5D0E47A39BBB9DA7B9632E8C19BD2873B018B7BA#
C2FDC7010F0000000000000000000000

Unlock Code: KAYG2LJBKENAFTW2VTJE

MrTvor88 · Mar 8, 2016

I think this is a great idea and would love to see someone work on it. I would love to use it on my Droid Turbo 2!

wormy987123 · Aug 30, 2016

this would be great if interest for it didnt decline. I would love to unlock my Moto G4 Amazon edition. when I pressed the buy button it was unlockable but by the time i received it was not

ZeDingo · Sep 2, 2016

The first "field" of my get_unlock_data is 3A35330326485560. My cellularI networkM registrationE numberI is 3533062845506. (My SIM card slot was destroyed before the phone could be activated, so I don't care if someone has my phone's identifying number. It would be no different than picking a random valid number. I'm just not writing what it's called to at least protect it from scraper bots.)

__ 35 33 33 06 28 45 50 6
3A 35 33 03 26 48 55 60

I think it's moving the "tens" digit left.

__ 35 33 33 06 28 45 50 6_
3A 35 33 03 26 48 55 60

ultrasoul · Oct 23, 2016

Here are 2 more data points:
3A452104073606175A59323233434338394D004D6F746F20472000009FE785BCB7BB69DF44FD4B308E4F2B5680100755E07A1301000000000000000000000000
Unlock Code: 6MSWCW52YHNYJG2JFOBJ

9900054679155800#54413039383030384C4100585431353236000000#1C199BFBEE304D78A540F1ECA9FC127F622BCA12#313A2A04000000000000000000000000
Unlock Code: BKFQFGNWFDGG3KJRWEMI

uzairbhutta · Nov 1, 2016

bootloader unlock code

9900011771059800
544136343830344E343500000000000000000000
2FF67FD2F42859FCB079CE02B8135FB45B18EA1C
09BBEF01020001000000000000000000
anyone please send me boot-loader unlock key

billa · Nov 2, 2016

Guys, the first 2 lines are easy to decipher, it's just the swapped imei and UID etc, but the problem is the public key which is the modulo exponent (e) of 2 very large prime numbers, decrypted by Moto's private key comprising of the modulo exponent (d) to yield the unlock code.

Now, if you do a quick search on public/private key cryptography, you will quickly find that factoring large integers takes an enormous amount of computational time and power even with today's fastest computers. Hate to burst the bubble, but this avenue may not be the way to go. On the other hand, patching or bypassing certain vulnerabilities could lead to results.

uzairbhutta · Nov 10, 2016

bootloader unlock key

9900011771059800
544136343830344E343500000000000000000000
2FF67FD2F42859FCB079CE02B8135FB45B18EA1C
09BBEF01020001000000000000000000
Please send me boot loader unlock key.:crying::crying::crying:

sahir1993 · Nov 12, 2016

Hey guys i'm just a nube. I hv moto x 2nd gen xt1097 at&t version ( network unlocked), here is my unlock data but don't hv unlock cause motorola only alloq unlocking of pure version.
3A95720905558751#5441393839303053553800585431303937000000#582AF1AC0D26EE1E89996F85E8CE84C67CCB7D06#E8A9FC0B0B0000000000000000000000

Sorry i mixed all lines. It will b great if some one create bootloader unlock key or keygen...

otro_mas · Nov 26, 2016

Just for colaborate

Hola!
I post my codes and i hope you can do something useful with them!! :highfive:

3A95130205739271#5A58314236323339535800585431303235000000#E6E955680B50A5BBFD48CE5FBC163852F4B3B01A#EF75DF03120000000000000000000000

Unlock code QI3AEKXAEPB3JDNNCEVN

Saludos!

deamon1311 · Nov 28, 2016

Might this work with the moto g4???

nemstar · Jan 30, 2017

I am pretty sure I found the code below that is of importance to validate that a device is allowed to be unlocked when submitting to return an Unlock Code on the motorola website.
I think we should be able to edit this and make it work locally, or by editing within the developer console of the web browser.

https://motorola-global-portal.cust...-device-b.b0c6ca3e285678bab1dc00b16008091c.js

<-----------Code Below This Line------------->
RightNow.namespace('Custom.Widgets.product_registration.BootLoader');Custom.Widgets.product_registration.BootLoader=RightNow.Widgets.extend({constructor:function(){this._eo=new RightNow.Event.EventObject();$("#checkID").bind('click',{widget:this},this._checkProduct);$('#unlockPhone').submit(function(){var conf1=confirm('Unless you have a developer edition device, this will void your warranty. Are you sure?');if(conf1){return true;}else{return false;}});},methodName:function(){},_checkProduct:function(e)
{var phoneID=$('#phoneID').val();var phoneArray=phoneID.split('#');var phoneSN=phoneArray[0];var phoneHash=phoneArray[2];var phonePUID=phoneArray[3];var checkResults=bootLoaderCheck(phoneSN,phoneHash,phonePUID);if(!phoneSN||!phonePUID)
{if(!phoneSN){alert('Serial Number not found in your identifier, please try again.');}else if(!phonePUID){alert('PUID Not found in your identifier, please try again.');}
$("#unlockPhone").attr("action","/app/error/");}}});function fastbootConvert(phoneSN){var chars=phoneSN.split("");if(chars[1]=='A'){convertedSN=chars[0]+chars[3]+chars[2]+chars[5]+chars[4]+chars[7]+chars[6]+chars[9]+chars[8]+chars[11]+chars[10]+chars[13]+chars[12]+chars[15]+chars[14];}else if(phoneSN.substring(0,2)=='99'||phoneSN.substring(0,2)=='98'||phoneSN.substring(0,2)=='97'){convertedSN=phoneSN.substring(0,phoneSN.length-2);typeSN='MEID';}else{convertedSN=phoneSN;}
return convertedSN;}
function bootLoaderCheck(phoneSN,phoneHash,phonePUID){$('#processingContainer').removeClass('noShow');$.ajax({type:"POST",url:"/cc/productRegistration/verifyPhone/"+phoneSN+"/"+phonePUID+'/'+phoneHash+'/',dataType:"json",success:function(data){var eo=new RightNow.Event.EventObject();$('#processingContainer').addClass('noShow');},error:function(xhr){try{console.dir(xhr);}
catch(e){}
if(xhr.responseText=="Not qualified"){alert('Your device does not qualify for bootloader unlocking.');}else if(xhr.responseText=="Phone qualifies"){$("#unlockPhone").attr("action","/cc/productRegistration/unlockPhone/"+phoneSN+"/"+phonePUID+'/'+phoneHash+'/');$('#submit').removeClass('noShow');}else{alert('Your input text was not recognized as a valid dataset. Please try again.');}
$('#processingContainer').addClass('noShow');}});}

uuu665 · Feb 3, 2017

Scramble said:
What is needed is more examples. If people post the line 3 and unlock code in hex, then the problem can be solved. Unless you are the kid from mercury rising or rain man, the best that can be acheived with only one example is a headache. Trust me!

please sir can you help me to unlock please

9900020282676400#54413632363037
(bootloader) 554F5800000000000000000000#491D
(bootloader) B766A8A166A796BA4217967799EEB88
(bootloader) C0234#741FAB040C000100000000000
(bootloader) 0000000

Preheatedbug · Mar 8, 2017

Just as a question because I am currently working on this myself. Can a brute force attack be done to find the unlock code as a batch file? Just wanted to ask before I spent any more time on this for it just to fail anyway.

levone1 · May 2, 2017

jcase said:
Ok, so first off, its not a generator, token is hashed with other data then compared to a stored value I believe.

Hell-On-Wheels said:
I don't know if all interested parties have moved on, but fk2106 might be on to something. The element
he/she is talking about seems to be an equation :

Scramble said:
Wouldn't it be nice to have a keygen to unlock the bootloader without obtaining the key from motorola?
I have been investgating the relationship between the bootloader return code and unlock key and have discovered the following...

Anything doing with this anymore? I picked up an xt1028 cheap at local repair shop, just to mess around with, (I'm mostly an Xperia user), and I became interested in trying to crack the thing. I've gone almost to the nth degree. I'm willing to contribute something if I can...

jcase · May 2, 2017

levone1 said:
Anything doing with this anymore? I picked up an xt1028 cheap at local repair shop, just to mess around with, (I'm mostly an Xperia user), and I became interested in trying to crack the thing. I've gone almost to the nth degree. I'm willing to contribute something if I can...

Your odds of building a space ship to mars in your backyard by next weekend, are about as good as your odds at bruteforcing your token.

levone1 · May 2, 2017

jcase said:
Your odds of building a space ship to mars in your backyard by next weekend, are about as good as your odds at bruteforcing your token.

Thanks. I read the overwhelming calculation a few pages back. Obviously not worth anyone's life's work, but I didn't know if there was still anyone out there with some other feasible hope... I know originally this thread was suggesting a possible correlation between fastboot bl data and an unlock code. Or maybe someone out there is into hacking security vulnerabilities, etc

zen_hakuren · May 21, 2017

I may have found something interesting
these are the conversions when using a hex to text converter
140A858731D55F3B5DF78F0F6BB9EAE32A2B8945
To Text

��1�_;]��k��*+�E

57345A55454F32545A414C4F474A4A5750524D4F
To text
W4ZUEO2TZALOGJJWPRMO
and when i search the machine code on google it gave me no corrections and the first result was to a equation... this may get good
My search https://www.google.com/search?q=%14+%EF%BF%BD%EF%BF%BD1%EF%BF%BD_%3B%5D%EF%BF%BD%EF%BF%BD%0Fk%EF%BF%BD%EF%BF%BD%EF%BF%BD*%2B%EF%BF%BDE&rlz=1C1CHZL_enUS733US733&oq=%14+%EF%BF%BD%EF%BF%BD1%EF%BF%BD_%3B%5D%EF%BF%BD%EF%BF%BD%0Fk%EF%BF%BD%EF%BF%BD%EF%BF%BD*%2B%EF%BF%BDE&aqs=chrome..69i57&sourceid=chrome&ie=UTF-8
The first result https://en.wikipedia.org/wiki/Euler%27s_identity

---------- Post added at 09:27 AM ---------- Previous post was at 09:20 AM ----------

i translated the text to java (webpage: http://snible.org/java2/uni2java.html and got this "\u0014\n\uFFFD\uFFFD1\uFFFD_;]\uFFFD\uFFFD\u000Fk\uFFFD\uFFFD\uFFFD*+\uFFFDE"

---------- Post added at 09:30 AM ---------- Previous post was at 09:27 AM ----------

the text variation of the 3-ed line can be converted via hex to text to java unicode

---------- Post added at 09:34 AM ---------- Previous post was at 09:30 AM ----------

i just tried it twice with other 3ed lines... they may be using java unicode to encrypt.

krison01 · Jul 6, 2017

hex: 3A15580618283806#5A593232343350514B5A004D6F746F2047200000#FCBBE13AE0FEC4E9C4873591B1E1192C23477A01#43EFEC29000000000000000000000000
ASCII text: X(8ZY2243PQKZMoto G ü»á:àþÄéÄ5±á,#GzCïì)
first line imei
second line sn and model
last line uid
third with remaining: AFCBBE13AE0FEC4E9C4873591B1E1192C23477A0100
ASCII: ¯Ë¾®ìNHsYÂ4w*

IdealInShade · Aug 19, 2017

So, I got into a google drive folder and is this already known?

So I like to mess around with anything coding/IT/tech related. I'm often up late either trying to code something new, trying to break someone else's code, or just hacking away at whatever I find interesting. That said, I don't even like Moto, button placement is dumb, so sorry if the contents of their Google Drive is public somewhere and I just don't know about it.

Anyways, I go back and mess around in fastboot mode on my Droid Turbo 2 XT1585 (Update 2017-02-02) when I'm feeling bored. I first discovered that certain characters (not the getvar all stuff, or oem itself, got that long ago) when passed to the BL using fastboot oem return stuff like '0x0.07ffeb742db9p-1022' which I haven't seen mentioned in public but it's been a while.

The numbers change with the same input sent to the same fastboot oem subcommands, but I do seem to be able to control parts of it and the case of the hex address (I think) returned. If that could be new, I can go into detail.

I also got a goo.gl address while messing with it. I was told to request permission. I did through some account I don't really use, but then I remembered back in like 2013 or something Google really messed up Drive and let people share their shame. I played around a bit with the URL structure andI was able to eventually get into goo.gl/Qyzg2L

I downloaded everything right away of course. The guy who runs the account is a motorola employee, with motorola email and he just updated it right before I got in so hopefully if it's old news he made a career ending programming error and there's some code or comment that tells us all. I doubt it though. He seems pretty organized besides this little slip up if that's the case.

Edit: Use the strings command in Linux against the vendor binaries, there is often interesting stuff in there.

So, any of this new or do I need to go to sleep?

Help with Moto G bootloader unlock keygen

Member

Senior Member

Senior Member

Member

Senior Member

New member

Senior Member

New member

Senior Member

New member

Senior Member

Member

New member

New member

Senior Member

Retired Forum Mod / Senior Recognized Developer

Senior Member

Member

Member

Member

Similar threads

Top Liked Posts