guide: how to have unlocked fastboot without flashing
- Thread starter scottgl9
- Start date
-
- Tags
- development
Yep. It gets stock at remuneration and eventually fails and on the phone screen I get an error saying (sec-exception) with some numbers. The only ROM that I can flash is the Electrify 2.3.5 from US Cellular.
That's a shame. I guess I shouldn't have put my hopes up in the first place. Has anyone with a bootloader locked 2.3.4 photon tried this trick to see if it does indeed work? Maybe it gets stuck at reenumeration because the device self-reboots itself before flashing and, in so doing, it loses its unlocked status?
Last edited:
The reason is because when you flash a new SBF, it will overwrite the rdl.bin with the RDL3.smg from the SBF file.
I pulled RDL3_unlocked_electrify.smg from 235pudding.sbf. What SBF file do you usually flash to unlock the electrify? Maybe I don't exactly understand what you're trying to do.
Last edited:
From the 2.3.5 rom can you run this over an adb shell and post the output?
"cat /sys/firmware/fuse/ReservedOdm"
I have been compiling the output from phones in various states in order to determine what each value means in relation to what you can flash.
so far i have this
Code:
10000000000030001000100004000-photon tried to flash photon 2.3.5 eng? currently unlocked but can't flash normal SBF
10000000000010001000100004000-standard unlocked photon
10000000000010001000100000000-standard locked photon
10000000000010001000100004000-standard unlocked electrify
30000000000030003000100004000-electrify stuck on 2.3.5 no additional info
1000000000003000100004000-electrify stuck on 2.3.5 unlocked bootloader previously installed
When I run it, this is what I get.
$ cat /sys/firmware/fuse/ReservedOdm
cat /sys/firmware/fuse/ReservedOdm
/sys/firmware/fuse/ReservedOdm: Permission denied
$
The device is rooted and SU & BB installed.
OK. How do I get that?
---------- Post added at 10:43 PM ---------- Previous post was at 10:30 PM ----------
Here. I think I got it.
30000000000030003000100000000-photon stuck on electrify 2.3.5 with locked bootloader
What people are trying to do is downgrade from a 2.3.5 electrify (bootloader locked) rom to a 2.3.4 or lower rom. Several people mistakingly flashed an electrify-only pudding file to their photons, basically forsaking them to live with an electrify rom and bootloader locked for eternity (or at least until now).
Once on 2.3.4 we would be able to try regular derpunk pudding, unlock our bootloaders and live free or die hard.
Also there's people who bought an Electrify which came with 2.3.5 out of the box, but I am not sure whether those devices are downgradable or not. I assume they are since the Electrify is technically the same as the Photon, though I might be wrong on that.
Well. it looks like the Devs gave up on this Bootloader unlocking for Photon Electrify. I don't see any progress on this project on any of the other forums. If there is no solution for this, I guess we are going to turn to the insurance for an Exchange. I really hate to do that but it looks like there is no choice.
# cat /sys/firmware/fuse/ReservedOdm
30000000000030003000100004000
Photon with an unlocked radio stuck on bootloader. If only I had flashed derpunlock.sbf beforehand :/ everyone stay away from 235pudding.sbf if you have a motorola photon, it's bad news. Has anyone successfully flashed the boot.img running 2.3.5? This thing is incredibly locked down it seems.
By the way does anyone have any other electrify SBF files I can mess with? I haven't been able to downgrade using 1FF-sunfire-user-2.3.4-4.5.1A_SUN_USC_16.7-16-release-keys-signed-USC-US.sbf thus far.
Last edited:
From what I've found so far, I've been able to get the full range of error codes, so I'm pretty sure I'm actually flashing CG39/CG42 and CG47, its just this CG3.bin which I believe is cdl.bin. I've received the following errors on different instances:
1) Failed to boot 1
2) Failed to boot 2
Starting RSD mode
3) Failed to boot 3
1) Failed to boot 1
2) Failed to boot 2
Starting RSD mode
3) Failed to boot 3
Confirmed! I got rid of the aweful 2.3.5 electrify bootloader. Just did this:
scottgl@scottgl-A105:~/Desktop/SMG_BP011UP$ fastboot flash boot CG59_0x00000130.smg
sending 'boot' (3294 KB)...
OKAY [ 0.206s]
writing 'boot'...
OKAY [ 0.734s]
finished. total time: 0.940s
scottgl@scottgl-A105:~/Desktop/SMG_BP011UP$ fastboot flash boot CG59_0x00000130.smg
sending 'boot' (3294 KB)...
OKAY [ 0.206s]
writing 'boot'...
OKAY [ 0.734s]
finished. total time: 0.940s
Similar threads
- Locked
- Sticky
Top Liked Posts
-
There are no posts matching your filters.
-
18I recently discovered this, and I thought it would be of some benefit to those who are wanting to unlock, modify partitions, etc without the need to flash derpunlock.sbf or modify your photon in any way. What you need to do this:
1) fastboot for Windows or Linux
2) unlocked RDL3 (ramloader) which I am providing
The process is very simple, reboot your Motorola Photon, and hold the volume down button and power button. You will see "fastboot" on the screen, now press volume up. Connect your phone to your computer, and issue the following command which I discovered:
scottgl@scottgl-A105:~$ fastboot flash rdl.bin RDL3_unlocked.smg
sending 'rdl.bin' (3072 KB)...
OKAY [ 0.193s]
writing 'rdl.bin'...
OKAY [ 0.000s]
finished. total time: 0.193s
This will load the unlocked ramloader (unlocked will be displayed at the top even if your phone is locked) which is normally only loaded into ram when flashing an SBF! Amazing, I know. Now you can do all kinds of stuff and you've made no modifications, just issue a "fastboot reboot" and nothing has been modified. Now you are able to erase boot, recovery, oem unlock, etc. Here is an example after you have executed the above. This is just me restoring my default boot and recovery partitions which you can't do from your locked bootloader:
scottgl@scottgl-A105:~$ fastboot erase recovery
erasing 'recovery'...
OKAY [ 0.739s]
finished. total time: 0.739s
scottgl@scottgl-A105:~/Desktop/SMG$ fastboot flash recovery CG58_0x00000120.smg sending 'recovery' (8192 KB)...
OKAY [ 8.760s]
writing 'recovery'...
OKAY [ 1.013s]
finished. total time: 9.773s
scottgl@scottgl-A105:~/Desktop/SMG$ fastboot erase boot
erasing 'boot'...
OKAY [ 0.761s]
finished. total time: 0.761s
scottgl@scottgl-A105:~/Desktop/SMG$ fastboot flash boot CG59_0x00000130.smg
sending 'boot' (8192 KB)...
OKAY [ 8.800s]
writing 'boot'...
OKAY [ 0.697s]
finished. total time: 9.497s4
The process of loading the unlocked ramloader is the same regardless of your firmware, even if the bootloader is 'locked'. The ramloader is just that, its written to ram, and so when the phone is reset the code is cleared out of memory. This means to unlock your radio, you don't have to flash anything to your ram, flashing rdl.bin basically just loads the ramloader to executable memory, then jumps to it. I'm still working on figuring out how to use this to chain load a custom recovery.3You can actually unlock the radio with the stock locked bootloader still in place (derpunlock.sbf flashing no longer needed):
scottgl@scottgl-A105:~/Desktop/SMG_derpunlock$ fastboot flash rdl.bin RDL3_unlocked.smg
sending 'rdl.bin' (3072 KB)...
OKAY [ 0.193s]
writing 'rdl.bin'...
OKAY [ 0.000s]
finished. total time: 0.193s
scottgl@scottgl-A105:~/Desktop/SMG_derpunlock$ fastboot oem unlock
...
(bootloader) Unlocking your device can permanently VOID your warranty.
(bootloader) This process cannot be reversed. If you wish to proceed,
(bootloader) reissue the unlock OEM command containing the unique ID
(bootloader) of your device: XXXXXXXXXXXXXXXX
OKAY [ 0.006s]
finished. total time: 0.006s
scottgl@scottgl-A105:~/Desktop/SMG_derpunlock$ fastboot oem unlock XXXXXXXXXXXXXXXX
...
(bootloader) Device is already unlocked
OKAY [ 0.003s]
finished. total time: 0.003s
scottgl@scottgl-A105:~/Desktop/SMG_derpunlock$3
Looks like the link is dead. However I think I found a way to get it myself. Flashed the 2.3.4 system to my phone and it's downloading the update right now.
Edit: Ill know if it's the right update in probably about an hour. It is an extremely slow download, they must be severely limiting connections to phones outside of the states.
