• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!
  • Fill out your device list and let everyone know which phones you have!    Edit Your Device Inventory

After unlocking bootloader can I restore stock, relock and have Safety Net work

Search This thread

sfhub

Senior Member
Oct 23, 2008
5,342
7,219
In the FAQ thread it was stated that once you unlock the bootloader you can NOT completely return to a pre-unlocked state.

Coming from Nexus, I usually unlock my bootloader and leave it that way, just in case I do something stupid and bootloop the phone. I run everything stock, except for systemless root access which I occasionlly need. If I want to go back to stock, I flash the factory images (mostly just boot.img since I am running systemless root), and relock the bootloader.

On the Moto X4 is there some sort of one-way tripwire when you unlock the bootloader that doesn't get reset when you relock the bootloader?

Is it really the case that the Motorola factory images that are hosted on AndroidFileHost are not factory signed? Is that the source of the issue mentioned in the FAQ? I saw some people mention they were able to flash those images even with bootloader locked, which I thought meant they must have passed some signature verification.

I saw people were able to apply OTAs after flashing to those stock images. If the stock images (flashed through fastboot) weren't factory signed, by the time you successfully flash an OTA wouldn't the result be factory signed? It is just the kernel/boot image that needs to be signed right? The system image is protected by signed dm-verity hash tree that has to be shipped with any update or reading /system partition would just throw up I/O errors.

I don't mind needing to run Magisk to get around Safety Net while I have the bootloader unlocked, but I want the option to flash one of the stock images, relock the bootloader, and have everything work the same as if I never unlocked.

I don't mind the warranty being potentially voided, just want to be able to get back to pre-unlocked state.

I don't want to be relegated to a lifetime of Safety Net workarounds just because I unlocked the bootloader once to try things out.

Can someone clarify this question?

https://forum.xda-developers.com/moto-x4/help/moto-x4-f-q-s-thread-t3814393

4. Can I unlock the bootloader and how do I do that?
The only way to know if your variant can be unlock is via Motorola's website, via their instructions. There is no alternative method. This is the definitive way to find out if yours can be unlock. Typically, users are reporting that the Amazon model cannot be unlocked.

Lenovo has not released factory signed stock images. Once you unlock the bootloader, THERE IS NO RETURN. Safety Net will not pass, modified flag is tripped, and orange bootloader msg will appear at boot. Even when you perform #9.

9. How do I go back to stock?
[Guide][Video/Text] How to Flash Official/Factory Firmware (Moto X4) by @munchy_cool
 
Last edited:

Neffy27

Senior Member
Nov 27, 2013
614
214
Until Lenovo releases their official signed factory images, the same is not possible as it is with the Nexus and Pixel lines.
 

AvenidaDelGato

Senior Member
May 4, 2016
76
37
In the FAQ thread it was stated that once you unlock the bootloader you can NOT completely return to a pre-unlocked state.

Coming from Nexus, I usually unlock my bootloader and leave it that way, just in case I do something stupid and bootloop the phone. I run everything stock, except for systemless root access which I occasionlly need. If I want to go back to stock, I flash the factory images (mostly just boot.img since I am running systemless root), and relock the bootloader.

On the Moto X4 is there some sort of one-way tripwire when you unlock the bootloader that doesn't get reset when you relock the bootloader?

Is it really the case that the Motorola factory images that are hosted on AndroidFileHost are not factory signed? Is that the source of the issue mentioned in the FAQ? I saw some people mention they were able to flash those images even with bootloader locked, which I thought meant they must have passed some signature verification.

I saw people were able to apply OTAs after flashing to those stock images. If the stock images (flashed through fastboot) weren't factory signed, by the time you successfully flash an OTA wouldn't the result be factory signed? It is just the kernel/boot image that needs to be signed right? The system image is protected by signed dm-verity hash tree that has to be shipped with any update or reading /system partition would just throw up I/O errors.

I don't mind needing to run Magisk to get around Safety Net while I have the bootloader unlocked, but I want the option to flash one of the stock images, relock the bootloader, and have everything work the same as if I never unlocked.

I don't mind the warranty being potentially voided, just want to be able to get back to pre-unlocked state.

I don't want to be relegated to a lifetime of Safety Net workarounds just because I unlocked the bootloader once to try things out.

Can someone clarify this question?

https://forum.xda-developers.com/moto-x4/help/moto-x4-f-q-s-thread-t3814393

AFAIK if you flash a stock image and re-lock the bootloader SafetyNet will pass verification.
 

sfhub

Senior Member
Oct 23, 2008
5,342
7,219
Until Lenovo releases their official signed factory images, the same is not possible as it is with the Nexus and Pixel lines.
I don't think signed images is necessarily the issue. Even if the images released so far weren't signed (which I haven't verified is the case signed or unsinged), by the time you apply an OTA, they would be signed. Otherwise, it would be impossible for the stock (never bootloader unlocked) units to have a signed image after applying the OTA. The result of applying an OTA must be a factory signed image or it wouldn't pass bootloader check. I saw that people were able to apply an OTA after flashing these images.

It sounds more like some flag is set by bootloader under certain conditions and that doesn't get reset when you re-lock.

On HTC I believe they had something similar where verity mode got switched to logging instead of enforcing (in the bootloader params, not the fstab) and you needed to clear devinfo for things to go back to stock behavior.
 

sfhub

Senior Member
Oct 23, 2008
5,342
7,219
AFAIK if you flash a stock image and re-lock the bootloader SafetyNet will pass verification.
Based on your personal experience with doing that on an X4 or based on your understanding of how it should work?

That's the way it has worked on other platforms I've used, but I've seen a couple of posts where people say that isn't the case here. They say you still get a warning message on boot after flashing stock. then relocking, and then subsequently when they test safety net it fails.

I know I can do cat and mouse with Magisk and Safety Net for a while to workaround and I don't mind doing that while I have my bootloader unlocked. I am thinking though, I might just get tired of doing that and want to go back to stock and have everything work.

This is also the first platform I've used where the bootloader will erase userdata when you re-lock. All other platforms I've used only erase userdata when you initially unlock (which makes sense)
 
Last edited:

AvenidaDelGato

Senior Member
May 4, 2016
76
37
Based on your personal experience with doing that on an X4 or based on your understanding of how it should work?

That's the way it has worked on other platforms I've used, but I've seen a couple of posts where people say that isn't the case here. They say you still get a warning message on boot after flashing stock. then relocking, and then subsequently when they test safety net it fails.

I know I can do cat and mouse with Magisk and Safety Net for a while to workaround and I don't mind doing that while I have my bootloader unlocked. I am thinking though, I might just get tired of doing that and want to go back to stock and have everything work.

This is also the first platform I've used where the bootloader will erase userdata when you re-lock. All other platforms I've used only erase userdata when you initially unlock (which makes sense)

Based on both. But anyways, I went ahead and flashed the stock OPW28.46-21 image from AFH, made sure to flash the logo.bin file (because I have a modified boot logo), and relocked the bootloader. Here is a screenshot from Magisk Manager showing that SafetyNet passes without Magisk installed after reverting to stock, etc.
mA3k3Hp.png
 
  • Like
Reactions: sfhub

sfhub

Senior Member
Oct 23, 2008
5,342
7,219
Based on both. But anyways, I went ahead and flashed the stock OPW28.46-21 image from AFH, made sure to flash the logo.bin file (because I have a modified boot logo), and relocked the bootloader. Here is a screenshot from Magisk Manager showing that SafetyNet passes without Magisk installed after reverting to stock, etc.
Thanks so much for trying that out for me.

Two other quick questions:

1) did the bootloader stop complaining about boot verification after relocking
2) under play store->hamburger->settings, at the bottom does it say Device certification - Certified?

Thank you very much.
 

AvenidaDelGato

Senior Member
May 4, 2016
76
37
Thanks so much for trying that out for me.

Two other quick questions:

1) did the bootloader stop complaining about boot verification after relocking
2) under play store->hamburger->settings, at the bottom does it say Device certification - Certified?

Thank you very much.

The bootloader still gave an error message saying it has been re-locked (yellow warning text), but that doesn't affect SafetyNet. Not sure about Device Certification as I've already unlocked the bootloader and restored root. However, I'm fairly confident it would be certified based on Google's description of Device Certification.
 
  • Like
Reactions: sfhub

Neffy27

Senior Member
Nov 27, 2013
614
214
Based on both. But anyways, I went ahead and flashed the stock OPW28.46-21 image from AFH, made sure to flash the logo.bin file (because I have a modified boot logo), and relocked the bootloader. Here is a screenshot from Magisk Manager showing that SafetyNet passes without Magisk installed after reverting to stock, etc.
This conflicts with what other users have reported. Do you mind opening up Google pay to see if it lets you add a card? Your don't have to complete the process.

---------- Post added at 07:13 AM ---------- Previous post was at 07:10 AM ----------

I don't think signed images is necessarily the issue. Even if the images released so far weren't signed (which I haven't verified is the case signed or unsinged), by the time you apply an OTA, they would be signed. Otherwise, it would be impossible for the stock (never bootloader unlocked) units to have a signed image after applying the OTA. The result of applying an OTA must be a factory signed image or it wouldn't pass bootloader check. I saw that people were able to apply an OTA after flashing these images.

It sounds more like some flag is set by bootloader under certain conditions and that doesn't get reset when you re-lock.

On HTC I believe they had something similar where verity mode got switched to logging instead of enforcing (in the bootloader params, not the fstab) and you needed to clear devinfo for things to go back to stock behavior.
What you typed does make sense. I don't have much else to say. If I get another confirmation safety net works, I'll update the FAQs thread.
 

Neffy27

Senior Member
Nov 27, 2013
614
214
I was going off this post when I wrote that piece of the FAQs thread, I'll have to keep digging for more reports. Though, people who unlock are most likely rooted, and the safetynet is such an easy work around with Magisk. Thank you @AvenidaDelGato for going through that. Let me know if Google Pay allows you to start the process of adding a card, which model do you have, and I'll update the FAQs thread.

The not being able to go back completely stock is what has kept me from unlocking my 2nd moto x4. 1st one was warranty returned before all these guides were made.
 
  • Like
Reactions: sfhub

funkymonkey_01

Senior Member
Mar 26, 2013
110
42
Based on both. But anyways, I went ahead and flashed the stock OPW28.46-21 image from AFH, made sure to flash the logo.bin file (because I have a modified boot logo), and relocked the bootloader. Here is a screenshot from Magisk Manager showing that SafetyNet passes without Magisk installed after reverting to stock, etc.
mA3k3Hp.png
Yep. I was doubtful at first cuz I swore I tried going back to stock, locked bootloader and all and safetynet was failing. I flashed the latest a1 stock image, relocked bootloader and now gpay works.
 

sfhub

Senior Member
Oct 23, 2008
5,342
7,219
The bootloader still gave an error message saying it has been re-locked (yellow warning text), but that doesn't affect SafetyNet. Not sure about Device Certification as I've already unlocked the bootloader and restored root. However, I'm fairly confident it would be certified based on Google's description of Device Certification.
Thanks again for your feedback. It is appreciated.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 3
    Based on both. But anyways, I went ahead and flashed the stock OPW28.46-21 image from AFH, made sure to flash the logo.bin file (because I have a modified boot logo), and relocked the bootloader. Here is a screenshot from Magisk Manager showing that SafetyNet passes without Magisk installed after reverting to stock, etc.
    mA3k3Hp.png
    Yep. I was doubtful at first cuz I swore I tried going back to stock, locked bootloader and all and safetynet was failing. I flashed the latest a1 stock image, relocked bootloader and now gpay works.
    1
    Based on your personal experience with doing that on an X4 or based on your understanding of how it should work?

    That's the way it has worked on other platforms I've used, but I've seen a couple of posts where people say that isn't the case here. They say you still get a warning message on boot after flashing stock. then relocking, and then subsequently when they test safety net it fails.

    I know I can do cat and mouse with Magisk and Safety Net for a while to workaround and I don't mind doing that while I have my bootloader unlocked. I am thinking though, I might just get tired of doing that and want to go back to stock and have everything work.

    This is also the first platform I've used where the bootloader will erase userdata when you re-lock. All other platforms I've used only erase userdata when you initially unlock (which makes sense)

    Based on both. But anyways, I went ahead and flashed the stock OPW28.46-21 image from AFH, made sure to flash the logo.bin file (because I have a modified boot logo), and relocked the bootloader. Here is a screenshot from Magisk Manager showing that SafetyNet passes without Magisk installed after reverting to stock, etc.
    mA3k3Hp.png
    1
    Thanks so much for trying that out for me.

    Two other quick questions:

    1) did the bootloader stop complaining about boot verification after relocking
    2) under play store->hamburger->settings, at the bottom does it say Device certification - Certified?

    Thank you very much.

    The bootloader still gave an error message saying it has been re-locked (yellow warning text), but that doesn't affect SafetyNet. Not sure about Device Certification as I've already unlocked the bootloader and restored root. However, I'm fairly confident it would be certified based on Google's description of Device Certification.
    1
    I was going off this post when I wrote that piece of the FAQs thread, I'll have to keep digging for more reports. Though, people who unlock are most likely rooted, and the safetynet is such an easy work around with Magisk. Thank you @AvenidaDelGato for going through that. Let me know if Google Pay allows you to start the process of adding a card, which model do you have, and I'll update the FAQs thread.

    The not being able to go back completely stock is what has kept me from unlocking my 2nd moto x4. 1st one was warranty returned before all these guides were made.