[Android][UNSAMLOCK] Bootloader Unlock for Samsung US/Canada Devices

Search This thread
By:
Advanced…
N

Network_Pro

Senior Member
Dec 5, 2010
126
10
Android Stick & Console Computers
I just wanted to unlock the bootloader to install TWRP, root it, debloat it, and try to force enable more LTE and 5G bands and options. My google searching led me to believe that the PCB has sufficient SoC and antenna for Sub6 5G bands to connect to my operator, but they were disabled in firmware, by Veriozn stupidity.

The device (SM-N976V) had bin v7 bootloader on it, for which there seem not to be a public bypass or debug files anywhere I can find, and I tried to flash N976VVRS4CTF3_Bypass.tar, twrp-3.4.0-1_afaneh92-d2xq.tar, vbmeta_disabled.tar as well as tried downgrading some mbn files from older firmwares. And I don't even know what these files actually do. :) I trusted the bootloader should survive my attempts.

I was wrong, the security protected boot process was disrupted and the phone was stuck in QDLoader mode.

Now I have no idea how to run a bootloader or a recovery or a firehose loader to be able to revive the device.

The device is still one of the best phones on the market with the Qualcomm chipset and I'd rather buy company stock for 2500$ rather than buy their newer device which is not going to be better than this one.

If someone knows someone who can help pleease PM me we can try USB remoting as well.

Thank you.

I will try this method

youtu.be/pxEIS-8OQBg

I was also experimenting and pushing buttons in cdmatool it is possible I have sent a command over the USB that put it in EDL mode however I can not be certain. The QDLoader happened right after I was spamming tar and mbn files over patched Odin/samfw tool. The phone have rejected all files which were not official with the exception of that Bypass tar file but if that is for older binary, the exploit probably did nothing. So the QDloader must have happened in a different way somehow. I do not believe the flash is faulty but it's also possible I made a bad sector on the flash, which should be recoverable as well.
 
Last edited:
afaneh92

afaneh92

Senior Member
Jul 31, 2012
3,770
5,152
Network_Pro said:
I just wanted to unlock the bootloader to install TWRP, root it, debloat it, and try to force enable more LTE and 5G bands and options. My google searching led me to believe that the PCB has sufficient SoC and antenna for Sub6 5G bands to connect to my operator, but they were disabled in firmware, by Veriozn stupidity.

The device (SM-N976V) had bin v7 bootloader on it, for which there seem not to be a public bypass or debug files anywhere I can find, and I tried to flash N976VVRS4CTF3_Bypass.tar, twrp-3.4.0-1_afaneh92-d2xq.tar, vbmeta_disabled.tar as well as tried downgrading some mbn files from older firmwares. And I don't even know what these files actually do. :) I trusted the bootloader should survive my attempts.

I was wrong, the security protected boot process was disrupted and the phone was stuck in QDLoader mode.

Now I have no idea how to run a bootloader or a recovery or a firehose loader to be able to revive the device.

The device is still one of the best phones on the market with the Qualcomm chipset and I'd rather buy company stock for 2500$ rather than buy their newer device which is not going to be better than this one.

If someone knows someone who can help pleease PM me we can try USB remoting as well.

Thank you.

I will try this method

youtu.be/pxEIS-8OQBg

I was also experimenting and pushing buttons in cdmatool it is possible I have sent a command over the USB that put it in EDL mode however I can not be certain. The QDLoader happened right after I was spamming tar and mbn files over patched Odin/samfw tool. The phone have rejected all files which were not official with the exception of that Bypass tar file but if that is for older binary, the exploit probably did nothing. So the QDloader must have happened in a different way somehow. I do not believe the flash is faulty but it's also possible I made a bad sector on the flash, which should be recoverable as well.
Click to expand...
Click to collapse
Samsung patched the bypass on v4 for all sm8150 devices, so will end up in bricked device. As I said I don't have edl file for your device. If not available on the Internet you will end up with new motherboard.
 
  • Like
Reactions: Network_Pro
rawhide85

rawhide85

Senior Member
Nov 20, 2009
1,163
1,547
FL, USA
Moto G Stylus
Moto G Stylus 5G
Good morning my friend. I hope this message finds you and your family well. I would like to know if the new S23 Ultra bootloader is unlockable and able to use TWRP? If so, what model, version is available for use with my AT&T network? Thank you in advance for your assistance regarding this request. Raleigh
 
afaneh92

afaneh92

Senior Member
Jul 31, 2012
3,770
5,152
rawhide85 said:
Good morning my friend. I hope this message finds you and your family well. I would like to know if the new S23 Ultra bootloader is unlockable and able to use TWRP? If so, what model, version is available for use with my AT&T network? Thank you in advance for your assistance regarding this request. Raleigh
Click to expand...
Click to collapse
Good morning, thanks. Maybe soon
 
  • Like
Reactions: rawhide85
N

Network_Pro

Senior Member
Dec 5, 2010
126
10
Android Stick & Console Computers
afaneh92 said:
Samsung patched the bypass on v4 for all sm8150 devices, so will end up in bricked device. As I said I don't have edl file for your device. If not available on the Internet you will end up with new motherboard.
Click to expand...
Click to collapse
I can try many tools such as edl.py and qualcomm stuff from csdn. edl.py seem to have a firehose loader however the phone seems to be in Streaming mode and not EDL and I may need to force EDL by EDL cable / data+ gnd short.

From there I should be able to generate xml with edl.py however I am not sure about what mbn to flash to it to recover boot or if that is even necessary ? I can also try stuff from halabtech.

Let me know if I can try some idea.

Thank you.
 
afaneh92

afaneh92

Senior Member
Jul 31, 2012
3,770
5,152
Network_Pro said:
I can try many tools such as edl.py and qualcomm stuff from csdn. edl.py seem to have a firehose loader however the phone seems to be in Streaming mode and not EDL and I may need to force EDL by EDL cable / data+ gnd short.

From there I should be able to generate xml with edl.py however I am not sure about what mbn to flash to it to recover boot or if that is even necessary ? I can also try stuff from halabtech.

Let me know if I can try some idea.

Thank you.
Click to expand...
Click to collapse
As I said, you need device specific edl files for current bootloader you have or newer. Anything else would be useless.
 
N

Network_Pro

Senior Member
Dec 5, 2010
126
10
Android Stick & Console Computers
afaneh92 said:
As I said, you need device specific edl files for current bootloader you have or newer. Anything else would be useless.
Click to expand...
Click to collapse
This is true for download mode. EDL is Emergency download mode. Are you 100% sure, that the previous Firehose does not have the correct decryption keys for the data on the UFS ? Are you 100% sure that a previous version firmware will not be able to be written in EDL mode even if the current data is encrypted/corrupted ? Reference ? Thank you.
 
afaneh92

afaneh92

Senior Member
Jul 31, 2012
3,770
5,152
Network_Pro said:
This is true for download mode. EDL is Emergency download mode. Are you 100% sure, that the previous Firehose does not have the correct decryption keys for the data on the UFS ? Are you 100% sure that a previous version firmware will not be able to be written in EDL mode even if the current data is encrypted/corrupted ? Reference ? Thank you.
Click to expand...
Click to collapse
Even edl checks for bootloader and device model. And this is not the place to discuss bricked devices.
 
johnnywhojr

johnnywhojr

Senior Member
Oct 8, 2007
874
376
Regina
Google Pixel 7 Pro
Samsung Galaxy Z Fold 4
Good day!

Been a long time since Ive posted to XDA. running variant 936w(z fold 4). trying to read through 71 pages is a challenge and am sure this has been asked...but just to ensure im following...sign up for telegram, reach out to you with my DID, go from there?

I run a mac so terminal works for me but I like K.I.S.S. LOL. Love my z fold but it really needs no bloat and am not looking to 'deactivate bloat' want the shiznit gonzo!

Please let me know what the steps are to get this done properly and efficiently.

Thank you in Advance.
 
R

root_addict

New member
Mar 13, 2016
2
0
afaneh92 said:
This thread is @svetius approved

NOTE: The OneUI 3.1 bootloader (March 2021 security update and later) will bypass the unlock token, Do not update or bump your bootloader version. So If you ever take the update and you can downgrade go for it. And you will remains unlocked.
NOTE2: Device Shipped with One UI 3.1 like S21 can be unlocked on V1 bootloader. A32 5G with V1, V2 & V3 bootloader.
NOTE3: Im not a part of sampwnd so dont conflict between us.
NOTE4: I don't have a site, to request your token contact me on PM.
View attachment 5181461

Description:
This service will acquire you to unlock samsung bootloader. Allow you to flash custom firmwares, kernels and recoveries. This service will wipe the device entirely of all data, please remove your SD card, and backup all information that you may need, remove all accounts before service.
This service supports all current models that require token to unlock bootloader (e.g. US/Canada A50, A51, A71, A32, S9, N9, S10, N10, S20, N20, S21, XCover pro, Fold, Flip and Tab series.)
DID is available on download mode or by ADB (adb shell getprop ro.boot.em.did) or by Android terminal (getprop ro.boot.em.did)
Provide the DID that you’ve obtained from the device (PLEASE DOUBLE AND TRIPLE CHECK IT’S CORRECT, THERE WILL BE NO REFUNDS FOR BAD SUBMISSION)
We will provide the token file once it’s available

FAQ:
- This is a paid service and not provided by XDA.
- Each device has it’s own DID and token.
- You cannot flash unlock token 2 times, you get a single chance, Dont lose it by flashing combination token.
- The token file will be available within 1–36 hours of order.
- We will unlock the device remotely or you do it yourself.
- To flash this token file yourself you will need a modified ODIN version.
- USA/Canada devices has no oem unlock toggle.
- Knox will be tripped after a custom binary flash.
- Samsung Pass, Samsung Pay will never work after root. Safetynet, Samsung Health and Secure folder could be fixed.
- This is a permanent bootloader unlock. You can flash full stock firmware (with the same bootloader version) multiple times and bootloader remain unlocked.
- Updating to 2021 march security update will bypass the unlock on most devices, don't update to higher bootloader version.

Disclaimers:
Please note that unlocking your bootloader does not mean that you will be able to unlock the SIM lock. Unlocking your SIM lock is at the discretion of your operator/carrier and is not part of the bootloader unlocking scope.

We strongly suggest that you do not unlock the bootloader unless you are confident that you understand the risks involved. This is a technical procedure and the side effects could possibly necessitate repairs to your device not covered under warranty. If you are still interested in unlocking the bootloader, and you understand the consequences both to your device and to your warranty, then you may refer to the following post where we have provided the unlocking instructions.
Click to expand...
Click to collapse
Who do I contact for service?
 
afaneh92

afaneh92

Senior Member
Jul 31, 2012
3,770
5,152
johnnywhojr said:
Good day!

Been a long time since Ive posted to XDA. running variant 936w(z fold 4). trying to read through 71 pages is a challenge and am sure this has been asked...but just to ensure im following...sign up for telegram, reach out to you with my DID, go from there?

I run a mac so terminal works for me but I like K.I.S.S. LOL. Love my z fold but it really needs no bloat and am not looking to 'deactivate bloat' want the shiznit gonzo!

Please let me know what the steps are to get this done properly and efficiently.

Thank you in Advance.
Click to expand...
Click to collapse
Hey, Fold4 is not yet supported.
 
  • Like
Reactions: johnnywhojr
You must log in or register to reply here.

Similar threads

jcase
[Android][Unlock/S-OFF] SunShine for modern Motorola & HTC devices
Replies
5K
Views
1M
jcase
jcase
S
[Android 4.0+] Call Recorder - SKVALEX, record phone calls from the phone line
Replies
10K
Views
2M
U
ucancallmeFisseDK
E
  • Poll
[Android 4.1+] HeadUnit Reloaded for Android Auto with Wifi
Replies
8K
Views
1M
M
Mr-Burns
Chainfire
  • Locked
[Android 4.2+][ROOT][2017.09.21] FlashFire v0.73
Replies
7K
Views
2M
KennyG123
KennyG123
Z
  • Locked
[APP] DroidMote Server & Client - Wifi Control between Android Devices ++
Replies
2K
Views
717K
M
malybru

Top Liked Posts

24 Hours 30 Days All time

New posts