• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

Atrix HD Bootloader

Search This thread

C0deMaver1ck

Member
May 18, 2011
41
51
Louisiana
ithinkinco.de
It seems that this device's bootloader is in fact unlockable. As shown in mattlgroff's thread over here . After reading through the unlock page source code, I was able to gather a few pieces of information (read the beautified source here). In the BootLoader.prototype there is a function defined called _checkProduct() which takes your unlock data and converts it into three parts split by the pound symbol.

Code:
var phoneArray = phoneID.split('#');
var phoneSN = phoneArray[0];
var phoneHash = phoneArray[2];
var phonePUID = phoneArray[3];

It then makes a POST request to this url like so:

Code:
https://motorola-global-portal.custhelp.com/cc/productRegistration/verifyPhone/" + phoneSN + "/" + phonePUID + '/' + phoneHash + '/'

It seems that not the entire unlock data string is required as the value of phoneArray[1] is never used. It appears that given the correct translation method the phone and the website both produce the same unlock token (duh or the online unlocker wouldn't work).

I've registered the #atrixhd-dev channel on freenode if anybody would like to join in the cause. Root exploiting, Bootloader unlocking, if it has to do with Atrix HD development come join.
 

huatz84

Senior Member
Jul 10, 2009
942
315
Binjai,North Sumatra
Good news..:)
I'm not a dev but I really appreciate your effort. I'll keep monitoring here. Hope we'll have unlocked method as well as rooting method soon. Keep exploring..:)

Sent from my DROID4 using Tapatalk 2
 

howtomen

Senior Member
Jan 10, 2011
2,005
1,207
Brea CA
It seems that this device's bootloader is in fact unlockable. As shown in mattlgroff's thread over here . After reading through the unlock page source code, I was able to gather a few pieces of information (read the beautified source here). In the BootLoader.prototype there is a function defined called _checkProduct() which takes your unlock data and converts it into three parts split by the pound symbol.

Code:
var phoneArray = phoneID.split('#');
var phoneSN = phoneArray[0];
var phoneHash = phoneArray[2];
var phonePUID = phoneArray[3];

It then makes a POST request to this url like so:

Code:
https://motorola-global-portal.custhelp.com/cc/productRegistration/verifyPhone/" + phoneSN + "/" + phonePUID + '/' + phoneHash + '/'

It seems that not the entire unlock data string is required as the value of phoneArray[1] is never used. It appears that given the correct translation method the phone and the website both produce the same unlock token (duh or the online unlocker wouldn't work).

I've registered the #atrixhd-dev channel on freenode if anybody would like to join in the cause. Root exploiting, Bootloader unlocking, if it has to do with Atrix HD development come join.

atta baby do work son!
 

C0deMaver1ck

Member
May 18, 2011
41
51
Louisiana
ithinkinco.de
Do you have a link to your post?




See Post 1: I've registered the #atrixhd-dev channel on freenode if anybody would like to join in the cause. Root exploiting, Bootloader unlocking, if it has to do with Atrix HD development come join.

I know what I wrote myself. I was requesting a link to where he posted the channel I registered.

Did you really think I didn't know what I said in my own post?
 
Last edited:

hatefuel19

Senior Member
Sep 23, 2010
313
113
Lex
Do you have a link to your post?




See Post 1: I've registered the #atrixhd-dev channel on freenode if anybody would like to join in the cause. Root exploiting, Bootloader unlocking, if it has to do with Atrix HD development come join.

I know what I wrote myself. I was requesting a link to where he posted the channel I registered.

Did you really think I didn't know what I said in my own post?



BWAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA


http://forum.xda-developers.com/showthread.php?t=1898965

They've already started flaming so dunno how useful it will be.
 

Hyperj123

Member
Sep 20, 2012
48
5
Nice! I'm hoping to root this phone ASAP any testing needing to get done I will help as long as there's no risk of bricking.

Sent from my MB886 using xda app-developers app
 
Last edited:

hatefuel19

Senior Member
Sep 23, 2010
313
113
Lex
C:\android-sdk-windows\fastboot>fastboot flash aboot aboot.mbn
sending 'aboot' (256 KB)...
OKAY [ 0.028s]
writing 'aboot'...
(bootloader) Preflash validation failed
FAILED (remote failure)
finished. total time: 0.314s

Now I'm stuck with a dead android.

No more dead android. Thanks matt
 
Last edited:

CaptMorganz

Member
Sep 1, 2010
26
2
Code:
c:\>fastboot getvar all                               
(bootloader) version-bootloader: 1097(*)              
(bootloader) product: qinara                          
(bootloader) secure: yes                              
(bootloader) mid: 0055                                
(bootloader) version: 0.5                             
(bootloader) serialno: TA********               
(bootloader) qe: qe 0/0                               
(bootloader) unlocked: no                             
(bootloader) iswarrantyvoid: no                       
(bootloader) max-download-size: 31457280              
(bootloader) emmc-size: 8GB                           
(bootloader) reason: Key pressed                      
(bootloader) revision-hardware: 0x8400                
(bootloader) cpu: MSM8960 CS                          
(bootloader) uid: ********        
(bootloader) cid: 0x01                                
all:                                                  
finished. total time: 0.019s                          
                                                      
c:\>fastboot oem unlock 01234567890123456789          
...                                                   
(bootloader) Password incorrect!                      
(bootloader) OEM unlock failure!                      
FAILED (remote failure)                               
finished. total time: 0.403s

Just pasting some info, thought it might help seeing another device. I'm calling it quit's after trying to script a brute force on fastboot oem unlock only to realize that im retarded and didn't do some simple math first. I figure with an attempt time of 0.403s each password attempt i would have to wait up to 846,818,972,806,483,136,364,827 years before it guessed the correct unlock code :(
 

hatefuel19

Senior Member
Sep 23, 2010
313
113
Lex
Code:
c:\>fastboot getvar all                               
(bootloader) version-bootloader: 1097(*)              
(bootloader) product: qinara                          
(bootloader) secure: yes                              
(bootloader) mid: 0055                                
(bootloader) version: 0.5                             
(bootloader) serialno: TA********               
(bootloader) qe: qe 0/0                               
(bootloader) unlocked: no                             
(bootloader) iswarrantyvoid: no                       
(bootloader) max-download-size: 31457280              
(bootloader) emmc-size: 8GB                           
(bootloader) reason: Key pressed                      
(bootloader) revision-hardware: 0x8400                
(bootloader) cpu: MSM8960 CS                          
(bootloader) uid: ********        
(bootloader) cid: 0x01                                
all:                                                  
finished. total time: 0.019s                          
                                                      
c:\>fastboot oem unlock 01234567890123456789          
...                                                   
(bootloader) Password incorrect!                      
(bootloader) OEM unlock failure!                      
FAILED (remote failure)                               
finished. total time: 0.403s

Just pasting some info, thought it might help seeing another device. I'm calling it quit's after trying to script a brute force on fastboot oem unlock only to realize that im retarded and didn't do some simple math first. I figure with an attempt time of 0.403s each password attempt i would have to wait up to 846,818,972,806,483,136,364,827 years before it guessed the correct unlock code :(

A for effort

Sent from my MB886 using xda app-developers app
 

gabo_e30

Senior Member
Jan 30, 2012
278
58
Hey guys... i want a couple of more experienced eyes to take a look at this... does this mean unlocked BL or just a unlocked sim card (cuz i know it is sim unlocked for a fact)

Sorry if its obvious but im not a dev and i have no idea...

Sent from my MB886 using xda app-developers app
 

Attachments

  • uploadfromtaptalk1350271484116.jpg
    uploadfromtaptalk1350271484116.jpg
    154.6 KB · Views: 721

mattlgroff

Inactive Recognized Developer
Dec 5, 2011
2,291
2,446
San Diego
Hey guys... i want a couple of more experienced eyes to take a look at this... does this mean unlocked BL or just a unlocked sim card (cuz i know it is sim unlocked for a fact)

Sorry if its obvious but im not a dev and i have no idea...

Sent from my MB886 using xda app-developers app

That's an engineering device with an unlocked bootloader. Congrats. Unfortunately it won't help any retail devices.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 18
    It seems that this device's bootloader is in fact unlockable. As shown in mattlgroff's thread over here . After reading through the unlock page source code, I was able to gather a few pieces of information (read the beautified source here). In the BootLoader.prototype there is a function defined called _checkProduct() which takes your unlock data and converts it into three parts split by the pound symbol.

    Code:
    var phoneArray = phoneID.split('#');
    var phoneSN = phoneArray[0];
    var phoneHash = phoneArray[2];
    var phonePUID = phoneArray[3];

    It then makes a POST request to this url like so:

    Code:
    https://motorola-global-portal.custhelp.com/cc/productRegistration/verifyPhone/" + phoneSN + "/" + phonePUID + '/' + phoneHash + '/'

    It seems that not the entire unlock data string is required as the value of phoneArray[1] is never used. It appears that given the correct translation method the phone and the website both produce the same unlock token (duh or the online unlocker wouldn't work).

    I've registered the #atrixhd-dev channel on freenode if anybody would like to join in the cause. Root exploiting, Bootloader unlocking, if it has to do with Atrix HD development come join.
    2
    It seems that this device's bootloader is in fact unlockable. As shown in mattlgroff's thread over here . After reading through the unlock page source code, I was able to gather a few pieces of information (read the beautified source here). In the BootLoader.prototype there is a function defined called _checkProduct() which takes your unlock data and converts it into three parts split by the pound symbol.

    Code:
    var phoneArray = phoneID.split('#');
    var phoneSN = phoneArray[0];
    var phoneHash = phoneArray[2];
    var phonePUID = phoneArray[3];

    It then makes a POST request to this url like so:

    Code:
    https://motorola-global-portal.custhelp.com/cc/productRegistration/verifyPhone/" + phoneSN + "/" + phonePUID + '/' + phoneHash + '/'

    It seems that not the entire unlock data string is required as the value of phoneArray[1] is never used. It appears that given the correct translation method the phone and the website both produce the same unlock token (duh or the online unlocker wouldn't work).

    I've registered the #atrixhd-dev channel on freenode if anybody would like to join in the cause. Root exploiting, Bootloader unlocking, if it has to do with Atrix HD development come join.

    atta baby do work son!
    2
    Thanks for the work!
    2
    If there's anything I can do to help, please PM me and I will be glad to participate

    Sent from my HTC One S using xda premium
    2
    Code:
    c:\>fastboot getvar all                               
    (bootloader) version-bootloader: 1097(*)              
    (bootloader) product: qinara                          
    (bootloader) secure: yes                              
    (bootloader) mid: 0055                                
    (bootloader) version: 0.5                             
    (bootloader) serialno: TA********               
    (bootloader) qe: qe 0/0                               
    (bootloader) unlocked: no                             
    (bootloader) iswarrantyvoid: no                       
    (bootloader) max-download-size: 31457280              
    (bootloader) emmc-size: 8GB                           
    (bootloader) reason: Key pressed                      
    (bootloader) revision-hardware: 0x8400                
    (bootloader) cpu: MSM8960 CS                          
    (bootloader) uid: ********        
    (bootloader) cid: 0x01                                
    all:                                                  
    finished. total time: 0.019s                          
                                                          
    c:\>fastboot oem unlock 01234567890123456789          
    ...                                                   
    (bootloader) Password incorrect!                      
    (bootloader) OEM unlock failure!                      
    FAILED (remote failure)                               
    finished. total time: 0.403s

    Just pasting some info, thought it might help seeing another device. I'm calling it quit's after trying to script a brute force on fastboot oem unlock only to realize that im retarded and didn't do some simple math first. I figure with an attempt time of 0.403s each password attempt i would have to wait up to 846,818,972,806,483,136,364,827 years before it guessed the correct unlock code :(