Atrix HD Bootloader

[C0deMaver1ck]

It seems that this device's bootloader is in fact unlockable. As shown in mattlgroff's thread over here . After reading through the unlock page source code, I was able to gather a few pieces of information (read the beautified source here). In the BootLoader.prototype there is a function defined called _checkProduct() which takes your unlock data and converts it into three parts split by the pound symbol.

var phoneArray = phoneID.split('#');
var phoneSN = phoneArray[0];
var phoneHash = phoneArray[2];
var phonePUID = phoneArray[3];

It then makes a POST request to this url like so:

https://motorola-global-portal.custhelp.com/cc/productRegistration/verifyPhone/" + phoneSN + "/" + phonePUID + '/' + phoneHash + '/'

It seems that not the entire unlock data string is required as the value of phoneArray[1] is never used. It appears that given the correct translation method the phone and the website both produce the same unlock token (duh or the online unlocker wouldn't work).

I've registered the #atrixhd-dev channel on freenode if anybody would like to join in the cause. Root exploiting, Bootloader unlocking, if it has to do with Atrix HD development come join.

 

[huatz84]

Good news..
I'm not a dev but I really appreciate your effort. I'll keep monitoring here. Hope we'll have unlocked method as well as rooting method soon. Keep exploring..

Sent from my DROID4 using Tapatalk 2

 

[howtomen]

It seems that this device's bootloader is in fact unlockable. As shown in mattlgroff's thread over here . After reading through the unlock page source code, I was able to gather a few pieces of information (read the beautified source here). In the BootLoader.prototype there is a function defined called _checkProduct() which takes your unlock data and converts it into three parts split by the pound symbol.

var phoneArray = phoneID.split('#');
var phoneSN = phoneArray[0];
var phoneHash = phoneArray[2];
var phonePUID = phoneArray[3];

It then makes a POST request to this url like so:

https://motorola-global-portal.custhelp.com/cc/productRegistration/verifyPhone/" + phoneSN + "/" + phonePUID + '/' + phoneHash + '/'

It seems that not the entire unlock data string is required as the value of phoneArray[1] is never used. It appears that given the correct translation method the phone and the website both produce the same unlock token (duh or the online unlocker wouldn't work).

I've registered the #atrixhd-dev channel on freenode if anybody would like to join in the cause. Root exploiting, Bootloader unlocking, if it has to do with Atrix HD development come join.

atta baby do work son!

 

[jmajuri1]

WOW thats awesome. i am glad that no one has given up yet. thanks again and keep up the good work.

 

[turboman93]

Thanks for the work!

 

[Enzopreme]

If there's anything I can do to help, please PM me and I will be glad to participate

Sent from my HTC One S using xda premium

 

[hatefuel19]

Posted the channel in the atrix forums. Hopefully we can get more devs to look at this phone.

 

[C0deMaver1ck]

Posted the channel in the atrix forums. Hopefully we can get more devs to look at this phone.

Do you have a link to your post?

If there's anything I can do to help, please PM me and I will be glad to participate

There are actually a few things, but it'd probably be best to discuss them in the chat room.

 

[popfan]

Do you have a link to your post?




See Post 1: I've registered the #atrixhd-dev channel on freenode if anybody would like to join in the cause. Root exploiting, Bootloader unlocking, if it has to do with Atrix HD development come join.

 

[C0deMaver1ck]

Do you have a link to your post?




See Post 1: I've registered the #atrixhd-dev channel on freenode if anybody would like to join in the cause. Root exploiting, Bootloader unlocking, if it has to do with Atrix HD development come join.

I know what I wrote myself. I was requesting a link to where he posted the channel I registered.

Did you really think I didn't know what I said in my own post?

 

[hatefuel19]

Do you have a link to your post?




See Post 1: I've registered the #atrixhd-dev channel on freenode if anybody would like to join in the cause. Root exploiting, Bootloader unlocking, if it has to do with Atrix HD development come join.

I know what I wrote myself. I was requesting a link to where he posted the channel I registered.

Did you really think I didn't know what I said in my own post?

BWAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA


http://xdaforums.com/showthread.php?t=1898965

They've already started flaming so dunno how useful it will be.

 

[Hyperj123]

Nice! I'm hoping to root this phone ASAP any testing needing to get done I will help as long as there's no risk of bricking.

Sent from my MB886 using xda app-developers app

 

[jmajuri1]

I second that.Ill do anything i can without bricking my phone.

 

[popfan]

I know what I wrote myself. I was requesting a link to where he posted the channel I registered.

Did you really think I didn't know what I said in my own post?

Sorry my misread

 

[hatefuel19]

C:\android-sdk-windows\fastboot>fastboot flash aboot aboot.mbn
sending 'aboot' (256 KB)...
OKAY [ 0.028s]
writing 'aboot'...
(bootloader) Preflash validation failed
FAILED (remote failure)
finished. total time: 0.314s

Now I'm stuck with a dead android.

No more dead android. Thanks matt

 

[CaptMorganz]

c:\>fastboot getvar all                               
(bootloader) version-bootloader: 1097(*)              
(bootloader) product: qinara                          
(bootloader) secure: yes                              
(bootloader) mid: 0055                                
(bootloader) version: 0.5                             
(bootloader) serialno: TA********               
(bootloader) qe: qe 0/0                               
(bootloader) unlocked: no                             
(bootloader) iswarrantyvoid: no                       
(bootloader) max-download-size: 31457280              
(bootloader) emmc-size: 8GB                           
(bootloader) reason: Key pressed                      
(bootloader) revision-hardware: 0x8400                
(bootloader) cpu: MSM8960 CS                          
(bootloader) uid: ********        
(bootloader) cid: 0x01                                
all:                                                  
finished. total time: 0.019s                          
                                                      
c:\>fastboot oem unlock 01234567890123456789          
...                                                   
(bootloader) Password incorrect!                      
(bootloader) OEM unlock failure!                      
FAILED (remote failure)                               
finished. total time: 0.403s

Just pasting some info, thought it might help seeing another device. I'm calling it quit's after trying to script a brute force on fastboot oem unlock only to realize that im retarded and didn't do some simple math first. I figure with an attempt time of 0.403s each password attempt i would have to wait up to 846,818,972,806,483,136,364,827 years before it guessed the correct unlock code

 

[hatefuel19]

c:\>fastboot getvar all                               
(bootloader) version-bootloader: 1097(*)              
(bootloader) product: qinara                          
(bootloader) secure: yes                              
(bootloader) mid: 0055                                
(bootloader) version: 0.5                             
(bootloader) serialno: TA********               
(bootloader) qe: qe 0/0                               
(bootloader) unlocked: no                             
(bootloader) iswarrantyvoid: no                       
(bootloader) max-download-size: 31457280              
(bootloader) emmc-size: 8GB                           
(bootloader) reason: Key pressed                      
(bootloader) revision-hardware: 0x8400                
(bootloader) cpu: MSM8960 CS                          
(bootloader) uid: ********        
(bootloader) cid: 0x01                                
all:                                                  
finished. total time: 0.019s                          
                                                      
c:\>fastboot oem unlock 01234567890123456789          
...                                                   
(bootloader) Password incorrect!                      
(bootloader) OEM unlock failure!                      
FAILED (remote failure)                               
finished. total time: 0.403s

Just pasting some info, thought it might help seeing another device. I'm calling it quit's after trying to script a brute force on fastboot oem unlock only to realize that im retarded and didn't do some simple math first. I figure with an attempt time of 0.403s each password attempt i would have to wait up to 846,818,972,806,483,136,364,827 years before it guessed the correct unlock code

A for effort

Sent from my MB886 using xda app-developers app

 

[gabo_e30]

Hey guys... i want a couple of more experienced eyes to take a look at this... does this mean unlocked BL or just a unlocked sim card (cuz i know it is sim unlocked for a fact)

Sorry if its obvious but im not a dev and i have no idea...

Sent from my MB886 using xda app-developers app

 

[mattlgroff]

Hey guys... i want a couple of more experienced eyes to take a look at this... does this mean unlocked BL or just a unlocked sim card (cuz i know it is sim unlocked for a fact)

Sorry if its obvious but im not a dev and i have no idea...

Sent from my MB886 using xda app-developers app

That's an engineering device with an unlocked bootloader. Congrats. Unfortunately it won't help any retail devices.

 

[MACKSnare519]

Gabo, where/how did you luck into that device?

#jealous lol

Sent from my Atrix HD using Tapatalk 2