• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

bootloader interface

Search This thread

scotty1223

Inactive Recognized Contributor
Jan 3, 2011
2,813
3,055
i did a bit of searching,and it seems that the fastboot commands and such are pretty familiar. just had a couple of questions...

what modes are there of the bootloader interface?

what does the bootloader screen look like? a pic would be awsome :)

does unlocking the bootloader remove all securities(like htc s off) ?

thanks :)
 

ddggttff3

Inactive Recognized Developer
Dec 13, 2009
802
1,534
Minnesota
i did a bit of searching,and it seems that the fastboot commands and such are pretty familiar. just had a couple of questions...

what modes are there of the bootloader interface?

what does the bootloader screen look like? a pic would be awsome :)

does unlocking the bootloader remove all securities(like htc s off) ?

thanks :)

When you boot into the bootloader on the device, it just goes into fastboot mode where it shows a cyanogenmod guy with the words fastboot under it.

VUjyuKs.jpg


As for unlocking the bootloader, after running fastboot oem unlock the device will reboot and wipe your data partition, but it seems to flip a flag in the bootloader so your device will show as tampered with the right fastboot command.

xUXLhjj.png
 

scotty1223

Inactive Recognized Contributor
Jan 3, 2011
2,813
3,055
Awsome sauce,thanks a bunch for the reply. Does the device itself show any tampered or unlocked banners? Do we know if unlocking is removing all securities? ie,can you change any partition,install older firmware,etc?

Prtty used to HTC devices,but am considering picking one of these up :)

Sent from my HTC PG09410 using Tapatalk 2
 

ddggttff3

Inactive Recognized Developer
Dec 13, 2009
802
1,534
Minnesota
Awsome sauce,thanks a bunch for the reply. Does the device itself show any tampered or unlocked banners? Do we know if unlocking is removing all securities? ie,can you change any partition,install older firmware,etc?

Prtty used to HTC devices,but am considering picking one of these up :)

Sent from my HTC PG09410 using Tapatalk 2

There are no banner changes when you unlock the device, and I believe that unlocking enables full flashing and downgrading similar to how nexus devices work. I am not sure about partition changes, but I know you can downgrade the firmware with no trouble as long as you have the .img files for fastboot.
 
  • Like
Reactions: scotty1223

treChoy

Senior Member
Aug 15, 2012
247
146
Once you're booted into that very minimalistic-looking bootloader, how can you get into recovery, reboot the phone, or access any other options?
 

ddggttff3

Inactive Recognized Developer
Dec 13, 2009
802
1,534
Minnesota
Once you're booted into that very minimalistic-looking bootloader, how can you get into recovery, reboot the phone, or access any other options?

In the bootloader there are no boot options, you will have to restart the device using fastboot or by holding the power button.

After its off, you just use the button combos to select the boot mode

Power + Volume Up is Fastboot Mode
Power + Volume Down is Recovery
 

Mnt-XDA

Senior Member
Aug 6, 2013
357
405
Any news on the tamper flag?
From Nexus 5 I know there is a script to untamper it.
http://forum.xda-developers.com/showthread.php?t=2239421 (Nexus BootUnlocker script with tamperbit reset support)

Will something like that work to remove the flag?

To implement this , we need to know 2 things

1) Partition name where the tamper bit is stored

2) Raw position number of stored bit of the partition in hex

Which I guess not known or not documented yet...
 
Last edited:

Mnt-XDA

Senior Member
Aug 6, 2013
357
405
@Mnt-XDA

I found it out by myself.
I wrote about it in that thread

http://forum.xda-developers.com/showpost.php?p=54060141&postcount=395

The partition is aboot or mmcblk0p5
and the position of tamper flag is 0x000FFE14

Great job my friend...are you 100% sure on that?
How you found this info?
I know about the hexdump and hex-reader.

From any documentation ? Or from some r&d?

See my pm please..
It seems that aboot (bootloader) partition is not the
Place for storing these bits... Otherwise after flashing
aboot from fastboot, device should be again in lock state, which is not happening.

In my opinion ... Partition could be.. Misc or reserve1 to 4 or something else...(one of those not in stock cm11s)
 
Last edited:
  • Like
Reactions: scotty1223

scotty1223

Inactive Recognized Contributor
Jan 3, 2011
2,813
3,055
To implement this , we need to know 2 things

1) Partition name where the tamper bit is stored

2) Raw position number of stored bit of the partition in hex

Which I guess not known or not documented yet...

We also need to know if the partitions are write protected. Unlocking the bootloader only may not allow access to all partitions,further exploits may be needed if there is a seperate "security" flag keeping wp in some placese

Sent from my HTC PG09410 using Tapatalk 2
 

Polarfuchs

Senior Member
Apr 20, 2008
968
105
Great job my friend...are you 100% sure on that?
How you found this info?
I know about the hexdump and hex-reader.

From any documentation ? Or from some r&d?

  • I unlocked my bootloader and rooted the device.
  • [Then I looked at that post http://forum.xda-developers.com/showpost.php?p=27878288&postcount=2
    On the older Nexus devices the unlock bit was in the param partition, on newer devices like Nexus 4 and 5 it was in the misc partition. And on the nexus 7 23013 it was in the aboot parition.
    Additionally on nexus 4 and 5 there is a tamper flag with +4 offset from the unlock bit.]
  • I dumped all partitions from mmcblk0p1 to mmcblk0p29 (without 28, that is userdata) in unlocked, rooted state.
  • I then only locked the bootloader ("fastboot oem lock"), which kept my root permissions.
  • I dumped the aboot and misc partition (there is no param partition).
  • The misc partition didn't change after locking but the aboot partition did, as you could see in my screenshot.
 

MarvinFS

Inactive Recognized Developer
May 11, 2010
187
14
Ekaterinburg
  • I dumped all partitions from mmcblk0p1 to mmcblk0p29 (without 28, that is userdata) in unlocked, rooted state.
  • I then only locked the bootloader ("fastboot oem lock"), which kept my root permissions.
  • I dumped the aboot and misc partition (there is no param partition).
  • The misc partition didn't change after locking but the aboot partition did, as you could see in my screenshot.
i'm also in search of the right method accessing factorymode aka preloader
fastboot it's just a wrap for those modes...
there's no param partition yes, but there is persist -> /dev/block/mmcblk0p15 which seems plausible
also we're are in search of how to unbrick the phone with the help of dumps in case you screwed up service partitions...
i mean if the imei is empty for example.
i'm looking to modemst1 modemst2 for imei and etc. but i'm not sure, also i've heard that those kind of nvram partitions are one time write only!
in order to write it again you shoud format it or fill with zeros?!

another observation - root is not full - the adb remount abd push don't work - there have to be the debug flag for that in initram
 

ddggttff3

Inactive Recognized Developer
Dec 13, 2009
802
1,534
Minnesota
So a quick update on the tampered flag in oem device-info.

I restored my OnePlus One back to the factory image, relocked the bootloader, but the tampered flag was still set to true.
So, chances are its a qfuse that is blown the first time you unlock your bootloader. Not that it's an issue though, OnePlus said they will warranty devices that have been modified.
 

lemonspeakers

Senior Member
Jan 11, 2009
1,757
140
New York
So a quick update on the tampered flag in oem device-info.

I restored my OnePlus One back to the factory image, relocked the bootloader, but the tampered flag was still set to true.
So, chances are its a qfuse that is blown the first time you unlock your bootloader. Not that it's an issue though, OnePlus said they will warranty devices that have been modified.

Even bricked ones?
 

Top Liked Posts