Bootloader locked. Flashing lock flag is locked!

Search This thread

Rahat100

New member
Mar 10, 2020
1
3
Hello....
I want to unlock bootloader of itel p33
(Couldn't found any custom recovery for this device)

I tried adb fastboot option...
fastboot oem unlock
fastboot flashing unlock
fastboot flash boot pathed_boot.img
fastboot flash recovery recovery.img
etc..
in adb command line it shows
...
Failed.(flashing lock flag is locked. Plz unlock it first!)
.
(I have enabled oem unlocking in dev option)
How to unlock the locked bootloader? I just want to root.
Currently using Itel p33
Android 8.1.0(go edition)
1gb ram/16gb rom
Spreadtrum sc7731e
(I just want to know is it possible if i unpack stock firmware img file and edit something and repack it. Then flash it to phone. Will it help?? I don't have much knowledge.)
Thanks....
 
Last edited:

Parthib

Senior Member
Aug 27, 2016
164
64
Xiaomi Poco X3 Pro
Hey, I have the same kind of device with this issue. I am guessing the bootloader is not unlockable, I think this is true for probably any device with this processor. I got my hands on a reference sprd u-boot source code, which is not exactly labeled for this chipset but it seems to have a lot of things related to it. I'll post an update here if I get to root the device or be able to install a modified version of the firmware.

A quick note for myself : after looking for the fastboot commands in the src, there are some fkup I am seeing, the "fastboot boot" cmd seems to point the function for "fastboot continue" ???? wth
oem and flashing commands should be available if secboot is enabled but fastboot gives out unknown command but the strings are there in the compiled uboot ?????

Code:
	fastboot_register("getvar:", fb_cmd_getvar);
	/*when you input cmd"flash" in host, we will rcv cmd"download" first,then the "flash",
	   so even if we can't see cmd"download" in host fastboot cmd list,it is also used */
	fastboot_register("download:", fb_cmd_download);
	fastboot_publish("version", "1.0");

	fastboot_register("flash:", fb_cmd_flash);
	fastboot_register("erase:", fb_cmd_erase);
	fastboot_register("[COLOR="SeaGreen"]boot[/COLOR]", [COLOR="Red"]fb_cmd_continue[/COLOR]);
	fastboot_register("reboot", fb_cmd_reboot);
	fastboot_register("powerdown", fb_cmd_powerdown);
	fastboot_register("continue", [COLOR="Red"]fb_cmd_continue[/COLOR]);
	fastboot_register("reboot-bootloader", fb_cmd_reboot_bootloader);
    #ifdef CONFIG_SECBOOT
	fastboot_register("flashing", fb_cmd_setlockflag);
	fastboot_register("getflag", fb_cmd_getlockflag);
	fastboot_register("oem", fb_cmd_oemcmd);
	/*add fastboot cmd for sharkl2*/
	fastboot_register("getlcs", fb_cmd_getlcs);
	fastboot_register("setrma", fb_cmd_setrma);
	fastboot_register("getsocid", fb_cmd_getsocid);
    #endif
 

shamimurrahman19

New member
Jun 18, 2018
1
0
Same problem (Itel Vision 1 Plus P36 Pro LTE L6501)

h0wtznz.png
Hey, I have the same kind of device with this issue. I am guessing the bootloader is not unlockable, I think this is true for probably any device with this processor. I got my hands on a reference sprd u-boot source code, which is not exactly labeled for this chipset but it seems to have a lot of things related to it. I'll post an update here if I get to root the device or be able to install a modified version of the firmware.[/B][/SIZE][/FONT]

A quick note for myself : after looking for the fastboot commands in the src, there are some fkup I am seeing, the "fastboot boot" cmd seems to point the function for "fastboot continue" ???? wth
oem and flashing commands should be available if secboot is enabled but fastboot gives out unknown command but the strings are there in the compiled uboot ?????

Code:
	fastboot_register("getvar:", fb_cmd_getvar);
	/*when you input cmd"flash" in host, we will rcv cmd"download" first,then the "flash",
	   so even if we can't see cmd"download" in host fastboot cmd list,it is also used */
	fastboot_register("download:", fb_cmd_download);
	fastboot_publish("version", "1.0");

	fastboot_register("flash:", fb_cmd_flash);
	fastboot_register("erase:", fb_cmd_erase);
	fastboot_register("[COLOR="SeaGreen"]boot[/COLOR]", [COLOR="Red"]fb_cmd_continue[/COLOR]);
	fastboot_register("reboot", fb_cmd_reboot);
	fastboot_register("powerdown", fb_cmd_powerdown);
	fastboot_register("continue", [COLOR="Red"]fb_cmd_continue[/COLOR]);
	fastboot_register("reboot-bootloader", fb_cmd_reboot_bootloader);
    #ifdef CONFIG_SECBOOT
	fastboot_register("flashing", fb_cmd_setlockflag);
	fastboot_register("getflag", fb_cmd_getlockflag);
	fastboot_register("oem", fb_cmd_oemcmd);
	/*add fastboot cmd for sharkl2*/
	fastboot_register("getlcs", fb_cmd_getlcs);
	fastboot_register("setrma", fb_cmd_setrma);
	fastboot_register("getsocid", fb_cmd_getsocid);
    #endif
[/QUOTE]

My device is Itel Vision 1 Plus (P36 Pro LTE) L6501.
And I'm facing same kind of problem. Can't do literally anything in fastboot.
Is there any way to contact the makers/developers for a response?
I'm already regretting my decision to buy an itel phone.
 
Last edited:

Daiwuff

New member
Jul 22, 2015
2
0
h0wtznz.png
Hey, I have the same kind of device with this issue. I am guessing the bootloader is not unlockable, I think this is true for probably any device with this processor. I got my hands on a reference sprd u-boot source code, which is not exactly labeled for this chipset but it seems to have a lot of things related to it. I'll post an update here if I get to root the device or be able to install a modified version of the firmware.[/B][/SIZE][/FONT]

I am getting those same errors typing in the same commands. I guess it's a phone that just can be rooted? Or just not by this method?

P.S. Currently trying this on a BLU G5.
 

Vzvzvcvccc

New member
Jan 21, 2021
1
0
fastboot_register("getvar:", fb_cmd_getvar);
/*when you input cmd"flash" in host, we will rcv cmd"download" first,then the "flash",
so even if we can't see cmd"download" in host fastboot cmd list,it is also used */
fastboot_register("download:", fb_cmd_download);
fastboot_publish("version", "1.0");

fastboot_register("flash:", fb_cmd_flash);
fastboot_register("erase:", fb_cmd_erase);
fastboot_register("boot", fb_cmd_continue);
fastboot_register("reboot", fb_cmd_reboot);
fastboot_register("powerdown", fb_cmd_powerdown);
fastboot_register("continue", fb_cmd_continue);
fastboot_register("reboot-bootloader", fb_cmd_reboot_bootloader);
#ifdef CONFIG_SECBOOT
fastboot_register("flashing", fb_cmd_setlockflag);
fastboot_register("getflag", fb_cmd_getlockflag);
fastboot_register("oem", fb_cmd_oemcmd);
/*add fastboot cmd for sharkl2*/
fastboot_register("getlcs", fb_cmd_getlcs);
fastboot_register("setrma", fb_cmd_setrma);
fastboot_register("getsocid", fb_cmd_getsocid);
#endif
 
May 10, 2022
16
4
hello this is of interest to me. I have the decompiled binaries, editable on my linux device, for this img. i can edit the part you need. Please show me exactly how you would fix this
 
May 10, 2022
16
4
well i believe im pretty close
take a look. I lost the original file
 

Attachments

  • odenredenbocker.jpg
    odenredenbocker.jpg
    114.4 KB · Views: 80
  • theKernussy.jpg
    theKernussy.jpg
    171.4 KB · Views: 78
May 10, 2022
16
4
There is no certified way to reverse source code from binary. The process in which it has been compiled has to be reversed.

Now if you want to analyze binary and cross-examine it with android from source files, then you can derive using basic lamba functions to infer missing pieces.

But..... binaries can be engineered in a way that the code becomes obvious ESPECIALLY if you have Android from Source.

Essentially, you can download android from source using google repo tool, repo the release edition, compare side by side, file for file, what is different.

I Use these linux command s

$ strings <binary file> >> myText.txt
$ hexdump <binary file>
From there i use a custom python file that 'line for line' searches for the strings, if they match, it logs the match.

once done with that, it sends it over to sublime text, which for some reason, on rare occasions resolves the binaries immediately, especially when paired with the matching strings file.


For files that are obviously encrypted, i wait till the end and brute force popular hashes, map out links, use lambda functions and use general deduction to solve to source.

If you want to learn how to analyze binaries with linux watch "malware analysis" videos on youtube
 
  • Like
Reactions: lolvatveo

Top Liked Posts

  • There are no posts matching your filters.
  • 3
    Hello....
    I want to unlock bootloader of itel p33
    (Couldn't found any custom recovery for this device)

    I tried adb fastboot option...
    fastboot oem unlock
    fastboot flashing unlock
    fastboot flash boot pathed_boot.img
    fastboot flash recovery recovery.img
    etc..
    in adb command line it shows
    ...
    Failed.(flashing lock flag is locked. Plz unlock it first!)
    .
    (I have enabled oem unlocking in dev option)
    How to unlock the locked bootloader? I just want to root.
    Currently using Itel p33
    Android 8.1.0(go edition)
    1gb ram/16gb rom
    Spreadtrum sc7731e
    (I just want to know is it possible if i unpack stock firmware img file and edit something and repack it. Then flash it to phone. Will it help?? I don't have much knowledge.)
    Thanks....
    1
    There is no certified way to reverse source code from binary. The process in which it has been compiled has to be reversed.

    Now if you want to analyze binary and cross-examine it with android from source files, then you can derive using basic lamba functions to infer missing pieces.

    But..... binaries can be engineered in a way that the code becomes obvious ESPECIALLY if you have Android from Source.

    Essentially, you can download android from source using google repo tool, repo the release edition, compare side by side, file for file, what is different.

    I Use these linux command s

    $ strings <binary file> >> myText.txt
    $ hexdump <binary file>
    From there i use a custom python file that 'line for line' searches for the strings, if they match, it logs the match.

    once done with that, it sends it over to sublime text, which for some reason, on rare occasions resolves the binaries immediately, especially when paired with the matching strings file.


    For files that are obviously encrypted, i wait till the end and brute force popular hashes, map out links, use lambda functions and use general deduction to solve to source.

    If you want to learn how to analyze binaries with linux watch "malware analysis" videos on youtube