Bootloader locked. Flashing lock flag is locked!

[Rahat100]

Hello....
I want to unlock bootloader of itel p33
(Couldn't found any custom recovery for this device)

I tried adb fastboot option...
fastboot oem unlock
fastboot flashing unlock
fastboot flash boot pathed_boot.img
fastboot flash recovery recovery.img
etc..
in adb command line it shows
...
Failed.(flashing lock flag is locked. Plz unlock it first!)
.
(I have enabled oem unlocking in dev option)
How to unlock the locked bootloader? I just want to root.
Currently using Itel p33
Android 8.1.0(go edition)
1gb ram/16gb rom
Spreadtrum sc7731e
(I just want to know is it possible if i unpack stock firmware img file and edit something and repack it. Then flash it to phone. Will it help?? I don't have much knowledge.)
Thanks....

 

[Parthib]

Hey, I have the same kind of device with this issue. I am guessing the bootloader is not unlockable, I think this is true for probably any device with this processor. I got my hands on a reference sprd u-boot source code, which is not exactly labeled for this chipset but it seems to have a lot of things related to it. I'll post an update here if I get to root the device or be able to install a modified version of the firmware.

A quick note for myself : after looking for the fastboot commands in the src, there are some fkup I am seeing, the "fastboot boot" cmd seems to point the function for "fastboot continue" ???? wth
oem and flashing commands should be available if secboot is enabled but fastboot gives out unknown command but the strings are there in the compiled uboot ?????

	fastboot_register("getvar:", fb_cmd_getvar);
	/*when you input cmd"flash" in host, we will rcv cmd"download" first,then the "flash",
	   so even if we can't see cmd"download" in host fastboot cmd list,it is also used */
	fastboot_register("download:", fb_cmd_download);
	fastboot_publish("version", "1.0");

	fastboot_register("flash:", fb_cmd_flash);
	fastboot_register("erase:", fb_cmd_erase);
	fastboot_register("[COLOR="SeaGreen"]boot[/COLOR]", [COLOR="Red"]fb_cmd_continue[/COLOR]);
	fastboot_register("reboot", fb_cmd_reboot);
	fastboot_register("powerdown", fb_cmd_powerdown);
	fastboot_register("continue", [COLOR="Red"]fb_cmd_continue[/COLOR]);
	fastboot_register("reboot-bootloader", fb_cmd_reboot_bootloader);
    #ifdef CONFIG_SECBOOT
	fastboot_register("flashing", fb_cmd_setlockflag);
	fastboot_register("getflag", fb_cmd_getlockflag);
	fastboot_register("oem", fb_cmd_oemcmd);
	/*add fastboot cmd for sharkl2*/
	fastboot_register("getlcs", fb_cmd_getlcs);
	fastboot_register("setrma", fb_cmd_setrma);
	fastboot_register("getsocid", fb_cmd_getsocid);
    #endif

 

[shamimurrahman19]

Same problem (Itel Vision 1 Plus P36 Pro LTE L6501)

Hey, I have the same kind of device with this issue. I am guessing the bootloader is not unlockable, I think this is true for probably any device with this processor. I got my hands on a reference sprd u-boot source code, which is not exactly labeled for this chipset but it seems to have a lot of things related to it. I'll post an update here if I get to root the device or be able to install a modified version of the firmware.[/B][/SIZE][/FONT]

A quick note for myself : after looking for the fastboot commands in the src, there are some fkup I am seeing, the "fastboot boot" cmd seems to point the function for "fastboot continue" ???? wth
oem and flashing commands should be available if secboot is enabled but fastboot gives out unknown command but the strings are there in the compiled uboot ?????

	fastboot_register("getvar:", fb_cmd_getvar);
	/*when you input cmd"flash" in host, we will rcv cmd"download" first,then the "flash",
	   so even if we can't see cmd"download" in host fastboot cmd list,it is also used */
	fastboot_register("download:", fb_cmd_download);
	fastboot_publish("version", "1.0");

	fastboot_register("flash:", fb_cmd_flash);
	fastboot_register("erase:", fb_cmd_erase);
	fastboot_register("[COLOR="SeaGreen"]boot[/COLOR]", [COLOR="Red"]fb_cmd_continue[/COLOR]);
	fastboot_register("reboot", fb_cmd_reboot);
	fastboot_register("powerdown", fb_cmd_powerdown);
	fastboot_register("continue", [COLOR="Red"]fb_cmd_continue[/COLOR]);
	fastboot_register("reboot-bootloader", fb_cmd_reboot_bootloader);
    #ifdef CONFIG_SECBOOT
	fastboot_register("flashing", fb_cmd_setlockflag);
	fastboot_register("getflag", fb_cmd_getlockflag);
	fastboot_register("oem", fb_cmd_oemcmd);
	/*add fastboot cmd for sharkl2*/
	fastboot_register("getlcs", fb_cmd_getlcs);
	fastboot_register("setrma", fb_cmd_setrma);
	fastboot_register("getsocid", fb_cmd_getsocid);
    #endif

[/QUOTE]

My device is Itel Vision 1 Plus (P36 Pro LTE) L6501.
And I'm facing same kind of problem. Can't do literally anything in fastboot.
Is there any way to contact the makers/developers for a response?
I'm already regretting my decision to buy an itel phone.

 

[Daiwuff]

Hey, I have the same kind of device with this issue. I am guessing the bootloader is not unlockable, I think this is true for probably any device with this processor. I got my hands on a reference sprd u-boot source code, which is not exactly labeled for this chipset but it seems to have a lot of things related to it. I'll post an update here if I get to root the device or be able to install a modified version of the firmware.[/B][/SIZE][/FONT]

I am getting those same errors typing in the same commands. I guess it's a phone that just can be rooted? Or just not by this method?

P.S. Currently trying this on a BLU G5.

 

[Vzvzvcvccc]

fastboot_register("getvar:", fb_cmd_getvar);
/*when you input cmd"flash" in host, we will rcv cmd"download" first,then the "flash",
so even if we can't see cmd"download" in host fastboot cmd list,it is also used */
fastboot_register("download:", fb_cmd_download);
fastboot_publish("version", "1.0");

fastboot_register("flash:", fb_cmd_flash);
fastboot_register("erase:", fb_cmd_erase);
fastboot_register("boot", fb_cmd_continue);
fastboot_register("reboot", fb_cmd_reboot);
fastboot_register("powerdown", fb_cmd_powerdown);
fastboot_register("continue", fb_cmd_continue);
fastboot_register("reboot-bootloader", fb_cmd_reboot_bootloader);
#ifdef CONFIG_SECBOOT
fastboot_register("flashing", fb_cmd_setlockflag);
fastboot_register("getflag", fb_cmd_getlockflag);
fastboot_register("oem", fb_cmd_oemcmd);
/*add fastboot cmd for sharkl2*/
fastboot_register("getlcs", fb_cmd_getlcs);
fastboot_register("setrma", fb_cmd_setrma);
fastboot_register("getsocid", fb_cmd_getsocid);
#endif

 

[lolvatveo]

you may need rooted phone to flash via adb nd get #su permission

 

[flaccidattempts]

hello this is of interest to me. I have the decompiled binaries, editable on my linux device, for this img. i can edit the part you need. Please show me exactly how you would fix this

 

[lolvatveo]

hello this is of interest to me. I have the decompiled binaries, editable on my linux device, for this img. i can edit the part you need. Please show me exactly how you would fix this

can you decompile the kernel and get full source code?

 

[flaccidattempts]

well i believe im pretty close
take a look. I lost the original file

 

[lolvatveo]

How to unlock bootloader on Spreadtrum Phone - unofficial twrp

unlock bootloader on Spreadtrum Phone easy method by using the signature.bin, you can unlock any spreadtrum or UniSoc Phone

unofficialtwrp.com

this will erase all of your data. what is your phone model? and please show me how to decompile kernel binaries. I really need this.

 

[flaccidattempts]

There is no certified way to reverse source code from binary. The process in which it has been compiled has to be reversed.

Now if you want to analyze binary and cross-examine it with android from source files, then you can derive using basic lamba functions to infer missing pieces.

But..... binaries can be engineered in a way that the code becomes obvious ESPECIALLY if you have Android from Source.

Essentially, you can download android from source using google repo tool, repo the release edition, compare side by side, file for file, what is different.

I Use these linux command s

$ strings <binary file> >> myText.txt

$ hexdump <binary file>

From there i use a custom python file that 'line for line' searches for the strings, if they match, it logs the match.

once done with that, it sends it over to sublime text, which for some reason, on rare occasions resolves the binaries immediately, especially when paired with the matching strings file.


For files that are obviously encrypted, i wait till the end and brute force popular hashes, map out links, use lambda functions and use general deduction to solve to source.

If you want to learn how to analyze binaries with linux watch "malware analysis" videos on youtube

 

[Kelexine]

TWRP recovery for this device, tested and working. Plus magisk patched boot image for instant root and custom vbmeta for verifying the boot and recovery image, for now there seems to be no way of disabling verity check permanently on this device.

 

[Rahmanabdulla]

you may need rooted phone to flash via adb nd get #su permission

how to root a bootlocked phone...?????????????? !!!!!!!!! ????????0000

 

[Kelexine]

how to root a bootlocked phone...?????????????? !!!!!!!!! ????????0000

Not possible, except with exploits, which is rather harder than unlocking bootloader and flashing magisk patched boot image

 

[Rahmanabdulla]

Not possible, except with exploits, which is rather harder than unlocking bootloader and flashing magisk patched boot image

sir i try with vbmeta_custom.img (the return result i here post as attachment) Please study this And Any hope to unlock sir...? And i have my bootlock code also i included in the Text)Will you please check the vbmeta.txt.? a also include another text file from terminal bootloader. text please also check and forgive my poor english

 

[Rahmanabdulla]

Sirs Please Check these files Also for me!!!

 

[Kelexine]

What device are you using

 

[brickedmotog52]

I got the same issue with a motorola, i tried everything but i can't without unlocking the oem from the system first. Is there really a fix for this or the only last thing is to replace the whole mainboard?