Bootloader or oem unlock not working

Search This thread

ufuuu

Senior Member
Aug 25, 2010
68
1
Hi everyone!

I figured it out.

It is again a certificate issue; however, this time the Lenovo server isn't to blame.
The Lenovo P2 has the certificate issue.. Namely, the phone doesn't have the issuer certificate for the Lenovo server in the Android certificate store.

To fix it, do the following:

Find a desktop browser of your liking (Firefox), and pull up the following website:
(https is important!)
Then, click the padlock sign next to the address bar, followed by the right arrow and "More information".
Click on 'View Certificate".
Then click on the certificate on the middle of the page, of the three available "Secure Site Pro CA G2" (issuer certificate).
Scroll down to "Miscellaneous", and click on "Download PEM (cert)".
Move this file to your Lenovo P2.
Then, on the Lenovo P2, import the issuer certificate by navigating to Settings->Security->Credential Storage->Install From Storage.
The phone will open up a file browser intent, where you can select the certificate. It will then ask you how you want to import the certificate. Choose "VPN / apps". You can give it any name you like afterwards.

After all that, try to do the bootloader unlock by going to Settings->Developer Options->OEM Unlocking.
Create or sign into your Lenovo account, and boom! It should work!
You may have to log out and back in to get it to work, though.
Mine worked immediately, but of course by immediately I mean that the 14 day timer started.

I was connected over WiFi, but also had the Settings->About Phone->Participate in Lenovo Experience Program option turned on, as others have suggested. Additionally, I added my phone to my Lenovo account via the Lenovo App (https://play.google.com/store/apps/details?id=com.lenovo.serviceit).
The system clock does not have to be changed, because the Lenovo Bootloader Unlock Server certificate is valid until 2022-06-30.

There are probably thousands of ways to get a hold of the issuer certificate; Firefox (or other desktop browser) seems easiest. I couldn't coax Chrome on Android to download the certificate for me directly to the phone.
Also, you might have to import the Root CA certificate (DigiCert Global Root CA) as well, in case your phone does not have it.

DANGER, WILL ROBINSON!
I am not sure who "Secure Site Pro CA G2" is, so please do not assume you can trust them absolutely as being forever in your certificate store. You have been warned. In any case, once you nuke the bootloader and install a new OS, it won't matter anyways.

Cheers,
mmx

I was unable to even start the 14 days procedure. I transferred the attached file to the phone, simply click on it and load the certificate. Now 14 days countdown started with this method. Thank you very much.
 

Attachments

  • p2.rar
    1.2 KB · Views: 84
  • Like
Reactions: darty99

gnunixy

New member
Oct 28, 2021
1
0
I installed the certificates but it still gives the same error. "LenovoID not authorized" I've changed the date or something, but it's still the same. I really need to solve this problem. I want to install Lineage OS but I can't solve this problem.
 

darty99

Member
Aug 3, 2011
11
1
Google Nexus 4
Motorola Defy
I was unable to even start the 14 days procedure. I transferred the attached file to the phone, simply click on it and load the certificate. Now 14 days countdown started with this method. Thank you very much.
It has worked for me. Thanks for the certificate, now I just have to wait the 14 days and hope that I can unlock it. Thank you all.

photo_2021-11-01_09-12-42.jpg
 

herothezero90

Member
Nov 28, 2021
14
2
Lenovo P2
OnePlus 8T
I installed the certificates but it still gives the same error. "LenovoID not authorized" I've changed the date or something, but it's still the same. I really need to solve this problem. I want to install Lineage OS but I can't solve this problem.
no need to change the date, when you unzip certificate on your pc, switch file extension to .crt and you should be able to install it on your phone trough file manager
 

LukasLudwig

Member
Oct 20, 2016
6
2
very sadly. but for me it wont work.
This unlockrowapi.lenovo.com certificaty should be valid till 30th june 2022. but i tried many times and diferent ways to install it.
with different names and download types from this side https://unlockrowapi.lenovo.com/.
Also the here uploaded ones.
But it will not show up in trustworthy credentials. The secure site pro ca g2 and the digicert global root ca shows up there.
the unlock one is only visible in user credentials.

edit:
ahhh damn!!!

it worked after i locked out my lenovo account and then clicked again on unlock oem and signed in again..

and now it shows up the 14 days...

oh damn xD i did it a 100 times and it was simply login out and in... startet my phone 10 times
 
  • Like
Reactions: herothezero90

Venu13

New member
Feb 15, 2022
2
0
Tried all methods, still not working with below errors

--> in developer option of oem unlocking
LenovoId without permission

--> in cmd prompt for "fastboot oem unlock" command
(bootloader) slot-count: not found
(bootloader) slot-suffixes: not found
(bootloader) slot-suffixes: not found
...
FAILED (remote: oem unlock error: invalid data from unlock code)
finished. total time: 0.038s

pls help
 
Hello everyone

With the certificate, I managed to get the 14-day waiting period. Unfortunately, with 3 days remaining, I now only get Lenovo ID without permissions and a network error message. Can it be that lenovo has now completely switched off the server? Is there any other way to unlock the bootloader? Unfortunately, the RLZ debug ui did not work for me either. The lenovo android 7 is not bad but I would like to have lineage os with a newer android on my P2.I also don't want to switch because the P2 has an incredibly long battery and it's a really good phone.

Thanks
 
  • Like
Reactions: Klusio19 and Venu13

Venu13

New member
Feb 15, 2022
2
0
Tried all methods, still not working with below errors

--> in developer option of oem unlocking
LenovoId without permission error

--> in cmd prompt for "fastboot oem unlock" command
(bootloader) slot-count: not found
(bootloader) slot-suffixes: not found
(bootloader) slot-suffixes: not found
...
FAILED (remote: oem unlock error: invalid data from unlock code)
finished. total time: 0.038s

pls help
pls give some suggestions
 

uchetia

New member
Feb 28, 2022
2
2
Same here Lenovo ID without Permission.

I have seen a strange connection with this https://unlockrowapi.lenovo.com/ website whenever I try to unlock my oem.

The website shows No SSL Certificate found when I try to access it before trying to unlock oem in my P2.

After I try to unlock oem in my P2 and get the ID without permission message, The website https://unlockrowapi.lenovo.com/ refreshes itself to site cannot be reached no certificate found.

If I leave my lenovo P2 disconnected for a while the website goes back to No SSL Certificate found.

and it repeats.

I tried everything from this forum no luck
 

Dorman3

New member
Feb 28, 2022
4
0
Ho provato tutti i metodi, ma non funziona ancora con gli errori seguenti

--> nell'opzione sviluppatore di sblocco OEM
LenovoId senza autorizzazione

--> nel prompt di cmd per il comando "fastboot oem unlock".
(bootloader) conteggio slot: non trovato
(bootloader) slot-suffissi: non trovato
(bootloader) slot-suffissi: non trovato
...
FAILED (telecomando: errore di sblocco OEM: dati non validi dal codice di sblocco)
finito. tempo totale: 0,038s

per favore aiuto

pls dare alcuni suggerimenti
Mi unisco anch'io a loro ho provato tutte le soluzioni almeno 10 volte se non di più, sembra che non ci sia soluzione, è possibile che nessuno ci possa aiutare?
 
USB Drivers, Root, Custom Recoveries + Stock Recoveries

USB Drivers

Unlocking the Bootloader
The bootloader must be unlocked before any modding can be done on the P2. Please be aware that unlocking the bootloader voids your warranty and formats your data partition (don't forget to backup important files). Unlocking the bootloader on the P2a42 or the P2c72 running the P2a42 firmware is a simple process.
  • Go to Settings > About phone > Tap 7 times on Build number > Go back > Enter Developer options > Enable OEM unlocking
  • Accept the terms that you understand that you're voiding your warranty by choosing to unlock your bootloader
  • Login with your Lenovo account (if you already have one) or create a new one
  • Wait for 14 days. A countdown timer will begin that is specifically associated with your device.
  • After the waiting period, go back to OEM unlocking so that the Lenovo servers can toggle the bootloader unlock switch.
At this point you must have installed the Lenovo USB drivers and Minimal ADB Fastboot on your Windows computer.
  • Shut down the phone. Enter into fastboot mode by holding Vol Down + Power Button until the screen turns on.
  • Connect the P2 to your computer and open Minimal ADB Fastboot.
  • Type: fastboot oem unlock

Recoveries
If you're going to be installing custom ROMs, it is better to replace the stock recovery with TWRP. Check this page for more information or the latest updates. The procedure below works for both the P2a42 and the P2c72 running the P2a42 firmware.
  1. Rename the TWRP file to twrp.img and move it to both the root of the internal storage of your P2 and the folder where Minimal ADB Fastboot is installed (usually C:\Program Files (x86)\Minimal ADB and Fastboot).
  2. Boot the P2 into fastboot mode.
  3. Open Minimal ADB Fastboot and type : fastboot boot twrp.img
  4. Inside TWRP, choose Install > Install Image > Look for twrp.img > Select recovery > Slide to install.
TWRP will now be installed over the stock recovery. At this point, it makes sense to do a full backup of your partitions. Backup everything except System Image and Cache. In the event you want to return to stock recovery, either restore only the recovery from the Restore menu in TWRP, if you had saved a backup, or flash it as in step 4 above. You should download the stock recovery for the Android version installed on your P2.

Rooting
The methods described here are only applicable for the P2 running on stock Android 7. Check this post for more details or instructions on how to root the P2 on stock Android 6.

There are basically two methods that can give you super user privileges on the P2. If you have apps that won't allow you to use them if your device is rooted (such as Android Pay), then the Magisk method is for you. This method roots your device without modifying Android's system partition at all. This means that fewer of Android's built-in security measures need to be bypassed in order to gain root access. At the moment, for the Magisk method to work, you need to format the data partition to EXT4. This will obviously erase all your files; so, backup important files before going ahead with it. Download the latest version of Magisk from the link above and move the zip file to the P2's internal storage.
  1. Shut down. Boot into TWRP.
  2. In TWRP, select Wipe > Advanced Wipe > Select Data > Repair or Change File System > Change File System > Select EXT4
  3. Go back to the main menu: Select Install > Look for Magisk-vx.y.zip > Slide to install.

There's also another method you can root the P2 with, but this method is deprecated; it is advisable to use Magisk to provide root privileges as described above. Rooting via the SuperSU method is only presented here for the sake of reference.

You will find two files in the "Files for SuperSU method" linked above.
  1. Install the me.phh.superuser.apk file.
  2. Move the superuser-r259.zip file to the root of the P2's the internal storage.
  3. Shut down. Boot into TWRP.
  4. Select Install > Look for superuser-r259.zip > Slide to install.

Please do not use kingo root. It's not a good idea and it's not safe. Use Magisk instead, it's safe. There is a manual which I have linked to you here.

I tried a procedure but installing kingo root gives me an error: 0x11EFE1
 

Top Liked Posts

  • There are no posts matching your filters.
  • 6
    Hi everyone!

    I figured it out.

    It is again a certificate issue; however, this time the Lenovo server isn't to blame.
    The Lenovo P2 has the certificate issue.. Namely, the phone doesn't have the issuer certificate for the Lenovo server in the Android certificate store.

    To fix it, do the following:

    Find a desktop browser of your liking (Firefox), and pull up the following website:
    (https is important!)
    Then, click the padlock sign next to the address bar, followed by the right arrow and "More information".
    Click on 'View Certificate".
    Then click on the certificate on the middle of the page, of the three available "Secure Site Pro CA G2" (issuer certificate).
    Scroll down to "Miscellaneous", and click on "Download PEM (cert)".
    Move this file to your Lenovo P2.
    Then, on the Lenovo P2, import the issuer certificate by navigating to Settings->Security->Credential Storage->Install From Storage.
    The phone will open up a file browser intent, where you can select the certificate. It will then ask you how you want to import the certificate. Choose "VPN / apps". You can give it any name you like afterwards.

    After all that, try to do the bootloader unlock by going to Settings->Developer Options->OEM Unlocking.
    Create or sign into your Lenovo account, and boom! It should work!
    You may have to log out and back in to get it to work, though.
    Mine worked immediately, but of course by immediately I mean that the 14 day timer started.

    I was connected over WiFi, but also had the Settings->About Phone->Participate in Lenovo Experience Program option turned on, as others have suggested. Additionally, I added my phone to my Lenovo account via the Lenovo App (https://play.google.com/store/apps/details?id=com.lenovo.serviceit).
    The system clock does not have to be changed, because the Lenovo Bootloader Unlock Server certificate is valid until 2022-06-30.

    There are probably thousands of ways to get a hold of the issuer certificate; Firefox (or other desktop browser) seems easiest. I couldn't coax Chrome on Android to download the certificate for me directly to the phone.
    Also, you might have to import the Root CA certificate (DigiCert Global Root CA) as well, in case your phone does not have it.

    DANGER, WILL ROBINSON!
    I am not sure who "Secure Site Pro CA G2" is, so please do not assume you can trust them absolutely as being forever in your certificate store. You have been warned. In any case, once you nuke the bootloader and install a new OS, it won't matter anyways.

    Cheers,
    mmx
    5
    Quick update. I just got a P2c72 device from a friend, I got the BootloaderUnlock.apk and was able to decompile it. For those who want to help. just get the .ODEX file in the system apps folder next to the BootloaderUnlock one. The details that I know until now are:

    - The APK calls the unlock server for authorization using TLS authentication.
    - The server replies with a bytes payload and the APK is in charge of writing the unlock flag.

    I'll keep updating and if someone here is experienced enough in reversing, that help would be much appreciated :)
    5
    Guys, if you are interested, you might want to sign this Lenovo statement petition
    4
    I've been away of my computer for a while, after some hours of analysis of the BootloaderUnlock.apk code I figured out a way to unlock the Bootloader; but I need a chinese mobile number (+86) to receive a SMS verification code to continue with the process. Does anyone here has a chinese mobile number that can help?, if so, please contact me on private. Once I clear that step I will post how to unlock the bootloader, and provide the required files.
    3
    Any help would be much appreciated. Keep up the good work bro. I hope u get succeed.

    I'm 100% sure that can be unlocked, as soon as I get a chinese number, to receive SMS.