[DEV] Bootloader unlock procedure and software

[dpeddi]

The steps described should be enough.

Perhaps later can be improved or can be added a windowa executable or apk that do all, but not now.

 

[mxzwhx]

The steps described should be enough.

Perhaps later can be improved or can be added a windowa executable or apk that do all, but not now.

Okay,thanks.one more question, I'm currently running @ggow's HDX nexus ROM v2.0.4 ,do I have to roll back to Amazon fire os to do that ?or I could just do the unlock steps on currently ROM ?

Sent from my Nexus HDX 8.9 using XDA Free mobile app

 

[dpeddi]

Okay,thanks.one more question, I'm currently running @ggow's HDX nexus ROM v2.0.4 ,do I have to roll back to Amazon fire os to do that ?or I could just do the unlock steps on currently ROM ?

Sent from my Nexus HDX 8.9 using XDA Free mobile app

No need to revert to stock.

Perhaps you can't use adb shell idme print.

If this step fails ask ggow to include idme in next hdx nexus.

 

[rubinho]

@mxzwhx
The unlock procedur incl. "idme print" works fine with hdx nexus (2.0.5).

For creating the unlock signature you need linux. Only fastboot works with Windows
You just need to install the windows driver correctly (only for fastboot connection)

 

[ggow]

I get to unlock the bootloader of my kindle hdx 8.9

Prerequisite:
- Bootloader shipped with firmwareversion 1[34].3.1.0 <= x <= 1[34].3.2.4 (as we use the rsa bug)
- Rooted kindle

adb shell
cat /sys/block/mmcblk0/device/manfid
cat /sys/block/mmcblk0/device/serial

create a file unlock.img with following content:
0xmmssssssss
where mm=manfid and ss=serial

encrypt it with my vortox fork of signing tool at

https://github.com/dpeddi/Cuber

./cuber_unlockbl --sign ./unlock.img ./unlock.signed

connect the hdx to a linux box and do following command:

./fastboot -i 0x1949 devices
./fastboot -i 0x1949 flash unlock unlock.signed
./fastboot -i 0x1949 reboot

adb shell
idme print
[...]
unlock_code: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMsv9S[...]WRUFx7FaA==

Regards and thank to all (Hashcode, Cpasjuste, Vortox...)

Excellent work

Definitely make developing custom kernels a whole lot safer.

Thank you.

 

[jeryll]

Thank you very much @dpeddi, after a little bit struggling with ubuntu live I managed to unlock my HDX 8.9 too (running Nexus 2.0.5) !!! Yay! Confirmed with idme print, thank you again, excellent work!

 

[jcase]

You should credit Lee Harrison (ralekdev) for discovery and publishing the vuln details.

Also, you can get teh serial and manfid from the bootloader itself, so you can craft it without the need for root

Edit:

Sorry wrong this this morning while in bed, sounds harsh, wasn't suppose to be. Congrats! This also works on FireTV. Its patched in first release of the phone.

I get to unlock the bootloader of my kindle hdx 8.9

Prerequisite:
- Bootloader shipped with firmwareversion 1[34].3.1.0 <= x <= 1[34].3.2.4 (as we use the rsa bug)
- Rooted kindle

adb shell
cat /sys/block/mmcblk0/device/manfid
cat /sys/block/mmcblk0/device/serial

create a file unlock.img with following content:
0xmmssssssss
where mm=manfid and ss=serial

encrypt it with my vortox fork of signing tool at

https://github.com/dpeddi/Cuber

./cuber_unlockbl --sign ./unlock.img ./unlock.signed

connect the hdx to a linux box and do following command:

./fastboot -i 0x1949 devices
./fastboot -i 0x1949 flash unlock unlock.signed
./fastboot -i 0x1949 reboot

adb shell
idme print
[...]
unlock_code: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMsv9S[...]WRUFx7FaA==

Regards and thank to all (Hashcode, Cpasjuste, Vortox...)

 

[vortox]

Great job @dpeddi

 

[icedtrip]

Success!! Fantastic job @dpeddi!

 

[williamhancock328`]

4.5 rollback possible?

Great job unlocking the BL! I'm not sure if it's possible, but can we downgrade the software to 3.1.0?

 

[andPS2]

great work!
does this work for hdx 7 too?
cm11 will continue to run afterwards correct? (the one with the bootloader bypass)?

 

[rubinho]

@andPS2
The bootloader unlock procedur works with HDX 7 (Thor)
And yes, cm11 should then also still work.

 

[andPS2]

btw for linux u guys need to apt-get install android-tools-adb and android-tools-fastboot for
ubuntu
adb reboot bootloader get into fastboot mode
both could be added to op
p.s. i guess idme is not included in [ROM] cm-11-20150110-UNOFFICIAL-thor
is there another way to check if bootloader was unlocked?

 

[rubinho]

@andPS2
Install temporarily the Nexus Rom to use idme print.

 

[EncryptedCurse]

Neat.

 

[andPS2]

got it unlocked too
my hdx screen didnt give any output other than fastboot mode
and invalid comment

 

[mxzwhx]

File is not an Android boot image ,what does that mean ?

Sent from my Nexus HDX 8.9 using XDA Free mobile app

 

[someone0]

I think I saw some bounty for HDX bootloader unlock floating around, maybe the OP should go pick them up.
http://xdaforums.com/showthread.php?t=2580428

 

[AmazonLeaker]

Have anyone tried this on 14.3.2.8 ?

I know that it would not work but still can there be some one willing to test this, i would have tested it but currently my dual booting Ubuntu broke and I'm bad with Linux.


It would be very greatful if someone can help people with kindles on 14.3.2.8.

Amazon Canada has 4.5.3 update rolled out america would be soon on list i believe....

 

[andPS2]

I forgot to tell you that if you upgrade bootloader to newer image with fixed openssl you lost unlock.

but once unlocked u should be able to always flash any bootloader?