How To Guide [EU model] Unlock bootloader of European model

Search This thread

manu81cba

Member
Nov 15, 2021
37
0
I try now unlock the bootloader... the tutorial here excellent change name device... but the app for unloock is in process... already pass 30 minute and the same...is normal? how many time need? or perhaps no working now unlock with this tutorial?
Screenshot_2022-06-15-19-54-36-41_5461cd6783b6e8d9f5be0980ff5227f9.jpg



WORKING NOW... thanks
 
Last edited:

alonsosjumper

Member
Jul 9, 2011
35
2
First of all, thanks for your procedure and apk.

Secondly, i would like to know if there is any fix to work with Google Pay, because with the bootloader opened, it doesn´t work...

Thanks a lot!
 

Rapper_skull

Senior Member
Apr 21, 2011
353
196
Naples
Xiaomi Mi Mix 2S
Realme GT 2 Pro
First of all, thanks for your procedure and apk.

Secondly, i would like to know if there is any fix to work with Google Pay, because with the bootloader opened, it doesn´t work...

Thanks a lot!
Install the safetynet-fix Magisk module. It let me add a card, after clearing data of Google Pay, but I haven't tried paying.
 

pip0640

New member
Jun 22, 2022
1
0
Hello everyone! :)
I was wondering if you would be willing to share your sources for the executables @Rapper_skull
I would really like to take a look at them, before running them.

Thanks in advance :)
 
Feb 15, 2019
12
1
This way coukld work on a mtk smartphone (I have a moto e6 plus)? And could I only root installing supersu, no magisk, and no wiping my data?
 

alonsosjumper

Member
Jul 9, 2011
35
2
Install the safetynet-fix Magisk module. It let me add a card, after clearing data of Google Pay, but I haven't tried paying.
And how could i install Magisk on GT2 pro?

Thanks again!
 

Rapper_skull

Senior Member
Apr 21, 2011
353
196
Naples
Xiaomi Mi Mix 2S
Realme GT 2 Pro
Hello everyone! :)
I was wondering if you would be willing to share your sources for the executables @Rapper_skull
I would really like to take a look at them, before running them.

Thanks in advance :)
All the code is compiled from the sources of the DirtyPipe-Android repo. The only changes are in the scripts, but you can just inspect them with a file editor of course.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    Oh okay that makes sense.

    Maybe you can answer this cuz I can't find one anywhere but when trying to do the dd command I messed up and idk if it did something I should be worried about. I typed "adb shell su dd" then I accidentally hit enter so then I thought I could just type "exit" and hit enter to back out but that didn't work and honestly idk what it did. I searched and found that I should have done "ctrl + c" to back out and that's what I did. Everything seems fine but people call dd "disk destroyer" which doesn't sound too good lol.
    Don't worry you didn't destroy anything.
    1
    Hello, rooting noob here, interested in buying the gt 2 pro soon. Does this still work to this day? Once the bootloader is unlocked, is it permanent meaning you can also root the phone for as much as you want. About the kernel sources, do you think realme will publish them leaving space for custom roms?
    Edit: Discussing with a friend I have found this, so those should be the kernel sources right? https://github.com/realme-kernel-opensource/realme_GT2pro-AndroidS-kernel-source
    Yes, that's the kernel source. As for the method, it sure works on the device side. I don't know if Realme changed something server side, but I don't think so.
    1
    I was wondering if you could make a mirror of the latest ota unpatched package in case realme shuts the link down, especially for people who come later
    I have it offline. When I have the time, I will upload it somewhere.
  • 8
    As you may know, at the time of writing it's not possible to unlock the bootloader of the European model. Fortunately there's a workaround. To know how it works, scroll to the end of the post.

    First of all, this is only for the European RMX3301, but you can try on any other global model that doesn't allow the unlocking of the bootloader. I'm not talking about temporary errors, but of the infamous This phone model does not support deep testing error message.

    Before starting I would like to thank polygraphene for their implementation of the Dirty Pipe vulnerability on Android. Without that, this would not have been possible.

    Requirements:

    • The phone with a decent charge. Do not attempt this procedure with the phone at 10% and then cry if something goes wrong
    • A compatible build, read below
    • A Windows or Linux PC with adb and fastboot drivers installed

    Check if your build is compatible:

    • Go to Settings -> About device -> Version and check Build number:
      • If your build is between RMX3301_11_A.14 and RMX3301_11_A.18, go to the procedure below
      • If your build is lower than RMX3301_11_A.14, or higher than RMX3301_11_A.18, install this OTA package to downgrade (or upgrade) to RMX3301_11_A.14

    Procedure:

    1. Make sure under Developer options you have OEM unlocking and USB debugging enabled
    2. Download and extract the attached gt2pro_eu_unlock_dirtypipe_v0.2.zip file
    3. Open a terminal in the folder of the extracted files
    4. Connect the phone to the PC and select the File transfer option
    5. Run the script:
      • On Windows, type run.bat and press enter
      • On Linux, type ./run.sh and press enter
    6. Now the phone is temporarily rooted and the phone model is changed to RMX3301. Do not reboot or you will lose this status.
    • At this point you can follow the procedure on the official forum to unlock the bootloader of the global model. If you already have the Deeptesting app installed, clear its data to make sure it will update.

    Changelog:

    v0.2:
    • Show more info about device for better debug
    • Show the model at the end to check if it worked

    For technical people: how does it work?

    The script abuses a vulnerability of the Linux kernel called Dirty Pipe (or CVE-2022-0847). For further details, you can visit the official website. This allows us to gain temporary root and overwrite the ro.product.name property, the only one checked by the Deeptesting app. The vulnerability is present in Android and it has been fixed, at least for the Pixel 6, in the may 2022 security update. At the time of writing, the latest build for the GT2 Pro is RMX3301_11_A.18, and it's still vulnerable. I have tested the procedure personally up to build RMX3301_11_A.16. If you're on a newer build and it doesn't work, please report it in the comments.

    If you have further questions about the procedure, please post them below.
    3
    I attached a new version of the script to the OP. This new versions shows more info do better debug problems, and waits 30 seconds before getting the model again to show if everything worked.
    2
    I wonder if we can use this temporary root to do some modifications on system.
    Theoretically you can do everything you can do on a rooted phone (Magisk, but without modules and Zygisk). In practice I never got Magisk to work properly, so I just limited myself to change the property. My goal was to unlock the bootloader, so I did it and installed Magisk.
    1
    When you try the procedure... delete al date of phone? whe finish---- type run.bat and press enter ---- erase all?
    My procedure will not delete any data, but after that you have to follow the official procedure to unlock the bootloader, and that will factory reset your phone.
    1
    What the future with SafetyNe... Finish customs rooms? I can unlock the boatloader but then change android with safe and problem with all app bank and no accept root... What you say?

    Other question... What app for back up use before unlock boatloader ?
    It's better if you ask these questions in a more relevant thread. For now there's no custom rom available for the GT2 Pro, and for SafetyNet you can use https://github.com/kdrag0n/safetynet-fix/