How To Guide [EU model] Unlock bootloader of European model

Search This thread

hill67

Senior Member
Dec 29, 2010
281
24
I downgraded to A14 and tried the procedure again without luck.
I updated to A21 and tried it again. I got the following screen:
1668372025524.png

Again ro.product.name = RMX3301EEA????
 

hill67

Senior Member
Dec 29, 2010
281
24
Maybe a silly question, but have you copied the magisk folder alongside the other three files?
Not silly at all because I didn't 🙄. Just find out myself as well. After I also copied the magisk folder in I tried it on A21. Now it worked, the phone booted but .. no luck again with the deep testing app . So now i am gonna roll back to A14 again and try from there.
 

Rapper_skull

Senior Member
Apr 21, 2011
461
274
Naples
Xiaomi Mi Mix 2S
Realme GT 2 Pro
Not silly at all because I didn't 🙄. Just find out myself as well. After I also copied the magisk folder in I tried it on A21. Now it worked, the phone booted but .. no luck again with the deep testing app . So now i am gonna roll back to A14 again and try from there.
You don't have to reboot the phone, just install the deeptesting app and run it.
 

hill67

Senior Member
Dec 29, 2010
281
24
Finally, finally I managed to get the bootloader unlocked. Thanks for your help.
But, a question: can you do an OTA update with an unlocked bootloader?
I am asking because I want to do an update via local installation but this button is grayed out because an OTA update is already available for download.
 

Rapper_skull

Senior Member
Apr 21, 2011
461
274
Naples
Xiaomi Mi Mix 2S
Realme GT 2 Pro
Finally, finally I managed to get the bootloader unlocked. Thanks for your help.
But, a question: can you do an OTA update with an unlocked bootloader?
I am asking because I want to do an update via local installation but this button is grayed out because an OTA update is already available for download.
The unlocked bootloader is not a problem for OTA updates, but if you root your phone, the OTA update will fail.
 
  • Like
Reactions: hill67

MB525

Senior Member
Dec 18, 2010
277
77
So to be clear, the dirtypipe vulnerability has finally been fixed in Android 13, right? And if I unlock the bootloader on Android 12, does it stay unlocked after updating to Android 13?
 

Rapper_skull

Senior Member
Apr 21, 2011
461
274
Naples
Xiaomi Mi Mix 2S
Realme GT 2 Pro
So to be clear, the dirtypipe vulnerability has finally been fixed in Android 13, right? And if I unlock the bootloader on Android 12, does it stay unlocked after updating to Android 13?
The vulnerability is only used to trick the app. Once you unlock the bootloader, it will stay unlocked until you lock it again. If you're on Android 13 and want to unlock the bootloader, you can use the downgrade package.
 
  • Like
Reactions: MB525

lucy1983

Senior Member
Mar 24, 2022
59
34
39
Asus ZenFone 3 Ultra
Xiaomi Poco F1
The vulnerability is only used to trick the app. Once you unlock the bootloader, it will stay unlocked until you lock it again. If you're on Android 13 and want to unlock the bootloader, you can use the downgrade package.
There is a possibility to speculate the same vulnerability for the European model of Realme GT2? The unlock app is finally out, but not for the European variant. So I was thinking if maybe someone could build a file like for the PRO variant to be able to unlock the European variant too.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 8
    As you may know, at the time of writing it's not possible to unlock the bootloader of the European model. Fortunately there's a workaround. To know how it works, scroll to the end of the post.

    First of all, this is only for the European RMX3301, but you can try on any other global model that doesn't allow the unlocking of the bootloader. I'm not talking about temporary errors, but of the infamous This phone model does not support deep testing error message.

    Before starting I would like to thank polygraphene for their implementation of the Dirty Pipe vulnerability on Android. Without that, this would not have been possible.

    Requirements:

    • The phone with a decent charge. Do not attempt this procedure with the phone at 10% and then cry if something goes wrong
    • A compatible build, read below
    • A Windows or Linux PC with adb and fastboot drivers installed

    Check if your build is compatible:

    • Go to Settings -> About device -> Version and check Build number:
      • If your build is between RMX3301_11_A.14 and RMX3301_11_A.21, go to the procedure below
      • If your build is lower than RMX3301_11_A.14, or higher than RMX3301_11_A.21, install this OTA package to downgrade (or upgrade) to RMX3301_11_A.14

    Procedure:

    1. Make sure under Developer options you have OEM unlocking and USB debugging enabled
    2. Download and extract the attached gt2pro_eu_unlock_dirtypipe_v0.2.zip file
    3. Open a terminal in the folder of the extracted files
    4. Connect the phone to the PC and select the File transfer option
    5. Run the script:
      • On Windows, type run.bat and press enter
      • On Linux, type ./run.sh and press enter
    6. Now the phone is temporarily rooted and the phone model is changed to RMX3301. Do not reboot or you will lose this status.
    • At this point you can follow the procedure on the official forum to unlock the bootloader of the global model. If you already have the Deeptesting app installed, clear its data to make sure it will update.

    Changelog:

    v0.2:
    • Show more info about device for better debug
    • Show the model at the end to check if it worked

    For technical people: how does it work?

    The script abuses a vulnerability of the Linux kernel called Dirty Pipe (or CVE-2022-0847). For further details, you can visit the official website. This allows us to gain temporary root and overwrite the ro.product.name property, the only one checked by the Deeptesting app. The vulnerability is present in Android and it has been fixed, at least for the Pixel 6, in the May 2022 security update. On the GT 2 Pro, the vulnerability has been fixed with the Android 13 update, while the latest Android 12 build (RMX3301_11_A.21) is still vulnerable. I have tested the procedure personally up to build RMX3301_11_A.16. If you're on a newer build and it doesn't work, please report it in the comments.

    If you have further questions about the procedure, please post them below.
    3
    I attached a new version of the script to the OP. This new versions shows more info do better debug problems, and waits 30 seconds before getting the model again to show if everything worked.
    2
    I wonder if we can use this temporary root to do some modifications on system.
    Theoretically you can do everything you can do on a rooted phone (Magisk, but without modules and Zygisk). In practice I never got Magisk to work properly, so I just limited myself to change the property. My goal was to unlock the bootloader, so I did it and installed Magisk.
    1
    When you try the procedure... delete al date of phone? whe finish---- type run.bat and press enter ---- erase all?
    My procedure will not delete any data, but after that you have to follow the official procedure to unlock the bootloader, and that will factory reset your phone.
    1
    What the future with SafetyNe... Finish customs rooms? I can unlock the boatloader but then change android with safe and problem with all app bank and no accept root... What you say?

    Other question... What app for back up use before unlock boatloader ?
    It's better if you ask these questions in a more relevant thread. For now there's no custom rom available for the GT2 Pro, and for SafetyNet you can use https://github.com/kdrag0n/safetynet-fix/