[G975U] DISCUSSION on Root/BL Unlock

Search This thread

StoneyJSG

Senior Member
Jul 28, 2014
1,198
188
All three of those links are broken. Is this a proprietary method you developed and have decided to capitalize on, or are you just pointing me to someone else who has done that?

I'm an electrical and computer engineer with MSEE and work in aerospace power electronics (so I have access to all the equipment I desire). I'd much rather buy the Intel and do it myself, if it's for sale.

Yeah the links aren't working now, maybe a liability issue? It's not my unlock method, but it's one that's been discussed here on XDA. It's some guy in China that does it remotely for a price.
 
Last edited:

sbcdave

Senior Member
Apr 9, 2011
233
15
Snohomish, WA
Yes it can be rooted and bootloader unlocked, but it costs money.

Go here to page 2: https://forum.xda-developers.com/gal...legit-t3966208

Then go here and read: https://www.xda-developers.com/samsu...napdragon-865/

Then go here if you wanna do it: https://labs.xda-developers.com/stor...r.galaxyunlock

Hey StoneyJSG. I started the search again today to figure out how I can get root for my S10+

The first link miraculously worked for me today, but the others still do not. When I try to copy the link from the HREF it shows the ellipsis (...) in the link, which I think is related to them not working, despite the fact that the first one just worked, and also had the ellipsis in the URI, which suggests it might be a glob of some kind that the forum can interpolate. Maybe, new posts have similar enough names that the forum can no longer interpolate this glob and that's why my links don't work, and maybe elliwigy has them cached, so his do...?

If you can find the working links and help me get them I would really appreciate it. I'm getting very tired of the bloatwear and inability to do other things I want to do with this now older phone.

This info is surprisingly hard to find. People are post-happy, so there is an ocean of unuseful info to search through and I still haven't found what I'm looking for.
 

StoneyJSG

Senior Member
Jul 28, 2014
1,198
188
The links are dead, I am guessing XDA removed them. You have to pay to have it bootloader unlocked, some dude in China does it. There was an app too that gave more info, but it seems to be gone as well.
 

sbcdave

Senior Member
Apr 9, 2011
233
15
Snohomish, WA
The links are dead, I am guessing XDA removed them. You have to pay to have it bootloader unlocked, some dude in China does it. There was an app too that gave more info, but it seems to be gone as well.

Thanks for helping me through this. Do you have any contact info for the person that can do this, or any other info that might help me find contact info for them. They seem to have ghosted
 

sremick

Senior Member
Jul 17, 2010
528
55
www.ninstation.com
Very interested in this, although I'm not sure I want to be the first person here to try it. My phone is my daily driver and I don't have a spare/backup.

I wonder if OTA updates stop working once you unlock the bootloader via this method?
 

elliwigy

Forum Moderator / Recognized Developer
Staff member
XDA App Taskforce
  • Very interested in this, although I'm not sure I want to be the first person here to try it. My phone is my daily driver and I don't have a spare/backup.

    I wonder if OTA updates stop working once you unlock the bootloader via this method?

    lmao u arent the first.. theres a few hundred ppl at this point from s10 to n20 devices that have unlocked.

    otas work if on fully stock firmware and device status is official. once u root or modify something and device reads as custom is when otas will fail. you would then need to update using odin.
     

    sbcdave

    Senior Member
    Apr 9, 2011
    233
    15
    Snohomish, WA
    lmao u arent the first.. theres a few hundred ppl at this point from s10 to n20 devices that have unlocked.

    otas work if on fully stock firmware and device status is official. once u root or modify something and device reads as custom is when otas will fail. you would then need to update using odin.
    You said you do this remotely. What are the prereqs for that? I'll happily pay $100 to get root, but I need to figure out a secure way to get you this remote access.
     

    elliwigy

    Forum Moderator / Recognized Developer
    Staff member
    XDA App Taskforce
  • You said you do this remotely. What are the prereqs for that? I'll happily pay $100 to get root, but I need to figure out a secure way to get you this remote access.

    once root is ready i send you usb redirector customer module then i tell you what address to put in and thats it. its very simple. Ive not had any issues so far using it.

    u basically get your device DID and purchase on the site. in 1-2 bussiness days I reach out to you. then put phone in dl mpde and plug it in then i send you exe and u put address in.. actual unlock process takes seconds long as u have decent internet
     

    Hitti2

    Senior Member
    Dec 27, 2015
    1,110
    124
    well I paid off my SM-G975U, contacted Verizon requested for it to be unlocked for a carrier usage sprint or whatever. I told him and I complained that I don't see OEM unlocking in developer options. they said give it 24 hours and OEM unlocking is guaranteed to be available so I'll post back in 24 hours.
     

    Hitti2

    Senior Member
    Dec 27, 2015
    1,110
    124
    well I paid off my SM-G975U, contacted Verizon requested for it to be unlocked for a carrier usage sprint or whatever. I told him and I complained that I don't see OEM unlocking in developer options. they said give it 24 hours and OEM unlocking is guaranteed to be available so I'll post back in 24 hours.
    my s10+ is worth selling. oem unlock

    will never show up. i'm in a down mood f*c verizon.
     

    Attachments

    • Screenshot_20210416-142724_Settings.png
      Screenshot_20210416-142724_Settings.png
      192.8 KB · Views: 36

    Top Liked Posts

    • There are no posts matching your filters.
    • 9
      Hello!

      I just picked up a SM-G975U to play with.

      Before you get your hopes up, Root and BL Unlock is NOT POSSIBLE on USA variants at this time!

      I created this discussion so those willing and able can brainstorm with me with hopes of achieving root or unlock.

      Now I wouldnt be creating this thread if I didnt think it was possible or without some form of teasers.

      Dont ask me how but flashing combo is possible. I cannot and will not share the method/files as they are not mine to do so.

      I noticed on combo this time around if you toggle oem unlock there is a tag that says "OEM Unlocked" when you enter download mode. When you long press vol up it also takes you to the unlock screen. After pressing vol up to accept it reboots and wipes data.

      I am not sure the steps after this but so far havent been successful in flashing modified firmware. It is possible this is just a visual but I feel this is closer than any past devices ive owned. Anyone with know how on where the flash lock bit is stored would be of great help.

      I should be able to flash some partitions after modifying them such as vbmeta or dtbo etc. to hopefully unlock the BL if I only knew what to modify.

      This is not a how-to or dev thread so dont expect me to share any files. It is merely to discuss how the BL is unlocked on SD S10 devices to hopefully lead to an unlock down the road.

      To my understanding, toggling the oem unlock sets a bit that tells the system that oem unlocking is allowed as well as disables security such as frp. This persists across reboots and firmware flashes etc.

      After that, in DL mode there is a tag that also says device is oem unlocked. At this point you need to actually hold vol up to actually oem unlock the device.

      After this I am unclear. We should be able to flash custom firmware at which verified boot state will be orange and the flash lock bit is 0. In my case, verified state is still green and flash lock is still 1 and flashes fail unless officially signed.

      I know the dtbo is related to verity and vbmeta to verified boot. Vaultkeeeper to rlc. Then you have metadata, a few "keys" related partitions etc etc.

      What is everyones take on this? Any ideas/suggestions are greatly appreciated in advance!
      7
      Wow what a read! I have an AT&T S10+ so I am going to join in here even though I don't understand some things that are being talked of.

      Would it be possible to attach a dongle via the USB-C port on the phone that sends a pulse to the CPU or bootloader making it temporarily crash long enough to run unsigned code? I know Samsung injected something called vault keeper which was like an extra layer of security or something. I am just speculating here.

      vaultkeeper is there but not really applicable from what ive seen so far.. with my exploits you can set flash lock to 0 which will grey out the oem lock in settings and say bl is unlocked as well as itll say oem unlocked in dl mode..

      however despite all this im only able to temporarily oem unlock.. what i mean is that i can oem unlock in dl mode.. reboot straight back into dl mode.. flash a modified img which fails... hard reset and get the red warning saying theres a custom firmware installed but from here it goes to factory reset and after the wipe the red warning is gone and device is not unlocked..

      i know it is unlocked for a brief moment in this process because of the warning as well as the logs indicate "IsUnlocked:1" and indicates its oem unlocked before it then reads "IsUnlocked:0" again..

      I am going through logs n tests trying to pinpoint exactly when its "unlocked".. I have hope.. this is probably closest any locked usa variants have been since good ole s4 s5 note 4 days to a bl unlock :)

      i am also testing methods to write firmware such as modded system..

      this stuff is new to me on samsung so its slow moving as im learning as i go.. with pie and beyond theres multiple security measures in place that werent there before such as vbmeta, metadata, hashes, footers, SAR, etc etc.. when i figure one thing out somethin else pops up to stop me lol but this is what makes it fun :)
      6
      So, is it possible to unlock bootloader on SD S10 plus???
      I am thinking buying one.
      Thanks

      i am actually imching closer n closer.. been workin it all day today lol
      6
      i now have uid 1000 access.. with how selinux contexts and ownership is in pie tho i can only access stuff that is mounted rw and system user/group which so far is cache, carrier, efs, data, qdmdbg and various files spread throughout.

      dev block wise i can access persistent, and steady partitions.. other than that i can write to the ones that are already mounted.

      uid 1000 is a step in the right direction tho... beats shell 2000 uid
      5
      Just wanted to let you know I appreciate everyone's hard work. Even if we never get a rootable AT&T samsung device ever again, it's heartening to know there are still people dedicated to the cause out there, lol.
    Our Apps
    Get our official app!
    The best way to access XDA on your phone
    Nav Gestures
    Add swipe gestures to any Android
    One Handed Mode
    Eases uses one hand with your phone