• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!
  • Fill out your device list and let everyone know which phones you have!    Edit Your Device Inventory

[How-to] Unlock bootloader on Verizon Pixel/XL

Top Liked Posts

  • There are no posts matching your filters.
  • 159
    Hi guys. So I finally found a way to unlock a bootloader on a Verizon Pixel. Without further ado, let's get started. This method works on Pixel and Pixel XL.

    1. Remove Google account and any kind of screen lock (fingerprint, PIN, pattern, etc.) from your device.
    2. Eject sim card from your device.
    3. Reset your device. In setup wizard, skip everything, don't connect to WiFi, don't add fingerprint or any kind of screen lock.
    4. Go to Developer Options and enable USB debugging.
    5. Connect your phone to PC.
    6. Open CMD in adb directory and type
    adb shell pm uninstall --user 0 com.android.phone
    7. Restart your device.
    8. Connect to WiFi, open Chrome and go to google.com (or any website really).
    9. Go to Developer Options and enable OEM unlocking.
    10. Reboot into bootloader and via CMD run
    fastboot oem unlock
    fastboot flashing unlock
    11. Profit

    Be aware that unlocking bootloader removes everything from your device.

    Credit to members LeoTheRomRasta and Qu3ntin0 for making this method available to the community on the Bounty thread yesterday. https://forum.xda-developers.com/pi...rizon-pixel-bootloader-unlock-t3740911/page14 There is an ongoing discussion there about variations on this method.

    UPDATE: Confirmed that this method works on Android Oreo as well as Android P Developer Preview.
    Please can someone go through the trouble with making some step-by-step instructions that are a bit more noob-friendly, like in the OP? Thanks.

    Here is what worked for me:


    No SIM card in the phone
    ADB and Platform Tools installed on a computer (https://www.xda-developers.com/install-adb-windows-macos-linux/)
    The latest OTA image downloaded to the computer (https://developers.google.com/android/ota#sailfish for the Pixel or https://developers.google.com/android/ota#marlin for the Pixel XL)
    The phone connected to the computer with USB
    Learn how to use ADB and Fastboot on your computer as it can differ.


    1. On the phone, open Settings>System>Reset Options and factory reset the phone. It should say "Restarting" or something similar.
    2. When the screen goes black, press and hold the Volume Down key until you get into the Bootloader mode. Use the volume keys to navigate to "Recovery Mode" and select it with the power button.
    3. Hold the Volume Down key for about a minute (while it resets) until you make it back to the bootloader.
    4. Again use the volume keys to select Recovery Mode, then you should see a graphic of an android lying down.
    5. Hold the Power button then press the Volume Up button once. It should give you a menu. If that doesn't work, try pressing them at the same time.
    6. Use the volume and power buttons to select "Wipe Data/Factory Reset"
    7. Once it finishes, select the "Apply update via ADB" option.
    8. Go to your computer and type in 'adb sideload sailfish-ota-qp1a.191005.007.a3-394b5899.zip' (without quotes) for the Pixel or 'adb sideload marlin-ota-qp1a.191005.007.a3-23002a57.zip' for the Pixel XL.
    9. Factory reset again from recovery mode
    10. Reboot to system
    11. While it just shows the G, press the power button until the phone restarts
    12. Once it boots up, skip all of the steps but disable the options for sending information to Google.
    13. Enable Developer Options by tapping "Build Number" seven times
    14. In Developer Options, enable USB Debugging
    15. On your computer, run 'adb shell pm uninstall --user 0 com.android.phone'
    16. Reboot twice
    17. Connect to WiFi
    18. Open google.com in Chrome
    19. check Developer Options to see if you can enable OEM unlocking
    20. If you can't, swipe away Settings from the Recents menu and go back to Chrome
    21. In Chrome, open a bunch of websites. After opening each one, check the OEM Unlocking option again and close Settings afterward.
    22. Once you can enable it, do so! Now you can unlock the bootloader.

    Unlocking the bootloader:

    1. Reboot and press the Volume Down key when the screen goes black
    2. On the computer, type 'fastboot flashing unlock'

    You just unlocked the bootloader!

    Credit goes to djared704 for finding this method.

    Let me know if I need to change anything about this guide.
    Hey guys. After 5 months of my purchase I finally achieved bootloader unlocking. Basically I am a user that has never updated to latest, I don't know if it makes it a variable if you're already on latest and try this. (I was coming from Sept 2019). So what I did was factory reset from the system menus. Then as soon as the screen went black, I did bootloader combos and straight to recovery. I factory resetted as prep, flashed DECEMBER patch, then after that finished, factory resetted again. Essentially, I followed the classic ADB exploit that has "never worked since Sept-Oct 2019" And yes I do have the VZW_001 CID and "_VZ" in GL website. Know when yours is bootlooping as soon as you reboot it, just hard reboot so it boots up quicker, I don't know what it does for it to take so long. Anyways when you get in, just setup like we'd always do, NO google account, turn off all setting requests (Data location, wallpapers, etc). Then as soon as I got in, I turned on debugging, ran the classic adb pm command, rebooted TWO times. This means as soon as I booted, i swiped to go to home, then rebooted a second time. As soon as I did that, I loaded up my wifi connection, I don't know if it matters but Im using the 5G wifi, then I load up google.com. Immediately, I already notice something strange. Google.com doesn't have a "valid SSL certificate" I thought it was weird, so I went to google.com on my PC and look certified SSL. As I knew that was weird, I was clicking around and I thought that was enough. so I went to the dev menu. OEM lock still grayed out. I went back to chrome and simply typed in "youtube" Let it load up. Then I clicked on the site. I went back to the dev menu. Still grayed out. I exited settings app and relaunched it to the dev menu. OEM unlock lit up in flying colors. I could not believe it. I instantly ticked it with 0 hesitation and rebooted immediately to the bootloader. The unlock command worked! I am now unlocked sailfish! I thank the community so much for all the hard work. I, only motivated the community to their potential. Thank you again!

    Generally there are some kinds of factors.
    Users have stated before if you OTA'd from menus to Latest patch, it would say "October", even though it's really december. This may make the unlocking procedure impossible. I have also not seen any marlin users report back to me yet about this method. You can still try flashing from googles site if you're already on "October = Dec".

    Enjoy guys. We proved WE own these phones, and not VZW.
    Uhm, how do you skip Wi-Fi setup? :confused:

    EDIT: Guys, can confirm. It works!!! Just tested this as of now. The trick is to factory reset twice because the first reset leaves an indicator to the phone that you did a factory reset just now. Therefore, not allowing you to skip Wi-Fi connection in Setup Wizard. As for the steps, once you opened Google Chrome and visit a website, Go to Developer Options and wait until 3-5 minutes if the option to unlock is still grayed out. You might want to go back and forth one more time to see if the option to unlock is now enabled.
    Apparently there may a very very small case of possibly unlocking bootloader on VZW pixel 1 again. There is a Chinese service known by the name of "Taobao", performing premium paid bootloader unlocks for Pixel 1. Now at XDA, we do not agree with charging people in any way. The first way the old adb uninstall exploit was even discovered was because some user leaked, also a premium service in China. This is a bit different. The interface they are using is in Chinese (I know this because I connected with a user in our TG channel that has used this service). When I talked with this user they spoken about how they used the getvar command to determine if it was a actual VZW model or not. He went on to tell me that he used a VPN service to connect to their (data centre?) or his own phone, built for going long distances, I guess. He tells me he hasn't paid attention to the PC that much, and in a bit his bootloader was successfully unlocked. I actually took a look at the fastboot toolkit when I was on his PC and it was actually a toolkit from 2016, and it was obviously a bit modified, having a chinese file shortcut that directs to system32 cmd. The shortcut was obviously "命令提示符", translating Command Prompt. I can't understand why you would need admin access for adb, but to spin off, the commands in the help directory of both fastboot and ADB are different. Some I noticed were "flashing get_unlock_bootloader_nonce" "flashing unlock_bootloader <request>" "flashing lock_bootloader". However the ADB directory looks a bit similar to what we see today. I looked at a couple of the proprietary apps he used and the interfaces of those kinda reminded me of IP grabbing applications. Some great people at TG attempted to translate for me, and it looked about right.
    In theory, they use these apps to grab a VZW IP and maybe bully it with your own router? Or maybe they infiltrate it with their own IP which explains turning on the VPN. We have to work together, and figure out exactly how it was done. We have some info, but no steps on reproducing it. Lets try and work this out together! WE ARE so close! Thanks so much.