[How-to] Unlock bootloader on Verizon Pixel/XL

[djared704]

I had given up all hope of unlocking the bootloader. It's a Verizon device with Q Build QP1A.191005.007.A3. and up until an hour ago, whenever I looked, enable OEM unlocking was always greyed out. But I just happen to see it not greyed out, hit the toggle switch, did the fastboot unlock, and lo and behold, my Pixel XL now has an unlocked bootloader. I wish I could explain it, but there's no logical explanation. It could happen to you too.

You have to do the quick tests to actually ensure if it's a VZW device or unlocked (Unlocked should be _p on google site, vzw will be _vz)
Mate if this was the case this whole entire thread wouldn't exist.

 

[Vandan.Patel]

At this point is there any hope for people running the last update for the pixel XL Verizon to be able to unlock the bootloader?

 

[beeewell]

You have to do the quick tests to actually ensure if it's a VZW device or unlocked (Unlocked should be _p on google site, vzw will be _vz)
Mate if this was the case this whole entire thread wouldn't exist.

I'm very skeptical too, and maybe I screwed up. It took me awhile to figure out the google test thing, but I think this is the data that's in question below. I see the name has a _vz at the end of it. Does this look like the data you would get from the Google repair site to see if it's a Verizon model? I put xxx's and yyy's in for my imei & serial.

)]}'

[[["grd",["device","G-2PW2100-022-B","_pixel_xl_phone_silver_128gb_vz","Pixel XL","128 GB, Very Silver","https://lh3.googleusercontent.com/OsPTZ0Uonr59bD3E-hV_WDt_W8JgN_F5iGtFHGSrNC5bvLTrYh-SDuwgmytsrH0UaA","xxx","yyy",1,null,1,null,0,null,null,"Pixel XL (128 GB, Very Silver)",1595314800000,"Jul 21, 2020",null,null,0]
,1]
,["e",2,null,null,376]
]]

 

[djared704]

I'm very skeptical too, and maybe I screwed up. It took me awhile to figure out the google test thing, but I think this is the data that's in question below. I see the name has a _vz at the end of it. Does this look like the data you would get from the Google repair site to see if it's a Verizon model? I put xxx's and yyy's in for my imei & serial.

)]}'

[[["grd",["device","G-2PW2100-022-B","_pixel_xl_phone_silver_128gb_vz","Pixel XL","128 GB, Very Silver","https://lh3.googleusercontent.com/OsPTZ0Uonr59bD3E-hV_WDt_W8JgN_F5iGtFHGSrNC5bvLTrYh-SDuwgmytsrH0UaA","xxx","yyy",1,null,1,null,0,null,null,"Pixel XL (128 GB, Very Silver)",1595314800000,"Jul 21, 2020",null,null,0]
,1]
,["e",2,null,null,376]
]]

I have a theory for your case then. It has also been proven on the Pixel 4. If you bought the device brand stinkin new with no VZW sim in it, that means NO one ever turned on the device before you did, and it especially booted without a VZW sim in it, potentially it would unlock as a regular pixel.
This still doesn't support our previous theories that VZW pixels require the Google server to unlock. I have also seen documentation of Pixel 1 not being permitted to be unlocked even proven unlocked, and not refurbished.
The questions will keep adding up.

Anyways, if any one of you remember this video, it features "hTC-download", including a "Token AUTHENTICATION PASS/FAIL" It honestly looks really neat and I believe if we can get a TOKEN PASS we can actually unlock the bootloaders for ourselves. If I'm correct, these tokens are distributed along the factories in China, Taiwan, where pixels are built, and my only theory is someone stole a token and also knows how to work on pixels (It makes sense because it's a chinese service) I also had one of my friends do a taobao service a few days ago, and they also successfully unlocked his bootloader! However it's completely different. I do not want to post it here for privacy reasons but to explain it, the camera is basically staring at the phone for a solid 35 minutes, then ting, you see the phone light up into a "Unlock bootloader?" display
Which is interesting, and completely different to what we know as of right now. There is absolutely 0 documentation of anyone just completely exploiting the pixel bootloader, and frankly, I have 0 doubts it can be done.
We're so close!
Thanks everybody.

 

[beeewell]

I have a theory for your case then. It has also been proven on the Pixel 4. If you bought the device brand stinkin new with no VZW sim in it, that means NO one ever turned on the device before you did, and it especially booted without a VZW sim in it, potentially it would unlock as a regular pixel.
This still doesn't support our previous theories that VZW pixels require the Google server to unlock. I have also seen documentation of Pixel 1 not being permitted to be unlocked even proven unlocked, and not refurbished.
The questions will keep adding up.

Anyways, if any one of you remember this video, it features "hTC-download", including a "Token AUTHENTICATION PASS/FAIL" It honestly looks really neat and I believe if we can get a TOKEN PASS we can actually unlock the bootloaders for ourselves. If I'm correct, these tokens are distributed along the factories in China, Taiwan, where pixels are built, and my only theory is someone stole a token and also knows how to work on pixels (It makes sense because it's a chinese service) I also had one of my friends do a taobao service a few days ago, and they also successfully unlocked his bootloader! However it's completely different. I do not want to post it here for privacy reasons but to explain it, the camera is basically staring at the phone for a solid 35 minutes, then ting, you see the phone light up into a "Unlock bootloader?" display
Which is interesting, and completely different to what we know as of right now. There is absolutely 0 documentation of anyone just completely exploiting the pixel bootloader, and frankly, I have 0 doubts it can be done.
We're so close!
Thanks everybody.

The only thing I can add, and I'm not sure it's at all helpful, but another hypothesis - My wife bought this phone REFURBISHED. She took it out of the box, charged it, put in her Verizon sim card, and fired it up. Maybe there was something in the refurbishing process that ultimately allowed it to be unlocked. It really defies explanation. As I mentioned before, based on what I read here and trying numerous times, I had given up on unlocking this phone to the point of ordering another unlocked phone. Since I lucked out if you will in unlocking it, I've cancelled the other order. As of now, I have a rooted stock in one slot, and PixelDust in the other slot.

 

[bpatterson007]

So just to be clear, if you have a Verizon Pixel XL with the last update installed, you cannot currently unlock the bootloader? So no Lineage 17.1 install for me?

 

[djared704]

So just to be clear, if you have a Verizon Pixel XL with the last update installed, you cannot currently unlock the bootloader? So no Lineage 17.1 install for me?

Rather than a solid "no" like it has before, there are sudden reports of this chinese service unlocking it. At the moment I'm still gather information regarding it, but you may always look at my previous posts about it. Cheers.

 

[bpatterson007]

Rather than a solid "no" like it has before, there are sudden reports of this chinese service unlocking it. At the moment I'm still gather information regarding it, but you may always look at my previous posts about it. Cheers.

Good luck and godspeed. It pisses me off owning something and being restricted like this. I know I'm not the only one!

 

[punkmangg]

Hello, i thought may we flash verizon 10 android using QPST tools, QFIL usually.
Who knows some information of this?

Does anyone have information about this?

I'm on android 10 and want to go back to 9 with locked bootloader (Pixel 2 - Verizon)

 

[jayank2000]

Came across this. https://9to5google.com/2020/06/11/google-pixel-android-flash-tool-past-updates/. Not sure if it applies to Verizon pixels, I highly doubt it.

 

[punkmangg]

Came across this. Not sure if it applies to Verizon pixels, I highly doubt it.

Android flash tool recognizes my device (Pixel 2 verizon) with usb debugging activated but I'm afraid to start the flash and brike :confuso:

 

[StanleySnafu]

Anyone had luck with Pixel XL Verizon with Android 9 (Security Patch August 1, 2019)?

 

[hairycheez]

If following the steps and going to Google.com (not any website) doesn't work, maybe try using the check in command from Google.

 

[divhandyman]

I tried this, running android 10, now no data connection and the phone app keeps crashing. factory reset didn't fix it. Anyone else experience this issue?

 

[YandexStudio]

Rather than a solid "no" like it has before, there are sudden reports of this chinese service unlocking it. At the moment I'm still gather information regarding it, but you may always look at my previous posts about it. Cheers.

I've also noticed the unlocking service on Taobao, currently I still didn't buy it, but usually, they use teamviewer to contorl your computer and then transfer their unlocking scripts, and they oprate it fast, then delete the script file, ( I've bought a fiber modem unlocking service before, I don't know if it's similar for unlocking mobile phones)

Is there anyway to grab their script file without let them notice? If so, maybe I can buy it and have a try.

 

[CLPose]

I've also noticed the unlocking service on Taobao, currently I still didn't buy it, but usually, they use teamviewer to contorl your computer and then transfer their unlocking scripts, and they oprate it fast, then delete the script file, ( I've bought a fiber modem unlocking service before, I don't know if it's similar for unlocking mobile phones)

Is there anyway to grab their script file without let them notice? If so, maybe I can buy it and have a try.

I've PM you with some relevant info. Looking forward to seeing you!

 

[biman__17]

I've also noticed the unlocking service on Taobao, currently I still didn't buy it, but usually, they use teamviewer to contorl your computer and then transfer their unlocking scripts, and they oprate it fast, then delete the script file, ( I've bought a fiber modem unlocking service before, I don't know if it's similar for unlocking mobile phones)

Is there anyway to grab their script file without let them notice? If so, maybe I can buy it and have a try.

Maybe you can close the TeamViewer connection after the script has been transferred to your system.

 

[kha1rul]

Great to see there's a lot of progress, keep it up guys! I really appreciate your efforts.
Out of curiosity, Does anyone have a link to the Taobao unlocking service?

 

[n3kf]

Came across this. https://9to5google.com/2020/06/11/google-pixel-android-flash-tool-past-updates/. Not sure if it applies to Verizon pixels, I highly doubt it.

Well darn, that would be great to be able to move back to an earlier build. Looks like it's only for Pixel 2 on up though. Sure wish it was open source......

 

[mrkhigh]

I own a locked p2 and tried this. This doesn't allow locked bootloaders to downgrade. Pretty sure it's just an online adb/fastboot tool.