• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[New][July-16-2020]Unlocking bootloader on VZW Pixel 1 and XL

Search This thread

djared704

Senior Member
Jul 12, 2018
117
80
Los Pringles, California
AS OF JUL 19 THIS HAS STOPPED WORKING

I apologize if you did not get your bootloader unlocking!

At the moment, there is no information if the classic exploit will return, if it has worked for you, please make a post about it on this thread!

We will go back to work to ensure pixels will get unlocked. I do not know how long it may take, it could be a few days, a few months or a few years. For this reason I'd respectfully ask you for no ETAs on the development on the exploit.

I may keep this thread open if people are willing to crack on something or need help.

Thanks for understanding.


----

I wanted to make a new thread to clean things up as the correct answer is buried so far into the VZW thread and I don't believe people have time to dig down that far to do something so simple.

Please give @RaspberryPiBen a thanks by going to his quote for finalizing my rant and making it into doable steps.

The work by the community is absolutely incredible.

Here is what worked for me:

Prerequisites:
No SIM card in the phone
ADB and Platform Tools installed on a computer (https://www.xda-developers.com/install-adb-windows-macos-linux/)
The latest OTA image downloaded to the computer (https://developers.google.com/android/ota#sailfish for the Pixel or https://developers.google.com/android/ota#marlin for the Pixel XL)
The phone connected to the computer with USB
Learn how to use ADB and Fastboot on your computer as it can differ.

Steps:

1. On the phone, open Settings>System>Reset Options and factory reset the phone. It should say "Restarting" or something similar.
2. When the screen goes black, press and hold the Volume Down key until you get into the Bootloader mode. Use the volume keys to navigate to "Recovery Mode" and select it with the power button.
3. Hold the Volume Down key for about a minute (while it resets) until you see an android lying down.
4. Hold the Power button then press the Volume Up button once. It should give you a menu.
5. Use the volume and power buttons to select "Wipe Data/Factory Reset" and confirm the reset.
6. Once it finishes, select an option that is something like "Sideload OTA"
7. Go to your computer and type in 'adb sideload sailfish-ota-qp1a.191005.007.a3-394b5899.zip' (without quotes) for the Pixel or 'adb sideload marlin-ota-qp1a.191005.007.a3-23002a57.zip' for the Pixel XL OR you may drag the zip file into the command prompt after typing "adb sideload", either way it should look similar.
8. Factory reset again from recovery mode
9. Reboot to system
10. While it just shows the G, press the power button until the phone restarts
11. Once it boots up, skip all of the steps but disable the options for sending information to Google.
12. Enable Developer Options by tapping "Build Number" seven times
13. In Developer Options, enable USB Debugging
14. On your computer, run 'adb shell pm uninstall --user 0 com.android.phone'
15. Reboot twice
16. Connect to WiFi
17. Open google.com in Chrome
18. Check Developer Options to see if you can enable OEM unlocking
19. If you can't, swipe away Settings from the Recents menu and go back to Chrome
20. In Chrome, open a bunch of websites. After opening each one, check the OEM Unlocking option again and close Settings afterward.
21. Once you can enable it, do so! Now you can unlock the bootloader.

Unlocking the bootloader:

-Reboot and press the Volume Down key when the screen goes black
-On the computer, type 'fastboot flashing unlock'

You just unlocked the bootloader!

Credit goes to djared704 for finding this method.

Let me know if I need to change anything about this guide.

for other reasons, you may see my rant

Hey guys. After 5 months of my purchase I finally achieved bootloader unlocking. Basically I am a user that has never updated to latest, I don't know if it makes it a variable if you're already on latest and try this. (I was coming from Sept 2019). So what I did was factory reset from the system menus. Then as soon as the screen went black, I did bootloader combos and straight to recovery. I factory resetted as prep, flashed DECEMBER patch, then after that finished, factory resetted again. Essentially, I followed the classic ADB exploit that has "never worked since Sept-Oct 2019" And yes I do have the VZW_001 CID and "_VZ" in GL website. Know when yours is bootlooping as soon as you reboot it, just hard reboot so it boots up quicker, I don't know what it does for it to take so long. Anyways when you get in, just setup like we'd always do, NO google account, turn off all setting requests (Data location, wallpapers, etc). Then as soon as I got in, I turned on debugging, ran the classic adb pm command, rebooted TWO times. This means as soon as I booted, i swiped to go to home, then rebooted a second time. As soon as I did that, I loaded up my wifi connection, I don't know if it matters but Im using the 5G wifi, then I load up google.com. Immediately, I already notice something strange. Google.com doesn't have a "valid SSL certificate" I thought it was weird, so I went to google.com on my PC and look certified SSL. As I knew that was weird, I was clicking around and I thought that was enough. so I went to the dev menu. OEM lock still grayed out. I went back to chrome and simply typed in "youtube" Let it load up. Then I clicked on the site. I went back to the dev menu. Still grayed out. I exited settings app and relaunched it to the dev menu. OEM unlock lit up in flying colors. I could not believe it. I instantly ticked it with 0 hesitation and rebooted immediately to the bootloader. The unlock command worked! I am now unlocked sailfish! I thank the community so much for all the hard work. I, only motivated the community to their potential. Thank you again!

Generally there are some kinds of factors.
Users have stated before if you OTA'd from menus to Latest patch, it would say "October", even though it's really december. This may make the unlocking procedure impossible. I have also not seen any marlin users report back to me yet about this method. You can still try flashing from googles site if you're already on "October = Dec".

Enjoy guys. We proved WE own these phones, and not VZW.

I hope you enjoy this guys. Regarding it, I do not know how long it will stay for so I suggest to do it now. At the moment, I do not know if this will work for pixel 2 and so on. You may try it but if you have issues you must go to your device board. Thanks.
 
Last edited:

MangoBento

Member
Jun 23, 2020
24
3
Melbourne
How long does it usually take for people to get the option active? I followed the steps 3 times and tried loading a bunch of websites but no luck unfortunately :( Maybe just need to keep trying?
 

MangoBento

Member
Jun 23, 2020
24
3
Melbourne
Tried that and still no luck.

Oh well, I'll probably keep trying tomorrow or something, not a huge fuss as I've since bought a new phone, but would've been nice to play around with custom ROMs on this pixel.

I went to check the IMEI number for my phone but it says "Unknown" in the settings now? Not sure if that contributes to it
 

Luminoux

Member
Feb 12, 2018
27
6
Kuching
Tried that and still no luck.

Oh well, I'll probably keep trying tomorrow or something, not a huge fuss as I've since bought a new phone, but would've been nice to play around with custom ROMs on this pixel.

I went to check the IMEI number for my phone but it says "Unknown" in the settings now? Not sure if that contributes to it

Same. Tried 3 times just now still no luck. XL here. My IMEI is unknown as well.
 

djared704

Senior Member
Jul 12, 2018
117
80
Los Pringles, California
Same. Tried 3 times just now still no luck. XL here. My IMEI is unknown as well.

Your IMEI is either unknown due to uninstalling android.phone, or actual corrupted/blacklisted EFS. If true, nothing can be done about that.

When you reset the device, did you flash December Android 10, and in the setup process, disable all the requests (data location, wallpapers, etc).

Is there a sim card in the phone?

Cheers.
 

androidbad

Member
Jul 19, 2020
5
2
Hi! Please, remember that the button may be greyed out, but it may be toggable anyway. So try to toggle it even though it's greyed out. Good luck!

I just retried the instructions and tried the toggle even though it was greyed out and it doesn't look like it worked. It wouldn't flip to "on" no matter how many websites I tried.
 
Last edited:
  • Like
Reactions: CLPose

androidbad

Member
Jul 19, 2020
5
2
That's strange. Have you tried repeating the process a second time?

This was literally my 4th time trying. I bought my phone off eBay so I'm honestly not sure if it's a verizon variant. I tried a checking my IMEI on the Verizon and Google website, neither of them actually indicate that it's a Verizon phone. But if it's a Google phone I expected to be able to unlock my bootloader already... idk Maybe it came from Canada or somewhere else like the UK.
 

djared704

Senior Member
Jul 12, 2018
117
80
Los Pringles, California
This was literally my 4th time trying. I bought my phone off eBay so I'm honestly not sure if it's a verizon variant. I tried a checking my IMEI on the Verizon and Google website, neither of them actually indicate that it's a Verizon phone. But if it's a Google phone I expected to be able to unlock my bootloader already... idk Maybe it came from Canada or somewhere else like the UK.

If you can gather enough evidence that your device is a Google store device, you can go here.

To get a 50% chance of displaying actual correct device, you can download Simple CID Getter on the Play store.

Cheers. Let me know how it goes.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    Breaking news - I UNLOCKED bootloader, rooted & install Lineage OS V17 (Android 10 final build) on my OG Pixel (PVT variant). Here's my results, see screenshots & photo images taken yesterday ... woohoo. As always - please read, follow and give it several tries on your best efforts, and YMMV. Good luck.

    One of the most useful aspect of having, owning & using the Google OG Pixel or Pixel XL after June 1, 2021 is the continuing support for uploading original photos via it to Google Photos for storage (until early 2022) without being counted against one's allowance, or having to pay more/extra for it. I do have Google One with 100GB shared among 3 accounts but ... Some of the "original" photos are precious & priceless memories of families & friends - I've sold my 1st. generation Pixel XL Google Edition earlier to move up to the 3a XL, but let's say, I do miss the Pixel's unique choices these days - thus, I picked up an inexpensive Pixel in good to excellent condition, battery life is average but otherwise great overall, supposed to be the Google variant, unlockable bootloader. Well, it was/is not when it arrived by postal package and my reaction was ---- (fill in your own words) knowing that it is a waste & going to need to return to seller. To make a long story short, I failed twice with previously outlined steps and ADB sideloaded, etc. etc. taking all the steps, no luck or success .... resigned to either use it as is, with stock rom or return/refund & go find another one.

    "OEM Unlocking" option under Developer's option within Settings was greyed out, no matter what - was on the final OEM Build ... until

    A word of warning, doing these could damage and/or brick your Pixel, and I am not responsible nor anyone else that wrote the steps & guides for the attempts/efforts to get the locked bootloader to somehow unlock, root & install your choice of custom rom, etc.

    First, I follow the steps to factory reset, install ADB and sideload, etc. and re-install the zip file, reset & boot, initially without connecting to WiFi, enabled Developer's option, enable USB debug, and confirmed that both ADB and FASTBOOT options are working, that the PC (Windows 10 Pro, 64 bits) recognizes the serial number/device ID. Uninstall the com.android.phone via ADB before another reboot, connect to WiFi & open browser to google, open various websites and check the OEM unlock options, etc. - it was still no can't do. After spending all afternoon/evening, trying & waiting, cursing too, I gave up AND decide to sideload the final stock rom zip file again, and boot up to do the basic / regular setup, etc.

    Well, after installing basic apps and setting it up for minimal functions, I went ahead to play with it. Well, I went back into Developer's setting and guess what, the OEM unlocking function is now enabled, no longer greyed out. Woohoo - joys, I went ahead to boot into bootloader/fastbook, and, unlocked it. The rest is history - after clicking the "warning" on screen. Lineage 17 (Android 10) is now installed, running, with pico gapps, and Google settings from a previously saved device and apps restored, up & running smoothly.

    I did not insert any nano sim card (this will be kept & used at home and connect to WiFi only) mostly for uploads & cloud access.

    To sum it, follow the previously documented steps to try and if it failed (most likely, it will ... just like me) then by the 3rd time, reset again but let the sideload rom/zip file install fully - boot up the stock rom, then, setup as usual, for a minimal one. Wait & let the rom settle & finished updating everything from Play Store, etc. - then, check again about the OEM unlock option (fingers crossed & good luck). If you are like me, the device will be fully wiped again as part of unlocking & factory reset, erasing everything - then, you are good to sideload Lineage and optionally, gapps, etc. and enjoy.

    Any questions, feel free to ask and if I can help, will cheerfully do so. Have a great week ahead. It it works for you with a bit of efforts, thumbs up and if not, please share anyway. Good luck !! Next, going to upload photos at full quality/resolution (almost all are 12 MP or less in resolutions anyway) for additional "free, for now" secure storage.

    Sorry to get back to this thread so late. From looking at your screenshots, you're running QP1A.191005.007.A3, latest Android 10 (obviously?), however from what I remember, VZW pixels run QP1A.191005.007.A1, and even if they do run A3, it still shows October patch regardless (unlocked or VZW). You should try a CID check to see if it actually is a vzw device. Also unlock procedure has been extremely finnicky. There have been VZW devices in the past that were free to be unlocked and unlocked devices that are still stuck to this day.
    1
    Sorry to get back to this thread so late. From looking at your screenshots, you're running QP1A.191005.007.A3, latest Android 10 (obviously?), however from what I remember, VZW pixels run QP1A.191005.007.A1, and even if they do run A3, it still shows October patch regardless (unlocked or VZW). You should try a CID check to see if it actually is a vzw device. Also unlock procedure has been extremely finnicky. There have been VZW devices in the past that were free to be unlocked and unlocked devices that are still stuck to this day.

    Good & interesting info/details - I tried to adb command to pull up the CID but not working. With the bootloader - it shown the device as being a Verizon variant "PVT" - maybe it wasn't originally used but an unlocked Google edition, used on VZ and however, updated/flashed when patches were pushed out to the previous owner/user ... before I brought it as a pre-owned one, in surprising good, almost mint condition - I grade it 8.5 or 9 out of a 10 score. Battery life is around 75% now, not bad for being 5 to 6 years old. The OEM unlocked option was definitely greyed out initially, now I'm just happy that I got it unlocked and on a non-stock rom, debloated further with mimial apps running.
  • 9
    AS OF JUL 19 THIS HAS STOPPED WORKING

    I apologize if you did not get your bootloader unlocking!

    At the moment, there is no information if the classic exploit will return, if it has worked for you, please make a post about it on this thread!

    We will go back to work to ensure pixels will get unlocked. I do not know how long it may take, it could be a few days, a few months or a few years. For this reason I'd respectfully ask you for no ETAs on the development on the exploit.

    I may keep this thread open if people are willing to crack on something or need help.

    Thanks for understanding.


    ----

    I wanted to make a new thread to clean things up as the correct answer is buried so far into the VZW thread and I don't believe people have time to dig down that far to do something so simple.

    Please give @RaspberryPiBen a thanks by going to his quote for finalizing my rant and making it into doable steps.

    The work by the community is absolutely incredible.

    Here is what worked for me:

    Prerequisites:
    No SIM card in the phone
    ADB and Platform Tools installed on a computer (https://www.xda-developers.com/install-adb-windows-macos-linux/)
    The latest OTA image downloaded to the computer (https://developers.google.com/android/ota#sailfish for the Pixel or https://developers.google.com/android/ota#marlin for the Pixel XL)
    The phone connected to the computer with USB
    Learn how to use ADB and Fastboot on your computer as it can differ.

    Steps:

    1. On the phone, open Settings>System>Reset Options and factory reset the phone. It should say "Restarting" or something similar.
    2. When the screen goes black, press and hold the Volume Down key until you get into the Bootloader mode. Use the volume keys to navigate to "Recovery Mode" and select it with the power button.
    3. Hold the Volume Down key for about a minute (while it resets) until you see an android lying down.
    4. Hold the Power button then press the Volume Up button once. It should give you a menu.
    5. Use the volume and power buttons to select "Wipe Data/Factory Reset" and confirm the reset.
    6. Once it finishes, select an option that is something like "Sideload OTA"
    7. Go to your computer and type in 'adb sideload sailfish-ota-qp1a.191005.007.a3-394b5899.zip' (without quotes) for the Pixel or 'adb sideload marlin-ota-qp1a.191005.007.a3-23002a57.zip' for the Pixel XL OR you may drag the zip file into the command prompt after typing "adb sideload", either way it should look similar.
    8. Factory reset again from recovery mode
    9. Reboot to system
    10. While it just shows the G, press the power button until the phone restarts
    11. Once it boots up, skip all of the steps but disable the options for sending information to Google.
    12. Enable Developer Options by tapping "Build Number" seven times
    13. In Developer Options, enable USB Debugging
    14. On your computer, run 'adb shell pm uninstall --user 0 com.android.phone'
    15. Reboot twice
    16. Connect to WiFi
    17. Open google.com in Chrome
    18. Check Developer Options to see if you can enable OEM unlocking
    19. If you can't, swipe away Settings from the Recents menu and go back to Chrome
    20. In Chrome, open a bunch of websites. After opening each one, check the OEM Unlocking option again and close Settings afterward.
    21. Once you can enable it, do so! Now you can unlock the bootloader.

    Unlocking the bootloader:

    -Reboot and press the Volume Down key when the screen goes black
    -On the computer, type 'fastboot flashing unlock'

    You just unlocked the bootloader!

    Credit goes to djared704 for finding this method.

    Let me know if I need to change anything about this guide.

    for other reasons, you may see my rant

    Hey guys. After 5 months of my purchase I finally achieved bootloader unlocking. Basically I am a user that has never updated to latest, I don't know if it makes it a variable if you're already on latest and try this. (I was coming from Sept 2019). So what I did was factory reset from the system menus. Then as soon as the screen went black, I did bootloader combos and straight to recovery. I factory resetted as prep, flashed DECEMBER patch, then after that finished, factory resetted again. Essentially, I followed the classic ADB exploit that has "never worked since Sept-Oct 2019" And yes I do have the VZW_001 CID and "_VZ" in GL website. Know when yours is bootlooping as soon as you reboot it, just hard reboot so it boots up quicker, I don't know what it does for it to take so long. Anyways when you get in, just setup like we'd always do, NO google account, turn off all setting requests (Data location, wallpapers, etc). Then as soon as I got in, I turned on debugging, ran the classic adb pm command, rebooted TWO times. This means as soon as I booted, i swiped to go to home, then rebooted a second time. As soon as I did that, I loaded up my wifi connection, I don't know if it matters but Im using the 5G wifi, then I load up google.com. Immediately, I already notice something strange. Google.com doesn't have a "valid SSL certificate" I thought it was weird, so I went to google.com on my PC and look certified SSL. As I knew that was weird, I was clicking around and I thought that was enough. so I went to the dev menu. OEM lock still grayed out. I went back to chrome and simply typed in "youtube" Let it load up. Then I clicked on the site. I went back to the dev menu. Still grayed out. I exited settings app and relaunched it to the dev menu. OEM unlock lit up in flying colors. I could not believe it. I instantly ticked it with 0 hesitation and rebooted immediately to the bootloader. The unlock command worked! I am now unlocked sailfish! I thank the community so much for all the hard work. I, only motivated the community to their potential. Thank you again!

    Generally there are some kinds of factors.
    Users have stated before if you OTA'd from menus to Latest patch, it would say "October", even though it's really december. This may make the unlocking procedure impossible. I have also not seen any marlin users report back to me yet about this method. You can still try flashing from googles site if you're already on "October = Dec".

    Enjoy guys. We proved WE own these phones, and not VZW.

    I hope you enjoy this guys. Regarding it, I do not know how long it will stay for so I suggest to do it now. At the moment, I do not know if this will work for pixel 2 and so on. You may try it but if you have issues you must go to your device board. Thanks.
    3
    Potential ideas

    If anyone could direct me to any of the details of what is known about how the VZ bootloader on Pixel 1 works I may be able to help. I am a programmer although I have no real experience with phones, other than unlocking/flashing and rooting using various tools with various phones.

    I do have an idea that I've gleaned from firmware locking on home automation devices (mostly Chinese HA sensors that are based on the ESP8266 board/chipset that lots of Chinese companies use in their sensors to put their fimware on). A very popular software/method for "unlocking" and flashing these devices is known as Tuya Convert (can't link because I'm a new user but just search Tuya-Convert and look at the github link). It's a very interesting method to me, but it may just because I am fairly ignorant of unlocking and flashing hacks and workarounds. Basically the idea of Tuya Convert is that you copy it onto a device with a wifi chip, usually a raspberry pi zero w or raspberry pi 3 but you could also use a regular PC with a wifi card/chip etc also. When you run Tuya Convert it broadcasts it's own WiFi network with the chip on the device. You then connect a phone or tablet to that wifi network first (the details and reasoning of this part escape me a bit) and after you have done this you then put the HA sensor device that you want to flash in sync mode. Now the beauty is, the Tuya Convert program and wifi network it has made actually intercepts that communication and poses as the authorizing server that the HA device is supposed to connect with and get updates from. So Tuya Convert poses as "home base" so to speak and allows you access to the device, and more importantly, allows you to push/flash your own (usually Tasmota or ESPEasy) firmware onto the device at this point.

    Last year, or possibly the year before, companies got wise on this and started to connect in a different way (mostly using https instead of just http) to "home base" but another user was able to write a modification of Tuya Convert that was able to defeat this new https phone home technique and now it has been merged into the original Tuya Convert so now that Tuya Convert uses both methods to flash olders devices and newer ones.

    Anyway, without know many details, this method may not work at all for bootloader unlocking in general or for the Pixel VZ in particular, it's just an idea. From reading and trying this myself it seems like the whole idea behind this exploit is to block the comms to VZ or route them different to avoid the base Google firmware from activating the bootloader lock, but I may wrong in my interpretation. If there is anything I can do to help or test or research I would love to try if someone could push or nudge me in the right direction. I think it's ridiculous that we have phones/hardware that we cannot truly do what we want to with, especially so with older hardware that is out of date/support now anyway. I would love to be able to free up so to speak the Pixels that I have and put whatever firmware/OS that I choose to on them; the hardware is amazing on these phones and it is a shame that we are stuck with what we have on it and cannot even downgrade to an older official version even if it works better than new versions (I'm looking at you Android 10 vs 9 and 8 and possibly even 7, at least on the Pixel 1 anyway!)
    2
    It sucks to be honest, and the people reporting the OEM unlock ungraying itself during the "deadline" (sept 2019 > july 2020) may be reporting actual VZW pixels that also found vulnerable moments. Some theories stated that when Google and VZW (it may not even be correct that VZW has a role) moves around servers, this is when the server is vulnerable, because it's inactive, or nothing there from stopping the OEM unlock mechanism if I'm correct?

    At the moment, the VZW research team is put back to work. I may end up requesting this thread to be closed so it does not confuse people, but I'll decide on this later. I apologize so much that you didn't get your bootloader unlock. At this point it's safe to say that the classic exploit is a unstable exploit, and should not be depended on.

    Thanks for your time.


    Yes, I suspect that neither google or VZW are patching anything they may see being done here. If they are even watching. Would not make business sense. The phone is end of life. I suspect you are right that there is a timing issue or something going on with servers sometimes. I'm just glad I got my Verizon version unlocked. So the ultimate would be to figure out what that "timing" issue is/was and find a way to duplicate it. Much easier said then done.

    Thanks for all the time that you put in and continue to put into this. Appreciate it.
    2
    For what it's worth, I haven't had any luck either. I visited XDA and saw the article too late. :) I tried it twice and the second time I've left it for a couple of days now with no luck. Thanks anyway, and good luck for the future to all of us! This particular Pixel I got off Swappa, and the guy put at as a Google Edition 128 GB. I only had the 32 GB Google Edition I got cheaply from Best Buy in 2016, and the Swappa deal was only $50-$55, so I kept it even though it was a Verizon edition instead. I did tell the seller in order to educate him, though.

    No idea if it was refurbished, and it has the indication it's on the October 2019 security patch even though I'm on the final OTA.

    It sucks to be honest, and the people reporting the OEM unlock ungraying itself during the "deadline" (sept 2019 > july 2020) may be reporting actual VZW pixels that also found vulnerable moments. Some theories stated that when Google and VZW (it may not even be correct that VZW has a role) moves around servers, this is when the server is vulnerable, because it's inactive, or nothing there from stopping the OEM unlock mechanism if I'm correct?

    At the moment, the VZW research team is put back to work. I may end up requesting this thread to be closed so it does not confuse people, but I'll decide on this later. I apologize so much that you didn't get your bootloader unlock. At this point it's safe to say that the classic exploit is a unstable exploit, and should not be depended on.

    Thanks for your time.
    2
    Your IMEI is either unknown due to uninstalling android.phone, or actual corrupted/blacklisted EFS. If true, nothing can be done about that.

    When you reset the device, did you flash December Android 10, and in the setup process, disable all the requests (data location, wallpapers, etc).

    Is there a sim card in the phone?

    Cheers.

    Yep. Latest December patch & skipped all the setup, no sim. I followed the instruction precisely and still no luck. I wonder why would Verizon still give a damn about this