[New][July-16-2020]Unlocking bootloader on VZW Pixel 1 and XL

djared704

Senior Member
Jul 12, 2018
116
78
38
Los Pringles, California
For what it's worth, I haven't had any luck either. I visited XDA and saw the article too late. :) I tried it twice and the second time I've left it for a couple of days now with no luck. Thanks anyway, and good luck for the future to all of us! This particular Pixel I got off Swappa, and the guy put at as a Google Edition 128 GB. I only had the 32 GB Google Edition I got cheaply from Best Buy in 2016, and the Swappa deal was only $50-$55, so I kept it even though it was a Verizon edition instead. I did tell the seller in order to educate him, though.

No idea if it was refurbished, and it has the indication it's on the October 2019 security patch even though I'm on the final OTA.
It sucks to be honest, and the people reporting the OEM unlock ungraying itself during the "deadline" (sept 2019 > july 2020) may be reporting actual VZW pixels that also found vulnerable moments. Some theories stated that when Google and VZW (it may not even be correct that VZW has a role) moves around servers, this is when the server is vulnerable, because it's inactive, or nothing there from stopping the OEM unlock mechanism if I'm correct?

At the moment, the VZW research team is put back to work. I may end up requesting this thread to be closed so it does not confuse people, but I'll decide on this later. I apologize so much that you didn't get your bootloader unlock. At this point it's safe to say that the classic exploit is a unstable exploit, and should not be depended on.

Thanks for your time.
 

roirraW "edor" ehT

Recognized Contributor
May 8, 2010
8,906
4,982
253
Columbus, OH
It sucks to be honest, and the people reporting the OEM unlock ungraying itself during the "deadline" (sept 2019 > july 2020) may be reporting actual VZW pixels that also found vulnerable moments. Some theories stated that when Google and VZW (it may not even be correct that VZW has a role) moves around servers, this is when the server is vulnerable, because it's inactive, or nothing there from stopping the OEM unlock mechanism if I'm correct?

At the moment, the VZW research team is put back to work. I may end up requesting this thread to be closed so it does not confuse people, but I'll decide on this later. I apologize so much that you didn't get your bootloader unlock. At this point it's safe to say that the classic exploit is a unstable exploit, and should not be depended on.

Thanks for your time.
Those are definitely as good or better theories as any. That's okay, mate, I love just reading about that some people were able to take advantage of it. Thanks so much for your efforts! I'll keep checking that phone every once in a while just in case. Cheers!

Edit: I just really noticed your avatar. Pink Floyd "The Wall"?
 
Last edited:

MangoBento

Member
Jun 23, 2020
24
3
3
Melbourne
At the moment, the VZW research team is put back to work. I may end up requesting this thread to be closed so it does not confuse people, but I'll decide on this later. I apologize so much that you didn't get your bootloader unlock. At this point it's safe to say that the classic exploit is a unstable exploit, and should not be depended on.

Thanks for your time.
Not sure why you're apologising mate, unless you're the one working for Verizon and patching out these exploits ;)

But jokes aside, you and the community have put a lot of effort into this, you're in no position to apologize! Thank you so much for your continued efforts :)
 
  • Like
Reactions: roirraW "edor" ehT

n3kf

Senior Member
Jul 13, 2015
227
93
48
It sucks to be honest, and the people reporting the OEM unlock ungraying itself during the "deadline" (sept 2019 > july 2020) may be reporting actual VZW pixels that also found vulnerable moments. Some theories stated that when Google and VZW (it may not even be correct that VZW has a role) moves around servers, this is when the server is vulnerable, because it's inactive, or nothing there from stopping the OEM unlock mechanism if I'm correct?

At the moment, the VZW research team is put back to work. I may end up requesting this thread to be closed so it does not confuse people, but I'll decide on this later. I apologize so much that you didn't get your bootloader unlock. At this point it's safe to say that the classic exploit is a unstable exploit, and should not be depended on.

Thanks for your time.

Yes, I suspect that neither google or VZW are patching anything they may see being done here. If they are even watching. Would not make business sense. The phone is end of life. I suspect you are right that there is a timing issue or something going on with servers sometimes. I'm just glad I got my Verizon version unlocked. So the ultimate would be to figure out what that "timing" issue is/was and find a way to duplicate it. Much easier said then done.

Thanks for all the time that you put in and continue to put into this. Appreciate it.
 

TimTx1

Member
Jun 26, 2020
13
3
0
There is no way that Verizon is patching anything on these old phones. I doubt they really care. All they want to do now, is nothing.

I just think that everyone's phone is different and so there's no perfect exploit. I think the Verizon phones with the latest 2020 updates are probably the hardest. Mine probably only worked because of a fluke thing when my IMEI number was no longer in the system because of a motherboard swap.
 

Vierajoe

Senior Member
Apr 13, 2011
99
14
0
It worked for the the first and I was able to downgraded. I figured since OEM flashing was enable I could lock and unlock the bootloader as needed. Well I made the fatal mistake relocking the bootloader and OEM flashing is grayed out. I have not been able to reenable OEM flashing. This phone has its issue, the Oct '19 update killed my 2.4Ghz wifi transmitter, the phone can 2.4ghz but can't transmit this affect wifi also. For now the phone is 5ghz wifi and hotspot.
 

alano99

New member
Sep 28, 2010
1
3
0
Potential ideas

If anyone could direct me to any of the details of what is known about how the VZ bootloader on Pixel 1 works I may be able to help. I am a programmer although I have no real experience with phones, other than unlocking/flashing and rooting using various tools with various phones.

I do have an idea that I've gleaned from firmware locking on home automation devices (mostly Chinese HA sensors that are based on the ESP8266 board/chipset that lots of Chinese companies use in their sensors to put their fimware on). A very popular software/method for "unlocking" and flashing these devices is known as Tuya Convert (can't link because I'm a new user but just search Tuya-Convert and look at the github link). It's a very interesting method to me, but it may just because I am fairly ignorant of unlocking and flashing hacks and workarounds. Basically the idea of Tuya Convert is that you copy it onto a device with a wifi chip, usually a raspberry pi zero w or raspberry pi 3 but you could also use a regular PC with a wifi card/chip etc also. When you run Tuya Convert it broadcasts it's own WiFi network with the chip on the device. You then connect a phone or tablet to that wifi network first (the details and reasoning of this part escape me a bit) and after you have done this you then put the HA sensor device that you want to flash in sync mode. Now the beauty is, the Tuya Convert program and wifi network it has made actually intercepts that communication and poses as the authorizing server that the HA device is supposed to connect with and get updates from. So Tuya Convert poses as "home base" so to speak and allows you access to the device, and more importantly, allows you to push/flash your own (usually Tasmota or ESPEasy) firmware onto the device at this point.

Last year, or possibly the year before, companies got wise on this and started to connect in a different way (mostly using https instead of just http) to "home base" but another user was able to write a modification of Tuya Convert that was able to defeat this new https phone home technique and now it has been merged into the original Tuya Convert so now that Tuya Convert uses both methods to flash olders devices and newer ones.

Anyway, without know many details, this method may not work at all for bootloader unlocking in general or for the Pixel VZ in particular, it's just an idea. From reading and trying this myself it seems like the whole idea behind this exploit is to block the comms to VZ or route them different to avoid the base Google firmware from activating the bootloader lock, but I may wrong in my interpretation. If there is anything I can do to help or test or research I would love to try if someone could push or nudge me in the right direction. I think it's ridiculous that we have phones/hardware that we cannot truly do what we want to with, especially so with older hardware that is out of date/support now anyway. I would love to be able to free up so to speak the Pixels that I have and put whatever firmware/OS that I choose to on them; the hardware is amazing on these phones and it is a shame that we are stuck with what we have on it and cannot even downgrade to an older official version even if it works better than new versions (I'm looking at you Android 10 vs 9 and 8 and possibly even 7, at least on the Pixel 1 anyway!)
 

kdavidb

Member
Jun 14, 2014
13
0
0
date dependent or update dependent?

hi all and apologies is the answer should be evident . . .

is the method absolutely impossible based on today's date, or is it about the current software update on the phone? i've rooted a few DROIDs in the past and have a Pixel XL that's been offline for a while so i just wondered if i could compare the software version of the phone and some historical OTA updates and whether this method would work if everything is still old enough and i can get software versions that worked at one point?

and my thanks to the community as well for all the work and contributions . . .
 

RaspberryPiBen

Senior Member
Aug 4, 2017
62
29
18
hi all and apologies is the answer should be evident . . .

is the method absolutely impossible based on today's date, or is it about the current software update on the phone? i've rooted a few DROIDs in the past and have a Pixel XL that's been offline for a while so i just wondered if i could compare the software version of the phone and some historical OTA updates and whether this method would work if everything is still old enough and i can get software versions that worked at one point?

and my thanks to the community as well for all the work and contributions . . .
If it has an old enough version, some other unlock methods might work like DePixel8 might work. However, this method was fixed with a server patch and won't work for any device anymore.
 

roirraW "edor" ehT

Recognized Contributor
May 8, 2010
8,906
4,982
253
Columbus, OH
hi all and apologies is the answer should be evident . . .
All attempts after about July 20th have failed - at least all attempts that have been reported here, which have been many, and including my own most recent locked Verizon Pixel 1, and I had tried the most recent method many times.

Footnote: I have two other Pixels - one a true Google Edition Pixel XL 1, and the other a Verizon Pixel 1 that I had unlocked using the method that was available before the Android 7.11 OTA.
 
  • Like
Reactions: kdavidb

kdavidb

Member
Jun 14, 2014
13
0
0
If it has an old enough version, some other unlock methods might work like DePixel8 might work. However, this method was fixed with a server patch and won't work for any device anymore.
thanks so much for the quick reply. i thought that answer was what i was reading. i'm sure it's not old enough for a different fix(?). i actually took it offline earlier in the year in anticipation of using this method, but i delayed so now i just salute your work and wait . . . :))
 

jaykoerner

Senior Member
Dec 4, 2014
71
9
28
ummm i followed the instructions on the latest firmware and while it didn't exactly work, i kept using the phone and decided to check again maybe 20-30 mins later after using it and lo and behold it wasn't greyed out, I'm just saying this exploit isn't completely dead, not sure how to do it reliably though
 

RaspberryPiBen

Senior Member
Aug 4, 2017
62
29
18
ummm i followed the instructions on the latest firmware and while it didn't exactly work, i kept using the phone and decided to check again maybe 20-30 mins later after using it and lo and behold it wasn't greyed out, I'm just saying this exploit isn't completely dead, not sure how to do it reliably though
That's very interesting. I can't test it out but I wonder what caused this to work again. This could be useful. Thank you.
 

djared704

Senior Member
Jul 12, 2018
116
78
38
Los Pringles, California
ummm i followed the instructions on the latest firmware and while it didn't exactly work, i kept using the phone and decided to check again maybe 20-30 mins later after using it and lo and behold it wasn't greyed out, I'm just saying this exploit isn't completely dead, not sure how to do it reliably though
Depends how long it will be back

People from telegram have already been testing it and they said it wasn't working for them.

I honestly still think the connectivity procedure (how your ISP and router is setup) can affect how it ungrays

PS - I still think it's worthy to actually "prove" your device VZW
1. Trash can on back of device
2. Google repair center site

Not ways to prove
1. IMEI 35
2. Grayed out OEM

Thanks.
 
Last edited:

jaykoerner

Senior Member
Dec 4, 2014
71
9
28
Depends how long it will be back

People from telegram have already been testing it and they said it wasn't working for them.

I honestly still think the connectivity procedure (how your ISP and router is setup) can affect how it ungrays

PS - I still think it's worthy to actually "prove" your device VZW
1. Trash can on back of device
2. Google repair center site

Not ways to prove
1. IMEI 35
2. Grayed out OEM

Thanks.
Can confirm there is a trashcan on the back cuz i took a video of it (barely its been worn down with time) so definitely verizon, as stated all i did was the july 2020 steps and a believe but am not sure but had a visible sim card in it for internet, but possibly not, i dont have that pixel anymore i was just attempting to get it working with visible for my sister. Anyways i was installing apps and other stuff so no clue, since you had to open possibly a lot of chome pages i assumed it was ram related but no clue, it worked for me but as said im a sample size of one with no clue how it worked,

Off topic but my original reason for doing this turned out pointless, all i required was useing a different providers sim waiting for it to get the apns for it turning it off and putting in the visible sim card, turns out googles carrier bundle(or blob heard both words) was screwed up in a few of the updates including the last one, and visible the only carrier to use them(at least in the is i dont know elsewhere) wouldn't get ims registration so no calls or text since they are a lte only carrier, seems that putting in a sim that doesn't support the bundle defaults to the old way with carrier provisioning and apns and doesn't use the bundle even when asupported sim is inserted. Cool i got it working, just 5 days of putting roms on the device for nothing
 
Last edited:

Rootmaster906

Senior Member
Dec 2, 2020
109
2
18
I did not argue and say that this would stay forever, in fact I said to do it immediately, as the time frame would close almost instantly. For this reason, I apologize dearly if you did not get your chance for bootloader unlocking. Many users who have unlocked have logged actual IP's from VZW, Google and many other servers when their OEM unlock ungrayed. Maybe we can use that as sufficient information.

Apart from that, the Verizon Pixel 1 bootloader team is going to be going back to work to find out more information for the Chinese service unlocking. This kind of method will be more reliable as it will not be able to be patched, and the team even saw it happen in action. Please let me know if the OEM unlock ungrays itself.

For more info regarding the classic exploit, I remember some people in around mid 2019 (before it was ACTUALLY patched) said they had to let their phone sit all night with it online to get the OEM unlock activate. As @RaspberryPiBen said himself that it may "take 5 minutes". Regularly it would only take a handful of seconds for it to come ungrayed, but this was not true for other devices.

Is it possible that there are refurbished Pixel 1's? I mean refurbished and written into the Google repair website. If this is true, then its the reason why unlocking cannot be done. All other google devices with a refurbished status cannot be unlocked.

Let me know how it goes.

Thanks.
Did they let it sit online all night after doing the steps?
 

Rootmaster906

Senior Member
Dec 2, 2020
109
2
18
Did you make first steps correctly? After factory reset turn down phone while reset going, and enter recovery. Factory reset will continue, and after loading system go to recovery and make wipe/reset.
i tried myself 2 times. And on a second time i did this and it has worked.
Could u elaborate the steps u did? I would surely appreciate it.
 

Rootmaster906

Senior Member
Dec 2, 2020
109
2
18
It sucks to be honest, and the people reporting the OEM unlock ungraying itself during the "deadline" (sept 2019 > july 2020) may be reporting actual VZW pixels that also found vulnerable moments. Some theories stated that when Google and VZW (it may not even be correct that VZW has a role) moves around servers, this is when the server is vulnerable, because it's inactive, or nothing there from stopping the OEM unlock mechanism if I'm correct?

At the moment, the VZW research team is put back to work. I may end up requesting this thread to be closed so it does not confuse people, but I'll decide on this later. I apologize so much that you didn't get your bootloader unlock. At this point it's safe to say that the classic exploit is a unstable exploit, and should not be depended on.

Thanks for your time.
Why can't we get ahold of verizon and have them release the liens...or why can't they just help?