[New][July-16-2020]Unlocking bootloader on VZW Pixel 1 and XL

Search This thread

djared704

Senior Member
Jul 12, 2018
116
83
Los Pringles, California
For what it's worth, I haven't had any luck either. I visited XDA and saw the article too late. :) I tried it twice and the second time I've left it for a couple of days now with no luck. Thanks anyway, and good luck for the future to all of us! This particular Pixel I got off Swappa, and the guy put at as a Google Edition 128 GB. I only had the 32 GB Google Edition I got cheaply from Best Buy in 2016, and the Swappa deal was only $50-$55, so I kept it even though it was a Verizon edition instead. I did tell the seller in order to educate him, though.

No idea if it was refurbished, and it has the indication it's on the October 2019 security patch even though I'm on the final OTA.

It sucks to be honest, and the people reporting the OEM unlock ungraying itself during the "deadline" (sept 2019 > july 2020) may be reporting actual VZW pixels that also found vulnerable moments. Some theories stated that when Google and VZW (it may not even be correct that VZW has a role) moves around servers, this is when the server is vulnerable, because it's inactive, or nothing there from stopping the OEM unlock mechanism if I'm correct?

At the moment, the VZW research team is put back to work. I may end up requesting this thread to be closed so it does not confuse people, but I'll decide on this later. I apologize so much that you didn't get your bootloader unlock. At this point it's safe to say that the classic exploit is a unstable exploit, and should not be depended on.

Thanks for your time.
 

roirraW "edor" ehT

Forum Moderator
Staff member
It sucks to be honest, and the people reporting the OEM unlock ungraying itself during the "deadline" (sept 2019 > july 2020) may be reporting actual VZW pixels that also found vulnerable moments. Some theories stated that when Google and VZW (it may not even be correct that VZW has a role) moves around servers, this is when the server is vulnerable, because it's inactive, or nothing there from stopping the OEM unlock mechanism if I'm correct?

At the moment, the VZW research team is put back to work. I may end up requesting this thread to be closed so it does not confuse people, but I'll decide on this later. I apologize so much that you didn't get your bootloader unlock. At this point it's safe to say that the classic exploit is a unstable exploit, and should not be depended on.

Thanks for your time.

Those are definitely as good or better theories as any. That's okay, mate, I love just reading about that some people were able to take advantage of it. Thanks so much for your efforts! I'll keep checking that phone every once in a while just in case. Cheers!

Edit: I just really noticed your avatar. Pink Floyd "The Wall"?
 
Last edited:

MangoBento

Member
Jun 23, 2020
32
4
Melbourne
At the moment, the VZW research team is put back to work. I may end up requesting this thread to be closed so it does not confuse people, but I'll decide on this later. I apologize so much that you didn't get your bootloader unlock. At this point it's safe to say that the classic exploit is a unstable exploit, and should not be depended on.

Thanks for your time.

Not sure why you're apologising mate, unless you're the one working for Verizon and patching out these exploits ;)

But jokes aside, you and the community have put a lot of effort into this, you're in no position to apologize! Thank you so much for your continued efforts :)
 
  • Like
Reactions: roirraW "edor" ehT

n3kf

Senior Member
Jul 13, 2015
246
103
It sucks to be honest, and the people reporting the OEM unlock ungraying itself during the "deadline" (sept 2019 > july 2020) may be reporting actual VZW pixels that also found vulnerable moments. Some theories stated that when Google and VZW (it may not even be correct that VZW has a role) moves around servers, this is when the server is vulnerable, because it's inactive, or nothing there from stopping the OEM unlock mechanism if I'm correct?

At the moment, the VZW research team is put back to work. I may end up requesting this thread to be closed so it does not confuse people, but I'll decide on this later. I apologize so much that you didn't get your bootloader unlock. At this point it's safe to say that the classic exploit is a unstable exploit, and should not be depended on.

Thanks for your time.


Yes, I suspect that neither google or VZW are patching anything they may see being done here. If they are even watching. Would not make business sense. The phone is end of life. I suspect you are right that there is a timing issue or something going on with servers sometimes. I'm just glad I got my Verizon version unlocked. So the ultimate would be to figure out what that "timing" issue is/was and find a way to duplicate it. Much easier said then done.

Thanks for all the time that you put in and continue to put into this. Appreciate it.
 

TimTx1

Member
Jun 26, 2020
13
3
There is no way that Verizon is patching anything on these old phones. I doubt they really care. All they want to do now, is nothing.

I just think that everyone's phone is different and so there's no perfect exploit. I think the Verizon phones with the latest 2020 updates are probably the hardest. Mine probably only worked because of a fluke thing when my IMEI number was no longer in the system because of a motherboard swap.
 

Vierajoe

Senior Member
Apr 13, 2011
99
14
It worked for the the first and I was able to downgraded. I figured since OEM flashing was enable I could lock and unlock the bootloader as needed. Well I made the fatal mistake relocking the bootloader and OEM flashing is grayed out. I have not been able to reenable OEM flashing. This phone has its issue, the Oct '19 update killed my 2.4Ghz wifi transmitter, the phone can 2.4ghz but can't transmit this affect wifi also. For now the phone is 5ghz wifi and hotspot.
 

alano99

New member
Sep 28, 2010
1
3
Potential ideas

If anyone could direct me to any of the details of what is known about how the VZ bootloader on Pixel 1 works I may be able to help. I am a programmer although I have no real experience with phones, other than unlocking/flashing and rooting using various tools with various phones.

I do have an idea that I've gleaned from firmware locking on home automation devices (mostly Chinese HA sensors that are based on the ESP8266 board/chipset that lots of Chinese companies use in their sensors to put their fimware on). A very popular software/method for "unlocking" and flashing these devices is known as Tuya Convert (can't link because I'm a new user but just search Tuya-Convert and look at the github link). It's a very interesting method to me, but it may just because I am fairly ignorant of unlocking and flashing hacks and workarounds. Basically the idea of Tuya Convert is that you copy it onto a device with a wifi chip, usually a raspberry pi zero w or raspberry pi 3 but you could also use a regular PC with a wifi card/chip etc also. When you run Tuya Convert it broadcasts it's own WiFi network with the chip on the device. You then connect a phone or tablet to that wifi network first (the details and reasoning of this part escape me a bit) and after you have done this you then put the HA sensor device that you want to flash in sync mode. Now the beauty is, the Tuya Convert program and wifi network it has made actually intercepts that communication and poses as the authorizing server that the HA device is supposed to connect with and get updates from. So Tuya Convert poses as "home base" so to speak and allows you access to the device, and more importantly, allows you to push/flash your own (usually Tasmota or ESPEasy) firmware onto the device at this point.

Last year, or possibly the year before, companies got wise on this and started to connect in a different way (mostly using https instead of just http) to "home base" but another user was able to write a modification of Tuya Convert that was able to defeat this new https phone home technique and now it has been merged into the original Tuya Convert so now that Tuya Convert uses both methods to flash olders devices and newer ones.

Anyway, without know many details, this method may not work at all for bootloader unlocking in general or for the Pixel VZ in particular, it's just an idea. From reading and trying this myself it seems like the whole idea behind this exploit is to block the comms to VZ or route them different to avoid the base Google firmware from activating the bootloader lock, but I may wrong in my interpretation. If there is anything I can do to help or test or research I would love to try if someone could push or nudge me in the right direction. I think it's ridiculous that we have phones/hardware that we cannot truly do what we want to with, especially so with older hardware that is out of date/support now anyway. I would love to be able to free up so to speak the Pixels that I have and put whatever firmware/OS that I choose to on them; the hardware is amazing on these phones and it is a shame that we are stuck with what we have on it and cannot even downgrade to an older official version even if it works better than new versions (I'm looking at you Android 10 vs 9 and 8 and possibly even 7, at least on the Pixel 1 anyway!)
 

kdavidb

Member
Jun 14, 2014
13
0
date dependent or update dependent?

hi all and apologies is the answer should be evident . . .

is the method absolutely impossible based on today's date, or is it about the current software update on the phone? i've rooted a few DROIDs in the past and have a Pixel XL that's been offline for a while so i just wondered if i could compare the software version of the phone and some historical OTA updates and whether this method would work if everything is still old enough and i can get software versions that worked at one point?

and my thanks to the community as well for all the work and contributions . . .
 

RaspberryPiBen

Senior Member
Aug 4, 2017
116
47
hi all and apologies is the answer should be evident . . .

is the method absolutely impossible based on today's date, or is it about the current software update on the phone? i've rooted a few DROIDs in the past and have a Pixel XL that's been offline for a while so i just wondered if i could compare the software version of the phone and some historical OTA updates and whether this method would work if everything is still old enough and i can get software versions that worked at one point?

and my thanks to the community as well for all the work and contributions . . .

If it has an old enough version, some other unlock methods might work like DePixel8 might work. However, this method was fixed with a server patch and won't work for any device anymore.
 

roirraW "edor" ehT

Forum Moderator
Staff member
hi all and apologies is the answer should be evident . . .

All attempts after about July 20th have failed - at least all attempts that have been reported here, which have been many, and including my own most recent locked Verizon Pixel 1, and I had tried the most recent method many times.

Footnote: I have two other Pixels - one a true Google Edition Pixel XL 1, and the other a Verizon Pixel 1 that I had unlocked using the method that was available before the Android 7.11 OTA.
 
  • Like
Reactions: kdavidb

kdavidb

Member
Jun 14, 2014
13
0
If it has an old enough version, some other unlock methods might work like DePixel8 might work. However, this method was fixed with a server patch and won't work for any device anymore.

thanks so much for the quick reply. i thought that answer was what i was reading. i'm sure it's not old enough for a different fix(?). i actually took it offline earlier in the year in anticipation of using this method, but i delayed so now i just salute your work and wait . . . :))
 

jaykoerner

Senior Member
Dec 4, 2014
71
9
ummm i followed the instructions on the latest firmware and while it didn't exactly work, i kept using the phone and decided to check again maybe 20-30 mins later after using it and lo and behold it wasn't greyed out, I'm just saying this exploit isn't completely dead, not sure how to do it reliably though
 

RaspberryPiBen

Senior Member
Aug 4, 2017
116
47
ummm i followed the instructions on the latest firmware and while it didn't exactly work, i kept using the phone and decided to check again maybe 20-30 mins later after using it and lo and behold it wasn't greyed out, I'm just saying this exploit isn't completely dead, not sure how to do it reliably though

That's very interesting. I can't test it out but I wonder what caused this to work again. This could be useful. Thank you.
 

djared704

Senior Member
Jul 12, 2018
116
83
Los Pringles, California
ummm i followed the instructions on the latest firmware and while it didn't exactly work, i kept using the phone and decided to check again maybe 20-30 mins later after using it and lo and behold it wasn't greyed out, I'm just saying this exploit isn't completely dead, not sure how to do it reliably though

Depends how long it will be back

People from telegram have already been testing it and they said it wasn't working for them.

I honestly still think the connectivity procedure (how your ISP and router is setup) can affect how it ungrays

PS - I still think it's worthy to actually "prove" your device VZW
1. Trash can on back of device
2. Google repair center site

Not ways to prove
1. IMEI 35
2. Grayed out OEM

Thanks.
 
Last edited:

jaykoerner

Senior Member
Dec 4, 2014
71
9
Depends how long it will be back

People from telegram have already been testing it and they said it wasn't working for them.

I honestly still think the connectivity procedure (how your ISP and router is setup) can affect how it ungrays

PS - I still think it's worthy to actually "prove" your device VZW
1. Trash can on back of device
2. Google repair center site

Not ways to prove
1. IMEI 35
2. Grayed out OEM

Thanks.

Can confirm there is a trashcan on the back cuz i took a video of it (barely its been worn down with time) so definitely verizon, as stated all i did was the july 2020 steps and a believe but am not sure but had a visible sim card in it for internet, but possibly not, i dont have that pixel anymore i was just attempting to get it working with visible for my sister. Anyways i was installing apps and other stuff so no clue, since you had to open possibly a lot of chome pages i assumed it was ram related but no clue, it worked for me but as said im a sample size of one with no clue how it worked,

Off topic but my original reason for doing this turned out pointless, all i required was useing a different providers sim waiting for it to get the apns for it turning it off and putting in the visible sim card, turns out googles carrier bundle(or blob heard both words) was screwed up in a few of the updates including the last one, and visible the only carrier to use them(at least in the is i dont know elsewhere) wouldn't get ims registration so no calls or text since they are a lte only carrier, seems that putting in a sim that doesn't support the bundle defaults to the old way with carrier provisioning and apns and doesn't use the bundle even when asupported sim is inserted. Cool i got it working, just 5 days of putting roms on the device for nothing
 
Last edited:

Rootmaster906

Senior Member
Dec 2, 2020
362
16
Nexus 6
Samsung Galaxy Note 10
I did not argue and say that this would stay forever, in fact I said to do it immediately, as the time frame would close almost instantly. For this reason, I apologize dearly if you did not get your chance for bootloader unlocking. Many users who have unlocked have logged actual IP's from VZW, Google and many other servers when their OEM unlock ungrayed. Maybe we can use that as sufficient information.

Apart from that, the Verizon Pixel 1 bootloader team is going to be going back to work to find out more information for the Chinese service unlocking. This kind of method will be more reliable as it will not be able to be patched, and the team even saw it happen in action. Please let me know if the OEM unlock ungrays itself.

For more info regarding the classic exploit, I remember some people in around mid 2019 (before it was ACTUALLY patched) said they had to let their phone sit all night with it online to get the OEM unlock activate. As @RaspberryPiBen said himself that it may "take 5 minutes". Regularly it would only take a handful of seconds for it to come ungrayed, but this was not true for other devices.

Is it possible that there are refurbished Pixel 1's? I mean refurbished and written into the Google repair website. If this is true, then its the reason why unlocking cannot be done. All other google devices with a refurbished status cannot be unlocked.

Let me know how it goes.

Thanks.
Did they let it sit online all night after doing the steps?
 

Rootmaster906

Senior Member
Dec 2, 2020
362
16
Nexus 6
Samsung Galaxy Note 10
It sucks to be honest, and the people reporting the OEM unlock ungraying itself during the "deadline" (sept 2019 > july 2020) may be reporting actual VZW pixels that also found vulnerable moments. Some theories stated that when Google and VZW (it may not even be correct that VZW has a role) moves around servers, this is when the server is vulnerable, because it's inactive, or nothing there from stopping the OEM unlock mechanism if I'm correct?

At the moment, the VZW research team is put back to work. I may end up requesting this thread to be closed so it does not confuse people, but I'll decide on this later. I apologize so much that you didn't get your bootloader unlock. At this point it's safe to say that the classic exploit is a unstable exploit, and should not be depended on.

Thanks for your time.
Why can't we get ahold of verizon and have them release the liens...or why can't they just help?
 

Top Liked Posts

  • There are no posts matching your filters.
  • 9
    AS OF JUL 19 THIS HAS STOPPED WORKING

    I apologize if you did not get your bootloader unlocking!

    At the moment, there is no information if the classic exploit will return, if it has worked for you, please make a post about it on this thread!

    We will go back to work to ensure pixels will get unlocked. I do not know how long it may take, it could be a few days, a few months or a few years. For this reason I'd respectfully ask you for no ETAs on the development on the exploit.

    I may keep this thread open if people are willing to crack on something or need help.

    Thanks for understanding.


    ----

    I wanted to make a new thread to clean things up as the correct answer is buried so far into the VZW thread and I don't believe people have time to dig down that far to do something so simple.

    Please give @RaspberryPiBen a thanks by going to his quote for finalizing my rant and making it into doable steps.

    The work by the community is absolutely incredible.

    Here is what worked for me:

    Prerequisites:
    No SIM card in the phone
    ADB and Platform Tools installed on a computer (https://www.xda-developers.com/install-adb-windows-macos-linux/)
    The latest OTA image downloaded to the computer (https://developers.google.com/android/ota#sailfish for the Pixel or https://developers.google.com/android/ota#marlin for the Pixel XL)
    The phone connected to the computer with USB
    Learn how to use ADB and Fastboot on your computer as it can differ.

    Steps:

    1. On the phone, open Settings>System>Reset Options and factory reset the phone. It should say "Restarting" or something similar.
    2. When the screen goes black, press and hold the Volume Down key until you get into the Bootloader mode. Use the volume keys to navigate to "Recovery Mode" and select it with the power button.
    3. Hold the Volume Down key for about a minute (while it resets) until you see an android lying down.
    4. Hold the Power button then press the Volume Up button once. It should give you a menu.
    5. Use the volume and power buttons to select "Wipe Data/Factory Reset" and confirm the reset.
    6. Once it finishes, select an option that is something like "Sideload OTA"
    7. Go to your computer and type in 'adb sideload sailfish-ota-qp1a.191005.007.a3-394b5899.zip' (without quotes) for the Pixel or 'adb sideload marlin-ota-qp1a.191005.007.a3-23002a57.zip' for the Pixel XL OR you may drag the zip file into the command prompt after typing "adb sideload", either way it should look similar.
    8. Factory reset again from recovery mode
    9. Reboot to system
    10. While it just shows the G, press the power button until the phone restarts
    11. Once it boots up, skip all of the steps but disable the options for sending information to Google.
    12. Enable Developer Options by tapping "Build Number" seven times
    13. In Developer Options, enable USB Debugging
    14. On your computer, run 'adb shell pm uninstall --user 0 com.android.phone'
    15. Reboot twice
    16. Connect to WiFi
    17. Open google.com in Chrome
    18. Check Developer Options to see if you can enable OEM unlocking
    19. If you can't, swipe away Settings from the Recents menu and go back to Chrome
    20. In Chrome, open a bunch of websites. After opening each one, check the OEM Unlocking option again and close Settings afterward.
    21. Once you can enable it, do so! Now you can unlock the bootloader.

    Unlocking the bootloader:

    -Reboot and press the Volume Down key when the screen goes black
    -On the computer, type 'fastboot flashing unlock'

    You just unlocked the bootloader!

    Credit goes to djared704 for finding this method.

    Let me know if I need to change anything about this guide.

    for other reasons, you may see my rant

    Hey guys. After 5 months of my purchase I finally achieved bootloader unlocking. Basically I am a user that has never updated to latest, I don't know if it makes it a variable if you're already on latest and try this. (I was coming from Sept 2019). So what I did was factory reset from the system menus. Then as soon as the screen went black, I did bootloader combos and straight to recovery. I factory resetted as prep, flashed DECEMBER patch, then after that finished, factory resetted again. Essentially, I followed the classic ADB exploit that has "never worked since Sept-Oct 2019" And yes I do have the VZW_001 CID and "_VZ" in GL website. Know when yours is bootlooping as soon as you reboot it, just hard reboot so it boots up quicker, I don't know what it does for it to take so long. Anyways when you get in, just setup like we'd always do, NO google account, turn off all setting requests (Data location, wallpapers, etc). Then as soon as I got in, I turned on debugging, ran the classic adb pm command, rebooted TWO times. This means as soon as I booted, i swiped to go to home, then rebooted a second time. As soon as I did that, I loaded up my wifi connection, I don't know if it matters but Im using the 5G wifi, then I load up google.com. Immediately, I already notice something strange. Google.com doesn't have a "valid SSL certificate" I thought it was weird, so I went to google.com on my PC and look certified SSL. As I knew that was weird, I was clicking around and I thought that was enough. so I went to the dev menu. OEM lock still grayed out. I went back to chrome and simply typed in "youtube" Let it load up. Then I clicked on the site. I went back to the dev menu. Still grayed out. I exited settings app and relaunched it to the dev menu. OEM unlock lit up in flying colors. I could not believe it. I instantly ticked it with 0 hesitation and rebooted immediately to the bootloader. The unlock command worked! I am now unlocked sailfish! I thank the community so much for all the hard work. I, only motivated the community to their potential. Thank you again!

    Generally there are some kinds of factors.
    Users have stated before if you OTA'd from menus to Latest patch, it would say "October", even though it's really december. This may make the unlocking procedure impossible. I have also not seen any marlin users report back to me yet about this method. You can still try flashing from googles site if you're already on "October = Dec".

    Enjoy guys. We proved WE own these phones, and not VZW.

    I hope you enjoy this guys. Regarding it, I do not know how long it will stay for so I suggest to do it now. At the moment, I do not know if this will work for pixel 2 and so on. You may try it but if you have issues you must go to your device board. Thanks.
    3
    Potential ideas

    If anyone could direct me to any of the details of what is known about how the VZ bootloader on Pixel 1 works I may be able to help. I am a programmer although I have no real experience with phones, other than unlocking/flashing and rooting using various tools with various phones.

    I do have an idea that I've gleaned from firmware locking on home automation devices (mostly Chinese HA sensors that are based on the ESP8266 board/chipset that lots of Chinese companies use in their sensors to put their fimware on). A very popular software/method for "unlocking" and flashing these devices is known as Tuya Convert (can't link because I'm a new user but just search Tuya-Convert and look at the github link). It's a very interesting method to me, but it may just because I am fairly ignorant of unlocking and flashing hacks and workarounds. Basically the idea of Tuya Convert is that you copy it onto a device with a wifi chip, usually a raspberry pi zero w or raspberry pi 3 but you could also use a regular PC with a wifi card/chip etc also. When you run Tuya Convert it broadcasts it's own WiFi network with the chip on the device. You then connect a phone or tablet to that wifi network first (the details and reasoning of this part escape me a bit) and after you have done this you then put the HA sensor device that you want to flash in sync mode. Now the beauty is, the Tuya Convert program and wifi network it has made actually intercepts that communication and poses as the authorizing server that the HA device is supposed to connect with and get updates from. So Tuya Convert poses as "home base" so to speak and allows you access to the device, and more importantly, allows you to push/flash your own (usually Tasmota or ESPEasy) firmware onto the device at this point.

    Last year, or possibly the year before, companies got wise on this and started to connect in a different way (mostly using https instead of just http) to "home base" but another user was able to write a modification of Tuya Convert that was able to defeat this new https phone home technique and now it has been merged into the original Tuya Convert so now that Tuya Convert uses both methods to flash olders devices and newer ones.

    Anyway, without know many details, this method may not work at all for bootloader unlocking in general or for the Pixel VZ in particular, it's just an idea. From reading and trying this myself it seems like the whole idea behind this exploit is to block the comms to VZ or route them different to avoid the base Google firmware from activating the bootloader lock, but I may wrong in my interpretation. If there is anything I can do to help or test or research I would love to try if someone could push or nudge me in the right direction. I think it's ridiculous that we have phones/hardware that we cannot truly do what we want to with, especially so with older hardware that is out of date/support now anyway. I would love to be able to free up so to speak the Pixels that I have and put whatever firmware/OS that I choose to on them; the hardware is amazing on these phones and it is a shame that we are stuck with what we have on it and cannot even downgrade to an older official version even if it works better than new versions (I'm looking at you Android 10 vs 9 and 8 and possibly even 7, at least on the Pixel 1 anyway!)
    2
    It sucks to be honest, and the people reporting the OEM unlock ungraying itself during the "deadline" (sept 2019 > july 2020) may be reporting actual VZW pixels that also found vulnerable moments. Some theories stated that when Google and VZW (it may not even be correct that VZW has a role) moves around servers, this is when the server is vulnerable, because it's inactive, or nothing there from stopping the OEM unlock mechanism if I'm correct?

    At the moment, the VZW research team is put back to work. I may end up requesting this thread to be closed so it does not confuse people, but I'll decide on this later. I apologize so much that you didn't get your bootloader unlock. At this point it's safe to say that the classic exploit is a unstable exploit, and should not be depended on.

    Thanks for your time.


    Yes, I suspect that neither google or VZW are patching anything they may see being done here. If they are even watching. Would not make business sense. The phone is end of life. I suspect you are right that there is a timing issue or something going on with servers sometimes. I'm just glad I got my Verizon version unlocked. So the ultimate would be to figure out what that "timing" issue is/was and find a way to duplicate it. Much easier said then done.

    Thanks for all the time that you put in and continue to put into this. Appreciate it.
    2
    For what it's worth, I haven't had any luck either. I visited XDA and saw the article too late. :) I tried it twice and the second time I've left it for a couple of days now with no luck. Thanks anyway, and good luck for the future to all of us! This particular Pixel I got off Swappa, and the guy put at as a Google Edition 128 GB. I only had the 32 GB Google Edition I got cheaply from Best Buy in 2016, and the Swappa deal was only $50-$55, so I kept it even though it was a Verizon edition instead. I did tell the seller in order to educate him, though.

    No idea if it was refurbished, and it has the indication it's on the October 2019 security patch even though I'm on the final OTA.

    It sucks to be honest, and the people reporting the OEM unlock ungraying itself during the "deadline" (sept 2019 > july 2020) may be reporting actual VZW pixels that also found vulnerable moments. Some theories stated that when Google and VZW (it may not even be correct that VZW has a role) moves around servers, this is when the server is vulnerable, because it's inactive, or nothing there from stopping the OEM unlock mechanism if I'm correct?

    At the moment, the VZW research team is put back to work. I may end up requesting this thread to be closed so it does not confuse people, but I'll decide on this later. I apologize so much that you didn't get your bootloader unlock. At this point it's safe to say that the classic exploit is a unstable exploit, and should not be depended on.

    Thanks for your time.
    2
    Your IMEI is either unknown due to uninstalling android.phone, or actual corrupted/blacklisted EFS. If true, nothing can be done about that.

    When you reset the device, did you flash December Android 10, and in the setup process, disable all the requests (data location, wallpapers, etc).

    Is there a sim card in the phone?

    Cheers.

    Yep. Latest December patch & skipped all the setup, no sim. I followed the instruction precisely and still no luck. I wonder why would Verizon still give a damn about this