[Official] Note 3 Verizon Bootloader Unlock

[donc113]

@openbottle @donc113

do a hexdump of @ryanbg 's binary (*or better yet an objdump -j .text) and you will see that the replacement dev_cid and dev_sig are not the same values as in @beaups github code. I suppose that the valid dev CID values for a particular phone type are not shared between models, and beaups' code was for a different Galaxy model.

That's my uneducated guess anyway. Otherwise ryanbg would have had little reason to recompile.


*mo betta if it is compiled with arm support, but I just used a crappy cygwin x86 version.

---------- Post added at 07:13 PM ---------- Previous post was at 07:01 PM ----------

ps you could always (binary) edit ryanbg's binary.

/proc/cmdline => /proc/zzzline (note same string length, so all offsets remain the same)

then put your own "zzzline" in /proc & add some of your own symlinks in /sys to point at the correct CID file.

A bit tedious as it needs to be done twice (once per boot).

I have viewed the binary via a simple text viewer....but never thought to compare to beaups values. That'd sure make a difference if they were off. I should have a binary editor...I can change the mmc0 and mmc0:001 to mmc1 and mmc1:001 in the binary. Same with the cmd to xxx and drop a text file into /proc.

Great ideas...let me try a few things.

Thanks!


Sent from my Note 3 via Tapatalk

 

[openbottle]

@openbottle @donc113

do a hexdump of @ryanbg 's binary (*or better yet an objdump -j .text) and you will see that the replacement dev_cid and dev_sig are not the same values as in @beaups github code. I suppose that the valid dev CID values for a particular phone type are not shared between models, and beaups' code was for a different Galaxy model.

That's my uneducated guess anyway. Otherwise ryanbg would have had little reason to recompile.


*mo betta if it is compiled with arm support, but I just used a crappy cygwin x86 version.

---------- Post added at 07:13 PM ---------- Previous post was at 07:01 PM ----------

ps you could always (binary) edit ryanbg's binary.

/proc/cmdline => /proc/zzzline (note same string length, so all offsets remain the same)

then put your own "zzzline" in /proc & add some of your own symlinks in /sys to point at the correct CID file.

A bit tedious as it needs to be done twice (once per boot).

You are correct. I've compared my binary with Ryan's binary in hex editor and the CID and Aboot are different.

 

[bftb0]

Sorry, I shouldn't try to recall command lines from memory any more.

Up there ^^^^ I should have said

objdump -j .data -s samsung_unlock_n3

if you want to see ryanbg's values to build your own code.

Using an arm-aware version of objdump isn't necessary just to get those two blobs, but disassembly would be helpful to see if any immediate values (e.g. args to subroutines) changed.

 

[beaups]

I've got 4.4.2 Your unlock code fails with the "only works on (some) Samsung..." on my Note 3 (SM-N900V).

I looked at your code on github and see that fail is invoked by a fail of the strstr () from /proc/cmdline where it looks for the string "amsung" yet a cat of /proc/cmdline clearly includes two instances of the word "samsung". (Your nearly useless compat check)

Yes..my CID does start with '15'

So...playing around...I copied and modified your code a bit...to force a return of 1 from the compat check function and to modify the define of CID1 location to where CID is located on a 4.4.2 ROM (....mmc1/mmc1:0001/cid)

Anyway...after running my modifed version...it does in fact...change the CID to the appropriate dev_cid and shut phone down. I reboot and rerun my modified version...it says yup...got the dev_cid and does its backup of loaders...announces success and shuts phone down.

But bootloader remains locked. Whether I pull battery and then power on or just power on. Several tries.

Any idea what's up with the /proc/cmdline fail and why after I modify where CID is located...it changes CID but won't do its magic to aboot even though it says it does?



Added in edit:

Oh yea...why does my Note 3 have 2 different cid's? I am GUESSING because it has 2 different eMMC chips...but don't know enough about the hardware.

One starts with 15, the other with 03



[email protected]:/ $ su
[email protected]:/ # cd /sys
for i in `find . -depth -name cid -print` <
> do
> echo $i
> cat $i
> done
./devices/msm_sdcc.1/mmc_host/mmc1/mmc1:000
1/cid
1501004d424734474..........db000
./devices/msm_sdcc.3/mmc_host/mmc2/mmc2:e62
4/cid
0353445355333247..........00b700
[email protected]:/sys #




Sent from my Note 3 via Tapatalk

I had a uaf in the compatibility check code and pushed a fix a couple days ago.

Sent from my XT1254 using Tapatalk

 

[openbottle]

Sorry, I shouldn't try to recall command lines from memory any more.

Up there ^^^^ I should have said

objdump -j .data -s samsung_unlock_n3

if you want to see ryanbg's values to build your own code.

Using an arm-aware version of objdump isn't necessary just to get those two blobs, but disassembly would be helpful to see if any immediate values (e.g. args to subroutines) changed.

I just use 7zip to extract the .data . The Aboot and CID are there.

 

[donc113]

I just use 7zip to extract the .data . The Aboot and CID are there.

Any chance I can get you or bftb0 to send me the cid string and aboot string in hex?

I am doing all this on my phone...have cygwin on my laptop...but didn't want to go back and forth between the two.


Sent from my Note 3 via Tapatalk

 

[openbottle]

Any chance I can get you or bftb0 to send me the cid string and aboot string in hex?

I am doing all this on my phone...have cygwin on my laptop...but didn't want to go back and forth between the two.


Sent from my Note 3 via Tapatalk

char dev_cid[] = {0x15, 0x01, 0x00, 0x4D, 0x42, 0x47, 0x34, 0x47, 0x43, 0x00, 0x95, 0x2F, 0x4E, 0x74, 0x31, 0x00};
char dev_sig[] = {0x65, 0x62, 0x14, 0x97, 0x79, 0xF2, 0x48, 0x26, 0xF6, 0x2A, 0x3A, 0x02, 0x72, 0xF3, 0xA1, 0x63,
		  0xCD, 0xD4, 0x31, 0x2E, 0x1F, 0xFD, 0x45, 0xBE, 0x81, 0x76, 0x55, 0x20, 0xB5, 0xB8, 0x71, 0xD5,
		  0x7B, 0x3F, 0xCF, 0xC0, 0x97, 0x62, 0x80, 0x7E, 0x30, 0xC9, 0xC8, 0x8E, 0xD3, 0x2E, 0x88, 0xBE,
		  0xAD, 0x02, 0x7A, 0x9B, 0x5E, 0xE2, 0x94, 0xA1, 0xF0, 0x8E, 0x57, 0x59, 0xDF, 0x05, 0x87, 0x20,
		  0x6E, 0xE3, 0xBE, 0x9A, 0xF7, 0xD4, 0xBC, 0xF7, 0x32, 0xA0, 0xEE, 0x8C, 0x33, 0x8F, 0x8B, 0xE1,
		  0x36, 0x96, 0x1C, 0xE2, 0x74, 0xB1, 0x44, 0xC2, 0x18, 0x6B, 0x18, 0xAC, 0x8F, 0xCE, 0xF6, 0x3F,
		  0xFA, 0x94, 0x22, 0xBB, 0x9E, 0x26, 0xA2, 0x45, 0x59, 0x0F, 0x73, 0xAD, 0x68, 0x28, 0x8E, 0x80,
		  0xE5, 0x4D, 0x2D, 0x06, 0x7A, 0x7C, 0xC9, 0xFD, 0x5B, 0xAE, 0x53, 0xC2, 0x92, 0x75, 0x7D, 0x94,
		  0xBF, 0x4C, 0xAA, 0x40, 0x0A, 0xDF, 0x3D, 0xDB, 0xAD, 0x3F, 0x0B, 0x06, 0xB7, 0xCD, 0x17, 0xE9,
		  0x7E, 0x3C, 0xF1, 0x43, 0x92, 0x39, 0x1E, 0x9A, 0x5D, 0x1E, 0xFE, 0x71, 0xAA, 0xE6, 0xA5, 0x98,
		  0x31, 0x94, 0x91, 0x1C, 0xEE, 0xDB, 0xA0, 0x3C, 0xEB, 0x2D, 0x0D, 0xEC, 0x07, 0xAD, 0x02, 0xEB,
		  0x34, 0x69, 0x40, 0x57, 0x1A, 0x6A, 0xA7, 0xF6, 0xC1, 0x23, 0xF1, 0xB7, 0x42, 0xE3, 0x8C, 0xA4,
		  0xB8, 0x5D, 0x09, 0xAF, 0xC0, 0x40, 0xFC, 0x86, 0xF5, 0xEF, 0x5C, 0x51, 0xBC, 0xB3, 0x25, 0xE7,
		  0x21, 0x98, 0xAF, 0xBA, 0xEC, 0xE9, 0x18, 0xA3, 0x72, 0x73, 0x38, 0xF5, 0x34, 0x8C, 0xBB, 0x7A,
		  0x99, 0x37, 0xF3, 0xEE, 0x92, 0xBB, 0x6E, 0xEC, 0xB4, 0xBB, 0x4C, 0x40, 0xB0, 0x65, 0xF7, 0x84,
		  0xAF, 0x46, 0xF8, 0x26, 0xAF, 0xA2, 0xC9, 0xD0, 0xF5, 0xD4, 0x0E, 0xAC, 0x60, 0xA4, 0x2C, 0x95,
		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};

 

[donc113]

char dev_cid[] = {0x15, 0x01, 0x00, 0x4D, 0x42, 0x47, 0x34, 0x47, 0x43, 0x00, 0x95, 0x2F, 0x4E, 0x74, 0x31, 0x00};
char dev_sig[] = {0x65, 0x62, 0x14, 0x97, 0x79, 0xF2, 0x48, 0x26, 0xF6, 0x2A, 0x3A, 0x02, 0x72, 0xF3, 0xA1, 0x63,
  0xCD, 0xD4, 0x31, 0x2E, 0x1F, 0xFD, 0x45, 0xBE, 0x81, 0x76, 0x55, 0x20, 0xB5, 0xB8, 0x71, 0xD5,
  0x7B, 0x3F, 0xCF, 0xC0, 0x97, 0x62, 0x80, 0x7E, 0x30, 0xC9, 0xC8, 0x8E, 0xD3, 0x2E, 0x88, 0xBE,
  0xAD, 0x02, 0x7A, 0x9B, 0x5E, 0xE2, 0x94, 0xA1, 0xF0, 0x8E, 0x57, 0x59, 0xDF, 0x05, 0x87, 0x20,
  0x6E, 0xE3, 0xBE, 0x9A, 0xF7, 0xD4, 0xBC, 0xF7, 0x32, 0xA0, 0xEE, 0x8C, 0x33, 0x8F, 0x8B, 0xE1,
  0x36, 0x96, 0x1C, 0xE2, 0x74, 0xB1, 0x44, 0xC2, 0x18, 0x6B, 0x18, 0xAC, 0x8F, 0xCE, 0xF6, 0x3F,
  0xFA, 0x94, 0x22, 0xBB, 0x9E, 0x26, 0xA2, 0x45, 0x59, 0x0F, 0x73, 0xAD, 0x68, 0x28, 0x8E, 0x80,
  0xE5, 0x4D, 0x2D, 0x06, 0x7A, 0x7C, 0xC9, 0xFD, 0x5B, 0xAE, 0x53, 0xC2, 0x92, 0x75, 0x7D, 0x94,
  0xBF, 0x4C, 0xAA, 0x40, 0x0A, 0xDF, 0x3D, 0xDB, 0xAD, 0x3F, 0x0B, 0x06, 0xB7, 0xCD, 0x17, 0xE9,
  0x7E, 0x3C, 0xF1, 0x43, 0x92, 0x39, 0x1E, 0x9A, 0x5D, 0x1E, 0xFE, 0x71, 0xAA, 0xE6, 0xA5, 0x98,
  0x31, 0x94, 0x91, 0x1C, 0xEE, 0xDB, 0xA0, 0x3C, 0xEB, 0x2D, 0x0D, 0xEC, 0x07, 0xAD, 0x02, 0xEB,
  0x34, 0x69, 0x40, 0x57, 0x1A, 0x6A, 0xA7, 0xF6, 0xC1, 0x23, 0xF1, 0xB7, 0x42, 0xE3, 0x8C, 0xA4,
  0xB8, 0x5D, 0x09, 0xAF, 0xC0, 0x40, 0xFC, 0x86, 0xF5, 0xEF, 0x5C, 0x51, 0xBC, 0xB3, 0x25, 0xE7,
  0x21, 0x98, 0xAF, 0xBA, 0xEC, 0xE9, 0x18, 0xA3, 0x72, 0x73, 0x38, 0xF5, 0x34, 0x8C, 0xBB, 0x7A,
  0x99, 0x37, 0xF3, 0xEE, 0x92, 0xBB, 0x6E, 0xEC, 0xB4, 0xBB, 0x4C, 0x40, 0xB0, 0x65, 0xF7, 0x84,
  0xAF, 0x46, 0xF8, 0x26, 0xAF, 0xA2, 0xC9, 0xD0, 0xF5, 0xD4, 0x0E, 0xAC, 0x60, 0xA4, 0x2C, 0x95,
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};

Perfect...thank you!


Sent from my Note 3 via Tapatalk

 

[jellyhead]

I made this for the S5. I modded it with your unlock binary. All it requires is you to answer yes in the samsung unlock binary
I dont have a note 3 so let me know.
Edit: You must have busybox installed
1. Install SamsungUnlockerN3.apk
2. Grant SU access
3. Click On Install SamBootloader Unlocker
4. Grant SU access
5. Type Yes Hit enter wait for device to power off
6. Should be unlocked

Download mode still shows official but TWRP installed without problem.

 

[donc113]

Perfect...thank you!


Sent from my Note 3 via Tapatalk

And I am now unlocked on 4.4.2

Sent from my Note 3 via Tapatalk

 

[donc113]

I had a uaf in the compatibility check code and pushed a fix a couple days ago.

Sent from my XT1254 using Tapatalk

Yup..got that....recompiled with 3 changes....dev_cid [] dev_sig [] and a change to CID1 for 4.4.2 Note 3 path to cid, ran it...works perfectly....THANK YOU!


Sent from my Note 3 via Tapatalk

---------- Post added at 07:05 PM ---------- Previous post was at 06:39 PM ----------

Enjoy. Don't forget to thank @beaups too, he discovered the eMMC backdoor and exploited it!

Disclosure: I do not own a Note 3. The exploit happened to be applicable to the Note 3, and we compiled it for your devices rather than not release it at all. This seems like a reasonable and friendly thing to do for the community. I can't help you root or teach you how to use ADB. It's important you have the ability to do these things or research them a bit before blindly using this. I am very familiar with Samsung however, and time permitting, will do my best to help anyone having issues.

You should not run this if you don't understand it.

ROOT REQUIRED, we aren't responsible for anything you do with this.
You NEED a MicroSD, and it WILL be formatted during this process.

YOU MUST DISABLE REACTIVATION LOCK OR YOU WILL HAVE ISSUES!!!!!!!!!
You can download the eMMC brick bug check app on the Play Store to verify your CID starts with 15. If it does, you are good. If not, it will not work.

The code below is NOT a script, you must enter the commands manually.

adb push samsung_unlock_n3 /data/local/tmp/
adb shell
su
cd /data/local/tmp/
chmod 777 samsung_unlock_n3
chown root.root samsung_unlock_n3
./samsung_unlock_n3

Allow device to reboot. After full reboot, run

adb shell
su
cd /data/local/tmp/
./samsung_unlock_n3

again, power down and pull battery. May need to run it again if it doesn't work after the battery pull.

Paypal: [email protected] [COMPLETELY VOLUNTARY AND OPTIONAL]

A couple of things...first...I have recompiled beaups code with changes to the dev cid and dev signature for Note 3 (from beaups original code) plus the change to CID1 to the proper path for my 4.4.2 Note 3.

It worked just fine on my 4.4.2 Note 3, I am now unlocked with real TWRP installed instead of SafeStrap.

Only question...what is disable reactivation? I don't see that option anywhere.



Sent from my Note 3 via Tapatalk

---------- Post added at 07:09 PM ---------- Previous post was at 07:05 PM ----------

Even if it did plant a key logger just wipe everything in twrp and install a fresh rom you only need root to unlock bootloader then wipe with twrp and you can flash root when you please. I don't understand what the big deal is.

Sent from my SM-N900V using Tapatalk

---------- Post added at 11:28 PM ---------- Previous post was at 11:23 PM ----------


Edgy much? I'm sure there's nothing you have that anyone else wants to make your computer or phone worth hacking. Have fun on 4.4.2 you realize you're the only person that's paranoid right?

Sent from my SM-N900V using Tapatalk

---------- Post added at 11:34 PM ---------- Previous post was at 11:28 PM ----------


It means you're back to square one and you would need to re-root and re-unlock the bootloader. Then install twrp again, it's all very easy just time consuming. It's the best way to ensure everything is up to date. Like the modem and you're on the latest bootloader (once unlocked). That way when you flash a new rom like cm13 when it's available. That way you know if there are issues it's not because of your device.

Sent from my SM-N900V using Tapatalk

Alex...yup...having fun on 4.4.2 unlocked with TWRP now instead of SafeStrap.


Sent from my Note 3 via Tapatalk

 

[donc113]

Even if it did plant a key logger just wipe everything in twrp and install a fresh rom you only need root to unlock bootloader then wipe with twrp and you can flash root when you please. I don't understand what the big deal is.

Sent from my SM-N900V using Tapatalk

---------- Post added at 11:28 PM ---------- Previous post was at 11:23 PM ----------


Edgy much? I'm sure there's nothing you have that anyone else wants to make your computer or phone worth hacking. Have fun on 4.4.2 you realize you're the only person that's paranoid right?

Sent from my SM-N900V using Tapatalk

---------- Post added at 11:34 PM ---------- Previous post was at 11:28 PM ----------


It means you're back to square one and you would need to re-root and re-unlock the bootloader. Then install twrp again, it's all very easy just time consuming. It's the best way to ensure everything is up to date. Like the modem and you're on the latest bootloader (once unlocked). That way when you flash a new rom like cm13 when it's available. That way you know if there are issues it's not because of your device.

Sent from my SM-N900V using Tapatalk

Alex...yup...having fun on 4.4.2 unlocked with TWRP now instead of SafeStrap.


Sent from my Note 3 via Tapatalk

 

[jellyhead]

Only question...what is disable reactivation? I don't see that option anywhere.

phone Settings > security > reactivation lock

 

[donc113]

phone Settings > security > reactivation lock

I have no such setting...is that possibly a lollipop setting? I am still on Kitkat NC4



Sent from my Note 3 via Tapatalk

 

[NeoMagus]

Yup..got that....recompiled with 3 changes....dev_cid [] dev_sig [] and a change to CID1 for 4.4.2 Note 3 path to cid, ran it...works perfectly....THANK YOU!


Sent from my Note 3 via Tapatalk

Are you going to make this available to those of us who followed the advice to stay on NC2 in the sticky thread? As I said earlier this week, Id rather just unlock 4.4.2 than have to nuke and odin NC4/OF1 and use the yemen thing ..but if thats what I have to do would be nice to know

 

[jellyhead]

I have no such setting...is that possibly a lollipop setting? I am still on Kitkat NC4

Yes it's a lollipop feature

 

[donc113]

Yes it's a lollipop feature

Well...then that's why I don't have it...and guess it's not an issue.



Sent from my Note 3 via Tapatalk

---------- Post added at 08:59 PM ---------- Previous post was at 08:32 PM ----------

Are you going to make this available to those of us who followed the advice to stay on NC2 in the sticky thread? As I said earlier this week, Id rather just unlock 4.4.2 than have to nuke and odin NC4/OF1 and use the yemen thing ..but if thats what I have to do would be nice to know

Let's see if I can do this.....

First....get jrkruse's manual unlocker from here:

http://forum.xda-developers.com/showthread.php?p=66402021

Do NOT move the unlock binary from his download...

Do NOT run the app yet. I will try to figure out how to attach my binary to a msg here.


Once I do that....my binary is also called unlock...follow his instructions with my binary the run his app.

My binary is for 4.4.2 on up.



Sent from my Note 3 via Tapatalk

 

[donc113]

Here's the binary

This requires an SD card in the external SD slot and it WILL OVERWRITE THE SD CARD! Use SPARE card 4 GB cards work fine.


I have added the source code for the binary to the .zip at the suggestion of @beaups

 

[donc113]

Here's the binary

NOW UPDATED...should work on both old 4.4.2 devices and 4.4.4 and higher

This is for 4.4.2 on up.

I am NOT responsible if something goes wrong! YOU are 100% responsible if something goes wrong! It worked for me, no guarantees for you.

This is not my code...but modified beaups code ryanbg got the needed dev cid and aboot signature. jrkruse wrote the manual install app

Thank them..not me

You must have root. This file must be copied into /system/bin for the manual unlock app to work.

You must run the manual unlocker app twice....first sets the cid...2nd run fixes aboot.

When you boot you will see CUSTOM unlock icon if you install a new recovery





Sent from my Note 3 via Tapatalk

 

[NeoMagus]

So first try went better than it had been, before it kept repeating "Y", this is where I assume it was failing last time

Followed the steps from page 8, set permission ran the first time and it did its thing and shut off. Pulled battery and rebooted, 2nd time it was a blank screen. Waited and eventually it did its Backing up Loaders and looks like it was successful. Amazing work!

I assume just use flashify to install TWRP after uninstalling safestrap.