R&D - Potential Stock Bootloader Unlocking Functionality
- Thread starter eschelon
- Start date
-
- Tags
- development
Dont know if this is helpful but on the s3 and stellar you can dial *#22745927 and enable the hidden menu there
Maybe on ICS but dialer codes are kinda useless on JB. I dialed that code and get my call can't be completed.
Sent from my SCH-I535 using xda app-developers app
Moved from original development to development, please see: http://www.xda-developers.com/android/introducing-original-development-forums-for-more-devices/
Side note, I fully reversed this a while ago, looks like a dead end to me
Side note, I fully reversed this a while ago, looks like a dead end to me
Similar threads
- Locked
Top Liked Posts
-
There are no posts matching your filters.
-
23
Team Synergy, namely TrevE and myself, have discovered a potential stock bootloader unlocking mechanism that may be useful in unlocking the bootloader in the Verizon Galaxy S3, as well as numerous other devices, including but not limited to, the Note 2 and the Galaxy Stellar. This is currently an R&D thread, and its purpose is to investigate the potential of the mod.
First and foremost, if this mod truly is successful in unlocking the bootloader on one or more devices, ALL credit MUST be directed to Team Synergy for the unlock, as it was first posted here by our team: http://xdaforums.com/showpost.php?p=37446000&postcount=16666. Do not kang or try to pass off our work as your own.
Be advised that we have not fully tested this mechanism and have no idea what repercussions may result. As such, Team Synergy will not be liable for any consequences whatsoever.
But those who wish to give this a try on this device or others need to try the following:
Type in a shell:
am broadcast -a android.provider.Telephony.SECRET_CODE -d android_secret_code://HIDDENMENUENABLE
Then enable the hidden menu on the device when it pops up.
Then type in a shell:
am broadcast -a android.provider.Telephony.SECRET_CODE -d android_secret_code://UNLOCKKERNEL
This should throw up a popup like the image shown above. In theory, accepting this should run a hash check against your device keys, then continue to unlock the bootloader.
This code does not exist on all carriers, but it is definitely present in Verizon stock ROMs. Those who are brave enough to try, please post your results in the thread
TrevE has more details in the post below14Few quick facts about what is known about this stock bootloader unlock mode-
- APK that controls this is hiddenmenu.apk
- uses libuck for something
- SBOOT_KEY = "oMEdqNRWh9CCSQb0JWI8FEbq//5jD61LPUAYB8V8ErpudvLLUXAFm+qPJZtPNeZo"
- Key might hashed with deviceID and checked using Luhn (https://en.wikipedia.org/wiki/Luhn_algorithm)
Other hidden menu commands we stumbled upon unrelated to unlock that might be useful
am broadcast -a android.provider.Telephony.SECRET_CODE -d android_secret_code://GlobalHmenu -- Global Hidden Menu
am broadcast -a android.provider.Telephony.SECRET_CODE -d android_secret_code://STEALTHMODE -- The fk? Some LTE test mode
am broadcast -a android.provider.Telephony.SECRET_CODE -d android_secret_code://PORTMAP
am broadcast -a android.provider.Telephony.SECRET_CODE -d android_secret_code://MEID -- MEID info
am broadcast -a android.provider.Telephony.SECRET_CODE -d android_secret_code://TLAUNCHER - Tool Launcher Enable
am broadcast -a android.provider.Telephony.SECRET_CODE -d android_secret_code://MSL_Checker
am broadcast -a android.provider.Telephony.SECRET_CODE -d android_secret_code://PROGRAM -- Sysscope status
am broadcast -a android.provider.Telephony.SECRET_CODE -d android_secret_code://TESTMODE
am broadcast -a android.provider.Telephony.SECRET_CODE -d android_secret_code://TTY
am broadcast -a android.provider.Telephony.SECRET_CODE -d android_secret_code://PUTIL
am broadcast -a android.provider.Telephony.SECRET_CODE -d android_secret_code://diag_msl
am broadcast -a android.provider.Telephony.SECRET_CODE -d android_secret_code://setMTPADB
am broadcast -a android.provider.Telephony.SECRET_CODE -d android_secret_code://setPTP
am broadcast -a android.provider.Telephony.SECRET_CODE -d android_secret_code://setPTPADB
am broadcast -a android.provider.Telephony.SECRET_CODE -d android_secret_code://setRNDIS
am broadcast -a android.provider.Telephony.SECRET_CODE -d android_secret_code://setRNDISADB
am broadcast -a android.provider.Telephony.SECRET_CODE -d android_secret_code://setRNDISDMMODEM
am broadcast -a android.provider.Telephony.SECRET_CODE -d android_secret_code://setRMNETDMMODEM
am broadcast -a android.provider.Telephony.SECRET_CODE -d android_secret_code://IOTHIDDENMENU
am broadcast -a android.provider.Telephony.SECRET_CODE -d android_secret_code://TEST3when the app fc's...
Code:E/AndroidRuntime( 3095): Caused by: java.lang.UnsatisfiedLinkError: Couldn't load uck: findLibrary returned null
(this was 100% pure stock VRBLK3, no root, nothing other than a fresh wipe/flash of the stock tar)21this is a nice find and very interesting for sure.. but with the device arleady unlocked and with imho no chance of them relocking it( if they could have they arleady would have, look at vzw note2) the only thing i see this doing is maybe helping future devices not needing exploits or leaked bootloaders. but then again the newer samsung devices have sboot's not aboot's and from what i know the security in those is definetly higher. take anything i just said with a grain of salt but i would like to see adam and/or ralekdevs opinions on this. i could be completely wrong but i dont think they would leave something this easy open.. if anyting this could have been what samsung originally wanted todo before vzw became nazi's and had them lock it up completely
---------- Post added 2nd February 2013 at 12:04 AM ---------- Previous post was 1st February 2013 at 11:53 PM ----------
this is why i think it was something that they were thinking about doing but verizon shot it down and just waned a plain old full lock
