Temp Root Bounty for Verizon Variants
- Thread starter mrjaydee82
- Start date
- Status
pm me a link.. dont want to derail bounty thread.. I released SamPWND for S8/S8+ and helped somewhat with SamFAIL for Note 8/S8/S8+ root meth9ds.. I kno sammy is another beast but they use the msm8998 chipset, no fastboot and notoriously more difficult to root than most other devices
What I am getting at is, I just picked up a vzw pixel 2 xl and w9nt stop until were unlocked!
I created a Telegram group as I always do when looking to exploit a device since more minds are better than 1!
Join if you like, hopefully we get some dedicated devs
t.me/VZW_PIX2_PIX2XL_BL_UNLOCK_TALK
---------- Post added at 08:02 AM ---------- Previous post was at 08:01 AM ----------
temp root is a darn good start and would allow us to do a lot
---------- Post added at 08:06 AM ---------- Previous post was at 08:02 AM ----------
i will absolutely try
The post above mine said he wanted temp root to flash ROMs. Temp root will not allow flashing of ROM's and has nothing to do with bootloader unlock. I agree it's very possible to get temp root. That is what the subject of this thread is. To say they want to flash ROM's requires bootloader unlock and my bet is we will never see that with the VZW phone. Why? Because there is already a version of the Pixel 2 XL that can easily be unlocked.
some of us arent as fortunate to get the unlocked variants.. temp root coud absolutely help in unlocking the bootloader.. you would have elevated access and could manipulate other partitions and much more stuff that can help..
heck id be happy with a full dump of all the partitions.. could even help in allowing us to toggle oem unlock etc etc
---------- Post added at 02:06 PM ---------- Previous post was at 02:05 PM ----------
but yes, agreed.. temp root w8ll do nothing for rom flashing lol
I get it. My first Pixel XL was purchased through Verizon. It's easy and you don't need to get another credit card if you can't afford to buy it cash. I think Temp root is very possible. I don't think it will lead to an exploit to unlock the bootloader but I hope I'm wrong.
just digging through wat i can without a pc (picking it up later today) isnt much.. root would help out extremely even if temporary..
So far I am thinking there are flags set in the vendor partition to not allow it but also see reference to misc partition which i cant get to as well as theres a good 4+ related libs at which i can only look at 1 since the others arent readable due to having no root..
so i am going to throw what i can in ida pro later and hopefully find someone with a rooted device to pull the other files..
but obviously my goal is to first find out how its blocking it then try to find a way to allow it and go from there
---------- Post added at 02:53 PM ---------- Previous post was at 02:49 PM ----------
this site has some solid info on IOEMLock and related services and HAL if u get bored lol
https://github.com/aosp-mirror/plat...om/android/server/oemlock/OemLockService.java
What files? I have the Google unlocked version rooted and my fiance has the vzw version, obviously not rooted lol, so if it's possible I would love to help!
I still can't believe no one has picked up this challenge and tried to get a payload out of boredom, brag rights, money$$, or something!! LOL
I got $100 for the cause too.
I got $100 for the cause too.
Has anyone actually gone out on a search for people that have done it in the past? Twitter, XDA, g+?
You gotta go out and pound the pavement to get some interest. It's just highly doubtable that anyone wants to do it because people had the option of buying an unlocked device, where as some don't and they are more apt to get an unlock
Sent from my Pixel 2 XL
You gotta go out and pound the pavement to get some interest. It's just highly doubtable that anyone wants to do it because people had the option of buying an unlocked device, where as some don't and they are more apt to get an unlock
Sent from my Pixel 2 XL
Last edited:
theres an interesting lib called liboemlock.so that i feel holds the key to unlocking.. unfortunately we might need a form of temp root regardless
the bootloader is the same on vzw model and google model, the difference is in the software and the ability to allow oem unlocking..
if we can figure out why we cannot toggle oem unlock in dev options we can find a way to enable the option..
the flags for the capability isnt stored in the abl. The abl looks at other secure regions on the device to see if the flash lock is enabled or disabled
all the abl can give us insight on is where it looks for these flags or oem commands it can use etc etc..
you can learn alot from the software end which is what i was talking about..
if we can find a way to t9ggle the setting or change the value fir this flag the system will be set to allow oem unlocking and we should be able to unlock it..
but obviously we dont have temp root so we are limited and we dont know why its greyed out either..
you should throw the lib in a decompiler before saying its not going to help
if we can figure out why we cannot toggle oem unlock in dev options we can find a way to enable the option..
the flags for the capability isnt stored in the abl. The abl looks at other secure regions on the device to see if the flash lock is enabled or disabled
all the abl can give us insight on is where it looks for these flags or oem commands it can use etc etc..
you can learn alot from the software end which is what i was talking about..
if we can find a way to t9ggle the setting or change the value fir this flag the system will be set to allow oem unlocking and we should be able to unlock it..
but obviously we dont have temp root so we are limited and we dont know why its greyed out either..
you should throw the lib in a decompiler before saying its not going to help
Last edited:
i edited my post lol.. either way, i get a replacement model tom and if its a google variant you guys are on your own
I see you got the Google model lol.
I had to rma as well get mine Tuesday I hope it's the unlocked model they send out.
Says tamien pixel on tracking order, phone has random reboots someone freezes no matter what I'm doing.
If someone unlocked I'll still
Donate the$100 no problem
I had to rma as well get mine Tuesday I hope it's the unlocked model they send out.
Says tamien pixel on tracking order, phone has random reboots someone freezes no matter what I'm doing.
If someone unlocked I'll still
Donate the$100 no problem
i kno where the flag is, just lookin fora way to write to the partition without root
I seriously hope you can find a workaround, once and if I can receive the Google edition from Verizon what is the correct procedure,?
To unlock bootloader before I activate the unit?
Don't want to chance it lol
To unlock bootloader before I activate the unit?
Don't want to chance it lol
It would appear that most phones come shipped exactly the same.
The lock will depend on the sim card that is inserted when the phone is first booted.
If you have a Verizon sim inserted (or EE in the UK) on first boot, when the device looks for software updates (pre-8.1) it will load an extra software specific to Verizon (and EE in UK) which software locks the bootloader and locks out OEM unlocking in developer menu.
If you're lucky enough to get a phone that never been booted before - make sure you REMOVE the sim card first, boot the phone, connect to WIFI and update the phone's software.
Once the phone has been update and got past the initial bootup software update sequence, you can put whatever sim you like in and update as many times as you like and it will no longer lock out the bootloader.
It seems Verizon may pre-boot their phones before shipping which is why the software is already loaded.
The software comes direct from Google - not Verizon, so it comes as a small packet OTA update which runs during the initial boot setup.
You can test this by booting up a brand new device, skip all of the initial setup settings, don't connect to WIFI and don't put a sim card in the phone, go into Developer Settings, and OEM Unlocking will be greyed out, but it will say 'connect to the internet' - this is because it checks your phone's sim card against their server and locks/unlocks this option depending on the Network sim you put for the first time.
The lock will depend on the sim card that is inserted when the phone is first booted.
If you have a Verizon sim inserted (or EE in the UK) on first boot, when the device looks for software updates (pre-8.1) it will load an extra software specific to Verizon (and EE in UK) which software locks the bootloader and locks out OEM unlocking in developer menu.
If you're lucky enough to get a phone that never been booted before - make sure you REMOVE the sim card first, boot the phone, connect to WIFI and update the phone's software.
Once the phone has been update and got past the initial bootup software update sequence, you can put whatever sim you like in and update as many times as you like and it will no longer lock out the bootloader.
It seems Verizon may pre-boot their phones before shipping which is why the software is already loaded.
The software comes direct from Google - not Verizon, so it comes as a small packet OTA update which runs during the initial boot setup.
You can test this by booting up a brand new device, skip all of the initial setup settings, don't connect to WIFI and don't put a sim card in the phone, go into Developer Settings, and OEM Unlocking will be greyed out, but it will say 'connect to the internet' - this is because it checks your phone's sim card against their server and locks/unlocks this option depending on the Network sim you put for the first time.
- Status
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone