Unlock ANY Pixel from Carrier

Search This thread

#mcl

Senior Member
____________________________________________________

UPDATE AS OF 9 OF DECEMBER OF 2022:
The security patch of December of 2022 fixed the patch, so it doesn't work on this version and newer ones.
A am working to get the exploit to work on newer version, but for now haven't found any. If anyone has any ideas or suggestions please let me know!
____________________________________________________

Hey everybody! 👋🏻
So recently I bought a Google Pixel 4 XL. The thing is that in Europe they are too expensive compared to the US, so I bought one that was from AT&T(used of course). However is that I need to use my SIM on the phone, but of course, the phone refused to allow me to use my SIM from Spain. ⛔️

So after hours of research, I found a way to unlock it. Here are the steps: 📝
1. Remove your SIM card if it is on the phone
2. Do a factory reset
3. Do OFFLINE SETUP. Also, DON'T PUT ANY PASSWORD OR ANY TYPE OF SCREEN LOCK 🙅🏻
4. Once you are on the main screen, enable USB Debugging.
5. Connect the phone to the computer (I assume you already have the USB drivers, platform-tools downloaded and knowledge on how to use ADB commands🤷🏻. If you don't have the SDK downloaded, head to this link and follow the instructions👍🏻)
6. Inside the platform-tools folder, open a terminal window and run "adb shell"(on mac, once you are on the directory you have to run "./adb shell") and then "pm uninstall -k --user 0 com.google.android.apps.work.oobconfig" (run them without quotes)

After this, you can already connect the phone to the internet and put your SIM in👏🏻.
This didn't unlock the phone though 🙄. What we have just done is this:

When we connect the phone to the internet, it verifies if it should lock the SIM or not. So we did a setup without internet, so the phone can't do that. After that, we uninstall the package responsible for doing this.
So when we connect it to the internet, it won't check the SIM lock 😯
However, the bootloader is still locked and grey out. This is because this app is responsible to grey or not the bootloader switch. If it is from a carrier, the package will disable the switch, and if not you will have the ability to unlock it. As we kill the app before it could do its job, the bootloader will be waiting until the package gives its answer.

Special thanks to this Jorge Cortés to make this post possible. 🙏🏻

If you find the post useful, consider buying me a cup of coffee please with Revolut. 😊
 
Last edited:

#mcl

Senior Member
Is there any work around to unlock to bootloader too??
Hey,
I am working on that. As it turns out there is a way to flash firmware to any device with a Qualcomm chip, even if the bootloader os locked🤩. It's called EDL mode. This mode was designed to force flash firmware in bricked devices that can't use fastboot or adb🤫.
I already find the app I need to flash, actually there a a lot of different ones( I chose QPST) but it needs some strange files that I didn't find yet🙁, and it won't allow em to use the google firmware neither 😤.
So when I find those files I will write a detailed guide on how to unlock the bootloader 😇, but for now I only know how to use any SIM on a locked Pixel device.
 

Daniyal48

Senior Member
Jun 1, 2019
55
9
Hey,
I am working on that. As it turns out there is a way to flash firmware to any device with a Qualcomm chip, even if the bootloader os locked🤩. It's called EDL mode. This mode was designed to force flash firmware in bricked devices that can't use fastboot or adb🤫.
I already find the app I need to flash, actually there a a lot of different ones( I chose QPST) but it needs some strange files that I didn't find yet🙁, and it won't allow em to use the google firmware neither 😤.
So when I find those files I will write a detailed guide on how to unlock the bootloader 😇, but for now I only know how to use any SIM on a locked Pixel device.
I have tried the same on a OnePlus device but they have MSM Tool to thet let you work in edl mode but I haven't found any tool for Pixel devices yet
 
  • Like
Reactions: #mcl

#mcl

Senior Member
Yeah of course, there is QFIL also and some others that aren't official. I downloaded them from Androidmtk website.
With this link you go to the qpst download and use instructions section of their webpage. At the bottom you will find similar programs, but I didn't get to try them. You can try them, but make sure they are for Qualcomm Chipset, because some of them are for mediatek phones.
 
  • Like
Reactions: Daniyal48

Daniyal48

Senior Member
Jun 1, 2019
55
9
Yeah of course, there is QFIL also and some others that aren't official. I downloaded them from Androidmtk website.
With this link you go to the qpst download and use instructions section of their webpage. At the bottom you will find similar programs, but I didn't get to try them. You can try them, but make sure they are for Qualcomm Chipset, because some of them are for mediatek phones.
Okay thank you I hope i find a solution with this
 
  • Like
Reactions: #mcl

Daniyal48

Senior Member
Jun 1, 2019
55
9
No problem, good luck researching 🍀.
I will keep searching as well to see if I can find those files 🤞🏻
If you find any files please also send them to me. Can we use a working Device to get these files from. Like we extract these files for a normal pixel 4 xl and then flash it to ours?
 
  • Like
Reactions: #mcl

#mcl

Senior Member
If you find any files please also send them to me. Can we use a working Device to get these files from. Like we extract these files for a normal pixel 4 xl and then flash it to ours?
Of course, if I find them I will make them available for anyone 😊.
Yes in theory you can extract this files from your phon, however as mine is locked I need them from an unlocked 🔓 pixel I suppose, but I didn't try to extract the files from my home and the flash them again, it could work. In the QPST you even have a section to that, it's a backup I Believe but not sure about the name.
If you try and it works let me know!
 

Daniyal48

Senior Member
Jun 1, 2019
55
9
Of course, if I find them I will make them available for anyone 😊.
Yes in theory you can extract this files from your phon, however as mine is locked I need them from an unlocked 🔓 pixel I suppose, but I didn't try to extract the files from my home and the flash them again, it could work. In the QPST you even have a section to that, it's a backup I Believe but not sure about the name.
If you try and it works let me know!
Yes I am also looking for an unlock Pixel 4 XL if I find one I will try extracting these files and post it somewhere on the internet so anyone can access it
 

#mcl

Senior Member
Yeah that is a way, but I was thinking that maybe these files are inside of the IMG files of the firmware from Google, and that firmware isn't lock 🔒, so if anyone manage to find those files there you wouldn't need to buy another pixel to extract the firmware.
I also think that in reality you don't need the firmware but rather some files for your Qualcomm Chipset to get the Sahara protocol working and I believe later on you flash the firmware, however I am not sure about that as I didn't try it. 🤔
I think this because you can find some Qualcomm snapdragon 855 programmer files (which had the extension we need), so they may be basic files that activates the Sahara protocol (which is the one used when the phone is in this mode) and only after I believe you can flash the firmware using some commands. ⌨️
I would like to try out this but I can't as it could brick my phone and I don't have other to use, and I don't have any other pixel, this is my first and only Pixel ever.
So if you have an older pixel and you want you could try this theory...👍🏻
 

Daniyal48

Senior Member
Jun 1, 2019
55
9
Yeah that is a way, but I was thinking that maybe these files are inside of the IMG files of the firmware from Google, and that firmware isn't lock 🔒, so if anyone manage to find those files there you wouldn't need to buy another pixel to extract the firmware.
I also think that in reality you don't need the firmware but rather some files for your Qualcomm Chipset to get the Sahara protocol working and I believe later on you flash the firmware, however I am not sure about that as I didn't try it. 🤔
I think this because you can find some Qualcomm snapdragon 855 programmer files (which had the extension we need), so they may be basic files that activates the Sahara protocol (which is the one used when the phone is in this mode) and only after I believe you can flash the firmware using some commands. ⌨️
I would like to try out this but I can't as it could brick my phone and I don't have other to use, and I don't have any other pixel, this is my first and only Pixel ever.
So if you have an older pixel and you want you could try this theory...👍🏻
I have Pixel 2 XL but it doesn't boot into EDL i tried fastboot commands and also abd commands but it doesn't even go there...I have Pixel 3 XL on the way I will try on that but that is already unlocked
 

Daniyal48

Senior Member
Jun 1, 2019
55
9
Yeah that is a way, but I was thinking that maybe these files are inside of the IMG files of the firmware from Google, and that firmware isn't lock 🔒, so if anyone manage to find those files there you wouldn't need to buy another pixel to extract the firmware.
I also think that in reality you don't need the firmware but rather some files for your Qualcomm Chipset to get the Sahara protocol working and I believe later on you flash the firmware, however I am not sure about that as I didn't try it. 🤔
I think this because you can find some Qualcomm snapdragon 855 programmer files (which had the extension we need), so they may be basic files that activates the Sahara protocol (which is the one used when the phone is in this mode) and only after I believe you can flash the firmware using some commands. ⌨️
I would like to try out this but I can't as it could brick my phone and I don't have other to use, and I don't have any other pixel, this is my first and only Pixel ever.
So if you have an older pixel and you want you could try this theory...👍🏻
Are these files related to our issue
 
  • Like
Reactions: #mcl

Top Liked Posts

  • There are no posts matching your filters.
  • 3
    Today tested new way to unlock via adb, later post result
    2
    I wonder if there is a way to block the network requests (on the device itself or perhaps on my router) that Device Setup makes if the metered option is disabled. The biggest issue with metered Wifi that I've come across so far is that the Play Store won't install apps unless you manually install them each individually. And with a new device/copy setup, that is a lot of apps!
    I solved this with a third party app called Netguard, went to advance settings and allowed system apps. Look for device setup app in netguard and block it from wifi. You can now connect to any wifi without changing anything .
    1
    Not yet, waiting for devices with December patch
    1
    Today tested new way to unlock via adb, later post result
    Can you share the new method? A friend of mine has a Pixel 5 with december patch.

    We'll share the results
  • 6
    ____________________________________________________

    UPDATE AS OF 9 OF DECEMBER OF 2022:
    The security patch of December of 2022 fixed the patch, so it doesn't work on this version and newer ones.
    A am working to get the exploit to work on newer version, but for now haven't found any. If anyone has any ideas or suggestions please let me know!
    ____________________________________________________

    Hey everybody! 👋🏻
    So recently I bought a Google Pixel 4 XL. The thing is that in Europe they are too expensive compared to the US, so I bought one that was from AT&T(used of course). However is that I need to use my SIM on the phone, but of course, the phone refused to allow me to use my SIM from Spain. ⛔️

    So after hours of research, I found a way to unlock it. Here are the steps: 📝
    1. Remove your SIM card if it is on the phone
    2. Do a factory reset
    3. Do OFFLINE SETUP. Also, DON'T PUT ANY PASSWORD OR ANY TYPE OF SCREEN LOCK 🙅🏻
    4. Once you are on the main screen, enable USB Debugging.
    5. Connect the phone to the computer (I assume you already have the USB drivers, platform-tools downloaded and knowledge on how to use ADB commands🤷🏻. If you don't have the SDK downloaded, head to this link and follow the instructions👍🏻)
    6. Inside the platform-tools folder, open a terminal window and run "adb shell"(on mac, once you are on the directory you have to run "./adb shell") and then "pm uninstall -k --user 0 com.google.android.apps.work.oobconfig" (run them without quotes)

    After this, you can already connect the phone to the internet and put your SIM in👏🏻.
    This didn't unlock the phone though 🙄. What we have just done is this:

    When we connect the phone to the internet, it verifies if it should lock the SIM or not. So we did a setup without internet, so the phone can't do that. After that, we uninstall the package responsible for doing this.
    So when we connect it to the internet, it won't check the SIM lock 😯
    However, the bootloader is still locked and grey out. This is because this app is responsible to grey or not the bootloader switch. If it is from a carrier, the package will disable the switch, and if not you will have the ability to unlock it. As we kill the app before it could do its job, the bootloader will be waiting until the package gives its answer.

    Special thanks to this Jorge Cortés to make this post possible. 🙏🏻

    If you find the post useful, consider buying me a cup of coffee please with Revolut. 😊
    6
    Hello all! Happy to know the guide worked out for many people.
    I haven't updated to december update, nor did a factory reset recently, but it can be the case.
    There have been some months since I publish the guide so it wouldn't surprise me that google found it and fix it.

    If you already run the exploit of course it won't reverse, but if you haven't and you already updated you are probably out of luck unfortunately.

    Another thing I see commonly is why the OEM unlock google still is grey out. As I said on the guide, this DOES NOT UNLOCK THE BOOTLADER, it just don't let the phone check wether it is from a carrier or if it unlocked. As a consequence the SIM card will work as it didn't verify if it should lock some carrier or not, but in order to unlock the bootloader, the package that my script removes needs to tell the system that the phone is free, which for those who use this exploit isn't the case.
    I am still working on that, but that is way more harder, especially for people running the latest software, as new software usually patches this things, making the exploit useless for newer versions.

    I will keep working on the unlock method, and will have a look on how to update this to the new December 2022 security patch.

    Though if anyone has any ideas or suggestions please let me know, it really helps a lot!
    4

    But WIFI can be used only with "Thread as metered" option
    3
    you can't delete the file anymore, but you can install another one from the apk file on top of the existing one. If you find a good programmer who will make changes to the apk file for installation, I think it can help. But this is a complicated method.
    3
    Today tested new way to unlock via adb, later post result