Unlocking bootloader/ rebooting in edl without testpoint Vivo Y31 2021

Search This thread

xiaoleGun

Member
May 23, 2022
21
7
Beijing, P.R.China
it

it's clearly that iqoo bootloaders are different...

you can create 1G file filled with 1 with this

< /dev/zero tr '\000' '\377' | head -c 1G > filledwith1.img

if you're not linux user then you can do it in termux apk ob your phone
I generated an img file in wsl2 and flashed the mobile phone under windows. It also checks for signature errors.
KF2DWO@]989L{{OU0202C]Y.png

KJXO0DX0C99{QMX8GTLW8B9.png
 

wenti2002

New member
May 23, 2022
2
0
Thank you so much.I tried to use usb2.0 port but it didn't work .Also there are more and more vivo or iqoo devices succeeding now,even though they are much older than iqoo neo5.So I suspected that it is because that iqoo neo5 is made by wingtech(an odm company).It may need to reverse the xboot.
 

xiaoleGun

Member
May 23, 2022
21
7
Beijing, P.R.China
file isn't uploading....
mb you need header(first 16kb) from any normal ext4 img file
dd if=./authentic.img of=./filledwith1.img bs=1K count=16
Do you mean I use any normal img to execute commands?

I got a file with a size of 16k.

Then, many devices in China have successfully achieved root through your method, such as iqoo 9pro, iqoo 9, iqoo 8pro, iqoo 8, vivo X60, vivo x60pro and other devices. Thank you for your work. However, there are no successful examples of devices using sm8250.
 

Pervokur

Senior Member
Feb 15, 2022
107
27
Do you mean I use any normal img to execute commands?

I got a file with a size of 16k.

Then, many devices in China have successfully achieved root through your method, such as iqoo 9pro, iqoo 9, iqoo 8pro, iqoo 8, vivo X60, vivo x60pro and other devices. Thank you for your work. However, there are no successful examples of devices using sm8250.
you need to copy first 16kb of img file that you have used in the begging to file filled with 1
if - input file, use name of you normal img file
of - outputfile, use name of generated file filled with 1
they should be in the same folder
 

Pervokur

Senior Member
Feb 15, 2022
107
27
I don't know. I haven't even seen okey
well, at least device start uploading img file even with locked BL
When you enter unlock_vivo in 2nd terminal BL thinks, that img file is a signature file. Too big file breaking the logic of signature check.
But it doesn't work for you. Mb img file shoud be filled with special characters, or maybe it will not work at all.
 

Paradise.

Member
May 24, 2022
7
0
好吧,至少设备即使在锁定 BL 的情况下也开始上传 img 文件
当您在第二个终端输入 unlock_vivo 时,BL 认为该 img 文件是签名文件。太大的文件破坏了签名检查的逻辑。
但这对你不起作用。Mb img 文件应该填充特殊字符,否则它可能根本不起作用。
So what should I do
 

xiaoleGun

Member
May 23, 2022
21
7
Beijing, P.R.China
well, at least device start uploading img file even with locked BL
When you enter unlock_vivo in 2nd terminal BL thinks, that img file is a signature file. Too big file breaking the logic of signature check.
But it doesn't work for you. Mb img file shoud be filled with special characters, or maybe it will not work at all.
Maybe, at least it doesn't work on devices using sm8250 (at present)
 

Paradise.

Member
May 24, 2022
7
0
如果我有这样的手机,我会尝试蛮力方法
1.生成填充特殊字符的img文件 loke \n \r等
2.发送给BL
快速启动闪...
3.尝试解锁
快速启动vivo_bsp

查看结果,mb它将成功或至少错误会有所不同

Actually I haven't learned linux commands and I don't know how to create this file。。。。
 

xiaoleGun

Member
May 23, 2022
21
7
Beijing, P.R.China
there are alot smart people in China, someone could find right method...
i used the mp4 file, which is actually composed of strings. i renamed it to system.img sends it to BL and executes fastboot vivo_bsp unlock_vivo, the device will restart immediately, and the error is:

status read failed (Too many links)

is it possible that some protective measure of the device makes it restart, resulting in the computer unable to read the state?
 

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    Pervokur do u have magisk working on your vivo y31? I managed to patch and flash the latest ota boot img on my vivo y31 but it gets stuck in fastboot mode and doesn't reboot. The recovery screen says that the phone is rooted but it
    on y31 magisk can't mount /system, so things aren't simple

    -flash los19.1 gsi and use phh-su

    -you can try to boot with my vbmeta, but I didn't try to fix magisk on stock rom. In theory 24.3 magisk will be able to grant root(no modules) if you manualy start daemon

    /sbin/magisk64 --daemon

    but for it you should edit some .rc or .sh file

    vgc/vgc.rc could be a good target

    Can't help with anything else.
  • 2
    I must ask
    is this tested on the x fold???
    I did it!

    These feature works even after BLU:
    Fingerprint sensor
    Face ID
    OTA install

    and Magisk works too!
    You have to use DSU Loader to get boot.img though.

    Here's full firmware dump of PD2178_A_12.0.14.5.W10 (contains all partitions for research purpose):
    xfoldblu.jpg
    2
    This is a tool from our QQ group.

    I think it is necessary to remind those of you who use the sm8250 device that the sm8250 is not applicable to this method.

    fingerprint unlocking can also be used normally on x70pro+. You only need to use version 1.5 factory test to calibrate the fingerprint
    1
    Unlocked models with this method:
    Vivo Y31 PD2050F 2021 A12 6.7.20
    Vivo V21e PD2107F A12 6.6.19

    I did it from rooted Samsung J120F, I didn't try from PC///bc no PC =(



    My guide in Russian {Mod edit: Link removed}

    Custom fastboot for vivo in ubu.zip is from here https://forum.xda-developers.com/t/how-to-unlock-bootloader-of-vivo-phones.3686690/

    Video of a double terminal attack. After I came up with such an idea, I succeeded on the first try. To reboot in edl just use

    fastboot oem reboot-edl

    instead of

    fastboot vivo_bsp unlock_vivo

    REMINDER! Rebooting into edl from fastboot returning locked state, so you should unlock again if you need it.


    My setup
    rooted Sumsung J120F with A10 custom rom from this forum
    custom fastboot for vivo v2 (Linux x86_64) from this forum (for vivo_bsp command)
    Termux from f-droid
    Ubuntu CLI from here https://github.com/tuanpham-dev/termux-ubuntu

    So there is nothing from mother Russia=) Well... only sources list with officials servers with tag arch=amd64, you can create your own in order to download x86_64 libs.

    You can use any .img, big enough.

    Vivo Y31 <
    qemu + fastboot , so i could run x86_64 on my 32 bit arm phone
    Ubuntu to run qemu
    Termux to run Ubuntu
    Magisk to grant root

    All commands with root, otherwise fastboot will not see device.

    If you can copy-paste commands, then you will understand this

    Подготовка
    #
    1. ставим termux с f-droid

    скачиваем кастомный fastboot для виво и источники пакетов для ubuntu Прикрепленный файлubu.zip ( 362.4 КБ )Кол-во скачиваний: 10
    и распакуем в обычную стандартную папку Download, она же Загрузки

    скачиваем vendor.img , хотя наверное может подойти любой vendor.img или даже любой *.img

    2. запускаем termux

    3. вводим
    termux-setup-storage
    соглашаемся

    4. вводим
    pkg update
    на вопросы отвечаем
    y
    ввод

    5 ставим сюда ubuntu, копируем-вставляем всю строчку

    pkg install tsu wget curl proot tar -y && wget https://raw.githubusercontent.com/tuanpham-dev/termux-ubuntu/master/ubuntu.sh && chmod +x ubuntu.sh && bash ubuntu.sh nde


    соглашаемся на все

    задаем пользователя и пароли(пользователь маленькими буквами, пароль минимум 6 знаков!!!), я задал
    user
    user
    mmmmmm
    mmmmmm

    6 мы внутри ubuntu, но давайте выйдем и зайдем

    exit

    заходим в убунту с рут

    sudo ./start-ubuntu20.sh

    7 получаем рут и переходим в корень

    su
    вводим пароль, который вы задали, у меня mmmmmm

    cd

    копируем из загрузок файлы фастбут и источники, чтоб можно было скачать x86_64 либы

    cp ../sdcard/download/amd64.list ../etc/apt/sources.list.d
    cp ../sdcard/download/fastboot ~/

    8 добавляем целевую архитектуру x86_64

    dpkg --add-architecture amd64

    9 все обновляем

    apt-get update

    10 ставим qemu

    apt install qemu-user

    11 устанавливаем x86_64 fastboot ради библиотек(может и не надо)

    apt install fastboot:amd64


    Атака
    #
    12 В ubuntu запускаем наш фастбут через эмулятор

    qemu-x86_64 /root/../lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 --library-path /root/../lib/x86_64-linux-gnu/ ./fastboot --help

    жмем стрелочку вверх , стираем --help и вводим vivo_bsp unlock_vivo

    выполняем и получаем fail

    13 в термуксе свайпаем с левой верхней части экрана для показа меню и жмем new session, это нужно для второго терминала
    #


    14 выбираем второй инстанс и также заходим в убунту

    sudo ./start-ubuntu20.sh

    далее

    su

    вводим пароль, который вы задавали

    перходим в корень

    cd

    теперь можно сразу две команды посылать

    15 В новом терминале вставляем

    qemu-x86_64 /root/../lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 --library-path /root/../lib/x86_64-linux-gnu/ ./fastboot flash vendor /sdcard/download/vendor.img

    файл vendor.img должен быть в загрузках

    Пойдет загрузка файла в телефон, но не прошивка. Её без анлока и полного скачивания не будет

    16 Переходим в первый терминал и выполняем команду повторно

    стрелочка вверх - ввод

    qemu-x86_64 /root/../lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 --library-path /root/../lib/x86_64-linux-gnu/ ./fastboot vivo_bsp unlock_vivo
    1
    OMG! You did it you mad man! I did this on windows, unlocked the bootloader on the Vivo x70 pro plus.
    1
    How would I do that? Edit: Nvm, its in your files. Thanks!
    It's not in my file. It's here.

    Next, my expression may be incomprehensible to you because my English is not good. In order to facilitate understanding, I will provide Chinese for your reference

    1. You need a black and flesh rubber
    2. Installation factory test 1.5
    3. Enter phone input * #558# enter factory test
    4. Find the quality test
    5. Find the fingerprint test
    6. Photoelectric fingerprint calibration
    7. Use flesh colored rubber for calibration
    8. Use black rubber for calibration

    Now, you can enjoy root and fingerprints.

    Chinese
    1.你需要一块黑色和肉色橡皮
    2.安装工厂测试1.5
    3.进入Phone输入*#558#进入工厂测试
    4.找到品质测试
    5.找到指纹测试
    6.选择第一个光电指纹校准
    7.使用肉色橡皮进行校准
    8.使用黑色橡皮进行校准