Question Verizon Pixel 6 Pro Bootloader Unlock?

Search This thread

Yeedatoy

Senior Member
Jul 18, 2018
233
103
37
Charlotte
AT&T HTC One X
Moto G6
What happens if you delete the device setup app before booting the phone? Would it boot to the system, like custom roms are still able to? The package is modified by Verizon, according to Appops. Look. It also states clearly that it locks the device.
 

Attachments

  • Screenshot_20220616-214344.png
    Screenshot_20220616-214344.png
    144.6 KB · Views: 84
  • Screenshot_20220616-214336.png
    Screenshot_20220616-214336.png
    146.3 KB · Views: 84

Yeedatoy

Senior Member
Jul 18, 2018
233
103
37
Charlotte
AT&T HTC One X
Moto G6
I can revoke the permissions, but the app restricts cache from being cleared, and the cmd line through adb can't clear it without using adb as root. Basically, is there a way to change permissions of the app before booting, but only the necessary ones, in the same way app ops is able to... Which does not disable the permission entirely, it just returns false information
 

tmessy

Senior Member
Mar 12, 2011
62
7
Goodyear
OK. Hear me out.
I am throwing no shade at anyone at all.
But, I feel like over the years I have spent browsing this site and forums - after wrecking old Androids and even a couple PCs - I have came across a few user accounts that leave you saying, "oh *blank*, this person knows their *blank*"...
I say this because I have the hardest time with the, "oh, VZW locks their Bootloader, permanently. End of story. Can't do it. Etc.".

Isn't that what Apple intended before jailbreak exploits?
Someone wrote that code to lock the Bootloader.
Now I am not a Christian of faith in the slightest, but the only way for this to make sense to me is if Jesus himself wrote the code.
And that just might be the tangible proof to make me believe 🙃😂


I digress... So, really? No one here is remotely capable of figuring out how they locked it and therefore the process of unlocking it??
That I do not believe...
 

LLStarks

Senior Member
Jun 1, 2012
1,917
1,126
If we had a bunch of Verizon units to play with and wire up to a JTAG or similar, maybe we could do some of the risky **** like blindly flashing partitions or more traditional root exploits.

But a locked bootloader isn't just locked. Partition integrity is frequently checked.

It's hard to brick a Pixel but nobody wants to risk it.

Similar conversations are had for OnePlus phones on Verizon.
 

HolyHog

Senior Member
Jun 11, 2015
153
66
Anchorage
If we had a bunch of Verizon units to play with and wire up to a JTAG or similar, maybe we could do some of the risky **** like blindly flashing partitions or more traditional root exploits.

But a locked bootloader isn't just locked. Partition integrity is frequently checked.

It's hard to brick a Pixel but nobody wants to risk it.

Similar conversations are had for OnePlus phones on Verizon.
I have a OP8Pro on Verizon and have been boot loader unlocked rooted since I bought it from Oneplus 2 years ago.
 
Bro that's exactly what I said and yes it's ONLY because you unlocked it before putting in a sim.

Have you been asleep for the last 7 years? Verizon is the reason that getting root has only become more difficult.

Seriously... Dont tell me I'm wrong and then say the same damn thing I said.

Ridiculous...
You are wrong. I'm using a Pixel 6 Pro on Verizon and did NOT unlock my bootloader before I put the SIM in and was still obviously able to unlock my bootloader and root my phone.
 

KC69

Senior Member
Jul 25, 2011
677
169
You are wrong. I'm using a Pixel 6 Pro on Verizon and did NOT unlock my bootloader before I put the SIM in and was still obviously able to unlock my bootloader and root my phone.
Did you buy it from Verizon? Or from Google? Cuz we All wanna know how you did it.
 

d0x360

Senior Member
Mar 11, 2009
92
17
You are wrong. I'm using a Pixel 6 Pro on Verizon and did NOT unlock my bootloader before I put the SIM in and was still obviously able to unlock my bootloader and root my phone.

Wth are you quoting my post for? Like 1 post down we settled the disagreement and I was wrong..

Don't bring things up without actually reading the thread... Just a couple more posts and you would have gotten the entire story from like a year ago. If the posts somehow aren't there then someone deleted like 6 of them
 

RebelPat

New member
Jul 4, 2022
2
1
I don't never really post on here...I"m not that good with computers...I certainly ain't got no degrees or college education like I'm sure most of y'all on here do. But I will say one thing when I wanna do something I'ma figure out how to do it whatever it takes. So I don't know if Verizon pays people to go on this forum and say that can't be done but y'all don't listen to em. I just bought a Pixel 6 Pro today Security Patch was still October 2021. I haven't even been fooling with the phone for a hour and I managed to use dirty pipe exploit to gain a root shell on a VERIZON Pixel 6 pro. Now like I said I ain't no computer pro an I ain't got no college degree but I'm pretty sure that if I can do that I can unlock the bootloader too. So yea anyone tells you sumthin can't be done its cuz they don't want you to do it, cuz ain't nothing impossible if you want it bad enough. Anyway, dirty pipe exploit you wanna root your pixel 6 pro from verizon DON'T LET IT SECURITY UPDATE and find the dirty pipe exploit on github. Now you gotta change the run.sh so that the dirtypipe binary is run with "-f" at the end or its gonna say unsupported product. Do that then run run.sh and run adb shell and then su and you got a temporary root.

Dirty Pipe Exploit (if you brick your phone that's on your body)
 
  • Like
  • Wow
Reactions: Alekos and tmessy

roirraW "edor" ehT

Forum Moderator
Staff member
Exactly what @Nergal di Cuthah says. Is it possible it will happen? Yes, although usually, it's a device-specific or device series-specific temporary flaw that just maybe with a lot of work and experimentation might be able to be used to either unlock a Verizon device's bootloader. Keeping everyone who has a Verizon device to try to keep all OTAs away (probably very hard unless you never connect to Wi-Fi and mobile data), so that such exploits aren't patched is highly impossible, so at best an exploit will allow a relatively select few to take advantage of.

I was able to unlock the bootloader of my Verizon Pixel 1 (the last carrier device I bought) while it was on Android 7.10, and when updated to 7.1.1 fixed the flaw that allowed the bootloader to be unlocked. So yes, it does happen. It is wrong to generally tell those who ask about unlocking their Verizon bootloader that yes, they can since that's an unknown factor.

An alternative is giving a more complex answer, which is tedious and gets very old for how many times those with Verizon devices ask the question. So some legal-esque vague answers such as:

99.9% probability for anyone with a Verizon device, no you won't be able to ever unlock the bootloader. There is a 0.1% (or less) chance that someday, somehow, a way may be discovered that works for a short amount of time that allows you to unlock the bootloader.

This is a messy answer and giving it to anyone who asks this question is probably just leading to a lot more messy answers, as surely they will then ask other questions to which we might not know the answer.

I suppose we can translate the above answer to something easier but still very vague like:

No, never, yet there is about as much chance that you might be able to unlock the bootloader at some fixed point in time in the future as winning millions of dollars in a lottery, so technically there is a very tiny chance it might happen.
 

Lughnasadh

Senior Member
Mar 23, 2015
3,572
3,681
Google Nexus 5
Huawei Nexus 6P
I don't never really post on here...I"m not that good with computers...I certainly ain't got no degrees or college education like I'm sure most of y'all on here do. But I will say one thing when I wanna do something I'ma figure out how to do it whatever it takes. So I don't know if Verizon pays people to go on this forum and say that can't be done but y'all don't listen to em. I just bought a Pixel 6 Pro today Security Patch was still October 2021. I haven't even been fooling with the phone for a hour and I managed to use dirty pipe exploit to gain a root shell on a VERIZON Pixel 6 pro. Now like I said I ain't no computer pro an I ain't got no college degree but I'm pretty sure that if I can do that I can unlock the bootloader too. So yea anyone tells you sumthin can't be done its cuz they don't want you to do it, cuz ain't nothing impossible if you want it bad enough. Anyway, dirty pipe exploit you wanna root your pixel 6 pro from verizon DON'T LET IT SECURITY UPDATE and find the dirty pipe exploit on github. Now you gotta change the run.sh so that the dirtypipe binary is run with "-f" at the end or its gonna say unsupported product. Do that then run run.sh and run adb shell and then su and you got a temporary root.

Dirty Pipe Exploit (if you brick your phone that's on your body)
Yes, gaining temporary root on the Pixel 6 Pro with a locked bootloader via Dirty Pipe is well known. I don't believe it survives a reboot though.

But the question is, have you unlocked your bootloader? And have you also updated to the most recent security update?

Because if you have to stay on the October security patch and have to do the exploit every time you reboot, well, that's not really feasible for most.

So the real question is, can the bootloader be unlocked via Dirty Pipe, will it stay unlocked during subsequent security updates and will you be able to root thereafter.
 
Last edited:

LLStarks

Senior Member
Jun 1, 2012
1,917
1,126
There's also a new 0day floating around today.

But the point remains: Unless you can override get_unlock_ability, root probably is not enough to unlock the bootloader.
 
  • Like
Reactions: roirraW "edor" ehT

RebelPat

New member
Jul 4, 2022
2
1
Yes, gaining temporary root on the Pixel 6 Pro with a locked bootloader via Dirty Pipe is well known. I don't believe it survives a reboot though.

But the question is, have you unlocked your bootloader? And have you also updated to the most recent security update?

Because if you have to stay on the October security patch and have to do the exploit every time you reboot, well, that's not really feasible for most.

So the real question is, can the bootloader be unlocked via Dirty Pipe, will it stay unlocked during subsequent security updates and will you be able to root thereafter.
Well as I said I'm no phone expert I just like doin stuff that I'm not supposed to be able to (rooting phones for example). But after hard-bricking the first pixel and returning it and bricking another one (although this one still has fastboot but apparently unlike motorolas with locked bootloaders you can't even flash a factory boot image back on via fastboot and it won't boot into recovery) and after finding out that even AT&T lets you unlock the bootloader after you've paid off the phone (which makes sense since it then becomes YOUR PHONE not AT&T's phone) I've decided to go back to AT&T and leave the unlocking of verizon bootloaders to people with college degrees...But I still believe it can definitely be done I mean if you acheive root there has to be a way to modify some data value or something to change the oem unlock to allow, I just don't know how to do it and I can't keep driving a hour to verizon and telling them my phones broke there gonna start getting susipiscous eventually, but i still firmly believe that it can be done and anyone who says it can't probably works for Verizon.

Edit:
Oh an to answer your question about system updates, usually once I root a phone an can get the bootloader unlocked I jus install lineageOS and manually add the su binary as well as the lines into init.rc an install a generic SuperUser app (not Magisk) I think its Phh Superuser so that I'll have root access. An I know someone is prolly gonna say "but how do you use apps that can detect root?" Well it took me awhile to figure that one out....But then I found frida which works like a charm on pretty much 99% of apps that try to detect root if you run it with a frida-antiroot script.
 
Last edited:

96carboard

Senior Member
Jul 17, 2018
727
416
This whole unlock/root/jailbreak thing comes down to two things; numbers, and technology.

Technology is the easier thing to address. Some things are easier to hack than others because of the quality of the code behind it. The fruit company sells design/lifestyle, not technology, and consequently, what they sell is subject to bad code and easy exploits -- pretty, but ineffective. The stuff underlying Android is a lot more well developed and secure and this makes the job a lot harder.

But numbers is the more interesting part here. How many people HAVE non-unlockable verizon version of pixel 6 or pixel 6 pro? The answer is that its a *small* subset of the total number of people who have pixel 6 [pro]. How about how many people in total have iFruit? All of them.

But that's not all there is to it, because people, like myself, who know that they need their phone to be unlockable, will specifically buy it from NOT-verizon so that it CAN be unlocked. The result then is that you've got 10 or 20 people IN TOTAL with non-unlockable pixel 6 [pro] who want to unlock it, and everybody else really doesn't care because it doesn't help them at all since their phone is already unlocked.

Why would you buy a phone that is intended so that it can't be unlocked when you want a phone that is unlocked?

If you want to fix this problem, TELL the vendors through your wallet. Imagine if everybody refused to buy phones unless they were unlockable, then they would ALL be unlockable.
 
Pretty sure I already know the answer but I'm going to ask anyway.
I have a new in box Pro 6, from vzw sadly. Never powered it on.
Is there any possibility that I could get the bootloader unlocked prior to it connecting to a network of any kind?

Dirty pipe seems promising but there is no link between it and an unlocked vzw bootloader that I can find. Asking before I set up the device and likely kiss an unlocked bootloader goodbye for the life of this device.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 2
    The reason Verizon can easily unlock phones isn’t from their own choosing, it’s bcuz the FCC sold them a bunch of bands and one of the requirements with the sale was to allow users the freedom of choice and go with any carrier they chose hence them not carrier locking phones. This was way back before they even had the 60 day rule, Verizon phones came unlocked out of the box.. I’m no XDA writer, just a plain old dude that’s messed around with phones since the turn of the century. Your rant is a broken record that we see in every Verizon bootloader thread on every device here. There’s always someone who made the mistake and bought a Verizon device only to be butthurt when they discover they’re locked the funk down. What’s surprising is your lengthy resume here combined w/ the vast experience you say you have, yet still made that boo-boo..
    You clearly didn’t write anything on Verizon, too bad, so sad.. We usually these sort of out bursts from newbies.. A few of them were pretty determined too, emailed everyone they could at Verizon hoping to over turn the way they conduct their business, only to be simply ignored.. womp womp..
    The smarter ones gave up and bought an unlockable device.. curious on what an experienced XDA column writer would do,
    besides starting to read what others here also wrote…?
    Not sure who this condescending, self adulating nonsense was intended for, but it certainly isn't me.
    1
    Pretty sure I already know the answer but I'm going to ask anyway.
    I have a new in box Pro 6, from vzw sadly. Never powered it on.
    Is there any possibility that I could get the bootloader unlocked prior to it connecting to a network of any kind?

    Dirty pipe seems promising but there is no link between it and an unlocked vzw bootloader that I can find. Asking before I set up the device and likely kiss an unlocked bootloader goodbye for the life of this device.
    There is none at the moment, and probably won't be for the foreseeable future. My best bet for you is to either just deal with it or resell/trade for an unlocked one.

    You can do many things to compromise Android to gain root now, and certainly in the future, but it's just going to be a transient root. The attack surface of the bootloader is small, and most importantly, the knowledge is kept secret. Only Google and hardware vendors have access to the inner workings, and only Google is the one to be able to generate the unlock token for a device to allow it's bootloader to unlock itself.
    You could try bruteforcing the token for a device, or the key and algorithm for all devices, but it's a numbers game with the odds so infinitesimally small for you. The number of unlock tokens is massive, more than the number of grains of sand on Earth, more than the number of stars in the universe, more than the number of stars in a billion universes. You can't bruteforce it, you're going to have to find a flaw in the bootloader. Problem is, Google has a vested interest in making sure there are no flaws, as they have already patched several of them before.
    Previously you could unlock the Verizon Pixels via a flaw in the bootloader, which was patched. Later you could unlock them again along with the Verizon Pixel 2 due to an oversight on Google's part with them handing out unlock tokens, which was also patched. That's where it ended, there haven't been any exploits or oversights since.

    It would be nice for an exploit to be discovered, because regardless of the differences in the unlockable variants versus the permanently locked variants, they are all going to be the same if (and a guaranteed when) Google is no longer is generating unlock tokens (read: they cease to exist or their servers go down.)

    Which is actually the current situation of my Pixel 6a. It's unlockable, but I can't unlock it, because Google hasn't begun creating unlock tokens, because I got it two days before launch.
    1
    The reason Verizon can easily unlock phones isn’t from their own choosing, it’s bcuz the FCC sold them a bunch of bands and one of the requirements with the sale was to allow users the freedom of choice and go with any carrier they chose hence them not carrier locking phones. This was way back before they even had the 60 day rule, Verizon phones came unlocked out of the box.. I’m no XDA writer, just a plain old dude that’s messed around with phones since the turn of the century. Your rant is a broken record that we see in every Verizon bootloader thread on every device here. There’s always someone who made the mistake and bought a Verizon device only to be butthurt when they discover they’re locked the funk down. What’s surprising is your lengthy resume here combined w/ the vast experience you say you have, yet still made that boo-boo.. You clearly didn’t write anything on Verizon, too bad, so sad.. We usually these sort of out bursts from newbies.. A few of them were pretty determined too, emailed everyone they could at Verizon hoping to over turn the way they conduct their business, only to be simply ignored.. womp womp..
    The smarter ones gave up and bought an unlockable device.. curious on what an experienced XDA column writer would do,
    besides starting to read what others here also wrote…?
    Think you're directing your unpleasantries at the wrong person.
  • 9
    The fact that people still believe you can't unlocked the bootloader on any Verizon pixel, is your first sign there are no quality developers on this forum anymore.

    It's straightforward.

    Sim unlock your phone and boom.

    Or, continue to trust the below-average folks on these forums.

    Yet, here I am doing the same unlock method again, with the same result. This speaks volumes to how good the supposed developers are on XDA.


    Your insults directed at developers, and other members on Xda violate Forum Rules and are no longer welcome in the forums.


    Please make sure you fully understand the following:

    1) if you have a proven method to unlock the bootloader on VZW devices, open a thread, make yourself famous, and become the greatest Xda developer ever. If you can't or won't open your own thread and share your method, stop posting your self -righteous comments allover the forums.

    2) if you post any further insults directed at Xda members, your account will be restricted. Xda is about sharing and developing, not smoke & mirrors and insulting other members who have actually produced tons of legit development.

    No more warnings on this, check your PM.

    Thanks for your cooperation.
    8
    No, I've been rooting/modding phones since eclair and used to be an XDA News writer, I definitely understand the difference between sim and bootloader unlocking. Once the phone is sim unlocked, the "OEM UNLOCK" option should no longer be greyed out in the developer options. Once that setting becomes available after sim unlock, there shouldn't be anything in the way of unlocking the bootloader. The only thing that could be an issue is if the manufacturer then required a token to unlock the bootloader, but I'm gonna go with Google isn't requiring that. Now, this is all based on my own knowledge and experience, if anyone has more insight to either back me up or shoot me down, please, this is the whole reason we're here in these threads, to gain knowledge and information.
    If Verizon is so informal about sim unlocking their phones after 60 days, it really doesn't make sense for them to enforce bootloader locking at that point.
    I mean, what is the point once they cut you loose with your sim card? Check this out, I had this ****ty Nord 10 5G from Metro and a guy figured out which apps to remove via ADB to carrier unlock the phone, hence making the OEM UNLOCK choice available in developer settings. What I'm saying is sometimes things aren't as locked down as you think, I mean, Metro is pretty strict on carrier locking their phones and really don't like doing it after you've met all the requirements. So if it's as easy as getting rid of a few apps via sneaking through ADB, it's gotta be that way for all the phones it's not like they're running different software (other than version level) they're all Android. Maybe this information will inspire someone on here that knows way more than me to figure out how to unlock a Verizon locked bootloader. If I'm correct, they really don't have that power to lock the bootloader, only to take away our option to do so by "sim/carrier" locking the phone which the software is told to take away our ability to choose that option. Please, anyone, I honestly would like to know if I'm wrong, but don't just say I'm wrong, explain to me and the rest of us. Thanks guys and girls!!!
    I seriously doubt the "60 day sim unlock" allows the bootloader to be unlocked, otherwise we'd have a ton of VZW variant threads filled with development, and devices that are 61 days old, rooted, and running custom Roms.

    But we don't. We don't have even have any developers working on VZW devices, regardless of age. So deductively thinking, the "60 day sim unlock" doesn't sound like it's currently an option.

    Just my .02 (USD) worth 😁
    7
    Once the phone is sim unlocked, the "OEM UNLOCK" option should no longer be greyed out in the developer options.

    That has never happened on a VZ Pixel and it is not going to happen on this one. Why is this so hard for people to understand?
    7
    Why are we doing this dance yet again? It's pointless and counterproductive.
    Thank you.
    This same exact thread happened in the Pixel 5 forum.

    He won't provide proof.
    And he doesn't have to... It's that simple.
    Just ignore, please.
    6
    It's not necessarily true, according to Verizon, they Sim unlock their phones after 60 days. Once that is done, we should be able to to check oem unlocking option in developers options and unlock the bootloader. Am I missing something?
    Incorrect. SIM unlocking is not necessarily related to bootloader unlocking. While T-Mobile (and I think AT&T) users on here have found and reported that when they achieve SIM unlocking on their variants, that they can then bootloader unlock as well, Verizon has for a very, very long time enforced bootloader lock with all their will.

    The only exceptions that I've ever heard of were not by choice of Verizon, but by hacks/vulnerabilities. Such as the VS985 LG G3, there was an exploit that didn't actually bootloader unlock, but more made it so that the locked bootloader didn't really matter. On the Pixel 1, if you had the Verizon variant and were still on Android 7.10 or below, you could unlock the bootloader, but once the 7.11 OTA came out, if you hadn't already unlocked the bootloader (or at least toggled the toggle), then you were locked in until a foreign national found a hacking way to get in, but they charge for it. All this while Verizon phones have been ultimately SIM unlocked for similarly a very long time.