Question Verizon Pixel 6 Pro Bootloader Unlock?
- Thread starter Kpwise509
- Start date
What happens if you delete the device setup app before booting the phone? Would it boot to the system, like custom roms are still able to? The package is modified by Verizon, according to Appops. Look. It also states clearly that it locks the device.
Attachments
I can revoke the permissions, but the app restricts cache from being cleared, and the cmd line through adb can't clear it without using adb as root. Basically, is there a way to change permissions of the app before booting, but only the necessary ones, in the same way app ops is able to... Which does not disable the permission entirely, it just returns false information
OK. Hear me out.
I am throwing no shade at anyone at all.
But, I feel like over the years I have spent browsing this site and forums - after wrecking old Androids and even a couple PCs - I have came across a few user accounts that leave you saying, "oh *blank*, this person knows their *blank*"...
I say this because I have the hardest time with the, "oh, VZW locks their Bootloader, permanently. End of story. Can't do it. Etc.".
Isn't that what Apple intended before jailbreak exploits?
Someone wrote that code to lock the Bootloader.
Now I am not a Christian of faith in the slightest, but the only way for this to make sense to me is if Jesus himself wrote the code.
And that just might be the tangible proof to make me believe
I digress... So, really? No one here is remotely capable of figuring out how they locked it and therefore the process of unlocking it??
That I do not believe...
I am throwing no shade at anyone at all.
But, I feel like over the years I have spent browsing this site and forums - after wrecking old Androids and even a couple PCs - I have came across a few user accounts that leave you saying, "oh *blank*, this person knows their *blank*"...
I say this because I have the hardest time with the, "oh, VZW locks their Bootloader, permanently. End of story. Can't do it. Etc.".
Isn't that what Apple intended before jailbreak exploits?
Someone wrote that code to lock the Bootloader.
Now I am not a Christian of faith in the slightest, but the only way for this to make sense to me is if Jesus himself wrote the code.
And that just might be the tangible proof to make me believe
I digress... So, really? No one here is remotely capable of figuring out how they locked it and therefore the process of unlocking it??
That I do not believe...
If we had a bunch of Verizon units to play with and wire up to a JTAG or similar, maybe we could do some of the risky **** like blindly flashing partitions or more traditional root exploits.
But a locked bootloader isn't just locked. Partition integrity is frequently checked.
It's hard to brick a Pixel but nobody wants to risk it.
Similar conversations are had for OnePlus phones on Verizon.
But a locked bootloader isn't just locked. Partition integrity is frequently checked.
It's hard to brick a Pixel but nobody wants to risk it.
Similar conversations are had for OnePlus phones on Verizon.
I have a OP8Pro on Verizon and have been boot loader unlocked rooted since I bought it from Oneplus 2 years ago.
TotallyAnxious
Senior Member
That's because you bought it from OnePlus.
Zach Alt
Senior Member
You are wrong. I'm using a Pixel 6 Pro on Verizon and did NOT unlock my bootloader before I put the SIM in and was still obviously able to unlock my bootloader and root my phone.
Did you buy it from Verizon? Or from Google? Cuz we All wanna know how you did it.
Zach Alt
Senior Member
Google. Because that's the only way to have a pixel 6 Pro with an unlocked bootloader on Verizon. Which is why this thread is still pointless.
Wth are you quoting my post for? Like 1 post down we settled the disagreement and I was wrong..
Don't bring things up without actually reading the thread... Just a couple more posts and you would have gotten the entire story from like a year ago. If the posts somehow aren't there then someone deleted like 6 of them
I don't never really post on here...I"m not that good with computers...I certainly ain't got no degrees or college education like I'm sure most of y'all on here do. But I will say one thing when I wanna do something I'ma figure out how to do it whatever it takes. So I don't know if Verizon pays people to go on this forum and say that can't be done but y'all don't listen to em. I just bought a Pixel 6 Pro today Security Patch was still October 2021. I haven't even been fooling with the phone for a hour and I managed to use dirty pipe exploit to gain a root shell on a VERIZON Pixel 6 pro. Now like I said I ain't no computer pro an I ain't got no college degree but I'm pretty sure that if I can do that I can unlock the bootloader too. So yea anyone tells you sumthin can't be done its cuz they don't want you to do it, cuz ain't nothing impossible if you want it bad enough. Anyway, dirty pipe exploit you wanna root your pixel 6 pro from verizon DON'T LET IT SECURITY UPDATE and find the dirty pipe exploit on github. Now you gotta change the run.sh so that the dirtypipe binary is run with "-f" at the end or its gonna say unsupported product. Do that then run run.sh and run adb shell and then su and you got a temporary root.
Dirty Pipe Exploit (if you brick your phone that's on your body)
Dirty Pipe Exploit (if you brick your phone that's on your body)
The people who say there is no way to unlock bootloader, mean it can't be done without an exploit of a temporary flaw. Flaws get patched. Flaws leave you exposed to security issues (in your case dirty pipe).
Those that say there's no way are informing that there's no legitimate way to root.
Those that say there's no way are informing that there's no legitimate way to root.
Exactly what @Nergal di Cuthah says. Is it possible it will happen? Yes, although usually, it's a device-specific or device series-specific temporary flaw that just maybe with a lot of work and experimentation might be able to be used to either unlock a Verizon device's bootloader. Keeping everyone who has a Verizon device to try to keep all OTAs away (probably very hard unless you never connect to Wi-Fi and mobile data), so that such exploits aren't patched is highly impossible, so at best an exploit will allow a relatively select few to take advantage of.
I was able to unlock the bootloader of my Verizon Pixel 1 (the last carrier device I bought) while it was on Android 7.10, and when updated to 7.1.1 fixed the flaw that allowed the bootloader to be unlocked. So yes, it does happen. It is wrong to generally tell those who ask about unlocking their Verizon bootloader that yes, they can since that's an unknown factor.
An alternative is giving a more complex answer, which is tedious and gets very old for how many times those with Verizon devices ask the question. So some legal-esque vague answers such as:
This is a messy answer and giving it to anyone who asks this question is probably just leading to a lot more messy answers, as surely they will then ask other questions to which we might not know the answer.
I suppose we can translate the above answer to something easier but still very vague like:
I was able to unlock the bootloader of my Verizon Pixel 1 (the last carrier device I bought) while it was on Android 7.10, and when updated to 7.1.1 fixed the flaw that allowed the bootloader to be unlocked. So yes, it does happen. It is wrong to generally tell those who ask about unlocking their Verizon bootloader that yes, they can since that's an unknown factor.
An alternative is giving a more complex answer, which is tedious and gets very old for how many times those with Verizon devices ask the question. So some legal-esque vague answers such as:
This is a messy answer and giving it to anyone who asks this question is probably just leading to a lot more messy answers, as surely they will then ask other questions to which we might not know the answer.
I suppose we can translate the above answer to something easier but still very vague like:
Yes, gaining temporary root on the Pixel 6 Pro with a locked bootloader via Dirty Pipe is well known. I don't believe it survives a reboot though.
But the question is, have you unlocked your bootloader? And have you also updated to the most recent security update?
Because if you have to stay on the October security patch and have to do the exploit every time you reboot, well, that's not really feasible for most.
So the real question is, can the bootloader be unlocked via Dirty Pipe, will it stay unlocked during subsequent security updates and will you be able to root thereafter.
Last edited:
There's also a new 0day floating around today.
But the point remains: Unless you can override get_unlock_ability, root probably is not enough to unlock the bootloader.
But the point remains: Unless you can override get_unlock_ability, root probably is not enough to unlock the bootloader.
Well as I said I'm no phone expert I just like doin stuff that I'm not supposed to be able to (rooting phones for example). But after hard-bricking the first pixel and returning it and bricking another one (although this one still has fastboot but apparently unlike motorolas with locked bootloaders you can't even flash a factory boot image back on via fastboot and it won't boot into recovery) and after finding out that even AT&T lets you unlock the bootloader after you've paid off the phone (which makes sense since it then becomes YOUR PHONE not AT&T's phone) I've decided to go back to AT&T and leave the unlocking of verizon bootloaders to people with college degrees...But I still believe it can definitely be done I mean if you acheive root there has to be a way to modify some data value or something to change the oem unlock to allow, I just don't know how to do it and I can't keep driving a hour to verizon and telling them my phones broke there gonna start getting susipiscous eventually, but i still firmly believe that it can be done and anyone who says it can't probably works for Verizon.
Edit:
Oh an to answer your question about system updates, usually once I root a phone an can get the bootloader unlocked I jus install lineageOS and manually add the su binary as well as the lines into init.rc an install a generic SuperUser app (not Magisk) I think its Phh Superuser so that I'll have root access. An I know someone is prolly gonna say "but how do you use apps that can detect root?" Well it took me awhile to figure that one out....But then I found frida which works like a charm on pretty much 99% of apps that try to detect root if you run it with a frida-antiroot script.
Last edited:
This whole unlock/root/jailbreak thing comes down to two things; numbers, and technology.
Technology is the easier thing to address. Some things are easier to hack than others because of the quality of the code behind it. The fruit company sells design/lifestyle, not technology, and consequently, what they sell is subject to bad code and easy exploits -- pretty, but ineffective. The stuff underlying Android is a lot more well developed and secure and this makes the job a lot harder.
But numbers is the more interesting part here. How many people HAVE non-unlockable verizon version of pixel 6 or pixel 6 pro? The answer is that its a *small* subset of the total number of people who have pixel 6 [pro]. How about how many people in total have iFruit? All of them.
But that's not all there is to it, because people, like myself, who know that they need their phone to be unlockable, will specifically buy it from NOT-verizon so that it CAN be unlocked. The result then is that you've got 10 or 20 people IN TOTAL with non-unlockable pixel 6 [pro] who want to unlock it, and everybody else really doesn't care because it doesn't help them at all since their phone is already unlocked.
Why would you buy a phone that is intended so that it can't be unlocked when you want a phone that is unlocked?
If you want to fix this problem, TELL the vendors through your wallet. Imagine if everybody refused to buy phones unless they were unlockable, then they would ALL be unlockable.
Technology is the easier thing to address. Some things are easier to hack than others because of the quality of the code behind it. The fruit company sells design/lifestyle, not technology, and consequently, what they sell is subject to bad code and easy exploits -- pretty, but ineffective. The stuff underlying Android is a lot more well developed and secure and this makes the job a lot harder.
But numbers is the more interesting part here. How many people HAVE non-unlockable verizon version of pixel 6 or pixel 6 pro? The answer is that its a *small* subset of the total number of people who have pixel 6 [pro]. How about how many people in total have iFruit? All of them.
But that's not all there is to it, because people, like myself, who know that they need their phone to be unlockable, will specifically buy it from NOT-verizon so that it CAN be unlocked. The result then is that you've got 10 or 20 people IN TOTAL with non-unlockable pixel 6 [pro] who want to unlock it, and everybody else really doesn't care because it doesn't help them at all since their phone is already unlocked.
Why would you buy a phone that is intended so that it can't be unlocked when you want a phone that is unlocked?
If you want to fix this problem, TELL the vendors through your wallet. Imagine if everybody refused to buy phones unless they were unlockable, then they would ALL be unlockable.
Pretty sure I already know the answer but I'm going to ask anyway.
I have a new in box Pro 6, from vzw sadly. Never powered it on.
Is there any possibility that I could get the bootloader unlocked prior to it connecting to a network of any kind?
Dirty pipe seems promising but there is no link between it and an unlocked vzw bootloader that I can find. Asking before I set up the device and likely kiss an unlocked bootloader goodbye for the life of this device.
I have a new in box Pro 6, from vzw sadly. Never powered it on.
Is there any possibility that I could get the bootloader unlocked prior to it connecting to a network of any kind?
Dirty pipe seems promising but there is no link between it and an unlocked vzw bootloader that I can find. Asking before I set up the device and likely kiss an unlocked bootloader goodbye for the life of this device.
Top Liked Posts
-
There are no posts matching your filters.
-
2
Not sure who this condescending, self adulating nonsense was intended for, but it certainly isn't me.1
There is none at the moment, and probably won't be for the foreseeable future. My best bet for you is to either just deal with it or resell/trade for an unlocked one.
You can do many things to compromise Android to gain root now, and certainly in the future, but it's just going to be a transient root. The attack surface of the bootloader is small, and most importantly, the knowledge is kept secret. Only Google and hardware vendors have access to the inner workings, and only Google is the one to be able to generate the unlock token for a device to allow it's bootloader to unlock itself.
You could try bruteforcing the token for a device, or the key and algorithm for all devices, but it's a numbers game with the odds so infinitesimally small for you. The number of unlock tokens is massive, more than the number of grains of sand on Earth, more than the number of stars in the universe, more than the number of stars in a billion universes. You can't bruteforce it, you're going to have to find a flaw in the bootloader. Problem is, Google has a vested interest in making sure there are no flaws, as they have already patched several of them before.
Previously you could unlock the Verizon Pixels via a flaw in the bootloader, which was patched. Later you could unlock them again along with the Verizon Pixel 2 due to an oversight on Google's part with them handing out unlock tokens, which was also patched. That's where it ended, there haven't been any exploits or oversights since.
It would be nice for an exploit to be discovered, because regardless of the differences in the unlockable variants versus the permanently locked variants, they are all going to be the same if (and a guaranteed when) Google is no longer is generating unlock tokens (read: they cease to exist or their servers go down.)
Which is actually the current situation of my Pixel 6a. It's unlockable, but I can't unlock it, because Google hasn't begun creating unlock tokens, because I got it two days before launch.1 -
9
Your insults directed at developers, and other members on Xda violate Forum Rules and are no longer welcome in the forums.
Please make sure you fully understand the following:
1) if you have a proven method to unlock the bootloader on VZW devices, open a thread, make yourself famous, and become the greatest Xda developer ever. If you can't or won't open your own thread and share your method, stop posting your self -righteous comments allover the forums.
2) if you post any further insults directed at Xda members, your account will be restricted. Xda is about sharing and developing, not smoke & mirrors and insulting other members who have actually produced tons of legit development.
No more warnings on this, check your PM.
Thanks for your cooperation.8
I seriously doubt the "60 day sim unlock" allows the bootloader to be unlocked, otherwise we'd have a ton of VZW variant threads filled with development, and devices that are 61 days old, rooted, and running custom Roms.
But we don't. We don't have even have any developers working on VZW devices, regardless of age. So deductively thinking, the "60 day sim unlock" doesn't sound like it's currently an option.
Just my .02 (USD) worth
7
That has never happened on a VZ Pixel and it is not going to happen on this one. Why is this so hard for people to understand?7
Thank you.
This same exact thread happened in the Pixel 5 forum.
He won't provide proof.
And he doesn't have to... It's that simple.
Just ignore, please.6
Incorrect. SIM unlocking is not necessarily related to bootloader unlocking. While T-Mobile (and I think AT&T) users on here have found and reported that when they achieve SIM unlocking on their variants, that they can then bootloader unlock as well, Verizon has for a very, very long time enforced bootloader lock with all their will.
The only exceptions that I've ever heard of were not by choice of Verizon, but by hacks/vulnerabilities. Such as the VS985 LG G3, there was an exploit that didn't actually bootloader unlock, but more made it so that the locked bootloader didn't really matter. On the Pixel 1, if you had the Verizon variant and were still on Android 7.10 or below, you could unlock the bootloader, but once the 7.11 OTA came out, if you hadn't already unlocked the bootloader (or at least toggled the toggle), then you were locked in until a foreign national found a hacking way to get in, but they charge for it. All this while Verizon phones have been ultimately SIM unlocked for similarly a very long time.
