Database Users

[Q] Can someone please explain the rooting on this phone to me?

I apologize if there is already a thread like this, but the search wasnt working.. I know what i can do with my phone once it is rooted, I am just interested in what happens tot he actual phone. I could be wrong, but once i root it isnt it always possible to tell that i rooted it even if i unroot it so therefor all warantees are voided? sorry if im being unclear, i cant think of another way to explain it haha.

The K-Zoo Kid said:
I apologize if there is already a thread like this, but the search wasnt working.. I know what i can do with my phone once it is rooted, I am just interested in what happens tot he actual phone. I could be wrong, but once i root it isnt it always possible to tell that i rooted it even if i unroot it so therefor all warantees are voided? sorry if im being unclear, i cant think of another way to explain it haha.
Click to expand...
Click to collapse
The language on the "warranty void" screen says that unlocking the bootloader "may" void your warranty. On the Nexus One, HTC usually honored the warranty if the issue was with anything hardware related and could not have been the result of software tampering. Granted, that's them and this is Samsung.
Further, unless there is something hidden in the system files that counts the number of times you unlock the bootloader, you can always relock it prior to sending it in for repair with fastboot oem lock.

unremarked said:
The language on the "warranty void" screen says that unlocking the bootloader "may" void your warranty. On the Nexus One, HTC usually honored the warranty if the issue was with anything hardware related and could not have been the result of software tampering. Granted, that's them and this is Samsung.
Further, unless there is something hidden in the system files that counts the number of times you unlock the bootloader, you can always relock it prior to sending it in for repair with fastboot oem lock.
Click to expand...
Click to collapse
So there is a way to kind of undo the root without them knowing? THanks a lot btw. I figured it was something like this.

The K-Zoo Kid said:
So there is a way to kind of undo the root without them knowing? THanks a lot btw. I figured it was something like this.
Click to expand...
Click to collapse
unlocking the bootloader and rooting are two different things

jblade1000 said:
unlocking the bootloader and rooting are two different things
Click to expand...
Click to collapse
Ahh i have no idea what unlocking the bootloader does then.

The K-Zoo Kid said:
Ahh i have no idea what unlocking the bootloader does then.
Click to expand...
Click to collapse
In a nutshell, unlocking the bootloader means you will be allowed to flash non-Google/custom files to the system partition and more or less enables superuser access(aka root). Once thats done, then you "root" the device, push the Superuser.apk which will enable the rooted apps. Please check out the rooted section of my stickied FAQ for more detail on how to do this if you decide to. There are two great threads I link to.
Once you lock the bootloader, you lose access to the system partition and superuser I believe which effectively unroots it.

unremarked said:
In a nutshell, unlocking the bootloader means you will be allowed to flash non-Google/custom files to the system partition and more or less enables superuser access(aka root). Once thats done, then you "root" the device, push the Superuser.apk which will enable the rooted apps. Please check out the rooted section of my stickied FAQ for more detail on how to do this if you decide to. There are two great threads I link to.
Once you lock the bootloader, you lose access to the system partition and superuser I believe which effectively unroots it.
Click to expand...
Click to collapse
So basically if you want to do any sort of mods, flash roms, etc. you need to unlock the bootload and root. Thanks a lot for explaining that. I think i understand it now, but just to clarify, if i unlock the bootloader and root will i be able to get the phone back to stock without samsung knowing that i rooted/unlock the bootloader?

The K-Zoo Kid said:
So basically if you want to do any sort of mods, flash roms, etc. you need to unlock the bootload and root. Thanks a lot for explaining that. I think i understand it now, but just to clarify, if i unlock the bootloader and root will i be able to get the phone back to stock without samsung knowing that i rooted/unlock the bootloader?
Click to expand...
Click to collapse
Yes, to mod/flash roms you need to unlock the bootloader. It's possible that sometime down the road someone may develop a method of gaining root access on the phone without touching it, but it's unlikely given the fact that we can both unlock and lock the bootloader very easily.
Right now, the answer is... more or less. If you make a NAND backup in Clockwork Recovery/Rom manager of your stock ROM, you can restore back to that, fastboot flash the closest thing we have currently to the stock recovery(check development section for this), then relock the bootloader. This will give the phone all appearances of being stock. Unless Samsung has something deep in the system files tracking the number of times you've unlocked/locked(which I doubt, since I'm sure such a system would have been found by now), you should be good to go.
Most people who have returned the phone to Best Buy have noted that they don't even power on the device or check to see if the bootloader is unlocked or if there's a custom recovery on there. But your mileage may vary.

Interesting stuff. I was under the impression that once clockworkmod is flashed there is no way to remove it at this time.
Reading this thread I'm guessing and hoping this is not the case?

I had clockworkmod installed but used rom manager to flash the 2.3.1 update and i've now got the stock bootloader back. I guess the ota update does the same? It would seem that getting back to stock is pretty easy.
Sent from my Nexus S using XDA App

xspyda said:
Interesting stuff. I was under the impression that once clockworkmod is flashed there is no way to remove it at this time.
Reading this thread I'm guessing and hoping this is not the case?
Click to expand...
Click to collapse
My apologies, I posted that before I came to the same understanding regarding the stock recovery.
Like the poster above me mentioned there is a NAND backup of stock 2.3.1 you could restore to which has the stock recovery.
Sent from my Nexus S using XDA App

Thanks for the clarification. I'll do some more reading in the dev section

Thanks a lot, this really helped me out a lot. I will proceed to rooting

So, just want to make sure I have this straight... You unlock the bootloader, load custom recovery, SU, and now phone is rooted. If you lock the bootloader, you lose root?
For me, I'm not big on custom roms since I just don't have time to keep things up to date or participate in the bug process, but I do like to maintain backups with Titanium (my primary reason for rooting). So by locking the bootloader down I will not be able to use Titanium. Furthermore, unlocking the bootloader wipes the device. So is there a reason one would not want to keep the bootloader unlocked? Have I completely misunderstood the system?

[WARNING] Do NOT Downgrade Your Bootloader or Partition Table - You Risk Bricking!!!

BEFORE YOU COMMENT ON THIS THREAD - PLEASE READ THIS POST AND UNDERSTAND WHAT THE DIFFERENCE IS BETWEEN THE BOOTLOADER, PARTITION TABLE, SYSTEM AND KERNEL/RAMDISK!!!!
This post is not about downgrading from lollipop to kit kat in general. It is SPECIFICALLY about and it is ONLY about downgrading the BOOTLOADER (motoboot.img) and the PARTITION TABLE (gpt.bin). The system (system.img) and kernel/ramdisk (boot.img) are NOT the subject of this thread. If you don't understand the difference b/t the bootloader, partition table, system and kernel/ramdisk, then please refrain from posting on this thread and simply read until you understand the difference.
Please do not comment if you do not even know the version of the bootloader you are running b/c you have nothing substantive to contribute then. If you know the version of the bootloader you are running now and know what it was before you upgraded and after you downgraded, great, please let us all know your experience. But if you don't, AGAIN, you have nothing of value to contribute to this thread.
The Moto X 2014 is not a Nexus device - you CANNOT safely downgrade your bootloader (motoboot.img) or partition table (gpt.bin). You risk bricking if you do, especially if you downgrade the bootloader!!!
You need to understand what you are flashing. If you don't understand what you are flashing, read and ask questions before you flash until you do understand what you are flashing. You also need to know what version of the bootloader you currently have before you flash.
Also, you should not attempt to have a bootloader-partition table mismatch in terms of versions. Both your bootloader and your partition table should be the same version - i.e., if your bootloader is the 5.0 bootloader, your partition table should be the 5.0 partition table.
Edited - it looks like mfastboto and maybe even regular fastboot have checks in them to prevent a bootloader or partition table downgrade. However, the OTA updater scripts may or may not have sufficient checks in them to prevent bricking if you have previously upgraded then downgraded the system/kernel/radios and then attempted to take an OTA. For instance, people have reported bricking after flashing to 5.1 then downgrading system/kernel/radios to 4.4.4 then taking the 5.0 OTA = brick.

I've seen alot of stuff about that in the threads. Are you saying that you can't downgrade back to 5.0 or 4.4? Cause I have successfully flashed back to stock KitKat from the 5.1 soak several times. Even flashing partition and motoboot. It just downgraded the tz.
Sent from my XT1095

dustin_b said:
I've seen alot of stuff about that in the threads. Are you saying that you can't downgrade back to 5.0 or 4.4?
Click to expand...
Click to collapse
I am saying exactly what I said in the OP - you can't safely downgrade your bootloader or partition table. And you can't have a bootloader/partition table version mismatch. There are rare exceptions to that like the one for the MX13 that jcase used to root 4.4.
dustin_b said:
Cause I have successfully flashed back to stock KitKat from the 5.1 soak several times. Even flashing partition and motoboot. It just downgraded the tz.
Click to expand...
Click to collapse
Did you use RSDLite to flash motoboot.img and gpt.bin? If so, like I said in the OP, it has checks built into it and it will prevent you from downgrading your bootloader and partition table. mfastboot may have the same checks built in, idk, but I don't think fastboot from the SDK does and that is where people are getting into trouble.
What did you use to flash?
Also, can you post a video showing you doing this w/o bricking? Show your BL version on 5.1, which from what has been reported is 60.14, and then flash the 5.0 BL, which is 60.1 1 and show us that you were able to downgrade your bootloader back to 60.11 w/o bricking. Then once you do that, downgrade the bootloader down to 4.4.4 (I am not sure what the version number is, but once you successfully downgrade you can tell us).
The Q&A forum is littered with people who bricked their devices when they attempted to downgrade their bootloaders.
I think people would be foolish to believe that it is safe to downgrade the bootloader of a Moto X given all the bricks unless you post some proof it is safe.

It might be awhile before I could do a video but I just used fastboot from the SDK. I don't know if it actually downgrades the bootloader. Maybe just the trust zone. I've never actually checked. I wonder if people have noticed but on the 5.1 soak you have to go into developer options and check OEM unlocking now.
Sent from my XT1095

In the past when I downgraded to KK from 5.0, if I tried to flash the old bootloader, it would simply fail to flash. It never bricked. I have also flashed the gpt from KK when downgrading in the beginning. It flashed fine and didn't brick. I don't flash gpt now that I know what it is but the first few times I downgraded, I did flash it.
Edit: I always used fastboot/mfastboot. I can't get RDSLite to detect my Moto X. MDM doesn't detect it either.

dustin_b said:
It might be awhile before I could do a video but I just used fastboot from the SDK. I don't know if it actually downgrades the bootloader. Maybe just the trust zone. I've never actually checked.
Click to expand...
Click to collapse
Honestly, I would not try this as there is no reason to do it. It is dangerous and it doesn't provide any benefit. If you don't believe me that it it dangerous, read on the Q&A forums when people ask for help after bricking their devices - almost always they were attempting a bootloader or partition table downgrade when they bricked. It is just not worth it IMO. You do what you want of course as you seem to believe it is possible but it is not something I would do.
dustin_b said:
I wonder if people have noticed but on the 5.1 soak you have to go into developer options and check OEM unlocking now.
Click to expand...
Click to collapse
That is how it is on the Nexus 6 too.

walrusmonarch said:
In the past when I downgraded to KK from 5.0, if I tried to flash the old bootloader, it would simply fail to flash. It never bricked.
Click to expand...
Click to collapse
why some people get a failed flash and others get a brick, idk, but all you have to do is read on the Q&A forums how many people brick attempting to downgrade the BL and/or PT.

JulesJam said:
why some people get a failed flash and others get a brick, idk, but all you have to do is read on the Q&A forums how many people brick attempting to downgrade the BL and/or PT.
Click to expand...
Click to collapse
Yeah, I've seen people brick it that way. I think I just got lucky the few times I have done it

walrusmonarch said:
I have also flashed the gpt from KK when downgrading in the beginning. It flashed fine and didn't brick. I don't flash gpt now that I know what it is but the first few times I downgraded, I did flash it.
Edit: I always used fastboot/mfastboot. I can't get RDSLite to detect my Moto X. MDM doesn't detect it either.
Click to expand...
Click to collapse
I just don't see why it is ever necessary to mess with the BL or PT. System, recovery, radios, kernel, sure I see why you would do that. If downgrading your BL or PT doesn't provide any benefit to you, why do it?

JulesJam said:
I just don't see why it is ever necessary to mess with the BL or PT. System, recovery, radios, kernel, sure I see why you would do that. If downgrading your BL or PT doesn't provide any benefit to you, why do it?
Click to expand...
Click to collapse
I agree with you. I did it mostly because I didn't know what the heck I was doing back then. I was just flashing away hoping everything would work

walrusmonarch said:
I agree with you. I did it mostly because I didn't know what the heck I was doing back then. I was just flashing away hoping everything would work
Click to expand...
Click to collapse
My first device was a Nexus (GNex) so I flashed with abandon w/o knowing what I was doing and never bricked. When I got my Moto X 2013, I went to the MX13 XDA forum and started to read and am damn glad I did b/c I would have never known. There were tons of people who bricked trying to downgrade. I am sure Motorola had to do a lot of warranty replacements for this reason. Really, there should have been more checks that would prevent bricking and the flash would just fail. There weren't though except with RSDLite. IMO Motorola deserved having the added cost of these warranty replacements.
Hopefully, Motorola has built more checks into the system now where the flash will fail rather than bricking the device, but clearly whatever they have done isn't enough. Again, idk why some people report being able to do this and others end up with bricks, but I don't see the need to do it at all and until it becomes universally safe to do this across the board every time, I wouldn't do it.

JulesJam said:
My first device was a Nexus (GNex) so I flashed with abandon w/o knowing what I was doing and never bricked. When I got my Moto X 2013, I went to the MX13 XDA forum and started to read and am damn glad I did b/c I would have never known. There were tons of people who bricked trying to downgrade. I am sure Motorola had to do a lot of warranty replacements for this reason. Really, there should have been more checks that would prevent bricking and the flash would just fail. There weren't though except with RSDLite. IMO Motorola deserved having the added cost of these warranty replacements.
Hopefully, Motorola has built more checks into the system now where the flash will fail rather than bricking the device, but clearly whatever they have done isn't enough. Again, idk why some people report being able to do this and others end up with bricks, but I don't see the need to do it at all and until it becomes universally safe to do this across the board every time, I wouldn't do it.
Click to expand...
Click to collapse
Yeah, my first android device was a N7 (2012). I flashed away at it like crazy. Sometimes multiple times a day... I guess I just had that same mentality when I started trying to flash the Moto X... It is a good idea to read before flashing. I've been trying out Windows phone recently and managed to flash a rom on my lumia 635 without bricking. I barely read anything, and I probably just got lucky again...
RSDLite seems convenient. I wish I could get it to work for me, along with MDM. Sigh... oh well.

walrusmonarch said:
RSDLite seems convenient. I wish I could get it to work for me, along with MDM. Sigh... oh well.
Click to expand...
Click to collapse
The only thing with RSDLite if you don't want your data overwritten, you have to edit the xml file.
As far as the driver issue, you can try downloading the drivers from root junky's site to see if you can install them that way.
http://rootjunkysdl.com/?device=Android Drivers&folder=Motorola

JulesJam said:
The only thing with RSDLite if you don't want your data overwritten, you have to edit the xml file.
As far as the driver issue, you can try downloading the drivers from root junky's site to see if you can install them that way.
http://rootjunkysdl.com/?device=Android Drivers&folder=Motorola
Click to expand...
Click to collapse
Yep, I have tried those too. No luck. I have at least got fastboot and adb working fine, so its not so bad. Thanks for trying to help!

OK, I changed the title from stating "you will brick" to "you risk bricking".

JulesJam said:
Honestly, I would not try this as there is no reason to do it. It is dangerous and it doesn't provide any benefit. If you don't believe me that it it dangerous, read on the Q&A forums when people ask for help after bricking their devices - almost always they were attempting a bootloader or partition table downgrade when they bricked. It is just not worth it IMO. You do what you want of course as you seem to believe it is possible but it is not something I would do.
Click to expand...
Click to collapse
Ok, so after attempting again I have discovered a couple of things. First, I had to use the fastboot commands from withn the mfastboot folder. I did not use mfastboot commands though. Secondly, it doesnt actually downgrade the bootloader. I think it just downgrades the tz (there is a message about this on the fastboot screen). It did not brick though and I have done this multiple times. But it obviously doesnt make a difference so I'm with you. No one should try this at the risk of bricking their device! My apologies to you @JulesJam. I wasn't trying to be offensive but just thought I would throw it out there since I thought I had done it before. I am far from an expert on these things especially fastboot cause I was on Galaxy devices before this so i never had to use it. I'm kind of like the other guy I have always went by another guide on returning to stock and just thought it should be that way. So again, DO NOT DO THIS AT THE RISK OF BRICKING YOUR PHONE:good:

dustin_b said:
Ok, so after attempting again I have discovered a couple of things. First, I had to use the fastboot commands from withn the mfastboot folder. I did not use mfastboot commands though.
Click to expand...
Click to collapse
I am not sure what you mean fastboot commands w/in the mfastboot folder. Mfastboot
is just motorola's version of fastboot that allows the system image to be flashed as a single image file instead of being broken down into chunks. Unless you manually rename it, it is called fastboot, however some people have manually renamed it and then uploaded it in a zip file and you can find links to it online. I manually renamed mine mfastboot.exe so as to avoid confusion with fastboot.exe from the SDK.

dustin_b said:
I was on Galaxy devices before this so i never had to use it. I'm kind of like the other guy I have always went by another guide on returning to stock and just thought it should be that way. So again, DO NOT DO THIS AT THE RISK OF BRICKING YOUR PHONE:good:
Click to expand...
Click to collapse
Did you use ODIN before? I think RSDLite is similar to ODIN but since I have never used ODIN I don't really know.
But yes, what Samsung does and what Motorola does wrt the bootloaders is completely different as the bootloaders are proprietary. I am just glad to see that there are more checks now than there used to be that prevent you from downgrading at least some of the time.
There are some very sad people on the Q&A forum right now searching for the signed binary files to restore their bootloaders but those have to be leaked and so far, they do not seem to be anywhere accessible by outsiders.

I've done it loads of times too. Everytime I tried to flash back the gpt or motoboot, it just failed (was trying to relock bootloader, never would let me), normal fastboot. Also with the newest version of fastboot it can flash the system files, no need to use mfastboot at all anymore.

nbell13 said:
I've done it loads of times too. Everytime I tried to flash back the gpt or motoboot, it just failed (was trying to relock bootloader, never would let me), normal fastboot.
Click to expand...
Click to collapse
Yeah, again I can't explain why some people just get a failure and others get a brick, but on the Q&A forum you will see there are those who brick attempting to downgrade.
nbell13 said:
Also with the newest version of fastboot it can flash the system files, no need to use mfastboot at all anymore.
Click to expand...
Click to collapse
Last time I tried the latest version of fastboot, it cannot flash the single file system.img. It can flash the system if it is broken down into chunks. So if you are using the fxz with the single system.img, you have to use mfastboot last I checked.

Stuck on Google Logo, Can't Unlock Bootloader

Hey there.
So I tried to use the Nexus Root Toolkit to sideload the OTA, but now when I try to boot my phone it just shows the white google screen and doesn't do anything. I can use ADB and fastboot and get into the bootloader but I can't flash the factory image because I never checked the "Allow OEM Unlock" tick since I didn't plan on unlocking the bootloader. Can anyone help me out here?

Durvid said:
Hey there.
So I tried to use the Nexus Root Toolkit to sideload the OTA, but now when I try to boot my phone it just shows the white google screen and doesn't do anything. I can use ADB and fastboot and get into the bootloader but I can't flash the factory image because I never checked the "Allow OEM Unlock" tick since I didn't plan on unlocking the bootloader. Can anyone help me out here?
Click to expand...
Click to collapse
This is exactly why you should never mess with updates or flashing anything with a locked bootloader. If a factory reset doesn't fix it you're likely out of luck.

if your bootloader is locked still I can't see how flashing an OTA would effect this.
Have you tried to flash just the original bootloader from the android version on your device ( not the version you wish to update to )
Fastboot flash bootloader bootloader.img
DON'T USE A TOOL KIT ! UNLESS YOU KNOW WHAT YOU ARE DOING ! There where clear instructions on how to flash OTA's on this site and likely in the toolkit.
Unfortunately this is a case of NOT reading before doing things, I have yet to see anyone recover from this.
Best of luck tho, but it might be a lesson learned the hardway a.k.a RMA

hutzdani said:
if your bootloader is locked still I can't see how flashing an OTA would effect this.
Have you tried to flash just the original bootloader from the android version on your device ( not the version you wish to update to )
Fastboot flash bootloader bootloader.img
DON'T USE A TOOL KIT ! UNLESS YOU KNOW WHAT YOU ARE DOING ! There where clear instructions on how to flash OTA's on this site and likely in the toolkit.
Unfortunately this is a case of NOT reading before doing things, I have yet to see anyone recover from this.
Best of luck tho, but it might be a lesson learned the hardway a.k.a RMA
Click to expand...
Click to collapse
I'll attempt this. Weirdly enough when I look at device info in adb it shows it as being on the newest version. But Yeah I'll attempt to flash what I was on before.
Yeah, I mean I've done this before with no issues on my Nexus 6 and there were no issues but that was unlocked when I got it. I just thought you didn't have to unlock the bootloader to sideload OTA's? I may be wrong.

hutzdani said:
if your bootloader is locked still I can't see how flashing an OTA would effect this.
Have you tried to flash just the original bootloader from the android version on your device ( not the version you wish to update to )
Fastboot flash bootloader bootloader.img
Click to expand...
Click to collapse
Yeah like I thought, "Device is locked. Cannot Flash Images"
I wish I had known they added that "Allow OEM Unlock" Switch in Lollipop. Would have solved my problem if I had that toggled.

Durvid said:
Yeah like I thought, "Device is locked. Cannot Flash Images"
I wish I had known they added that "Allow OEM Unlock" Switch in Lollipop. Would have solved my problem if I had that toggled.
Click to expand...
Click to collapse
You just said you had a nexus 6 unlocked, how did you not know the switch existed?

hutzdani said:
if your bootloader is locked still I can't see how flashing an OTA would effect this.
Have you tried to flash just the original bootloader from the android version on your device ( not the version you wish to update to )
Fastboot flash bootloader bootloader.img
DON'T USE A TOOL KIT ! UNLESS YOU KNOW WHAT YOU ARE DOING ! There where clear instructions on how to flash OTA's on this site and likely in the toolkit.
Unfortunately this is a case of NOT reading before doing things, I have yet to see anyone recover from this.
Best of luck tho, but it might be a lesson learned the hardway a.k.a RMA
Click to expand...
Click to collapse
akellar said:
You just said you had a nexus 6 unlocked, how did you not know the switch existed?
Click to expand...
Click to collapse
I bought it used on /r/hardwareswap and whoever I got it from had already unlocked it.

I know someone advised you to try to flash a bootloader, but it isn't going to work of your bootloader is locked. What build were you on and which OTA zip did you try to flash?

Heisenberg said:
I know someone advised you to try to flash a bootloader, but it isn't going to work of your bootloader is locked. What build were you on and which OTA zip did you try to flash?
Click to expand...
Click to collapse
I started on 6.0 MDB08L and was trying to flash 6.1 MMB29M

Durvid said:
I started on 6.0 MDB08L and was trying to flash 6.1 MMB29M
Click to expand...
Click to collapse
OK, but I need the name of the zip please.

Heisenberg said:
OK, but I need the name of the zip please.
Click to expand...
Click to collapse
Sorry, it's
533df5ddfa4297997634a8553f0122be5cca4c09.signed-angler-MMB29M-from-MDB08L.zip.
Grabbed it from here: https://www.reddit.com/r/Nexus6P/comments/3w6qzd/easy_how_to_sideload_ota_601/

Durvid said:
Sorry, it's
533df5ddfa4297997634a8553f0122be5cca4c09.signed-angler-MMB29M-from-MDB08L.zip.
Grabbed it from here: https://www.reddit.com/r/Nexus6P/comments/3w6qzd/easy_how_to_sideload_ota_601/
Click to expand...
Click to collapse
OK, just needed to make sure you had the right one. What have you done to troubleshoot so far?

Heisenberg said:
OK, just needed to make sure you had the right one. What have you done to troubleshoot so far?
Click to expand...
Click to collapse
I've tied to flash stock, but can't do that due to the bootloader being locked, tried to just hard reset but it just does the same thing where it gets stuck on the Google logo. I checked the manufacture info in the toolkit and everything is clean. Tried to flash the old bootloader but like you said I can't flash since I'm locked. Not really sure what else to do :/

Durvid said:
I've tied to flash stock, but can't do that due to the bootloader being locked, tried to just hard reset but it just does the same thing where it gets stuck on the Google logo. I checked the manufacture info in the toolkit and everything is clean. Tried to flash the old bootloader but like you said I can't flash since I'm locked. Not really sure what else to do :/
Click to expand...
Click to collapse
Honestly, I think you're pretty much screwed unfortunately. You could talk to Google support and see if they'll RMA the phone.

Heisenberg said:
Honestly, I think you're pretty much screwed unfortunately. You could talk to Google support and see if they'll RMA the phone.
Click to expand...
Click to collapse
Yeah I think they would do it since I technically didn't void any warrantys or anything. I appreciate the help. What do I need to make sure to do if I do this again in the future? Definitely "Allow OEM Unlock", and do I have to unlock the bootloader? I was under the impression that you didn't have to to flash an OTA.

Durvid said:
Yeah I think they would do it since I technically didn't void any warrantys or anything. I appreciate the help. What do I need to make sure to do if I do this again in the future? Definitely "Allow OEM Unlock", and do I have to unlock the bootloader? I was under the impression that you didn't have to to flash an OTA.
Click to expand...
Click to collapse
Definitely unlock the bootloader, it isn't needed to flash an update via the stock recovery, but it is needed to get out of sticky situations like this. If your bootloader was unlocked now you'd be up and running in ten minutes.

Durvid said:
Sorry, it's
533df5ddfa4297997634a8553f0122be5cca4c09.signed-angler-MMB29M-from-MDB08L.zip.
Grabbed it from here: https://www.reddit.com/r/Nexus6P/comments/3w6qzd/easy_how_to_sideload_ota_601/
Click to expand...
Click to collapse
Hilarious that the top comment is mine telling you why doing this is a bad idea

Heisenberg said:
Definitely unlock the bootloader, it isn't needed to flash an update via the stock recovery, but it is needed to get out of sticky situations like this. If your bootloader was unlocked now you'd be up and running in ten minutes.
Click to expand...
Click to collapse
Yeah, I'll probably wait for the update over the air for a while and maybe if I feel reallly eager I'll just make sure I unlock and such. Annoying that you can't unlock via fastboot anymore without that toggle. I get that Google is trying to make Android super secure but It's not too useful for folks like us. Sure it's bricked a lot of devices.

akellar said:
Hilarious that the top comment is mine telling you why doing this is a bad idea
Click to expand...
Click to collapse
I've done it before with other devices. I wouldn't say it's inherently bad. It's just that there was one toggle that I wasn't aware of that caused the issue. You live and you learn.

THIS IS NOT MY IDEA !
I found this in a N9 thread and it worked according to the user with the issue, apply this with the correct t factory image ( do it with the version you have on your device not the one you tried to update to ! )
This might not work but its worth a try ! Before doing this read about ADB and Fastboot !!!!!!!!!!!!!!!! Try and understand the basics and know what the commands are doing to help backtrack e.C.t
If it does work - go to settings and allow OEM Unlock and USB debug !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Then go read from reputable sources how to flash images manually via adb !!!!!!!!!!!!!!!!!!!!!!!
I'd follow vomers guides.
Had this problem with another device cool thing to remeber is that on locked devices the only thing that is different is that there is a signature before the MAGIC header so the solution is to pull the android stock images from https://developers.google.com/android/nexus/images. Once done extract the images in both the zip and the tar that is inside the zip. You will see recovery.img inside the tar. One thing about the boot process of TWRP is that it enables adb in preboot meaning while in the boot loop you should have access to adb. With access to adb all you need to do is dd the images over the corresponding partitions: i.e.
PLEASE NOTE NOT FOR THE FEINT OF HEART. I AM NOT RESPONSIBLE FOR YOU BRICKING YOUR DEVICE.
Quote:
adb push recovery.img recovery.img
adb shell dd if=recovery.img of=/dev/block/<recoverymmcblock>
I dont know if the default recovery has adb push update so id probably recommend doing this on every partition thats inside the tar, i.e. system, boot.

Potential way to unlock bootloader?

Since we are using engboot, write protection seems to be off, so it appears you can use dd to write to normally write protected partitions such as the bootloaders (ex: "dd if=/sdcard/aboot of=/dev/block/sdd10"). In my testing I was successfully "dd" a backed up aboot (secondary bootloader) partition and also write to the modem partition and have it stick (which means write protection should be off akaik). If you were to "dd" the Chinese bootloaders, you might be able to flash and re-partition onto the Chinese firmware and then use the CROM service to unlock the bootloader from there. I personally don't know too much about this type of stuff and haven't tried to actually "dd" the Chinese bootloader, but for those more knowledgeable, could this potentially work?
Partitions likely needed are:
- rpm (Resource and Power Manager / Primary Bootloader) located at /dev/block/sdd1 (/dev/block/bootdevice/by-name/rpm)
- aboot (AP Bootloader / Secondary Bootloader) located at /dev/block/sdd10 (/dev/block/bootdevice/by-name/aboot)
- xbl (Extended Bootloader) located at /dev/block/sdb1 (/dev/block/bootdevice/by-name/xbl)
- ? located at /dev/block/sdc1
Modifying the bootloader is dangerous and could permanently brick your device. I take no responsibility if you try this and it breaks your device.
Edit 5: Additional Details

qwewqa said:
Since we are using engboot, write protection seems to be off, so it appears you can use dd to write to normally protected partitions (ex: "dd if=/sdcard/aboot of=/dev/block/sdd10"). In my testing I was successfully dd a backed up aboot (secondary bootloader) partition and also write zeros to the modem partition and have it stick (which means write protection should be off). If you were to dd a Chinese bl/ap, you might be able to flash/re-partition onto the Chinese firmware and then use the CROM service to unlock the bootloader from there. I personally don't know too much about and haven't tried to actually dd the Chinese bootloader, but for those more knowledgeable, would this work?
Edit: Modem partition sticks after reboot.
Click to expand...
Click to collapse
@Binary100100 you probably know somebody that knows little bit more about this, tell them to check it out

Magnifik81 said:
@Binary100100 you probably know somebody that knows little bit more about this, tell them to check it out
Click to expand...
Click to collapse
Nope. Don't know anyone specific.

Wish I had the $175 for my insurance deductible, I'd give it a try. All in all, it should work. The hardware is the same.

thescorpion420 said:
Wish I had the $175 for my insurance deductible, I'd give it a try. All in all, it should work. The hardware is the same.
Click to expand...
Click to collapse
Well, if it WORKS, I'm sure the bounty on unlocking the bootloader is a lot higher than $175! ?

DOMF said:
Well, if it WORKS, I'm sure the bounty on unlocking the bootloader is a lot higher than $175!
Click to expand...
Click to collapse
Lets start a thread . . . I am willing to contribute $25.00 :good: into a pool with others here at XDA to the developer who can produce an unlocked bootloader that is rooted with a decent rom that works great and better than stock, something that will fix all of the untold bugs and address the known issues.
Anyone else?

serendipityguy said:
Lets start a thread . . . I am willing to contribute $25.00 :good: into a pool with others here at XDA to the developer who can produce an unlocked bootloader that is rooted with a decent rom that works great and better than stock, something that will fix all of the untold bugs and address the known issues.
Anyone else?
Click to expand...
Click to collapse
$25? Hell think about how much we spend on the phone itself and bill every month.. I'd easily pledge $100 for an unlocked bootloader with twrp support.
That's the 1 thing I don't understand.. this is the most highly sought after phone right now with 0 developer support. I understand the limitations with the locked bootloader but other phones have overcome the same through the works of various motivated individuals. There is no one even interested in trying it seems on ANY carrier forum. Instead we have countless threads with people more interested in getting the nougat update early which will hardly provide anything useful compared to an unlocked bootloader with working root.

serendipityguy said:
Lets start a thread . . . I am willing to contribute $25.00 :good: into a pool with others here at XDA to the developer who can produce an unlocked bootloader that is rooted with a decent rom that works great and better than stock, something that will fix all of the untold bugs and address the known issues.
Anyone else?
Click to expand...
Click to collapse
"Start?" It was started ages ago and it thousands of dollars. https://forum.xda-developers.com/tmobile-s7-edge/how-to/bounty-unlocked-bootloader-s7edge-t3339857

bdvince said:
$25? Hell think about how much we spend on the phone itself and bill every month.. I'd easily pledge $100 for an unlocked bootloader with twrp support.
That's the 1 thing I don't understand.. this is the most highly sought after phone right now with 0 developer support. I understand the limitations with the locked bootloader but other phones have overcome the same through the works of various motivated individuals. There is no one even interested in trying it seems on ANY carrier forum. Instead we have countless threads with people more interested in getting the nougat update early which will hardly provide anything useful compared to an unlocked bootloader with working root.
Click to expand...
Click to collapse
Root right now is just too impractical for most people. I'm still rooted, but for most people it isn't worth the hassle and trade-offs, for many it's worse than stock. I think most people who are really into root probably switched devices. Switching to android N could actually prevent bootloader unlock in this way, unless root for N comes out. That is if this unlock method could actually work, hard to say without anyone experienced in bootloaders and write protection though.

I'd like to find someone with a sm-g9350 to DD a dump of sdd10.

thescorpion420 said:
I'd like to find someone with a sm-g9350 to DD a dump of sdd10.
Click to expand...
Click to collapse
Sdd1 is the primary bootloader, probably also necessary.

Came to the realization that the Chinese bootloader is v2 where all US models are v4. I'd imagine the Chinese nougat update will make it v4, so we wait to try.

Don't want to a be downer or anything but I'm pretty sure you can't just replace the bootloader, even if write protection is off on the Eng kernel. Even if you did replace it you'll have probably bricked your phone.
Sent from my SM-G935T using Tapatalk

dogredwing1 said:
Don't want to a be downer or anything but I'm pretty sure you can't just replace the bootloader, even if write protection is off on the Eng kernel. Even if you did replace it you'll have probably bricked your phone.
Click to expand...
Click to collapse
The thinking is that since the devices are virtually the same hardware wise, there is a chance the bootloader could be replaced. I do agree that there is a good chance of hard bricking though. I haven't done any testing other than apparently successfully dding a backed up version of the same bootloader.

If I wasn't on nougat I would try it if someone posted instructions and devs confirmed the directions are correct..
Sent from my SM-G935T using Tapatalk

I was actually playing with the bootloader, and found this thread when I went to post. I'm going to be pulling fastboot commands also to see if I can find anything interesting. I'm tired of not being able to use a custom kernel

My device is on nougat. Bit I can easily downgrade and test if someone has a rock solid idea. I don't mind bricking as the device has a cracked screen and I have my s6 edge plus to use until the s8 drops...
Sent from my SM-G935T using Tapatalk

Count me in as well!
I have a theory that we can open the BL file in WinRAR and extract the rpm.mbn file from G9350 odin file,
and flash to our device. But I cannot determine which one is for aboot. I have not tested this yet.

aaron007 said:
Count me in as well!
I have a theory that we can open the BL file in WinRAR and extract the rpm.mbn file from G9350 odin file,
and flash to our device. But I cannot determine which one is for aboot. I have not tested this yet.
Click to expand...
Click to collapse
What I know is:
RPM = Resource and Power Manager = Primary Bootloader
ABoot = AP Bootloader = Secondary Bootloader
I believe the boot process is "RPM > ABoot > boot.img (Main OS)", so both the rpm and aboot file would be needed. Also I think the partition layout in the Chinese version is slightly different, so a flash and repartition would be needed after replacing bootloader to actually root. I don't know what the chances success are though, the devices are virtually the same hardware wise, and the Chinese rom with the U.S. bootloader works according to the Verizon fourm, but there is a chance there are other differences what might prevent this from working.
Flippy125 said:
I was actually playing with the bootloader, and found this thread when I went to post. I'm going to be pulling fastboot commands also to see if I can find anything interesting. I'm tired of not being able to use a custom kernel
Click to expand...
Click to collapse
Isn't fastboot disabled on the s7. Also, were your results the same?

qwewqa said:
What I know is:
Isn't fastboot disabled on the s7. Also, were your results the same?
Click to expand...
Click to collapse
Yes, found that out when I started playing with it more. I'm currently reading sdd10 line by line. I did find an entry "Device is unlocked! Skipping verification...". I'm starting to think we need to look into recovery-side exploits. I'm too scared to try and mess with the bootloader too much.
EDIT: If we can find a way to get fastboot working, possibly piggybacking off of Odin, I found a command written in the aboot code 'fastboot oem unlock-go'
EDIT2: Using that command requires some sort of key. May be a dead end.
EDIT3: I'd be willing to test modifying the recovery image to see if it triggers the bootloader's hash checking. If anything, this could lead to writing a custom boot image that would open TWRP.

How to get a fastboot console in bootloader

Hey guys, I found this quick and tidy way to get a fastboot console inside the bootloader. You can use it to do stuff like "fastboot format (partition)", etc.
GUIDE:
Go to fastboot mode on your Pixel XL
Open a CMD on the computer in fastboot directory and write in "fastboot flash bootloader pixelcustombootloader.img" (make sure the bootloader is in the directory or else it will not flash!)
Download: s000.tinyupload.com/index.php?file_id=44700284262726497364
Note: I am NOT responsible if this screws up anything.
Also I do NOT know if theres and copyright trouble with this, if there is, Mods go take this down.

I wonder if this is the bootloader that was seen in screenshots that was used to downgrade a Verizon pixel to unlock it?

DR3W5K1 said:
I wonder if this is the bootloader that was seen in screenshots that was used to downgrade a Verizon pixel to unlock it?
Click to expand...
Click to collapse
If the bootloader is locked you can't flash anything or boot anything that isn't signed by Verizon/Google/whoever.
As far as I know there's never been a downgrade workaround available where pixel8 wasn't patched, but could be wrong.

bobbarker2 said:
If the bootloader is locked you can't flash anything or boot anything that isn't signed by Verizon/Google/whoever.
As far as I know there's never been a downgrade workaround available where pixel8 wasn't patched, but could be wrong.
Click to expand...
Click to collapse
There was a guy positing pictures of someone from a cell phone shop where he was recording the procedure that they did to his phone it was a signed bootloader that allowed him to downgrade for an unlock. It was labeled HTC which people thought was weird.

DR3W5K1 said:
There was a guy positing pictures of someone from a cell phone shop where he was recording the procedure that they did to his phone it was a signed bootloader that allowed him to downgrade for an unlock. It was labeled HTC which people thought was weird.
Click to expand...
Click to collapse
Eh.. 3rd party pictures that don't come with a detailed "how to" are 99% BS or marketing.
Like I said I'm not all knowing but I'm pretty in touch with the goings-ons of the pixel and have never heard of a downgrade method for a locked bootloader.
If this shop has a private method of doing so then they sure as hell wouldn't let someone take pictures of the process.

Yea like u said the guy said they were spy shots that he snuck in. Probably bs like you said. I could careless for myself my Verizon pixel is unlocked. Feel bad for those stuck locked though. Wishful thinking I suppose.

Yeah, don't flash your bootloader with anything other than stock google imgs. If your bootloader is messed up, how do you get into fastboot to fix it? Can't change slots either afaik.

Thanks for sharing, this has loads of potential - could be used on-the-go to temporarily recover from the freeze/reboot glitch (flashing stock images tends to lower the probability of the glitch for a day or two), plus we could actually have tetherless TWRP support for Oreo with this as you could use it to fastboot boot the TWRP boot img.
That being said, I'm reluctant to flash a random bootloader on my phone with no info on where it came from. Did you make this? If so is it a patched version of the most recent bootloader? If not, where'd you find it? We need more info.