Related
DAN ROSENBERG HAS FOUND AN EXPLOIT TO UNLOCK THE MOTO X (AND OTHER DEVICES) BOOTLOADER!!!
Will he release it? Your guess is as good as mine...
Per jcase: Support to be added soon to "Sunshine" unlock app for Moto devices!
jcase said:
Motorola support is yet to be added to the version on the site, stay tuned (and dont update your phones)
Click to expand...
Click to collapse
DO NOT UPDATE YOUR DEVICE OR TAKE ANY OTAS IN THE MEANTIME!!!!!
EDIT 9/22/14: Unlock now available for Droid Maxx, Mini, Ultra, and THE MOTO X!!!
Find the tool at http://theroot.ninja
Cost is $25 per device. Works on 4.4.3 and BELOW, and *some* 4.4.4. You have to try the app to find out. You do NOT pay unless the tool confirms compatibility.
EcHoFiiVe said:
AN EXPLOIT HAS BEEN FOUND BY DAN ROSENBERG EVERYONE.
Sent from my XT1058 using XDA Free mobile app
Click to expand...
Click to collapse
EcHoFiiVe said:
He officially unveiled it at the Black Hat conference
Sent from my XT1058 using XDA Free mobile app
Click to expand...
Click to collapse
samwathegreat said:
AMAZING NEWS!!! Thanks!!!!! I'm researching this now, and will post here as soon as more info is found. THANK YOU FOR THE HEADS UP!!!!!
EDIT: Confirmation posted to REDDIT, HERE: http://www.reddit.com/r/Android/comments/2csyiq/
Click to expand...
Click to collapse
Lots of interest in the Moto X forums.........none here???
Well, when I entered this thread my opinion was "WTF, again, what chance this guy has against Motorola cryptography?" BUT, why not? There is nothing can be gathered from my unlock code, except my IMEI (reverse calculate from the unlock token or database match - both of which are unlikely) which could be used by Moto to re-lock my BL but if they wanted to, they would've done it with the latest update.
I'm going with it!
Good luck, @samwathegreat
CrazyRussianXDA said:
Well, when I entered this thread my opinion was "WTF, again, what chance this guy has against Motorola cryptography?" BUT, why not? There is nothing can be gathered from my unlock code, except my IMEI (reverse calculate from the unlock token or database match - both of which are unlikely) which could be used by Moto to re-lock my BL but if they wanted to, they would've done it with the latest update.
I'm going with it!
Good luck, @samwathegreat
Click to expand...
Click to collapse
Thanks. Keep in mind, we are NOT attempting to crack Moto's cryptography, as I well know that this isn't possible (in my lifetime, at least). Instead, we are trying to find if a single code has successfully unlocked more than one device. There isn't any proof, based on Dan Rosenburg's (author of the Razr M Bootloader Exploit) analysis of the "token validation" logic, that the code is based on the IMEI.....although it COULD be the case. This whole thing is quite the mystery - especially the "China Middleman" aspect of it.
Dan suggests it is based on the particular certificate / key / hash / q-fuses for said devices. And once again....this is ALL based on complete speculation (as I've stated many times (don't care to count how many). )
Thanks to anyone who contributes and thanks for creating this effort! I have a BL locked Mini and it's a 2013 version so not only can I not pay (he only unlocks 2014s right now), but I don't have PayPal and I don't have $45. Really, this might work and so please post your codes if you want to help people like me... we can never know if it works until we try.
Sent from my XT1030 (Droid Mini)
Is there a way to retrieve the code? I'm unlocked via the Tao bao site on the first go around. I used the IM feature on the site to communicate so I don't have the code in an email. I can't remember for the life of me how I signed on to look to see if it's still there. Is the code stored on the device anywhere once unlocked?
Sent From My Droid Ultra
Caseyk621 said:
Is there a way to retrieve the code? I'm unlocked via the Tao bao site on the first go around. I used the IM feature on the site to communicate so I don't have the code in an email. I can't remember for the life of me how I signed on to look to see if it's still there. Is the code stored on the device anywhere once unlocked?
Sent From My Droid Ultra
Click to expand...
Click to collapse
No way to retrieve it from the device itself....and I'm not familiar with Taobao (or how to look up a prior purchase from there). You can try searching your email (if you even received one) for your IMEI, as he usually included it along with the unlock token.
Aside from that, I don't have any suggestions. Thanks for trying to help though.
If moto x gets a way to unlock bl for free, it could help us a lot!
I just wanted to say "THANKS!" to all the ---jerks--- that are putting bogus info into the form.....like "12345", or the most recent "1".....yeah, thanks for the humor you're giving me. Including Mr. XDA username "a"...how original....
Nice to get a good laugh every now and then.....knowing I can simply erase your bogus data away with one simple keystroke... LMAO
Collecting just unlock code make no sense. I think that code AT LEAST a hash code of IMEI. Well it might be not a IMEI but serial number or what ever. They run hashing on security chip and verify the signature. The chance of two phones having the same code is veeeeery low. In another words you won't find equal codes, I know for sure. The only way is to get how they calcualte the code but that would be hard because you don't know what it comes from and you have nothing at all, not even IMEI or serial.
Dragon31337 said:
Collecting just unlock code make no sense. I think that code AT LEAST a hash code of IMEI. Well it might be not a IMEI but serial number or what ever. They run hashing on security chip and verify the signature. The chance of two phones having the same code is veeeeery low. In another words you won't find equal codes, I know for sure. The only way is to get how they calcualte the code but that would be hard because you don't know what it comes from and you have nothing at all, not even IMEI or serial.
Click to expand...
Click to collapse
You might want to re-read the first post...specifically here:
samwathegreat said:
Also, I'm not suggesting that I'm right about this, or even COULD be right about this -- I'm merely suggesting a POSSIBILITY. It is entirely possible (probable, even) that I'm completely wrong / off-track about this. I wouldn't be surprised in the least. In fact, I'm actually EXPECTING it.
Click to expand...
Click to collapse
and here:
samwathegreat said:
OK, sure, we understand that. Now examine the logic. Nowhere does Dan Rosenburg suggest that the TOKEN is unique to a particular IMEI, OR in any way validated or hashed against the IMEI. Only that it is based on certificates / keys / hashes STORED in the CID partition, and blown Q-fuses.
Click to expand...
Click to collapse
and here:
samwathegreat said:
And finally, I'll end this post by saying that curiosity is very important to achieve any new breakthroughs. Making "educated guesses" based on analysis of available data is the only way to make innovations and new discoveries. It's OK to be wrong, as long you use what you have learned to build upon your knowledge and use this information to improve future analytics.
This is a hypothesis based on the [small amount of] data currently available. Nothing more.
Click to expand...
Click to collapse
and in response to:
Dragon31337 said:
The only way is to get how they calcualte the code but that would be hard because you don't know what it comes from and you have nothing at all, not even IMEI or serial.
Click to expand...
Click to collapse
Please consider that we have no interest in what you are suggesting....which is actually breaking Moto's encryption / master key. Based off my knowledge of key / certificate - based cryptography, I am well aware that even IF we had 10,000 VALID unlock token / IMEI combinations, it would STILL likely take -longer than our combined lifetimes- to crack the master key. And that's assuming you are correct about there being a correlation between Token & Serial / IMEI. Have you considered "q-fuses"? Moto very well could have blown q-fuses (identically) in more than one device...
Personally, I have no interest in -that-. I'm not seeing what purpose collecting the IMEI combinations would have, other than deterring people from actually participating in this because they don't want to share their IMEI...
So my questions really is: What are you trying to say that I haven't already? Self-admittedly, this probably won't work....said it more times than I care to count in the first post alone...
And finally, EVERYONE is entitled to their opinion, and I welcome to you "speculate" however you wish! Lets just please not clog up this thread with any more of it. This thread has a specific purpose, and I'd like to keep it at that. Thanks
Many of the Motorola Users who have msm8960 devices unlocked their bootloaders using this method...
http://blog.azimuthsecurity.com/2013/04/unlocking-motorola-bootloader.html?m=1
iAjayIND said:
Many of the Motorola Users who have msm8960 devices unlocked their bootloaders using this method...
http://blog.azimuthsecurity.com/2013/04/unlocking-motorola-bootloader.html?m=1
Click to expand...
Click to collapse
Which doesn't apply at all to this device. That is for the RAZR HD.
iAjayIND said:
Many of the Motorola Users who have msm8960 devices unlocked their bootloaders using this method...
http://blog.azimuthsecurity.com/2013/04/unlocking-motorola-bootloader.html?m=1
Click to expand...
Click to collapse
Topsnake said:
Which doesn't apply at all to this device. That is for the RAZR HD.
Click to expand...
Click to collapse
That is Dan Rosenberg's method. I've mentioned his name multiple times in the OP, as well as his "Token Validation Logic".
Since the Razr M/HD AND the Moto X have the exact same SoC (MSM8960), his token validation logic likely still applies. @Topsnake is correct in that it will not work on the Moto X, but its because that method exploited a vulnerability in TrustZone to write to (blow) q-fuses in the secure area, thereby unlocking the BL.
All of this is described in the OP, but thanks for trying to add some useful info
Hello everybody. This idea is getting alot more interest in the Moto X section, and one user asked if we would be willing to share some details on the data collected so far. Here it is:
samwathegreat said:
Sure! I think everyone deserves to know the current status....
As of RIGHT NOW, we have:
86 submissions
of which 5 are completely and purposely BOGUS
and 2 sets (4 submissions) are -complete duplicates- and were posted from the same IP, within seconds of each other (I wonder if they really thought I wouldn't look at the timestamps / IP addresses?)
zero correlations
What I can also tell you is that IF the build dates entered are correct, we do have 3 sets (6 submissions) that have the same build date and are completely unique codes. This would seem to rule out the previously suggested idea that perhaps all units from a particular build date might use the same unlock-token.
Still need much more data to make any further (useful) correlations.
Hope everyone appreciates the update.... :good:
Click to expand...
Click to collapse
Keep those submissions coming!
MAY I HAVE YOUR ATTENTION EVERYONE:
I've just received word that DAN ROSENBERG has found a bootloader-unlock exploit, and has just unveiled it at the BlackHat conference!!!!!!
I haven't verified it 100% yet, but if true, this is AMAZING!!!!
This means that until patched, we can all now unlock our bootloaders for FREE!!!!!!!!!!!!!!!
:highfive: :highfive: :highfive: :good: :good: :good: :laugh: :laugh: :laugh:
EDIT: Guys, it appears to be 100% True!!!!!!
See the Reddit article here: http://www.reddit.com/r/Android/comments/2csyiq/
He just demonstrated this LIVE @ the Blackhat Conference!!!!
Hopefully it will be released soon for all the guys that missed the China boat.
sent from "my kungfu is stronger than yours" XT1080
That's great news. Hope it pans out for everyone!!
Sent from My Droid Ultra
OMG!!! this is GREAT NEWS FOR EVERYONE WITH A DROID MAXX ULTRA MINI X!!!!!!!
and its only a 3 page document (lol)
i hope he releases it to the public for free!
a new wave of unlocked BL are coming!
thanks for the heads up!
Having missed the China Boat as someone said earlier... This 2013 Maxx owner is hoping anxiously for this to come true quickly.
I found this site where a guy gives a procedure on how to unlock the boot loader on any Motorola Android phone. Check out the link and lets see what you think. If this has already been posted please excuse my re-post.
http://androhippo.blogspot.com/2015...ml?utm_source=dlvr.it&utm_medium=facebook&m=1
Sadly, someone correct me if I'm wrong but, I believe this is for a Motorola bought phone, not a Verizon bought phone made by Motorola.
Sent from my XT1254 using XDA Free mobile app
While this generally works for moto phones, verizon phones and a few others are not eligible for it. If you try, the moto site will tell you this.
Only hope is that someone finds and exploit similar to the G3 and is able to force TWRP onto the phone without unlocking.
My G3 still technically has a locked bootloader but they managed to push TWRP to it anyway.
Unfortunately with the Turbo being Verizon exclusive and such a small following, I doubt we will ever see the day especially with the "Turbo 2" coming out. Best bet for now, is Motofail ($20) to push custom roms.
SyCoREAPER said:
Only hope is that someone finds and exploit similar to the G3 and is able to force TWRP onto the phone without unlocking.
My G3 still technically has a locked bootloader but they managed to push TWRP to it anyway.
Unfortunately with the Turbo being Verizon exclusive and such a small following, I doubt we will ever see the day especially with the "Turbo 2" coming out. Best bet for now, is Motofail ($20) to push custom roms.
Click to expand...
Click to collapse
Motofail is free and does not support the Turbo. You're thinking of moforoot.
TheSt33v said:
Motofail is free and does not support the Turbo. You're thinking of moforoot.
Click to expand...
Click to collapse
Indeed what I meant. Thanks
I am not all that familiar with unlocked bootloaders but after skimming some of the posts on the Moto Z Force I am seeing a lot of discussion about, I replied to one thread decided perhaps I should start a new.
The bootloader is able to be unlocked from the settings menu.
First you must go to settings then about phone. Go to build number and tap it 7 times. This will enable developer options.
Again go to the settings menu, go to developer options and there is a toggle for OEM unlocking.
Hope this helps as I am new to xda(new member, long time reader)
LeeMullinsII said:
I am not all that familiar with unlocked bootloaders but after skimming some of the posts on the Moto Z Force I am seeing a lot of discussion about, I replied to one thread decided perhaps I should start a new.
The bootloader is able to be unlocked from the settings menu.
First you must go to settings then about phone. Go to build number and tap it 7 times. This will enable developer options.
Again go to the settings menu, go to developer options and there is a toggle for OEM unlocking.
Hope this helps as I am new to xda(new member, long time reader)
Click to expand...
Click to collapse
Dude you rock! But will this allow root? Using known methods like ping-pong or towel root? I've been with Samsung for 6 years, so this Moto z force thing is still new to me. And I'm just starting to dig through the threads on this.
I just made the switch from Samsung myself so I am not entirely sure. I happened to stumble upon that accidentally and saw a few questions about unlocking a bootloader. Now I am not sure if it makes a difference but my device is not under contract as I paid full price and activated on prepaid.
This will not unlock your bootloader
Sent from my XT1650 using Tapatalk
This will not unlock your bootloader. This will not allow root. There is almost zero chance of this phone ever having its bootloader able to be unlocked and you can call Verizon at (800) 922-0204 to thank them for it. They are tyrants and I will never give them a dollar.
Yeah its the same for me, it will allow you to unlock the bootloader, but it will void the warranty so I haven't done it yet but I will later on. Hopefully it works! It make it really easy to root with Verizon.
Please read everything in this thread. Thank you.
Braydenc1997 said:
Yeah its the same for me, it will allow you to unlock the bootloader, but it will void the warranty so I haven't done it yet but I will later on. Hopefully it works! It make it really easy to root with Verizon.
Click to expand...
Click to collapse
This is NOT an option to unlock your bootloader...sorry
Sent from my XT1650 using Tapatalk
Yeah, it doesn't work that way with Big Red.
Sent from my XT1575 using XDA-Developers mobile app
Braydenc1997 said:
Yeah its the same for me, it will allow you to unlock the bootloader, but it will void the warranty so I haven't done it yet but I will later on. Hopefully it works! It make it really easy to root with Verizon.
Click to expand...
Click to collapse
Checking this box will NOT unlock the bootloader. Anyone that has had a phone where you CAN in fact unlock the bootloader knows this.
Would quadrooter exploits work on this phone? This phone is running the snapdragon chip set and has the following vulnerabilities:
CVE-2016-2503, CVE-2016-2504 and CVE-2016-5204
Y'all should be able to check your phones as well using the quadrooter scanner app from play s.
micmatt said:
Would quadrooter exploits work on this phone? This phone is running the snapdragon chip set and has the following vulnerabilities:
CVE-2016-2503, CVE-2016-2504 and CVE-2016-5204
Y'all should be able to check your phones as well using the quadrooter scanner app from play s.
Click to expand...
Click to collapse
It would take an experienced dev to turn those exploits into a root avenue for us. I doubt that person will show up for this device.
They may very well show up. This is a new phone and somewhat a power house. A lot of people leaving Samsung and coming to this device. I just left the gs6. So I am still holding up hope. It's still new and may take a little time.
Sent from my XT1650 using Tapatalk
This will be one of the few Verizon phones which will get the Dev love it needs to be unlocked and rooted.Being now in my thirties and running Arch Linux for years I really don't care anymore,..there isn't a need for me ..I get my Rock's off on my box and keep my phone working .
I can clarify, my Moto Z Force does have those three vulnerabilities.
These vulnerabilities are global for Android MM, so perhaps someone, somewhere can use the exploit to gain root on Android - we'd be able to use that method on our phones. Here's to being hopeful!
Okay, so call me crazy/stupid but what is the easiest way to root my Moto Z Force Droid Edition?
ThisIsAGoodUsername said:
Okay, so call me crazy/stupid but what is the easiest way to root my Moto Z Force Droid Edition?
Click to expand...
Click to collapse
Root is automatically activated when the phone has been in free fall for more than 10 seconds. Find a tall building and throw your phone off of it.
Seriously, have a look around before you post questions like this.
Sent from my XT1650 using Tapatalk
ThisIsAGoodUsername said:
Okay, so call me crazy/stupid but what is the easiest way to root my Moto Z Force Droid Edition?
Click to expand...
Click to collapse
Not at all at the moment.
PiousInquisitor said:
Root is automatically activated when the phone has been in free fall for more than 10 seconds. Find a tall building and throw your phone off of it.
Seriously, have a look around before you post questions like this.
Sent from my XT1650 using Tapatalk
Click to expand...
Click to collapse
He was just asking a basic question. Did you really have to reply so meanly to him?
With it being a Verizon Droid brand, there's a good chance the answer is never. Probably not a lot of developers with the phone and Big Red is pretty serious about locking it down, hence the answers.
PiousInquisitor said:
Root is automatically activated when the phone has been in free fall for more than 10 seconds. Find a tall building and throw your phone off of it.
Seriously, have a look around before you post questions like this.
Click to expand...
Click to collapse
Actually I have looked. I have seen several sources that claim rooting this latest VZW Droid phone is trivially easy. They even post instructions on how to do it.
Now, I wasn't at first going to believe those sources, because they have some odd errors, like 1/2 way thru their instructions they start to refer to the Mot Z Force Droid as being a Samsung phone.
However, based on your knowledgeable answer, I will take your vouching that these sources are being 100% reliable.
WaltA said:
However, based on your knowledgeable answer, I will take your vouching that these sources are being 100% reliable.
Click to expand...
Click to collapse
Quite the opposite. If there isn't a root method on this forum, then there isn't one that works.
Sent from my XT1650 using Tapatalk
WaltA said:
Actually I have looked. I have seen several sources that claim rooting this latest VZW Droid phone is trivially easy. They even post instructions on how to do it.
Now, I wasn't at first going to believe those sources, because they have some odd errors, like 1/2 way thru their instructions they start to refer to the Mot Z Force Droid as being a Samsung phone.
However, based on your knowledgeable answer, I will take your vouching that these sources are being 100% reliable.
Click to expand...
Click to collapse
I've seen several sources claiming root for NON-VZW Moto Z phones (i.e.: Bootloader unlocked), I've seen none valid for VZW Droid (i.e.: Locked down like fort Knox)... Guess we have different search engines.
Wrote to Moto, no intention of unlocking it either. So unless someone finds an exploit/backdoor/Universal unlock key, you're SOL.
The current issue is that taking an update will destroy your chances of getting root. Take 0 updates until an exploit is found that will allow us root. Dirtycow/quadrooter are the only linux exploits that we might be able to get to work. Its just a matter of who. I know Jcase (https://twitter.com/jcase?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) has posted in a couple places about compiling dirtycow and even has an "Android Hacking" basics kinda PDF floating around. He has done a lot in the community (SunShine) he doesn't deserve the hate being thrown at him for not developing a root method for this one device.
daifunai said:
He was just asking a basic question. Did you really have to reply so meanly to him?
Click to expand...
Click to collapse
It's the trend nowadays.
Instead of helping he posts what he did.
Sent from my XT1650 using Tapatalk
Sirshark10 said:
Take 0 updates until an exploit is found that will allow us root.
Click to expand...
Click to collapse
Oh. Well now I regret taking all those updates. I still doubt we'll get root on this device tho. I can only hope. It seems XDA forums has gone quiet and essentially given up on trying to root this phone, but I hope I'm wrong about that.
MOARStuff said:
Oh. Well now I regret taking all those updates. I still doubt we'll get root on this device tho. I can only hope. It seems XDA forums has gone quiet and essentially given up on trying to root this phone, but I hope I'm wrong about that.
Click to expand...
Click to collapse
pretty much true
I wish that some developer would even try working on this. I myself have thought of many things and will probably create a separate post for root soon since I have a couple ideas which I feel MIGHT MAYBE work, but I need the XDA community to pitch in and help me think of a method. Like I said, I have a rough idea but it needs refining, which I can hopefully get from the community.
Moto z force jailbreak
So what you guys are saying it's inpossable to jail brake our phone? So I should just go out and get a new phone if I want to jail break it?
I was aware the when I bought my phone used that the Droid version probably wouldn't see root anytime soon but I bought it anyway because I did research online and felt the phone had good enough specs and the UI looked good and had cool features so I personally don't even need or miss having root on this phone. My reasons for rooting phones has ALWAYS been for performance tweaks with occasional UI adjustments.
My last phone was an Acend XT (H611) which before having the bootloader unlocked and flashing a debloated and tweaked stock rom it was an utter POS. I paid $50 for that Ascent XT and I liked it but performance and UI wise it doesn't even compare to the Moto Z Force. So I personally don't even miss having root.
---------- Post added at 11:18 PM ---------- Previous post was at 11:18 PM ----------
Alex222339 said:
So what you guys are saying it's inpossable to jail brake our phone? So I should just go out and get a new phone if I want to jail break it?
Click to expand...
Click to collapse
Yeah need bootloader unlocked and Verizon won't let Lenovo Unlock our Droid version.
I am more concerned about when we will get another update for Oreo because it has problems sometimes.... I have to restart my phone once a week because the fingerprint scanner or chop for flashlight stop working or some other random bug pops up.
Damn Verizon, thets how they killed the turbo 2
I look through the threads and mostly what I see is T-mobile got a root. Other updates show regular roots but no mention of it applying to Sprint. Threads directed to Sprint don't say nor show much. Anyone can assist in getting a link or update for the root. I am looking very forward to it and also a mod for the DAC audio. For some reason it seems like an over rated feature as audio isn't that high as advertised and mind you I have the earphones that come free with the purchase.
I'm sure you'll see word either in the development section or in this thread. They'll need to get around a locked bootloader first.
Thanks Doug
douger1957 said:
I'm sure you'll see word either in the development section or in this thread. They'll need to get around a locked bootloader first.
Click to expand...
Click to collapse
They won't need to get around it. I don't think you WILL get around it, ever. So.
pro_granade said:
They won't need to get around it. I don't think you WILL get around it, ever. So.
Click to expand...
Click to collapse
that's what most said with the Galaxy S7 and LG G5 but they they're both rooted now
Snipars said:
that's what most said with the Galaxy S7 and LG G5 but they they're both rooted now
Click to expand...
Click to collapse
The Note 7 was rooted without unlocking the bootloader. I don't understand the under the hood specifics, but where there's a will...
Patience people. Contemporary Android is a maze of security protocols in order to get root. Not just the bootloader, but also SELinux policy, capability bounding, file-size checks, and so on. When an OEM tries to lock down a device. Really tries....It becomes hell. The phone only went on sale a week ago.
I'd suggest reading the following tale one fellow posted about his weeks long effort to chroot his Asus tablet. NOTE-his tablet had an unlocked bootloader and fastboot command access. Both are things we don't have.
https://www.thanassis.space/android.html
Skripka said:
Patience people. Contemporary Android is a maze of security protocols in order to get root. Not just the bootloader, but also SELinux policy, capability bounding, file-size checks, and so on. When an OEM tries to lock down a device. Really tries....It becomes hell. The phone only went on sale a week ago.
I'd suggest reading the following tale one fellow posted about his weeks long effort to chroot his Asus tablet. NOTE-his tablet had an unlocked bootloader and fastboot command access. Both are things we don't have.
https://www.thanassis.space/android.html
Click to expand...
Click to collapse
Not to be discouraging, but it took 18 months to get an unlocked bootloader on the Verizon Note 4.
douger1957 said:
Not to be discouraging, but it took 18 months to get an unlocked bootloader on the Verizon Note 4.
Click to expand...
Click to collapse
Oh I remember.
Me? I'm fairly well happy unrooted. About 95%