Related
I have moto g4 plus. recently i rooted it and everything worked fine
but when i applied the nougat ota upgrade
i m unable to downgrade it to mm stock ROM or stock ROM
neither, able to lock bootloader even cant flash with recovery
every time i flash it it shows "preflash validation failed " and "piv sign not valid " for the boot and recovery image
my stock ROM is not corrupt
one more thing it also display's "security version downgrade"
pls guys help me
1. enable developer option
2. enable oem unlock
3. get unlock code from motorola website
4. unlock via fastboot
Sorry, misread. I think you want to unlock BL.
Did you read XDA rules...? Did you search...?
There is already a thread for ReLock issue..
As you will read,
You can't downgrade bootloader if once updated...
Don't Mess with bootloader unless want a brick....
According to my views, there are no benefits for ReLocking unless want to sell phone and make buyer fool... LoL...
Droid Turbo XT1254 Marshmallow->Lollipop downgrade (unlocking bootloader)COMING SOON?
*this is new thread because I started last as Q&A by mistake so first 2 pages may look off with posts and answers.
DOWNGRADING EXPERIMENT TOPIC
So as you may know , after upgrading to Marshmallow OTA, on locked bootloader there won't be any option to unlock bootloader (ever as some people say) , sunshine officially doens't support Marshmallow. The only option is to downgrade which again isn't possible on locked BL..
Or is it ?
Introduction - skip to DOWNGRADE
First of all I'm not an programmer , but have some experience with locked down motorola's bl's , firmware's ,downgrades and so on..
I'm sure when somebody says impossible, it doesn't really mean impossible, but rather not worthy to some. So in my case I bought the phone few days ago, wasn't fully up to date with infos on unlocking BL so didn't check FW version when buying , just after I checked and phone was updated on MM 1-2 days before buying it. On not unlockable BL phone will become useless to me very soon, while unlocked I would plan to have it for long period of time. It goes in Verzion's favour for me to ditch the phone and buy a new one except I'm not in USA , there are no Verzion services in my country and if there were I would never ever buy (again) anything from Verzion. Well I lived in Japan , and there is network Softbank which is well.. Imagine Verizon but on steroids when it comes to tying people down, locked bootloaders and software, insane fee's and so on.. Well that Softbank bough Verizon some time ago .. I was avoiding them at all cost, but on to the topic now.
DOWNGRADE - fastboot
I would like to invite everybody who is interested in this and who can help to participate in this. Every programmer that has time and can contribute would be greatly appreciated! In return I'm willing to sacrifice my phone and my time , even paying some reasonable donations.
While experimenting in the end I was able to flash all bootloader files from various different versions including all partitions related to it which gets upgraded. Even managed to flash XT1250 MM bootloader. Bootloader version DOES change in bootloader / fastboot ,But it doesn't mean ANYTHING. While downgrading , something else, possibly other parts of bootloader obviously search for match and there is more to it than simple bootloader , more experienced , chime on in here! SElinux enforcing? Verity?
(see attachments)
SU4TL-49 bootloader.img to motoboot flash - Successfully
SU4TL-49 manually flashing 1 by 1:
tz.mbn -[/B] Successfully
SBL1.mbn (bootloader) - [/B] Successfully
sdi.mbn - [/B] Successfully
fsg.mbn to mdm1m9kefs3 - [/B] Successfully
rpm.mbn - [/B] Successfully
emmc_appsboot.mbn to aboot - [/B] Successfully
gpt.bin to "partition" , it's the partitions info partition, people say it can't be downgraded or flashed cross versions. After some experimenting mfastboot failed but fastboot succeded, on some versions mfastboot worked - [/B] Successfully
What I can't get to downgrade / cross flash no mather which bootloader and combinations of firmware im on :
boot.img
recovery.img
system,img (sparse_chunk files)
I will go deeper, but hope that new full firmware SBF will be released soon in case of brick. Verzion is slow. I'm making my own full 6.0.1 xml.zip based on full flashable zip's , repacked system.img sparsechunks, rewrited the script but can't get to flash system files due to invalid signed image. Any help with that? It would also help already bricked guys because who knows when'll Verzion release it..
Downgrade OTA way , stock Android Recovery
While stock android recovery is pretty much useless, it can do software upgrades OTA on a fully stock system , which we on locked bootloaders and MM have.
In my opinion , the way is to trick stock recovery into thinking it's flashing ota, and that whole envieroment is like recovery is expecting it while it's actually flashing downgraded version full / close to full firmware in combination with you flashing some partitions manually through fastboot. OTA's contain only "patch" and just replaces files which get changed on new SW. Or even maybe reverse OTA downgrade?
I've made my own update.zip and signed it , but so far get footer size is wrong error so can't flash it .. Need more help here too..
That looks promising!
Marshmallow feels slower than lollipop for me and I wish I could downgrade but I just can't!
I am looking forward to see what you can do about this issue
Good luck bro!
sorry for my mistake, I do not intend to comment here
@EjđiSixo
How to remove the "signed" of system image or bypass it? Fastboot or RSD are stuck at flashing system image. Does this "sign" relate to boot, recovery, partition? Or it's simply the "sign" to prevent downgrade???
I've never succeeded with partition downgrade...
---------- Post added at 10:29 PM ---------- Previous post was at 10:19 PM ----------
when I was flashing the only system.img (3GB), it said that "wrong at header magi". But after a bit time, fastboot separated the file and began to flash. But still failed because of signed image.
I've tried to remove the code from updater-script but it could not write files to system
Not out yet!
Thanks! I think if we all try , we can do it ! For now main focus is downgrading anyhow, even to half working Lollipop just in the purpose of unlocking bootloader with sunshine.
@mr_5kool
Feel free to comment and ask / suggest, thats what this topic is for!
Unforutenately thats the part I haven't yet figured out myself. It is a " permissions" to prevent the downgrade , bootloader and possibly something else checks current version / keys / properly signed image and then flashes. With other bootloader I'm still not able to flash it because it's obviously locked. Motorola probably signs their images differently.
You can't flash 3GB image because when flashing, phone recieve's partition first to ram so max download size is set to 255mb per file. You have to repack system.img to sparse chunks. But you don't have to bother with it , I already repacked system.img which I found at fully stock flashable MCG24.251-5 . It again failed due to invalid signed image . If we could figure out what is exactly signed and how , that would open a lot more possibilities. Possibly even flashing prerooted roms on locked bootloader. There are more possibilities , who knows..
Currently the only thing notices downgrade when flashing is recovery. In bootloader log says I tried to downgrade. Even with downgraded bootloader (kind of, there is sbl2 and sbl3 but they don't get upgraded )
Anyway, I tried something just for the "gags" . Flashed all partitions of XT1250 bootloader. Got to Motorola's site, posted "unlock bootloader data". It returned it's not unlockable of course.. The first sequence of numbers in data is your imei , it starts with 99 and it's verzion's specific imei.
My theory is that motorola ties unlock bootloader data to every phone and imei and stores it in database ( please confirm) . So even with moto maxx bootloader I can't unlock because :
1 it reads my verzion imei
2 it doesn't find alltogether data in the database..
I don't know what are other numbers in the data you get from fastboot, possibly some serial numbers and so on, haven't really checked it .. That's why i think this method is not possible at all for now. Manipulating that data in your phone and running it through motorola's site knowing that exact same code works for some device might be possible, but I think there is really way too much impossible messing involved. If somebody can share more about this?
lol
http://forum.xda-developers.com/dro...ficial-marshmallow-build-mcg24-t3512813/page2
I've renamed it like suggested in the post #11
Download link is at 1st page. It's just a OTA.
Yes I just renamed it.
IT DOESN'T WORK WITH ADB AND YOU CAN'T FLASH IT AGAIN THROUGH RECOVERY. ITS OTA.
EDIT: The post that I was responding to has been removed.
The method to downgrade from Lollipop to Kitkat is the same with what I've done. It may be possible. Some said that "impossible to downgrade with locked bootloader on vrz". So the system image may be signed with bootloader (or imei, serial or something else, god know).
The unlock method of Sunshine takes place in Trustzone (sbl2). They cannot get unlock code.
You succesfully downgraded LL to KK on droid? There is partition for trust zone alone "tz.mbn" , downgradable without any problem. I only see sbl1 get's upgraded on droid turbo , never saw in any firmware sbl2 or 3 yet.. So I'm little confused.. I remember I saw some PDF regarding that..
Yes, successfully downgraded 5.1 to 4.4.4 on Droid Turbo but with unlocked bootloader. I helped this guy.
http://forum.xda-developers.com/droid-turbo/help/solved-problem-downgrade-install-ota-t3497791
http://forum.xda-developers.com/droid-turbo/help/how-to-downgrade-lollipop-5-1-to-kitkat-t3494459
Finally managed to *Brick my devices while trying to make latest sbf firmware (what an irony ) because used some of files from that stupid OTA . Tried flashing all possible firmware I have but it doesn't fix it so system got corrupted probably and for now didn't succed flashing any of the available systems. Flashing MM recovery doesn't help. It's a " recovery loop".
Basically phone starts , vibrates , goes into recovery, it says "erasing" , it does the factory reset then restarts and over and over again erasing restarting loop.
I'll continue exploring downgrade options but top priority now is making working marshmallow sbf or waiting for stupid Verzion to release it already. Just checked with SUA and it still doesn't show repair so firmware isn't available still.
Biggest problem is signed system images which are probably signed by RSA and I need help with that..
I have same problem erasing
Can't flash SU4TL gpt.bin anymore , so success was definitely connected to experiment and steps I did so I'll investigate more.
@EjđiSixo
I have never tried before. My Moto X2013 failed to downgrade from LL to KK, too. So, it's the common problem of Verizon Motorola Devices.
If you have problem with "erasing", just enter recovery by "hold power button for a while then fast press volume up button". Phone will enter recovery and do the factory reset. But when rebooting the system, "erasing" appear again.
If partition is dead, flash the higher version, commonly gpt and tz.
PS: still waiting for the official xml firmware
ChazzMatt said:
Yes, successfully downgraded 5.1 to 4.4.4 on Droid Turbo but with unlocked bootloader. I helped this guy.
http://forum.xda-developers.com/droid-turbo/help/solved-problem-downgrade-install-ota-t3497791
http://forum.xda-developers.com/droid-turbo/help/how-to-downgrade-lollipop-5-1-to-kitkat-t3494459
side note, I hate this Q&A format. Not sure why XDA even has it. You can't even format URL links correctly.
Click to expand...
Click to collapse
mr_5kool said:
@EjđiSixo
I have never tried before. My Moto X2013 failed to downgrade from LL to KK, too. So, it's the common problem of Verizon Motorola Devices.
If you have problem with "erasing", just enter recovery by "hold power button for a while then fast press volume up button". Phone will enter recovery and do the factory reset. But when rebooting the system, "erasing" appear again.
If partition is dead, flash the higher version, commonly gpt and tz.
PS: still waiting for the official xml firmware
Click to expand...
Click to collapse
I wonder if there is any way to force Verizon to release firmware. This is really low of the lowest, it says 1 week after OTA , now it's almost 1 month. Until somebody forces them , it can be months as far as they are considered. No help from developers / programmers either on any of 2 subjects so don't see my method of full MM SBF working.
god know
:v
ChazzMatt said:
Yes, successfully downgraded 5.1 to 4.4.4 on Droid Turbo but with unlocked bootloader. I helped this guy.
http://forum.xda-developers.com/droid-turbo/help/solved-problem-downgrade-install-ota-t3497791
http://forum.xda-developers.com/droid-turbo/help/how-to-downgrade-lollipop-5-1-to-kitkat-t3494459
Click to expand...
Click to collapse
Exactly brother .
I solved my problem .
I can downgrade from Marshmallow to lollipop is very easy for my ..
But first step is unlocked bootloader from lollipop..
Sent from my XT1254 using XDA Free mobile app
Yeah people , we all know everything can be done with unlocked bootloader. It's a GOD mode. Nothing strange about downgrading with unlocked BL. This topic is for people stuck on locked BL like myself to try to odowngrade on lollipop only in purpose of UNLOCKING BL. So let's for now focus on locked BL's.
I have twrp installed but i just typed fastboot oem lock now my bootloader is locked but i m on twrp how can i unlock bootloader.... since i m blocked from asus fota server so i cant unlock by signed unlock tool..... plz help me i think i need the oem unlock code...... or if any one can provide me the same models oem unlocked image file and i may flash that to unlock boot loader.... plz help guys.....
And does any of the auto root tool works for asus zenfone max android 6
Please reply to this post, someone
same problem here , have you found the solution?
I too have the same problem. I even bricked my phone dong os, ended up flashing using flash tool. Now, the bootloader is locked and unlock tool is not working. Someone help
[email protected] said:
I have twrp installed but i just typed fastboot oem lock now my bootloader is locked but i m on twrp how can i unlock bootloader.... since i m blocked from asus fota server so i cant unlock by signed unlock tool..... plz help me i think i need the oem unlock code...... or if any one can provide me the same models oem unlocked image file and i may flash that to unlock boot loader.... plz help guys.....
And does any of the auto root tool works for asus zenfone max android 6
Click to expand...
Click to collapse
use Fastboot oem unlock command via csc/fastboot mode
debadri1995 said:
use Fastboot oem unlock command via csc/fastboot mode
Click to expand...
Click to collapse
ot doesnt work bro.... it says command fails..... i want a way to know what is the default code for oem unlock of my device
Me too same case. Someone please help. The unlock tool does not help either. Please help.
Someone please help us, we are so helpless
i hv a same prob too.... someone help please...
volte lost and bootloader locked
Hey everyone, i recently flashed the cleanmax rom and i lost my volte for ever.
So after this incident, i thought i must flash the stock rom using fastboot. :it didnot work:
so i deep flash the rom using edl mode and guess what i lost the imei,serial no. and my bootloader got locked again.and i got the lollipop rom.
i somehow manage to write the imei and serial no. and updated my rom to mm.But now i cannot unlock my bootloader again.And volte is still not working anybody please help i am a broke person and i cannot buy a new phone.please please help
[email protected] said:
I have twrp installed but i just typed fastboot oem lock now my bootloader is locked but i m on twrp how can i unlock bootloader.... since i m blocked from asus fota server so i cant unlock by signed unlock tool..... plz help me i think i need the oem unlock code...... or if any one can provide me the same models oem unlocked image file and i may flash that to unlock boot loader.... plz help guys.....
And does any of the auto root tool works for asus zenfone max android 6
Click to expand...
Click to collapse
There is no way u can re unlock the bootloader,but there is a workaround.Flash the beta marshmallow rom for 8916,watch the youtube video and check description,its a trick how to flash the beta.then simply flash twrp.the beta rom allows to flash twrp through fastboot.I found this method by myself over a month time
Hi,
When i received my Zuk Edge few months ago I unlocked the bootloader and flash a custom ROM. But it was buggy and i prefered to returned to the stock ROM.
So im now back in Stock ZUI Rom, no root, no custom recovery, no custom rom/firmware... The only thing remaining "unofficial" is the bootloader, which i "unlocked".
How can I lock the bootloader of the Zuk Edge ? (i mean relock it)
Cause i didn't find any post on that subject
Thank you all
I found the answer actually on ZUK Fans Forum.
You have just to :
/!\ Be on Stock ROM (ZUI Official) /!\ (otherwise, you'll brick the phone)
- Go to fastboot mode (adb reboot bootloader)
- Type this : fastboot -i 0x2b4c oem lock
Then the device will restart (it will be a bit long, no worries)
The bootloader status won't be unlocked unfortunately, but "relocked".
Hi,
but with "relocked" bootloader, OTA Updates are not able. I made same step/mistake and unlocked the bootloader with the aim to get OTA Updates, but now there is no way cause of the really bad description I followed... (
Is there any solution to lock the bootloader again? Maybe editing the 'unlock_bootloader.img'?
Sincerely yours
LacyOne
What will happen if I relock bootloader .. because I hate the pop up "your device has been unlocked .." while it boots.. does after relocking bootloader stops twrp to work ?
dhenewar said:
What will happen if I relock bootloader .. because I hate the pop up "your device has been unlocked .." while it boots.. does after relocking bootloader stops twrp to work ?
Click to expand...
Click to collapse
If you relock your bootloader with TWRP or anything else non stock, you'll likely boot loop until you unlock again. It's likely you'll trip the verification checks -performed by a locked bootloader - with TWRP, which means you need to be fully stock for a successful locked bootloader. If you've not enabled OEM unlocking in developers options if you locked, then you'll have major issues as you can't then unlock.
If you want to, you can flash a custom logo.bin (plenty of links in the Mods section) which will hide the warning, won't shorten the delay but it'll be nicer to look at.
echo92 said:
If you relock your bootloader with TWRP or anything else non stock, you'll likely boot loop until you unlock again. It's likely you'll trip the verification checks -performed by a locked bootloader - with TWRP, which means you need to be fully stock for a successful locked bootloader. If you've not enabled OEM unlocking in developers options if you locked, then you'll have major issues as you can't then unlock.
If you want to, you can flash a custom logo.bin (plenty of links in the Mods section) which will hide the warning, won't shorten the delay but it'll be nicer to look at.
Click to expand...
Click to collapse
Ok bro thanks for the info ..will SuperSu be as same as twrp causing bootloop?... luckily I have got stock recovery n firmware .. as u said "If you've not enabled OEM unlocking in developers options if you locked, then you'll have major issues " .. I am having the problem in other device(Samsung Galaxy grand prime G531H .. Cuz of my careless n rush.i forgot to enable oem n then flashed custom rom in Odin .. then it got bricked.. searched alot in internet for solution..also .. i have created post here.. still no solution .. and Now my device is just waste ..gave up on it ... RIP :angel: ..
dhenewar said:
Ok bro thanks for the info ..will SuperSu be as same as twrp causing bootloop?... luckily I have got stock recovery n firmware .. as u said "If you've not enabled OEM unlocking in developers options if you locked, then you'll have major issues " .. I am having the problem in other device(Samsung Galaxy grand prime G531H .. Cuz of my careless n rush.i forgot to enable oem n then flashed custom rom in Odin .. then it got bricked.. searched alot in internet for solution..also .. i have created post here.. still no solution .. and Now my device is just waste ..gave up on it ... RIP :angel: ..
Click to expand...
Click to collapse
I think so, a locked bootloader, as I understand it, checks the integrity of your recovery, kernel and system, and if it detects a break in the chain of trust (e.g. if there's a custom modification that changes the signature expected), then as a security measure the device just won't boot/bootloop. SuperSU or any root, custom kernel, or TWRP or even if you've allowed TWRP to make modifications may result in bootloops thus.
Therefore, if you wish to re-lock your device, you'll want to re-flash the stock firmware and then lock. You can only lock your device with the same firmware or newer than the version your device was updated to (including OTA updates). The latest version we have is the June fastboot ROM: https://forum.xda-developers.com/moto-g4-plus/how-to/stock-rom-npjs25-93-14-4-march-1-t3608138 Of course, flashing this will wipe TWRP, root and possibly your data from your device, so back up and keep the backups off your device. Alternatively, you may just wish to flash the custom logo.bin as mentioned previously, which would hide the bootloader warning.
About your Galaxy Grand Prime, ouch - that's a horrible situation to be in; unless there's a potential bootloader exploit, you're caught in the nasty situation where you can't unlock your bootloader (because of the OEM unlock) and because the security's been tripped, won't allow you to boot to get to the OEM unlock Are there any Samsung service centres or repair shops that could help you recover? You could have a look around the Galaxy Grand Prime forum, see if there's anything that could help: https://forum.xda-developers.com/grand-prime
echo92 said:
I think so, a locked bootloader, as I understand it, checks the integrity of your recovery, kernel and system, and if it detects a break in the chain of trust (e.g. if there's a custom modification that changes the signature expected), then as a security measure the device just won't boot/bootloop. SuperSU or any root, custom kernel, or TWRP or even if you've allowed TWRP to make modifications may result in bootloops thus.
Therefore, if you wish to re-lock your device, you'll want to re-flash the stock firmware and then lock. You can only lock your device with the same firmware or newer than the version your device was updated to (including OTA updates). The latest version we have is the June fastboot ROM: https://forum.xda-developers.com/moto-g4-plus/how-to/stock-rom-npjs25-93-14-4-march-1-t3608138 Of course, flashing this will wipe TWRP, root and possibly your data from your device, so back up and keep the backups off your device. Alternatively, you may just wish to flash the custom logo.bin as mentioned previously, which would hide the bootloader warning.
About your Galaxy Grand Prime, ouch - that's a horrible situation to be in; unless there's a potential bootloader exploit, you're caught in the nasty situation where you can't unlock your bootloader (because of the OEM unlock) and because the security's been tripped, won't allow you to boot to get to the OEM unlock Are there any Samsung service centres or repair shops that could help you recover? You could have a look around the Galaxy Grand Prime forum, see if there's anything that could help: https://forum.xda-developers.com/grand-prime
Click to expand...
Click to collapse
Thanx bro I will try it out .. yep bro I got it in service center n they told me .. No way of fixing it .. Aahh n that's it ? .well there was option change of hardware price was half of the phone cost ..better to buy new one ?