Blog Archive

Wednesday, May 17, 2023

05-17-2023-0017 - Bootloader unlocking

From Wikipedia, the free encyclopedia
Not to be confused with the rooting of Android devices or SIM unlocking.
An unlocked Android bootloader, showing additional available options

Bootloader unlocking[a] is the process of disabling the bootloader security that makes secure boot possible. It can make advanced customizations possible, such as installing a custom firmware. On smartphones this can be a custom Android distribution or another mobile operating system. Some bootloaders are not locked at all, others can be unlocked using a standard command, others need assistance from the manufacturer. Some do not include an unlocking method and can only be unlocked through a software exploit.

Bootloader unlocking is also done for mobile forensics purposes, to extract digital evidence from mobile devices, using tools such as Cellebrite UFED.[1]

Background

Unlocking the bootloader usually voids any warranties and may make the device susceptible to data theft.[2][3] On Chromebooks, enabling developer mode makes the system less secure than a standard laptop running Linux.[4] Unlocking the bootloader may lead to data loss on Android and ChromeOS devices, as some data is impossible to back up without root permission.

Sascha Segan from PCMag considered a locked bootloader a mistake on the Qualcomm Snapdragon Insiders phone, which is targeted at advanced users.[5]

Platforms

Android

Unlocking the bootloader is typically done during the process to obtain root access.

Android bootloader unlocking as of 2023[6]
Manufacturer Difficulty level Method
Google Easy Command-line (unlocked variant, not restricted to carrier)
Samsung Easy Development settings (except North America variants)
OnePlus Easy Command-line
Xiaomi Very Hard Add account, request code, wait a week
Sony Hard Command-line, request code at Sony website
Fairphone Hard Command-line, request code at Fairphone website
Motorola Hard Command-line, request code at Motorola website
Realme Hard Command-line, after installation of realme-app
Huawei Impossible N/A
OPPO Impossible N/A
HMD-Nokia Impossible N/A
vivo Impossible[7] N/A
LG Impossible[8] N/A
Tecno Impossible N/A
Infinix Impossible N/A
TCL Impossible N/A

History

The bootloaders of Nexus and Pixel devices can be unlocked by using the fastboot command fastboot oem unlock or if it doesn't recognize the command fastboot flashing unlock.[9]

When Motorola released a bootloader unlocking tool for the Droid Razr, Verizon removed the tool from their models.[10]

In 2011, Sony Ericsson released an online bootloader unlocking tool.[11] Sony requires the IMEI number to be filled in on their website.[12] For the Asus Transformer Prime TF201, Asus has released a special bootloader unlock tool.[13]

In 2012, Motorola released a limited tool for unlocking bootloaders.[14] They require accepting terms and conditions and creating an account before the bootloader can be unlocked for a Moto G.[15]

HTC phones have an additional layer of lock called "S-OFF/S-ON".

Bootloaders can be unlocked using an exploit or using a way that the vendor supplied. The latter method usually requires wiping all data on the device.[1] In addition, some manufacturers prohibit unlocking on carrier locked phones. Samsung's US and Canadian Snapdragon phones do not allow unlocks regardless if the phone was bought from a carrier or not.

In 2018, a developer from XDA Developers launched a service which allowed users to unlock the bootloader of some Nokia smartphone models.[16] Similarly, another developer from XDA Developers launched a service to allow users to unlock the bootloaders of Samsung Galaxy S20 and Samsung Galaxy S21 Phones.[17]

Huawei announced plans to allow users to unlock the bootloader of the Mate 30 series, but later retracted that.[18] Huawei has stopped providing bootloader unlock codes since 2018.[19] A bootloader exploit named checkm30 has been developed for HiSilicon based Huawei phones.[20][non-primary source needed]

When the bootloader of the Samsung Galaxy Z Fold 3 was unlocked, the camera became less functional. This could be restored by re-locking the bootloader.[21] This issue was later fixed by Samsung.[22] For the Samsung Galaxy S22 series, unlocking the bootloader has no effect on the camera.[23]

Others

Microsoft

The WPInternals tool is able to unlock bootloaders of all Nokia Lumia phones running Windows Phone, but not phones like the Alcatel Idol 4 or HP Elite x3.[24][25] Version 1.0 was released in November 2015.[26] In October 2018, the tool was released as open source software when the main developer René Lergner (also known as HeathCliff74) stepped down.[27]

The slab bootloader used by Windows RT could be unlocked using a vulnerability, but was silently patched by Microsoft in 2016.[28] UEFI Secure Boot on x86 systems can generally be unlocked.

Apple

The boot ROM protection on iOS devices with an A11 processor or older can be bypassed with a hardware exploit known as checkm8, which makes it possible to run other operating systems including Linux.[29]

The bootloader on M1 based Macs can be unlocked.[30]

Google

The equivalent of bootloader unlocking is called developer mode in Chromebooks.[31] Chromebooks use custom bootloaders that can be modified or overwritten by removing a Write-protect screw.[32]

In 2013, the bootloader of the Chromecast was hacked using an exploit.[33] In 2021, it was hacked again for newer versions.[34]

SpaceX

In August 2022, security researcher Lennert Wouters applied a voltage injection attack to bypass firmware verification of a Starlink satellite dish from SpaceX.[35]

Relocking

On Android, it is possible to relock the bootloader.[36]

Shutdown of online services

In 2018, Huawei stopped providing bootloader unlock codes.[37] On 31 December 2021, LG shut down their website which provided bootloader unlock codes.[38]

See also

Explanatory notes


  1. Also called developer mode, OEM unlock or jailbreaking

References


  • Afonin, Oleg (2016). Mobile Forensics ' Advanced Investigative Strategies (1 ed.). Packt Publishing. ISBN 978-1-78646-408-8. OCLC 960040717.

  • Tamma, Rohit; Donnie Tindall (2015). Learning Android forensics: a hands-on guide to Android forensics, from setting up the forensic workstation to analyzing key forensic artifacts. Birmingham, UK. ISBN 978-1-78217-444-8. OCLC 910639389.

  • Hoffman, Chris. "The Security Risks of Unlocking Your Android Phone's Bootloader". How-To Geek. Retrieved 2021-08-04.

  • Porup, J. M. (2017-06-19). "How to install Linux on a Chromebook (and why you should)". Ars Technica. Archived from the original on 2017-06-19. Retrieved 2021-09-06.

  • "Qualcomm Smartphone for Snapdragon Insiders Review". PCMag. Archived from the original on 2021-08-16. Retrieved 2021-09-06.

  • Wokke, Arnoud (2021-08-28). "Custom roms voor Android - Hoe zijn installatie en gebruik anno nu?". Tweakers (in Dutch). Retrieved 2022-06-14.

  • "vivo Smartphone FAQs | vivo India". www.vivo.com. Retrieved 2022-11-29.

  • "Termination of LG Mobile Developer website service". developer.lge.com. Retrieved 2023-05-07.

  • "Factory Images for Nexus and Pixel Devices | Google Play services". Google Developers. Retrieved 2022-11-07.

  • Ingraham, Nathan (2011-10-24). "GSM Motorola RAZR hits the FCC; Verizon model has locked bootloader". The Verge. Retrieved 2022-06-14.

  • By (2011-04-14). "Sony Ericsson Promotes Android Bootloader Unlocking". Hackaday. Retrieved 2022-06-14.

  • Kotipalli, Srinivasa Rao; Mohammed A. Imran (2016). Hacking Android: explore every nook and cranny of the Android OS to modify your device and guard it against security threats. Birmingham, UK. ISBN 978-1-78588-800-7. OCLC 957298786.

  • Tiefenthäler, Ronald. "Asus: Bootloader Unlock Tool für Tablet Transformer Prime TF201 verfügbar". Notebookcheck (in German). Retrieved 2021-08-04.

  • Rodgers, Evan (2012-08-17). "Motorola unveils Android bootloader unlocking tool with limited device support". The Verge. Archived from the original on 2012-08-19. Retrieved 2021-09-10.

  • Viscomi, Rick; Andy Davies; Marcel Duran (2015). Using WebPageTest: web performance testing for novices and power users. Sebastopol, CA. ISBN 978-1-4919-0281-3. OCLC 927108295.

  • Rox, Ricci. "Nokia users can now unofficially unlock their bootloaders but the methodology is as sketchy as it gets". Notebookcheck. Retrieved 2021-09-06.

  • "Android[UNSAMLOCK]".

  • "Huawei Mate 30 will not have an unlocked bootloader". The Indian Express. 2019-09-25. Archived from the original on 2019-09-26. Retrieved 2021-09-06.

  • "Huawei will no longer offer bootloader unlock codes for its Android devices". 9to5Google. 2018-05-24. Retrieved 2021-09-06.

  • "Checkmate Mate 30 - Attack the bootrom of Huawei smartphones" (PDF). Archived (PDF) from the original on 2021-09-06.

  • Clark, Mitchell (2021-08-24). "Samsung will let you unlock your Z Fold 3's bootloader, but at the cost of your cameras". The Verge. Archived from the original on 2021-08-24. Retrieved 2021-09-06.

  • "Unlocking the bootloader no longer kills the Galaxy Z Fold 3's cameras". xda-developers. 2021-12-07. Retrieved 2022-03-14.

  • "Unlocking the bootloader doesn't break the camera on the Samsung Galaxy S22 series". xda-developers. 2022-02-26. Retrieved 2022-02-26.

  • "Tool van Nederlandse ontwikkelaar kan custom roms op alle Lumia's flashen". Tweakers (in Dutch). Retrieved 2021-08-04.

  • "Windows Phone Internals 2.2 Unlocks the Bootloader on all Windows 8 & 10 Lumia Smartphones". xda-developers. 2017-12-04. Retrieved 2021-08-04.

  • Andrew Orlowski. "Rooting and modding a Windows Phone is now child's play". The Register. Retrieved 2022-06-14.

  • "Windows 10 Mobile's bootloader unlocker is now open source". Neowin. Retrieved 2022-06-14.

  • Francisco, Shaun Nichols in San. "Microsoft silently kills dev backdoor that boots Linux on locked-down Windows RT slabs". www.theregister.com. Retrieved 2021-09-06.

  • Lundberg, Anders. "16-year-old runs Linux on iPhone 7". Macworld UK. Retrieved 2021-08-04.

  • January 2021, Michelle Ehrhardt 19 (2021-01-19). "Linux is Finally on Apple M1...Kind Of". Tom's Hardware. Retrieved 2021-08-04.

  • December 2014, Lucian Armasu 31 (2014-12-31). "You Can Now Run Full Linux Apps Inside A Chrome OS Window". Tom's Hardware. Retrieved 2021-09-06.

  • Robert, Foss (2017-03-08). "Quick hack: Removing the Chromebook Write-Protect screw". Collabora. Retrieved 2021-09-04.

  • "Chromecast bootloader exploit surfaces, opens up plenty of possibilities (video)". Engadget. Archived from the original on 2020-09-04. Retrieved 2021-09-06.

  • "Modders ontgrendelen bootloader van Google Chromecast met Google TV". Tweakers (in Dutch). Archived from the original on 2021-08-01. Retrieved 2021-09-06.

  • Hardcastle, Jessica Lyons. "Starlink satellite dish cracked on stage at Black Hat". The Register. Retrieved 2022-11-22.

  • Wilde, Damien (2021-09-09). "How to downgrade from Android 12 Beta to Android 11 on Google Pixel [Video]". 9to5Google. Retrieved 2021-09-28.

  • "Huawei stopt met het uitdelen van codes om bootloader vrij te geven". Tweakers (in Dutch). Retrieved 2023-05-07.

    1. "LG stopt eind dit jaar met tool voor unlocken van smartphonebootloaders". Tweakers (in Dutch). Retrieved 2023-05-07.

    External links

    The Wikibook Advanced phone customization has a page on the topic of: Unlocking your bootloader


    https://en.wikipedia.org/wiki/Bootloader_unlocking

    By at

    No comments:

    Post a Comment

    Subscribe to: Post Comments (Atom)