Keeping track of companies that "care about your data 🥺"
mirrors
- GitHub: https://github.com/zenfyrdev/bootloader-unlock-wall-of-shame
- Codeberg: https://codeberg.org/zenfyr/bootloader-unlock-wall-of-shame
- tangled: https://tangled.sh/did:plc:rjhjcb3rgdsmdr6ykywuh63z/bootloader-unlock-wall-of-shame Do note issues, pull requests and discussions on Codeberg and tangled are not monitored. Please use GitHub for these.
Over the past few years, a suspicious number of companies have started to "take care of your data", aka block/strictly limit your ability to unlock the bootloader on your own devices.
While this may not affect you directly, it sets a bad precedent. You never know what will get the axe next: Shizuku? ADB?
They've already gone after sideloading.
I thought it might be a good idea to keep track of bad companies and workarounds.
If you know of specific details/unlocking methods, please PR them or drop them in the discussions
Caution
Reminder that no matter how nice a company is,
you should not trust them unless their unlock process is 100% offline!
The following manufacturers have made it completely impossible to unlock their devices without a workaround.
Note
Phone brands handle carrier locks differently, so check your device manual or contact support.
Carrier locked devices are the ones you get after making a commitment with a carrier of your choice. This is quite common in North America and (supposedly) allows you to save some money on your device.
As a rule, almost all carrier locked devices do not allow the bootloader to be unlocked. This usually makes sense, as it would allow you to completely bypass the contract. The problem is that many devices still do not allow you to unlock the bootloader even after the carrier lock has been lifted. For more details, see the carriers page.
The following manufacturers allow unlocking under certain conditions, such as region, model, SOC, etc., or require a sacrifice to unlock.
The following manufacturers require an online account and/or a waiting period before unlocking.
Custom Android Verified Boot keys is a feature which allows you to run a custom OS with a locked bootloader.
It's rare to see a device which supports custom AVB keys, but some devices can be found here.
Kirin 620, 650, 655, 658, 659, 925, 935, 950, 960:
It's possible to unlock using testpoints and PotatoNV (Read the readme)
If you own a MediaTek device exploitable by mtkclient (fork old version) or Penumbra you can unlock the bootloader using that.
If it also happens to be an OPPO/Realme device and you need to access fastboot: lkpatcher (web version)
If bootloader unlocking doesn't work on an Oppo Mediatek device using the SECCFG mod (unlocking via mtkclient), you can try unlocking fastboot by writing a modified boot1 (preloader). Writing a preloader also uses mtckclient: oppo-mtk-fastboot-unlock.
In some discussion on cookapk and XDA their seem to be Qualcomm had a universial bootloader unlock vulnerbility effecting most Qualcomm socs that has not been disclosed yet. Additionally, in the past few days, some chinese netizens comfirmed that their is a 0 day bootloader vulnerbility on most qualcomm soc. On the forum they said "This phenomenon occurs in OS 3.0.0.14 Beta (note: the discoverer believes the vulnerability has been patched in this version). It seems that repeatedly calling fastboot oem ramdump followed by fastboot oem uefilogcauses the fastboot process to freeze. Reverse engineering revealed a stack overflow at offset 0x1950 (around 6KB) of the var_18C8call stack within the ramdump function, leading to variable corruption. If exploited properly, it might be possible to modify the IsUnlockedflag? However, reverse analysis shows extensive stack integrity checks, and currently there is no reliable method to bypass them unless there is a way to read the randomly generated seed at the bottom of the stack."
Although some of these might work for you:
The general exploit:
alephsecurity.com the bootloader unlock section.
Xiaomi Mi A1 and maybe all MSM89** manufactured before 2018:
EDLUnlock
If you own a phone with the Unisoc UMS9620 or older,you can use this exploit to achieve temporary secure boot bypass and persistently unlock bootloader(except some devices with modified uboot) CVE-2022-38694_unlock_bootloader
If you own a phone with the Unisoc UMS312 UMS512 UD710,you can use this exploit to achieve persistently secure boot bypass, which means all firmwares including splloader,uboot can be modified and resigned. CVE-2022-38691_38692
Otherwise, you can also look into this: Spectrum_UnlockBL_Tool
This: xdaforums.com
Or this: subut