Bootloader unlocking

Bootloader unlocking[lower-alpha 1] is the process of disabling the bootloader security that makes secure boot possible. It can make advanced customizations possible, such as installing a custom firmware. On smartphones this can be a custom Android distribution or another mobile operating system. Some bootloaders are not locked at all, others can be unlocked using a standard command, others need assistance from the manufacturer. Some do not include an unlocking method and can only be unlocked through a software exploit.

Not to be confused with the rooting of Android devices or SIM unlocking.
An unlocked Android bootloader, showing additional available options

Bootloader unlocking is also done for mobile forensics purposes, to extract digital evidence from mobile devices, using tools such as Cellebrite UFED.[1]

Background

Unlocking the bootloader usually voids any warranties and may make the device susceptible to data theft.[2][3] On Chromebooks, enabling developer mode makes the system less secure than a standard laptop running Linux.[4] Unlocking the bootloader may lead to data loss on Android and ChromeOS devices, as some data is impossible to back up without root permission.

Sascha Segan from PCMag considered a locked bootloader a mistake on the Qualcomm Snapdragon Insiders phone, which is targeted at advanced users.[5]

Platforms

Android

Unlocking the bootloader is typically done during the process to obtain root access.

Android bootloader unlocking as of 2023[6]
ManufacturerDifficulty levelMethod
GoogleEasy (non-Verizon)
Impossible (Verizon)		Command-line (unlocked variant, not restricted to carrier, and non-Verizon carrier variants when paid off fully)
SamsungEasy (outside North America)
Impossible (North America)		Development settings (except North America variants)
OnePlusEasy (non-T-Mobile)
Medium (T-Mobile)		Command-line, except on T-Mobile US variants where an unlock code is needed
XiaomiVery Hard/EasyAdd account, request code, wait a week. On devices with Mediatek system on a chip it is easy with a third-party tool called MTKClient.
SonyEasyCommand-line, request code at Sony website
FairphoneEasyCommand-line, request code at Fairphone website
MotorolaEasyCommand-line, request code at Motorola website
RealmeEasyCommand-line, after installation of the in-depth test app and submitting a application for in depth-testing.
NothingEasyCommand-line
HuaweiImpossibleN/A
OPPOImpossibleN/A
HMD-NokiaImpossibleN/A
vivo Impossible[7] N/A
LGImpossible,[8] only G and V series models from 2015 onwards were affected, including VelvetN/A
TecnoEasyCommand-line
InfinixImpossibleN/A
TCLImpossibleN/A

History

The bootloaders of Nexus and Pixel devices can be unlocked by using the fastboot command fastboot oem unlock or if it doesn't recognize the command fastboot flashing unlock.[9]

When Motorola released a bootloader unlocking tool for the Droid Razr, Verizon removed the tool from their models.[10]

In 2011, Sony Ericsson released an online bootloader unlocking tool.[11] Sony requires the IMEI number to be filled in on their website.[12] For the Asus Transformer Prime TF201, Asus has released a special bootloader unlock tool.[13]

In 2012, Motorola released a limited tool for unlocking bootloaders.[14] They require accepting terms and conditions and creating an account before the bootloader can be unlocked for a Moto G.[15]

HTC phones have an additional layer of lock called "S-OFF/S-ON".

Bootloaders can be unlocked using an exploit or using a way that the vendor supplied. The latter method usually requires wiping all data on the device.[1] In addition, some manufacturers prohibit unlocking on carrier locked phones. Samsung phones and cellular tablets sold in the US and Canada do not allow bootloader unlocks regardless of carrier status.

In 2018, a developer from XDA Developers launched a service which allowed users to unlock the bootloader of some Nokia smartphone models.[16] Similarly, another developer from XDA Developers launched a service to allow users to unlock the bootloaders of Samsung Galaxy S20 and Samsung Galaxy S21 Phones.[17]

Huawei announced plans to allow users to unlock the bootloader of the Mate 30 series, but later retracted that.[18] Huawei has stopped providing bootloader unlock codes since 2018.[19] A bootloader exploit named checkm30 has been developed for HiSilicon based Huawei phones.[20]

When the bootloader of the Samsung Galaxy Z Fold 3 was unlocked, the camera became less functional. This could be restored by re-locking the bootloader.[21] This issue was later fixed by Samsung.[22] For the Samsung Galaxy S22 series, unlocking the bootloader has no effect on the camera.[23]

Microsoft

The WPInternals tool is able to unlock bootloaders of all Nokia Lumia phones running Windows Phone, but not phones like the Alcatel Idol 4 or HP Elite x3.[24][25] Version 1.0 was released in November 2015.[26] In October 2018, the tool was released as open source software when the main developer René Lergner (also known as HeathCliff74) stepped down.[27]

The slab bootloader used by Windows RT could be unlocked using a vulnerability, but was silently patched by Microsoft in 2016.[28] UEFI Secure Boot on x86 systems can generally be unlocked.

Apple

The boot ROM protection on iOS devices with an A11 processor or older can be bypassed with a hardware exploit known as checkm8, which makes it possible to run other operating systems including Linux.[29]

The bootloader on Apple Silicon-based Macs can be unlocked.[30] However, other Apple devices like the iPhone and iPad cannot be bootloader unlocked even when using the same chip used in a Mac.

Google

The equivalent of bootloader unlocking is called developer mode in Chromebooks.[31] Chromebooks use custom bootloaders that can be modified or overwritten by removing a Write-protect screw.[32]

In 2013, the bootloader of the Chromecast was hacked using an exploit.[33] In 2021, it was hacked again for newer versions.[34]

SpaceX

In August 2022, security researcher Lennert Wouters applied a voltage injection attack to bypass firmware verification of a Starlink satellite dish from SpaceX.[35]

Relocking

On Android, it is possible to relock the bootloader.[36]

Shutdown of online services

In 2018, Huawei stopped providing bootloader unlock codes.[37] On 31 December 2021, LG shut down their website which provided bootloader unlock codes.[38]

See also

Explanatory notes
  1. Also called developer mode, OEM unlock or jailbreaking

References
  1. Afonin, Oleg (2016). Mobile Forensics ' Advanced Investigative Strategies (1 ed.). Packt Publishing. ISBN 978-1-78646-408-8. OCLC 960040717.
  2. Tamma, Rohit; Donnie Tindall (2015). Learning Android forensics: a hands-on guide to Android forensics, from setting up the forensic workstation to analyzing key forensic artifacts. Birmingham, UK. ISBN 978-1-78217-444-8. OCLC 910639389.{{cite book}}: CS1 maint: location missing publisher (link)
  3. Hoffman, Chris (22 September 2016). "The Security Risks of Unlocking Your Android Phone's Bootloader". How-To Geek. Retrieved 2021-08-04.
  4. Porup, J. M. (2017-06-19). "How to install Linux on a Chromebook (and why you should)". Ars Technica. Archived from the original on 2017-06-19. Retrieved 2021-09-06.
  5. "Qualcomm Smartphone for Snapdragon Insiders Review". PCMag. Archived from the original on 2021-08-16. Retrieved 2021-09-06.
  6. Wokke, Arnoud (2021-08-28). "Custom roms voor Android - Hoe zijn installatie en gebruik anno nu?". Tweakers (in Dutch). Retrieved 2022-06-14.
  7. "vivo Smartphone FAQs | vivo India". www.vivo.com. Retrieved 2022-11-29.
  8. "Termination of LG Mobile Developer website service". developer.lge.com. Archived from the original on 2021-12-05. Retrieved 2023-05-07.{{cite web}}: CS1 maint: bot: original URL status unknown (link)
  9. "Factory Images for Nexus and Pixel Devices | Google Play services". Google Developers. Retrieved 2022-11-07.
  10. Ingraham, Nathan (2011-10-24). "GSM Motorola RAZR hits the FCC; Verizon model has locked bootloader". The Verge. Retrieved 2022-06-14.
  11. By (2011-04-14). "Sony Ericsson Promotes Android Bootloader Unlocking". Hackaday. Retrieved 2022-06-14.
  12. Kotipalli, Srinivasa Rao; Mohammed A. Imran (2016). Hacking Android: explore every nook and cranny of the Android OS to modify your device and guard it against security threats. Birmingham, UK. ISBN 978-1-78588-800-7. OCLC 957298786.{{cite book}}: CS1 maint: location missing publisher (link)
  13. Tiefenthäler, Ronald (22 February 2012). "Asus: Bootloader Unlock Tool für Tablet Transformer Prime TF201 verfügbar". Notebookcheck (in German). Retrieved 2021-08-04.
  14. Rodgers, Evan (2012-08-17). "Motorola unveils Android bootloader unlocking tool with limited device support". The Verge. Archived from the original on 2012-08-19. Retrieved 2021-09-10.
  15. Viscomi, Rick; Andy Davies; Marcel Duran (2015). Using WebPageTest: web performance testing for novices and power users. Sebastopol, CA. ISBN 978-1-4919-0281-3. OCLC 927108295.{{cite book}}: CS1 maint: location missing publisher (link)
  16. Rox, Ricci (2 April 2018). "Nokia users can now unofficially unlock their bootloaders but the methodology is as sketchy as it gets". Notebookcheck. Retrieved 2021-09-06.
  17. "Android[UNSAMLOCK]". 8 January 2021.
  18. "Huawei Mate 30 will not have an unlocked bootloader". The Indian Express. 2019-09-25. Archived from the original on 2019-09-26. Retrieved 2021-09-06.
  19. "Huawei will no longer offer bootloader unlock codes for its Android devices". 9to5Google. 2018-05-24. Retrieved 2021-09-06.
  20. "Checkmate Mate 30 - Attack the bootrom of Huawei smartphones" (PDF). Archived (PDF) from the original on 2021-09-06.
  21. Clark, Mitchell (2021-08-24). "Samsung will let you unlock your Z Fold 3's bootloader, but at the cost of your cameras". The Verge. Archived from the original on 2021-08-24. Retrieved 2021-09-06.
  22. "Unlocking the bootloader no longer kills the Galaxy Z Fold 3's cameras". xda-developers. 2021-12-07. Retrieved 2022-03-14.
  23. "Unlocking the bootloader doesn't break the camera on the Samsung Galaxy S22 series". xda-developers. 2022-02-26. Retrieved 2022-02-26.
  24. "Tool van Nederlandse ontwikkelaar kan custom roms op alle Lumia's flashen". Tweakers (in Dutch). Retrieved 2021-08-04.
  25. "Windows Phone Internals 2.2 Unlocks the Bootloader on all Windows 8 & 10 Lumia Smartphones". xda-developers. 2017-12-04. Retrieved 2021-08-04.
  26. Andrew Orlowski. "Rooting and modding a Windows Phone is now child's play". The Register. Retrieved 2022-06-14.
  27. "Windows 10 Mobile's bootloader unlocker is now open source". Neowin. Retrieved 2022-06-14.
  28. Francisco, Shaun Nichols in San. "Microsoft silently kills dev backdoor that boots Linux on locked-down Windows RT slabs". www.theregister.com. Retrieved 2021-09-06.
  29. Lundberg, Anders. "16-year-old runs Linux on iPhone 7". Macworld UK. Retrieved 2021-08-04.
  30. January 2021, Michelle Ehrhardt 19 (2021-01-19). "Linux is Finally on Apple M1...Kind Of". Tom's Hardware. Retrieved 2021-08-04.
  31. December 2014, Lucian Armasu 31 (2014-12-31). "You Can Now Run Full Linux Apps Inside A Chrome OS Window". Tom's Hardware. Retrieved 2021-09-06.
  32. Robert, Foss (2017-03-08). "Quick hack: Removing the Chromebook Write-Protect screw". Collabora. Retrieved 2021-09-04.
  33. "Chromecast bootloader exploit surfaces, opens up plenty of possibilities (video)". Engadget. Archived from the original on 2020-09-04. Retrieved 2021-09-06.
  34. "Modders ontgrendelen bootloader van Google Chromecast met Google TV". Tweakers (in Dutch). Archived from the original on 2021-08-01. Retrieved 2021-09-06.
  35. Hardcastle, Jessica Lyons. "Starlink satellite dish cracked on stage at Black Hat". The Register. Retrieved 2022-11-22.
  36. Wilde, Damien (2021-09-09). "How to downgrade from Android 12 Beta to Android 11 on Google Pixel [Video]". 9to5Google. Retrieved 2021-09-28.
  37. "Huawei stopt met het uitdelen van codes om bootloader vrij te geven". Tweakers (in Dutch). Retrieved 2023-05-07.
  38. "LG stopt eind dit jaar met tool voor unlocken van smartphonebootloaders". Tweakers (in Dutch). Retrieved 2023-05-07.
The Wikibook Advanced phone customization has a page on the topic of: Unlocking your bootloader
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.