Bootloader unlocking is the process of disabling the bootloader security that makes secure boot possible. It can make advanced customizations possible, such as installing a custom firmware. On smartphones this can be a custom Android distribution or another mobile operating system. Some bootloaders are not locked at all, others can be unlocked using a standard command, others need assistance from the manufacturer. Some do not include an unlocking method and can only be unlocked through a software exploit.
Bootloader unlocking is also done for mobile forensics purposes, to extract digital evidence from mobile devices, using tools such as Cellebrite UFED.
Unlocking the bootloader usually voids any warranties and may make the device susceptible to data theft. [1] On Chromebooks, enabling developer mode makes the system less secure than a standard laptop running Linux. [2] Unlocking the bootloader may lead to data loss on Android and ChromeOS devices, as some data is impossible to back up without root permission.
Sascha Segan from PCMag considered a locked bootloader a mistake on the Qualcomm Snapdragon Insiders phone, which is targeted at advanced users. [3]
Unlocking the bootloader is typically done during the process to obtain root access.
Manufacturer | Difficulty level | Method |
---|---|---|
Easy (non-Verizon) Impossible (Verizon) | Command-line (unlocked variant, not restricted to carrier, and non-Verizon carrier variants when paid off fully) | |
Samsung | Easy (outside North America) Impossible (North America) | Development settings (except North America variants) |
OnePlus | Easy (non-T-Mobile) Medium (T-Mobile) | Command-line, except on T-Mobile US variants where an unlock code is needed |
Xiaomi | Hard | Add Mi account, request code via Windows-only software, wait up to a month (limited to one device per month). On devices with Mediatek system on a chip it is easy with a third-party tool called MTKClient |
Asus | Impossible | Unlocking was performed via a first-party unlocking tool, but servers and app were removed. |
Sony | Medium | Command-line, request code at Sony website |
Fairphone | Medium | Command-line, request code at Fairphone website |
Motorola | Medium | Command-line, request code at Motorola website |
Realme | Medium-Hard | Command-line, after installation of the in-depth test app and submitting a application for in-depth testing. |
Nothing | Easy | Command-line |
Huawei | Impossible, due to unlocking services being shut down | N/A |
OPPO | Impossible (Fastboot binaries are removed) | N/A |
HMD-Nokia | Impossible | N/A |
vivo | Impossible [5] | N/A |
LG | Impossible, due to unlocking services being shut down, [6] only G and V series models from 2015 onwards were affected, including Velvet | N/A |
Tecno | Easy | Command-line |
Infinix | Easy | Command-line |
TCL | Impossible | N/A |
The bootloaders of Nexus and Pixel devices can be unlocked by using the fastboot command fastboot oem unlock
or if it doesn't recognize the command fastboot flashing unlock
. [7]
When Motorola released a bootloader unlocking tool for the Droid Razr, Verizon removed the tool from their models. [8]
In 2011, Sony Ericsson released an online bootloader unlocking tool. [9] Sony requires the IMEI number to be filled in on their website. [10] For the Asus Transformer Prime TF201, Asus has released a special bootloader unlock tool. [11]
In 2012, Motorola released a limited tool for unlocking bootloaders. [12] They require accepting terms and conditions and creating an account before the bootloader can be unlocked for a Moto G. [13]
HTC phones have an additional layer of lock called "S-OFF/S-ON".
Bootloaders can be unlocked using an exploit or using a way that the vendor supplied. The latter method usually requires wiping all data on the device. [14] In addition, some manufacturers prohibit unlocking on carrier locked phones. Samsung phones and cellular tablets sold in the US and Canada do not allow bootloader unlocks regardless of carrier status.
In 2018, a developer from XDA Developers launched a service which allowed users to unlock the bootloader of some Nokia smartphone models. [15] Similarly, another developer from XDA Developers launched a service to allow users to unlock the bootloaders of Samsung Galaxy S20 and Samsung Galaxy S21 Phones. [16]
Huawei announced plans to allow users to unlock the bootloader of the Mate 30 series, but later retracted that. [17] Huawei has stopped providing bootloader unlock codes since 2018. [18] A bootloader exploit named checkm30 has been developed for HiSilicon based Huawei phones. [19] [ non-primary source needed ]
When the bootloader of the Samsung Galaxy Z Fold 3 was unlocked, the camera became less functional. This could be restored by re-locking the bootloader. [20] This issue was later fixed by Samsung. [21] For the Samsung Galaxy S22 series, unlocking the bootloader has no effect on the camera. [22]
The WPInternals tool is able to unlock bootloaders of all Nokia Lumia phones running Windows Phone, but not phones like the Alcatel Idol 4 or HP Elite x3. [23] [24] Version 1.0 was released in November 2015. [25] In October 2018, the tool was released as open source software when the main developer René Lergner (also known as HeathCliff74) stepped down. [26]
The slab bootloader used by Windows RT could be unlocked using a vulnerability, but was silently patched by Microsoft in 2016. [27] UEFI Secure Boot on x86 systems can generally be unlocked.
The boot ROM protection on iOS devices with an A11 processor or older can be bypassed with a hardware exploit known as checkm8, which makes it possible to run other operating systems including Linux. [28]
The bootloader on Apple Silicon-based Macs can be unlocked. [29] However, other Apple devices like the iPhone and iPad cannot be bootloader unlocked even when using the same chip used in a Mac.
The equivalent of bootloader unlocking is called developer mode in Chromebooks. [30] Chromebooks use custom bootloaders that can be modified or overwritten by removing a Write-protect screw. [31] Some models lack a screw and instead may or may not require disabling the onboard Cr50 chip.
In 2013, the bootloader of the Chromecast was hacked using an exploit. [32] In 2021, it was hacked again for newer versions. [33]
Asus used to provide an Unlocking tool for both of their smartphone lines, the Zenfone and ROG Phone. This worked as an installable .apk file that the user could install on their phone, then unlock the bootloader. The app worked by contacting Asus unlocking servers, then prompting the user to perform a factory reset. In 2023 Asus removed the tool from their website and closed the unlocking servers, so even phones with the .apk file installed couldn't unlock their bootloaders. Representatives on the Asus forums claimed the tool would be available again, but as of March 2024 no additional information has been provided, even after the release of their latest device the ROG Phone 8 and the upcoming release of the Zenfone 11 Ultra. A user on the popular fourm XDA (website) filed a court claim application against Asus due to the unlock tool never being released and alleged that Asus censored comments about the unlock tool on their form. [34]
In August 2022, security researcher Lennert Wouters applied a voltage injection attack to bypass firmware verification of a Starlink satellite dish from SpaceX. [35]
On Android, it is possible to relock the bootloader. [36]
In 2018, Huawei stopped providing bootloader unlock codes. [37] On 31 December 2021, LG shut down their website which provided bootloader unlock codes. [38] In August 2023, ASUS removed the unlocking tool from their website and shut down the servers used to unlock the bootloader. [39]
The Android Dev Phone (ADP) is a SIM-unlocked and bootloader unlocked Android device that is designed for advanced developers. While developers can use regular consumer devices purchased at retail to test and use their apps, some developers may choose not to use a retail device, preferring an unlocked or no-contract device.
Rooting is the process by which users of Android devices can attain privileged control over various subsystems of the device, usually smartphones and tablets. Because Android is based on a modified version of the Linux kernel, rooting an Android device gives similar access to administrative (superuser) permissions as on Linux or any other Unix-like operating system such as FreeBSD or macOS.
Fastboot is a communication protocol used primarily with Android devices. It is implemented in a command-line interface tool of the same name and as a mode of the bootloader of Android devices. The tool is included with the Android SDK package and used primarily to modify the flash filesystem via a USB connection from a host computer. It requires that the device be started in Fastboot mode. If the mode is enabled, it will accept a specific set of commands, sent through USB bulk transfers. Fastboot on some devices allows unlocking the bootloader, and subsequently, enables installing custom recovery image and custom ROM on the device. Fastboot does not require USB debugging to be enabled on the device. To use fastboot, a specific combination of keys must be held during boot.
The hacking of consumer electronics is a common practice that users perform to customize and modify their devices beyond what is typically possible. This activity has a long history, dating from the days of early computer, programming, and electronics hobbyists.
The Motorola Atrix 4G is an Android-based smartphone developed by Motorola, introduced at CES 2011 along with the Motorola Xoom, Motorola Droid Bionic, and Motorola Cliq 2 on January 5, 2011. It was made available in the first quarter of 2011.
The HTC Sensation is a smartphone designed and manufactured by HTC Corporation that runs the Android 2.3 Gingerbread software stock. Officially announced by HTC on April 12, 2011, the HTC Sensation was launched by Vodafone in key European markets including the United Kingdom on May 19, 2011 and by T-Mobile in the United States on June 12, 2011. It was HTC's fifth flagship Android phone and the first HTC phone to support the HTC Sense 3.0 user interface. At the time of its release, the Sensation XE was the world's fastest Android phone.
The Verizon Droid Razr is an Android-based, 4G LTE-capable smartphone designed by Motorola that launched on Verizon Wireless on November 11, 2011. It was announced on October 18, 2011 in New York City.
The Asus Eee Pad Transformer TF201 or Asus Eee Pad Transformer Prime is a 2-in-1 detachable tablet from the Asus Transformer Pad series. It is the world's first Android tablet computer with a quad-core processor, and a successor to the dual-core Asus Eee Pad Transformer. It runs Android 4.1. The Transformer Prime was announced by Asus on 9 November 2011. It was released in Taiwan on 1 December 2011, and in Canada and the United States during the week of 19 December 2011.
Wear OS is a version of Google's Android operating system designed for smartwatches and other wearables. By pairing with mobile phones running Android version 6.0 "Marshmallow" or newer, or iOS version 10.0 or newer with limited support from Google's pairing application, Wear OS integrates Google Assistant technology and mobile notifications into a smartwatch form factor. Wear OS is closed-source, in contrast to the free and open-source Android.
The Xiaomi Redmi 1S, code-named armani HM 1S, is a smartphone released in May 2014, developed by the Chinese company Xiaomi Inc. It is a part of the Redmi series of smartphones, and succeeded the Redmi 1. Visually similar to its predecessor, it comes with a 4.7-inch screen, a quad-core 1.6 GHz Cortex-A7 processor and runs Android version 4.3 (Jellybean), bundled with the proprietary MIUI v5 user interface, which can be upgraded to MIUI v9 based on Android 4.4.4 KTU84P.
Odin is a utility software program developed and used by Samsung internally which is used to communicate with Samsung devices in Odin mode. It can be used to flash a custom recovery firmware image to a Samsung Android device. Odin is also used for unbricking certain Android devices. Odin is the Samsung proprietary alternative to Fastboot.
Samsung Internet Browser is a desktop and mobile web browser developed by Samsung Electronics, based on the open-source Chromium project. It comes pre-installed on Samsung Galaxy devices and, since 2015, has been available for download from Google Play for all Android devices. It is also available for their Tizen-based smartwatch via the Galaxy Store.
postmarketOS is an operating system primarily for smartphones, based on the Alpine Linux distribution.
One UI is a user interface (UI) developed by Samsung Electronics for its Android devices running Android 9 "Pie" and later. Succeeding Samsung Experience and TouchWiz, it is designed to make using larger smartphones easier and be more visually appealing. To provide more clarity, some elements of the UI are tweaked to match colors that are based on the color of the user's phone. It was announced at Samsung Developer Conference in 2018, and was unveiled in Galaxy Unpacked in February 2019 alongside the Galaxy S10 series, Galaxy Buds and the Galaxy Fold.
HarmonyOS (HMOS) is a distributed operating system developed by Huawei for smartphones, tablets, smart TVs, smart watches, personal computers and other smart devices. It has a multikernel design with dual frameworks: the operating system selects suitable kernels from the abstraction layer in the case of devices that use diverse resources. The operating system was officially launched by Huawei in August 2019.
CalyxOS is an operating system for smartphones based on Android with mostly free and open-source software. It is produced by the Calyx Institute as part of its mission to "defend online privacy, security and accessibility."
The Android recovery mode is a mode of Android used for installing updates and wipe data. It consists of a Linux kernel with ramdisk on a separate partition from the main Android system.
Good Lock (Korean: 굿락) is a software suite to tweak and customize the user interface and experience on Samsung Galaxy devices. It is developed by Good Lock Labs in cooperation with Samsung, and can be downloaded from the Galaxy Store.
PixelExperience is a discontinued open-sourced custom ROM, or Android distribution, based on the stock Android AOSP that aimed to provide a bloat-free, stock-android, Pixel-like experience to a wide range of Android devices. The project, initiated by a community of developers in 2017, focused on delivering a clean, minimalistic, and visually appealing user interface reminiscent of Google's Pixel devices. Pixel Experience was designed to be as close to stock Android as possible, with a focus on reliability, security, stability, performance, battery life, and useful customizations.
{{cite book}}
: CS1 maint: location missing publisher (link){{cite web}}
: CS1 maint: bot: original URL status unknown (link){{cite book}}
: CS1 maint: location missing publisher (link){{cite book}}
: CS1 maint: location missing publisher (link){{cite web}}
: CS1 maint: numeric names: authors list (link){{cite web}}
: CS1 maint: numeric names: authors list (link)