Bootloader unlocking – Wikipedia

Process of disabling secure device booting

An unlocked Android bootloader, showing additional available options

Bootloader unlocking[a] is the process of disabling the bootloader security that makes secure boot possible. It can make advanced customizations possible, such as installing a custom firmware. On smartphones this can be a custom Android distribution or another mobile operating system. Some bootloaders are not locked at all, others can be unlocked using a standard command, others need assistance from the manufacturer. Some do not include an unlocking method and can only be unlocked through a software exploit.

Bootloader unlocking is also done for mobile forensics purposes, to extract digital evidence from mobile devices, using tools such as Cellebrite UFED.[1]

Background[edit]

Unlocking the bootloader usually voids any warranties and may make the device susceptible to data theft.[2][3] On Chromebooks, enabling developer mode makes the system less secure than a standard laptop running Linux.[4] Unlocking the bootloader may lead to data loss on Android and ChromeOS devices, as some data is impossible to back up without root permission.

Sascha Segan from PCMag considered a locked bootloader a mistake on the Qualcomm Snapdragon Insiders phone, which is targeted at advanced users.[5]

Platforms[edit]

Android[edit]

Unlocking the bootloader is typically done during the process to obtain root access.

Android bootloader unlocking as of 2021[6]
Manufacturer Difficulty level Method
Google Easy Command-line (unlocked variant, not restricted to carrier)
Samsung Easy Development settings (except North America variants)
OnePlus Easy Command-line
Xiaomi Very Hard Add account, request code, wait a week
Sony Hard Command-line, request code at Sony website
Fairphone Hard Command-line, request code at Fairphone website
Motorola Hard Command-line, request code at Motorola website
Realme Hard Command-line, after installation of realme-app
Huawei Impossible N/A
OPPO Impossible N/A
HMD-Nokia Impossible N/A
vivo Impossible[7] N/A

History[edit]

The bootloaders of Nexus and Pixel devices can be unlocked by using the fastboot command .[8]

When Motorola released a bootloader unlocking tool for the Droid Razr, Verizon removed the tool from their models.[9]

In 2011, Sony Ericsson released an online bootloader unlocking tool.[10] Sony requires the IMEI number to be filled in on their website.[11] For the Asus Transformer Prime TF201, Asus has released a special bootloader unlock tool.[12]

In 2012, Motorola released a limited tool for unlocking bootloaders.[13] They require accepting terms and conditions and creating an account before the bootloader can be unlocked for a Moto G.[14]

HTC phones have an additional layer of lock called “S-OFF/S-ON”.

Bootloaders can be unlocked using an exploit or using a way that the vendor supplied. The latter method usually requires wiping all data on the device.[1] In addition, some manufacturers prohibit unlocking on carrier locked phones. Samsung’s US and Canadian Snapdragon phones do not allow unlocks regardless if the phone was bought from a carrier or not.

In 2018, a developer from XDA Developers launched a service which allowed users to unlock the bootloader of some Nokia smartphone models.[15] Similarly, another developer from XDA Developers launched a service to allow users to unlock the bootloaders of Samsung Galaxy S20 and Samsung Galaxy S21 Phones.[16]

Huawei announced plans to allow users to unlock the bootloader of the Mate 30 series, but later retracted that.[17] Huawei has stopped providing bootloader unlock codes since 2018.[18] A bootloader exploit named checkm30 has been developed for HiSilicon based Huawei phones.[19][non-primary source needed]

When the bootloader of the Samsung Galaxy Z Fold 3 was unlocked, the camera became less functional. This could be restored by re-locking the bootloader.[20] This issue was later fixed by Samsung.[21] For the Samsung Galaxy S22 series, unlocking the bootloader has no effect on the camera.[22]

Others[edit]

Microsoft[edit]

The WPInternals tool is able to unlock bootloaders of all Nokia Lumia phones running Windows Phone, but not phones like the Alcatel Idol 4 or HP Elite x3.[23][24] Version 1.0 was released in November 2015.[25] In October 2018, the tool was released as open source software when the main developer René Lergner (also known as HeathCliff74) stepped down.[26]

The slab bootloader used by Windows RT could be unlocked using a vulnerability, but was silently patched by Microsoft in 2016.[27] UEFI Secure Boot on x86 systems can generally be unlocked.

Apple[edit]

The boot ROM protection on iOS devices with an A11 processor or older can be bypassed with a hardware exploit known as checkm8, which makes it possible to run other operating systems including Linux.[28]

The bootloader on M1 based Macs can be unlocked.[29]

Google[edit]

The equivalent of bootloader unlocking is called developer mode in Chromebooks.[30] Chromebooks use custom bootloaders that can be modified or overwritten by removing a Write-protect screw.[31]

In 2013, the bootloader of the Chromecast was hacked using an exploit.[32] In 2021, it was hacked again for newer versions.[33]

SpaceX[edit]

In August 2022, security researcher Lennert Wouters applied a voltage injection attack to bypass firmware verification of a Starlink satellite dish from SpaceX.[34]

Relocking[edit]

On Android, it is possible to relock the bootloader.[35]

See also[edit]

Explanatory notes[edit]

  1. ^ Also called developer mode, OEM unlock or jailbreaking

References[edit]

  1. ^ a b Afonin, Oleg (2016). Mobile Forensics ‘ Advanced Investigative Strategies (1 ed.). Packt Publishing. ISBN 978-1-78646-408-8. OCLC 960040717.
  2. ^ Tamma, Rohit; Donnie Tindall (2015). Learning Android forensics: a hands-on guide to Android forensics, from setting up the forensic workstation to analyzing key forensic artifacts. Birmingham, UK. ISBN 978-1-78217-444-8. OCLC 910639389.
  3. ^ Hoffman, Chris. “The Security Risks of Unlocking Your Android Phone’s Bootloader”. How-To Geek. Retrieved 2021-08-04.
  4. ^ Porup, J. M. (2017-06-19). “How to install Linux on a Chromebook (and why you should)”. Ars Technica. Archived from the original on 2017-06-19. Retrieved 2021-09-06.
  5. ^ “Qualcomm Smartphone for Snapdragon Insiders Review”. PCMag. Archived from the original on 2021-08-16. Retrieved 2021-09-06.
  6. ^ Wokke, Arnoud (2021-08-28). “Custom roms voor Android – Hoe zijn installatie en gebruik anno nu?”. Tweakers (in Dutch). Retrieved 2022-06-14.
  7. ^ “vivo Smartphone FAQs | vivo India”. www.vivo.com. Retrieved 2022-11-29.
  8. ^ “Factory Images for Nexus and Pixel Devices | Google Play services”. Google Developers. Retrieved 2022-11-07.
  9. ^ Ingraham, Nathan (2011-10-24). “GSM Motorola RAZR hits the FCC; Verizon model has locked bootloader”. The Verge. Retrieved 2022-06-14.
  10. ^ By (2011-04-14). “Sony Ericsson Promotes Android Bootloader Unlocking”. Hackaday. Retrieved 2022-06-14.
  11. ^ Kotipalli, Srinivasa Rao; Mohammed A. Imran (2016). Hacking Android: explore every nook and cranny of the Android OS to modify your device and guard it against security threats. Birmingham, UK. ISBN 978-1-78588-800-7. OCLC 957298786.
  12. ^ Tiefenthäler, Ronald. “Asus: Bootloader Unlock Tool für Tablet Transformer Prime TF201 verfügbar”. Notebookcheck (in German). Retrieved 2021-08-04.
  13. ^ Rodgers, Evan (2012-08-17). “Motorola unveils Android bootloader unlocking tool with limited device support”. The Verge. Archived from the original on 2012-08-19. Retrieved 2021-09-10.
  14. ^ Viscomi, Rick; Andy Davies; Marcel Duran (2015). Using WebPageTest: web performance testing for novices and power users. Sebastopol, CA. ISBN 978-1-4919-0281-3. OCLC 927108295.
  15. ^ Rox, Ricci. “Nokia users can now unofficially unlock their bootloaders but the methodology is as sketchy as it gets”. Notebookcheck. Retrieved 2021-09-06.
  16. ^ “Android[UNSAMLOCK]”.
  17. ^ “Huawei Mate 30 will not have an unlocked bootloader”. The Indian Express. 2019-09-25. Archived from the original on 2019-09-26. Retrieved 2021-09-06.
  18. ^ “Huawei will no longer offer bootloader unlock codes for its Android devices”. 9to5Google. 2018-05-24. Retrieved 2021-09-06.
  19. ^ “Checkmate Mate 30 – Attack the bootrom of Huawei smartphones” (PDF). Archived (PDF) from the original on 2021-09-06.
  20. ^ Clark, Mitchell (2021-08-24). “Samsung will let you unlock your Z Fold 3’s bootloader, but at the cost of your cameras”. The Verge. Archived from the original on 2021-08-24. Retrieved 2021-09-06.
  21. ^ “Unlocking the bootloader no longer kills the Galaxy Z Fold 3’s cameras”. xda-developers. 2021-12-07. Retrieved 2022-03-14.
  22. ^ “Unlocking the bootloader doesn’t break the camera on the Samsung Galaxy S22 series”. xda-developers. 2022-02-26. Retrieved 2022-02-26.
  23. ^ “Tool van Nederlandse ontwikkelaar kan custom roms op alle Lumia’s flashen”. Tweakers (in Dutch). Retrieved 2021-08-04.
  24. ^ “Windows Phone Internals 2.2 Unlocks the Bootloader on all Windows 8 & 10 Lumia Smartphones”. xda-developers. 2017-12-04. Retrieved 2021-08-04.
  25. ^ Andrew Orlowski. “Rooting and modding a Windows Phone is now child’s play”. The Register. Retrieved 2022-06-14.
  26. ^ “Windows 10 Mobile’s bootloader unlocker is now open source”. Neowin. Retrieved 2022-06-14.
  27. ^ Francisco, Shaun Nichols in San. “Microsoft silently kills dev backdoor that boots Linux on locked-down Windows RT slabs”. www.theregister.com. Retrieved 2021-09-06.
  28. ^ Lundberg, Anders. “16-year-old runs Linux on iPhone 7”. Macworld UK. Retrieved 2021-08-04.
  29. ^ January 2021, Michelle Ehrhardt 19 (2021-01-19). “Linux is Finally on Apple M1…Kind Of”. Tom’s Hardware. Retrieved 2021-08-04.
  30. ^ December 2014, Lucian Armasu 31 (2014-12-31). “You Can Now Run Full Linux Apps Inside A Chrome OS Window”. Tom’s Hardware. Retrieved 2021-09-06.{{cite web}}: CS1 maint: url-status (link)
  31. ^ Robert, Foss (2017-03-08). “Quick hack: Removing the Chromebook Write-Protect screw”. Collabora. Retrieved 2021-09-04.
  32. ^ “Chromecast bootloader exploit surfaces, opens up plenty of possibilities (video)”. Engadget. Archived from the original on 2020-09-04. Retrieved 2021-09-06.
  33. ^ “Modders ontgrendelen bootloader van Google Chromecast met Google TV”. Tweakers (in Dutch). Archived from the original on 2021-08-01. Retrieved 2021-09-06.
  34. ^ Hardcastle, Jessica Lyons. “Starlink satellite dish cracked on stage at Black Hat”. The Register. Retrieved 2022-11-22.
  35. ^ Wilde, Damien (2021-09-09). “How to downgrade from Android 12 Beta to Android 11 on Google Pixel [Video]”. 9to5Google. Retrieved 2021-09-28.

External links[edit]