We're sorry, but it appears your attempt to unlock the bootloader on this device has failed. This could be caused by several factors including simple errors in the entry of the unlock token, problems with your device, or a lack of manufacturer support for the unlocking process. Please see the specific error code listed below, and try again if necessary.
Error Code: 160.
Error Reason: MID Not Allowed.
I'm just wondering why I am getting this problem. If someone could help me out to overcome this problem, I will be very happy.
Thanks,
Cori
Do you have the International One X or the AT&T One X?
Help.
I need help unlocking my bootloader, I can type adb devices while the device is powered on & my unique I.D number comes up in cmd, but whenever I boot into bootloader, the device doesn't come up in cmd what gives? All my drivers are up to date & installed correctly, though I get an MTP driver issue, could that be causing this? This is my second M8 (T-Mobile this time), first one was the dev edition s-off & converted to GPe.
You never said what command you used in the bootloader ?
It's :
Fastboot devices (not adb devices)
adb devices for adb wile phone is booted in OS
fastboot devices in fastboot/hboot mode
Oops never mind, another thing - I keep getting an error while trying to submit my code to HTC Dev after getting the identifier token.
EternalAndroid said:
Oops never mind, another thing - I keep getting an error while trying to submit my code to HTC Dev after getting the identifier token.
Click to expand...
Click to collapse
Please state the error if you would [emoji12]
After reading the opening post here, I get the impression that the code you get for the token is more an issue on your side(You messed up somewhere).
That being said, it doesn't help alot saying "I keep getting an error" but you don't tell us what the error is.
Taking a wild guess, it has to do with the actual token. Make sure you don't have any spaces in the selection of the code. Select it with the <<<<< >>>>> included. Do NOT include the <bootloader> parts next to it and again make sure there are NO spaces in the selection.
Comparison pictures of the code how it SHOULD and SHOULD NOT look.
If that is not your problem then give more information as to the error you're receiving. Doesn't help to phone an IT dept for help and you don't tell them what the problem is either, does it? Same here...
jball said:
Please state the error if you would [emoji12]
Click to expand...
Click to collapse
Sorry guys just frustrated & keep forgetting, "error reason token decryption fail (cannot generate result)."
But I think I figured out my issue, so my computer's internet is off right now & I'm trying to do all this from my N5. I'm typing the code on my phone, reading it letter for letter, number for number.
BerndM14 said:
After reading the opening post here, I get the impression that the code you get for the token is more an issue on your side(You messed up somewhere).
That being said, it doesn't help alot saying "I keep getting an error" but you don't tell us what the error is.
Taking a wild guess, it has to do with the actual token. Make sure you don't have any spaces in the selection of the code. Select it with the <<<<< >>>>> included. Do NOT include the <bootloader> parts next to it and again make sure there are NO spaces in the selection.
Comparison pictures of the code how it SHOULD and SHOULD NOT look.
If that is not your problem then give more information as to the error you're receiving. Doesn't help to phone an IT dept for help and you don't tell them what the problem is either, does it? Same here...
Click to expand...
Click to collapse
Oh wow I see
Copy the text to notepad. Copy it to your phone. Open it in your phone using any file manager. Copy and paste .
Hi!
I am currently working to get my G4 (H815T) unlocked, and although not officially supported by LG, I am looking to reverse engineer the unlock.bin files that one can get through developer.lge.com, also got in touch with Swedish support, whom actually got a so called specialist to try to obtain a file for me, so perhaps there is hope that I will get my hands on one! (prob not going to happen, but the guy is breaking internal rules to try to help me so possible)
Regardless of LG Sweeden, to get started with the reverse engineering project I need a unlock.bin file from a H815 (EU version) anyone on the forum willing to provide one?
jjbredesen said:
Hi!
I am currently working to get my G4 (H815T) unlocked, and although not officially supported by LG, I am looking to reverse engineer the unlock.bin files that one can get through developer.lge.com, also got in touch with Swedish support, whom actually got a so called specialist to try to obtain a file for me, so perhaps there is hope that I will get my hands on one! (prob not going to happen, but the guy is breaking internal rules to try to help me so possible)
Regardless of LG Sweeden, to get started with the reverse engineering project I need a unlock.bin file from a H815 (EU version) anyone on the forum willing to provide one?
Click to expand...
Click to collapse
Ensure that you read the following thread. Completely. Besides many important information you will also find unlock files and why you can't do anything with it:
https://forum.xda-developers.com/g4/help/unlock-technical-steps-to-make-unlocked-t3165391
If you still have interest to do something here let me know. Best is to use IRC. You can find me on freenode in the channel #Carbon-Fusion .
.
Sent from my LG-H815 using XDA Labs
steadfasterX said:
Ensure that you read the following thread. Completely. Besides many important information you will also find unlock files and why you can't do anything with it:
https://forum.xda-developers.com/g4/help/unlock-technical-steps-to-make-unlocked-t3165391
If you still have interest to do something here let me know. Best is to use IRC. You can find me on freenode in the channel #Carbon-Fusion .
.
Sent from my LG-H815 using XDA Labs
Click to expand...
Click to collapse
Ah, I see, was not aware that the community had a go at this...
So after reading the thread my understanding is basically that the unlock.bin is a standard action authorization token. Used in an OEM action authorization protocol.
So the unlock.bin would normally be generated with a action authorization nonce (It takes the form "::<8 bit action id>:<16 client random bytes>" with all fields hex encoded.) It looks like in this case LG has opted to use the Device ID and IMEI instead of the AAN.
The AAN would be signed to a OAK. (Override Authorization Key, basically it is a public key that is set in the device during manufacturing and that is used to validate action authorization tokens. It is stored as the OAK time-based authenticated EFI variable under the Fastboot GUID of 1ac80a82-4f0c-456b-9a99-debeb431fcc1. The content of this variable is the SHA256 sum of the OAK certificate., and as I understand the developers in the thread you linked to have been able to crack it.)
The AAT token (unlock.bin) should then be a PKCS #7 signed document, where the body takes the form "::<8 bit action id>:<16 client random bytes>:<16 auth agent random bytes>" with all fields hex encoded. The auth agent random bytes added when creating the authorization is to prevent an attacker from mounting an attack by supplying known plain-text values. (this fits perfectly with what we have seen when trying to read the unlock.bin files using HEX editors)
The token must contain all certificates required to validate the signature chain of the token.
The action authorization agent must verify that the nonce is exactly in the prescribed format. (LG website when requesting IMEI and Device ID)
The action authorization agent must verify that the action ID in nonce is a recognized value. (Valid IMEI and Device ID)
If possible, the action authorization agent should verify that the serial number of the G4 is valid. (So custom Device-ID's and IMEI's will not save us)
So what LG is doing here is a a OEM action authorization protocol, basically it is a simple challenge response where the device's Fastboot generates a nonce in this case they just use the Device ID and IMEI, then the OEM action authorization agent signs the nonce and approved action using its private override authorization key (OAK) to generate an authorization token, (this would be the developer.lge.com side of things and the private key is the one the developers in the thread need, but can't crack) and then the device's Fastboot validates the action authorization token (unlock.bin) and executes the action. (bootloader=unlocked)
Now we understand the policy, but even if we got the private key, when flashing a modified unlock.bin fastboot would need to validate that there is no extra data after parsing the token,verify that the signature's certificate chains to the OAK set at manufacturing, verify that all values in the token body have the prescribed values and verify that the value returned by the "oem get-action-nonce " command matches the value in the token body (IMEI and Device-ID)
So to my knowledge we have no chance to unlock the dam thing, that is unless we can find a backdoor to change the bootloader policy mask from state 0 to 1, then the signature enforcement chain described in the thread you linked too would be disabled, but I don't know how this could be done.
jjbredesen said:
...
Click to expand...
Click to collapse
Can you help me on manually verifying the chain?
I extracted all certs and all other parts which are possible. I can verify the certificate chain itself without problems (yes that one is easy) but I want to do the same steps the boot process takes to verify.. I want to use standard Linux commands or python code to do so if possible. Like verifying the digest it whatever is needed..
There is nothing I want to break here but the device needs to do these steps so it must be everything needed for this in the device itself.
I just want to do it manually. Could you guide me how?
.
Sent from my LG-H815 using XDA Labs
I am following the instructions from motorola-global-portal.custhelp.com/app/standalone/bootloader/unlock-your-device-a
I've downloaded Motorola drivers for Mac, as well as platform-tools. I am booting the phone to booloader but then a weird barcode shows up: imgur.com/a/8sT2lds
Any idea how to make progress from there? By the way my phone model is XT2029-2
Nycticorax said:
I am following the instructions from motorola-global-portal.custhelp.com/app/standalone/bootloader/unlock-your-device-a
I've downloaded Motorola drivers for Mac, as well as platform-tools. I am booting the phone to booloader but then a weird barcode shows up: imgur.com/a/8sT2lds
Any idea how to make progress from there? By the way my phone model is XT2029-2
Click to expand...
Click to collapse
Would like to know it too. Passed some days searching the web for a answer, and got none. The only thing I get when scanning the barcode is a number that AFAIK doesn't match any serial nor anything at all in the phone; just a number from what I can tell. Using fastboot oem get_unlock_data doens't work at all too, I just get a "command unknown" error returned from fastboot. Tried different drivers, none seemed to work, and the only ones that did, gave me the barcode and the fastboot error when trying to unlock. A very weird error, this one; fastboot devices work just fine, fastboot getvar all too, so it really doesn't seem like a fastboot or driver issue. My last try was this article (https://www.xda-developers.com/how-to-discover-hidden-fastboot-commands/) to see if I could get a list of the phones OEM commands and figure out how to unlock it. Tried to extract the bootloader from the firmware I downloaded online, using a tool I found on the forum, but no success until now. Will try to root the phone and extract it as it is shown in the tutorial to see if I can get more lucky. I saw somewhere that there's an app called sunshine that was used to unlock some older models, maybe you wanna try that too. I won't, because it's paid and I don't have the money to pay for it . Anyway, I'll try the bootloader extracting and see how that works, and depending on the output, maybe I'll post a tutorial here.
Def4lt_ said:
Would like to know it too. Passed some days searching the web for a answer, and got none. The only thing I get when scanning the barcode is a number that AFAIK doesn't match any serial nor anything at all in the phone; just a number from what I can tell. Using fastboot oem get_unlock_data doens't work at all too, I just get a "command unknown" error returned from fastboot. Tried different drivers, none seemed to work, and the only ones that did, gave me the barcode and the fastboot error when trying to unlock. A very weird error, this one; fastboot devices work just fine, fastboot getvar all too, so it really doesn't seem like a fastboot or driver issue. My last try was this article (https://www.xda-developers.com/how-to-discover-hidden-fastboot-commands/) to see if I could get a list of the phones OEM commands and figure out how to unlock it. Tried to extract the bootloader from the firmware I downloaded online, using a tool I found on the forum, but no success until now. Will try to root the phone and extract it as it is shown in the tutorial to see if I can get more lucky. I saw somewhere that there's an app called sunshine that was used to unlock some older models, maybe you wanna try that too. I won't, because it's paid and I don't have the money to pay for it . Anyway, I'll try the bootloader extracting and see how that works, and depending on the output, maybe I'll post a tutorial here.
Click to expand...
Click to collapse
Ok so after analysis the barcode just the IMEI associated with my SIM card's slot. (This phone has two SIM card slots.) Nothing interesting about it, I think.
Also it seems that Motorola does not support unlocking this bootloader as it does for other phones; in fact "motorola-global-portal.custhelp.com/app/standalone/bootloader/unlock-your-device-a" is just a hub for any phone listed at "support.motorola.com/us/en/solution/MS87215", and this one is not on the list. I am not aware of any way to unlock the bootloader in these circumstances.
Please let me / us know if you are more successful than me. For now I will consider this phone not rootable via this method.
PS: The furthest I've been: `fastboot oem get_unlock_data` returns a blank line as if the mobile was working. No error message or anything.
PPS: What do you mean by "extracting the bootloader"? What rooting method is extracting the bootloader part of?
The official list of devices that can be unlocked has never been complete.
Usually all moto models can be unlocked, except Carrier branded devices or those on Amazon software channel.
Those getting the barcode screen, is that from
Pressing the volume down button and power on, or
adb reboot bootloader
?
Sent from my ali using XDA Labs
Nycticorax said:
Ok so after analysis the barcode just the IMEI associated with my SIM card's slot. (This phone has two SIM card slots.) Nothing interesting about it, I think.
Also it seems that Motorola does not support unlocking this bootloader as it does for other phones; in fact "motorola-global-portal.custhelp.com/app/standalone/bootloader/unlock-your-device-a" is just a hub for any phone listed at "support.motorola.com/us/en/solution/MS87215", and this one is not on the list. I am not aware of any way to unlock the bootloader in these circumstances.
Please let me / us know if you are more successful than me. For now I will consider this phone not rootable via this method.
PS: The furthest I've been: `fastboot oem get_unlock_data` returns a blank line as if the mobile was working. No error message or anything.
PPS: What do you mean by "extracting the bootloader"? What rooting method is extracting the bootloader part of?
Click to expand...
Click to collapse
That's weird. My barcode number doesn't seem to match any numbers at all, serial, IMEI, nothing. I'll double check it to see if I have missed something. Never got this blank line, would be happy if you shared how you achieved it, maybe there could be some insight I can get from the process. Answering the question about the bootloader, the extraction isn't a part of a rooting method, it's only something I'm trying in order to get the list of oem fastboot commands of the phone. Those are manufacturer-specific, aren't listed anywhere, and differ from model to model. The method I'm using is the one from the article I pointed in my previous answer. Anyway, if it takes me anywhere, I'll bring an update about it with details.
---------- Post added at 23:36 ---------- Previous post was at 23:04 ----------
sd_shadow said:
The official list of devices that can be unlocked has never been complete.
Usually all moto models can be unlocked, except Carrier branded devices or those on Amazon software channel.
Those getting the barcode screen, is that from
Pressing the volume down button and power on, or
adb reboot bootloader
?
Sent from my ali using XDA Labs
Click to expand...
Click to collapse
The barcode is from entering the bootloader. Any method that gets you there shows it. At first I thought it was a driver-related bug, but after some experimentation it seems like whenever the device is recognized by fastboot, it shows this barcode; So it appears to be a bootloader-related thing (I never saw nothing like it, so just guessing for now). Also tried the method from the Motorola website, and I really wish it had worked as expected, but what it seems to me is that MediaTek devices are a pain in the ass in general for this kind of thing. The device doesn't recognizes the oem commands sent through fastboot as valid (And yes, OEM Unlocking is properly enabled under Developer Settings). Here's a screenshot from a powershell session showing the results of trying the commands. Notice how the device is correctly recognized by both adb and fastboot, only the unlocking commands doesn't work: https://pasteboard.co/JnW4cvK.png
sd_shadow said:
The official list of devices that can be unlocked has never been complete.
Usually all moto models can be unlocked, except Carrier branded devices or those on Amazon software channel.
Those getting the barcode screen, is that from
Pressing the volume down button and power on, or
adb reboot bootloader
?
Sent from my ali using XDA Labs
Click to expand...
Click to collapse
In my case the barcode shows up whenever I reach fastboot, whether via booting with [vol up + power] and then selecting fastboot, or via adb reboot bootloader. I've tried several barcode recognition apps and 2 out of 3 confirm it's my IMEI.
Nycticorax said:
In my case the barcode shows up whenever I reach fastboot, whether via booting with [vol up + power] and then selecting fastboot, or via adb reboot bootloader. I've tried several barcode recognition apps and 2 out of 3 confirm it's my IMEI.
Click to expand...
Click to collapse
Did you try
Code:
fastboot flashing unlock_critical
according to this thread... it is for e6 plus. May be it works with e6 play.
https://old.reddit.com/r/androidroot/comments/f6c5k5/unlock_bootloader_moto_e6_plus/fupyalw/
No,
Code:
fastboot flashing unlock critical
does not work. And no, we shouldn't assume that a method meant for the e6 plus works for the e6 play.
Phone in red state not able to change settings
I have struggled with the same problems as above. I am not able to get into the developer mode as I only have access to the recovery screen. Anybody who knows how to do that from the recovery screen - perhaps using terminal?
I have been able to enter into the phone by adb sideload filename.zip and the phone acknowledged connection, but the upload failed, probably due to I am not able to unlock the phone from the red state/Android Recovery. It is running bali-reteu/bali9/POAS29.550-81-1/
glensbo said:
I have struggled with the same problems as above. I am not able to get into the developer mode as I only have access to the recovery screen. Anybody who knows how to do that from the recovery screen - perhaps using terminal?
I have been able to enter into the phone by adb sideload filename.zip and the phone acknowledged connection, but the upload failed, probably due to I am not able to unlock the phone from the red state/Android Recovery. It is running bali-reteu/bali9/POAS29.550-81-1/
Click to expand...
Click to collapse
It is not clear to me what you did exactly. The step where we -- the others participants to this post and I -- are stuck is [2] here below:
boot to fastboot by running `adb reboot bootloader` from a command line on a connected and turned on device
get the OEM unlock code by doing `fastboot oem get_unlock_data` from a connected device under the fastboot interface
exchange the unlock code on the motorola support site and input that code to confirm bootloader unlock
glensbo said:
I have struggled with the same problems as above. I am not able to get into the developer mode as I only have access to the recovery screen. Anybody who knows how to do that from the recovery screen - perhaps using terminal?
I have been able to enter into the phone by adb sideload filename.zip and the phone acknowledged connection, but the upload failed, probably due to I am not able to unlock the phone from the red state/Android Recovery. It is running bali-reteu/bali9/POAS29.550-81-1/
Click to expand...
Click to collapse
Got a little further as the code:
#fastboot flash unlock_critical Filename.zip#
the phone replied - Transferring and Transmission OK .... time etc
But I got an error sadly to say:
Failed (remote: not allowed in locked state) so I'm back to basics as I cannot open the state from the recovery mode (as of yet)
glensbo said:
Got a little further as the code:
#fastboot flash unlock_critical Filename.zip#
the phone replied - Transferring and Transmission OK .... time etc
But I got an error sadly to say:
Failed (remote: not allowed in locked state) so I'm back to basics as I cannot open the state from the recovery mode (as of yet)
Click to expand...
Click to collapse
Okay, I would like to be positive and call that a progress but the whole point of steps (2-3) is to have it unlocked so that you can proceed to root to flashing it the way you're trying to.
So I am pretty pessimistic on that one. To me it looks like a case of a cheap phone a company has no real urge to make easy to unlock.
Nycticorax said:
It is not clear to me what you did exactly. The step where we -- the others participants to this post and I -- are stuck is [2] here below:
boot to fastboot by running `adb reboot bootloader` from a command line on a connected and turned on device
get the OEM unlock code by doing `fastboot oem get_unlock_data` from a connected device under the fastboot interface
exchange the unlock code on the motorola support site and input that code to confirm bootloader unlock
Click to expand...
Click to collapse
Sorry got carried away finding a group dealing with the same problem as I have. And not skimming but reading the text I can confirm that I am stuck at the same place. Sorry for the interruption. I will revert if/when I have something new.
glensbo said:
Sorry got carried away finding a group dealing with the same problem as I have. And not skimming but reading the text I can confirm that I am stuck at the same place. Sorry for the interruption. I will revert if/when I have something new.
Click to expand...
Click to collapse
It's okay. I hope one of us can find something useful. Let Root, the God of Hacks, send His best love waves to you guys
wow No Help
Biniesuschristos said:
wow No Help
Click to expand...
Click to collapse
Just curious do you know what software Channel your phone is on?
The software Channel might be listed in
Settings/ about phone.
Or try
Code:
fastboot getvar all
While in fastboot mode
ro.carrier = Software Channel
Sent from my ocean using XDA Labs
You didn't ask me but perhaps it might help you help us:
Code:
reteu
for me.
I'm don't actually know anything regarding rooting mobile devices but i'm going to post some of my experience thinking it might help someone who actually knows what to do.
I've been having the same issue while trying to unlock the bootloader.
As it seems all of the fastboot commands are working fine except the OEM ones which is strange considering that i'm sure i toggled the OEM Unlock on the dev. options, just like some members commented already.
Regarding the barcode it shows as soon as i connect the device via USB in Fastboot mode, and it shows up when i use "adb reboot bootloader" too, but it wasn't showing before i updated the USB Drives so i could find the device via "fasboot devices" (the phone wasn't showing before i did it).
pontiacus said:
I'm don't actually know anything regarding rooting mobile devices but i'm going to post some of my experience thinking it might help someone who actually knows what to do.
I've been having the same issue while trying to unlock the bootloader.
As it seems all of the fastboot commands are working fine except the OEM ones which is strange considering that i'm sure i toggled the OEM Unlock on the dev. options, just like some members commented already.
Regarding the barcode it shows as soon as i connect the device via USB in Fastboot mode, and it shows up when i use "adb reboot bootloader" too, but it wasn't showing before i updated the USB Drives so i could find the device via "fasboot devices" (the phone wasn't showing before i did it).
Click to expand...
Click to collapse
Windows 10?
Sent from my ocean using XDA Labs
@sd_shadow: Do you think it looks like a bootloader you could unlock?