Develop Bugs

Increasing security in custom roms by re-locking bootloader

Hello, I am completely new so I apologize if this is the wrong place.
I wanted to be able to lock my bootloader but still use cyanogenmod, specifically, only allow roms that I have compiled myself and signed with my cert to work on my phone. I unpacked the stock recovery.img, and made the necessary changes to the ramdisk to replace the stock OnePlus key with my own. I then was then able to confirm that only my signed zips could be sideloaded, both official CM and OxygenOS zips failed - just as I wanted.
The issue is then that this only worked with an unlocked bootloader. When I locked it, the OP3 entered a boot cycle, with a strange graphical glitch appearing then the screen going black, again and again. I could then no longer boot to either recovery or cyanogenmod, nor could I unlock fastboot. This amazing guide got my phone working again.
I now have three questions. What prevented my phone booting after I locked it, how does the unbrick tool work, and is there anything I can alter, like certifications or hashes, lower down in the boot sequence to allow only my signed images to work (using the previous tool. I am unsure what QLoader is, some form of serial interface to the 820 to write to the storage chip?).
Thanks for any advice you can offer!

Update: I have unpacked boot.img provided in the unbrick tool. I cannot find any keys to modify in /res but I have found a file called "verify_keys". Does anyone know what I need to change in boot.img to allow my self-signed recovery and os to boot? Thanks

UPDATE 2:
From reading some Android notes it appears that instead of replacing the OEM key, you can also just use fastboot to flash keystores for self-signed recovery and roms. This still allows OEM signed images to run, but is certainly a step in the right direction. I have run into an issue with building a correct keystore. I can use keytool and import my previous certs, but "fastboot flash keystore examplename.keystore" fails. I saw "fastboot flash ssd keystore.dat" used, and it works with my current dot keystore file, but then after locking it fails to boot. I'm going to see how I can convert my .keystore to a .dat.

I've been meaning to ask this same question for a while now also, so I'm eager to see the response. I suspect the official OnePlus forums might be a good place to ask as well, since they are visited by engineers from OnePlus. For anyone else who's curious as to what's being discussed and better the understand the risks of an unlocked bootloader (and how to mitigate them), there's a brief article here as well as a paper.

It is always suggested that never re-lock the bootloader until there is valid reason to do it

JumboMan said:
It is always suggested that never re-lock the bootloader until there is valid reason to do it
Click to expand...
Click to collapse
Have you read any of the attached links in my last post? There are valid reasons for doing so.
Just to pose an oversimplified hypothetical, imagine going through immigration/customs in Saudi Arabia (or maybe even the U.S.) with a Android device that has an unlocked bootloader. The officer examines your possesions, then takes your laptop and phone into a back room. Your phone is powered down and encrypted so it's not like they can do anything, right? Wrong. They plug it into a forensics device and flash a surreptitious malware app onto /system before returning it back to you. Then, the next time you turn on your phone your encryption keys and all your data, all your communications are secretly transmitted. You never have a clue... With a locked bootloader and appropriate precautions, that would never be possible.

Update 3:
I am now following the official Android guide for creating a keystore. They show how to create a "keystore.img" not .dat, bu the error I got when trying "fastboot flash keystore ..." said something along the lines of the keystore not being a valid image. Hopefully this will work. After I get this working, I will move on to removing or damaging the OEM key, hence not even allowing OnePlus images to be sideloaded.

JumboMan said:
It is always suggested that never re-lock the bootloader until there is valid reason to do it
Click to expand...
Click to collapse
I do have a valid reason - security. An unlocked bootloader means any code can be flashed to my device. Even with encryption it is vulnerable to cold boot attacks, it makes it easier to bruteforce, and pulling encryption keys from memory.

chocol4te said:
I do have a valid reason - security. An unlocked bootloader means any code can be flashed to my device. Even with encryption it is vulnerable to cold boot attacks, it makes it easier to bruteforce, and pulling encryption keys from memory.
Click to expand...
Click to collapse
sir prefer not rooting and staying on stock ROM with locked bootloader.

emptyragnarok said:
sir prefer not rooting and staying on stock ROM with locked bootloader.
Click to expand...
Click to collapse
Look, I'm sorry, I don't need any more useless comments saying the solution to my problem is to not do anything like on every other forum I've tried. I am perfectly aware of how to lock the bootloader with a stock rom, but I don't want to use the stock rom. I want to use custom roms. From what I have done so far it appears to be possible, so don't tell me it's not, at least without a good reason.
In addition, the stock method isn't even the most secure the phone can be. OnePlus can still sign any code and run it on my device and hence requires my trust in a third party that I am unwilling to give. I only want my own code to run.

Update 4:
Using the unbrick utility, I have updated the MD5 partition with the checksums of my modified boot and recovery partitions. Unfortunately, I am now getting a checksum failed error, with both the MD5 and recovery partitions highlighted in red. So I was wrong about the checksum being compared with hashes in the MD5 partition. Does anyone know where the lowest level checksums are stored? Hopefully if I can change that, then locking the bootloader will be no issue.

chocol4te said:
Update 4:
Using the unbrick utility, I have updated the MD5 partition with the checksums of my modified boot and recovery partitions. Unfortunately, I am now getting a checksum failed error, with both the MD5 and recovery partitions highlighted in red. So I was wrong about the checksum being compared with hashes in the MD5 partition. Does anyone know where the lowest level checksums are stored? Hopefully if I can change that, then locking the bootloader will be no issue.
Click to expand...
Click to collapse
Bro I am not a prolike you but I understand your vision now,... and I am with you in that.... Open Source stuff and ANdroid as an Open source impify that only... We should have our custom code for locking and unlocking our bootloader so we can have the full control over our device.... If not and the guy that said that you can lock the bootloader with the stock rom didn't get that .. even with stock rom and recovery anyone can have the access of the phone by just unlocking the boot loader and that is simple. SO I GOT YOUR VISION AND I AM WITH YOU I WILL TRY TO UNDERSTAND THE LOCKING SYSTEM OF THE BOOT-LOADER AND I WILL TRY TO FIND THE LOCATION OF LOWER LEVEL CHECKSLUMS... WE will try and try untill we succeed.... I AM WITH YOU BRO!!!!!

indroider said:
Bro I am not a prolike you but I understand your vision now,... and I am with you in that.... Open Source stuff and ANdroid as an Open source impify that only... We should have our custom code for locking and unlocking our bootloader so we can have the full control over our device.... If not and the guy that said that you can lock the bootloader with the stock rom didn't get that .. even with stock rom and recovery anyone can have the access of the phone by just unlocking the boot loader and that is simple. SO I GOT YOUR VISION AND I AM WITH YOU I WILL TRY TO UNDERSTAND THE LOCKING SYSTEM OF THE BOOT-LOADER AND I WILL TRY TO FIND THE LOCATION OF LOWER LEVEL CHECKSLUMS... WE will try and try untill we succeed.... I AM WITH YOU BRO!!!!!
Click to expand...
Click to collapse
Thanks! I'm glad to hear it!

chocol4te said:
Thanks! I'm glad to hear it!
Click to expand...
Click to collapse
You're most welcome bro.

Did I just witness a major bro-down?

Awsome thread, I'd also like to put my OP3 in a state where only ROMs I signed my self will run...

Any further development??
Sent from my Pixel XL using XDA-Developers mobile app
---------- Post added at 05:42 PM ---------- Previous post was at 05:41 PM ----------
indieross said:
Did I just witness a major bro-down?
Click to expand...
Click to collapse
Whats a bro down?
Sent from my Pixel XL using XDA-Developers mobile app

indroider said:
Any further development??
Sent from my Pixel XL using XDA-Developers mobile app
---------- Post added at 05:42 PM ---------- Previous post was at 05:41 PM ----------
Whats a bro down?
Sent from my Pixel XL using XDA-Developers mobile app
Click to expand...
Click to collapse
Sorry, other stuff came up. I am still very interested in getting this to work, but I am really stuck if I can't understand why the MD5 verification error occurs when I use Loader to flash the modified images. I looked at CopperheadOS, and in their documentation they show how to re-lock the bootloader with a custom ROM. Here is the shell script they use to upload the OS.
Code:
fastboot flash bootloader bootloader-bullhead-bhz11f.img
fastboot reboot-bootloader
sleep 5
fastboot flash radio radio-bullhead-m8994f-2.6.33.2.14.img
fastboot reboot-bootloader
sleep 5
fastboot -w update image-bullhead-nbd90z.zip
As you can see they flash two images, boot loader and radio, then update the main ROM. Then apparently it boots fine and the bootloader is OEM locked inside the OS. This was for the Nexus 5X, but I want to find out if a similar process is possible on the OP3.
I may also begin work on porting CopperheadOS to the OnePlus 3. I know it sounds unrealistic, but since OnePlus released the binaries and kernels it should make it slightly easier.

chocol4te said:
Sorry, other stuff came up. I am still very interested in getting this to work, but I am really stuck if I can't understand why the MD5 verification error occurs when I use Loader to flash the modified images. I looked at CopperheadOS, and in their documentation they show how to re-lock the bootloader with a custom ROM. Here is the shell script they use to upload the OS.
As you can see they flash two images, boot loader and radio, then update the main ROM. Then apparently it boots fine and the bootloader is OEM locked inside the OS. This was for the Nexus 5X, but I want to find out if a similar process is possible on the OP3.
I may also begin work on porting CopperheadOS to the OnePlus 3. I know it sounds unrealistic, but since OnePlus released the binaries and kernels it should make it slightly easier.
Click to expand...
Click to collapse
Ok.. Great to hear... Let me if you need any help.. I m here

chocol4te said:
Sorry, other stuff came up. I am still very interested in getting this to work ... ...
I may also begin work on porting CopperheadOS to the OnePlus 3. I know it sounds unrealistic, but since OnePlus released the binaries and kernels it should make it slightly easier.
Click to expand...
Click to collapse
This sounds exactly like what I was looking for. Have you been able to progress? Do you think that the bootloader and the radio are somehow linked in the boot verification sequence?
---------- Post added at 05:51 AM ---------- Previous post was at 05:43 AM ----------
chocol4te said:
UPDATE 2:
From reading some Android notes it appears that instead of replacing the OEM key, you can also just use fastboot to flash keystores for self-signed recovery and roms. This still allows OEM signed images to run, but is certainly a step in the right direction. I have run into an issue with building a correct keystore. I can use keytool and import my previous certs, but "fastboot flash keystore examplename.keystore" fails. I saw "fastboot flash ssd keystore.dat" used, and it works with my current dot keystore file, but then after locking it fails to boot. I'm going to see how I can convert my .keystore to a .dat.
Click to expand...
Click to collapse
Have you read this: https://mjg59.dreamwidth.org/31765.html

Did I brick my device? :(

I was on 8.1 with Flash Kernel installed using images...I wanted to get back to stock...so unchecked OEM Unlocking in Developer Options, went to bootloader and locked bootloader using fastoboot flashing lock..and now I am getting "Can't find valid operating system. The device will not start". I can't unlock the bootloader now as I unchecked OEM unlocking in Developer Options and can't flash factory images also as it says Flashing is not allowed in Lock State, Did I brick the device?
Update: I have returned my device to Google and they processed a replacement

i am just curious, how were planning on flashing a rom with locked bootloader?

ram4ufriends said:
I was on 8.1 with Flash Kernel installed using images...I wanted to get back to stock...so unchecked OEM Unlocking in Developer Options, went to bootloader and locked bootloader using fastoboot flashing lock..and now I am getting "Can't find valid operating system. The device will not start". I can't unlock the bootloader now as I unchecked OEM unlocking in Developer Options and can't flash factory images also as it says Flashing is not allowed in Lock State, Did I brick the device?
Click to expand...
Click to collapse
Yea, I think you may have turned it into a fancy paperweight. Been there, done that. You should have waited to uncheck OEM unlocking until after you locked the bootloader, which wiped your phone. About the only thing I can suggest is to try and run Deuces script to see if you can rescue your device. Best of luck to you.
https://forum.xda-developers.com/pi...ol-deuces-bootloop-recovery-flashing-t3704761

ram4ufriends said:
I was on 8.1 with Flash Kernel installed using images...I wanted to get back to stock...so unchecked OEM Unlocking in Developer Options, went to bootloader and locked bootloader using fastoboot flashing lock..and now I am getting "Can't find valid operating system. The device will not start". I can't unlock the bootloader now as I unchecked OEM unlocking in Developer Options and can't flash factory images also as it says Flashing is not allowed in Lock State, Did I brick the device?
Click to expand...
Click to collapse
Sorry for your loss, but you indeed have a fancy paperweight.
However I wonder if there isnt the QCom USB mode or something like that that exist on older devices, where you can access the phone partitions at a lower level and then restore whatever partitions is broken.

Paradoxxx said:
Sorry for your loss, but you indeed have a fancy paperweight.
However I wonder if there isnt the QCom USB mode or something like that that exist on older devices, where you can access the phone partitions at a lower level and then restore whatever partitions is broken.
Click to expand...
Click to collapse
With the new partitioning no idea if it still works. But OP has nothing to loose anyway i guess.

gee2012 said:
With the new partitioning no idea if it still works. But OP has nothing to loose anyway i guess.
Click to expand...
Click to collapse
Yeah at that point... Not sure what is Google saying about that. Maybe RMA it ?
Saying something like that should work.
"I was using my device, and suddenly it froze and nothing responded. It suddenly rebooted and shown this error message."

gee2012 said:
With the new partitioning no idea if it still works. But OP has nothing to loose anyway i guess.
Click to expand...
Click to collapse
Sorry didn't get, What do you mean by OP has nothing to loose?

Badger50 said:
Yea, I think you may have turned it into a fancy paperweight. Been there, done that. You should have waited to uncheck OEM unlocking until after you locked the bootloader, which wiped your phone. About the only thing I can suggest is to try and run Deuces script to see if you can rescue your device. Best of luck to you.
https://forum.xda-developers.com/pi...ol-deuces-bootloop-recovery-flashing-t3704761
Click to expand...
Click to collapse
How did you recover your devices from that state earlier when you did the same thing?

ram4ufriends said:
Sorry didn't get, What do you mean by OP has nothing to loose?
Click to expand...
Click to collapse
since your phone is now essentially a brick, you can try just about anything without worry of bricking your phone.

ram4ufriends said:
I was on 8.1 with Flash Kernel installed using images...I wanted to get back to stock...so unchecked OEM Unlocking in Developer Options, went to bootloader and locked bootloader using fastoboot flashing lock..and now I am getting "Can't find valid operating system. The device will not start". I can't unlock the bootloader now as I unchecked OEM unlocking in Developer Options and can't flash factory images also as it says Flashing is not allowed in Lock State, Did I brick the device?
Click to expand...
Click to collapse
You cannot flash full images, but you can still flash OTAs... download the full OTA instead, and install (sideload) it from the stock recovery. Be sure to select the SAME build number you were on to begin with- eg. If you were on 8.1, use the 8.1 OTA. There will be a mode there for "Apply update from ADB". You put the phone into "sideload mode" and then send the OTA to the phone via adb. This will work regardless whether you have usb debugging enabled or not. Follow the directions given on the included link.

ram4ufriends said:
How did you recover your devices from that state earlier when you did the same thing?
Click to expand...
Click to collapse
I didn't. They are still paperweights sitting in a drawer!

I got the same message yesterday after doing... God knows what. I can't even remember what went wrong.
My first thought was to flash a factory image. But it didn't helped at first. Probably, because i was trying to flash another factory image and not the one that came as stock on my phone.
So if you don't remember, which image it was, try all of them Hopefully, you'll get your phone booted again.

My first reaction was, is this april fools day? Is this an xda style joke? unchecked oem unlock?

dontbeweakvato said:
My first reaction was, is this april fools day? Is this an xda style joke? unchecked oem unlock?
Click to expand...
Click to collapse
Meh...you know how it is bro....**it happens!

Call google and just tell them your device wont boot all of a sudden; they will probably ask you to factory restore in the recovery, say the phone wont get past the google image. They will RMA that boy for you. You totally bricked. For future reference if you unlock the bootloader, dont waste your time trying to lock it again. Should have just fastboot flashed a factory image in the bootloader and called it a day. Having a unlocked bootloader doesn't effect you in anyway negatively.

ArminasAnarion said:
Call google and just tell them your device wont boot all of a sudden; they will probably ask you to factory restore in the recovery, say the phone wont get past the google image. They will RMA that boy for you. You totally bricked. For future reference if you unlock the bootloader, dont waste your time trying to lock it again. Should have just fastboot flashed a factory image in the bootloader and called it a day. Having a unlocked bootloader doesn't effect you in anyway negatively.
Click to expand...
Click to collapse
Why is this Google's problem? This guy is at fault. Google shouldn't have to pay for it.
This is part of the reason these phones are so expensive.
Sent from my taimen using XDA Labs

mitchdickson said:
Why is this Google's problem? This guy is at fault. Google shouldn't have to pay for it.
This is part of the reason these phones are so expensive.
Sent from my taimen using XDA Labs
Click to expand...
Click to collapse
Well I never said it was the moral thing to do haha; but this guys best bet is to call Google and see if they will RMA it. They RMA'ed my Nexus 6p after the Android 7 twrp brick; and I told them my pone wouldn't boot anymore; they asked me to go to recovery and factory restore, I told them I couldn't boot into recovery and they RMA'ed it. It was my fault for the brick but they didn't care.

ArminasAnarion said:
Well I never said it was the moral thing to do haha; but this guys best bet is to call Google and see if they will RMA it. They RMA'ed my Nexus 6p after the Android 7 twrp brick; and I told them my pone wouldn't boot anymore; they asked me to go to recovery and factory restore, I told them I couldn't boot into recovery and they RMA'ed it. It was my fault for the brick but they didn't care.
Click to expand...
Click to collapse
Did you tell them it was your fault for the brick?
Sent from my taimen using XDA Labs

mitchdickson said:
Did you tell them it was your fault for the brick?
Sent from my taimen using XDA Labs
Click to expand...
Click to collapse
I told them I had an unlocked boot-loader and installed twrp. I had to send them back my old phone and they put a $500 hold on my account, once they received the device and determined the issue was real, they released the hold on my account. In that period of time they could have determined "Oh he bricked the device with twrp" lets charge him $500 for a new one, but they didn't. I mean whats wrong with calling Google and seeing if they will RMA it; sure the OP made a bad mistake but you have not because you ask not.

ArminasAnarion said:
I told them I had an unlocked boot-loader and installed twrp. I had to send them back my old phone and they put a $500 hold on my account, once they received the device and determined the issue was real, they released the hold on my account. In that period of time they could have determined "Oh he bricked the device with twrp" lets charge him $500 for a new one, but they didn't. I mean whats wrong with calling Google and seeing if they will RMA it; sure the OP made a bad mistake but you have not because you ask not.
Click to expand...
Click to collapse
What's wrong with it? You're telling him to call Google and say that for some reason, all the sudden his device won't boot.
This is why I don't fault Verizon for selling bootloader locked phones.
Sent from my taimen using XDA Labs

Downgrade to original 7.1.2

Hi,
Is it possible to downgrade to 7.1.2 and have my phone completely stock?
I mean like it was, no rooted or something else..
Now I have the latest oreo version from google.
Thanks

thanasisglt said:
Hi,
Is it possible to downgrade to 7.1.2 and have my phone completely stock?
I mean like it was, no rooted or something else..
Now I have the latest oreo version from google.
Thanks
Click to expand...
Click to collapse
Yes just flash latest 7.1 bullhead image and then relock bootloader and you will have your device like stock but why would you downgrade?!

Yes just flash latest 7.1 bullhead image and then relock bootloader and you will have your device like stock but why would you downgrade?!
Click to expand...
Click to collapse
My device is slower than 7.1.2 and also I don't like the layout.
Is there any guide how to do that?
Thanks

thanasisglt said:
My device is slower than 7.1.2 and also I don't like the layout.
Is there any guide how to do that?
Thanks
Click to expand...
Click to collapse
Sorry to answer hours after but I didn't got any notifications...
So, download,
platform tools : https://developer.android.com/studio/releases/platform-tools
Latest 7.1.2 build : https://dl.google.com/dl/android/aosp/bullhead-n2g48c-factory-45d442a2.zip
Then exctract the content of the 7.1.2 build in the platform tools folder then connect you smartphone to your PC in bootloader mode (vol down + power button).
Finally in the platform tools folder you will find a file named flashall.bat, simply execute it and you are done, your device will be on stock 7.1.2
PS: This guide was done assuming you know how to lock and unlock your bootloader if not...tell me ? (kidding happy to help ? ).

francos21 said:
Sorry to answer hours after but I didn't got any notifications...
So, download,
platform tools : https://developer.android.com/studio/releases/platform-tools
Latest 7.1.2 build : https://dl.google.com/dl/android/aosp/bullhead-n2g48c-factory-45d442a2.zip
Then exctract the content of the 7.1.2 build in the platform tools folder then connect you smartphone to your PC in bootloader mode (vol down + power button).
Finally in the platform tools folder you will find a file named flashall.bat, simply execute it and you are done, your device will be on stock 7.1.2
PS: This guide was done assuming you know how to lock and unlock your bootloader if not...tell me (kidding happy to help ? ).
Click to expand...
Click to collapse
Thanks a lot for the guidance!
Unfortunately, I don't know how to unlock and lock the bootloader. I 've never done this before and always had my device stock. Any advice would be helpful!
Thanks

thanasisglt said:
Any advice would be helpful!
Click to expand...
Click to collapse
Read the instructions.

thanasisglt said:
Thanks a lot for the guidance!
Unfortunately, I don't know how to unlock and lock the bootloader. I 've never done this before and always had my device stock. Any advice would be helpful!
Thanks
Click to expand...
Click to collapse
NOTE : unlocking bootloader will erase all your data!!!
NOTE 2 : If you lock your bootloader without the factory image flashed you will brick your device so no more usable!!!!! So personnaly I don't recommand you to do that because you don't need that to return on Android 7 it's just a "security" for your data.
NOTE 3 : read this guide too because it's more complete and what you are going to do is a bit risky(I speak for locking bootloader) , really! Don't want a message saying "you forgot this line, my device is lost ? ...".
So let's start fun things ?
Go in developer options and enable oem unlock and USB debugging.
Then reboot in bootloader mode and connect your device to your computer.
After that open the prompt command from the extracted platform tools folder by right clicking in this folder with the maj key down.
In this command windows write the following line:
fastboot oem unlock
Or .\fastboot oem unlock if your are on windows 10 (windows is blue instead of black).
When the bootloader is unlocked you can flash a custom recovery then instal a ROM/kernel or flash the factory image.
When you have flashed the factory image (stock ROM...) you can lock the bootloader with this line(same method)
fastboot oem lock (add .\ for windows 10).
Tell me if you need further help ? .

francos21 said:
NOTE : unlocking bootloader will erase all your data!!!
NOTE 2 : If you lock your bootloader without the factory image flashed you will brick your device so no more usable!!!!! So personnaly I don't recommand you to do that because you don't need that to return on Android 7 it's just a "security" for your data.
NOTE 3 : read this guide too because it's more complete and what you are going to do is a bit risky(I speak for locking bootloader) , really! Don't want a message saying "you forgot this line, my device is lost ...".
.
Click to expand...
Click to collapse
Thanks again!
I have to lock the bootloader if I downgrade because bank apps don't work if the device is not stock as far as I know..
other than that I don't mind to be unlocked and playing with custom roms..

thanasisglt said:
Thanks again!
I have to lock the bootloader if I downgrade because bank apps don't work if the device is not stock as far as I know..
other than that I don't mind to be unlocked and playing with custom roms..
Click to expand...
Click to collapse
That's actually not true, at least I think as I don't use bank apps that don't accept that my bank app is accepting root too ?
But seriously, from where did you catch the info?

francos21 said:
That's actually not true, at least I think as I don't use bank apps that don't accept that my bank app is accepting root too
But seriously, from where did you catch the info?
Click to expand...
Click to collapse
I have read comments from developers to advice users whose apps are not functional that the devices should not be rooted and generally should be stock.
Anyways..I will think it again if I continue to the procedure..
PS: I hate the layout of oreo..these white (like LG) squared app icons are simply terrible!

thanasisglt said:
I have read comments from developers to advice users whose apps are not functional that the devices should not be rooted and generally should be stock.
Anyways..I will think it again if I continue to the procedure..
PS: I hate the layout of oreo..these white (like LG) squared app icons are simply terrible!
Click to expand...
Click to collapse
Android layout can be changed easily and having latest Android security offer security and latest features and performances patchs, anyway it's your decision.

thanasisglt said:
I have read comments from developers to advice users whose apps are not functional that the devices should not be rooted and generally should be stock.
Anyways..I will think it again if I continue to the procedure..
PS: I hate the layout of oreo..these white (like LG) squared app icons are simply terrible!
Click to expand...
Click to collapse
Just keep in mind that unlocking the bootloader and flashing the original rom will NOT result in a rooted phone. If you do the this and relock the bootloader, then your phone will be in a totally stock NON ROOTED state. So any concerns that you have regarding root don't apply here.

I am still on 7.1.2 too because of the performance/lag issues in 8.1
... I never upgraded... Is it still really that bad in 8.1 ? Or better with latest patches?
Sent from my [device_name] using XDA-Developers Legacy app

_giwrgos_ said:
Just keep in mind that unlocking the bootloader and flashing the original rom will NOT result in a rooted phone. If you do the this and relock the bootloader, then your phone will be in a totally stock NON ROOTED state. So any concerns that you have regarding root don't apply here.
Click to expand...
Click to collapse
Hi,
my device got bootlooped. Warranty expired 20 days ago and the cost was too high to repair.
So, I followed an online tutorial, flashed my phone and came back to life.
The issue is that the bootloader is unlocked and I cannot use android pay (it says that the device is somehow altered)
Although banking apps work normally.
Is it ok to relock the bootloader?
(what if the device get bootloop again? / is it possible to brick my device? / could I use another way to bypass and activate android pay?)
Thanks

thanasisglt said:
Hi,
my device got bootlooped. Warranty expired 20 days ago and the cost was too high to repair.
So, I followed an online tutorial, flashed my phone and came back to life.
The issue is that the bootloader is unlocked and I cannot use android pay (it says that the device is somehow altered)
Although banking apps work normally.
Is it ok to relock the bootloader?
(what if the device get bootloop again? / is it possible to brick my device? / could I use another way to bypass and activate android pay?)
Thanks
Click to expand...
Click to collapse
Firstly let me tell you that I am assuming that you have flashed an official stock rom, if you didn't then just ignore what I am saying!
I never heard of anyone bricking the device just by locking the bootlader. The worst thing that can happen is to get a bootloop indeed, but if you just unlock the bootloader again then it should be fixed. Bricking the device just by locking the bootloader sounds totally impossible to me at least. I don't know if there is another way to bypass this and activate android pay but even if there is personally I will not have trusted it.

Moto G7 Play bootloader unlock issues - "bad key", not OTA, no way to roll back?

Moto G7 Play bootloader unlock issues - "bad key", not OTA, no way to roll back?
My plan was to unlock the bootloader before configuring the new phone - just in case I might need it later, then use the phone as out-of-box. I unlocked the bootloader for the new Moto G7 Play, following the official procedure via the Motorola Accounts page, resulting in:
- Fastboot page shows: "flashing unlocked"
- When booting up, I see a black page with the words "bad key", then the phone boots
- The updater sais that the phone is corrupt and no (OTA) updates can be done
- I could not try TWRP, as there is no TWRP for the G7 Play yet (so not sure if flashing would work)
My concerns now are that I will not be able to update the phone, and that the "bad key" issue might cause other problems.
So my plan would be to roll back and lock the phone again, to use it as out-of-box (not worrying about warranty loss that might already have happened - I did accept these terms). However, that does not work, too:
- Locking bootloader requires factory images, which are not available for the G7 Play
- Locking bootloader with fastboot OEM lock will not work without complete images
Any suggestions how bring the phone back to normal? I am disappointed by Motorola, as they officially offer the unlock procedure - which then does not produce the expected outcome, breaks updating, and provides no way to go back? Mind you, I did not apply any "hacks", nothing but the official Motorola unlocking steps.
Thanks for advice

I have the same problem and i cannot fix it.

I tried to get advice from Motorola support - but replies are very generic, referring to the bootloader unlock page (we obviously found that) or to the Motorola Forum (where the answer isn't). Will now just live with the unlocked phone and hope for the opportunity to OTA / update in a while

CoffeeMachineSwitch said:
- When booting up, I see a black page with the words "bad key", then the phone boots
- The updater sais that the phone is corrupt and no (OTA) updates can be done
Click to expand...
Click to collapse
Unlocking any Motorola bootloader will cause the bootscreen to display "Bad Key". This is normal. It is a warning that the bootloader has been unlocked and the phone may not be "safe". Once you root a Motorola phone, it will display "N/A" instead of "Bad Key". Again, this is normal behavior. There are image makers that can replace the "splash" image and "hide" the "N/A", but since this phone doesn't have TWRP yet, you'll have to live with it for now.
As far as not being able to receive OTA updates, I have no knowledge. In my opinion it shouldn't matter that the bootloader has been unlocked...only if you've modified or deleted system files. I've never worried about system updates as I've always rooted and run custom ROMs, or Xposed (which negates eligibility for OTA).

mn1968 said:
Unlocking any
As far as not being able to receive OTA updates, I have no knowledge. In my opinion it shouldn't matter that the bootloader has been unlocked...only if you've modified or deleted system files. I've never worried about system updates as I've always rooted and run custom ROMs, or Xposed (which negates eligibility for OTA).
Click to expand...
Click to collapse
Thanks for clarifying. And yes, learnt from Moto Support that OTA was disabled for 7 generation

CoffeeMachineSwitch said:
Thanks for clarifying. And yes, learnt from Moto Support that OTA was disabled for 7 generation
Click to expand...
Click to collapse
That would be an unfortunate change if true. Prior devices could be unlocked and still get OTA updates. They won't install if certain changes are made but still get notified of updates.

You still can install full ROM using fastboot commands and regain root by patching boot.img from updated ROM
I did it on both G6 and G7

Where did you get the ROM images from. I understand there are no officials?

CoffeeMachineSwitch said:
Where did you get the ROM images from. I understand there are no officials?
Click to expand...
Click to collapse
Have you tried the LMSA tool? It's a tool you download from Motorola. There is a discussion here about it. It has a rescue button with which, I understand that you can download stock images directly from Motorola, but I haven't used it myself.

umbrisle said:
Have you tried the LMSA tool? ....
Click to expand...
Click to collapse
Yes I have - the last time I tried, however, it said that it would not support the G7 (Play) and did not provide any images/ROMs

CoffeeMachineSwitch said:
Yes I have - the last time I tried, however, it said that it would not support the G7 (Play) and did not provide any images/ROMs
Click to expand...
Click to collapse
I was thinking of buying a G7 Play myself, but I am now leaning more towards a G6 Play, because there are more tools available like a working TWRP.

Should've read the thread here before i go buy g7 play, not my phone get softbricked.
Unblocked bootloader successfully following the official doc but failed to install magisk by copying the wrong build number of boot.img of OTA from here mirrors.lolinet.com/firmware/moto
now my g7 says
Code:
failed to load kernel, no Bootable A/B slot,
Failed to book Linux
falling back to fastboot.
I downloaded `RIVER_RETAIL_9.0_PPO29.80-61_cid50_subsidy-DEFAULT_regulatory-DEFAULT_CFC` which i think this is the right build number when i see error like
Code:
river/retail corrupted
(can't remember exactly, but it's RETAIL not RETUS)
and make my own version of fastboot command stemming from servicefile.xml, still with unlucky.
there is no recovery.img and google has limited resource to make g7 play back to stock orm, i'd like to see if community has any idea or i have to give it to moto to fix it.
========================update=================================
update: i finally get the correct stock ORM which is exactly matching my build number "XT1952-4_CHANNEL_AMZ_9.0_PPY29.105-36_cid50_subsidy-DEFAULT_regulatory-DEFAULT_CFC" i was an idiot thinking that mismatch one letter or two will be find, but turns out this is very strict, "second time rooting in my life".
not i has flash all of the original orm into my phone then fastboot reboot works, it give me the original error like
Android Recovery
motorola/channel_retail/channel9/PPY29.105-36/d7abeuser/release-keys
Use volum up/down and power
can't load Android system. Your data may be corrupt.
If you continue to get this message, you may need to perform a factory data
reset and erase all user data stored on this device
=====
Try again
Factory data reset
Click to expand...
Click to collapse
now i need to figure out what to do next
===============update=========
lol, turns out just press Factory data reset will bring the brick back to life!!!!!
just want to post my process for anyone having my issue.
the key point to find the correct build number

umbrisle said:
I was thinking of buying a G7 Play myself, but I am now leaning more towards a G6 Play, because there are more tools available like a working TWRP.
Click to expand...
Click to collapse
.
The G6 Play is really slow, at least the Boost one. I was kind of sorry I bought one to put on Sprint's free unlimited plan. At least Sprint unlocked it for me after 60 days.
Give the G7Play some time, it just came out.
As for you guys complaining of no updates once unlocked, it's not the only phone to require flashing the stock boot.img and relocking to get OTAs.

gedster314 said:
.
As for you guys complaining of no updates once unlocked, it's not the only phone to require flashing the stock boot.img and relocking to get OTAs.
Click to expand...
Click to collapse
Yeah, but there is inconsistency in Motorolas communication, they actively offer the option to unlock the bootloader (with T&C and all) incl. a link to a rollback feature. Which then does not work. So in a scenario where a developer buys the device because it actively offers this features, they dont get what they paid for. Mind you, we are not discussing hacking a device here or jailbraking - we are discussing features that Motorola actively promotes with a dedicated webpage.

wallace_mu said:
was an idiot thinking that mismatch one letter or two will be find, but turns out this is very strict
Click to expand...
Click to collapse
You completely missed the wrong code name "river" in RIVER_RETAIL_9.0_PPO29.80-61_cid50_subsidy-DEFAULT_regulatory-DEFAULT_CFC it is for another device, while "channel" is the right one

Where did you get the correct Rom from? Thanks

I don't own Moto G7 Play and can not confirm, however this one worked for wallace_mu
wallace_mu said:
XT1952-4_CHANNEL_AMZ_9.0_PPY29.105-36_cid50_subsidy-DEFAULT_regulatory-DEFAULT_CFC
Click to expand...
Click to collapse

I could successfully lock / unlock / lock the bootloader...
Unlock: fastboot oem unlock [CODE FROM MOTOROLA]
Lock it down:
* first I have to reflash the 'boot.img' from the correct firmware file - fastboot flash boot boot.img
* then I can lock the bootloader clean again with 'fastboot oem lock'. "bad key" is gone, SafetyNet test passed and OTA is working again.
Unlocking / locking again works by the way also. Maybe this will help?

realsine said:
I could successfully lock / unlock / lock the bootloader...
Unlock: fastboot oem unlock [CODE FROM MOTOROLA]
Lock it down:
* first I have to reflash the 'boot.img' from the correct firmware file - fastboot flash boot boot.img
* then I can lock the bootloader clean again with 'fastboot oem lock'. "bad key" is gone, SafetyNet test passed and OTA is working again.
Unlocking / locking again works by the way also. Maybe this will help?
Click to expand...
Click to collapse
yes it does! was waiting for this. 2 quick questions:
- will lock/unlock require factory reset / data loss?
- where to get the (official?) boot.img from (am always careful to flash img from the wild)
thanks!

CoffeeMachineSwitch said:
yes it does! was waiting for this. 2 quick questions:
- will lock/unlock require factory reset / data loss?
- where to get the (official?) boot.img from (am always careful to flash img from the wild)
thanks!
Click to expand...
Click to collapse
Hello,
I'm glad to read that I could help.
I have "my" image of 'https :// mirrors.lolinet.com/firmware/moto/channel/official/RETEU/'. There are also some others - just have a look. And please remove the spaces around '://'. I'm currently not allowed to post (external) links, so this way.
* Every 'LOCK' deletes all data and the system is "clean" again.
* The same applies (unfortunately) to EVERY 'UNLOCK'.
I don't care at the moment because I haven't set up my smartphone yet. But it's not nice.
Best regards

Question I'm very overwhelmed please help

The last time I rooted a phone was 3 years ago, in general whenever I try to root a phone I feel like the entire process has changed and im completely out of the loop.
All i want to do is make it so i can install f.lux and youtube vanced, how do I do this?
I know that I need to install magisk but apparently I also need to enable the bootloader whatever that means?
Sideload, flashing, caprip, boot-image, fastboot, TWRP: these words mean nothing to me, they serve to confuse and demean me.
Is there any resource for figuring out how to go from a new out-of-the-box moto g30 to one which lets me install youtube vanced? Usually I'd look up a tutorial but the only one I found was in spanish and I don't speak spanish.
Thanks for any help you can give.

First things first.
Android has Night Light built in and Youtube Vanced doesn't need root.
But, if you're still serious about rooting and installing magisk to make use of all of the really useful modules, you'll need:
An Unlocked Bootloader: Motorola's Own Guide
Keep in mind that unlocking the bootloader will wipe your phone and void its warranty, so be absolutely sure you want to do it and back up your files.
Then you'll need to manually patch a boot.img from your stock ROM (can be found here.) and flash it using ADB (Android Debug Bridge) using your PC.
I rooted mine within 3 days of owning it and have been enjoying it with no problems whatsoever ever since.
I used this guide as reference. If you have any questions you can always just message me here or on Telegram (@Kuntitled).

samjoebobtomted said:
The last time I rooted a phone was 3 years ago, in general whenever I try to root a phone I feel like the entire process has changed and im completely out of the loop.
All i want to do is make it so i can install f.lux and youtube vanced, how do I do this?
I know that I need to install magisk but apparently I also need to enable the bootloader whatever that means?
Click to expand...
Click to collapse
Bootloader is small program which runs before Android operating system running. Bootloader is first program to run so It is specific for board and processor. -RootJunky
Click to expand...
Click to collapse
Unlocking the bootloader
You can flash a custom system only if the bootloader allows it. Note, though, that the bootloader is locked by default. You can unlock the bootloader, but doing so deletes user data for privacy reasons. After unlocking, all data on the device is erased, that is, both private app data and shared data accessible over USB (including photos and movies). Before attempting to unlock the bootloader, back up any important files on the device. - https://source.android.com/setup/build/running
Click to expand...
Click to collapse
samjoebobtomted said:
Sideload,
Click to expand...
Click to collapse
Generally sideload means installing an app without the playstore.
samjoebobtomted said:
flashing,
Click to expand...
Click to collapse
Flashing usually refers to installing through fastboot mode or recovery
samjoebobtomted said:
caprip,
Click to expand...
Click to collapse
codename or development name for Moto G30
samjoebobtomted said:
boot-image
Click to expand...
Click to collapse
The boot.img is the fie that creates the boot partition
/boot​This is the boot partition of your Android device, as the name suggests. It includes the android kernel and the ramdisk. The device will not boot without this partition. Wiping this partition from recovery should only be done if absolutely required and once done, the device must NOT be rebooted before installing a new one, which can be done by installing a ROM that includes a /boot partition.
-RootJunky
Click to expand...
Click to collapse
samjoebobtomted said:
fastboot,
Click to expand...
Click to collapse
Fastboot refers to several things
Fastboot is the fastboot protocol to communicate with an Android device.
Fastboot.exe is the part of SDK Platform-Tools used to communicate with an Android device when it's in fastboot mode.
samjoebobtomted said:
TWRP:
Click to expand...
Click to collapse
Twrp is a Custom recovery,
The stock recovery has very limited functions,
a custom recovery has more options
/recovery​This is specially designed for backup. The recovery partition can be considered as an alternative boot partition, that lets the device boot into a recovery console for performing advanced recovery and maintenance operations on it. -RootJunky
Click to expand...
Click to collapse
samjoebobtomted said:
these words mean nothing to me, they serve to confuse and demean me.
Is there any resource for figuring out how to go from a new out-of-the-box moto g30 to one which lets me install youtube vanced? Usually I'd look up a tutorial but the only one I found was in spanish and I don't speak spanish.
Thanks for any help you can give.
Click to expand...
Click to collapse
I have general Moto rooting instructions here
[Guide] Root Motorola with Magisk (UnLocked Bootloader)(Non-TWRP method)
Root Motorola Devices with Magisk Note: This method has been working with most Moto Devices that the Bootloader can be UnLocked. If the Bootloader cannot be Unlocked this method will not work. Please only use this as a reference. If you require...
forum.xda-developers.com

Kuntitled said:
First things first.
Android has Night Light built in and Youtube Vanced doesn't need root.
Click to expand...
Click to collapse
Wait really I didn't even realize I didn't need a root for that lol.
Kuntitled said:
But, if you're still serious about rooting and installing magisk to make use of all of the really useful modules, you'll need:
An Unlocked Bootloader: Motorola's Own Guide
Keep in mind that unlocking the bootloader will wipe your phone and void its warranty, so be absolutely sure you want to do it and back up your files.
Then you'll need to manually patch a boot.img from your stock ROM (can be found here.) and flash it using ADB (Android Debug Bridge) using your PC.
I rooted mine within 3 days of owning it and have been enjoying it with no problems whatsoever ever since.
I used this guide as reference. If you have any questions you can always just message me here or on Telegram (@Kuntitled).
Click to expand...
Click to collapse
Hi thanks this really helped me get the grip of things haha.
I managed to unlock the bootloader but I'm a bit confused on what stock ROM you were referring to, the link you sent had a bunch of possibilities, I assume I need a reteu one since that's the name of my phone's software channel but there's a wide variety of them and the guide you sent seems to have their own ROM as well.
Either way thanks for all the help!

samjoebobtomted said:
Wait really I didn't even realize I didn't need a root for that lol.
Hi thanks this really helped me get the grip of things haha.
I managed to unlock the bootloader but I'm a bit confused on what stock ROM you were referring to, the link you sent had a bunch of possibilities, I assume I need a reteu one since that's the name of my phone's software channel but there's a wide variety of them and the guide you sent seems to have their own ROM as well.
Either way thanks for all the help!
Click to expand...
Click to collapse
You should check the Build Number under "About Phone" in settings, and match it what you find on that link i sent.