Bootloader/Installation

In order to flash any third party system images to your device, it is essential to unlock the bootloader first.
Documented here are many different methods in order to do so.

WARNING!¶

  • Unlocking your bootloader will wipe your device!
  • Locking your bootloader on most newer (2016) devices will also wipe your device!
  • Please backup all of your contacts, photos, files, apps, keys, etc. first!

Prerequisites¶

You are strongly encouraged to read, or at least skim, through the entire website. It has an abundance of information that will answer many questions and help set expectations of what is and is not provided. Failure to do so will only be a detriment to yourself and waste the time of others.

Research for information surrounding your specific device model.
It is strongly recommended to be running the latest factory images before switching, especially if relocking. However notably some devices must be running an old version to allow installation of alternative systems.

Run the below fastboot commands at the bootloader menu (via key combination), not to be confused with fastbootd which is part of the recovery.

You must backup your device.

On your computer¶

  • Arch Linux: sudo pacman -S android-tools android-udev
  • Fedora: sudo dnf install android-tools
  • Debian (severely outdated): sudo apt install android-tools-adb android-tools-fastboot
  • Linux:
    1. curl -O https://dl.google.com/android/repository/platform-tools_r33.0.3-linux.zip
    2. echo 'ab885c20f1a9cb528eb145b9208f53540efa3d26258ac3ce4363570a0846f8f7 platform-tools_r33.0.3-linux.zip' | sha256sum -c
    3. bsdtar xvf platform-tools_r33.0.3-linux.zip
  • macOS:
    1. curl -O https://dl.google.com/android/repository/platform-tools_r33.0.3-darwin.zip
    2. echo 'SHA256 (platform-tools_r33.0.3-darwin.zip) = 84acbbd2b2ccef159ae3e6f83137e44ad18388ff3cc66bb057c87d761744e595' | shasum -c
    3. tar xvf platform-tools_r33.0.3-darwin.zip
  • Windows:
    1. curl -O https://dl.google.com/android/repository/platform-tools_r33.0.3-windows.zip
    2. (Get-FileHash platform-tools_r33.0.3-windows.zip).hash -eq "1e59afd40a74c5c0eab0a9fad3f0faf8a674267106e0b19921be9f67081808c2"
    3. tar xvf platform-tools_r33.0.3-windows.zip
  • Credit to GrapheneOS for the above commands to download and verify the platform tools.

On your phone¶

  1. These steps are only necessary for devices that don't use fastboot-based install methods!
  2. Open the 'Settings' app
  3. Navigate to the 'About' page
  4. Tap on the field labeled 'Build number' 7 times
  5. A toast should appear saying that developer mode has been enabled
  6. There should now be an screen in the 'Settings' app labeled 'Developer options'
  7. Under 'Developer options', enable 'Android debugging'

Fastboot (generic)¶

    Unlock & Install¶

    Device specific steps are available via the "Install Method" link on the Device Downloads page.

    1. Backup your device.
    2. Open the Phone app and type *#*#2432546#*#*, do not hit call
    3. Enable 'Allow OEM unlocking' under 'Developer options' in Settings if available
    4. Did you backup your device?
    5. Reboot to the bootloader via key combination or $ adb reboot bootloader
    6. $ fastboot oem unlock or $ fastboot flashing unlock
    7. Reboot the device, then reboot back to bootloader
    8. If 'AVB Key' (avb_pkmd.bin) is available:
      1. $ fastboot erase avb_custom_key
      2. $ fastboot flash avb_custom_key avb_pkmd-device.bin
      3. Reboot to the bootloader
    9. If fastboot.zip available: $ fastboot update divested-version-date-dos-device-fastboot.zip
      • If you receive a board mismatch and are absolutely sure you have the right file:
      • First try: using $ fastboot update --force [...].zip
      • If that doesn't work: edit the android-info.txt file in the .zip file to match your board
    10. If recovery.img available: $ fastboot flash recovery divested-version-date-dos-device-recovery.img
    11. Reboot to recovery (use volume buttons to navigate if on or key combination if off)
    12. If 'A/B Sync' (copy-partitions.zip) is available and NOT striked out: $ adb sideload copy-partitions-device.zip
    13. Choose "Apply update", then "Apply from ADB", and $ adb sideload divested-version-date-dos-device.zip
    14. While still in the recovery perform a factory reset
    15. Reboot into DivestOS. If it takes more than 10 minutes to boot then something is wrong. Do not let it sit for more than 10 minutes!
    16. There are monthly updates. You MUST read the News page and backup your device before each update.

    Re-locking¶

    WARNING!¶
    • Locking your bootloader with an incorrectly signed system image or on unsupported device can result in a permanent brick!
    • Locking your bootloader may be irreversible on some devices, such as: bacon, oneplus2
    • Do not attempt to lock your bootloader on an untested device unless you are absolutely OKAY with it potentially being destroyed!
    • On A/B systems firmware in both slots must be in sync/latest! Or else next installed update might be unbootable, and potentially brick.
    • Some devices must be locked with extreme caution, see: Fairphone 4
    1. After install of a properly signed system you must verify boot, verify functionality, verify update support, and verify the ability to factory reset.
    2. Reboot to the bootloader via key combination or $ adb reboot bootloader
    3. AVB devices only: flash the custom key slot if you didn't earlier.
    4. Ensure $ fastboot flashing get_unlock_ability is NOT zero, it MUST be one! Do NOT continue if zero!
    5. $ fastboot oem lock or $ fastboot flashing lock
    6. It is recommended to keep 'Allow OEM unlocking' checked under 'Developer options' in Settings for recovery purposes (broken update, broken touchscreen, etc.).

WARNING!¶

From here on all of the following methods can very easily and irreversibly destroy your device!

Heimdall¶

  • Devices Supported: Select Samsung devices
  • This is not a bootloader unlock, but a way to get a custom recovery installed.
    1. [TO BE COMPLETED]

LG UP¶

  • Devices Supported: Select LG devices
  • This is not a bootloader unlock, but a way to get a custom recovery installed.
    1. Windows is required for this. KVM USB passthrough has been confirmed to work.
    2. [TO BE COMPLETED]

LG LAF¶

  • Devices Supported: Select LG devices
  • This is not a bootloader unlock, but a way to get a custom recovery installed.
    1. [TO BE COMPLETED]

Bulk Mode¶

  • Devices Supported: Kindle Fire HDX 7/8 2014 (apollo/thor)
  • Credit/Source: @draxie
  • This is not a bootloader unlock, but a way to get a custom recovery installed.
    1. Windows is required for this. KVM USB passthrough has been confirmed to work
    2. Download dd from here
    3. Backup your device.
    4. Connect your device
    5. > wmic partition where index=22 get diskindex
    6. > wmic partition where (index=17 and numberofblocks=20480) get diskindex
    7. > wmic partition where (index=5 and numberofblocks=4096) get diskindex
    8. The above 3 commands should all return the same DiskIndex
    9. Reboot to the bootloader via key combination or $ adb reboot bootloader
    10. > fastboot -i 0x1949 erase aboot
    11. > fastboot -i 0x1949 reboot
    12. > dd of=\\?\Device\Harddisk[DiskIndex]\Partition6 if=aboot_vuln.mbn
    13. > dd of=\\?\Device\Harddisk[DiskIndex]\Partition18 if=divested-version-date-dos-device-recovery.img
    14. If you get the error "Error reading file: 87 The parameter is incorrect", ignore it
    15. Wait two minutes
    16. Force the device off by holding the power button
    17. Reboot to recovery (use volume buttons to navigate if on or key combination if off)
    18. Choose "Apply update", then "Apply from ADB", and $ adb sideload divested-version-date-dos-device.zip
    19. While still in the recovery perform a factory reset
    20. Reboot into DivestOS. If it takes more than 10 minutes to boot then something is wrong. Do not let it sit for more than 10 minutes!
    21. There are monthly updates. You MUST read the News page and backup your device before each update.

Kernel Exploit¶

  • This method works by first getting root, then overriding the recovery.
  • This is not a bootloader unlock, but a way to get a custom recovery installed.
    1. Download the following apps: GingerBreak (CVE-2011-1823), Towelroot (CVE-2014-3153), croowt (CVE-2016-5195)
    2. Backup your device.
    3. $ adb install *.apk
    4. $ adb push divested-version-date-dos-device-recovery.img /sdcard/recovery.img
    5. Attempt to gain root using each app
    6. $ adb shell
    7. $$ su
    8. $$ dd if=/sdcard/recovery.img of=/dev/block/bootdevice/by-name/recovery
    9. The output path in the above command may be different.
    10. Reboot to recovery (use volume buttons to navigate if on or key combination if off)
    11. Choose "Apply update", then "Apply from ADB", and $ adb sideload divested-version-date-dos-device.zip
    12. While still in the recovery perform a factory reset
    13. Reboot into DivestOS. If it takes more than 10 minutes to boot then something is wrong. Do not let it sit for more than 10 minutes!
    14. There are monthly updates. You MUST read the News page and backup your device before each update.