Bootloader/Installation
In order to flash any third party system images to your device, it is essential to unlock the bootloader first.
Documented here are many different methods in order to do so.
WARNING!¶
- Unlocking your bootloader will wipe your device!
- Locking your bootloader on most newer devices will also wipe your device!
- Please backup all of your contacts, photos, files, apps, keys, etc. first!
Prerequisites¶
You are strongly encouraged to read, or at least skim, through the entire website. It has an abundance of information that will answer many questions and help set expectations of what is and is not provided. Failure to do so will only be a detriment to yourself and waste the time of others.
Research for information surrounding your specific device model.
It is strongly recommended to be running the latest factory images before switching, especially if relocking. However notably some devices must be running an old version to allow installation of alternative systems.
You'll need ADB access in order to attempt any of the methods below.
Run the below fastboot
commands at the bootloader menu (via key combination), not to be confused with fastbootd which is part of the recovery.
You must backup your device.
On your computer¶
- Arch Linux:
sudo pacman -S android-tools android-udev
- Fedora:
sudo dnf install android-tools
- Debian:
sudo apt install android-tools-adb android-tools-fastboot
- Linux: Download ADB from here and extract it
- macOS: Download ADB from here and extract it
- Windows: Download ADB from here and extract it
On your phone¶
- Open the 'Settings' app
- Navigate to the 'About' page
- Tap on the field labeled 'Build number' 7 times
- A toast should appear saying that developer mode has been enabled
- There should now be an screen in the 'Settings' app labeled 'Developer options'
- Under 'Developer options', enable 'Android debugging'
Fastboot¶
- Backup your device.
- Open the Phone app and type
*#*#2432546#*#*
, do not hit call - Enable 'Allow OEM unlocking' under 'Developer options' in Settings if available
- Did you backup your device?
- Reboot to the bootloader via key combination or
$ adb reboot bootloader
$ fastboot oem unlock
or$ fastboot flashing unlock
- Reboot the device, then reboot back to bootloader
- If 'AVB Key' (avb_pkmd.bin) is available:
$ fastboot erase avb_custom_key
$ fastboot flash avb_custom_key avb_pkmd-device.bin
- Reboot to the bootloader
- If fastboot.zip available:
$ fastboot update divested-version-date-dos-device-fastboot.zip
- If you receive a board mismatch and are absolutely sure you have the right file:
- First try: using
$ fastboot update --force [...].zip
- If that doesn't work: edit the android-info.txt file in the .zip file to match your board
- If recovery.img available:
$ fastboot flash recovery divested-version-date-dos-device-recovery.img
- Reboot to recovery (use volume buttons to navigate if on or key combination if off)
- If 'A/B Sync' (copy-partitions.zip) is available and NOT striked out:
$ adb sideload copy-partitions-device.zip
- Choose "Apply update", then "Apply from ADB", and
$ adb sideload divested-version-date-dos-device.zip
- While still in the recovery perform a factory reset
- Reboot into DivestOS. If it takes more than 10 minutes to boot something is wrong. Do not let it sit for more than 10 minutes!
- There are monthly updates. You MUST read the News page and backup your device before each update.
- Locking your bootloader with an incorrectly signed system image or on unsupported device can result in a permanent brick!
- Locking your bootloader may be irreversible on some devices, such as: bacon, oneplus2
- Do not attempt to lock your bootloader on an untested device unless you are absolutely OKAY with it potentially being destroyed!
- On A/B systems firmware in both slots must be in sync/latest! Or else next installed update might be unbootable, and potentially brick.
- Some devices must be locked with extreme caution, see: Fairphone 4
- After install of a properly signed system you must verify boot, verify functionality, verify update support, and verify the ability to factory reset.
- Reboot to the bootloader via key combination or
$ adb reboot bootloader
- AVB devices only, flash the custom key slot if you didn't earlier.
$ fastboot oem lock
or$ fastboot flashing lock
- It is recommended to keep 'Allow OEM unlocking' checked under 'Developer options' in Settings for recovery purposes (broken update, broken touchscreen, etc.).
Unlocking¶
Locking¶
WARNING!¶
Fastboot (LGE)¶
- Devices Supported: Select LGE Phones
- LGE has their own unlocking method, and prevents most devices from being unlocked.
- First check here to see if your device "qualifies"
- Create an LG Developer account
- Backup your device.
- Note down your IMEI (From original box or from Settings -> About -> Status)
- Reboot to the bootloader via key combination or
$ adb reboot bootloader
$ fastboot oem device-id
- Combine the two lines
- Paste it into the site along with the IMEI
- Click 'Confirm'
- Wait a few minutes for an email
- Save the unlock.bin from the email and keep it for future use
$ fastboot flash unlock unlock.bin
$ fastboot flash recovery divested-version-date-dos-device-recovery.img
- Reboot to recovery (use volume buttons to navigate if on or key combination if off)
- Choose "Apply update", then "Apply from ADB", and
$ adb sideload divested-version-date-dos-device.zip
- While still in the recovery perform a factory reset
- Reboot into DivestOS. If it takes more than 10 minutes to boot something is wrong. Do not let it sit for more than 10 minutes!
- There are monthly updates. You MUST read the News page and backup your device before each update.
Fastboot (Motorola)¶
- Devices Supported: Select Motorola Phones
- Motorola also has their own unlocking method, and prevents some devices from being unlocked.
- First check here to see if your device "qualifies"
- If it does, click the 'Unlock' link for your device
- Create a Motorola or Google account
- Backup your device.
- Reboot to the bootloader via key combination or
$ adb reboot bootloader
$ fastboot oem get_unlock_data
- Use the little tool on the site to format the above output
- Paste it into the field
- Click 'Request Unlock Key' and then 'I Agree'
- Wait a few minutes for an email
- Copy the code from the email and save it for future use
$ fastboot oem unlock [KEY FROM EMAIL]
$ fastboot flash recovery divested-version-date-dos-device-recovery.img
- Reboot to recovery (use volume buttons to navigate if on or key combination if off)
- Choose "Apply update", then "Apply from ADB", and
$ adb sideload divested-version-date-dos-device.zip
- While still in the recovery perform a factory reset
- Reboot into DivestOS. If it takes more than 10 minutes to boot something is wrong. Do not let it sit for more than 10 minutes!
- There are monthly updates. You MUST read the News page and backup your device before each update.
WARNING!¶
From here on all of the following methods can very easily and irreversibly destroy your device!
LG UP¶
- Devices Supported: Select LG devices
- This is not a bootloader unlock, but a way to get a custom recovery installed (which is good enough). It is easy, but can be tedious.
- Windows is required for this. KVM USB passthrough has been confirmed to work.
- [TO BE COMPLETED]
LG LAF¶
- Devices Supported: Select LG devices
- This is not a bootloader unlock, but a way to get a custom recovery installed (which is good enough). It is easy, but can be tedious.
- [TO BE COMPLETED]
Heimdall¶
- Devices Supported: Select Samsung devices
- [TO BE COMPLETED]
Bulk Mode¶
- Devices Supported: Kindle Fire HDX 7/8 2014 (apollo/thor)
- Credit/Source: @draxie
- This method is simple, but dangerous.
- This is not a bootloader unlock, but a way to get a custom recovery installed (which is good enough).
- Windows is required for this. KVM USB pass through has been confirmed to work
- Download dd from here
- Backup your device.
- Connect your device
> wmic partition where index=22 get diskindex
> wmic partition where (index=17 and numberofblocks=20480) get diskindex
> wmic partition where (index=5 and numberofblocks=4096) get diskindex
- The above 3 commands should all return the same DiskIndex
- Reboot to the bootloader via key combination or
$ adb reboot bootloader
> fastboot -i 0x1949 erase aboot
> fastboot -i 0x1949 reboot
> dd of=\\?\Device\Harddisk[DiskIndex]\Partition6 if=aboot_vuln.mbn
> dd of=\\?\Device\Harddisk[DiskIndex]\Partition18 if=twrp_cubed.img
- If you get the error "Error reading file: 87 The parameter is incorrect", ignore it
- Wait a few minutes
- Force the device off by holding the power button
- Reboot to recovery (use volume buttons to navigate if on or key combination if off)
- Choose "Apply update", then "Apply from ADB", and
$ adb sideload divested-version-date-dos-device.zip
- While still in the recovery perform a factory reset
- Reboot into DivestOS. If it takes more than 10 minutes to boot something is wrong. Do not let it sit for more than 10 minutes!
- There are monthly updates. You MUST read the News page and backup your device before each update.
Kernel Exploit¶
- This method works by first getting root, then overriding the recovery.
- This is not a bootloader unlock, but a way to get a custom recovery installed (which is good enough).
- Download the following apps: GingerBreak (CVE-2011-1823), Towelroot (CVE-2014-3153), croowt (CVE-2016-5195)
- Backup your device.
$ adb install *.apk
$ adb push recovery.img /sdcard/recovery.img
- Attempt to gain root using each app
$ adb shell
$$ su
$$ dd if=/sdcard/divested-version-date-dos-device-recovery.img of=/dev/block/bootdevice/by-name/recovery
- The output path in the above command may be different.
- Reboot to recovery (use volume buttons to navigate if on or key combination if off)
- Choose "Apply update", then "Apply from ADB", and
$ adb sideload divested-version-date-dos-device.zip
- While still in the recovery perform a factory reset
- Reboot into DivestOS. If it takes more than 10 minutes to boot something is wrong. Do not let it sit for more than 10 minutes!
- There are monthly updates. You MUST read the News page and backup your device before each update.