I NEED A BETA TESTER TO TRY THE EXPLOIT OUT. YOU MUST BE ON A LOCKED BOOTLOADER WITH THE 33R BUILD INSTALLED. IF INTERESTED, PLEASE PM ME.
A friendly reminder: THIS. IS. DANGEROUS. I am NOT responsible if your OPO bricks! I recommend backing up your pictures/music/porn/etc. before you do this! If you brick your OPO, though, I may be able to help. This guide is not for newbs/the faint of heart.
I take no credit for this exploit. Big shoutout to ifg over at XDA for finding this. I'm just writing it in simpler terms. Original thread: http://forum.xda-developers.com/oneplus-one/general/guide-unlock-bootloader-wiping-data-t2862593
Hey everyone!
Some of you are upset that the unlocked bootloader vulnerability from 25R is patched up in the latest updates. Well not to worry, since a guy over at XDA found another vulnerability. So, here we go. You must have a functioning ADB/Fastboot environment. No, I will not tell you how to set them up. So, here we go:
1) Download these two files:
https://www.androidfilehost.com/?fid=23578570567714588
http://forum.xda-developers.com/attachment.php?attachmentid=2859187&d=1405749374 [it's towards the bottom, should be called [OnePlusOne-BootUnlocker.zip"] (big thanks to @sukanta.hazra for posting the exploit 
)
and place them on your OPO's storage. Also, download this file:
[EXPLOIT AVAILABLE LATER ]
and unzip it somewhere, like your desktop. These are the exploit tools you will need.
2) Go into 'Settings > About Phone' and tap on the 'Build Number' repeatedly. You should have now enabled developer options.
3) In 'Settings > Developer Options', enable the 'Advanced reboot' option, and disable the 'Update CM recovery' option. Now, hold down your power button, click on 'Reboot', and then 'Recovery'.
4) Flash the 'cm-11.0-XNPH25R-bacon-signed.zip' file from STOCK RECOVERY. After it is done flashing, DO NOT REBOOT BACK INTO ANDROID. Instead, hit the "reboot" option in recovery while holding the 'Volume Up' key.
5) You should now be in fastboot mode. Connect your OPO, and if necessary, let drivers install. While in fastboot mode, open up a command window where you unzipped the exploit tools, and enter the following command:
and press enter. You should see your OPO being registered as a device. If not, there's a problem with your drivers. If everything is okay, type the following command:
Code:
fastboot boot twrp-recovery.img
and press enter. Let your OPO do its thing, and you should now be booted into TWRP recovery.
6) Now that you're in TWRP, flash the OnePlusOne-BootUnlocker.zip. When that finishes up, go into TWRP's power/reboot menu, and tap on 'bootloader'. You should be back in the bootloader now.
7) Now, you need to open a command window in the unzipped exploit folder (or just re-open the one from before if you didn't close it). You need to type in the following commands. Each new line is a different command. So, you just type one line at a time, and then press enter. You wait for the command to finish up, and then repeat. So, here we go:
Code:
fastboot flash modem NON-HLOS.bin
fastboot flash sbl1 sbl1.mbn
fastboot flash dbi sdi.mbn
fastboot flash aboot emmc_appsboot.mbn
fastboot flash rpm rpm.mbn
fastboot flash tz tz.mbn
fastboot flash LOGO logo.bin
fastboot flash system system.img
fastboot reboot
8) Your OPO should reboot, and you should boot up into your system, with your data intact, and your bootloader unlocked! You can now install a custom recovery, and root your device!
Last edited by a moderator: Sep 1, 2014
