[GUIDE] [30O/33R] How to Unlock the Bootloader without Losing Data

Thread Status:
Not open for further replies.
  1. Deactivated User
    Sep 1, 2014

    Deactivated User , Sep 1, 2014 :

    A friendly reminder: THIS. IS. DANGEROUS. I am NOT responsible if your OPO bricks! I recommend backing up your pictures/music/porn/etc. before you do this! If you brick your OPO, though, I may be able to help. This guide is not for newbs/the faint of heart.

    I take no credit for this exploit. Big shoutout to ifg over at XDA for finding this. I'm just writing it in simpler terms. Original thread: http://forum.xda-developers.com/oneplus-one/general/guide-unlock-bootloader-wiping-data-t2862593

    Hey everyone!

    Some of you are upset that the unlocked bootloader vulnerability from 25R is patched up in the latest updates. Well not to worry, since a guy over at XDA found another vulnerability. So, here we go.
    You must have a functioning ADB/Fastboot environment. No, I will not tell you how to set them up. So, here we go:

    1) Download these two files:


    http://forum.xda-developers.com/attachment.php?attachmentid=2859187&d=1405749374 [it's towards the bottom, should be called [OnePlusOne-BootUnlocker.zip"] (big thanks to @sukanta.hazra for posting the exploit :))

    and place them on your OPO's storage. Also, download this file:


    and unzip it somewhere, like your desktop. These are the exploit tools you will need.

    2) Go into 'Settings > About Phone' and tap on the 'Build Number' repeatedly. You should have now enabled developer options.

    3) In 'Settings > Developer Options', enable the 'Advanced reboot' option, and disable the 'Update CM recovery' option. Now, hold down your power button, click on 'Reboot', and then 'Recovery'.

    4) Flash the 'cm-11.0-XNPH25R-bacon-signed.zip' file from STOCK RECOVERY. After it is done flashing, DO NOT REBOOT BACK INTO ANDROID. Instead, hit the "reboot" option in recovery while holding the 'Volume Up' key.

    5) You should now be in fastboot mode. Connect your OPO, and if necessary, let drivers install. While in fastboot mode, open up a command window where you unzipped the exploit tools, and enter the following command:

    fastboot devices

    and press enter. You should see your OPO being registered as a device. If not, there's a problem with your drivers. If everything is okay, type the following command:

    fastboot boot twrp-recovery.img
    and press enter. Let your OPO do its thing, and you should now be booted into TWRP recovery.

    6) Now that you're in TWRP, flash the OnePlusOne-BootUnlocker.zip. When that finishes up, go into TWRP's power/reboot menu, and tap on 'bootloader'. You should be back in the bootloader now.

    7) Now, you need to open a command window in the unzipped exploit folder (or just re-open the one from before if you didn't close it). You need to type in the following commands. Each new line is a different command. So, you just type one line at a time, and then press enter. You wait for the command to finish up, and then repeat. So, here we go:

    fastboot flash modem NON-HLOS.bin
    fastboot flash sbl1 sbl1.mbn
    fastboot flash dbi sdi.mbn
    fastboot flash aboot emmc_appsboot.mbn
    fastboot flash rpm rpm.mbn
    fastboot flash tz tz.mbn
    fastboot flash LOGO logo.bin
    fastboot flash system system.img
    fastboot reboot
    8) Your OPO should reboot, and you should boot up into your system, with your data intact, and your bootloader unlocked! You can now install a custom recovery, and root your device!
    Last edited by a moderator: Sep 1, 2014

  2. Deactivated User
    Sep 1, 2014

    kp1234 and gusuraman like this.
  3. xf4d3
    Ice Cream Sandwich Sep 1, 2014

    Deactivated User and kp1234 like this.
  4. kp1234
    Community Veteran Sep 1, 2014

    kp1234 , Sep 1, 2014 :
    Knowing this forum, I bet some idiot is gonna try to follow your instructions without knowing anything and end up bricking their device.

    minecabla, A.S, bestlands and 7 others like this.
  5. Deactivated User
    Sep 1, 2014

    Deactivated User , Sep 1, 2014 :
    I know. Hopefully, they read the big, bright, bold, red disclaimer at the top. Also, we know how to unbrick the OPO, but all of your data is lost. That's why it's so important to back everything up before you do something risky like this.

  6. Deactivated User
    Sep 1, 2014

    Deactivated User , Sep 1, 2014 :
    Would anyone like to test the exploit first and see if it works? It would take way too long for me to flash back CM 11S and all of its proprietary partitions, lock my bootloader, back up my data, and get back to 33R.

  7. Deactivated User
    Sep 1, 2014

    Deactivated User , Sep 1, 2014 :
    Alrighty, the exploit is uploaded! But, I'd feel a lot more comfortable if someone tried it out first. I'll give you a shoutout in the OP....any takers?

    Oh, and should you brick, there's a way we can unbrick you, even if it's a hard brick.

  8. Vliger2002
    Gingerbread Sep 1, 2014

    Vliger2002 , Sep 1, 2014 :
    Does this method not work? Of course, there are some differences between the bootloaders of the One and Nexus devices, but the idea is similar.

    dam76 likes this.
  9. Deactivated User
    Sep 1, 2014

  10. Jeffr0
    Gingerbread Sep 7, 2014

    Jeffr0 , Sep 7, 2014 :
    I'll be getting mine next week, I can snap some pics and download some pron then try this all out to see. :)

  11. Aaahh
    Marshmallow Sep 7, 2014

    dam76 and Chugz like this.
  12. Jeffr0
    Gingerbread Sep 7, 2014

    Jeffr0 , Sep 7, 2014 :
    Really?! That sucks, thought this looked like a work around, don't have my one yet so it's all theoretical in my head till next week.

  13. jkbhso3
    Jelly Bean Sep 7, 2014

  14. Aaahh
    Marshmallow Sep 7, 2014

    Aaahh , Sep 7, 2014 :
    Yes, because of the tamper bit.
    let me find the xda thread

  15. Aaahh
    Marshmallow Sep 7, 2014

  16. Jeffr0
    Gingerbread Sep 7, 2014

    Jeffr0 , Sep 7, 2014 :
    I mean, you're flashing 25r without wiping first, then going straight into fast boot?

  17. Aaahh
    Marshmallow Sep 7, 2014

    Aaahh , Sep 7, 2014 :
    Okay, there is a way
    but you need to be on 25 first
    use the link i posted above, to set the values to true(unlocks)
    than update, it won't affect the bootloader values (i think) and it would be unlocked

    Jeffr0 likes this.
  18. Jeffr0
    Gingerbread Sep 7, 2014

  19. Jeffr0
    Gingerbread Sep 7, 2014

  20. Aaahh
    Marshmallow Sep 7, 2014

    Aaahh , Sep 7, 2014 :
    only if you were on 25 because i believe it was patched in 30