I possibly have an easy way to unlock without factory resetting.
Thanks to @Ingo for checking that
Before explaining how it works, I would like to ask someone who has never been unlocked to get me a dump of the devinfo partition.
Run ./edl.py r devinfo devinfo.bin --loader=prog_emmc_firehose_8953_ddr.gpx && ./edl.py reset
Then plug the phone in, while holding both volume-buttons.
This should create a file devinfo.bin, which I would ask you to send me.
The following will unlock your device without requiring oem unlock and without forcing a factory-reset.
However since unlocking causes the decryption-keys to change wiping data is still necessary (as it can’t be decrypted anymore)
I’ve been able to see patterns and PINs by just glancing over shoulders. Same with passwords. I heard from a friend of a co employee cameras on Amsterdam CS can do it as well.
It did not work for me btw (though it does say unlocked). My device is now in a loop, and I got till Android recovery. Do you have the original devinfo locked for me?
I wouldn’t be surprised. I know about it before the attack on CCC. It just depends on the adversary though. A thief can easily watch over my shoulder. They cannot easily make a picture of my finger and fabricate a capacitive fingerprint.
A little update on this.
So this does unlock without forcing a factory-reset or without needing to enable oem unlocking.
However, since the decryption keys change due to the unlocking, data will be inaccessible and a manual wipe is required.
Would it be possible to not encrypt data in the first place?
Yes I know, definitely not recommended for production use, but for device testing and such …