FP4 - cant unlock bootloader after replacing motherboard

rogal · April 25, 2023, 5:09pm

Hello
My vol+ button broke after year of usage. I contacted support, I got my motherboard and “main body” thing replaced(at Gordon Electronics, btw. they screwed one screw at angle, so it stuck and then force closed back cover).
Now I want to unlock bootloader, but I cant, I get “The IMEI and/or serial number is incorrect. Please check for typos.” error message.
Support didnt really helped me with this matter yet - its been a week and 4 replies from them
Is this typical for new motherboards? Is there any workaround? Also - what was your experience with Gordon Electronics?

hirnsushi · April 25, 2023, 5:26pm

Did you check the sticker on the inside and compare the IMEI to the one you had before?
Since you have a new motherboard, you also have a new IMEI, and you might (probably) have a new S/N as well.

If you did try with your new IMEI it’s possible the database behind FP’s unlock code generator isn’t aware of your device for some reason.

yvmuell · April 25, 2023, 5:36pm

Maybe try with the old one (if not done so) who knows what Cordon really did

Cordon experience overall seems to be not so good however, most times you only read about the bad experience and those with good experience are quiet…

hirnsushi · April 25, 2023, 5:40pm

The old ones will probably produce a working code, but I don’t think you’d be able to unlock the phone with it.

The phone needs a wifi connection to get unlocked, so I’d imagine IMEI and S/N probably get checked, and those wouldn’t match.

But you are right, worth a try, maybe the system doesn’t actually check for that

rogal · April 25, 2023, 5:57pm

I just copied them from settings, they match sticker on the inside

My old IMEI and SN outputs code, but when I input it, “No such phone” toast is shown.
I created new request, I hope they will help me

I wonder if it could be possible to sniff traffic FP sends to server, intercept it and send fake “correct” signal.

hirnsushi · April 25, 2023, 6:06pm

Sounds like Cordon didn’t notify FP about the new IMEI + S/N or FP didn’t update their DB. Both cases wouldn’t surprise me

One would hope that data is encrypted, but I haven’t checked

They went from a unlock code that could be calculated (FP3) to one that’s stored online, so the system did get more sophisticated. To the detriment of us FP4 owners of course.

rogal · April 25, 2023, 10:16pm

So, basically I spent whole evening figuring this out.
I did it, guys!
Its possible to unlock bootloader offline on build FP4.SP25.B.058.20230318

tl;dr: just drop request to factory.fairphone.com

What I (over)did:

Summary

setup and start simple openvpn server(like How To Guide: Set Up & Configure OpenVPN Client/server VPN | OpenVPN)
connect to it from FP4
route traffic from openvpn to burp suite proxy

iptables -t nat -A PREROUTING -i tun0 -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING -i tun0 -p tcp --dport 443 -j REDIRECT --to-port 8080
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o enp3s0 -j MASQUERADE

install burp suite, bind proxy to port 8080 on all interfaces, also tick “support invisible proxying”, in “proxy” tab, turn on intercept
install CA certificate from burp suite on FP4
drop this request

weary911×441 37.7 KB
on FP4 click “allow”

Screenshot_20230425-2354071080×2340 205 KB

oli.sax · April 26, 2023, 7:04am

Hi @rogal !
I’m really happy you figured it out That opens a new way of unlocking bootloader for other FP4 users!

However I didn’t understood what you did with openvpn and burp… Are you asking the correct unlock code that is stored on the device, or are you somehow pretending you are the fairphone server to validate any random code?

EDIT: or are you pretending the factory.fairphone server is offline?

hirnsushi · April 26, 2023, 7:22am

Awesome work

So did I get this right, the payload isn’t encrypted, neither is the connection, and if you drop the request you don’t even need an unlock code

That really hasn’t gotten more sophisticated at all. Could this be a preparation for a day FP stops existing and people still should be able to unlock their phones?

mde · April 26, 2023, 10:09am

Interesting find! I’m just wondering if there would be some simpler ways to exploit this, but maybe I don’t yet understand what exactly happens there.
For example: What happens if you block lookup of the domain or respond with a different (local) IP? This would be far simpler than dropping the individual request.

Bob2023 · April 26, 2023, 4:33pm

I had the same problem. Since I couldn’t find anything in the settings, I contacted support. After a day of chatting, it was clear that the problem could not be solved by me. So I was allowed to send in the FP4. Now I have had it back since yesterday. It seems to work with the original operating system. But since I want to install an alternative OS, which FP recommends, the bootloader has to be unlocked with the IMEI and the serial number. The FP website no longer recognises my data from the phone and I cannot generate an unlock code. I wonder if this has something to do with the mainboard that FP says it replaced or with the website’s service for the code, which doesn’t always seem to work. Has anyone else here had this problem?

yvmuell · April 26, 2023, 4:35pm

Hi and welcome, moved your post here, maybe the above will help you else I think only support can help

Bob2023 · April 26, 2023, 4:55pm

Support is offline now and has a day off tomorrow Sitting here with my FP4 and can do nothing but waiting.
Anyway, thanks a lot for moving me here!!
Best
Bob2023

Lidwien · April 26, 2023, 5:51pm

In the Netherlands we celebrate the Kings birthday on April 27th.

anon9989719 · April 26, 2023, 6:28pm

Where on their site and what do they recommend? I thought they didn’t recommend only mentioned maybe e/OS?

rogal · April 26, 2023, 6:37pm

I didn’t understood what you did with openvpn and burp

openvpn - because i couldnt get this traffic to use simple proxy
burp suite - because I wanted to decrypt this traffic(thats why I had to install CA certificate from burp suite on my FP4)

I think dns server with “factory.fairphone.com” pointing to 127.0.0.1 could work too.
I will continue in new thread: Unlocking bootloader offline

Bob2023 · April 27, 2023, 6:11am

yes. I am looking for a google free OS.

Bob2023 · April 27, 2023, 6:12am

Congrats to all of you! Got it this morning in the news. Celebrate and enjoy!

Bob2023 · May 19, 2023, 9:50am

I’m coming back here today after about 5 weeks. Unfortunately, my new Fairphone 4 is still not ready for use.
Here it has already been reported that after the replacement of the motherboard two new IME numbers will be assigned with the phone. This is what happened with my phone.

Since I got it back, I am trying to get the unlock code for the botloader via the Fairphone service. completely unsuccessful, unfortunately. Three employees made a real effort to help me and apparently failed due to internal interfaces at Fairhone between departments in France and the Netherlands.

I am now frustrated and currently see no other solution than to complain about the phone as defect again and return it.

If I look at this process against the background of sustainability, I find it difficult to imagine that this phone can ever have a good balance.

rogal · May 19, 2023, 10:19am

check out this thread: Unlocking bootloader offline
I found a way to unlock bootloader without code