Oem unlock "input verify code"

I’ve put up the algorithm on my website so people don’t have to run perl locally :wink:

Full credit belongs to @_tmp!

https://public.z3ntu.xyz/FP3/verify-code.php

Funnily I didn’t have to change much from the original code because Perl and PHP seem to provide the same functions and the rest of the syntax is also more or less the same :slight_smile:

And now thinking about this, it would have probably been nicer to implement it as client-side JavaScript. Oh well.

19 Likes

nice. I noticed, it’s missing the length/validity checks for imei and serial number’s though, so if you ever do a javascript reimplementation, you might like to implement those, too :slight_smile:

Correct, I ignored them for now. Will implement that later though

4 Likes

It works for me. Thank you.

Add a length check now, I’ve also uploaded the script running on my server to gist as well: https://gist.github.com/z3ntu/9c09120bb44c6dd9fe163931a1478ea9

6 Likes

Just plain and simple: @_tmp, lots of THANKS! :slight_smile:
(works perfectly fine here as well)

3 Likes

Apparently Fairphone published their own How-To for unlocking the bootloader :smiley:

EDIT:
there are some concerns regarding the data which is transmitted to Fairphone: keep in mind that fairphone may save your device informations (IMEI & SN) and thus Fairphone knows wheter you unlocked your device or not (could be important in warranty claims!)
Alternatively, you can use this method :slight_smile:

8 Likes

I would untag the previous post as “solution”, and rather redirect any interested person to ✏ FP3: unlock the bootloader or to https://private.z3ntu.xyz/FP3/verify-code.php.

These are the facts:

  1. When FP3 was released, there was no need to enter any code to allow the bootloader to be unlocked
  2. In a successive update, this new screen was introduced by FP, and some reverse engineering was required to unlock the bootloader (the above cited guide was then posted by the community)
  3. Now, FP makes available its own tool to circumvent an annoying dialog box that they introduced themselves, instead of simply removing that dialog box in a successive update

I have not checked whether the IMEI and serial numbers are actually sent to FP servers when you use their tool or whether the decoding is done client side, it would be interesting to see. (Edit: it has been checked in a later post by justlurking that this data is indeed processed by a remote server) But I let you draw your conclusions.

If I brick my phone, I will consider myself the only responsible for it, and will not open a warranty case with FP. But if there is a hardware failure, I wish FP to respond for it, independently of whether I have at some point intended or not to unlock my bootloader.

Moreover, it is not FP’s business to know whether or not I have the intention to unlock my bootloader. Well, I really don’t know (yet) what the FP tool for getting the code for unlocking the bootloader actually does, but in order to keep on the safe side, I prefer the strategy suggested on the above cited links.

Edit: it seems that there are actually quite a few guarantee-unrelated good reasons for which FP might want to collect, or even might have to collect this data. But using an alternative method to get the unlocking code still does not hurt :yum:.

2 Likes

It was me who retagged the solution to the official Fairphone solution.
My rationale being … it is the official Fairphone solution to the topic at hand.

But I have no emotional attachment to this detail here.
I have added the official code generator link to ✏ FP3: unlock the bootloader, so anybody with the permission please feel free to retag the solution if you so choose.

I agree, that it is not FP’s business, if you want to unlock your bootloader.
They - obviously - might save a list of those phones, that they sebt unlock-codes for. (I bet, they do.)

On the other hand:
When reading the source-code of this FP homepage, line 23 reads:

  • data-error-disabled=“Unlocking the bootloader is disabled for this device. Sorry about that.”

So, it seems, there are phones, that can not be unlocked. Possibly those, they sold to companies as business-phones?
I have no idea, if the solution by @z3ntu enables unlocking for those phones as well? But you might be in trouble (with your company), if you unlock such a phone.

Well, alternatively, HolosericaCaligo could edit his/her post by adding a reminder to the links to the alternative way, so that anybody redirected directly to the solution could make his/her own choice.

@BertG: you are right, that could be the reason for FP to proceed in that way. I am not fully convinced FP necessarily keeps track of the devices that have potentially been unlocked, but since the whole process is not completely transparent but there is a transparent solution proposed instead, well, it looks fair that this solution should also appear here well visible.

It does send the IMEI and serial to fairphone; there is a POST call to

https://factory.fairphone.com/api/unlock-codes/qwerty/asdf

where “qwerty” is the IMEI and “asdf” is the serial.

Not sure what Fairphone is doing with this information; hopefully they’re using it to track interest in alternative OSes and to see if it’s worth investing resources.

6 Likes

Agreed. But on the other hand: if somebody is new to the community and just searching for the info how to unlock his FP3, would they rather enter the data to fairphone.com or to a totally unknown z3ntu.xyz? One needs to follow the community a while to find that z3ntu seems to be well-accepted member, whom the community trusts. So, from a security point of view it might be preferable to enter that data to a “official” site. Therefore, if that code is needed, I think it makes sense, that Fairphone offers a way to get it. But of course that doesn’t answer the question why the code is needed and what Fairphone does with the numbers.

3 Likes

Maybe they included the “input verify code” box due to legal reasons. As already posted in other topics they have to pay a fee for every device with an unlocked bootloader. Instead of paying this fee for all devices they could have implemented this verify code to pay for unlocked devices only. As each (official) unlock attempt requires entering the serial number and imei at their unlock website, they are able to track the state (locked/unlocked) of the bootloader.

4 Likes

Here it is …

Of course we would have less speculation with more official info, like we often would have :slight_smile: .

3 Likes

you’re totally right, I’d just edited my post.

3 Likes

Good we have a community here. I’ve done that for you. :wink:

It was not such a nice thing, because in JS you often miss some features, like even a simple MD5 implementation, (so good you did not try @z3ntu :wink:) but now it works. I even added/had to add some unit tests and compared the results with the Perl version. (The tests are always run in your browser console as “self-tests” at the start.)
Also if you have some other test strings (IMEI, serial number and resulting expected code) I can use for testing, feel free to provide that. :smiley:

To be sure, I’ve deployed it at three different places, so you can decide which code/website to trust :stuck_out_tongue_winking_eye:. (The best would be to just download the HTML file, verify that it does not do anything malicious locally and then open/use it.)

So here we are: In-Browser version of code generator (click on live version to use it directly in your browser)

1 Like

(some background information)

Here is how I “had to” debug (I actually did not have to, but you only know that afterwards) the script:

Anyway… I hope it works. :upside_down_face:

1 Like

Well this then means it would be good if people would not use FP website to unlock the bootloader, so FP does not have to pay useless fees… :innocent:

7 Likes

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.