install burp suite, bind proxy to port 8080 on all interfaces, also tick “support invisible proxying”, in “proxy” tab, turn on intercept - its needed for iptables to work
install CA certificate from burp suite on FP4 - its needed to decrypt traffic
Worked perfectly for me. I had the exact same issue with a replacement board that then couldn’t unlock. I’m working to follow up with FairPhone to see why their unlock policy is in place to begin with.
I have open ticket to fairphone support regarding this issue since 19.04.2023. Its been 2 weeks and I dont think this matter will be resolved in reasonable time(or at all).
They told me, that “non-working bootloader-unlocking after a motherboard replacement is a relatively unusual issue” - it doesnt look like this,
I asked them a few questions regarding logging of unlocked bootloaders, if they respond I will update this thread.
Given these cases happened in pretty rapid succession, my guess is a batch of IMEI and SNs didn’t get properly uploaded. Can you check to see if your old IMEI/SN combo still generates an unlock code? Mine did.
Ah okay. It looks like how the process works is that when you request an unlock code from Bootloader Unlocking Code for Fairphone 3 - Fairphone that gets stored in their server. After you hit the “Verify code” button, a GET request is sent to factory.fairphone.com/$IMEI/$SERIAL_NUM/$ENTERED_UNLOCK_CODE . The endpoint then checks whether $ENTERED_UNLOCK_CODE is equal to the code the server generated above. If there is no response the phone unlocks.
Interestingly enough factory.fairphone.com is not hosted along with the rest of the fairphone.com website. The IP address resolves as belonging to Quark VPN. Similarly the SSL cert is a “Let’s Encrypt” one rather than rather than the Sectigo cert used for fairphone.com. This is especially interesting as the Sectigo cert is valid for *.fairphone.com.
Drop a request to prevent it from reaching the server.
I am not sure what it is exactly, based on this description I think nothing gets back to original requester(behaves as if server would be offline for this request only)
My best guess is that the request will run into a timeout and then the client handles that however it was programmed to do. In case of the unlock procedure it seems to fall back to the (user-friendly) option of allowing the action.
I dont think its user friendly feature, its just a bug imo.
At this point I could modify this request to input known good data(like my old IMEI and SN) and server would allow me to unlock my property (its ridiculous btw)
system_ext/privapp/Settings.apk is the bit of code that does the check. The only thing that gets checked for is the response code from the server, so setting up a local HTTPS server (with cert that matches the domain) that just replies 200 OK to everything and adding a static entry on your router’s DNS pointing to factory.fairphone.comshould also work.
I agree with @rogal that this is not intended behavior, and the support person that I talked to seemed really surprised.
Hello all,
A lot has happened in the meantime. The service team has taken care of my case and worked internally with IT on my matter. Since this is probably a problem that does not occur frequently after the main board has been replaced, it took some time to find the cause. In the meantime, Fairphone has offered a complete replacement of the Fairphone4. As I urgently need the phone for work, the old Chinese one doesn’t really work anymore, I gratefully accepted the offer. Now the new Fairphone4 is on its way, including the screen protector. Thanks to the service team for this!
Since I am also very interested in the technical and organisational part of this matter, I entered the necessary data on the website (Unlook Bootloader) again today. And I received the Unlook code. So the problem of transferring the data from the repair (replacement mainboard) to the IT DB seems to have been solved. Unfortunately, I have to conclude that I was not patient enough, because 3 days ago the service department told me that the problem would be solved in 2-3 days and that I could receive my unloock coed from the website. Well, I hope other affected people can learn from my case, so I am writing this update here. As soon as the new phone is with me and I have received the Unlook code for it, I will report back here.
