I recently found out that a locked device (aka a carrier lock) is actually locked in two very different ways.

  1. the sim lock, which prevents you from using a sim card from a different carrier. This usually has some sort of policy regarding how and when to unlock the device (for Verizon it is if the device goes for 60 days without connecting to the Verizon network, might also need to be fully paid off as well)

  2. Bootloader lock, this locks the bootloader and therefore disables any way of flashing anything (rom, root, etc) This is not something that will automatically be unlocked as far as I can tell and only the carrier can modify it. Most carriers seem to have the basic decency to unlock the device if you request it from their support, but be warned that there is no guarantee. What is guaranteed, is that Verizon will tell you to fuck right off and will never unlock your device.

The point of this post is to bring awareness to this issue, it is on me that I didn’t properly research this and just assumed that carrier lock means just a sim lock, but this sucked.

I bought a pixel 8 which was sim-unlocked but sadly, as I discovered, its bootloader was locked and the “oem unlock” option was grayed-out. This is because it was a Verizon model that was out of the network but still, a Verizon model…

As of right now there are no known exploits against this device / Android version, and so, there is no known way to bypass this.

I literally argued, begged, and threatened Verizon. And their official stand is that they don’t allow bootloader unlocks, they don’t have the ability to do them (A lie) and that it will degrade my experience (Idiots)

So I started doing anything I could think of. I tried old exploits that were patched (unsurprisingly they failed), I tried sideloading other versions of stock android (worked but didn’t affect the bootloader), I even setup mitm wifi hotspot that has a transparent tls inspection (see PolarProxy) but it seems that the OS does not trust any “user” CAs and so it tries to connect to android.googleapis.com, sees that the CA is not a system CA and aborts the bootloader check, which keeps it grayed-out. My idea was to spoof a valid response but apparently Android has good security practices (who knew)

Short of reversing the OS/Bootloader, it seems there is nothing to do.

So this is my warning to you, don’t buy carrier models, but if you do, make sure the oem unlock option works, but if you don’t, absolutely never buy a Verizon model.

ETA: I bought second-hand under the impression that it was an unlocked device, I thought that by checking sim compatibility I verified that it was, I was wrong.

  • Markaos
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 day ago

    As far as I know, bootloader locks are done by the manufaturer not by the provider.

    Verizon requires the phones they sell to NOT have the ability to unlock the bootloader. That’s why there are separate factory images for Verizon Pixels.