bootloader-unlock-wall-of-s.../README.md
2026-07-08 15:14:25 +02:00

8.4 KiB
Raw Permalink Blame History

Banner. A lock and a key on fire on the left and the text 'Bootloader Unlock: Wall of Shame' on the right.

Keeping track of companies that "care about your data 🥺"

Switch to Russian translation

Terrible License CC BY-NC-SA

mirrors

Do note issues, pull requests and discussions on Codeberg and tangled are not monitored. Please use GitHub for these.

Why?

Over the past few years, a suspicious number of companies have started to "take care of your data", aka block/strictly limit your ability to unlock the bootloader on your own devices.

While this may not affect you directly, it sets a bad precedent. You never know what will get the axe next: Shizuku? ADB?

They've already gone after sideloading.

I thought it might be a good idea to keep track of bad companies and workarounds.

If you know of specific details/unlocking methods, please PR them or drop them in the discussions

The list:

Caution

Reminder that no matter how nice a company is,
you should not trust them unless their unlock process is 100% offline!

🍅 Just terrible!

The following manufacturers have made it completely impossible to unlock their devices without a workaround.

Alcatel

Amazon

Apple

Asus

Cat

Coolpad

Doogee

Energizer

Huawei

Meizu

Panasonic

Samsung

Sharp

TCL/BlackBerry

Vivo/IQOO

Vsmart

Windows phones

Carrier Locked Devices

Note

Phone brands handle carrier locks differently, so check your device manual or contact support.

Carrier locked devices are the ones you get after making a commitment with a carrier of your choice. This is quite common in North America and (supposedly) allows you to save some money on your device.

As a rule, almost all carrier locked devices do not allow the bootloader to be unlocked. This usually makes sense, as it would allow you to completely bypass the contract. The problem is that many devices still do not allow you to unlock the bootloader even after the carrier lock has been lifted. For more details, see the carriers page.

Avoid at all costs!

The following manufacturers allow unlocking under certain conditions, such as region, model, SOC, etc., or require a sacrifice to unlock.

Hisense

HMD/Nokia

Honor

HTC

LG

Motorola/Lenovo/NEC

OPPO/Realme

Oukitel

Xiaomi/Redmi/POCO

ZTE/nubia/Redmagic

⚠️ Proceed with caution!

The following manufacturers require an online account and/or a waiting period before unlocking.

Fairphone

Google/Nexus

Infinix

itel

OnePlus

Sony

Tecno

"Safe for now" :trollface:

Blackview

Cubot

Micromax

Microsoft

Nothing

Shift

Teclast

Teracube

Ulefone

Umidigi

Volla

Misc info

Custom AVB Keys

Custom Android Verified Boot keys is a feature which allows you to run a custom OS with a locked bootloader.

It's rare to see a device which supports custom AVB keys, but some devices can be found here.

Universal SOC-based methods

Kirin

Kirin 620, 650, 655, 658, 659, 925, 935, 950, 960:
It's possible to unlock using testpoints and PotatoNV (Read the readme)

MediaTek

If you own a MediaTek device exploitable by mtkclient (fork old version) or Penumbra you can unlock the bootloader using that.
If it also happens to be an OPPO/Realme device and you need to access fastboot: lkpatcher (web version)

If bootloader unlocking doesn't work on an Oppo Mediatek device using the SECCFG mod (unlocking via mtkclient), you can try unlocking fastboot by writing a modified boot1 (preloader). Writing a preloader also uses mtckclient: oppo-mtk-fastboot-unlock.

Qualcomm

Snapdragon 8 Elite Gen 5

Patched in February/March 2026

On Snapdragon 8E5, Qualcomm introduced a vulnerability (CN) (POC) where the boot process would not perform signature verification for the Generic Bootloader, so with write access to the efisp partition it was possible to run arbitary code.

While the vulnerability itself is universal for the platform, it requires device/OEM specific tricks to get root and write the GBL. Some exist for Xiaomi devices.

Other

The general exploit:
alephsecurity.com the bootloader unlock section.

Unisoc

If you own a phone with the Unisoc UMS9620 or older you can use this (UMS9621 need this as exec address) to achieve temporary secure boot bypass and persistently unlock bootloader. This is valid for all devices except some devices with modified uboot which need this or this or this, note that the method used on all these three links is the same but implemented by different people and with possible differences, also by using this aside from bootloader unlock is possible to completely disable dm-verity by patching trustos partition which would allow booting of unsigned partitions.

If you own a phone with the Unisoc UMS312 UMS512 UD710,you can use this exploit to achieve persistently secure boot bypass, which means all firmwares including splloader,uboot can be modified and resigned.

Otherwise, you can also look into this: Spectrum_UnlockBL_Tool
This: xdaforums.com
Or this: subut