1. jcrutchvt2010's Avatar
    Hey all, I extracted a bunch of the fastboot OEM commands that are unique to blackberry. Most are blocked by authboot permissions but fwiw, here they are:

    the typical ones if you type fastboot --help I won't list all of those
    fastboot oem unlock-go
    fastboot oem unlock
    fastboot oem lock
    fastboot oem device-info preflash
    fastboot oem enable-charger-screen
    fastboot oem disable-charger-screen
    fastboot oem off-mode-charge
    fastboot oem select-display-panel
    fastboot oem bootlog
    fastboot oem getvar
    fastboot oem mmcinfo
    fastboot oem info
    fastboot oem securewipe - (this tries to run if you run the autoloader but gives feedback that device is in user-wipe mode so it doesn't do a full wipe. It is looking for GRS wipe mode to do the full wipe. Don't know if we can ever get to GRS wipe)

    fastboot oem blocklist-wipe
    fastboot oem grswipe
    fastboot oem enable-usb-reset - working
    fastboot oem enable-usb-shutdown - working
    fastboot oem led
    fastboot oem setled
    fastboot oem setprd
    fastboot oem clear-anti-theft
    fastboot oem format
    fastboot oem gptinfo
    fastboot oem set-factory-mode (this would enable a lot but authboot permissions deny it. You can notice in bootloader screen that you are always in product mode.
    in /system/bin there is something called mfgUtil that won't run unless you are in factory mode.)

    fastboot oem set-product-mode
    fastboot oem erase-ddr-training-primary - working but I don't know what it does
    fastboot oem erase-ddr-training-backup
    fastboot oem getvarp:
    fastboot oem read:
    fastboot oem mmchealth
    fastboot oem console
    fastboot oem clear-lal
    fastboot oem bide-storage-wipe

    Try these at your own risk. In system/bin there are a couple of tools that look interesting such as mfgUtil that ask for factory mode and vendor_cmd_tool (i have a list of those commands too but won't be able to even try to use them without being able to use that tool and being able to use that tool will most likely require root at minimum.

    Also if anyone is able to successfully enter diagnostic mode somehow let me know I've been trying unsuccessfully for awhile. If you power off the device then hold the volume up and down buttons, plug in the usb port until you see the solid green light come on and a blank screen. This is allegedly supposed to open the diagnostic port but I haven't found the right drivers for the com port to be installed. RIM serial port gets recognized if you install the older RIM drivers but doesn't let you use QXDM or any other diagnostic tool on Keyone. According to some code I dug into from system dumps, diag usb mode is active on charging only but I can't enter bootloader/fastboot without it appearing to be in MTP mode (which blocks diag mode).

    Let me know if anyone has tried any of these or has any thoughts around reverse-engineering authboot. I've dumped and rebuilt signed images of recovery, emmc_appsboot.mbn, boot.img, and sbl1_signed but haven't had luck getting booted yet. For information on the general idea of reverse engineering aboot, some interesting reading below:

    Reverse Engineering Android's Aboot
    Uzi and coffee-turtle like this.
    07-10-17 10:35 AM
  2. Uzi's Avatar
    Is there a chance to root it?
    07-10-17 10:43 AM
  3. jcrutchvt2010's Avatar
    Possible though unlikely. I've spent a significant amount of time looking into that and bootloader and will continue to. Digging through IDA pro recently and there are some promising signs. It just takes time for someone like me who is fairly new to these type builds to sift through everything. Will keep you posted.
    Uzi likes this.
    07-10-17 11:13 AM
  4. jcrutchvt2010's Avatar
    Also, fwiw, you can boot into secondary bootloader if the device is off and and you hold down power and volume up. Random but there you go.
    07-10-17 11:14 AM
  5. anon(870071)'s Avatar
    do we have to "root" the device!?
    07-10-17 12:27 PM
  6. moonflyer's Avatar
    Also, fwiw, you can boot into secondary bootloader if the device is off and and you hold down power and volume up. Random but there you go.
    Yes, you can. I see there a broken android robot with an exclamation sign.
    03-07-19 08:04 AM
  7. Smokeaire's Avatar
    Is there a chance to root it?
    Nope. BlackBerry phones can't be rooted.
    03-07-19 08:13 AM
  8. RLeeSimon's Avatar
    but he/she who succeeds will have a gold star CV entry...
    03-07-19 04:18 PM
  9. Smokeaire's Avatar
    but he/she who succeeds will have a gold star CV entry...
    If it were to ever happen, and many have tried and failed, he/she who accomplishes this will then be able to walk on water and raise the dead. In other words it won't happen because of BlackBerry Hardware Root of Trust. See screen shot, and do your own research.
    03-10-19 07:06 AM

Similar Threads

  1. Please help me fix this issue with calling and the screen sleeping!
    By cmykink in forum BlackBerry Mobile Support
    Replies: 11
    Last Post: 12-01-17, 02:26 AM
  2. list here overheating apps known
    By charogne in forum BlackBerry Priv
    Replies: 46
    Last Post: 08-01-17, 07:11 PM
  3. Replies: 1
    Last Post: 07-10-17, 08:56 AM
  4. Replies: 1
    Last Post: 07-10-17, 05:58 AM
  5. Wondering about LTE bands and Freedom Mobile
    By curves2000 in forum General BlackBerry Discussion
    Replies: 1
    Last Post: 07-10-17, 05:23 AM