Jolla recovery v0.3.1 unlockable

Bug Reports
#1

REPRODUCIBILITY: 100%

REGRESSION: Yes

DESCRIPTION:

To make a long story short, my lipstick crashed due to missing libEGL.so.1, which, after checks was supposed to be installed. This possibly signals either a filesystem issue or some package conficts. Whatever. Trying to reinstall the package failed due to failure of authentication with the jolla server, which is not nice…

Last resort, factory reset with recovery mode. Doing so, I am landing on a recovery menu which is not the one I used to have, so, somehow, a SailfishOS upgrade has changed this. I would like to personally congratulate the genius who designed the new recovery menu and software.

This is what happens:

 Jolla Recovery v0.3.1

Welcome to the recovery tool!
The available options are:

  1. Reset device to factory state
  2. Reboot device
  3. Bootloader unlock [Current state: locked]
  4. Shell
  5. Try btrfs recovery if your device is in bootloop
  6. Exit
    Type the number of the desired action and press [Enter]:
    1

ALL DATA WILL BE ERASED! Clears everything from the device and reverts the
software back to factory state. This means LOSING EVERYTHING you have added to
the device (e.g. updates, apps, accounts, contacts, photos and other media).
Are you really SURE? [y/N] y[CLEANUP] Starting cleanup!
[CLEANUP] Umounting top volume…
[CLEANUP] Deleting /mnt
[CLEANUP] Cleanup done.
Mounting /dev/mmcblk0p28 on /mnt

sh: unlock: unknown operand

Type your devicelock code and press [ENTER] key:
(please note that the typed numbers won’t be shown for security reasons)
[WARNING] Wrong code, try again (4 left)

etc…

As you can see, the recovery tools search for “unlock”, which seems to have been forgotten in the recovery firmware… Of course, even though I am entering the correct code, there is no way that the recovery program will go further. All usable options to fix the phone would require the unlocking to work.
I really have nothing more to say than, BRAVO to the World Champion Software Developer who designed the new recovery tool. You’re a genius man!

Well, that’s the end to my jolla 1 phone, which was working till yesterday perfectly. Unless someone knows a way to really flash the phone?

I am really not sure if I’ll buy ever again Sailfish OS, this started as a nice story and ended up with this kind of amateur-programming stunts :frowning:

Cheers,
Chris.

#2

Some update, I can still put the phone in fastboot mode, and I was almost ready to flash Sailfish images. But again, the bug having locked the bootloader prevents it:

./fastboot oem unlock
FAILED (remote: ‘access denied. need privilege!’)
fastboot: error: Command failed

./fastboot flash boot boot.img
Sending ‘boot’ (8808 KB) OKAY [ 0.553s]
Writing ‘boot’ FAILED (remote: ‘access denied. need privilege!’)
fastboot: error: Command failed

If anyone is having a hack to bypass this, I take advices.

#3

Hi there evtl. you can boot in recovery again, and hope that option 5 is working.
With the lockcode i can reproduce the same.
i put a security code to test an easy code 5 digits 11111 .
Then i rebooted in recovery and tested option 3 and 4. the script answered with wrong unlock code.
Very sad…
The Jolla1 i tested is on 3.4.0.24

#4

Not sure if it helps, but you original issue sounds like this problem:

https://forum.sailfishos.org/t/installing-and-uninstalling-hybris-mesa-packages-kills-device/2010/5

If you can somehow get the original libraries back on the device that may resurrect it.

Also I believe the recovery tools are largely shell scripts. perhaps you can fix the faulty script using shell mode and unlock then.

#5

Thanks Nephors, that is exactly what made me loose the GUI at first!

Unfortunately, I am good for good.

The Shell (menu 4) is accessible only after entering the device lock code, and since the unlocking crashes, I cannot even access the file system to fix it.
The phone seems to perform a part of the normal boot, without gui, but I do see 192.168.2.15 being activated. But, for things I do not explain, I don’t have the ssh daemon running behind, and a nmap -vv reveals nothing running on the network interface.

My only option now would be to find a security flaw in fastboot mode to force a reflash even though the bootloader is locked. Or hacking 192.168.2.15 somehow. Or finding an hardware hack after putting the phone into pieces :slight_smile: