Hi,
I think we should start hacking the Bootloader now or should list all things we have to get rid of:
- Bootloader Signature Check
- maybe efuses!?
Regards
Actually, that was my first idea too. If we could get it to run gPXE or such we would have it cracked.
I also tried accessing the device in Bootloader and in recovery mode, but on linux I did not get any device offered so I also could not access it via console or such.
I guess getting console access for the bootloader would be the most awesome step.
Hi,
realy good idea.
But people does for milestone too.
But now way :-(
Which not mean, we couldn´t give it a try.
Have a look at this page:
https://www.droid-developers.org/wiki/Main_Page
There are the ways and helps, how moto encrypt the bootloader.
Its an RSA Key 1024.
To crack it, wouldn´t be easy.
I hope you are realy good hacker and have realy good knowligde about this kinds.
If i could help you, i will do it.
would realy nice if we could combine toghether over msn or icq to help each other.
A NEW HOPE ... )
Hi,
well thats pretty good
I will read me trough the Wiki
I guess we have to rent a Cloud e.g. at Amazon (EC2) and then we could use the Power of it to encrypt the Bootloader.
OK thats spoken easier as it is but would be one thing we could do.
Regards
the|gamer said:
I guess we have to rent a Cloud e.g. at Amazon (EC2) and then we could use the Power of it to encrypt the Bootloader.
OK thats spoken easier as it is but would be one thing we could do.
Click to expand...
Click to collapse
Sounds nice, but I guess with a 1024bit Key this would be a bit expensive.
What I don't understand is that for encryption is some public and some private key, right? So to check the signed bootloader the private key must be stored somewhere on the phone. That just sounds too easy...
Hi,
there ist also a Cloud Project called "MilestoneRSA" based on the Boinc Network, everyone can download the Client and can help decrypting the RSA Key...
So if the Keys are the same that would help us.
Regards
It's nice to have ideas and try new things, but sadly that BOINC project is not being realistic. I'll quote a comment from Reddit:
Assuming you can try 10^9 keys per second one one CPU (more or less one per two CPU cycles), and assuming you have 10^80 CPUs (one per every atom in universe), you'd need 10^55 years to have 1% chance of breaking that key by brute force. And our universe exists for ~1.5*10^10 years.
The only brute force viable here is breaking into Motorola by brute force and stealing the key.
Click to expand...
Click to collapse
i've a boinc client installed on my box. but i don't find the milestone-project.
let me know if you need my box for breaking the key.
regards
Hi,
I am sure that the Bootloader will be cracked, its just a matter of time
Regards
You realy think positiv
I guess we wont.
But we will find a nother chance.
What about a new bootloader?
Cant we make us a bootloader?
The bootloader is signd itself.
But what about make it public and chance some kinds in the firmware?
Cant we rewrite it?
What is the kind of hardware how check the bootloader?
Think about it
Hi,
I did not looked at the problem from that side
Thats a really good Idea, but writing a new Bootloader from scratch will be as difficult as cracking the existing.
Regards
Hi, i dont know.
But think,
we have got the bootloader image!
Why we can´t chance settings and flash it back?
where is the problem to flash this firmware?
There must be a small pice of hardware how doesn´t allow us.
Pleas could make someone a dump from bootloader?
But i guess, a lot of people think about this!
This is same as decrypt. :-(
No chance i believe.
can't just rewrite the bootloader, propably most everything in this device has its own signature, and they propably check each other.
so, besides jailbreaking INTO motorola headquarter and steal the key, it would be easier to write a whole new software for that thing an make your own signatures open source.
best chance is, IMO, write a petition to moto and kindly ask for it, or find some moto dev an either hijack or bribe him ^^
Check https://www.droid-developers.org/wiki/Booting_chain for the Boot Chain. It's for the milestone, but I guess defy won't be much different.
Replacing the Bootstrap with gPXE and the Bootloader with GRUB shouldn't be too hard, but I guess the real problem are stage 1 bootrom which is on chip and flashing the whole thing which likely will also check the signature.
Who can do that?
I can´t.
My knowledge is not so deep.
Please could someone try it?
But what about performance?
Better?Worser as orginal boot?
Same like 2ndboot?
Slower?
Hi,
I think we should go and search for security vulnerabilities in the Bootloader, when I get my Defy I will try some things.
Regards
For botloader decryption, a good start point is the page on wikipedia about the RSA encryption: http://en.wikipedia.org/wiki/RSA
martinml said:
It's nice to have ideas and try new things, but sadly that BOINC project is not being realistic. I'll quote a comment from Reddit:
Assuming you can try 10^9 keys per second one one CPU (more or less one per two CPU cycles), and assuming you have 10^80 CPUs (one per every atom in universe), you'd need 10^55 years to have 1% chance of breaking that key by brute force. And our universe exists for ~1.5*10^10 years.
Click to expand...
Click to collapse
Are you sure the number you are quoting is right? Maybe it is some really dumb brute force method, of trying one key at a time. But knowing the algorithm, you can at least launch an brute-force prime factorization atack.
I don't understand much on cryptography, but over the internet people comment that in under a decade the 1024bit RSA algorithm should not be secure anymore. Acording to this xkcd thread, an bruteforce aproach to crack an 1024bit RSA key is "only" about 13 millions of current CPU-years. And this paper from 2003 sugests that one could break an 1024bit key in one year, with some 10 millions worth of custom hardware on 130nm (based on many assumptions). Today it would be less, but still prohibitively expensive.
An quicker way would be finding some weakness in the RSA algorithm, that decreases by some orders of magnitude the theorical computational power needed. Or discovering an more efficient way to factor big primes. Many groups of mathematicians have being working for years trying to solve those problems, but no results yet. But we can aways hope that someone will find the answer next year.
What is on reach for defy hackers is finding some vulnerability in the implementation. Maybe torturing the botloader till it tells us the key. Maybe this method, can work. Or some vulnerability on the padding algorithm, or something else.
And then there are the political means... making a pettion to Motorola (already sugested here), making a laws outlawing all forms of DRM and threacherous computing, and forcing the companies to disclose their keys (one of the main proposals of many pirate parties...)... but both are hard to be heard and put foward.
I had a litte chat with the guys from droid-developers.org on IRC today and they said that 2ndboot still is the best option. To me this also sounds really nice, since you can boot any kernel with activated usb console debugging from your running android.
That way we could also watch the boot process and maybe find out more about the hardware without changing anything (except for runtime changes), so a simple reboot should always work.
Ok, but who can compile 2ndboot for us?
I had also a Chat with this guys, but they told me, that a problem with the gsm modem!
So we could´t use the defy anymore.
But we have a custom kernel inside.
Dont understand this.
But how can we do this?
Related
http://www.wix.com/palmercurling/project-bootloader-freedom
seems that kexec methods works...and probably today or tomorrow source code will be released....
if that's true, then it'll be good news
that will make Dexter porting of 2.2 even easier
Hm... Maybe if this work.. Dexer can try with 2.3
grigorbg said:
Hm... Maybe if this work.. Dexer can try with 2.3
Click to expand...
Click to collapse
Dexter already explain why 2.3 is not going to work
He didn't say it's not gonna work, he say it MIGHT not work but he'll test it. That's what he said.
Vistaus said:
He didn't say it's not gonna work, he say it MIGHT not work but he'll test it. That's what he said.
Click to expand...
Click to collapse
Well, he said that 2.3 may need newer kernel, not an 2.6.29 that works on xt720, cause of bootloader...
So, i hope that will helps!
That's what I meant. Sorry for the confusion. He said MAY need a newer kernel, but it's not clear yet 'cause he doesn't have the XT720 yet nor 2.3, so maybe it'll work.
And btw, I dunno if you guys actually read the first post in this thread but if the bootloader is cracked in some way, then it doesn't matter anymore 'cause we can flash any custom kernel then.
Sure, it's only was message about why Dexter says it's not going to work.
People from droid-developers.org also already tried much attemps... with kexec also...
For now.. no success =(
Motorola just marked the request to unlock the Droid X bootloader as "Implemented" here!!!:
http://getsatisfaction.com/motorola/topics/please_unlock_the_droid_x_bootloader
This may be related to:
http://www.droid-life.com/2011/01/1...bootloaders-looks-to-partner-with-developers/
which links to a Facebook response by Motorola that reads:
Motorola - We apologize for the feedback we provided regarding our bootloader policy. The response does not reflect the views of Motorola.
We are working closely with our partners to offer a bootloader solution that will enable developers to use our devices as a development platform while still protecting our users’ interests. More detailed information will follow as we get closer to availability.
Click to expand...
Click to collapse
I'm incredulous. I really don't want to get my hopes up. We need a "support group" and seven step program.
Edit: More coverage of the incident
http://androinica.com/2011/01/19/motorola-unsure-of-its-own-bootloader-policy/
http://nexus404.com/Blog/2011/01/20...m-users-to-go-away-then-begs-for-forgiveness/
why is the bootloader so difficult to crack?
Why is the bootloader so difficult to crack?
c_urbanek said:
Why is the bootloader so difficult to crack?
Click to expand...
Click to collapse
The short answer is that the security in the bootloader is based on very high quality mathematics.
Basically it's what's called a NP-complete problem (I think, I'm an armchair cryptographer only). Think of this this way, we have some sort of algorithm (equations are a kind of algorithm):
45 * x + 32 = 76
Now, there are two ways to find values of x that satisfy this equation. The way we are taught in school is to use the rules of arithmetic to convert the algorithm into a simpler algorithm that yields an expression we can evaluate directly. That's pretty fast.
Now assume you didn't learn how to do that and that nobody in the world knows how to do it. The other way to solve it is to try plugging in values of x on the left-hand side until you find a value that when evaluated gives 76. That way could take a very long time. In fact, you can calculate how long you expect it will take based on how long it takes to test a single value and the expected number of values you'll have to test. (On computers, numbers can be very large, but they can't be infinite)
Fundamentally, this gets to a very important unanswered question in computer science and mathematics called "P ?= NP" which essentially asks: can every possible algorithm be simplified somehow to be solved faster than plugging numbers (over simplified a bit) or are there some algorithms that can only be solved by trying different values until one works. Digitial cryptography is based on finding algorithms that can't be solved easily with current knowledge (the research question is can you find an algorithm and prove that it can never be simplified--again oversimplified a bit).
The bootloader uses one of these algorithms (in the sense that publicly nobody knows anybody that can simplify it--insert NSA conspiracy theories). I think I read somewhere that based on the keysize and using the best algorithms available to search the keyspace, the expected amount of time required to crack the key using all of the available computing power in the world is something like 15-30 years. There was the distributed cracking effort, but they were using very inefficient algorithms that supposedly would take at least over 1000 years (some people said it would take longer than the life of the universe). Some have said that hardware that should be available in five years should be able to break it in five years or something like that. I'm probably remembering the details wrong, but in any case it's not good news.
So, that leaves us with essentially five ways to crack the bootloader:
(1) Look for the key with the expectation to never find in the lifetime of the device,
(2) Find a bug in the implementation of the the bootloader itself (could be either a hardware or software bug),
(3) physically modify the phone to disable the check,
(4) find an efficient attack on the algorithm (i.e. prove this particular encryption isn't one of the mythical unsolvable ones),
(5) convince Motorola to just give it to us.
I picked this XT720 phone over iphone as it will be better with open source community will do new tech y things I will learn and enjoy best we can ever have as in phone. Motorola did tried to diminish the impact for product with the poor upgrade support. I was thinking of selling ( as most of us did thought before Dexter the man behind the rescue operation and best of this community ) my phone. Now i must say it has much better response, satisfaction and relief. This new news has now pumped up everything that we are going to be best in this competition. I think only we have to look for is the alternative for front camera ( something like usb camera attachment or something like that.. may be silly of me I am dreaming ) and this will be best product in the line. Love you people for making my wrong decision worth. Cheers to my XT720 community.
Thanks to all who joined hand for better:
@Mio: Indeed. Btw, number 3 or 4 is already solved by booting a ROM via 2nd init. That is what ROM-bakers do on the Milestone 2 and the Defy. We could do that too.
We need a top noch developer to crack this bootloader that's it.
Sent from my HTC Vision using XDA Premium App
As most of you would know, we have learned quite a bit about Defy bootloader during the last week.
We always thought that Motorola don't have a method to unlock production defys (defys shipped to end users). Well we have sufficient information now to prove that Motorola have a method, and that it converts production defys to engineering defys (Phones used by Motorola engineers to make ROMs and other stuff)
This is actually better than a simple unlocked boot-loader because eng defys have unlimited applications (because we have direct access to MOBO/CPU) like overclocking gpu, installing other OS like Ubuntu, Debian, WP7 etc. into NAND and a lot more.
So the problem here is that the tools required for ENG switch is only available to Motorola employees. Till now we have no further information on it. The tools are TI OMAP BOARD CONFIGURATION TOOL and a 16MB .bin file. Other significance of this method is that it might also unlock other phones with OMAP(3xxx/xxxx?) board. Also this method seems to be very stable.
So the good news is that this software is available for most Motorola repair centers. That means it would be easier to get a leak. Of course the highly paid Motorola engineers with 6digit paycheck wont leak it but we should consider low level repair executives (they already leak sbfs and RSDlite).
So my suggestion is we start a bounty thread in XDA to tempt them.
If you have a solution and if you are concerned about anonymity, please PM me.
PS : There are lots of bounty threads in xda.
Hi,
Setting a Bounty would be cool, but is legal ?
Cause it is not like "I pay you a lot of money if you steal this software for me"
the|gamer said:
Hi,
Setting a Bounty would be cool, but is legal ?
Cause it is not like "I pay you a lot of money if you steal this software for me"
Click to expand...
Click to collapse
hmm. It depend's on which country you are from.
I'm quite on it. Minimum/maximum fee could be set (like US$2 min and 20 bucks max, or anything like this). And someone with access to Motorola's employees (I think the user racca works on a Moto distributor, but I'm not sure of it, I think he mentioned it in some thread a few months ago) could rush and "bribe" them. If people could be a bit more clear about which kind of employees should have access to this software, I could try and convince one of them (you know, people here in Brazil aren't that much into honesty, but are a lot into money) about heading us a leak from TI's software. I'll have to take my phone to MOTOAssist soon ("menu" and "back" keys' backlights are weaker than normal), so I'd have at least an actual reason to talk to an assist technician (assuming they have access to the board configuration tool).
Yet, since I'm no hacker (yet, I'm planning on getting a Nook Color - which community here in XDA seems to provide all you need to start your own ROM - and starting messing around with it) nor coder (know only a little about C programming), I would not try and mess around with TI's software, but only upload it somewhere and give you guys a link for it.
K3n bH1mur4 said:
I'm quite on it. Minimum/maximum fee could be set (like US$2 min and 20 bucks max, or anything like this).
Click to expand...
Click to collapse
We could even promote it with ads. The best way would be to set up our on website, maybe in Brazil(or with some webhost who would like to host this) where you could bribe your way out and then promote it with ads. There is a remote chance that XDA might not approve a bounty thread here (of illegal implications), but we could publish the website here and all other major forums (chinese forums as well).
royale1223 said:
We could even promote it with ads. The best way would be to set up our on website, maybe in Brazil(or with some webhost who would like to host this) where you could bribe your way out and then promote it with ads. There is a remote chance that XDA might not approve a bounty thread here (of illegal implications), but we could publish the website here and all other major forums (chinese forums as well).
Click to expand...
Click to collapse
Dunno, since it's illegal, it may not be the best option to promote it. Obviously, it's still not immoral, but we all know that morality and law often do not converge, so it may be better to go rogue, talking in private with motoassist technicians and stuff like that, because, even if we're just fighting for our rights, we're still using non-legal ways, and risking to be sued for it.
I don't think promoting a website is illegal. What's illegal is hosting an illegal one.
Promoting a website who promises cash for employees of a corporation who leak internal software used by that corp. might be considered illegal in most places. Fortunately (or not, I'll explain why), we have jurisprudence to embase of: in september 1st, last year, a judge here in Brazil condemned Moto to update a customer's Dext/CLIQ to Android 2.1 (Moto did not provide this update here in Brazil, even though it did in many countries) without voiding the warranty.
I know it's just one case, in just one country, and updating an android version is way different than providing unlocked bootloaders (or the tools for users to do so). And, yes, I agree with placing a bounty at the tool. Yet, if we get caught, Moto can still argue that we had other ways to pursue our rights, and we should have used the justice system to do so, if we believed we were that right. Yet, they're a multimillion-worthy company (even bigger after being purchased by Google), and we're a bunch of broke users, at most devs making a couple thousand dollars, and would have little chance against their lawyers. Last, but not least, employers who help us may get caught and fired because of us, and I sincerely want nobody (ok, maybe a few of the highest executives) to get fired just for me to get an unlocked BL.
So, my point is: let's make this a stealth action. Get a reason for your phone to be taken to Motoassist (no intentional bricking, please! You must flash an official SBF before taking it there! - at least if your phone is still under warranty), get to talk with one of their technicians, and mention - indifferently - that some guys are giving alway big money for any Moto employee who leaks that TI OMAP software. Something like this: "hey, did you hear that crazy devs at this dev forum are paying the first moto technician to hand them some sort of software? Something OMAP-related, I don't know for sure. All I know is that the reward is some nice cash."
When the word spread, we could have an unlocked bootloader within a month.
Yet, we got a single issue to deal: how to ensure the person who gives us the SW first will actually receive the cash? I've seen a few bounties here before, but them all were settled by XDA devs (so the bounty keeper could just donate the sum to that dev), never saw something like paying "outsiders".
One of my friends (Defy+ user) has a contact with a Motorola service guy. He says that that guy knows everything about Motorola software and he's with us because he himself uses custom ROMs and controls an entire service center. He's ready to take my device under warranty though it's rooted along every single hack/MOD for Defy installed
Will try contacting him
And let's post this in the forums of all other locked Motorola devices with OMAP 3xxx chips.
Sent from my MB525 using XDA App
swapnil360 said:
One of my friends (Defy+ user) has a contact with a Motorola service guy. He says that that guy knows everything about Motorola software and he's with us because he himself uses custom ROMs and controls an entire service center. He's ready to take my device under warranty though it's rooted along every single hack/MOD for Defy installed
Will try contacting him
And let's post this in the forums of all other locked Motorola devices with OMAP 3xxx chips.
Sent from my MB525 using XDA App
Click to expand...
Click to collapse
Talk with this guy. If he has access to a copy of TI's SW, and handle it to us, I'm pretty sure we could him get a nice reward. Not as high as if putting a bounty, but definitely enough to make the effort worth it.
I mean, supposing that this is actually gonna help unlock EVERY OMAP 3 (and possibly all OMAP-based phones) out there, and that this way the process is reversible (at least to me, it looks like no eFuse is being blown there, you know, assistance technicians can't just blow eFuses like that - taking the phone to the assistance under warranty shouldn't void it, and that's what a blown eFuse would do), loads of people would help. Imagine a single dollar from every OMAP 3 XDA user (take a look here for an INCOMPLETE list of OMAP 3 devices with ~30 ANDROID ONLY phones/tablets), that would make a lot of money.
this is good....and i think it will be best to not mention the location,identities,or any hint of similarities of the perosn source once you guys get contacts & manifests from that guy(source). so as not to compromise his profession.
he could be fired & worse can be sued by leaking private details.
best discuss it in private,after getting in touch w/ him...
just a tought of CAUTION...
hailmary said:
this is good....and i think it will be best to not mention the location,identities,or any hint of similarities of the perosn source once you guys get contacts & manifests from that guy(source). so as not to compromise his profession.
he could be fired & worse can be sued by leaking private details.
best discuss it in private,after getting in touch w/ him...
just a tought of CAUTION...
Click to expand...
Click to collapse
Yeah we would ensure him that.
I'll help u out....juzz tell me what to get from moto officials
hemil said:
I'll help u out....juzz tell me what to get from moto officials
Click to expand...
Click to collapse
do u know motorola mobility service center in mbai?
we only hav private shops with motos certificate...
i dont think they can help...
all they say is we'll send it to factory(?)
Sent from my MB525 using xda premium
@hemil Please pm me.
hemil said:
I'll help u out....juzz tell me what to get from moto officials
Click to expand...
Click to collapse
Hey buddy... just wait for my call today...
Sent from my MB525 using XDA App
Putting up an ads offering money for violation the law may be a bit problematic. No website will be excited to host it. Another issue is that in the end someone will have to actually post it, someone in particular. And that one person will be in danger of being a subject of interest of various law enforcement agencies. You know, at the end of the day they always want someone to put the responsibility on, the culprit, a scapegoat. So you make heat and you put some particular person into it even before there is any result.
I would prefer to focus more on personal face to face private communications with the service guys. It's harder to prove and if something goes wrong (the guy records it etc.) our guy can always say he was just kidding, bullshitting, bigmouthing.
Anyway, if you are thinking about this seriously, here are few remarks.
don't offer the particular sum, it's not tactical; not even here should be mentioned any particular number; instead, let the service guy ask his price
if the first contact with a potential source is established, ask first for a proof; specify what the proof is supposed to be (a screenshot? a video recording of the software in action?)
figure out a way how to actually collect the money; people are willing to donate but they will not donate to anyone, only to someone trustworthy (but Epsylon will surely want to have nothing to do with everything even remotely questionable, let alone illegal); the "collector" will be under the lights, he may get attention of people we don't want to deal with
who actually will be allowed to donate? anyone? how to avoid an agent to donate and then simply track where the money is going?
figure out a way how to actually make a safe and smooth deal (money <-> software); will it be in person or electronically? how to verify we are given what we paid for? classical problem: no one of both parties is willing to make his move first, but we can't give away the money for a software we would start verifying not until the money is gone
figure out how to avoid being robbed (fake offers from people who would want to grab the money and run away) as well as being caught (fake offers from the dummy guy - LE agent); in both cases the correct proof might be given, though, but the intentions are wrong
For the particular mechanics of the exchange in person, one of numerous possible ways may go like this:
our guy comes with an intentionally bricked Defy repairable only with the software in question together with the ordinary USB cable (or without, if special USB cable is needed; in that case the cable must be part of the deal), and with an empty flash drive recognizable at the first sight; no money on him
our guy passes the flash drive and the Defy (and the USB cable, if no special cable is needed) to the "source" and watches closely
the source copies the software onto the flash drive, runs the software from the flash drive, connects the Defy via the cable provided and actually unbricks the phone (this must be more elaborated on; what if the software uses some libraries from the windows directories etc. which are not copied onto the flash drive? he may or may not have the installer, but just copying the installer isn't enough, he would have to copy the installer on the flash drive, then run the installer from it and install it back onto the flash drive and run it from there)
our guy gets the phone (and the cable) back, the source unplugs the flash drive and keeps it for now, our guy watches the flash drive is not connected to anything from now on
now the software is copied onto the flash drive and verified it's working, thus ordinary hand-to-hand exchange may proceed; our guy didn't bring the money to avoid being robbed, they both now may go grab the money or our guy may call his buddy with the money etc. (also needs to be heavily elaborated on)
Sensitive parts must be detailed in-depth, I am just indicating the outline, one of many possible. Still it's very far from perfect.
As you can see it's not that easy and there are many potential points of failure so this action may never really come to the practical realization.
What about a little bit different or alternative ways? Are there any? It would be useful to ask Epsylon what he would actually wish for the most - had he been able to wish for anything.
isn't it illegal to post copyrighted stuff and also its against forum rules..
i mean that if someone gets his hand on that super tool, then how can he shares it with us???
rishi2100 said:
isn't it illegal to post copyrighted stuff and also its against forum rules..
i mean that if someone gets his hand on that super tool, then how can he shares it with us???
Click to expand...
Click to collapse
huh !! think about moto when they actually ditch us with promises ? whats wrong if what we are screaming for last 1 year . and didnt get any updates ? huh think about tht before u speak about illegal stuffs . if moto is doing all sought of ways to keep us away from our rights . what we do undercover to get us right can no way be questioned when we have told thousands of times that we need updates .
more over the authority can question us only and only when they are themselves self guilt free .... but instead they are pretending to be saint sitting behind the curtains and doing all sought of locking stuff to deprive us of our rights
@jhonsmithx Let's not get ahead of ourselves. First of all lets concentrate on getting the source. Also I urge users to use a bit of social engineering to do that(using fb/g ). We'll put together a plan according to the situation after that. Also note that this is a pretty long shot. We might not get a source after all.
rishi2100 said:
isn't it illegal to post copyrighted stuff and also its against forum rules..
i mean that if someone gets his hand on that super tool, then how can he shares it with us???
Click to expand...
Click to collapse
I could think of atleast 10 ways to share anonymously. Though I wont be posting them here.
With the signing key or certificate we could just sign our own kernels and wave knox goodbye while keeping the warranty, right?
Can't this be cracked somehow? or maybe someone from samsung is nice and leaks? =)
I sooo want to get rid of knox completely but don't dare to purposely trip the flag yet....
I think the only way to succeed would be to be able to sign our own kernels for knox or find some other exploit to break out of the boundaries of selinux enforcing mode. (or to get this thing turned off..)
But to run custom recoveries and kernels without tripping knox we'd still need to be able to sign those.
---
One time, cmon!
EDIT: Ohh forgot to say that I would put 20$ into the "samsung knox root cert leak fund" - maybe we can get smth started hehe
(like in the thread where people collect for a method to restore knox to 0x0..just with a lil different approach *evilgrin*)
You don't "crack" digital signatures like this, you'll be at that until the end of time. You're also not going to get some Samsung employee selling it, either, because the only people that have access to this stuff will be higher-ups getting paid a lot more than this bounty will ever reach. Not just that but it's not worth being blacklisted from the entire industry.
neoKushan said:
You don't "crack" digital signatures like this, you'll be at that until the end of time. You're also not going to get some Samsung employee selling it, either, because the only people that have access to this stuff will be higher-ups getting paid a lot more than this bounty will ever reach. Not just that but it's not worth being blacklisted from the entire industry.
Click to expand...
Click to collapse
Tell that to Sony or the movie industry., Microsoft, direct TV, bell, dishnet.
Sent from my Telus SM900N-W8 via XDA Premium App
JohnnyRebel said:
Tell that to Sony or the movie industry.
Sent from my Telus SM900N-W8 via XDA Premium App
Click to expand...
Click to collapse
Sony failed at their implementation of RSA, I very much doubt Samsung has made the same mistake. As for the HDCP leak (I presume that's what you're referring to), that was reversed through a weakness in the algorithm. RSA has no such weakness if done correctly.
neoKushan said:
Sony failed at their implementation of RSA, I very much doubt Samsung has made the same mistake. As for the HDCP leak (I presume that's what you're referring to), that was reversed through a weakness in the algorithm. RSA has no such weakness if done correctly.
Click to expand...
Click to collapse
You know your stuff better then me, but I'm praying your not right. No offense but I'm trying to remain the optimist. Everything man made can be broken. I like to think with time a way will be found to fake or mimic the signature. Obviously if that day comes Knox will probably long since been comprimised. Since this is their first implementation of Knox I'm sure there's flaws that hopefully get stumbled across. I'll be more worried about Knox 2. The only thing that might stop man from trying would be if Samsung proved it irrelevant. Eg. Honoring warranty with Knox tripped, or reseting Knox for a small fee.
Sent from my Telus SM900N-W8 via XDA Premium App
JohnnyRebel said:
You know your stuff better then me, but I'm praying your not right. No offense but I'm trying to remain the optimist. Everything man made can be broken. I like to think with time a way will be found to fake or mimic the signature. Obviously if that day comes Knox will probably long since been comprimised. Since this is their first implementation of Knox I'm sure there's flaws that hopefully get stumbled across. I'll be more worried about Knox 2. The only thing that might stop man from trying would be if Samsung proved it irrelevant. Eg. Honoring warranty with Knox tripped, or reseting Knox for a small fee.
Sent from my Telus SM900N-W8 via XDA Premium App
Click to expand...
Click to collapse
Oh don't get me wrong, I firmly believe that nearly anything can be hacked given enough time. I would be surprised if Knox is still an issue 6 months from now, I just don't think we'll see the RSA key signature for it any time soon. I'm hoping we'll just find a way to reset it, or at least stop it from being tripped in the first place. The good news is that it would appear to NOT be a hardware efuse of any kind, so keep those fingers crossed.
neoKushan said:
Oh don't get me wrong, I firmly believe that nearly anything can be hacked given enough time. I would be surprised if Knox is still an issue 6 months from now, I just don't think we'll see the RSA key signature for it any time soon. I'm hoping we'll just find a way to reset it, or at least stop it from being tripped in the first place. The good news is that it would appear to NOT be a hardware efuse of any kind, so keep those fingers crossed.
Click to expand...
Click to collapse
Yes, your belief is correct, the "enough time" is true, but...
To crack a 2048 bit key, with a traditional desktop (2.2ghz CPU), it would take roughly 1.5 million years. I am not sure how strong is the key that Samsung has, but it is going to be way out of our life expectancy to crack anything like that.
The development of quantum computer will reduce that into something that is very well manageable, but we are not anywhere close. And nature of quantum computing is that you will never get 100% correct answer. It will be the best guess (I am WAAAAAAAAAAY over-simplifying this), but still has a chance not to be 100% correct.
Long story short, unless it's a really crappy implementation, or you manage to get a hold of the private key, you ain't going anywhere. Sorry
Meanee said:
Yes, your belief is correct, the "enough time" is true, but...
To crack a 2048 bit key, with a traditional desktop (2.2ghz CPU), it would take roughly 1.5 million years. I am not sure how strong is the key that Samsung has, but it is going to be way out of our life expectancy to crack anything like that.
The development of quantum computer will reduce that into something that is very well manageable, but we are not anywhere close. And nature of quantum computing is that you will never get 100% correct answer. It will be the best guess (I am WAAAAAAAAAAY over-simplifying this), but still has a chance not to be 100% correct.
Long story short, unless it's a really crappy implementation, or you manage to get a hold of the private key, you ain't going anywhere. Sorry
Click to expand...
Click to collapse
Sorry, I know you're trying to be helpful, but I don't think you've read the whole of my post, or indeed the previous post I made on the subject (second post in this thread). There is also an important distinction between "hacking" something and just brute forcing something as well. By "hacking" RSA, I'm really talking about finding a weakness in the algorithm that either allows derivations of the key or much faster brute forcing. Still, a lot of research has gone into this and although RSA is beginning to be considered insecure, it's not quite utterly broken yet for large keys (2048bit and above), but large keys are too computationally intensive. That's assuming RSA is in play here, it could equally be ECC and in that case, we're definitely ****ed.
Meanee said:
Yes, your belief is correct, the "enough time" is true, but...
To crack a 2048 bit key, with a traditional desktop (2.2ghz CPU), it would take roughly 1.5 million years. I am not sure how strong is the key that Samsung has, but it is going to be way out of our life expectancy to crack anything like that.
The development of quantum computer will reduce that into something that is very well manageable, but we are not anywhere close. And nature of quantum computing is that you will never get 100% correct answer. It will be the best guess (I am WAAAAAAAAAAY over-simplifying this), but still has a chance not to be 100% correct.
Long story short, unless it's a really crappy implementation, or you manage to get a hold of the private key, you ain't going anywhere. Sorry
Click to expand...
Click to collapse
Tbh that's actually a very good example of explaining quantum computing - though unless anyone has 6 months exclusive access to a multi million/billion dollar quantum computer, I think you guys can pretty much rule out either a cracked code or a key being leaked, these private keys are literally the one thing a developer or OEM never, ever wants to be leaked as with it you can sign firmware + do untold mischief. I honestly wouldn't be at all surprised if only one or two Samsung employees have access to this key.
IMO your probably much better off with going down the usual exploit root of finding a security flaw and exploiting it.
Jonny said:
Tbh that's actually a very good example of explaining quantum computing - though unless anyone has 6 months exclusive access to a multi million/billion dollar quantum computer, I think you guys can pretty much rule out either a cracked code or a key being leaked, these private keys are literally the one thing a developer or OEM never, ever wants to be leaked as with it you can sign firmware + do untold mischief. I honestly wouldn't be at all surprised if only one or two Samsung employees have access to this key.
IMO your probably much better off with going down the usual exploit root of finding a security flaw and exploiting it.
Click to expand...
Click to collapse
Back closer to topic a little (though this is interesting!)... in the Knox white paper, Samsung states that it's possible to change the root key on the phone that establishes the whole downstream chain of trust (boot loader, kernel, ...). Apparently this is a legal/security requirement for certain government agencies, but whatever the reason, there is a protocol in place to get one's own root CA cert signed by Samsung and then have that installed at the root level of the phone. Samsung is pretty explicit in saying that this means you will need to roll all of the system software yourself, so I think they really do mean the key used at the lowest level we would care about.
I've idly thought of writing Samsung with complaints about how Knox interferes with some normal operation of the phone, and ask them to either sign a key I can use to install a development FW, or provide a properly signed dev FW, or at least provide a method for hooking and controlling the Knox/SEAndroid subsystem. I realize the likelihood of success is low, but could it really hurt to ask?
p
Hey all. Currently, evilpotatoman has gotten us closer than ever to achieving root with our phones. He's out of commission at this time until his device back comes in, which could take 2 weeks or more. He has extended the torch to any dev who might be interested in taking a crack at it with his notes (included below). Reference the bounty thread here for details about the bootloader/root bounty information.
!!!!PLEASE DO NOT POST YOUR BOUNTY AMOUNTS HERE!!!! DO IT IN RAYLON00'S THREAD FOR CONTINUITY: http://forum.xda-developers.com/showthread.php?t=3339857
evilpotatoman said:
Here's where it's at, but first a few notes and thoughts;
A) Even after upsetting dm-verity, the system remained somewhat stable*
*The only issues I see are the system:custom message, an unlocked boot logo, and that the stock installer refuses to install anything but FOTAs or a sec_csc.zip flashed on the CACHE partition. If cleared, the system boots up normally
B) It's extremely difficult to reverse dev this device - Every piece of secure-trust-knox-DRK-verity-crapola increases the chance of a misstep and ending up with a really nice IOT brick. Because of all this security, looking for buffer overflows and random execs would take ages. I focused on stupid programming mistakes, sifting through log files, much like I did when developing the original Note 3 recovery method.
C) The HOME_CSC partition file that seems to fail typical odin flashes -- It sets something permanent, like kind of hard-coding the verity keys. During my testing, I flashed one only to later realize that my CSC was then hard-coded to Chinese branding. Before that flash, I could mess around with the branding at will (and subsequently write to the system partition). It was only after I flashed that CSC_HOME that dm-verity actually failed. In short -- I had root BEFORE download mode labeled my system as custom. I flashed HOME_CSC, dm-verity then failed when I changed the CSC following the hard-code.
I have yet to fully re-create my EFS partition, and sent it to someone who wears darker hats than I for a fix. Because I won't have the phone for a while (at least 2 weeks), I've decided to give a brain dump in hopes that someone can pick up where I left off.
PM me for additional details, but the following should get better devs searching for a more stable method.
sec_csc.zips (found in cache.img.ext4) can be used to modify the system partition, and the partition itself isn't signed. Those zips also set the region.
*A particularly interesting csc zip exists for the G9300's CSC file.....
Odin happily flashes specific "partitions" individually, so piece-meal it out.
nand partitions can be written to while still failing in odin (but system.img is signed in 2 places, so fyi)
The exploit leverages those download-mode/recovery, plus the stupid programming error found below:
on the stock firmware, there's a boot script that calls a missing binary, which is a perfect -in- for the su daemon.
Click to expand...
Click to collapse
You can PM evilpotatoman here: http://forum.xda-developers.com/member.php?u=2322344
Very cool! This looks promising
Sent from my SM-G935P using Tapatalk
maybe @jcadduono can do something here?
Holy ****! This is big news!
seanvree said:
maybe @jcadduono can do something here?
Click to expand...
Click to collapse
He does not have a s7, so I doubt he can help much
Maybe jcase can work on boot loader and root
Sent from my Nexus 6 using Tapatalk
@jcase and @beaups come to mind.
I'd love to see this take off. To that effect, may I suggest contacting the dev you're wondering about and asking (POLITELY) if they intend to or are willing to contribute to this project?
Additionally, since we have nearly $2000 pledged for a root method, we can set up a fund to get the devices in the hands of the devs willing to work on the issue that may not have a device, starting with @evilpotatoman if he needs it. This might also give people who were apprehensive about contributing to the bounty another option to support this endeavor, and gives the rest of us a way to actively contribute instead of saying "here's your prize if you win."
Someone could even act as a third party to set up the fund (be it gofundme or something else, I need to research options). We may not all know how to fight on the front lines, but there are definitely ways the rest of us peons can actively support the effort instead of being passive and hoping it eventually happens because someone else did it.
Thoughts, suggestions, questions?
@jcase hacked the unhackable black phone.... I ask him on Twitter but he didn't say if he would have time to do it or not...
Sent from my Nexus 6 using Tapatalk
Tagging him won't help. I don't think he likes to tagged often. I'm talking about jcase. If he wants to he will. Since evilpotatoman has opened up this whole new scenario. I hope all the devs see it and try to put on their magic. But yes. I have my bet on jcase. Have seen his work from a while back. A mastermind I must admit.
Sent from my SM-G935T using XDA-Developers mobile app
Mew351 said:
Holy ****! This is big news!
Click to expand...
Click to collapse
No it isnt, this is exactly zero news.
That entire post is wrong, it is full of basic factual errors that make question if its a troll, or a misunderstanding of how these things work.
I may nitpick it when I get home if anyone disagrees with my evaluation of it, but a simple view:
a) messing with dm-verity wouldnt cause system stability issues at all, either it would boot or not.
b) reverse engineering this device is no harder than previous ones, there is no insane obfuscation or anything (just some simple obfuscation). Standard toolsets would work ehre.
c) The "custom" symbol is just a sign of tampering, in fact I could make a standard app to cause it. It wouldn't stop or remove root from a system.
The whole post in general is gibberish.
Dont start funds for developers who need phones, too many times it comes out bad.
We allow bounties, but funds need to be pledged not held by a single person, and they should not be paid out unless the project is completed, and posted (and is of primarily original work).
psych0r3bel said:
I'd love to see this take off. To that effect, may I suggest contacting the dev you're wondering about and asking (POLITELY) if they intend to or are willing to contribute to this project?
Additionally, since we have nearly $2000 pledged for a root method, we can set up a fund to get the devices in the hands of the devs willing to work on the issue that may not have a device, starting with @evilpotatoman if he needs it. This might also give people who were apprehensive about contributing to the bounty another option to support this endeavor, and gives the rest of us a way to actively contribute instead of saying "here's your prize if you win."
Someone could even act as a third party to set up the fund (be it gofundme or something else, I need to research options). We may not all know how to fight on the front lines, but there are definitely ways the rest of us peons can actively support the effort instead of being passive and hoping it eventually happens because someone else did it.
Thoughts, suggestions, questions?
Click to expand...
Click to collapse
jcase said:
Dont start funds for developers who need phones, too many times it comes out bad.
We allow bounties, but funds need to be pledged not held by a single person, and they should not be paid out unless the project is completed, and posted (and is of primarily original work).
Click to expand...
Click to collapse
Fair enough. I probably should have checked to see if there was any rule against this. Regardless, from a common sense standpoint you make...well, sense. Wrote myself into a corner there. >.>
As for the entire OP being gibberish...you're essentially saying we're back at square one, or is he at least barking up the right tree, in your opinion? As you can tell, I'm a little overzealous when it comes to this phone getting root lol.
jcase said:
No it isnt, this is exactly zero news.
That entire post is wrong, it is full of basic factual errors that make question if its a troll, or a misunderstanding of how these things work.
I may nitpick it when I get home if anyone disagrees with my evaluation of it, but a simple view:
a) messing with dm-verity wouldnt cause system stability issues at all, either it would boot or not.
b) reverse engineering this device is no harder than previous ones, there is no insane obfuscation or anything (just some simple obfuscation). Standard toolsets would work ehre.
c) The "custom" symbol is just a sign of tampering, in fact I could make a standard app to cause it. It wouldn't stop or remove root from a system.
The whole post in general is gibberish.
Click to expand...
Click to collapse
psych0r3bel said:
Fair enough. I probably should have checked to see if there was any rule against this. Regardless, from a common sense standpoint you make...well, sense. Wrote myself into a corner there. >.>
As for the entire OP being gibberish...you're essentially saying we're back at square one, or is he at least barking up the right tree, in your opinion? As you can tell, I'm a little overzealous when it comes to this phone getting root lol.
Click to expand...
Click to collapse
Well he did manage to get root so I don't know how it is all gibberish.
jakebake102 said:
Well he did manage to get root so I don't know how it is all gibberish.
Click to expand...
Click to collapse
I don't believe you or him on that. It is gibberish because its factually wrong, if it wasnt factually wrong I wouldnt have a reason to doubt someone in particular got root. When you make it apparent you are making stuff up or dont know what your talking about, it casts a major doubt.
Plus the proof shown, just showing that syscope got tripped, its not showing root, its not showing unlock, its literally showing nothing of any indication.
jakebake102 said:
Well he did manage to get root so I don't know how it is all gibberish.
Click to expand...
Click to collapse
It is possible to see and not understand. Often times an opinion held about the cause of a specific behavior in a complex system can be premature, and when new information comes to light suddenly all of the indicators that pointed to one cause suddenly mean something very different. The problem comes not with forming these theories about what causes a behavior, but in voicing that opinion before it is fully vetted out by your own tests.
In short, it is possible to be right about what you see, but wrong about what caused it.
jcase said:
I don't believe you or him on that. It is gibberish because its factually wrong, if it wasnt factually wrong I wouldnt have a reason to doubt someone in particular got root. When you make it apparent you are making stuff up or dont know what your talking about, it casts a major doubt.
Plus the proof shown, just showing that syscope got tripped, its not showing root, its not showing unlock, its literally showing nothing of any indication.
Click to expand...
Click to collapse
Ok well thanks for looking this over.
jakebake102 said:
Well he did manage to get root so I don't know how it is all gibberish.
Click to expand...
Click to collapse
Everyone beat me to it, but yeah. He said it, hasn't proven it. If he managed to get root, great. I gave him the benefit of the doubt, but now we have a known dev basically discrediting everything based upon his own expertise.
So from this point forward, the onus of proof is on the OP to prove he has/had root. Nothing a screenshot can't prove. It's entirely possible he did get root, but for a different reason than he stated, and posting his proof opens up the floor for a discussion on the exact process. The result doesn't produce the method, so maybe he stumbled upon root by chance in the midst of his work, which led him to think his method worked. Too many variables. That's why we discuss these things.
jcase said:
No it isnt, this is exactly zero news.
That entire post is wrong, it is full of basic factual errors that make question if its a troll, or a misunderstanding of how these things work.
I may nitpick it when I get home if anyone disagrees with my evaluation of it, but a simple view:
a) messing with dm-verity wouldnt cause system stability issues at all, either it would boot or not.
b) reverse engineering this device is no harder than previous ones, there is no insane obfuscation or anything (just some simple obfuscation). Standard toolsets would work ehre.
c) The "custom" symbol is just a sign of tampering, in fact I could make a standard app to cause it. It wouldn't stop or remove root from a system.
The whole post in general is gibberish.
Click to expand...
Click to collapse
Hey jcase (I know you from the old days on XDA, just a bit undercover now for XDA reasons.) Anyway, please don't let the excitement of some folks turn you off to this whole idea. These Qualcomm variants of the S7/Edge are majorly great devices, and root would be ****ing awesome for everyone, so people are gonna get worked up about it. You KNOW how XDA gets. If you believe that there might be a straightforward exploit available, similar to the CID directory exploit that was used in the VS5, please pass on any help you can. (Or even if it has nothing to do with that route.)
All I know is that if you, or bceups, or anyone could actually help make this happen (and this is definitely a "they say it'll never happen" moment, like the Evo3d or the VS5) then you'd be rockstars of the community, more than you are now, however much that means to you. (It means a lot to me, I promise you.) If you think there's hope, and you're willing to give it a shot, ****ing bad ass... If not, maybe PM evilpotatoman and give him a nudge in the direction you'd think would work best.
Either way, I, and I'm sure every GS7/EDGE customer in America who's into Android, definitely have your back.
Let us know your thoughts, and if there's actually a ray of hope.
That's all I got.
Peace, bro.
Edit: and, btw, there IS some big bounty or something to boot, lol.
..
https://www.xda-developers.com/huawei-stop-providing-bootloader-unlock-codes/
Oh come on that's never an issue script and bypass by exploiting it
Thats huge NO NO, this is my first and last Huawei device. I love my p9 and was planning to get p20 pro but now... If they get out with this most of companies will follow imo
KinG5Pac said:
Thats huge NO NO, this is my first and last Huawei device. I love my p9 and was planning to get p20 pro but now... If they get out with this most of companies will follow imo
Click to expand...
Click to collapse
Nuh i dont think so. And its not the first company who actually done it. And again its in their legal rights to do so., but as i said it very easy to exploit the bootloader without bootloader code and it will not make any difference customizing it. Back in my days we had to crack the CD to clone the game....and even today we crack the EXE to play pirate games. The same will happen with the devices. Samsung and Google already locked many devices and you was not able to get a bootloader code. That did not stop us though
KinG5Pac said:
Thats huge NO NO, this is my first and last Huawei device. I love my p9 and was planning to get p20 pro but now... If they get out with this most of companies will follow imo
Click to expand...
Click to collapse
Same thing here. P9 was really great had it for two years and I was very satisfied. But no way am I going with the P20. It has terrible value... So expensive? Bad design choices...
I think most companies take a bad turn after they get too big. Same thing with Samsung. They made an almost perfect phone with the Galaxy S3 (at the time) for a great price. Then they kept releasing the same design but increased price every year and now they sell glass slates that break if you look at them wrong, that cost 1000$.
I just got an amazing deal on an LG G6 which already has Oreo. That will hopefully last me until this whole notch/no headphone-jack craze washes over!
clouds5 said:
I think most companies take a bad turn after they get too big. Same thing with Samsung.
Click to expand...
Click to collapse
Its not about "getting to big". Look at it from company and market perspective. Some people here dont get it but modded devices take really small percentage of overall Android devices out there. We sit inside and read about that so we thing that everyone doing that but, most of android users dont even know what Android version they have, for them its just "Android Phone" + Brand name.
But for past year that number of custom roms and forcing updates that users do because they dont want to wait for official OTA grow and companies want to protect their names so there will be no situation like company is known that it have bad devices because people who mess with firmware cry about it all over the internet creating bad reputation.
Huawei was never perfect device for modding, and because Huawei is one of the biggest companies that aim for top they want to smooth their reputation by protecting their devices(no messing with bootloader = marketing advertising for "safe" device) and make users to use build in features and updates that they can control instead of messing with device to get it.
And yes, some people will cry that they will never get Huawei device again, or cry that its worst decision, but in reality those people are less than 0.5% of their worldwide user base. Some people will still mod those devices because they know-how, and stopping "easy way" to unlocking bootloader is not big deal, and Huawei devices are not alone here, there is lots of other devices and few companies that also block it and no one cry about it beside small number of people.
For me and probably for most of people it dont matter, Huawei devices are not bad compared to other companies, they work good, and for all normal people thats matter: that device work good. Today there is not much reason to mod devices, most of options that people need are build in, performance on even mid-range devices are good, no need to tinker under the hud like in old days to get device to work smooth. There are still many apps that need root and there are many roms that are really good, but most of people dont need that anymore, and only new users and people who are bored tinker with it... and for most of time screw their devices and then cry all over the internet that phone dont work...
vampirian said:
Oh come on that's never an issue script and bypass by exploiting it
Click to expand...
Click to collapse
Sorry what do you mean?
Akinaro said:
Its not about "getting to big". Look at it from company and market perspective. Some people here dont get it but modded devices take really small percentage of overall Android devices out there. We sit inside and read about that so we thing that everyone doing that but, most of android users dont even know what Android version they have, for them its just "Android Phone" + Brand name.
But for past year that number of custom roms and forcing updates that users do because they dont want to wait for official OTA grow and companies want to protect their names so there will be no situation like company is known that it have bad devices because people who mess with firmware cry about it all over the internet creating bad reputation.
Huawei was never perfect device for modding, and because Huawei is one of the biggest companies that aim for top they want to smooth their reputation by protecting their devices(no messing with bootloader = marketing advertising for "safe" device) and make users to use build in features and updates that they can control instead of messing with device to get it.
And yes, some people will cry that they will never get Huawei device again, or cry that its worst decision, but in reality those people are less than 0.5% of their worldwide user base. Some people will still mod those devices because they know-how, and stopping "easy way" to unlocking bootloader is not big deal, and Huawei devices are not alone here, there is lots of other devices and few companies that also block it and no one cry about it beside small number of people.
For me and probably for most of people it dont matter, Huawei devices are not bad compared to other companies, they work good, and for all normal people thats matter: that device work good. Today there is not much reason to mod devices, most of options that people need are build in, performance on even mid-range devices are good, no need to tinker under the hud like in old days to get device to work smooth. There are still many apps that need root and there are many roms that are really good, but most of people dont need that anymore, and only new users and people who are bored tinker with it... and for most of time screw their devices and then cry all over the internet that phone dont work...
Click to expand...
Click to collapse
Aww sorry for touching your feelings about huawei. -0.5% also money which is gone for sure btw not only p9 users heard about this news so do your calculations it's more than 0.5%, and most of people buy phones just asking these "tech-savvy (crying)" people's recommendation.
zwwel said:
Sorry what do you mean?
Click to expand...
Click to collapse
not gonna sit and explain because it will look like a chinese alphabet to newcomers.
KinG5Pac said:
Aww sorry for touching your feelings about huawei. -0.5% also money which is gone for sure btw not only p9 users heard about this news so do your calculations it's more than 0.5%, and most of people buy phones just asking these "tech-savvy (crying)" people's recommendation.
Click to expand...
Click to collapse
He is right though because the market is not targeting on "under the hood modders" but they do target on average Joes who gets a phone , takes a good picture, using messenger, call, play some android games yadda yadda.
I can tell you that its less than 0.5% worldwide and if that 0.5% needs 3-4 times to return the devices because they hardbrick their devices from custom firmwares, they will have to replace the device which is a cost and also they will gain bad reputation for having "sensitive" devices. I dont think you bought P9 for the under the hood customization. Did you? because most of us got it for the superior cameras tbh.
I do dislike the fact that bootloader is locked , however there is always a way to bypass bootloader and push TWRP. Ive done it already on P8 and P9 and i can not see where it would be a problem with newer devices.
If someone wants to push a custom firmware and have the knowledge to do it, then definitely he will have enough experience on searching for tools that can do this job. Legally, illegally it doesnt matter.
KinG5Pac said:
Aww sorry for touching your feelings about huawei. -0.5% also money which is gone for sure btw not only p9 users heard about this news so do your calculations it's more than 0.5%, and most of people buy phones just asking these "tech-savvy (crying)" people's recommendation.
Click to expand...
Click to collapse
Touching my feelings? Grow up kid...
Huawei P9 is my first Huawei device, for past years I was using only Sony devices. I dont have any "feelings" to phone, because its just device, and it work as advertised.
I dont care how Huawei run its own company, I see other companies and overall market and its not different than others.
What I dont like are are people who behave like kid and cry about small things and get personal with any cont argument that they dont like. Open your eyes wider and look at this from wider perspective than your own nose, then maybe you will understand some things
Akinaro said:
Touching my feelings? Grow up kid...
Huawei P9 is my first Huawei device, for past years I was using only Sony devices. I dont have any "feelings" to phone, because its just device, and it work as advertised.
I dont care how Huawei run its own company, I see other companies and overall market and its not different than others.
What I dont like are are people who behave like kid and cry about small things and get personal with any cont argument that they dont like. Open your eyes wider and look at this from wider perspective than your own nose, then maybe you will understand some things
Click to expand...
Click to collapse
There there, wipe your tears. Your logic make me wanna puke. Don't be angry about others opinions cos I really don't give a f about yours but i read it cos your asking "me" to grove up (really man?) thanks I'll do it, but still stop being asshhole.
Have good one! :victory:
KinG5Pac said:
There there, wipe your tears. Your logic make me wanna puke. Don't be angry about others opinions cos I really don't give a f about yours but i read it cos your asking "me" to grove up (really man?) thanks I'll do it, but still stop being asshhole.
Have good one! :victory:
Click to expand...
Click to collapse
Keyboard warrior? He expressed his opinion and yes you have to grow up. Its a bloody device and not a girlfriend. I really notice that this forum is basically 13 years old mouthy kids. There you go if i change device is only for this reason. Till then im going to the russian community. At least they are developing things. They are not like here expressing clueless opinions, leeching and been demanding and insult other forum members, either act like kids who wants a lollipop. Here take your lollipop.
Byeeeee
vampirian said:
Keyboard warrior? He expressed his opinion and yes you have to grow up. Its a bloody device and not a girlfriend. I really notice that this forum is basically 13 years old mouthy kids. There you go if i change device is only for this reason. Till then im going to the russian community. At least they are developing things. They are not like here expressing clueless opinions, leeching and been demanding and insult other forum members, either act like kids who wants a lollipop. Here take your lollipop.
Byeeeee
Click to expand...
Click to collapse
Why you even here? Anyways you still thinking unlocking bootloader is some scripting or something? There are still some HTC phones which are impossible to unlock and I remember some devs used beg Xiaomi to make kernel open source, LG bootloader aghh Sony's DRM after unlock... Anyways say hello to 4pda
У меня всё... :fingers-crossed:
KinG5Pac said:
Why you even here? Anyways you still thinking unlocking bootloader is some scripting or something? There are still some HTC phones which are impossible to unlock and I remember some devs used beg Xiaomi to make kernel open source, LG bootloader aghh Sony's DRM after unlock... Anyways say hello to 4pda
У меня всё... :fingers-crossed:
Click to expand...
Click to collapse
are you one of those guyz?
http://www.dailymail.co.uk/femail/a...remony-prove-precious-phones-daily-lives.html
Bootloader=kernel?
you mixed up what is what.
Lesson one:
Android Bootloader
Every Android phone has a bootloader that instructs the operating system kernel to boot normally. But you need to understand one thing here that as Android OS is an open source OS and is available on a variety of different hardware, every manufacturer has their own version of bootloader specific for the hardware present in it’s environment. At its most basic level, your Android smartphone is like a hard drive, made of up several partitions. One of those partitions holds the Android system files, another holds all the app data you accumulate (which is how you’re usually able to update without losing all your stuff), and others to do more behind-the scenes stuff.
Lesson two
Why are Bootloaders Locked?
A bootloader is usually locked on an Android device because although it’s an open source OS, still the manufacturers want you to stick to their Android OS version specifically designed for the device. In order to apply this concept, manufacturers lock the bootloader. With a locked bootloader on Android devices, it is virtually impossible to flash a Custom ROM and forced attempts void warranty as well as usually end up in bricks. Therefore, the first step is to always unlock the bootloader.
Lesson 3:
Why keep a bootloader out of reach? One of the biggest reasons is that the carriers and manufacturers dont want to have to support hacked phones. The other is that a lot of time and money is spent developing these things.
Lesson 4
No company is obligated to release or to help you unlock your bootloader. You are allowed to hack it. But you have to respect the brick and return policies.
You can complain as much you want. If you want to play with fimrwares you can go buy an old samsung device.
The market is targeting the user and not the developer.
ты говоришь дерьмо, и ты высокомерный
хорошего дня
vampirian said:
are you one of those guyz?
http://www.dailymail.co.uk/femail/a...remony-prove-precious-phones-daily-lives.html
Bootloader=kernel?
you mixed up what is what.
Lesson one:
Android Bootloader
Every Android phone has a bootloader that instructs the operating system kernel to boot normally. But you need to understand one thing here that as Android OS is an open source OS and is available on a variety of different hardware, every manufacturer has their own version of bootloader specific for the hardware present in it’s environment. At its most basic level, your Android smartphone is like a hard drive, made of up several partitions. One of those partitions holds the Android system files, another holds all the app data you accumulate (which is how you’re usually able to update without losing all your stuff), and others to do more behind-the scenes stuff.
Lesson two
Why are Bootloaders Locked?
A bootloader is usually locked on an Android device because although it’s an open source OS, still the manufacturers want you to stick to their Android OS version specifically designed for the device. In order to apply this concept, manufacturers lock the bootloader. With a locked bootloader on Android devices, it is virtually impossible to flash a Custom ROM and forced attempts void warranty as well as usually end up in bricks. Therefore, the first step is to always unlock the bootloader.
Lesson 3:
Why keep a bootloader out of reach? One of the biggest reasons is that the carriers and manufacturers dont want to have to support hacked phones. The other is that a lot of time and money is spent developing these things.
Lesson 4
No company is obligated to release or to help you unlock your bootloader. You are allowed to hack it. But you have to respect the brick and return policies.
You can complain as much you want. If you want to play with fimrwares you can go buy an old samsung device.
The market is targeting the user and not the developer.
ты говоришь дерьмо, и ты высокомерный
хорошего дня
Click to expand...
Click to collapse
I'm not even comparing, im just giving you examples where companies are being just ignorant to devs. Why they should care about brick after unlocking bootloader? You make zero sense. Unlocked bootloader void warranty so back to the topic. If you still think removing to have an option is "good" then congratulations have fun.
update: I appreciate your time that you spent on research.
Any kind soul willing to help me unlock bootloader, i belive huawei stoped supporting the website to get the bootloader code.
i tried to search everything in the forum.
should i try any suspicious website that asks money to unlock?
Really apreciated!
nightgost said:
Any kind soul willing to help me unlock bootloader, i belive huawei stoped supporting the website to get the bootloader code.
i tried to search everything in the forum.
should i try any suspicious website that asks money to unlock?
Really apreciated!
Click to expand...
Click to collapse
DC-Unlocker is the place to go: https://www.dc-unlocker.com/supported_models_1/huawei_phones
I think it costs 4 Euros. I've used this site and it's legit.
vampirian said:
Nuh i dont think so. And its not the first company who actually done it. And again its in their legal rights to do so., but as i said it very easy to exploit the bootloader without bootloader code and it will not make any difference customizing it. Back in my days we had to crack the CD to clone the game....and even today we crack the EXE to play pirate games. The same will happen with the devices. Samsung and Google already locked many devices and you was not able to get a bootloader code. That did not stop us though
Click to expand...
Click to collapse
How to Do unlock process? kindly tell me..
5pd said:
How to Do unlock process? kindly tell me..
Click to expand...
Click to collapse
Scroll up in this thread and you will find link to their website with instructions there:
https://www.dc-unlocker.com/how-to-read-huawei-bootloader-unlock-code
So my only option is to use DC-Unlocker right?