This is an APK that uses the ExynosAbuse exploit (by alephzain) to be able to do various things on your Exynos4 based device.
Features for non-rooters:
- Securely patch the exploit
Features for rooters:
- Root the device (SuperSU v0.99)
- Enable/disable the exploit at will
- Enable/disable patching the exploit at boot
- Unroot and cleanup (optionally leaving the exploit patch at boot in place)
Please note that patching the exploit may break camera functionality, depending on device and firmware. Also note that if use the patch method without rooting, or keep patching the exploit at boot enabled when unrooting, you need an alternate method to re-root the device to disable this feature (like CF-Auto-Root) - you cannot use ExynosAbuse to do this since it patched the exploit. Unlike other patch authors, I do not believe in keeping an invisible rooted process running in the background while pretending you aren't rooted, to be able to unpatch this way.
While the exploit patches work (aside from possibly disabling your camera), these are more work-around than actual fixes. A proper patch would be a kernel fix, either from a third party or Samsung themselves (hopefully one day...)
My method vs Supercurio, RyanZA
Mine is the only one that is secure. Both Supercurio's and RyanZA's method leave you with easily exploitable holes any serious malware author will abuse. More details http://forum.xda-developers.com/showthread.php?t=2053824
Exploit
For more details on the exploit itself, see this thread: http://forum.xda-developers.com/showthread.php?t=2048511. The exploit is used by this APK in unmodified form. You should be very afraid of this exploit - any app can use it to gain root without asking and without any permissions on a vulnerable device. Let's hope for some fixes ASAP !
Camera
If your camera keeps working depends on your device/firmware combination. Affected are mostly the SGS3, but there is good news too, there is a potential fix here: http://forum.xda-developers.com/showthread.php?t=2052675 SGS3 I9300 ONLY. It seems to work for a number of people. It replaces some system libraries with libraries from a different firmware version that does not rely on /dev/exynos-mem. Do not attempt this unless your camera actually breaks due to the exploit, and beware it may cause you to have to reflash your firmware. Also beware that even though this change will not prevent OTAs from downloading, it can possibly prevent OTAs from flashing succesfully.
Device status
Using this patch may turn your device status into modified. There's not really a proper solution to that at the moment, but you can restore status by removing the patch (and SuperSU) again and rebooting your phone. This will however leave you unprotected again. Doing all sorts of weird stuff (like for example wiping data) to get rid of this modified status while you're still have the patch applied at boot or keep SuperSU around, is an exercise in futility. If you want to go ahead and do that, that is fine, but do not litter my thread with your comments. Because eventually, the modified status is likely to return
Compatibility:
(If your device isn't listed it could still be both compatible with the exploit as well as this fix !)
Samsung Galaxy S2 GT-I9100
Samsung Galaxy S3 GT-I9300
Samsung Galaxy S3 LTE GT-I9305
Samsung Galaxy Note GT-N7000
Samsung Galaxy Note 2 GT-N7100
Samsung Galaxy Note 2 LTE GT-N7105
AT&T Galaxy Note 2 SGH-I317
Verizon Galaxy Note 2 SCH-I605 both locked and unlocked bootloaders work
Samsung Galaxy Camera EK-GC100
Samsung Galaxy Tab Plus GT-P6210
Samsung Galaxy Note 10.1 GT-N8000, GT-N8010, GT-N8013, GT-N8020
Google Nexus 10 not compatible, Exynos5
Post in this thread if you have a device to add.
Notes
I'm not sure if this APK will work right on Android 2.x devices (not tested yet), doesn't mean the exploit doesn't work. So if you're on Android 2.x and this APK doesn't work for you, try doing the exploit manually.
Download
Please do not redistribute, link to this thread instead
v1.40 hashes:
MD5: be4a373ff2848a16bfb948d7e1d1f7d2
SHA1: 79670ab10da59ea58df222e94ad9e8ed83c791a9
(v1.00: 3786; v1.10: 6397; v1.20: 12004; v1.30: 14480)
Changelogs
2012.12.19 - v1.40
- Added check for updates functionality
- Added "current status" display
- Split into sections for non-rooters and rooters
- Added "One-click secure exploit patch" for those who just want to patch their device and forget about
- Added ability to unroot and clean up the leftovers (optionally leaving the patch code in place)
2012.12.18 - v1.30
- Adjusted many things in the shell code, the app will now properly detect an install SuperSU/Superuser with the wrong permissions as NOT having root
- Added a startup notification telling you your device/firmware is not susceptible to this exploit, if it isn't
2012.12.17 - v1.20
- Gingerbread-related fixes - note that not all Gingerbread firmwares of affected devices are vulnerable (for example, I know several SGS2 GB firmwares are not exploitable)
- Added some spam (view my apps on Play, follow me on Twitter, that sort of BS)
- Added icon
2012.12.16 - v1.10
- Added ability to disable and re-enable the exploit (which may break camera)
- Added ability to disable exploit at boot (before any Play-installed app runs, other solutions run later which means they are still vulnerable)
- Both above features require being rooted
2012.12.16 - v1.00
- Initial release
--- reserved as well ---
Nice, fast work. Thanks.
Wow that was quick. Good work Chainfire!
Confirmed working on Samsung Galaxy S2 GT-I9100
Sent from my GT-I9100 using xda premium
Will this root the Sprint/Boost mobile version of the Galaxy S2? Thank you in advance.
Confirmed working on the Verizon Galaxy Note 2 (SCH-I605)
imnuts said:
Confirmed working on the Verizon Galaxy Note 2 (SCH-I605)
Click to expand...
Click to collapse
Locked or unlocked bootloader ?
Chainfire said:
Locked or unlocked bootloader ?
Click to expand...
Click to collapse
Still locked and fully stock.
Works as expected under note 10.1 n8010 4.1.1 stock.
Sent from my GT-N8010 using xda app-developers app
This is a amazing apk app. Right from my phone rooted my phone. Wow! It's unbelievable.
How do you unroot?
SupperDroid said:
How do you unroot?
Click to expand...
Click to collapse
SuperSU --> Settings --> Full unroot
SupperDroid said:
How do you unroot?
Click to expand...
Click to collapse
If you've got SuperSU installed, open it, go to Settings and scroll down and you'll see it says unroot.
Sent from my Nexus 7 using xda premium
benzmar said:
This is a amazing apk app. Right from my phone rooted my phone. Wow! It's unbelievable.
Click to expand...
Click to collapse
as pointed out by Chainfire, this is dangerous too, so beware. :angel:
drraptor said:
as pointed out by Chainfire, this is dangerous too, so beware. :angel:
Click to expand...
Click to collapse
The danger is inherited from the stock kernel and not an outcome by the use of CF's app.
The app just exploits the kernel's security hole.
Does anyone know if this will work on an S2 i777? It too is running an exynos processor.
Sent from my Nexus 4 using Tapatalk 2
Worked flawlessly on my Boost Mobile Galaxy S2! Thank you sir.
Works also with Galaxy S3 Lte
Related
I just noticed when sniffing the new 9500UBUAMDK kernel is that they activated a new "feature" / CONFIG_SEC_RESTRICT_SETUID in the kernel.
This means no more rooting is possible, at least not anymore in the usual methods. Your SuperUser will tell you it will have granted access, but it's neutered on the kernel level.
There is the exception of allowing /system/bin/pppd to gain root access so somebody will want to maybe replace that somehow to gain it as an entry-point. Somebody will want to check that.
This doesn't apply to custom compiled kernels which disable this config option.
Omg.......hope somebody can bypass that one.......sad news for me.....XXUAMDL now....arghhhh
Sent from my GT-I9500 using xda premium
This makes sense cause I flashed MDM for I9505, I used djembey's modfied stock root and apparantley it works, well yeh it works but that because it reverted my kernel back to an older version it didn't actually root the current kernel it reverted back to the older kernel. Because my rom was dated 12th April after i updated the firmware it was 25th april. Then I used the Modified root that is meant to work on all firmwares, I checked the date of the kernel after i rooted and I am now back to the 12th.
AndreiLux said:
I just noticed when sniffing the new 9500UBUAMDK kernel is that they activated a new "feature" / CONFIG_SEC_RESTRICT_SETUID in the kernel.
This means no more rooting is possible, at least not anymore in the usual methods. Your SuperUser will tell you it will have granted access, but it's neutered on the kernel level.
There is the exception of allowing /system/bin/pppd to gain root access so somebody will want to maybe replace that somehow to gain it as an entry-point. Somebody will want to check that.
This doesn't apply to custom compiled kernels which disable this config option.
Click to expand...
Click to collapse
CORRECT!!
I've tested it and it's true.... I9505 STOCK Kernel for new builds MDM/MDN has been LOCKED as well....
My solution is to use Kernel from builds up to MDF and include it into CF-AutoRoot package and it WORKS like charm... (Future proof..)
BTW, they have changed something in system.img.ext4 as well!! Checksum added or something like this, if you re-build it, whole integrity is broken... SYSTEM IS LOCKED!!
CSC is impossible to apply usual way, I've implanted it into system and modified to achieve HD Voice support on all networks.. NOTHING can be added to it afterwards..
Ahhh, this is why I'm getting the following error, damnit!
"BusyBox works but the "su" command does not elevate to root. There's something wrong with your "su" binary and/or "Superuser" app."
I am sure other methods will be found soon. u know u can count on the good folks here at xda.
Sent from my GT-I9500 using xda premium
removed
WOW
great work Samsung :crying::silly:
AndreiLux said:
I just noticed when sniffing the new 9500UBUAMDK kernel is that they activated a new "feature" / CONFIG_SEC_RESTRICT_SETUID in the kernel.
This means no more rooting is possible, at least not anymore in the usual methods. Your SuperUser will tell you it will have granted access, but it's neutered on the kernel level.
There is the exception of allowing /system/bin/pppd to gain root access so somebody will want to maybe replace that somehow to gain it as an entry-point. Somebody will want to check that.
This doesn't apply to custom compiled kernels which disable this config option.
Click to expand...
Click to collapse
Damn!.. I updated my GS4 from UBUAMDE to UBUAMDK and was just now planning to root it when i saw this post.. *sigh*... Nonetheless,thank you for the information and insight kind sir, and I hope there will be a workaround soon for root access *fingers crossed*
Well can we just flash a rooted rom from recovery?
Sent from my GT-I9500 using xda premium
samomamo said:
Well can we just flash a rooted rom from recovery?
Sent from my GT-I9500 using xda premium
Click to expand...
Click to collapse
no u need kernel that disable CONFIG_SEC_RESTRICT_SETUID to get the SU binary working
> kernel that disable CONFIG_SEC_RESTRICT_SETUID
patch one byte in kernel file?
yahyoh said:
no u need kernel that disable CONFIG_SEC_RESTRICT_SETUID to get the SU binary working
Click to expand...
Click to collapse
Well then we can flash a kernel.
Sent from my GT-I9500 using xda premium
AndreiLux said:
I just noticed when sniffing the new 9500UBUAMDK kernel is that they activated a new "feature" / CONFIG_SEC_RESTRICT_SETUID in the kernel.
Click to expand...
Click to collapse
I'm afraid you are right. I did a source code review a few days ago in a German forum and came to the same conclusion: We need a Stock Kernel with deactivated Root Restriction Feature or a custom kernel without these features.
I'm not sure, if we can build something around the pppd issue. Some "rename pppd temporarily if root is needed special hacking service". But sounds somehow crazy, and I'm not sure, if it is worth a try. You have to modify the systemfs, and I think, a Custom Kernel is easier.
Do you think there are dependencies in the rest of the firmware to the Root Restriction Feature? In other words: Will disabling this feature cause trouble, e.g. with Knox?
And since we have kernel sources can't we recompile our own kernel with this option disabled? I don't think this as a deadlock state. It is pretty much possible to bypass.
I think, this will be possible. At least it will be my first try as soon as I have my own S4 in my hands. Building a stock kernel from source without Root Restriction.
BTW: In the actual Samsung source code the feature is disabled in the default configuration. Hmmm ...
AndreiLux said:
I just noticed when sniffing the new 9500UBUAMDK kernel is that they activated a new "feature" / CONFIG_SEC_RESTRICT_SETUID in the kernel.
This means no more rooting is possible, at least not anymore in the usual methods. Your SuperUser will tell you it will have granted access, but it's neutered on the kernel level.
There is the exception of allowing /system/bin/pppd to gain root access so somebody will want to maybe replace that somehow to gain it as an entry-point. Somebody will want to check that.
This doesn't apply to custom compiled kernels which disable this config option.
Click to expand...
Click to collapse
Could they possibly be getting some kernels ready for military purpose devices?
Sent from my GT-I9300 using xda app-developers app
RiverSource said:
BTW: In the actual Samsung source code the feature is disabled in the default configuration. Hmmm ...
Click to expand...
Click to collapse
They enabled it in the last sources.
Anyway the problem with a compiled kernel is to get exFat working; I can load exfat_core now but exfat_fs is giving me kernel page faults.
thats because latest exynos exploit story, so now u dont have to worry about holes in os. its unrootable
Aaaaaaaaaannnddd im returning my s4. Not gonna keep dealing with this s*** every time that there's updates.
I've been thinking of flashing the UK version of jellybean for the gt-p6210 from sammobile instead of waiting for the US version if it'll eliminate the risk that comes with ics (if the bug has really been fixed on jellybean like Samsung says.) Has there been any reports of people with the dangerous chip putting it to the test after updating to 4.1.2?
I'm also wondering if this bug could affect everyone with the bad chip- even people who haven't made any modifications like rooting their devices, or is it a reaction to changing any of the default settings?
kcerica said:
I've been thinking of flashing the UK version of jellybean for the gt-p6210 from sammobile instead of waiting for the US version if it'll eliminate the risk that comes with ics (if the bug has really been fixed on jellybean like Samsung says.) Has there been any reports of people with the dangerous chip putting it to the test after updating to 4.1.2?
I'm also wondering if this bug could affect everyone with the bad chip- even people who haven't made any modifications like rooting their devices, or is it a reaction to changing any of the default settings?
Click to expand...
Click to collapse
You know for triggering brickbug there are 3 conditions :
1.brickbug effected chip
2.kernel containing emmc_cap_erase command
3.performing any forms of wipe operation.
If any "one" of the three conditions are not satisfied the brickbug won't get triggered.
Samsung patch means that their kernel doesn't have emmc_cap_erase command now.
So all new JB versions are safe(even exynos abuse exploit has been patched)
FYI I am using a P6200 which has a brickbug effected chip and has gone through several flash and wipe operations.
Sent from my GT-I9100 using xda app-developers app
king_below_my_lord said:
You know for triggering brickbug there are 3 conditions :
1.brickbug effected chip
2.kernel containing emmc_cap_erase command
3.performing any forms of wipe operation.
If any "one" of the three conditions are not satisfied the brickbug won't get triggered.
Samsung patch means that their kernel doesn't have emmc_cap_erase command now.
So all new JB versions are safe(even exynos abuse exploit has been patched)
FYI I am using a P6200 which has a brickbug effected chip and has gone through several flash and wipe operations.
Sent from my GT-I9100 using xda app-developers app
Click to expand...
Click to collapse
I have a samsung emmc chip with name "K3U00M", which will brick when i update to 4.1.2. So I remove MMC_CAP_ERASE
and test, there still have the issue, but the probability is low than before. BTW, this chip with 4.0.3 don't brick.
Anyone has any idea for this?
I am currently implementing an alternate method of Rooting which I have found to be successful by means of Pre-Rooting the system.img.ext4 file. I have already released Pre-Rooted ROMs for previous models and wanted to continue this development for the Galaxy S4.
Why use this Root Method? Well the main reasons are:
- You have a complete Odin Flashable ROM Package.
- No Insecure Kernels are used or required.
- You can flash these packages on Non-Rooted devices
- The Binary Flash Counter will NOT increase when flashing these ROM Packages.
- And finally, you only have to flash one file in Odin and you have a complete firmware including Root Permissions.
What Root Package is used in these ROMs?
- Busybox 1.20.2 (Newer ROMs)
- SuperSU 1.51 (Newer ROMs)
Previously released ROMs may have an older Busybox and SuperSU package installed.
Please Note: This Root Method does not include a Custom Recovery. This is for people who only require Root Permissions. If you do require a Custom Recovery, you will need to flash this yourself separately.
Click to expand...
Click to collapse
Just UnZip and Flash the '.tar.md5' File in Odin.
Password (All Packages): [email protected]
Click to expand...
Click to collapse
Note: If you are coming from a Custom ROM, remember to Wipe Data and Cache Partitions before flashing to avoid Boot Loops.
Modified Stock Packages:
(Modifications: Newest PDA Image and Modem and Pre-Rooted.)
Click to expand...
Click to collapse
None as of yet.
Original Stock Packages:
(Modifications: Pre-Rooted Only.)
Click to expand...
Click to collapse
Product Code: GT-I9505ZBABTU (4.2.2) (Unbranded UK)
PDA: XXUBMGA
PHONE: XXUBMGA
CSC: OXXBMG3
Link: Download (Dev-Host)
Updated CSC: OXXBMH1 (Dev-Host)
More to come! Enjoy!
Reserved!
lyriquidperfection said:
I am currently implementing an alternate method of Rooting which I have found to be successful by means of Pre-Rooting the system.img.ext4 file. I have already released Pre-Rooted ROMs for previous models and wanted to continue this development for the Galaxy S4.
Why use this Root Method? Well the main reasons are:
- You have a complete Odin Flashable ROM Package.
- No Insecure Kernels are used or required.
- You can flash these packages on Non-Rooted devices
- The Binary Flash Counter will NOT increase when flashing these ROM Packages.
- And finally, you only have to flash one file in Odin and you have a complete firmware including Root Permissions.
What Root Package is used in these ROMs?
- Busybox 1.20.2 (Newer ROMs)
- SuperSU 1.51 (Newer ROMs)
Previously released ROMs may have an older Busybox and SuperSU package installed.
Just UnZip and Flash the '.tar.md5' File in Odin.
Note: If you are coming from a Custom ROM, remember to Wipe Data and Cache Partitions before flashing to avoid Boot Loops.
None as of yet.
Product Code: GT-I9505ZBABTU (4.2.2) (Unbranded UK)
PDA: XXUBMGA
PHONE: XXUBMGA
CSC: OXXBMG3
Link: Download (Dev-Host)
More to come! Enjoy!
Click to expand...
Click to collapse
I beg you please KINDLY tell me how urs is any different then the below?
http://forum.xda-developers.com/showthread.php?t=2250824[ROM] WORLD PREMIERE: I9505 XXUBMGA DEODEX [4.2.2] - Pre-Rooted Stock ROM's Odin/CWM
Sent from my GT-I9505 using Tapatalk 4 Beta
---------- Post added at 11:52 PM ---------- Previous post was at 11:47 PM ----------
DjeMBeY alwys more or less instantly releases pre rooted latest firmwares.. I really hope your not just another glory hunter
Sent from my GT-I9505 using Tapatalk 4 Beta
SALAH100 said:
I beg you please KINDLY tell me how urs is any different then the below?
http://forum.xda-developers.com/showthread.php?t=2250824[ROM] WORLD PREMIERE: I9505 XXUBMGA DEODEX [4.2.2] - Pre-Rooted Stock ROM's Odin/CWM
Sent from my GT-I9505 using Tapatalk 4 Beta
Click to expand...
Click to collapse
I have my own scripts to fully automate the process and I modify the system image directly and not on the device to ensure a fully clean flashable package. I will be releasing the scripts tomorrow. I have looked at the thread you mentioned and it seems that guy has copied my layout format in some respects and changed it slightly. I have been pre-rooting rooms since the galaxy s2 so it isn't exactly a world premiere! Lol! Here are my sources and please check the thread creation dates so you know I create my own work!
Galaxy S2 I9100 Roms:
http://forum.xda-developers.com/showthread.php?t=1608071
Galaxy S3 I9305 Roms:
http://forum.xda-developers.com/showthread.php?t=1942150
Now make your own judgement!
Sent from my GT-I9505 using Tapatalk 4
Couple of questions. Is the firmware 1 or 3 part and as it a wipe rom?
I ask because I would really like to keep my apps and data without having to restore either though titanium or cwm, and if it's a 3 part is like to flash without csc to retain my current one.
Sent from my GT-I9505 using xda premium
sxi200 said:
Couple of questions. Is the firmware 1 or 3 part and as it a wipe rom?
I ask because I would really like to keep my apps and data without having to restore either though titanium or cwm, and if it's a 3 part is like to flash without csc to retain my current one.
Sent from my GT-I9505 using xda premium
Click to expand...
Click to collapse
No sorry its a single file package.
Sent from my GT-I9505 using Tapatalk 4
Is this a ready to go system or is it still in development?
I've just got myself an S4 on EE (UK) and have been trawling all the threads to catch up on what's going on. (I've been stuck with an Atrix 4G for 2 years!)
Perfectly happy with the stock ROM but just really want to get that Root going too.
Mortis2000 said:
Is this a ready to go system or is it still in development?
I've just got myself an S4 on EE (UK) and have been trawling all the threads to catch up on what's going on. (I've been stuck with an Atrix 4G for 2 years!)
Perfectly happy with the stock ROM but just really want to get that Root going too.
Click to expand...
Click to collapse
Yep just follow the the guide and flash with odin.
Sent from my GT-I9505 using Tapatalk 4
Or you can pre root your own if you have Linux knowledge.
Sent from my GT-I9505 using Tapatalk 4
Fantastic, thank you.
Just one more noob question before I take the plunge...does it matter at all that I'm currently at XXUBMG7 for my baseband?
I just grab that GT-I9505ZBABTU (4.2.2) (Unbranded UK) file, unzip, Odin, boom, done!?
Mortis2000 said:
Fantastic, thank you.
Just one more noob question before I take the plunge...does it matter at all that I'm currently at XXUBMG7 for my baseband?
I just grab that GT-I9505ZBABTU (4.2.2) (Unbranded UK) file, unzip, Odin, boom, done!?
Click to expand...
Click to collapse
Yep simple as that! That's the beauty of pre rooted rooms. Even system status stays official.
Sent from my GT-I9505 using Tapatalk 4
You absolute legend.
I'm a tad rusty with Linux sadly. It's been a good 4 years or so since I used any distro in anger.
You know what its like when you get stuck in a rut managing nothing but Windows users!
Shall give that a blast once I've got the file and sort you out a coffee or a pint too.
Mortis2000 said:
You absolute legend.
I'm a tad rusty with Linux sadly. It's been a good 4 years or so since I used any distro in anger.
You know what its like when you get stuck in a rut managing nothing but Windows users!
Shall give that a blast once I've got the file and sort you out a coffee or a pint too.
Click to expand...
Click to collapse
U would hold off a bit as there is a newer Rom for btu released so I shall pre root and upload that over the next few days.
Sent from my GT-I9505 using Tapatalk 4
Fantastic. I assume you're likely to just update this thread when you're done with the new one?
lyriquidperfection said:
U would hold off a bit as there is a newer Rom for btu released so I shall pre root and upload that over the next few days.
Sent from my GT-I9505 using Tapatalk 4
Click to expand...
Click to collapse
Good luck with that.... So far, NO GO.... even when using latest SuperSu (1.60)..... Bootloop......
DjeMBeY said:
Good luck with that.... So far, NO GO.... even when using latest SuperSu (1.60)..... Bootloop......
Click to expand...
Click to collapse
I'll take a look when I'm home tomorrow.
Sent from my GT-I9505 using Tapatalk 4
Hello people, I am new to Samsung, I usually just buy a used phone to circumvent any void warranty issues (as they are cheaper I sort of self insure myself, I only got the desire new and I rooted it on the 2nd day ). My SGS4 is arriving on Tuesday and it will be new with warranty.
Could you please confirm that there is absolutely no chance what so ever to void the warranty by flashing a pre-rooted rom. I would be quite happy to use the stock rom as long as it is rooted.
I've always used HardSPL, official or unofficial (when available) S-OFF and root on my previous HTC devices and I have never ever bricked a phone.
Thank you for your help
Did you get any further with this at all? I've held off rooting for the moment but if it's going to be a while longer I will just go for it with the current one.
XXUDMI1 KNOX WARRANTY VOID - 0x1
Hi,
I am wondering if you have managed to get a worked around with your scripts of the issue that is related to "KNOX WARRANTY VOID - 0x1" in all the newer ROMs. it yes, then how I safely root my I9505 without voiding the "KNOX WARRANTY:
Thanks for your reply.
No sorry, this Knox stuff is way outta my depth. Its very secure.
Sent from my GT-I9505 using Tapatalk 4
Is it just me or has development waned for the S5 due to the locked bootloader? There's just so much you can do with safestrap and modifying Touchwiz. In reality, the odds of a bootloader unlock being discovered is rather slim. Look at the S4, the newest firmware releases are still not unlocked and you're forced to use safestrap. I realize we rely on a talented hacker out there to find an exploit that lets us replace the bootloader with a custom one OR the carrier allowing the bootloader to be unlocked. I've read somewhere that the S5 is approved for use by the U.S. Government so the likelihood of Verizon making the phone insecure by allowing people to unlock the bootloader is close to nil. I just really really want to see this phone not slip into XDA obscurity.
terrigan said:
Is it just me or has development waned for the S5 due to the locked bootloader? There's just so much you can do with safestrap and modifying Touchwiz. In reality, the odds of a bootloader unlock being discovered is rather slim. Look at the S4, the newest firmware releases are still not unlocked and you're forced to use safestrap. I realize we rely on a talented hacker out there to find an exploit that lets us replace the bootloader with a custom one OR the carrier allowing the bootloader to be unlocked. I've read somewhere that the S5 is approved for use by the U.S. Government so the likelihood of Verizon making the phone insecure by allowing people to unlock the bootloader is close to nil. I just really really want to see this phone not slip into XDA obscurity.
Click to expand...
Click to collapse
it is slipping away, but not because of the bootloader being locked. Not as many people (devs included) bought the phone as early adopters, so i'm guessing there's just not enough interest or intent in the phone.
terrigan said:
There's just so much you can do with safestrap and modifying Touchwiz.
Click to expand...
Click to collapse
That right there is why development is slow. There's only so much one can do with a stock system to work with. Expect to see development have a boost after each OTA until all mods are worked in, then the same downward slope until the next OTA. Repeat. :good:
MrHyde03 said:
That right there is why development is slow. There's only so much one can do with a stock system to work with. Expect to see development have a boost after each OTA until all mods are worked in, then the same downward slope until the next OTA. Repeat. :good:
Click to expand...
Click to collapse
There may be hope for that. Over in the Verizon S4 forums, they got kexec working. No aosp yet, and its very unstable, but they found it. It should work on the S5 with a little more work. Hopefully this happens this month.
Sent from my SM-G900V using XDA Premium 4 mobile app
eragon5779 said:
There may be hope for that. Over in the Verizon S4 forums, they got kexec working. No aosp yet, and its very unstable, but they found it. It should work on the S5 with a little more work. Hopefully this happens this month.
Sent from my SM-G900V using XDA Premium 4 mobile app
Click to expand...
Click to collapse
This would be good. kexec was the savior of my previous phone.
eragon5779 said:
There may be hope for that. Over in the Verizon S4 forums, they got kexec working. No aosp yet, and its very unstable, but they found it. It should work on the S5 with a little more work. Hopefully this happens this month.
Sent from my SM-G900V using XDA Premium 4 mobile app
Click to expand...
Click to collapse
I'm not sure if kexec is possible without having a SELinux permissive kernel. I believe the Galaxy s5 is enforcing unfortunately (not vulnerable).
jal3223 said:
I'm not sure if kexec is possible without having a SELinux permissive kernel. I believe the Galaxy s5 is enforcing unfortunately (not vulnerable).
Click to expand...
Click to collapse
That is being worked on already. There is a thread about it.
Sent from my SM-G900V using XDA Premium 4 mobile app
I really hope they are successful.
eragon5779 said:
There may be hope for that. Over in the Verizon S4 forums, they got kexec working. No aosp yet, and its very unstable, but they found it. It should work on the S5 with a little more work. Hopefully this happens this month.
Sent from my SM-G900V using XDA Premium 4 mobile app
Click to expand...
Click to collapse
Actually I'm running a GPE ROM on my Verizon S4 right now. It's SafeStrap compatible. I love AOSP vs TouchWiz.
Being pessimistic it does seem like the beginning of the end for s5. By this I mean to say that safestrap just doesn't cut it as I do not like stock kernel. But everyone's done an amazing job thus far so haven't completely given up but I think nexus devices are the route I will take.
jal3223 said:
I'm not sure if kexec is possible without having a SELinux permissive kernel. I believe the Galaxy s5 is enforcing unfortunately (not vulnerable).
Click to expand...
Click to collapse
to my knowledge it is in the kernel. on vzw s4 mdk devicds were unlocked allowing you to flash custom kernals that were modded by devs like ktoons to make it permissive..
The later firmware builds (cant go back to mdk if took ota to a newer firmware) are in the same boat as the s5 so if they have it on later kernal builds for the s4 then it might b possible.. then again, they have it on the note 3 but doesnt work on the s5 so that concept isnt always possible
Not slipping away. Just at a road block. Everyone has done all the modding they can do on the device. I think everyone is waiting on 5.0.
elliwigy said:
to my knowledge it is in the kernel. on vzw s4 mdk devicds were unlocked allowing you to flash custom kernals that were modded by devs like ktoons to make it permissive..
The later firmware builds (cant go back to mdk if took ota to a newer firmware) are in the same boat as the s5 so if they have it on later kernal builds for the s4 then it might b possible.. then again, they have it on the note 3 but doesnt work on the s5 so that concept isnt always possible
Click to expand...
Click to collapse
I'm working on it. It's rather difficult. It appears the kernel was compiled with no /dev/mem(kmem) character devices in the config. After going through the kernel source, it looks like SELinux was set to always enforce. This is where ro.build.selinux.enforce=1 comes from. The bootloader checks the boot.img hash and for a special cookie
Code:
SEANDROIDENFORCE
which appears before the hash. If this cookie/magic isn't present, the warranty bit will blow. Since I can't access memory directly, and the methods I could use are significantly limited because of the Enforcing status, some sort of vulnerability in the kernel will need to be present. As soon as we can get Permissive, I can get us kernel modules, and hopefully kexec with the help of a few other great devs @Surge1223 @CalcProgrammer1
Your efforts are truly appreciated!
Sent from my SM-G900V using Tapatalk
The OP is originally from September something. I just seen this post and was interested in it, it is now November and if you ask me, yes it has slipped away, technology moves on quickly, i6+ is out and now we will start seeing things about a s6 in the works and it is what it is.
I blame the locked bootloader on a ton of stuff not being created. You have to grab ahold of technology in the moment and use it fast or else its gone before you know it.
It is certainly nothing like the S3 forums. That place is still kicking.
From what I understand they're close to kexec on it and the S4, since they only need KK-compatible kernels and they previously had unlocked bootloaders. That isn't the case here.
Samsung really screwed up with this one. If the N6 wasn't assured to be a failure on Verizon and it didn't have a massive footprint I'd be all over it.
Everybody panic.
Wish we can get some good news soon.
Dead is all I'm seeing, except for the few amazing devs we have now. Those still building, thank you
Galaxy 6s Os 6.2.8▪Ss° Pen
!!!WARNING!!! ONLY for DEVS. SYSTEM DUMP inside, NO ZIPS, NOT FLASHABLE
In the name of humanity!
You want it, so you'll get it! We were told that system dumps are legal so i decided to share it with you
Your warranty is now void. Flash it on your own risk. I'm not responsible for your bricked devices
I used to live honestly and i respect someone else's work and you also learn to respect other people's work.
What's inside?
system dump (bootloader, modem, system, (without data partition) plus very stable and smooth 6.0.1 with beautiful camera, app permissions and amazing battery).
Device: SAMSUNG S5 SM-G900F
Android version: 6.0.1
Build number: MMB29M.G900FXXU1CPB2
CSC: BTU
Kernel version: 3.4.0-7182592, Friday 5th of February.
Security patch level: 1 February 2016
Status: most likely it's beta release
Root: without root privilege
I would like to thank
SAMSUNG
-PiLoT-
alexbelgium
also thanks to all who blackmailed me and said unacceptable words
From Ukraine with Love to you all...
download : updated dump.
https://mega.nz/#!jMphmZjK!sfoFLx1Jm5NXvdcpJD9Ua1nVfj-J9KWc3K16JvNDFS8
MD5: ccb149be4a29d4ae95d73f2a9aa6fc53
SHA-1: bd13929c401c411eee335e8cd6b4cf213f2a8fc3
SHA-256: 24770f0c0924926af1f10e81a97f9fb67feae9b6ac2aa75501 c1debd3457315a
deleted
Deleted.
Sent from my SM-T116 using XDA Free mobile app
after making everyone beg and playing games you've finally done it.
it's a community and people share. so well done for finally just letting it go and not drawing the process out any longer (nobody likes a gloater after all lol) . it would have been just easier had you just done it in the first place instead of being silly about it lol
Unfortunately I think this will only run on a G900F variant successfully due to the kernel. It woud be a G900F specific kernel, so some other variants might not work at all, and others may find issues. For example, a G900I user may get away with testing it, but features like NFC will not work like what happens with Lollipop firmwares.
I think I'll wait until an official 6.x comes out before I make any ROMs based on it, this is obviously an early beta.
djb77 said:
Unfortunately I think this will only run on a G900F variant successfully due to the kernel. It woud be a G900F specific kernel, so some other variants might not work at all, and others may find issues. For example, a G900I user may get away with testing it, but features like NFC will not work like what happens with Lollipop firmwares.
I think I'll wait until an official 6.x comes out before I make any ROMs based on it, this is obviously an early beta.
Click to expand...
Click to collapse
as someone who makes roms is it a good thing to get a beta for testing purpose so you essentially get a head start for when the official version comes out? for tinkering and messing about this so to speak?
or is it really just not worth it until a complete version is out?
Downloading right now. Thanks for sharing even though it took you a long time to get this haha
On g900f BPA2 - bootloop. After reboot using power button + volume down it shows upgrading screen and on 273th app reboots itself. So I think it won't boot without proper bootloader.
restored this on G900T and is bootloop. gets to the flashing samsung logo but stuck there
@geiti94 can you look this and make work?
You need to have 6.0.1 to bootloader to boot it. Ot useless without it..
Sent from my Galaxy S5 SM-G900F boosted by PhoeniX ROM using Tapatalk
tamirda said:
You need to have 6.0.1 to bootloader to boot it. Ot useless without it..
Sent from my Galaxy S5 SM-G900F boosted by PhoeniX ROM using Tapatalk
Click to expand...
Click to collapse
edit kernel to make work with another one isnt possible?
so it wont work on g900f by restoring system files from recovery?
Great man! I am glad that your did not stop at the negative comments of some people and gave us the system dump! Thanks!
Sent from my SM-G900F using XDA Free mobile app
---------- Post added at 06:13 AM ---------- Previous post was at 06:06 AM ----------
kris_l said:
On g900f BPA2 - bootloop. After reboot using power button + volume down it shows upgrading screen and on 273th app reboots itself. So I think it won't boot without proper bootloader.
Click to expand...
Click to collapse
Isn't the bootloader in the boot.img? If not how to backup it?
Sent from my SM-G900F using XDA Free mobile app
Unfortunately the boot.img contains the kernel. The bootloader in my knowledge is impossible to extract from the phone. Correct me if I'm wrong, but the only way to obtain the bootloader to is to take it from a stock firmware.
Flashfire allows to backup the bootloader but it does not work yet on samsung mm and it requires root... has anyone an easy solution to extract it?
first of all, great to see the Dump here. Finally Lets wait a few more days for the BL and THEN lets try it out
noo, we need to speed up, we need marshmallow on our s5 )) just kidding
I tried restoring it from TWRP but I was stuck on boot loop. I even performed a full wipe.
Can someone please try and extract some apps, sounds, wallpapers etc. ?
At least we can see if they are the same as on LP.
Thank you.