Major Security Bug, or Universal Root? - Security Discussion

http://www.huffingtonpost.co.uk/2013/07/04/bluebox-android-security-bug_n_3545216.html
So we have a bug present in virtually all of the Androids. Everyone's talking about the security risks, but all I can think of is that it would be an excellent method to root my otherwise unrootable phone (Softbank 201M; Japanese Razr M).
I imagine some slight tailoring may be required to get this to work on different phones (changing which App is replaced, version numbers, etc), but that would be basic, compared to the code base itself.
Has anyone actually started exploiting this for good instead of evil? I'm wondering if this is something I should try to do myself, or if it'd be better to just let someone with more free time do it first.

Omegaclawe said:
http://www.huffingtonpost.co.uk/2013/07/04/bluebox-android-security-bug_n_3545216.html
So we have a bug present in virtually all of the Androids. Everyone's talking about the security risks, but all I can think of is that it would be an excellent method to root my otherwise unrootable phone (Softbank 201M; Japanese Razr M).
I imagine some slight tailoring may be required to get this to work on different phones (changing which App is replaced, version numbers, etc), but that would be basic, compared to the code base itself.
Has anyone actually started exploiting this for good instead of evil? I'm wondering if this is something I should try to do myself, or if it'd be better to just let someone with more free time do it first.
Click to expand...
Click to collapse
Vulnerabilities leading to root are always a security risk. Problem with this one, is it can be possible to pull off without the user directly knowing what is going on. Bluebox security has not released details, but as soon as they do I am sure we will start seeing some roots based off it.
Now, what is this about Softbank 201M and Japanese Razr M not being rootable? Do you have either of these phones or their firmware?

jcase said:
Bluebox security has not released details, but as soon as they do I am sure we will start seeing some roots based off it.
Click to expand...
Click to collapse
This. I'm sure we'll be seeing a flood of rooting methods based off the Bluebox discovery, given that they say this flaw is present as far back as Donut.
The Thanks button is just to avoid "THANKS" posts in threads. Nothing more. Don't defeat the purpose of why it was introduced.

jcase said:
Vulnerabilities leading to root are always a security risk. Problem with this one, is it can be possible to pull off without the user directly knowing what is going on. Bluebox security has not released details, but as soon as they do I am sure we will start seeing some roots based off it.
Now, what is this about Softbank 201M and Japanese Razr M not being rootable? Do you have either of these phones or their firmware?
Click to expand...
Click to collapse
The 201M is the Japanese Razr M. I do indeed own the phone, and the firmware (at least the old version) is available in the Razr M forum. I've spent a lot of time trying and modifying different root methods to work with it, and nothing has worked so far. Haven't gone far enough to really risk bricking my phone, though (like trying to install the Verizon firmware and root that). No one has yet found a root for it, though. Possibly due to a lack of developers; possibly due to Softbank waiting months after the release of updates in the US to find the root methods and break them before release (such as destroying the entire ADB backup to make that root method fail). As you might imagine, it's somewhat frustrating. Doesn't help that there's a lack of developers with the specific version that know much about rooting at all.
Even tried the Japanese sites. No luck.

Omegaclawe said:
The 201M is the Japanese Razr M. I do indeed own the phone, and the firmware (at least the old version) is available in the Razr M forum. I've spent a lot of time trying and modifying different root methods to work with it, and nothing has worked so far. Haven't gone far enough to really risk bricking my phone, though (like trying to install the Verizon firmware and root that). No one has yet found a root for it, though. Possibly due to a lack of developers; possibly due to Softbank waiting months after the release of updates in the US to find the root methods and break them before release (such as destroying the entire ADB backup to make that root method fail). As you might imagine, it's somewhat frustrating. Doesn't help that there's a lack of developers with the specific version that know much about rooting at all.
Even tried the Japanese sites. No luck.
Click to expand...
Click to collapse
if u can get the recovery out then it is possible to root the device

Related

Docomo SH-03C (Lynx 3D)

Is there any known way of cracking the NAND protection on this phone yet?
Or if not, does anyone know where I should look for the latest news on rooting this Japanese-only phone?
I've been looking all over the internet for months and turned up nothing. I could really do with some help here please guys!
I am also interested in an answer to this question. I have been in talks with a few of the Japanese users currently trying to figure out the phone, and I would like to post a bit about what we know, what progress has been achieved and why this is important for other people outside of Japan.
First and foremost, Sharp has every intention of getting their 3D phones into the hands of overseas users. Now, I could be patient and wait for this to launch, and then for the teams to get to work and crack the bootloader open properly. But why not get an early jump on the work so that the phone can arrive, on the Western shores, fully ready for custom roms and root permissions? The three major 3D phones Sharp currently is pimping (the IS03, the 003SH and the SH-03C) are essentially the same phone with minor tweaks. Serious progress on one could lead to a bit step forward for all! And as the Lynx is currently stuck at 2.1 (and won't be 2.2 till "summer"), it's in the greatest need for an upgrade (the 003SH is already 2.2, and the IS03 goes to 2.2 this week). I know that I'm being a little selfish in this endeavor, but I also know I'm not the only one with this phone, and not the only one interested. Perhaps I'm just the most vocal.
Now, for a quick rundown:
rageagainstthecage: doesn't work, freezes up, phone must be hard rebooted with battery removal.
psneuter: offers root access, but cannot modify /system due to NAND protection/locked bootloader.
SuperOneClick: see above.
Z4root: see above.
Universal Androot: doesn't work. Attempts to root, gets the "no good fuu~~" response.
Visionary: crashes when attempting soft root.
Unrevoked apk: fails immediately. No harm to the phone, but no success either.
gfree: No luck, can't toggle S-off but that may be due to the fact that the phone is definitely not the G2.
Unrevoked app: can't recognize the phone.
I'm hoping that someone in the UnrEVOked community is willing to try and work with me/us on this. We're not a large group by any means (and a majority of the users don't have an expansive English grasp) but we are dedicated, and I'm trying something new everyday. Sharp has even released the kernel as open source, so, if an exploit can be found, work can begin immediately. This could be something big, something wonderful. If anyone could please contact me and let me know, I'm really hopeful.
And sorry for hijacking your thread Eliott.
Sent from my SH-03C using Tapatalk
Sharpen3d said:
I am also interested in an answer to this question. I have been in talks with a few of the Japanese users currently trying to figure out the phone, and I would like to post a bit about what we know, what progress has been achieved and why this is important for other people outside of Japan.
First and foremost, Sharp has every intention of getting their 3D phones into the hands of overseas users. Now, I could be patient and wait for this to launch, and then for the teams to get to work and crack the bootloader open properly. But why not get an early jump on the work so that the phone can arrive, on the Western shores, fully ready for custom roms and root permissions? The three major 3D phones Sharp currently is pimping (the IS03, the 003SH and the SH-03C) are essentially the same phone with minor tweaks. Serious progress on one could lead to a bit step forward for all! And as the Lynx is currently stuck at 2.1 (and won't be 2.2 till "summer"), it's in the greatest need for an upgrade (the 003SH is already 2.2, and the IS03 goes to 2.2 this week). I know that I'm being a little selfish in this endeavor, but I also know I'm not the only one with this phone, and not the only one interested. Perhaps I'm just the most vocal.
Now, for a quick rundown:
rageagainstthecage: doesn't work, freezes up, phone must be hard rebooted with battery removal.
psneuter: offers root access, but cannot modify /system due to NAND protection/locked bootloader.
SuperOneClick: see above.
Z4root: see above.
Universal Androot: doesn't work. Attempts to root, gets the "no good fuu~~" response.
Visionary: crashes when attempting soft root.
Unrevoked apk: fails immediately. No harm to the phone, but no success either.
gfree: No luck, can't toggle S-off but that may be due to the fact that the phone is definitely not the G2.
Unrevoked app: can't recognize the phone.
I'm hoping that someone in the UnrEVOked community is willing to try and work with me/us on this. We're not a large group by any means (and a majority of the users don't have an expansive English grasp) but we are dedicated, and I'm trying something new everyday. Sharp has even released the kernel as open source, so, if an exploit can be found, work can begin immediately. This could be something big, something wonderful. If anyone could please contact me and let me know, I'm really hopeful.
And sorry for hijacking your thread Eliott.
Click to expand...
Click to collapse
Not at all, thanks for the great info!
As crazy as it might sound, one thing I recommend doing is to continue monitoring other roofing methods that aren't exactly for the sh-03c and seeing what happens. Recently a new method for the Thunderbolt has been unveiled, and I have every intention to try it out. Obviously the likelihood of it working is slim, but it's a ton better than running z4root over and over and hoping for different results.
Sharpen3d said:
As crazy as it might sound, one thing I recommend doing is to continue monitoring other roofing methods that aren't exactly for the sh-03c and seeing what happens. Recently a new method for the Thunderbolt has been unveiled, and I have every intention to try it out. Obviously the likelihood of it working is slim, but it's a ton better than running z4root over and over and hoping for different results.
Click to expand...
Click to collapse
I'm a bit hesitant to use untested methods. This is my first Android phone and I have never rooted a phone before so it would be wise for me to wait for someone else to find a reliable way first.
I have flashed many older phones and PSPs in the past but this scene is quite new to me.
I am still checking many Japanese sites daily for news of a root. I will send you a PM if I find anything
figured to bump the thread as I`m also a Lynx3D owner looking for root access and a way around the NAND protection. I would be nice to free up this phone .
I'm still searching daily but it seems to be impossible, I'm not sure if it will ever be rooted.
Never mind though, at least we get android 2.2 this month
Recently there's been some success for the IS03 since receiving their 2.2 update. A new process labelled is03break has apparently been great for soft rooting. It hasn't worked on the SH-03 due to it still being on 2.1, but perhaps there will be a breakthrough after our update drops in June (July?).
Additionally, certain other blogs (specifically the Japanese blog Androot) has reported a failure in attempting all conventional root methods, confirming that the Japanese teams are on the same page we are. Both good and bad, as it does give us a baseline, but I refuse to accept there isn't a solution yet.
Sharpen3d said:
Recently there's been some success for the IS03 since receiving their 2.2 update. A new process labelled is03break has apparently been great for soft rooting. It hasn't worked on the SH-03 due to it still being on 2.1, but perhaps there will be a breakthrough after our update drops in June (July?).
Additionally, certain other blogs (specifically the Japanese blog Androot) has reported a failure in attempting all conventional root methods, confirming that the Japanese teams are on the same page we are. Both good and bad, as it does give us a baseline, but I refuse to accept there isn't a solution yet.
Click to expand...
Click to collapse
That certainly gives me hope, looking forward to 2.2 even more now!
And Docomo have announced that 2.2 is coming this month (May). It has been widely reported and they confirmed it in the Docomo shop this morning for me
Despite my better judgement, I went ahead and ran the is03break on my phone yesterday. Not only was it not successful (ran until it timed out) but it managed to adjust my settings enough that my phone wasn't able to see the cellular network, effectively destroying it's "phone" capabilities. I was able to hard reset it through psneuter/adb and now it's back to normal, but it was definitely a bit of a scare.
When 2.2 comes out, I may give it another go, but in the meantime I'll just play nice. Docomo staff confirmed 2.2 is coming before the end of May, and there's a chance we'll need to do it through the PC like the AU folk had to.
Looks like the update may well have been delayed until next month -
http://translate.googleusercontent.com/translate_c?hl=en&prev=/search%3Fq%3Dlynx%2B3d%2B2.2%26hl%3Den%26client%3Dfirefox-a%26hs%3DG75%26sa%3DX%26rlz%3D1R1GGHP_en-GB___JP427%26tbs%3Dqdr:d%26prmd%3Divns&rurl=translate.google.com&sl=ja&twu=1&u=http://juggly.cn/androidrumors&usg=ALkJrhgmfYRu8El9AjAHz_UeNb1s85EhZw
This is getting a bit much now. 6 months I've been waiting for them to update this phone. I'm considering taking it back and demanding a refund.
For what it's worth, even if there's a delay, at least it's a bit more definitive than things have been. Way back in March when the Quake hit, we were told it was being delayed from March to "Summer." Then they really brought it forward for May, which I don't really consider summer. That rumor blog (and remember, the key word there is rumor) suggests it will be delayed until early June. Worst case scenario, that means that, instead of getting it this week, we receive it in two weeks. I agree it's a pain in the ass, and the fact remains that, stuck at 2.1, we can't use a lot of conventional rooting tools (not to mention run flash, do App2SD, JIT, etc). But returning the phone at this point accomplishes next to nothing. The summer Docomo lineup is a bit underwhelming, in my opinion. You're paying for the camera, and the phone is attached to that. Even if you get the Galaxy S (a really nice phone, no doubt) it's starting to become a bit older. IF we can hold on till SH-03C receives 2.2, I honestly believe a world of possibilities open up. This community may not be large, but we can still tout a 3D phone proudly, and getting 2.2 really legitimizes its abilities.
Just be patient man.
Yeah, you are right.
I'm just getting frustrated at having to keep deleting applications. I'm really looking forward to using flash, bumping up the CPU and trying out that new Tegra app for playing Tegra games!
I'm just really hoping for App2SD. This is getting severely limiting. Additionally, I'm pretty sure that rooting will become significantly more likely once we're up on 2.2. I'm confident that, once we get to Froyo, our phones might be able to piggyback on methods utilitized by other NAND locked phones (example: EVO) that have been successfully rooted.
I just want to uninstall that stupid 3D golf game. It takes up so much memory it's insane.
This sounds promising -
"May 27, 2011
The previous model, LYNX 3D SH-03C in Android 2.2 update seems to be out soon. The details will be announced separately, "there is no update, that will never" Yes."
http://translate.googleusercontent.com/translate_c?hl=en&prev=/search%3Fq%3Dlynx%2B3d%2B2.2%26hl%3Den%26safe%3Doff%26client%3Dfirefox-a%26hs%3D5Ye%26sa%3DX%26rlz%3D1R1GGHP_en-GB___JP427%26biw%3D1120%26bih%3D927%26tbs%3Dqdr:d%26prmd%3Divns&rurl=translate.google.com&sl=ja&twu=1&u=http://ch00288.kitaguni.tv/e1805281.html&usg=ALkJrhgPutM5T2orqoipGRQTi3kSISqnlg
The woman at the Docomo helpline, having started to recognize my voice, totally leveled with me. The update was planned for the end of this month, and they got screwed in timing. They hope for the first weeks of June, but it may be even later than that. Truth be told, I bought my SH-03c aftermarket, so I can't return it even if I wanted to. But I'm not bailing. I'm confident we will see the update before the 15th, and, really, as long as it doesn't start malfunctioning, I can wait.
More rumors, looks like July 7th is the day -
"NTT DoCoMo's "Galaxy S SC-02B", "Galaxy Tab Sc-01C", "LYNX 3D SH-03C" on the OS version is effective from June 7, "will" is a rumor.
According to rumors, the version of June 07, Galaxy S Tab and the Android 2.3 (Gingerbread) to, LYNX 3D SH-03C is Android 2.2 (Froyo) is going to be provided.
LYNX 3D SH-03C
Changes as part of the Android 2.2
-Flash Player 10.1 or later for
- Micro SD card can move the app (the app only support)
- Respond to voice the character input
- Application for Automatic Updates to bulk update
- The application "search" and "News and Weather," in some of the sharp changes in their own additional
- Launch applications list "end all" button added
- Power management notification bar menu (Wi-Fi or BT) is added
- Supports multi-line display in the profile email address and telephone chat
- Added ability to integrate similar contacts in the phone book
- Added the ability to transmit infrared applications infrared receiver
- Change the background color
- Change display Antenapikuto
- Text resize cursor display
- Improved slightly phenomenon events
How to update, download the update tool from the site WEB Sharp, PC and USB connection seems the only way to do. "
http://translate.google.com/translate?hl=en&sl=ja&u=http://maruta.be/news_japan_2100/828&ei=Pq7jTdb4DYuSuwP4x_D0Bg&sa=X&oi=translate&ct=result&resnum=8&ved=0CG4Q7gEwBw&prev=/search%3Fq%3Dlynx%2B3d%2B2.2%26hl%3Den%26safe%3Doff%26client%3Dfirefox-a%26hs%3Dvf4%26sa%3DX%26rlz%3D1R1GGHP_en-GB___JP427%26biw%3D1120%26bih%3D927%26tbs%3Dqdr:d%26prmd%3Divns
That makes a ton of sense. June 7th is when Nintendo is launching a huge update for their platforms as well, and Japan seems to like to do a ton of updates all together.
I want this so badly, I can't believe it's going to be another week.
The product page for the SH-03C over at nttDOCOMO just went 404. I really hope it's because they're busy updating with new information, and not because I'm going to be furiously angry.

What is the likelihood of a 2.2 root?

Hey guys,
I know there are plenty of people working on finding a method for root, it's difficult, not trying to ask when it's going to be or why it's taking so long. I'm just wondering if it will even be possible, given HTC doesn't ever unlock the phone themselves. I love the One X, just got it and I think it's great, but I know that I'm going to eventually want to install MIUI or CM, and since my phone has 2.2 there's basically no way to do that right now.
Reading through some of the dev/think tank threads, I've read a couple of comments alluding to the idea that it might be impossible unless HTC unlocks it, and that they might not. Seems contrary to what I've seen in the past, pretty much every phone I or my friends have had got cracked at some point. Still, if it's not going to be possible ever, I might want to return my phone and switch it out for the SGS3 or some other.
I tried to Google for unrootable android phones and couldn't find any. However the percentage of devices using ics is very small and the only ones that have root as far as I can tell all have unlocked bootloaders.
It's very difficult to remain positive but I'm trying.
gunnyman said:
I tried to Google for unrootable android phones and couldn't find any. However the percentage of devices using ics is very small and the only ones that have root as far as I can tell all have unlocked bootloaders.
It's very difficult to remain positive but I'm trying.
Click to expand...
Click to collapse
Y'all are so impatient!
Like any security, it just takes enough careful effort and determination to defeat. As great as the One X is, I have no doubt there will be enough of both to get this done. :good:
pzuraq said:
I've read a couple of comments alluding to the idea that it might be impossible unless HTC unlocks it
Click to expand...
Click to collapse
I don't have the technical expertise to really say. But just from experience, I can say that HTC has been desperately trying to lock down their phones for over 2 years (maybe longer, that is justs when I jumped into the Android game) with some pretty sophisticated safeguards, and the phones have still been rooted, often very quickly. I don't think HTC has magically gotten better at securing their devices, to the point that the phone is now impossible to root. In particular, our device was rooted (1.73 firmware) something like 3 days after it was released, even with the locked bootloader and all the security that HTC could throw on it at the time. Its just my feeling that its really doubtful that HTC can go from that point, to making the device impossible to root in the matter of a few months..
Seen this new root method here on xda, any idea if compatible with our 1X?
http://forum.xda-developers.com/showthread.php?t=1870652
from my HTC One XL using Tapatalk 2
C3RGIOSE1 said:
Seen this new root method here on xda, any idea if compatible with our 1X?
http://forum.xda-developers.com/showthread.php?t=1870652
Click to expand...
Click to collapse
Apparently not: http://forum.xda-developers.com/showthread.php?p=31435583#post31435583

[Q] Rooting a new droid ultra 4.4?

Ok, so I have been scouring the interwebs for 4 hours now, and I am getting 100 conflicting stories. I am not sure if I can post youtube links, but one says That I can use Kingo (didn't work for me) another was from FrenchGrape100 Neither worked for me, downloaded everything they said, did it all OTA. If anyone has any information, please reply.
Thank you in advance!
~Kevin D.
Okay, here's a TL;DR on the Droid lineup root situation. Essentially, you're out of luck at this point. No root for you! (Or for me, or for a lot of other annoyed users out there. You're not alone.)
Let me reiterate: if you currently have a brand new Droid running 4.4, no root is possible at the moment.
That being said, you're probably getting mixed accounts of this because of the following. Droid Maxx/Ultra/Mini sounds a lot like the Moto X--and they're very similar phones. However, the Moto X DOES have root on 4.4. It's a complicated process that involves downgrading to 4.2, installing a backdoor, and upgrading again to 4.4, then using the backdoor to regain root access. However, as the Droid Maxx/Ultra/Mini have locked bootloaders, it is not possible to downgrade after accepting the OTA upgrade to KitKat 4.4, and most new phones in the lineup are being shipped out with 4.4 already installed.
The first inkling of possible root was when noted dev and exploit-master jcase mentioned, tangentially and on twitter, that he HAD found an exploit for our phones. However, the exploit is not suitable for casual user usage, and still doesn't unlock write protection on the phone, making it essentially useless. Oh, and as a result of the locked write protection, root would be lost any time you restarted the phone. Jcase will be revealing the exploit at the blackhat conference this coming August as a teaching tool, but don't expect it to turn into anything we'll be seeing a solution out of.
The next glimmer of hope came a few weeks ago; remember how I said we couldn't downgrade because of our locked bootloaders? Some Motorola employee started selling bootloader unlock codes for the Droid lineup. You could send the guy 40 bucks and your IMEI number and he'd send you back a device-specific code to unlock your bootloader. Which through an even more complicated process, does eventually allow for root. However, as of about 2ish (?) weeks, the guy selling the codes has stopped; it seems like he/she/them/it/whatever no longer has access to the database containing the unlock codes. A few lucky people got codes before that happened--the process seemed sketchy, and those of us like myself who hesitated are now left with locked down phones.
So yeah, at various points, it's been possible to get root--which, when trying to read up on this stuff, makes it a tad hard to follow.
No root now, though, not if you're already on KitKat 4.4.
Sorry for the disappointment. Keep your ear to the ground in case someone offering codes pops up again and is legit--but I wouldn't hope too hard.
I am one among those few lucky people who got code and unlocked the BL and enjoying root now in 4.4.
@Jumnhy
However, the Moto X DOES have root on 4.4. It's a complicated process that involves downgrading to 4.2, installing a backdoor, and upgrading again to 4.4, then using the backdoor to regain root access. However, as the Droid Maxx/Ultra/Mini have locked bootloaders, it is not possible to downgrade after accepting the OTA upgrade to KitKat 4.4,
Click to expand...
Click to collapse
I want to add only one extra info to make things more clear. Actually BigRed's Moto X is also coming with locked / encrypted BootLoaders like DroidMini/Maxx/Ultra, but since its 4.4 update came first and without signature verification / check and hence downgrading was possible in its case. But in 4.4 of Droid series, the mistake was corrected and downgrade was IMPOSSIBLE.
So Droid users with 4.4 and NO root has to live without root in the future, unless any wonder occurs (like the earlier code purchase).
Moral of the Story:
If you want root access in Droid or other BigRed's phones, buy their Dev edition in future.
Good clarification. Missed that point myself!
This is really disheartening. I had one Droid Maxx back before the update and like an idiot, I updated without researching first. Now I got my insurance to replace the phone hoping that they'd send me one which hasn't been updated yet and instead they sent me one with 4.4 pre-installed. So I started researching and I thought it was possible because I saw a thread where an XDA user... Einstein something or other... said he got the downgrade to work. I think I'm just going to sell the phone and either try to buy one without the update or get a different phone.
ThunderWulf said:
This is really disheartening. I had one Droid Maxx back before the update and like an idiot, I updated without researching first.
Click to expand...
Click to collapse
my dear thunder, you are not alone.... i miss tethering my internet....
nerdyplayer said:
my dear thunder, you are not alone.... i miss tethering my internet....
Click to expand...
Click to collapse
Tethering does not require root. Now if you want wireless hotspot no frills then yes you need root.
You could use easy tether pro to tether just fine without root. But if you wanted to share that connection with more devices the first one would have to remain on. You can bridge the connection to your wireless card and share it.
Sent from my Nexus 7 using Tapatalk
kanagadeepan said:
I am one among those few lucky people who got code and unlocked the BL and enjoying root now in 4.4.
@JumnhyI want to add only one extra info to make things more clear. Actually BigRed's Moto X is also coming with locked / encrypted BootLoaders like DroidMini/Maxx/Ultra, but since its 4.4 update came first and without signature verification / check and hence downgrading was possible in its case. But in 4.4 of Droid series, the mistake was corrected and downgrade was IMPOSSIBLE.
So Droid users with 4.4 and NO root has to live without root in the future, unless any wonder occurs (like the earlier code purchase).
Moral of the Story:
If you want root access in Droid or other BigRed's phones, buy their Dev edition in future.
Click to expand...
Click to collapse
Do you mind sort of breaking down the process you did once you got the code and how the code was styled. Alpha-numeric? 10 digits? Things like that. I am considering that since there is a code and method for unlocking the device in an offline setting, that could be bruteforced using strong hardware GPU. (Which I tend to have these days thanks to virtual currencies.)
I am going to run on the assumption Motorola won't lock out a user for multiple incorrect attempts but who knows.
netuoso said:
Do you mind sort of breaking down the process you did once you got the code and how the code was styled. Alpha-numeric? 10 digits? Things like that. I am considering that since there is a code and method for unlocking the device in an offline setting, that could be bruteforced using strong hardware GPU. (Which I tend to have these days thanks to virtual currencies.)
I am going to run on the assumption Motorola won't lock out a user for multiple incorrect attempts but who knows.
Click to expand...
Click to collapse
It's a 20 digit Alpha numeric code. You enter the code in fastboot mode using the command fastboot oem unlock <code> Since there are 36^20 possible combinations good luck bruteforcing THAT
I think the BL unlock is no longer available from what I have been reading. If anyone has had success lately please correct me.
Sent from my DROID MAXX using Tapatalk
BladeRunner said:
It's a 20 digit Alpha numeric code. You enter the code in fastboot mode using the command fastboot oem unlock <code> Since there are 36^20 possible combinations good luck bruteforcing THAT
Click to expand...
Click to collapse
I know that this question is rhetorical, as reverse engineering this is probably not possible, but is it full alphabet, or only the hex characters a-f for the alpha characters? That's a smaller alphabet. (Also, if it is upper and lower case letters, that's at least a 62 character alphabet, so 62^20. If they are just hex digits, that's "just" 16^20.)
doogald said:
I know that this question is rhetorical, as reverse engineering this is probably not possible, but is it full alphabet, or only the hex characters a-f for the alpha characters? That's a smaller alphabet. (Also, if it is upper and lower case letters, that's at least a 62 character alphabet, so 62^20. If they are just hex digits, that's "just" 16^20.)
Click to expand...
Click to collapse
full alphabet and I have only seen upper case letters
unlock code
an21281 said:
I think the BL unlock is no longer available from what I have been reading. If anyone has had success lately please correct me.
Sent from my DROID MAXX using Tapatalk
Click to expand...
Click to collapse
I just tried to purchase the code. Be guy says no more 2013 codes. Only 2014 production
JarMagic said:
I just tried to purchase the code. Be guy says no more 2013 codes. Only 2014 production
Click to expand...
Click to collapse
Very interesting...
JarMagic said:
I just tried to purchase the code. Be guy says no more 2013 codes. Only 2014 production
Click to expand...
Click to collapse
Some late '13 are getting it anyway...

[Q] Droid Ultra/Maxx - Is there a way to root my device and unlock the bootloader?

Hello all!
I am using the Droid Ultra forum because I can't find or there doesn't seem to be one specifically for the Maxx. I assume they are they same phone but one just has a better battery.
I recently bought my new Droid Maxx using an upgrade. When it arrived, I tried using FoxFi for wifi tethering since LTE is faster than my house internet. I found out it won't work since I have the 4.4. To anybody that is curious, 4.4 came with my phone, I didn't use the OTA update.
After looking around on the internet, I am unable to find a guide that can root my phone. Has anybody made a bootstrap?
I am wondering if there is a way to root my phone with the 4.4 kitkat, whether 4.4 root method is still in development, or people have given up on trying to root it.
Something else. I tried to root my device with two programs, each have failed in the process. Kingo and OneClickRoot.
There is no working root for Android 4.4 on the Ultra/MAXX/Mini, you're stuck like everyone else.
There was "a Chinese guy" doing bootloader unlocks for ~$40 in the recent past few weeks but he/she/it has since stopped doing so (probably unable to access Motorola's database anymore or simply got caught doing it, who knows).
So again, you're stuck with stock 4.4 like everyone else is. The info is all over this subforum...
br0adband said:
There is no working root for Android 4.4 on the Ultra/MAXX/Mini, you're stuck like everyone else.
There was "a Chinese guy" doing bootloader unlocks for ~$40 in the recent past few weeks but he/she/it has since stopped doing so (probably unable to access Motorola's database anymore or simply got caught doing it, who knows).
So again, you're stuck with stock 4.4 like everyone else is. The info is all over this subforum...
Click to expand...
Click to collapse
Ah, that is quite unfortunate. I just needed to get caught up in the news. Thanks and I hope to see some root hacks soon.
Garret27 said:
Ah, that is quite unfortunate. I just needed to get caught up in the news. Thanks and I hope to see some root hacks soon.
Click to expand...
Click to collapse
You could try easy tether pro
I've been thinking. I was reading the forums quite abit recently. The Chinese guy might of had access to the Motorola database with the IMEI or he might have developed a serial-cracker. I remember using keygens to unlock copies of Microsoft Office along time ago. This guy might have done the same but kept it for himself to make a profit. I am wondering if we might see a keygen that uses a person's IMIE.
Just an idea I had.
Sent from my XT1080 using xda app-developers app
So for the sake of getting a more informed is this piece of crap ultra worth keeping in the hope of a root solution in the near future, or is anybody really even working on one?
It's a good phone that could be great (not as great as the MAXX 'cause of that battery life and no wireless charging) - I would say don't hold your breath for an unlock for the bootloader or even root nowadays, it's getting way too tough to root and bootloaders are pretty much... well, locked up I suppose. I don't know of any devs that are seriously working on the Droid devices anymore, it's kind of a crapshoot if you find one I guess.
IF I had gotten either of them before that "Chinese guy" stopped providing the bootloader unlock codes I may have developed a different opinion, but I missed that window of opportunity and so I decided holding onto those phones wasn't feasible given my requirements.
As I said in another post, I did like the MAXX and Mini when I owned them recently, but the fact that I wanted a bit more capability meaning root access because I use some apps that require it as well as the option of potentially using some customized ROM or doing customization that might require something like the Xposed framework means you're dead in the water with the Ultra/MAXX/Mini.
I sold both, picked up a Samsung Galaxy Express for $80 and it's unlocked (for T-Mobile, did that in 2 minutes), rooted and of course running CyanogenMod 11 aka Android 4.4.2 without a single issue so far except the camera FCs often but that's a well known bug that persists and likely will always be problematic (except on those new CyanogenMod phones I suppose since they're designed to run that OS 100% without problems).
The Ultra, the MAXX, and the Mini are damned nice devices if you like "pure stock" and pretty much zero chance of them ever being anything else - the fact that they're GSM unlocked from the factory is a plus, so is the wireless charging for the MAXX and Mini, but that's about it for me and not enough to keep them for the long haul.
Good luck...
Thank you very much for an honest opinion. Fortunately I just signed on with Verizon and received this phone only a couple of days ago and have the option of retuning it and canceling the service with only a minimal restocking fee to deal with. I guess I will have to exercise that option because root access to the device is critical for use at work.
SOSDD said:
Thank you very much for an honest opinion. Fortunately I just signed on with Verizon and received this phone only a couple of days ago and have the option of retuning it and canceling the service with only a minimal restocking fee to deal with. I guess I will have to exercise that option because root access to the device is critical for use at work.
Click to expand...
Click to collapse
Exchange for a gs5. It has root. As does the HTC one m8. The m8 looks well built. And the dot view case is sweet.
Sent from my unlocked consumer edition Motorola Droid Maxx xt1080m.

YA 4.4.2 Bootloader Discussion

Hey there remaining Verizon S3 users!
Coming from my favorite device the T959V this has been quite a trip. This device's bootloader is seemingly impossible to unlock on the 4.4.2 NE1 firmware.
I've got a slightly modified Superlite rom rolling with SafeStrap already strapped. And it is great to say the least. Added some initd and utilities. Evie launcher is pretty nice btw- recommend a try :good:
However. I still really want this thing to be unlocked. The T959V has multiple working Fro, GB, ICS, JB, KK, L, M, AND Nougat ROMS. Totally different devices yes but-- even the newer S4-S6 have cracked loaders now.
There has to be a special way to change this things firmware.
Right now I have 2 ideas to throw out to the wind-
1- Would be that there could be a way to trick the device into thinking it is receiving a new update. Maybe somehow with CSC or something. Also I saw a file named authorized.xml and was reading through to find traces of knox. Would unauthorizing knox strings somehow render it useless?
2- I was reading a suggested post about AVB boots and how they can be resigned on devices such as the Google Pixel and allows the newer patches to still install. Including what was described as a forced re-sign method.
--- Could we somehow resign the bootloader on our device so as to gain control of it? Has anybody tried anything like this since around 2015?
I'll gladly talk about all of this more whenever I feel like popping on- and atm I have no web besides this service. :silly: so no DOS updates and no shiny linux for now.
Gladly tell me that it is "impossible" but I'm not asking that. I'm trying to add some ideas to possibly do the impossible.
Edit: This seems to be an interesting lead on emmc cracking this device. It's probably why people in other threads were in search of a "dev" edition.
http://forum.gsmhosting.com/vbb/f777/unlock-samsung-devices-bootloader-emmc-backdoor-2142981/
graycow9 said:
Hey there remaining Verizon S3 users!
Coming from my favorite device the T959V this has been quite a trip. This device's bootloader is seemingly impossible to unlock on the 4.4.2 NE1 firmware.
I've got a slightly modified Superlite rom rolling with SafeStrap already strapped. And it is great to say the least. Added some initd and utilities. Evie launcher is pretty nice btw- recommend a try :good:
However. I still really want this thing to be unlocked. The T959V has multiple working Fro, GB, ICS, JB, KK, L, M, AND Nougat ROMS. Totally different devices yes but-- even the newer S4-S6 have cracked loaders now.
There has to be a special way to change this things firmware.
Right now I have 2 ideas to throw out to the wind-
1- Would be that there could be a way to trick the device into thinking it is receiving a new update. Maybe somehow with CSC or something. Also I saw a file named authorized.xml and was reading through to find traces of knox. Would unauthorizing knox strings somehow render it useless?
2- I was reading a suggested post about AVB boots and how they can be resigned on devices such as the Google Pixel and allows the newer patches to still install. Including what was described as a forced re-sign method.
--- Could we somehow resign the bootloader on our device so as to gain control of it? Has anybody tried anything like this since around 2015?
I'll gladly talk about all of this more whenever I feel like popping on- and atm I have no web besides this service. :silly: so no DOS updates and no shiny linux for now.
Gladly tell me that it is "impossible" but I'm not asking that. I'm trying to add some ideas to possibly do the impossible.
Edit: This seems to be an interesting lead on emmc cracking this device. It's probably why people in other threads were in search of a "dev" edition.
http://forum.gsmhosting.com/vbb/f777/unlock-samsung-devices-bootloader-emmc-backdoor-2142981/
Click to expand...
Click to collapse
I've been around this and many many other forums for years now. If there was an unlock method it would of been found years ago. Devs have long moved on from the old S3. I still have my S3 lying around, bootloader unlocked but I really haven't messed around with it for quite a long time now
And yes the dev edition would of been nice had someone actually had one, it would of of course made it easier to crack the bootloader option maybe. I don't know much about the ins and outs of the device but I know many are permanently locked and will probably never be unlocked.
As far as certain other Samsung devices being unlocked those are far and few between. VZW got smart and started just locking them from the start. This is a huge reason why I left Verizon. The S3 was my last device on big red. I since have had a Nexus 5 and 6 and now a oneplus 3t. I really don't like locked devices and the ability to unlock them and customize them just intrigues me to no end. Good luck however in finding something that may work, but I highly doubt it will ever be cracked
Sent from my OnePlus 3T
Ya I expected your negatude Shapes. Already seen that you have been searching but it isn't just some application you run. It's an unknown exploit that I'm sure exists. There are exploits right now that can be considered viral potentially exploiting my device as we speak. Maybe not granted my semi-precautious take on things.
Quadrooter and dirty cow could be used to exploit the S3 and gain access to a quoted "all" physical memory. So I find it hard to believe that things can't work in our favor.
Being open minded here. After all, this is technically hacking your own device. Which--
Got me thinking the other day, becausr I was setting up my laptop proper- could we run a nix distro and poke through the bootloader's parameters via exploitation tools? Referencing Kali or it's elder BTrack. But I think it is possible and I just haven't gotten around this loop mounting issue.
To be clear, running a distro ON the device. My flat is already running square.
Sent from my SCH-I535 using XDA-Developers Legacy app
Also a purposely separate post- I'm building a ROM for this locked firmware and the goal is to have some specific updated apps and yet trim it nicely so as to save space and RAM it's mostly stock style-wise but it'd be cool to re-theme it. I haven't gotten things deodexed yet- being I haven't gotten my apktools working proper yet.
Is there anybody left to be interested in this? I haven't posted anything I've made before- usually just keep them lying around for emergency flashes.
Sent from my SCH-I535 using XDA-Developers Legacy app
graycow9 said:
Ya I expected your negatude Shapes. Already seen that you have been searching but it isn't just some application you run. It's an unknown exploit that I'm sure exists. There are exploits right now that can be considered viral potentially exploiting my device as we speak. Maybe not granted my semi-precautious take on things.
Quadrooter and dirty cow could be used to exploit the S3 and gain access to a quoted "all" physical memory. So I find it hard to believe that things can't work in our favor.
Being open minded here. After all, this is technically hacking your own device. Which--
Got me thinking the other day, becausr I was setting up my laptop proper- could we run a nix distro and poke through the bootloader's parameters via exploitation tools? Referencing Kali or it's elder BTrack. But I think it is possible and I just haven't gotten around this loop mounting issue.
To be clear, running a distro ON the device. My flat is already running square.
Click to expand...
Click to collapse
I don't think shapes was trying to act negative at all, just stating the obvious. Nobody is going to try to unlock the Verizon S3, it's pretty much a dead end.
The unlock method used on the S5 will most likely work on this phone, but we need a developer CID to rewrite to the emmc as the series chip used on the S3 likely has the same vulnerability. This is what happened on the S5.
If you read some of the other posts (sounds like you have), we looked for an S3 developer edition but had no luck in tracking one down. For one, it's an incredibly old device. Secondly, you'd have to be semi retarded to purchase one as the original unlock method was around before the developer edition was released.
So yes, if you can find a developer S3 this will likely be an unlock method. It tricks the S3 into thinking it's a developer phone and unlocks the bootloader if the method to write it works the same as in the S5.
As for your questions,
1. I think you're underestimating the amount of security that goes into the bootloader itself. If you want to learn a lot about Android security in general, in the Android security discussion section located under general forums, there's tons of info regarding how complex this all is. But basically, in order to send an update patch, it needs to be signed (you can't just fake the signature) and it must agree with the current bootloader. The way the bootloader is written, it simply won't allow a reversion back to earlier versions or it'll abort the boot.
An easier way to think of this is understanding that the changes made are preinstalled before the actual boot. There's no way for us to change this through normal methods as the emmc has to be written to directly. There is no way to do this from download or recovery mode. Wouldn't matter if you flashed it or used and update package, they are essentially the same thing.
So the only way to actually change the bootloader is to write to the emmc directly through use of the JTAG port. This changes the code of the entire bootloader before the boot and the phone will boot up with any version of the S3 bootloader you write.
2. I think I kind of answered that?
Hope it's clear.
BadUsername said:
I don't think shapes was trying to act negative at all, just stating the obvious. Nobody is going to try to unlock the Verizon S3, it's pretty much a dead end.
The unlock method used on the S5 will most likely work on this phone, but we need a developer CID to rewrite to the emmc as the series chip used on the S3 likely has the same vulnerability. This is what happened on the S5.
If you read some of the other posts (sounds like you have), we looked for an S3 developer edition but had no luck in tracking one down. For one, it's an incredibly old device. Secondly, you'd have to be semi retarded to purchase one as the original unlock method was around before the developer edition was released.
So yes, if you can find a developer S3 this will likely be an unlock method. It tricks the S3 into thinking it's a developer phone and unlocks the bootloader if the method to write it works the same as in the S5.
As for your questions,
1. I think you're underestimating the amount of security that goes into the bootloader itself. If you want to learn a lot about Android security in general, in the Android security discussion section located under general forums, there's tons of info regarding how complex this all is. But basically, in order to send an update patch, it needs to be signed (you can't just fake the signature) and it must agree with the current bootloader. The way the bootloader is written, it simply won't allow a reversion back to earlier versions or it'll abort the boot.
An easier way to think of this is understanding that the changes made are preinstalled before the actual boot. There's no way for us to change this through normal methods as the emmc has to be written to directly. There is no way to do this from download or recovery mode. Wouldn't matter if you flashed it or used and update package, they are essentially the same thing.
So the only way to actually change the bootloader is to write to the emmc directly through use of the JTAG port. This changes the code of the entire bootloader before the boot and the phone will boot up with any version of the S3 bootloader you write.
2. I think I kind of answered that?
Hope it's clear.
Click to expand...
Click to collapse
Truthfully after being around the forums for as long as I have I'm really surprised there is any interest in unlocking this device at this point in time. There are just so many other options and unlocked vzw s3s are not that hard to come by.
And I wasn't being negative it's about being realistic. Thanks for sticking up for me brother
Sent from my OnePlus 3T
Are there any updates to this by any chance, I am interested :C
any hope?

Categories

Resources