Related
I have an AT&T HOX. Came stock with 1.85.
I rooted it using the "redbend" method described here (http://forum.xda-developers.com/showthread.php?t=1709296)
(More or less, the pulling SIM card business wasn't part of the steps when I used it, but the root was successful).
I am using SuperSU to manage root access by apps.
I have not done anything beyond that.
Now, I understand, at some point, AT&T is going to force a 2.20 update on me.
My primary concern is to avoid losing root.
(I have enabled the "preserve root across OTA" in SuperSU, but not sure if its effective or not)
I've looked at the howto's for SuperCID, unlocking the bootloader, etc, and I'm not sure which I NEED, and which are optional, and/or what the pros/cons are of each...
I'd like to stay as close to "stock" as possible, but I want to ensure that I can keep root.
I'm still within my AT&T contract, and would really prefer to avoid bricking the phone.
I'm wondering what the recommendations are as to the minimum steps I should take to keep root in the event the OTA is forced on me?
Can I pre-empty the OTA by installing this? ( http://forum.xda-developers.com/showthread.php?t=1812459 )
If so, what is the safest method for installing it?
FWIW, I am a linux user, and I am comfortable with adb as well as the command line on the phone itself.
I have no windows systems, so any special tools I'd need other than adb I'd have to find a linux version.
I don't need "one click" methods, in fact I'd prefer to see/perform the individual steps and understand what they are doing.
unlock your bootloader using this method http://forum.xda-developers.com/showthread.php?t=1672284 if you don't you wont get root again afterwards.
Dont have to unlock to flash roms?
This document,
http://onexroot.com/one-x-root/root-any-htc-one-x-windowsmaclinuxattinternationalone-click-method/
Near the very bottom, suggests:
For AT&T HTC One XL and alike, if you want to install custom ROMs, you don’t have to unlock your bootloader but simply flash custom recovery in fastboot.
Is this accurate?
My ATT HOX is currently rooted, and I now have SuperCID. I assumed I would need to unlock my bootloader, but I havent done that yet.
Can I install this:
https://play.google.com/store/apps/details?id=com.s0up.goomanager
and then use it to install the "Stock Rooted AT&T 2.20.502.7" here?
http://forum.xda-developers.com/showthread.php?t=1812459
And if I do that, will this avoid AT&T OTA'ing me?
On a relatated note, would the SuperCID survive the OTA, allowing me to unlock the bootloader afterward, even if I hadnt done so already?
Megadave123 said:
This document,
http://onexroot.com/one-x-root/root-any-htc-one-x-windowsmaclinuxattinternationalone-click-method/
Near the very bottom, suggests:
For AT&T HTC One XL and alike, if you want to install custom ROMs, you don’t have to unlock your bootloader but simply flash custom recovery in fastboot.
Is this accurate?
Click to expand...
Click to collapse
Completely false. You cannot install custom recovery without unlocked bootloader. For the safety of your device, I'd suggest sticking with XDA, and not Googling random websites. That website obviously has incorrect information.
Megadave123 said:
and then use it to install the "Stock Rooted AT&T 2.20.502.7" here?
http://forum.xda-developers.com/showthread.php?t=1812459
And if I do that, will this avoid AT&T OTA'ing me?
Click to expand...
Click to collapse
AT&T isn't going to "OTA" you by force. You have to accept the download, then accept the installation. Cancelling either of those will prevent the OTA from being installed.
If you want to update to the stock 2.20 firmware without running the OTA or RUU (and therefore keep the ability to flash kernels and radios), than yes, the ROM you linked is the method I would suggest. But you would need to unlock the bootloader, then install TWRP before you can flash the rooted 2.20. Also keep in mind there are newer (than 2.20) firmwares already posted in Development (2.23, 2.29, etc.) in similar pre-rooted form. Not to mention custom ROMs based on 2.20 or newer.
Megadave123 said:
On a relatated note, would the SuperCID survive the OTA, allowing me to unlock the bootloader afterward, even if I hadnt done so already?
Click to expand...
Click to collapse
SuperCID survives OTA. But the 2.20 OTA has a new hboot, which fixes the hole by which kernels and radios can be flashed from recovery, so my recommendation would be not to install the OTA.
redpoint73 said:
Completely false. You cannot install custom recovery without unlocked bootloader. For the safety of your device, I'd suggest sticking with XDA, and not Googling random websites. That website obviously has incorrect information.
Click to expand...
Click to collapse
FWIW, I didnt google that site. It was linked to from an XDA post. I't didnt seem right to me, which is why I asked here
AT&T isn't going to "OTA" you by force. You have to accept the download, then accept the installation. Cancelling either of those will prevent the OTA from being installed.
If you want to update to the stock 2.20 firmware without running the OTA or RUU (and therefore keep the ability to flash kernels and radios), than yes, the ROM you linked is the method I would suggest. But you would need to unlock the bootloader, then install TWRP before you can flash the rooted 2.20. Also keep in mind there are newer (than 2.20) firmwares already posted in Development (2.23, 2.29, etc.) in similar pre-rooted form. Not to mention custom ROMs based on 2.20 or newer.
Click to expand...
Click to collapse
Ok, that is VERY good to hear.
BTW, thank you very much. I read somewhere that ATT could/might force the OTA, and I've been worried about losing root ever since, but not quite ready to (presumably) completely void my warranty with a bootloader unlock.
Megadave123 said:
BTW, thank you very much. I read somewhere that ATT could/might force the OTA, and I've been worried about losing root ever since, but not quite ready to (presumably) completely void my warranty with a bootloader unlock.
Click to expand...
Click to collapse
I think bypassing the user acceptance dialogues for the OTA install would be a violation of how Android fundamentally works. It would be a serious security issue, as it might allow rogue software to be installed on your device without your interaction. I seriously doubt AT&T would institute such a thing.
The user confirmation of the OTA might be a liability thing, too. If the performance of the device is adversely affected by the OTA (happens to some people) and the OTA was forced by AT&T without the owner having a choice, it would seem to me that AT&T has to accept the responsibility. People can claim its AT&T's fault, and demand a replacement device (since AT&T technically installed the software remotely). By making you confirm the OTA installation (and giving you the chance to opt out), you pretty much are volunteering to install the software and accept the consequences.
In theory, unlocking the bootloader voids you warranty. But more than a few folks on here have gotten warranty replacements from AT&T (after unlocking the bootloader), without issue. Sometimes in-store (within the first 30 days) without them even checking for the bootloader unlock. No guarantee that this will always be the case. But just throwing it out there. Its still up to you whether unlocking the BL is worth the risk in your own case.
I dont remember but isnt hoxl supported by goomanager? As long as your rooted you can install a recovery from it with a locked bootloader. I always reccomend unlocking but im pretty sure its not a total necessity to get twrp recovery
18th.abn said:
I dont remember but isnt hoxl supported by goomanager? As long as your rooted you can install a recovery from it with a locked bootloader. I always reccomend unlocking but im pretty sure its not a total necessity to get twrp recovery
Click to expand...
Click to collapse
The hoxl is officially supported by twrp and can be downloaded from goomanager. I do not know if you can install a custom recovery without an unlocked bootloader. I would be interested to know if this can be done as well.
Sent from my Nocturnalized One XL using Forum Runner
when you try to push a recovery via fastboot with a locked bootloader it will fail due to invalid signature I don't see how goomanager would be any different.
Is there any harm in trying it?
If I install "goo manager", and let it do its thing, and the locked bootloader prevents it from doing so, there wont be any other side effects, will there?
If I come off as a complete noob at this - its because I am..
This is my first Android phone, and I *really* want to avoid bricking it, so I want to make sure I understand as much as possible before I go
trying to do anything to it.
Also I'm still wary of unlocking, mainly because of the whole "will erase your phone" bit.
I'm not yet fully comfortable that I know how/what to fully backup all of "my" data on the phone so as to facilitate easily putting it all back.
I'll answer some q's here.
1.) you cannot flash a custom recovery from hboot with a locked bootloader
2.) you CAN dd a custom recovery with a locked bootloader. However your device will be soft-bricked.
3.) you CAN install custom ROM's via dd right from android. This is how we did it back "in the day".
4.) you "might" be able to get away with dd'ing a custom kernel with locked BL, not not sure. In fact, I'd bet it will softbrick now that I think about it.
Anyways, the SAFEST way to do it is via unlocking the bootloader and installing your roms from custom recovery.
gunnyman said:
when you try to push a recovery via fastboot with a locked bootloader it will fail due to invalid signature I don't see how goomanager would be any different.
Click to expand...
Click to collapse
Beaups pretty much already answered it. But this guy tried installing TWRP thru goomanager with a locked bootloader, and confirmed it doesn't work: http://forum.xda-developers.com/showthread.php?p=31220704#post31220704
Hey folks. It's me again :victory: So I've got another super easy video guide on how to root your shiny new Samsung Galaxy S4 I337 or I337m.
This guide is using djrbliss's Motochopper tool. This tool has made it easier than ever to root a device! So BIG thanks goes out to him!
Links to everything can be found in the video description.
Enjoy
Here is a couple of more. I figure its better to keep them all in one place so people can decide which guide they want to use.
http://forum.xda-developers.com/showthread.php?t=2257039
http://forum.xda-developers.com/showthread.php?t=2257058
I think there might be a couple more out there but this should help people to answer any possible question about rooting that they could ever have.
If you have the AT&T OTA (MF3) for the SGH-I337 S4, the method in the OP does not work. Here is a method for rooting MF3:
http://forum.xda-developers.com/showthread.php?t=2387577
For Canadian MG1 Firmware, try CF Auto-Root download for the SGH-I337M:
http://forum.xda-developers.com/showthread.php?t=2293800
Just sold my Rogers S2 LTE because I upgraded to the S4. My quick question, if I ROOT and retain the original Samsung Recovery will I be able to still get and do official firmware upgrades? This is the only thing stopping me from going forward with rooting.
You can still get updates, but you will loose your root access with each update.
thanks: im now rooted and sim unlocked for free!
Slade8525 said:
thanks: im now rooted and sim unlocked for free!
Click to expand...
Click to collapse
Hey, how did you sim unlock it for free, do you mind sharing?
yeah sure!
similar method worked for my GS III; havent tested the GS IV with different sim just yet but GF's old GS III is working just fine for her sister in Canada (Bell i think). GF found it actually, and did it to hers 1st. ill know if it works when we leave for work in Montreal next week or if i bum a t-mobile cell from a friend.
http://forum.xda-developers.com/showthread.php?t=2282683
Stoneyguy said:
You can still get updates, but you will loose your root access with each update.
Click to expand...
Click to collapse
WRONG, I am unable to update my device, it says that my phone has been modified, and yes, I have rooted it with this video.
Whenever I try this method, when it goes to push the exploit, it says error multiple devices or something. when I only have the S4 plugged in. Followed step by step.
Dragosmp said:
WRONG, I am unable to update my device, it says that my phone has been modified, and yes, I have rooted it with this video.
Click to expand...
Click to collapse
My phone is rooted and still shows official in phone status. There is a post on how to regain that status while still maintaining your root.
Stoneyguy said:
My phone is rooted and still shows official in phone status. There is a post on how to regain that status while still maintaining your root.
Click to expand...
Click to collapse
Could you post a link to where it shows how to regain the status will maintaining the root?
rsarwar said:
Could you post a link to where it shows how to regain the status will maintaining the root?
Click to expand...
Click to collapse
The link has already been posted on the first page.
thanks worked great just rooted min in 5 min
Safe to root?
Excuse my ignorance, but on another thread it was suggested that in the absence of recovery and a backup image rooting might be premature. Is the general consensus now that it is safe to root? There seems to be some backup images around thought I don't know if they have been tested, and I haven't heard about recovery.
sblevine
Newbie here... couple of questions
I have the same concern as the member above... is it already possible to restore the phone if something goes bad? Is there instructions anywhere around this forum? where?
Also, once you root the phone you can proceed to download a ROM and install it... when a new ROM version is available and I download and install it, do I lose the root?
What is the best (if more than one is already available) for the ATT S4?
Thank you all and sorry for the "newbieness"....
Cheers:good:
speed2001 said:
I have the same concern as the member above... is it already possible to restore the phone if something goes bad? Is there instructions anywhere around this forum? where?
Also, once you root the phone you can proceed to download a ROM and install it... when a new ROM version is available and I download and install it, do I lose the root?
What is the best (if more than one is already available) for the ATT S4?
Thank you all and sorry for the "newbieness"....
Cheers:good:
Click to expand...
Click to collapse
No, rooting gives you certain superuser privileges. You can use Titanium Backup to freeze and restore bloatware, AdBlock to block advertisements, etc. Some phone tracking software and remote desktop control software requires root as well.
You cannot modify the basic operating system (ROM) until the bootloader is unlocked. You can overwrite the files, but that will brick your device since the bootloader checks signatures.
There is a bootloader exploit for the ATT S4 that will be released within the next week. The developer was waiting until the Verizon version of the S4 was available so more people would be able to use the exploit before it was patched.
Do not accept an OTA update for your device as that is how they will patch the bootloader exploit.
1. Root your device.
2. Carrier unlock your device.
3. Install custom ROM when bootloader is exploited later this week.
Relys said:
No, rooting gives you certain superuser privileges. You can use Titanium Backup to freeze and restore bloatware, AdBlock to block advertisements, etc. Some phone tracking software and remote desktop control software requires root as well.
You cannot modify the basic operating system (ROM) until the bootloader is unlocked. You can overwrite the files, but that will brick your device since the bootloader checks signatures.
There is a bootloader exploit for the ATT S4 that will be released within the next week. The developer was waiting until the Verizon version of the S4 was available so more people would be able to use the exploit before it was patched.
Do not accept an OTA update for your device as that is how they will patch the bootloader exploit.
1. Root your device.
2. Carrier unlock your device.
3. Install custom ROM when bootloader is exploited later this week.
Click to expand...
Click to collapse
Cool, thanks for the reply. I was under the impression that the bootloader was already exploited. Pure BS those protections that always end up broken like the IOS ones. What I would like is to have the S4 as factory released and load a good ROM without any problems and no bloatware. If not for the warranty I would buy an unlocked phone elsewhere.
Well, let's wait for the exploit next week. I don't want to brick my phone and not able to restore it. I will keep checking back.
Cheers and thanks again
Speed
Relys said:
No, rooting gives you certain superuser privileges. You can use Titanium Backup to freeze and restore bloatware, AdBlock to block advertisements, etc. Some phone tracking software and remote desktop control software requires root as well.
You cannot modify the basic operating system (ROM) until the bootloader is unlocked. You can overwrite the files, but that will brick your device since the bootloader checks signatures.
There is a bootloader exploit for the ATT S4 that will be released within the next week. The developer was waiting until the Verizon version of the S4 was available so more people would be able to use the exploit before it was patched.
Do not accept an OTA update for your device as that is how they will patch the bootloader exploit.
1. Root your device.
2. Carrier unlock your device.
3. Install custom ROM when bootloader is exploited later this week.
Click to expand...
Click to collapse
Regarding the bold above, I am honestly not that interested in the Custom ROMS right now, only rooting and with this method it does not install any custom recovery, right? As well, if I root via this method will I be able to still do the OTA updates since Samsung recovery is untouched? I know and understand that I will likely loose root, but I can always re-root, right?
I am itching to root and this is the only thing stopping me as there seems to be much confusion about this.
BTW I am on Rogers (Canada) i337M if it makes a difference
rsarwar said:
Regarding the bold above, I am honestly not that interested in the Custom ROMS right now, only rooting and with this method it does not install any custom recovery, right? As well, if I root via this method will I be able to still do the OTA updates since Samsung recovery is untouched? I know and understand that I will likely loose root, but I can always re-root, right?
I am itching to root and this is the only thing stopping me as there seems to be much confusion about this.
BTW I am on Rogers (Canada) i337M if it makes a difference
Click to expand...
Click to collapse
I've been a bit confused as well despite reading hundreds of posts and watching referenced videos (I've also been hesitant to ask questions given the culture of this board). Here is what I hope is accurate, please correct where I am wrong:
We can root I337 now.
Doing a simple root now is reversible, ie, can be un-rooted.
The bootloader unlock is needed primarily for custom roms.
If one does not desire a custom rom, there is no reason to wait to root.
And, a few questions:
Does rooting wipe out apps, settings, and/or data?
Will an AT&T android system update remove the root?
If so, can we just root again?
Thank you for clarifications. I'm sure there are many that are not posting with some of these questions. I will be glad to put together a noobie's guide if I can get a handle on all of this. It is all out there somewhere, but very fragmented, and often one post is contradicted by another.
zekeblue said:
I've been a bit confused as well despite reading hundreds of posts and watching referenced videos (I've also been hesitant to ask questions given the culture of this board). Here is what I hope is accurate, please correct where I am wrong:
We can root I337 now.
Doing a simple root now is reversible, ie, can be un-rooted.
The bootloader unlock is needed primarily for custom roms.
If one does not desire a custom rom, there is no reason to wait to root.
And, a few questions:
Does rooting wipe out apps, settings, and/or data?
Will an AT&T android system update remove the root?
If so, can we just root again?
Thank you for clarifications. I'm sure there are many that are not posting with some of these questions. I will be glad to put together a noobie's guide if I can get a handle on all of this. It is all out there somewhere, but very fragmented, and often one post is contradicted by another.
Click to expand...
Click to collapse
Your assumptions are correct:
1. Yep.
2. Yes, you can delete busybox and su in your system directory to get your phone switch your phone from "Custom" to "Official" status. If you install SuperSu and remove Superuser you can have root while keeping "Official" status.
3. Correct.
4. If you **** up while messing around with root you can recover to stock ROM via Odin or Kies. There is no reason to wait for root.
To answer your questions.
1. No, nothing changes. You just enable superuser privileges.
2. Typically yes. Don't accept OTA's until your know they're safe.
3. It depends if they patch the exploit or not.
(As a foreword, I've been searching and trying to find these answers myself but I haven't had much luck. If there are resources out there covering my questions, please direct me there. Thanks!)
Could someone please inform me of the specific difference(s) between the VRALEC and VRALE6 bootloaders? Also any background info would be interesting to know as well (order in which they were leaked, timeframes, circumstances etc).
Next question: I was able to successfully ODIN the VRALEC bootloader (only) to my stock phone on VRBMF1. When I tried to do the same with VRALE6 it failed with a signing-related error. However I was able to flash the VRALE6 directly using the CASUAL utility and that worked fine. I don't understand why/how the phone will allow itself to boot from that file, but wouldn't allow it to be ODIN'd. Could somebody enlighten me? Also, if I were to have tried ODIN'ing the entire VRALE6 bootchain, would that have succeeded?
Also, is there any rationale for using any other bootloader(s)? There appear to be at least 10 different bootloader and/or bootchain version varients out on the web in different places. From what I can gather though, only the two listed above are significant since they are 'unlocked'.
Lastly, which bootloader does the Developer Edition phone use? Does it come unlocked, or is it unlock-able via some web site or something? If it has its own 'special' unlocked bootloader, why could we not simply get a copy and use that on retail phones rather than the old/leaked version widely used now?
B
pluto01 said:
(As a foreword, I've been searching and trying to find these answers myself but I haven't had much luck. If there are resources out there covering my questions, please direct me there. Thanks!)
Could someone please inform me of the specific difference(s) between the VRALEC and VRALE6 bootloaders? Also any background info would be interesting to know as well (order in which they were leaked, timeframes, circumstances etc).
Click to expand...
Click to collapse
Well, for the longest time the VRALEC was titled the "boot chain" and I'm seeing now in Invisiblek's awesome thread over on Rootz, that's not the case anymore. So, I'll preface this by saying referring to both VRALEC and VRALE6 terms as "bootloaders" sounds weird now because VRALEC was originally titled "VRALEC.bootchain.tar".
VRALEC file should be a "tar" and the VRLE6 file should be a "zip." Cool? Here's how to differentiate, the VRALEC.bootloader.tar needs to be flashed in Odin to allow you to install a custom recovery. It is essentially just the first step of several to unlock the bootloader, it is not unlocked at this point. Someone of a more technical background can explain this better but its like this file is hijacking the boot sequence and telling the phone everything is still recognized as official firmware. There's no trigger that prompts the phone to give you the yellow triangle warning. Once a custom recovery is installed, you need to flash in recovery the VRLE6.zip to unlock the bootloader. Both of these files come from a pre-release VZW GSIII that were so graciously provided to AdamOutler by an African-Canadian Sock Monkey. Seriously, check post #317. This also serves to answer your question about times, leaked, etc. Moving on!
Next question: I was able to successfully ODIN the VRALEC bootloader (only) to my stock phone on VRBMF1. When I tried to do the same with VRALE6 it failed with a signing-related error. However I was able to flash the VRALE6 directly using the CASUAL utility and that worked fine. I don't understand why/how the phone will allow itself to boot from that file, but wouldn't allow it to be ODIN'd. Could somebody enlighten me? Also, if I were to have tried ODIN'ing the entire VRALE6 bootchain, would that have succeeded?
Click to expand...
Click to collapse
As I said above, VRALE6 should be a zip file and needs to be flashed in custom recovery NOT Odin. That's the key difference.
Also, is there any rationale for using any other bootloader(s)? There appear to be at least 10 different bootloader and/or bootchain version varients out on the web in different places. From what I can gather though, only the two listed above are significant since they are 'unlocked'.
Click to expand...
Click to collapse
Nope. Idk what you mean by "at least 10 different bootloader and/or bootchain version varients." Maybe there is a "bootloader" per each OTA that we have received? But honestly, every OTA thus far has been rooted/unlocked via almost the exact methods so this is a moot topic. There are only two unlock files of significance for any root/unlock method for the VZW GSIII: VRALE6.zip and VRALEC.tar
Lastly, which bootloader does the Developer Edition phone use? Does it come unlocked, or is it unlock-able via some web site or something? If it has its own 'special' unlocked bootloader, why could we not simply get a copy and use that on retail phones rather than the old/leaked version widely used now?
B
Click to expand...
Click to collapse
Well, AdamOutler actually received some help and got this phone unlocked well before the dev edition was released last year so there was never a need to look towards that device for bootloader unlock help. I have no clue about how to unlock that device and there's been no reason to think about having (at the time) a $650 dev edition GSIII when the retail one was officially unlocked. No clue on compatibility with bootloaders between either device.
Hello, all
I have looked and searched. I have seen a few threads and a few posts, but cannot find anything concrete about this. I even officially bricked a device trying to follow a thread (to the letter).
I have rooted and unlocked several devices in the past, and installed many ROMs before. However, this device is proving to be a pain.
Recently I purchased the Tab 2 (SCH-i705) for a very low price. It was shipped to me running Android 4.1.2 (on Verizon) and the baseband is VRBMI1. I saw MrHyde03's post (http://forum.xda-developers.com/showthread.php?t=1885558) on rooting and unlocking the bootloader. However, when I flashed the aboot.img file, it toasted my previous device. No power-up, no USB recognition, no nothing. Managed to take it back and got it traded out for a new device. I now have a new Tab2, but the same setup. What I want to do is run the Slimkat ROM.
My long winded question is: can I do this? I know Verizon has made it tough to unlock the bootloader, something needed in order to add a custom recovery. Does anyone know of a method that will allow me to add the Slimkat ROM to this device? I know not many people are using it or developing for it any longer. But any help would be appreciated. Again, I have seen what MrHyde03 wrote up, but I am afraid I will brick another device by trying to flash an aboot.img file.
I did see this thread (http://forum.xda-developers.com/showpost.php?p=48392009&postcount=1) about using Safestrap and not actually unlocking the device. I am currently doing that on my S4 since Verizon has it locked down. But I would not be able to run the ROM that I want.
Any help or pointers would be great. Thanks for reading and helping.
Cheers!
You can root it, but I don't think you can unlock the bootloader anymore. The root method is linked in one of those Hyde threads near the end. It's not his method... there's a "one click" for multiple devices that works great.
JelloB said:
You can root it, but I don't think you can unlock the bootloader anymore. The root method is linked in one of those Hyde threads near the end. It's not his method... there's a "one click" for multiple devices that works great.
Click to expand...
Click to collapse
That's what I've realized. Bummer too. I'll go take a look. I hadn't seen a one-click method. Everything I've seen has to be done via Odin & ADB.
If you happen to find the easy method, let me know!
I'm not sure if these questions have been answered before, but I can't find any information on them, so here I am.
1. How exactly is the bootloader "locked"? Is the kernel the only thing that can't be changed?
2. Is kexec possible on NE1?
I know that bootloaders were bypassed on some Motorola Droid devices via kexec. There was even an in-the-works kexec project for our device on an older firmware (that was abandoned only because someone figured out how to unlock the bootloader, or something along those lines). I also realize this is a biggish project, and most people still using the d2vzw didn't ever take the NE1 OTA and are able to flash custom kernels/ROMs. Knowing this, it could be possible that no one really wants to try, either because of time, apathy, etc. But I digress.
Sent from my SCH-I535 using Tapatalk
AluminumTank said:
I'm not sure if these questions have been answered before, but I can't find any information on them, so here I am.
1. How exactly is the bootloader "locked"? Is the kernel the only thing that can't be changed?
2. Is kexec possible on NE1?
I know that bootloaders were bypassed on some Motorola Droid devices via kexec. There was even an in-the-works kexec project for our device on an older firmware (that was abandoned only because someone figured out how to unlock the bootloader, or something along those lines). I also realize this is a biggish project, and most people still using the d2vzw didn't ever take the NE1 OTA and are able to flash custom kernels/ROMs. Knowing this, it could be possible that no one really wants to try, either because of time, apathy, etc. But I digress.
Sent from my SCH-I535 using Tapatalk
Click to expand...
Click to collapse
These questions have been beat into the ground, but I'll be happy to answer them again because they are interesting questions. Good ideas and discussion points anyway.
1) So the bootloader is locked by a series of signed boot sequences. These things can be easily researched on the internet in detail, but a general understanding of how the phone boots is helpful to understanding how this process works. Also every phone is unique, and every carrier has different implementations.
Samsung is especially a hugsePITA when it comes to these things. They allow no easy way to gain root access on your phone in any way. In comparison to HTC for instance, they allow nothing in terms of granting administrator access to anyone. HTC at least as an option for S-off, which allows full administrative usage for the device and turns off all boot checking features. This can't be patched in an easy way, and for an update to change this feature it would have to change the devices system information on an unreasonable level. All Samsung has to do is simply patch whatever vulnerability we find, because there is no way to turn S-off on a samsung phone, so all we do is look for bootchain exploits. If that makes any sense? Basically, samsung sucks, and that's the main reason I will never buy their phones ever again.
2) Any part of the boot sequence can be changed, but the signature affecting these things aren't really easy to trick. Kexec was a very easy exploit to use when it first came out, but the modules for it has thus been changed to disallow the command for kexec to load an insecure kernel. It simply can't work the same anymore since samsung released changes to their boot chain. This method won't be used on any future devices. Most recently we had the original root method and loki for the S4, which both affect the aboot sequence, and safestrap which is basically a modified recovery that uses the stock kernel to run a custom rom. Here's an example:
boot => sbl1 => sbl2 => sbl3 => whatever is here ==> maybe something else here ==> aboot => recovery mode or download mode or kernel => system rom
aboot = African canadian sock monkey exploit (basically an unlocked aboot file) and Loki exploits
recovery mode = safestrap exploit (tricks the kernel to boot a modified rom, but it has to work with the kernel)
As you can see in the chain, break any one of those sequences and it doesn't matter what follows, the phone is unlocked, problem is we've broken the chain about 2-3 times. Every time we find a vulnerability, the it gets patched and it makes it that much harder to find another exploit. Samsung does so much work patching the unlocking mechanism that it simply isn't even worth the effort to unlock it in the first place. We actually didn't even unlock the S3 in the first place. The aboot file was given to us by a Samsung employee and distributed quickly. This aboot file allowed us to change the kernel and recovery at will, without worrying about signature verifcation since the aboot file never asked for it. It was a full unlock for the phone. Once an update happened, it erased the modified boot image and disabled the unlocked bootloader.
This problem is unique to samsung btw, other phones aren't nearly as difficult to figure out and test.
BadUsername said:
These questions have been beat into the ground, but I'll be happy to answer them again because they are interesting questions. Good ideas and discussion points anyway.
1) So the bootloader is locked by a series of signed boot sequences. These things can be easily researched on the internet in detail, but a general understanding of how the phone boots is helpful to understanding how this process works. Also every phone is unique, and every carrier has different implementations.
Samsung is especially a hugsePITA when it comes to these things. They allow no easy way to gain root access on your phone in any way. In comparison to HTC for instance, they allow nothing in terms of granting administrator access to anyone. HTC at least as an option for S-off, which allows full administrative usage for the device and turns off all boot checking features. This can't be patched in an easy way, and for an update to change this feature it would have to change the devices system information on an unreasonable level. All Samsung has to do is simply patch whatever vulnerability we find, because there is no way to turn S-off on a samsung phone, so all we do is look for bootchain exploits. If that makes any sense? Basically, samsung sucks, and that's the main reason I will never buy their phones ever again.
2) Any part of the boot sequence can be changed, but the signature affecting these things aren't really easy to trick. Kexec was a very easy exploit to use when it first came out, but the modules for it has thus been changed to disallow the command for kexec to load an insecure kernel. It simply can't work the same anymore since samsung released changes to their boot chain. This method won't be used on any future devices. Most recently we had the original root method and loki for the S4, which both affect the aboot sequence, and safestrap which is basically a modified recovery that uses the stock kernel to run a custom rom. Here's an example:
boot => sbl1 => sbl2 => sbl3 => whatever is here ==> maybe something else here ==> aboot => recovery mode or download mode or kernel => system rom
aboot = African canadian sock monkey exploit (basically an unlocked aboot file) and Loki exploits
recovery mode = safestrap exploit (tricks the kernel to boot a modified rom, but it has to work with the kernel)
As you can see in the chain, break any one of those sequences and it doesn't matter what follows, the phone is unlocked, problem is we've broken the chain about 2-3 times. Every time we find a vulnerability, the it gets patched and it makes it that much harder to find another exploit. Samsung does so much work patching the unlocking mechanism that it simply isn't even worth the effort to unlock it in the first place. We actually didn't even unlock the S3 in the first place. The aboot file was given to us by a Samsung employee and distributed quickly. This aboot file allowed us to change the kernel and recovery at will, without worrying about signature verifcation since the aboot file never asked for it. It was a full unlock for the phone. Once an update happened, it erased the modified boot image and disabled the unlocked bootloader.
This problem is unique to samsung btw, other phones aren't nearly as difficult to figure out and test.
Click to expand...
Click to collapse
Thanks for the info. This is very informative. I had already in my own mind decided that Samsung sucked, but hearing someone else say it is refreshing!
Sent from my SCH-I535 using Tapatalk