I should start by saying I am by no means experienced with unlocking bootloaders or hacking firmware, so if this is a completely noob idea then forgive me but I thought I might as well see if I could help. Anyways, on to my idea; as we all know, the 4.3 bootloader is locked for good. So what if one was to corrupt the bootloader, like brick it on purpose to a point where the bootloader doesn't recognize any update being pushed, and then unbrick the phone with an older unlockable bootloader. Am I losing my mind due to having the locked 4.3 or is this plausible?
And while I have a thread open, could someone explain a few questions I have about knox? If knox is what is causing the bootloader to be locked and there's ways to disable knox, then wouldn't disabling knox make the bootloader unlockable?
ericcue said:
I should start by saying I am by no means experienced with unlocking bootloaders or hacking firmware, so if this is a completely noob idea then forgive me but I thought I might as well see if I could help. Anyways, on to my idea; as we all know, the 4.3 bootloader is locked for good. So what if one was to corrupt the bootloader, like brick it on purpose to a point where the bootloader doesn't recognize any update being pushed, and then unbrick the phone with an older unlockable bootloader. Am I losing my mind due to having the locked 4.3 or is this plausible?
And while I have a thread open, could someone explain a few questions I have about knox? If knox is what is causing the bootloader to be locked and there's ways to disable knox, then wouldn't disabling knox make the bootloader unlockable?
Click to expand...
Click to collapse
This won't work.
The new update changes the keys on the entire bootloader, it's impossible to corrupt the bootloader to a point of failure because the entire thing is hard coded into the board itself. The processor is specifically able recognize the vrucml1 bootchain, and it won't boot without it, unless someone finds a way to bypass that entire mechanism (which I would consider nearly impossible.
Knox is not causing the bootloader to be locked. Verizon patched our work around for unlocking the bootloader and pushed it. Knox is simply a non reversible flash counter for rooting your device. It's coded in the bootloader and system apps to detect this.
Sent from my SCH-I535 using Tapatalk 2
Ah I see. I guess I had trouble understanding that an OTA could completely and irreversibly lock a bootloader. There's got to be some kind of exploit for this at some point right? I'm not sure I can handle this 4.3 nonsense anymore!
And thanks for the knox explanation, I used to hate sprint for the things they did (like booting me for roaming) and now verizon is starting to tick me off.
ericcue said:
Ah I see. I guess I had trouble understanding that an OTA could completely and irreversibly lock a bootloader. There's got to be some kind of exploit for this at some point right? I'm not sure I can handle this 4.3 nonsense anymore!
And thanks for the knox explanation, I used to hate sprint for the things they did (like booting me for roaming) and now verizon is starting to tick me off.
Click to expand...
Click to collapse
There is probably no chance for an exploit to completely unlock a bootloader.
Hardware hacking is almost impossible because of the type of encryption it takes to make the processor and bootchain recognize each other. It's sensitive, and you need to match the numbers specifically to perform a boot. Everyone is familiar with an md5 code, this is a fairly simple algorithm, and we all know that the slightest change in a bad download will generate a completely different md5 sum. In this case, the algorithm is much more complex, and pretty much impossible to match and trick the phone into booting an incorrect bootloader. This is why straight up hacking a bootloader an impossible feat, so we mostly make work arounds.
All our unlocked bootloader was is a very early aboot block. The bootchain trusts the aboot file, and the aboot file trusts anything you put in the recovery and system partitions. Since the new bootchain requires a signed aboot file for ML1, it makes this exploit insignificant and the aboot file doesn't trust anything else you stick in the recovery or system partition.
Loki was another exploit that was patched. Kexec is an example of a work around, and so is safestrap, but these types of workarounds won't unlock the bootloader and allow aosp Rom flashing.
Sent from my SCH-I535 using Tapatalk 2
BadUsername said:
There is probably no chance for an exploit to completely unlock a bootloader.
Hardware hacking is almost impossible because of the type of encryption it takes to make the processor and bootchain recognize each other. It's sensitive, and you need to match the numbers specifically to perform a boot. Everyone is familiar with an md5 code, this is a fairly simple algorithm, and we all know that the slightest change in a bad download will generate a completely different md5 sum. In this case, the algorithm is much more complex, and pretty much impossible to match and trick the phone into booting an incorrect bootloader. This is why straight up hacking a bootloader an impossible feat, so we mostly make work arounds.
All our unlocked bootloader was is a very early aboot block. The bootchain trusts the aboot file, and the aboot file trusts anything you put in the recovery and system partitions. Since the new bootchain requires a signed aboot file for ML1, it makes this exploit insignificant and the aboot file doesn't trust anything else you stick in the recovery or system partition.
Loki was another exploit that was patched. Kexec is an example of a work around, and so is safestrap, but these types of workarounds won't unlock the bootloader and allow aosp Rom flashing.
Sent from my SCH-I535 using Tapatalk 2
Click to expand...
Click to collapse
You are a bundle of endless info. Thank you for breaking it down like this!
Edit: I have been curious for awhile about the technical aspect of everything you detailed.
That was amazing lol thanks for clearing all that up. Now I guess the race is on to find safestrap compatible roms. I'm running wicked sensations right now through safestrap and it seems pretty good but I was looking for a rom that could force 4g
SlimSnoopOS said:
You are a bundle of endless info. Thank you for breaking it down like this!
Edit: I have been curious for awhile about the technical aspect of everything you detailed.
Click to expand...
Click to collapse
I wish I knew more coding details, like what this stuff specifically looks like, but it's interesting researching all this material.
These are the kinds of questions I like, they really make you think about what's happening. I wish more users posted questions like these. One day someone might post something that might actually work. It's good creative thinking.
Sent from my SCH-I535 using Tapatalk 2
Kexec will allow flashing of aosp roms in addition to safe strap.
Sent from my SCH-I535 using Tapatalk
Dadud said:
Kexec will allow flashing of aosp roms in addition to safe strap.
Sent from my SCH-I535 using Tapatalk
Click to expand...
Click to collapse
Kexec might be able to, but it depends of that exploit has been patched or not, that kernel mechanism can also be shut down to disallow booting of a 2nd kernel. If the modules are written a certain way you're stuck with that initial boot.
Safestrap can't, it relies on a stock kernel to run, so unless someone makes an aosp rom to run with a 4.3 touchwiz kernel it won't work.
Sent from my SCH-I535 using Tapatalk 2
How did hashcode get cm 10.2 on the droid 3 using kexec and safe strap?
Sent from my SCH-I535 using Tapatalk
I love this thread so much. Thanks BadUsername and everyone else! So why exactly can't we use Kexec?
YevOmega said:
I love this thread so much. Thanks BadUsername and everyone else! So why exactly can't we use Kexec?
Click to expand...
Click to collapse
Getting kexec functionality isn't the easiest process. The holes that allowed kexec on 4.0.4 may have been patched due to the new Linux 3.0 kernel updated in newer versions.
Some developer would have to work on finding that loophole and enabling a second kernel to run.
Hashcode was able to do this on Motorola devices by rewriting the kernel modules to run differently. The way he did it wouldn't work for us anyway because they used OMAP devices. We have a qualcom processor, the loophole he used to enable kexec is completely different then what we would need to enable.
Additionally, it may not even be possible to enable kexec. The whole idea of a locked bootloader is to prevent this from happening. Loopholes constantly get patched, making enabling these types of workarounds increasingly more difficult.
Eventually the loophole that allows safestrap to even run will likely get patched. It's just the nature of making phones increasingly more difficult to root and unlock.
I hope someone has the time and passion to work on kexec, but I wouldn't necessarily count on it. There's likely a reason why it was never implemented on the s4.
Sent from my SCH-I535 using Tapatalk 2
BadUsername said:
Getting kexec functionality isn't the easiest process. The holes that allowed kexec on 4.0.4 may have been patched due to the new Linux 3.0 kernel updated in newer versions.
Some developer would have to work on finding that loophole and enabling a second kernel to run.
Hashcode was able to do this on Motorola devices by rewriting the kernel modules to run differently. The way he did it wouldn't work for us anyway because they used OMAP devices. We have a qualcom processor, the loophole he used to enable kexec is completely different then what we would need to enable.
Additionally, it may not even be possible to enable kexec. The whole idea of a locked bootloader is to prevent this from happening. Loopholes constantly get patched, making enabling these types of workarounds increasingly more difficult.
Eventually the loophole that allows safestrap to even run will likely get patched. It's just the nature of making phones increasingly more difficult to root and unlock.
I hope someone has the time and passion to work on kexec, but I wouldn't necessarily count on it. There's likely a reason why it was never implemented on the s4.
Sent from my SCH-I535 using Tapatalk 2
Click to expand...
Click to collapse
*Sigh*
YevOmega said:
*Sigh*
Click to expand...
Click to collapse
It's not the worst thing. In my opinion this phone runs really well on touchwiz roms anyway. Give some time for more roms to come out. Tkrom, cleanrom and jellybeans will all be spectacular when they come out.
Sent from my SCH-I535 using Tapatalk 2
BadUsername said:
It's not the worst thing. In my opinion this phone runs really well on touchwiz roms anyway. Give some time for more roms to come out. Tkrom, cleanrom and jellybeans will all be spectacular when they come out.
Sent from my SCH-I535 using Tapatalk 2
Click to expand...
Click to collapse
I totally agree with you. With root and a different launcher, I'm doing fine right now. Really wanted that new quick settings on Paranoid though.
Sent from my SCH-I535 using Tapatalk
Anyone else think that the information that BadUsername posted should be made a sticky?
Should have just rooted when you first got the phone haha
Sent from my SCH-I535 using xda app-developers app
XdrummerXboy said:
Should have just rooted when you first got the phone haha
Click to expand...
Click to collapse
You can gain root access on 4.3, but still can't unlock the bootloader.
The 4.3 OTA has truly downgraded the performance of my phone, so I'm not holding out much hope that 4.3 safestrapped ROMs will do much else - Samsung has rather let me down with this update (even outside of working with Verizon to lock the darn thing down much more tightly).
I used to say that custom ROMs were not needed, because the stock OS ran so well. Since the 4.3 OTA, it feels slower than when it first came with 4.0.4 (?) and has some of the old WiFi and Bluetooth issues back, again. On both of our Galaxy S III phones, btw. Not quite so fun, anymore.
- ooofest
ooofest said:
You can gain root access on 4.3, but still can't unlock the bootloader.
The 4.3 OTA has truly downgraded the performance of my phone, so I'm not holding out much hope that 4.3 safestrapped ROMs will do much else - Samsung has rather let me down with this update (even outside of working with Verizon to lock the darn thing down much more tightly).
I used to say that custom ROMs were not needed, because the stock OS ran so well. Since the 4.3 OTA, it feels slower than when it first came with 4.0.4 (?) and has some of the old WiFi and Bluetooth issues back, again. On both of our Galaxy S III phones, btw. Not quite so fun, anymore.
- ooofest
Click to expand...
Click to collapse
Oh, I didn't catch that. Thanks for the info. And ooofest, were you over at overclockers.uk? I thought I recognized that name from there, maybe it was only here though.
I've honestly lost track of the rooting requirements for this phone after I rooted. Best decision I've made with this phone! But I was nervous to do so...
I agree, it wasn't too terrible when it had 4.0.4, but compared to Cyanogenmod there's no comparison on which is smoother!
Sent from my SCH-I535 using xda app-developers app
XdrummerXboy said:
Oh, I didn't catch that. Thanks for the info. And ooofest, were you over at overclockers.uk?
Click to expand...
Click to collapse
Not that I recall, sorry. I used to be more active here and about, but then decided to go back into stock for 2013 and ramp up the rooting, unlocking, optimization, etc. in 2014.
It would always be ready to re-root and unlock, yes?
Well, never say "always."
XdrummerXboy said:
I agree, it wasn't too terrible when it had 4.0.4, but compared to Cyanogenmod there's no comparison on which is smoother!
Click to expand...
Click to collapse
Indeed.
- ooofest
Related
Okay, so here is the question...
Now that the bootloader is unlocked, we should in theory be able to install any rom that required kexec without kexec, right?
I ask because I would love to reload paranoidandroid rom, but the last thing I need is a brick.
Other than that, I assume its just normal installation of a ROM similar to when I was on an unlocked HTC phone, correct?
The Rom will install fine, but the kernel has to be modified to work without kexec
Kexec roms will still run fine as long as you keep the kexec recovery. Normal roms work too. There is no need to change your recovery or wait for roms to be updated if you unlocked.
Okay thanks to both of you.
I simply do not want to install kexec, knowing that there wouldnt be a reason for it in the future once the developers out there get the roms working without it.
The risk of losing my IMEI is just too much for me, as I rely on my phone for work, and swapping phones and running in circles to get things fixed is too great a risk to take.
stevenjcampbell said:
Okay thanks to both of you.
I simply do not want to install kexec, knowing that there wouldnt be a reason for it in the future once the developers out there get the roms working without it.
The risk of losing my IMEI is just too much for me, as I rely on my phone for work, and swapping phones and running in circles to get things fixed is too great a risk to take.
Click to expand...
Click to collapse
Kexec has nothing to do with IMEI loss. Users of ATT, Tmobile, Sprint, and Verizon have lost IMEI. Verizon is the only one with kexec so clearly that isn't the problem.
con247 said:
Kexec has nothing to do with IMEI loss. Users of ATT, Tmobile, Sprint, and Verizon have lost IMEI. Verizon is the only one with kexec so clearly that isn't the problem.
Click to expand...
Click to collapse
pardon my ignorance, i am sorry.
Before I came to the S3 from a moto x2 and HTC incredible 2 I simply never heard of IMEI issues.
Well, not entirely true... i had a few iPhone's on att which became bricks after a while that had IMEI error codes, they were practically forever unfixable, and apple would just swap them.
i will have to learn about IMEI a little more before i ask further dumb questions.
what you should do is make sure the op in a thred stated that their rom is unlocked and open recovery-compatible. than you may flash without kexec. i for one use twrp to flash cm10 just as an insult to verizon lol.
Stryker1297 said:
what you should do is make sure the op in a thred stated that their rom is unlocked and open recovery-compatible. than you may flash without kexec. i for one use twrp to flash cm10 just as an insult to verizon lol.
Click to expand...
Click to collapse
So close to putting a nice dent into my data and just grabbing cm10 over 4g...
What I really want is paranoid android rom though.
Either way, seems I need to back up my IMEI regardless and can always restore if the process goes wrong.
Sent from my SCH-I535 using xda app-developers app
since we know that (locked bootloader on AT2) that doesn't allow us to flash custom kernels,but we know also that we can unpack/repack boot images to boot.img-kernel and boot.img-ramdisk,and we can flash radio.img,and we can flash non-signed system images (via CWM).
i can not figure the problem with bootloader!
we can flash repacked boot (ramdisk and kernel) and radio images,so we have an unlocked bootloader.
or maybe the Efuse problems?
correct me if i'm wrong.
sad_but_cool1 said:
since we know that (locked bootloader on AT2) that doesn't allow us to flash custom kernels,but we know also that we can unpack/repack boot images to boot.img-kernel and boot.img-ramdisk,and we can flash radio.img,and we can flash non-signed system images (via CWM).
i can not figure the problem with bootloader!
we can flash repacked boot (ramdisk and kernel) and radio images,so we have an unlocked bootloader.
or maybe the Efuse problems?
correct me if i'm wrong.
Click to expand...
Click to collapse
You know there's a Q&A Section, right? Also, this has been covered, like a gazillion times both by Jim, and others who have had this device since day one -- and still do own it!
You can flash a custom kernel but it will not boot. The stock kernel is signed by moto and the bootloader checks for this signature everytime at boot. No signed kernel no boot. Ask Jim, he's replaced several A2's trying to circumvent that check.
mtnlion said:
You can flash a custom kernel but it will not boot. The stock kernel is signed by moto and the bootloader checks for this signature everytime at boot. No signed kernel no boot. Ask Jim, he's replaced several A2's trying to circumvent that check.
Click to expand...
Click to collapse
i'll try to flash repacked/modified boot image (booting from SDCARD),
anyway,this is not the bootloader locked ! it's Efuse related !
sad_but_cool1 said:
i'll try to flash repacked/modified boot image (booting from SDCARD),
anyway,this is not the bootloader locked ! it's Efuse related !
Click to expand...
Click to collapse
Instead of getting angry, i would suggest that you read and then read some more. Believe it or not, this phone has not been cracked. So read and learn......if not then have fun making a paper weight! Don't come back and cry when your phone wont boot.
Sent from my MB865 using xda premium
sad_but_cool1 said:
i'll try to flash repacked/modified boot image (booting from SDCARD),
anyway,this is not the bootloader locked ! it's Efuse related !
Click to expand...
Click to collapse
Humm... not sure where you got this info, but it is 100% incorrect. I would also suggest a little attitude adjustment on your part.
We have tried it all... if you are such an expert than let us know once you have this unlocked.
I have been working on a method to boot from the sdcard with a root kit to flash an unlocked boot loader that we have for this phone, for some time.
Now do some research, read, post in the right section next time. If you keep up being a pain, I will have the thread locked.
Knock It OFF
Keep the thread "civilized".
Any more bickering and you'll get some early Christmas presents
The forums are open to anyone, so if you don't like replies, then don't post. And if you "Do" post, keep it civil.
Also, you guys have a filter option in your control panel, so you don't have to see each other's posts. I highly suggest you start using it.
MD
jimbridgman said:
Humm... not sure where you got this info, but it is 100% incorrect. I would also suggest a little attitude adjustment on your part.
We have tried it all... if you are such an expert than let us know once you have this unlocked.
I have been working on a method to boot from the sdcard with a root kit to flash an unlocked boot loader that we have for this phone, for some time.
Now do some research, read, post in the right section next time. If you keep up being a pain, I will have the thread locked.
Click to expand...
Click to collapse
whats the difference between locked bootloader and efuse protection?
wha you know about locked bootloader?
sad_but_cool1 said:
whats the difference between locked bootloader and efuse protection?
wha you know about locked bootloader?
Click to expand...
Click to collapse
OK, so an efuse is a switch that can be thrown (it is a switch on the cpu , as well as in several other locations on the board), that when thrown can render the phone useless. All these bricks people have been getting lately are because an efuse is thrown.
http://en.m.wikipedia.org/wiki/EFUSE
There are also several efuses that allow the device to be seen as an NS (Non-Secure) device, and will allow you to use the NS bootloader (it is unlocked), and we/I have been working getting all 6 efuse codes for a year now.
The bootloader in our case has three parts and several links in the security chain. Each step and/link has a cert attached to it and you can not move to the next part until the correct cert is handed off to next binary/loader in the chain.
This makes it so that we can not repack boot images or flash unsigned kernels or even some custom ROMs that require a custom kernel.
You need to realize that moto makes their boot loaders un-crackable. The bionic and RAZR are still locked, and the atrix HD just got root last week or the week before, and they are locked worse than the a2.
I also look at it like this if people like mbm, kohlk, hascode, etc. have not been able to crack the other moto devices they work with, then we are pretty SOL.
Does this mean I give up, hell no! It just means I am looking for alternative ways around the issue.
P.S. we can flash system images because the cert is in the filesystem code, and that is why we NEVER use format in an updater script, only erase.
as http://www.sourceconference.com/publications/bos12pubs/android-modding-source.pdf
and
http://tjworld.net/wiki/Android/HTC/Vision/BootProcess
and
http://www.droid-developers.org/wiki/Booting_chain
http://www.droid-developers.org/wiki/File:Boot_chrain_flow.png
where is the problem in our case , and how bootstrap (hijack) works?
sad_but_cool1 said:
as http://www.sourceconference.com/publications/bos12pubs/android-modding-source.pdf
and
http://tjworld.net/wiki/Android/HTC/Vision/BootProcess
and
http://www.droid-developers.org/wiki/Booting_chain
http://www.droid-developers.org/wiki/File:Boot_chrain_flow.png
where is the problem in our case , and how bootstrap (hijack) works?
Click to expand...
Click to collapse
Ok, so first I need to know a little background from you. Are you a developer? Are you an android dev? Have you done any android dev work at all?
What did you not understand in my last post, lets start with that, since I did explain it in good detail. Can you tell me the parts of our bootloader, before we go into any more detail?
The boot hijack allows us to hijack the boot process by using the logcat binary which has setUID privs, so it is prime to steal for perms and it has no FALCs or MACLs on it. What it does is it points (via a linux link), to another file that will allow us to boot to some form of cwm, but you still traverse through all the bootloaders before that binary file is executed, and the system image must be verified first, that is why if you bork your system image bad enough you can not get into cwm/bootstrap/bootmenu, etc.
Again, please ask me specific questions that you have about the bootloader. And understand that I am not a 5th grader, and that I do these things for a very, very, good living, so stop posting documents that explain the whole boot chain and cryptography to me.
Now I will say this one last time, I and others have posted a ton of information on the bootloader and processes over the last year, and please stop reading things like what you posted, those are outdated and or just plain incorrect, since motorola is whole different beast.
So one last time, please ask specific questions, and if this starts getting into how to unlock the bootloader, I will stop answering questions, as I have said a billion times in here that motorola does read this board, and they have thwarted my efforts with patches in the past.
Look, I am a little sorry for being frustrated, or terse, but this has all been covered so many times, and it sounds like you really do not know what you are doing, and I really do not want to explain this all over again, unless you really do know what I am talking about. So far you have not struck me as somone who understands our phones boot process, so I ask that you do a little more research first tear the bootloader and it parts apart, and come back with specific questions. I will use your earlier use of the efuse as a perfect example of what I mean by this.
I will leave you with a few last links to look at to get more familiar with a bootloader and why they are locked, and more:
http://androidforums.com/4657640-post1.html
http://www.tested.com/news/feature/1879-know-your-android-bootloaderwhat-it-is-and-why-it-matters/
Yes everyone, and to the MODS, I am sorry that link was to another forum, but it is very valid to the the point of this discussion.
Thanks man,i know that.
I can say that your AT&T AT2 is different from my AT2.
Cause i flashed a (repacked=not signed) stock boot image 4.766 kb successfully.
Sent from my MB865 using xda app-developers app
sad_but_cool1 said:
Thanks man,i know that.
I can say that your AT&T AT2 is different from my AT2.
Cause i flashed a (repacked=not signed) stock boot image 4.766 kb successfully.
Sent from my MB865 using xda app-developers app
Click to expand...
Click to collapse
Which phone and region are you in? We all know the at&t version is a whole lot more locked down, than any international versions, and hence why we treat the at&t phones so differently here, It might have been good to start off your thread with some information about that, so that we did not go down this whole path. Your OP was quite sparse, so just think about that next time. In fact there are 5 different Atrix2 phones, even though there are only 2 model numbers, there are more differences between the regions the phones were released in, so those are also considered different versions even to motorola, and us devs in here.
Ok.
The topic was/is a question,not sparse.
I have MB865 with originally MEARET radio/firm,in middle east (jordan)
Sent from my MB865 using xda app-developers app
sad_but_cool1 said:
Ok.
The topic was/is a question,not sparse.
I have MB865 with originally MEARET radio/firm,in middle east (jordan)
Sent from my MB865 using xda app-developers app
Click to expand...
Click to collapse
But that info was/is very relevant to your question. It has been know for sometime now that the MEARET/SEARET version have a whole different bootloader and boot process than any of the other versions of the A2. The MEARET and SEARET can still fxz back, where the ME865 and the US versions can not.
Now you say you modified YOUR boot image right off your phone, or you took one from say the fxz and modified it, then flashed it, because those are two different situations, both still have the signatures, if they are extracted right. I was able to do this, as long as the kernel file/zimage was not touched, once I touched or played with that, it was all over on the US AT&T phones. The funny thing, is that the only reason to mess with the boot image on the A2 is for a different kernel and possibly to OC, but again I am pretty sure once you change the kernel in the boot image even on the MEARET/SEARET phones, to say an aosp kernel, you will not boot. It might be worth a shot, but keep in mind you have a huge chance of bricking by doing this.
And if you really want an unsigned kernel, why not just use kexec, and be done with it? It has less potential of bricking you, even if you are not completely locked.
jimbridgman said:
both still have the signatures, if they are extracted right.
Click to expand...
Click to collapse
this is the key-point
but i'm not flashing a repacked bootloader (needs RSA private keys from motorola),my work was in boot image.
sad_but_cool1 said:
this is the key-point
Click to expand...
Click to collapse
But only the image itself, not anything modified in the image, if you do mod it.... so if you stick and unsigned aosp kernel in place of the stock zimage, I am betting it will not boot, and might even brick the device. Just a theory, since I can not test with an MEARET phone, but when I have done it with my own compiled kernels with our kernel code, it does not pass the kernel signature check from the mbmloader and mbm.bin, and the device is bricked, on the AT&T phones.
---------- Post added at 12:02 PM ---------- Previous post was at 11:38 AM ----------
sad_but_cool1 said:
this is the key-point
but i'm not flashing a repacked bootloader (needs RSA private keys from motorola),my work was in boot image.
Click to expand...
Click to collapse
I never mentioned the bootloader, just the boot.img
what i want to say is:
boot.img = signing (compiled boot.img-kernel + compressed boot.img-ramdisk.gz )
the boot.img-kernel is signed , but the ramdisk is not,the repacking process doesn't contains signing routines/functions
so the repacked output will be unsigned!
i'll contact wkpark (http://forum.xda-developers.com/member.php?u=4414973) for more info
thanks all, MOD's you can delete this topic
sad_but_cool1 said:
what i want to say is:
boot.img = signing (compiled boot.img-kernel + compressed boot.img-ramdisk.gz )
the boot.img-kernel is signed , but the ramdisk is not,the repacking process doesn't contains signing routines/functions
so the repacked output will be unsigned!
Click to expand...
Click to collapse
The boot image is signed. The kernel is signed and the ramdisk/zimage is signed, on the ATT us version.
So, again the MEARET may be different. Be careful about blanket statements people may get all excited by that.
The thing is that the us version and the HK/TW and the ME versions are all setup the same with signatures at every step.
In the tests with unsigned ramdisk images on the ATT us version it has hard bricked every time.
Ok, yesterday morning my MAXX received the KitKat update. Brainlessly, I clicked upgrade. This put me into the oh so famous bootloop.
During one of the boot loops, I managed to unroot with Voodoo.
Then in fastboot, I had the brilliant (aka, incredibly stupid) idea of flashing an old recovery. I had thought it was the one from 4.2.2 but sadly, it was from the previous version.
This had the appearance of working as it then booted to KitKat upgrade, which after a couple minutes failed.
Now I'm completely stuck in fastboot mode. I can't flash the 4.2.2 recovery. I haven't tried anything else. FXZ back to 12.15.15 doesn't work. Gives the GPT failure.
So...my belief, based only on googling around, is that I need to wait for the FXZ for KitKat. Does that sound right?
Any other ideas?
Thank you in advance!!!!!!!!!!
killboredom said:
Ok, yesterday morning my MAXX received the KitKat update. Brainlessly, I clicked upgrade. This put me into the oh so famous bootloop.
During one of the boot loops, I managed to unroot with Voodoo.
Then in fastboot, I had the brilliant (aka, incredibly stupid) idea of flashing an old recovery. I had thought it was the one from 4.2.2 but sadly, it was from the previous version.
This had the appearance of working as it then booted to KitKat upgrade, which after a couple minutes failed.
Now I'm completely stuck in fastboot mode. I can't flash the 4.2.2 recovery. I haven't tried anything else. FXZ back to 12.15.15 doesn't work. Gives the GPT failure.
So...my belief, based only on googling around, is that I need to wait for the FXZ for KitKat. Does that sound right?
Any other ideas?
Thank you in advance!!!!!!!!!!
Click to expand...
Click to collapse
I think that's right. It's ridiculous that by locking things down and preventing us from unlocking bootloader Verizon actually causes bricks of this nature to occur. If you had an unlocked bootloader you'd be 100% fine right now.
Sent from my Nexus 7
There is a way. I posted in previous forum.
Use fastboot
Fastboot wipe cache
Fastboot wipe user data
Try this if not pm me and I will help you out one on one
That should fix your issue
Sent from my XT1080 using xda app-developers app
phositadc said:
I think that's right. It's ridiculous that by locking things down and preventing us from unlocking bootloader Verizon actually causes bricks of this nature to occur. If you had an unlocked bootloader you'd be 100% fine right now.
Sent from my Nexus 7
Click to expand...
Click to collapse
If he hadn't brute forced a root method and messed with his phone he'd be 100% fine too
codito said:
If he hadn't brute forced a root method and messed with his phone he'd be 100% fine too
Click to expand...
Click to collapse
Ha...well there is that But what fun would that be?
The sad part is that the manufacturers could care less about giving us an unlocked bootloader. Android is a great ecosystem to play with and learn with and improve with. It's the carriers that are so paranoid about taking any tiny dent in their enormous profits that want to keep us locked out. So shame on them.
But, to be fair, I know the risks of the world we live in and this is my first brick in four Android phones, so I'm fine with it.
codito said:
If he hadn't brute forced a root method and messed with his phone he'd be 100% fine too
Click to expand...
Click to collapse
My point was merely that it's somewhat ironic that, by trying to prevent bricks by locking bootloaders, Verizon actually causes some bricks that would be avoided with an unlocked bootloader.
Not saying anything about whether what he was doing is right or wrong, or whether Verizon prevents more bricks than it causes.
Sent from my Nexus 7
Edit: but you've got to wonder. Are you more likely to brick using one of these crazy complicated methods we have to use to get around Verizon security? Or using fastboot OEM unlock + flash superuser. I bet per hundred rooted phones, less Nexus's (and other unlockable phones) are bricked than phones that are tightly locked down. Pure speculation of course.
killboredom said:
Ok, yesterday morning my MAXX received the KitKat update. Brainlessly, I clicked upgrade. This put me into the oh so famous bootloop.
During one of the boot loops, I managed to unroot with Voodoo.
Then in fastboot, I had the brilliant (aka, incredibly stupid) idea of flashing an old recovery. I had thought it was the one from 4.2.2 but sadly, it was from the previous version.
This had the appearance of working as it then booted to KitKat upgrade, which after a couple minutes failed.
Now I'm completely stuck in fastboot mode. I can't flash the 4.2.2 recovery. I haven't tried anything else. FXZ back to 12.15.15 doesn't work. Gives the GPT failure.
So...my belief, based only on googling around, is that I need to wait for the FXZ for KitKat. Does that sound right?
Any other ideas?
Thank you in advance!!!!!!!!!!
Click to expand...
Click to collapse
It sounds like you're actually stuck partially on JB, partially on KK, hence why you're bootlooping. I had a very similar issue when I tried to install the KK update through update.zip .......... after a couple hours, I finally got it back up and running.
My method - use the Method 2 Manual flash steps I posted in Dev section here - http://forum.xda-developers.com/showthread.php?t=2580060
Let me know if it works. I had problems at first, but that should cover it. Getting system to flash was actually the hardest part
Did a Google and forum search and couldn't find anything concrete. Any help would be appreciated. Thanks in advance.
Sent from my SCH-I535 using Tapatalk
ProtheusIRC said:
Did a Google and forum search and couldn't find anything concrete. Any help would be appreciated. Thanks in advance.
Sent from my SCH-I535 using Tapatalk
Click to expand...
Click to collapse
With 4.3, the bootloader is locked permanent and at the moment there's no way to unlock. Once on 4.3 you can't downgrade or flash custom rom/kernel or custom recovery, however, you can root 4.3 with saferoot here http://forum.xda-developers.com/showthread.php?t=2565758
So no CWM? Is anyone working on it? What about this "Safestrap"?
Sent from my SCH-I535 using Tapatalk
ProtheusIRC said:
So no CWM? Is anyone working on it? What about this "Safestrap"?
Sent from my SCH-I535 using Tapatalk
Click to expand...
Click to collapse
Yes no CWM or TWRP since the bootloader is locked. Safestrap is a method of installing a separate loader from the locked one, it's working on some model like att S4, note, but not Verizon S3. The software is not stable yet, still have many bugs and glitches. I won't touch it...not just yet.
Lol ok. Well at least we have root.
Sent from my SCH-I535 using Tapatalk
ProtheusIRC said:
Lol ok. Well at least we have root.
Sent from my SCH-I535 using Tapatalk
Click to expand...
Click to collapse
I'm still keeping my ears open for an unlocked bootloder. Root is all well and good, but I'm getting jittery about flashing a different rom. Any news about progress on this?
akambience said:
I'm still keeping my ears open for an unlocked bootloder. Root is all well and good, but I'm getting jittery about flashing a different rom. Any news about progress on this?
Click to expand...
Click to collapse
The bootloader will never be unlocked. The original bootloader on the Verizon s3 wasn't even "unlocked." It was a completely different boot image that was leaked. AFAIK, no bootloader has ever been unlocked through hard coding. There are simply loopholes & workarounds. Kexec and Safestrap are two examples of workarounds. They are pretty much just as good as the real thing so there is still hope for those crack-flashers taken off guard by the new update.
Still, I can't sympathize with people who start threads like these: There have been countless "I took the 4.3 update. How do I flash ROMs?" posts. If you were really into flashing, you would never be in this situation.
It's the cardinal rule. NEVER ACCEPT OTAs!!!!!!
BattsNotIncld said:
The bootloader will never be unlocked. The original bootloader on the Verizon s3 wasn't even "unlocked." It was a completely different boot image that was leaked. AFAIK, no bootloader has ever been unlocked through hard coding. There are simply loopholes & workarounds. Kexec and Safestrap are two examples of workarounds. They are pretty much just as good as the real thing so there is still hope for those crack-flashers taken off guard by the new update.
Still, I can't sympathize with people who start threads like these: There have been countless "I took the 4.3 update. How do I flash ROMs?" posts. If you were really into flashing, you would never be in this situation.
It's the cardinal rule. NEVER ACCEPT OTAs!!!!!!
Click to expand...
Click to collapse
You didn't have to word it in that way. You sounded as if you were talking to a child, and then told me, in not so many words "Boo hoo, cry about it". This thread is old and I've learned quit a bit since then so next time you necro post, how about not being such a ****?
Sent from my SCH-I535 using Tapatalk
ProtheusIRC said:
You didn't have to word it in that way. You sounded as if you were talking to a child, and then told me, in not so many words "Boo hoo, cry about it". This thread is old and I've learned quit a bit since then so next time you necro post, how about not being such a ****?
Sent from my SCH-I535 using Tapatalk
Click to expand...
Click to collapse
Didn't mean to come off as a ****. I was just responding to the bootloader comment and went off on a rant. Sorry if you were offended.
I was, but you are one of the few who take responsibility for offending someone, so it's cool.
BattsNotIncld said:
Still, I can't sympathize with people who start threads like these
Click to expand...
Click to collapse
This was the part that offended me the most. Now, I'm by no means a noob, but I am man enough to admit there are LOTS of things I don't know. This phone was my brothers. HE took the OTA then traded it to me. So I was trying to find a way out of it. I've come to terms (I think) with being stuck with a locked bootloader but I am hopeful about kexec. Who knows?
Apology accepted.
Sent from my SCH-I535 using Tapatalk
Yeah since I didn't even know your whole story, I wasn't necessarily referring to you (even though it sounded like that). I was more referring to people that said they knowingly accepted the OTA. I just worded it very poorly.
That's unfortunate how you ended up with the locked bootloader, but the devs we have are outstanding and I'm sure they'll get a workaround going very soon. :good:
Haha This is what happened when no one unlocked the boot loader..lol
Sent from my Galaxy Nexus using xda premium
Don't do it!!!I unlocked the boot loader with ez unlock app and booted into recovery and hard bricked my sch i535. Just got it back got fixed with jtag. Gabbyanne on eBay is a life saver... Don't do it to yourself. Trust me
Sent from my SCH-I535 using Tapatalk[/QUOTE]
Germanlopez007 said:
Don't do it!!!I unlocked the boot loader with ez unlock app and booted into recovery and hard bricked my sch i535. Just got it back got fixed with jtag. Gabbyanne on eBay is a life saver... Don't do it to yourself. Trust me
Sent from my SCH-I535 using Tapatalk
Click to expand...
Click to collapse
Out of curiosity did jtag get you back to 4.1.2? I don't think anyone has reported one way or the other. From what I understand it should be impossible even for jtag but it's always good to verify.
ThePagel said:
Out of curiosity did jtag get you back to 4.1.2? I don't think anyone has reported one way or the other. From what I understand it should be impossible even for jtag but it's always good to verify.
Click to expand...
Click to collapse
It is impossible, you can't jtag the bootloader over the 4.3 baseband. It's more complicated after the update because the hardware keys are different. Changing the bootloader is only changing the software.
Sent from my SCH-I535 using Tapatalk 2
BadUsername said:
It is impossible, you can't jtag the bootloader over the 4.3 baseband. It's more complicated after the update because the hardware keys are different. Changing the bootloader is only changing the software.
Sent from my SCH-I535 using Tapatalk 2
Click to expand...
Click to collapse
I know just waned to make sure. You can never be sure until it is tried. For example invisiblek said that the ml1 firmware will brick the phone if you upgrade from a phone with the insecure bootloader because that's what happened to the s4 that took a 4.3 upgrade. Well I know from experience that wasn't true. Theory is just that until it has been tested who knows what samsung might have forgotten to do that might allow jtag to do that. Plus I have yet to hear if anyone has tried. Not saying it hasn't been done I just haven't seen anyone say more than got it back and it works.
*edit* I just found that thread he said you will brick and I must of missed the part where he said you probably wont if you upgrade the entire boot chain. But how would you end up in that scenario of being bricked? The root66 tars took out the entire boot chain and added only the insecure bootloader.
ThePagel said:
I know just waned to make sure. You can never be sure until it is tried. For example invisiblek said that the ml1 firmware will brick the phone if you upgrade from a phone with the insecure bootloader because that's what happened to the s4 that took a 4.3 upgrade. Well I know from experience that wasn't true. Theory is just that until it has been tested who knows what samsung might have forgotten to do that might allow jtag to do that. Plus I have yet to hear if anyone has tried. Not saying it hasn't been done I just haven't seen anyone say more than got it back and it works.
Click to expand...
Click to collapse
I get what you're saying, if it wasn't hardware coded then it could theoretically work.
The same thing could be accomplished through Odin though by flashing boot chains, ez unlock also proves it's hardware signed. Jtag would do the same thing ez unlock does, just on a more holistic level.
Best bet would be to Jtag a 4.3 developer edition bootloader, but I don't think it exists, because making one widely available for developer edition phones would be handing us an unlocked bootloader. They'd have to be made on a per phone basis with specific keys for each device. I highly doubt it exists, but if it did it might work if we could figure out how it's getting around the bootloader, like what step it's bypassing.
Sent from my SCH-I535 using Tapatalk 2
BadUsername said:
I get what you're saying, if it wasn't hardware coded then it could theoretically work.
The same thing could be accomplished through Odin though by flashing boot chains, ez unlock also proves it's hardware signed. Jtag would do the same thing ez unlock does, just on a more holistic level.
Best bet would be to Jtag a 4.3 developer edition bootloader, but I don't think it exists, because making one widely available for developer edition phones would be handing us an unlocked bootloader. They'd have to be made on a per phone basis with specific keys for each device. I highly doubt it exists, but if it did it might work if we could figure out how it's getting around the bootloader, like what step it's bypassing.
Sent from my SCH-I535 using Tapatalk 2
Click to expand...
Click to collapse
Truth but I had a idea a couple months ago but I don't have the balls to try it. With these qualcomm gs3 phones there is a emergency boot from sd card for the aboot. If you were hard bricked it might be possible to boot to the insecure bootloader that way. You could never do the flash back trick with terminal emulate so it wouldn't be a true fix but who cares unless you need your sd card (I do but I have learned to love 4.3).
ThePagel said:
Truth but I had a idea a couple months ago but I don't have the balls to try it. With these qualcomm gs3 phones there is a emergency boot from sd card for the aboot. If you were hard bricked it might be possible to boot to the insecure bootloader that way. You could never do the flash back trick with terminal emulate so it wouldn't be a true fix but who cares unless you need your sd card (I do but I have learned to love 4.3).
Click to expand...
Click to collapse
Really?
Ya, if you could do that you could simply run straight from the aboot file without the secure checks. That might actually work, but you'd have to get the insecure aboot loaded without it locking the phone, you'd have to try it immediately after loading the aboot image before a reboot.
Sent from my SCH-I535 using Tapatalk 2
BadUsername said:
Really?
Ya, if you could do that you could simply run straight from the aboot file without the secure checks. That might actually work, but you'd have to get the insecure aboot loaded without it locking the phone, you'd have to try it immediately after loading the aboot image before a reboot.
Sent from my SCH-I535 using Tapatalk 2
Click to expand...
Click to collapse
well you would need the debrick file from the insecure bootloader. that is what the debrick image is its the aboot image. So now that I think about it a little more the only way that would work is if qualcomm has its own bootchain and I would not doubt if it did but I am not technical enough to figure that out. the only way for people like me to find out is try and I will not purposelessly brick to try. I cant even justify asking someone who is hard bricked to try it. They are already mad it happened why add that extra stress.
---------- Post added at 03:34 AM ---------- Previous post was at 03:30 AM ----------
holy cow its 3:23 here I better go to bed so I can wake up at 9 and hopefully not fall asleep driving tomorrow.
I've been working on some stuff on my own but I am stimm pretty vanilla about android development in general (although that doesnt mean I havent developed anything else). Anyhow, I just wanted to ask exactly what effect the bootloader has on installing roms and such. I realize that this prevents anything besides touchwiz roms but I would like to know the in depth. It is my understanding that a stock kernel is required but what else?
carlofabyss said:
I've been working on some stuff on my own but I am stimm pretty vanilla about android development in general (although that doesnt mean I havent developed anything else). Anyhow, I just wanted to ask exactly what effect the bootloader has on installing roms and such. I realize that this prevents anything besides touchwiz roms but I would like to know the in depth. It is my understanding that a stock kernel is required but what else?
Click to expand...
Click to collapse
Well, I guess it would have to do with safestrap too. With safestrap, I might be wrong, but it doesn't give you the same access as a fully unlocked bootloader. I'm on an unlocked bootloader, but I'm stuck with ML1 firmware. Someone else will have to give more info on safestrap because I don't know much about it.
I guess I would check this out.
http://forum.xda-developers.com/sho....2] - I535VRUDNE1-Dump / Dev Discussion ONLY!
I would also pm the devs there if you really want to take this project over.
Good luck!
sjpritch25 said:
Well, I guess it would have to do with safestrap too. With safestrap, I might be wrong, but it doesn't give you the same access as a fully unlocked bootloader. I'm on an unlocked bootloader, but I'm stuck with ML1 firmware. Someone else will have to give more info on safestrap because I don't know much about it.
Click to expand...
Click to collapse
Apologies, I didnt acknowledge that in my post, but I am well aware that yeah safestrap does not at all give you the same freedom. So wait how are you on the unlocked bootloader and stuck? That's interesting. Safestrap is essentially not an actually replacement to your stock recovery it just allows you to flash modified stock based roms to a rom slot if you are on a locked bootloader. But if you are unlocked then in theory you should be able to flash cwm and start fresh. Also being on ML1 however, shouldnt you be locked to begin with?
razz1 said:
I guess I would check this out.
http://forum.xda-developers.com/sho....2] - I535VRUDNE1-Dump / Dev Discussion ONLY!
I would also pm the devs there if you really want to take this project over.
Good luck!
Click to expand...
Click to collapse
This is interesting, I thought everything had pretty much been abandoned for either too much of a challenge or new devices. Thanks
sjpritch25 said:
Well, I guess it would have to do with safestrap too. With safestrap, I might be wrong, but it doesn't give you the same access as a fully unlocked bootloader. I'm on an unlocked bootloader, but I'm stuck with ML1 firmware. Someone else will have to give more info on safestrap because I don't know much about it.
Click to expand...
Click to collapse
Same here. It's nice to be on an unlocked bootloader however. I'm on ML1 myself and never had any major issues. Safestrap basically allows you to use a different slot which doesn't touch the locked bootloader. On the 4.3 update which locked the bootloader there were several TW roms to chose from but when it comes to the newest baseband of NE1 your limited to stock and one other rom.
Sent from my SCH-I535 using Xparent ICS Tapatalk 2