Hello,
I was wondering if anyone could help point me towards a working Stock AOSP ROM (No TouchWiz). Is there one in the works for Verizon models?
That's a tall order for this phone. None of the variants have one yet AFAIK. No documentation for the Exynos chip makes it too hard to develop it seems.
Due to the locked bootloader, we can not flash the custom kernel that would be needed to make a stock AOSP rom work. Only TW-based roms will work unless someone figures out how to unlock the bootloader.
There is work being done on porting CyanogenMod to one of the international variants. (this thread for the curious). However, even if that project is successful, it would be useless unless the bootloader for this phone is unlocked to allow installation of custom kernels on the Verizon model. This could, as I understand it come about in a couple of ways. The first is that someone finds an exploit that allows it, a feat that grows harder with each new generation of phone. The second is that there appears to be some question about whether Verizon/Samsung even have the right to lock the bootloader on the phone (I don'e want to make authoritative claims, I haven't really done the legal research, but the discussion starts here, this post also contains a link to a petition).
tl;dr No, this doesn't exist at the moment.
Side note, this kind of post should probably go in Q&A.
Related
I like all am excited about the bootloader finally being unlocked. Question is if it even matters. When running the batch file does the zip folder or file need to be on the phone (memory/ext sd card) to run it. I did it right from my windows desktop and it ran fine and finished but not sure if it really did anything.
aliasgx said:
I like all am excited about the bootloader finally being unlocked. Question is if it even matters.
Click to expand...
Click to collapse
Unlocking the boatloader will keep this from being the backwater of the Galaxy world. Now the d2vzw is the best phone on the best network in the US, without any reservation. In the really short term we won't see any difference, but it will lead to more developer interest. Developers can build ROMs for the device using the skills they already know without the hassle of learning Kexec and a different boot process. It'll allow official CyanogenMod support, and hopefully more cross-pollination with the other US GS3 variants. So yes, we wanted this.
Hey guys,
I've been playing around with the firmware on my Moto G and I didn't understand some things related to bootloader/partition table version and I hope someone more knowledgeable can explain me some things, in a more technical way if possible. Links to documentation are also appreciated!
So, apparently you have to keep an eye on bootloader, partition table, and OS versions so they match. You also cannot easily downgrade bootloader versions.
Also, I saw that you can brick your device if you try to flash 5.0.1 ota, then go back to 4.4.2 and flash 4.4.4 ota because of mismatched bootloader versions and will have to wait for official motorola 5.0.1 images.
My first question is why does this happen? If I get stuck on a particular bootloader version (in this case 5.0.1 GPE, right?) why can't I just boot the corresponding OS, why does the device brick (is it incompatible bootloader and partition table, so the bootloader can't find stage 2)?
Second question, apparently you CAN downgrade the bootloader versions, but have to follow some specific steps and use specific files. Why is that? What checks does the devices makes when upgrading bootloaders and what kind of files allow me to downgrade while passing those checks?
Third, why can't you boot older android versions with newer bootloaders? Doesn't the bootloader just initialize some devices and loads the kernel, can't you modify and older kernel to boot with the new bootloader or chainload and older kernel from a newer one? Also why does the boot processes change so frequently when it should be something very stable?
Fourth, what is the rationale behind not allowing you to freely switch bootloader versions?
Well, thats it. Sorry for the long post and thanks to anyone that can help me . Maybe I should post this in android development instead?
I follow .
I believe on Nexus hardware changing Bootloader is an easier process as those devices are deliberately Developer friendly. Motorola are open enough to allow unlocking, but as you have discovered, flashing an older Bootloader is a messy and dangerous process. Perhaps if enough people petitioned for a change, things might be different.
The Bootloader and Kernel are interrelated and that is why newer Bootloader versions break compatibility with previous iterations of Android (each with a unique Kernel.)
It's possible Kernel DEVs could offer a solution, but I suspect the reality is so few people care. The majority of users will get OTA Updates and never go back.
Uh, bump?
Anyone can tell me if there is a more appropriate place to ask question like these?
I hope it will give you some reference in these topics.
http://elinux.org/Android_Booting
http://androidforums.com/threads/android-partitions-kernels-explained.278898/
aryal.subasha said:
I hope it will give you some reference in these topics.
http://elinux.org/Android_Booting
http://androidforums.com/threads/android-partitions-kernels-explained.278898/
Click to expand...
Click to collapse
Thanks, but I already found those in Google and they aren't very useful. Too superficial and both focus on what happens AFTER the kernel is loaded, I'm interested more in the bootloader, how it verifies the signatures, etc.
Anyone?
I'm not sure if these questions have been answered before, but I can't find any information on them, so here I am.
1. How exactly is the bootloader "locked"? Is the kernel the only thing that can't be changed?
2. Is kexec possible on NE1?
I know that bootloaders were bypassed on some Motorola Droid devices via kexec. There was even an in-the-works kexec project for our device on an older firmware (that was abandoned only because someone figured out how to unlock the bootloader, or something along those lines). I also realize this is a biggish project, and most people still using the d2vzw didn't ever take the NE1 OTA and are able to flash custom kernels/ROMs. Knowing this, it could be possible that no one really wants to try, either because of time, apathy, etc. But I digress.
Sent from my SCH-I535 using Tapatalk
AluminumTank said:
I'm not sure if these questions have been answered before, but I can't find any information on them, so here I am.
1. How exactly is the bootloader "locked"? Is the kernel the only thing that can't be changed?
2. Is kexec possible on NE1?
I know that bootloaders were bypassed on some Motorola Droid devices via kexec. There was even an in-the-works kexec project for our device on an older firmware (that was abandoned only because someone figured out how to unlock the bootloader, or something along those lines). I also realize this is a biggish project, and most people still using the d2vzw didn't ever take the NE1 OTA and are able to flash custom kernels/ROMs. Knowing this, it could be possible that no one really wants to try, either because of time, apathy, etc. But I digress.
Sent from my SCH-I535 using Tapatalk
Click to expand...
Click to collapse
These questions have been beat into the ground, but I'll be happy to answer them again because they are interesting questions. Good ideas and discussion points anyway.
1) So the bootloader is locked by a series of signed boot sequences. These things can be easily researched on the internet in detail, but a general understanding of how the phone boots is helpful to understanding how this process works. Also every phone is unique, and every carrier has different implementations.
Samsung is especially a hugsePITA when it comes to these things. They allow no easy way to gain root access on your phone in any way. In comparison to HTC for instance, they allow nothing in terms of granting administrator access to anyone. HTC at least as an option for S-off, which allows full administrative usage for the device and turns off all boot checking features. This can't be patched in an easy way, and for an update to change this feature it would have to change the devices system information on an unreasonable level. All Samsung has to do is simply patch whatever vulnerability we find, because there is no way to turn S-off on a samsung phone, so all we do is look for bootchain exploits. If that makes any sense? Basically, samsung sucks, and that's the main reason I will never buy their phones ever again.
2) Any part of the boot sequence can be changed, but the signature affecting these things aren't really easy to trick. Kexec was a very easy exploit to use when it first came out, but the modules for it has thus been changed to disallow the command for kexec to load an insecure kernel. It simply can't work the same anymore since samsung released changes to their boot chain. This method won't be used on any future devices. Most recently we had the original root method and loki for the S4, which both affect the aboot sequence, and safestrap which is basically a modified recovery that uses the stock kernel to run a custom rom. Here's an example:
boot => sbl1 => sbl2 => sbl3 => whatever is here ==> maybe something else here ==> aboot => recovery mode or download mode or kernel => system rom
aboot = African canadian sock monkey exploit (basically an unlocked aboot file) and Loki exploits
recovery mode = safestrap exploit (tricks the kernel to boot a modified rom, but it has to work with the kernel)
As you can see in the chain, break any one of those sequences and it doesn't matter what follows, the phone is unlocked, problem is we've broken the chain about 2-3 times. Every time we find a vulnerability, the it gets patched and it makes it that much harder to find another exploit. Samsung does so much work patching the unlocking mechanism that it simply isn't even worth the effort to unlock it in the first place. We actually didn't even unlock the S3 in the first place. The aboot file was given to us by a Samsung employee and distributed quickly. This aboot file allowed us to change the kernel and recovery at will, without worrying about signature verifcation since the aboot file never asked for it. It was a full unlock for the phone. Once an update happened, it erased the modified boot image and disabled the unlocked bootloader.
This problem is unique to samsung btw, other phones aren't nearly as difficult to figure out and test.
BadUsername said:
These questions have been beat into the ground, but I'll be happy to answer them again because they are interesting questions. Good ideas and discussion points anyway.
1) So the bootloader is locked by a series of signed boot sequences. These things can be easily researched on the internet in detail, but a general understanding of how the phone boots is helpful to understanding how this process works. Also every phone is unique, and every carrier has different implementations.
Samsung is especially a hugsePITA when it comes to these things. They allow no easy way to gain root access on your phone in any way. In comparison to HTC for instance, they allow nothing in terms of granting administrator access to anyone. HTC at least as an option for S-off, which allows full administrative usage for the device and turns off all boot checking features. This can't be patched in an easy way, and for an update to change this feature it would have to change the devices system information on an unreasonable level. All Samsung has to do is simply patch whatever vulnerability we find, because there is no way to turn S-off on a samsung phone, so all we do is look for bootchain exploits. If that makes any sense? Basically, samsung sucks, and that's the main reason I will never buy their phones ever again.
2) Any part of the boot sequence can be changed, but the signature affecting these things aren't really easy to trick. Kexec was a very easy exploit to use when it first came out, but the modules for it has thus been changed to disallow the command for kexec to load an insecure kernel. It simply can't work the same anymore since samsung released changes to their boot chain. This method won't be used on any future devices. Most recently we had the original root method and loki for the S4, which both affect the aboot sequence, and safestrap which is basically a modified recovery that uses the stock kernel to run a custom rom. Here's an example:
boot => sbl1 => sbl2 => sbl3 => whatever is here ==> maybe something else here ==> aboot => recovery mode or download mode or kernel => system rom
aboot = African canadian sock monkey exploit (basically an unlocked aboot file) and Loki exploits
recovery mode = safestrap exploit (tricks the kernel to boot a modified rom, but it has to work with the kernel)
As you can see in the chain, break any one of those sequences and it doesn't matter what follows, the phone is unlocked, problem is we've broken the chain about 2-3 times. Every time we find a vulnerability, the it gets patched and it makes it that much harder to find another exploit. Samsung does so much work patching the unlocking mechanism that it simply isn't even worth the effort to unlock it in the first place. We actually didn't even unlock the S3 in the first place. The aboot file was given to us by a Samsung employee and distributed quickly. This aboot file allowed us to change the kernel and recovery at will, without worrying about signature verifcation since the aboot file never asked for it. It was a full unlock for the phone. Once an update happened, it erased the modified boot image and disabled the unlocked bootloader.
This problem is unique to samsung btw, other phones aren't nearly as difficult to figure out and test.
Click to expand...
Click to collapse
Thanks for the info. This is very informative. I had already in my own mind decided that Samsung sucked, but hearing someone else say it is refreshing!
Sent from my SCH-I535 using Tapatalk
I need a answer to BootLoaders and KNOX. My first Question is:
Which Galaxy S3's have a Locked Bootloader and at what version f/w is it locked or unlocked? (My understanding is that Verizon S3's are all bootloader locked and have read that some or most others are not, with some only unlocked until KitKat).
My Second Question is KNOX. How does KNOX relate to the BootLoader if at all? I have read many KNOX articles. Example is it flashed into a boot partition or bootchain, many places or just loaded to verify hash/signs/enforce, etc? Just how deep/comprehensive is the spyware integrated?
I currently have a MTR (long story) which is closest to the Vzw model, besides USC. Most Vzw ROMs work perfect, until 12+. These have misc issues mostly radio/wifi/BT.
Goal is to Update to the Lowest/Highest BootLoader that will allow proper BaseBand access with CM13. Keeping in mind I don't want KNOX or Locked BootLoader if at all possible. I was considering just extracting the bootloaders from NA1 and dd them or use Odin/zip if needed. As long as everything works I don't care about not being able to downgrade again to a lower version. I also don't want to spend a fortune on BST Tools either. Too bad there is not a LK/Aurora based open bootloader or even u-boot.
I do not really care about Warranty (prefer not having it say so), don't foresee needing KNOX Containers,etc. I have seen some ROMs with it stripped out, meaning its not absolutely necessary! I have even seen some custom "Voodoo" files that will wipe/mod/revert the flag if flashed (not even going there, have sd brick recovered twice). I would have posted in T-Mo, but not appropriate. I also cannot get a clear answer as to whether MetroPCS locked the bootloaders? I read that Samsung was enforcing it, via KNOX/NSA campaign. I trust xda more than any other generic Android site. I even went to teamusc and consensus is unlocked until late/last 4.x release. I recall it is the same, but cannot find it again!
I have read allot of opinions and guesses here and elsewhere, but want and need a clear answer! The S3 is still popular around this area believe it or not. Sorry for the length and organization of post... The information is spread out everywhere and almost every list of firmware do not add a notation. The more info the better! Thank you in advance for your time and help!
Requests for information belong in the Help section. Please read the sticky called "Rules for Posting in Development" when posting in that section.
THREAD MOVED
Good afternoon people of XDA,
Today is the dawn of a new day. A day where we begin the road to unlocking the bootloader to something that many believe is unlockable. Me and a few other users are starting a bounty to bring the incentive to life for all active developers. You can find my previous thread here. Now, when I say progress has been made, I mean that we have gotten into fastboot, we have donation incentives and we already have root so our tools are there we just have to find the exploit. Every day people are finding new exploits furthering our cause into reaching our goal. Now to the developers who want to pursue this, I've very much so tried to get active commands in fastboot but basically its just a dead fastboot for right now. The board on this phone and technologies behind it are so similar to its predecessors that somethings got to give. If you are interested in this cause, i.e. donating or deving on it, please contact me here, or email me at [email protected]
This is in our grasps friends. Spread the word, grab your fellow developers and lets get this thing to be a free wad of cash for whoever can bust it. Lets do this.
Attached is the spreadsheet for the current donations.
this kind of things never work...i mean, you make a donation and the people or the persons behind the scenes when getting high values like 400-500$ then buy a new phone and move on letting the desired phone to get development in the trash!!
Noooo, people should see, if a year old phone never came to life in development in the first 6-8 months then the development for it is dead and if you like to custumize the phone and flash things you need to move to a more flashable-friend device!
I have to agree with this. The Tmobile version has unlocked bootloader yet barely no development. What would make me that unlocking VS990 bootloader would all of a sudden spur development.
beavis5706 said:
I have to agree with this. The Tmobile version has unlocked bootloader yet barely no development. What would make me that unlocking VS990 bootloader would all of a sudden spur development.
Click to expand...
Click to collapse
I personally (and I think many other users) don't really need cooked roms. With gravity box, xposed and some other apps, I can "cook" my own rom (and believe me, it won't be that hard). All we need is a method for rooting. Using an android without rooting is even worse than an iphone without jailbreaking since iphones are undoubtedly smoother
presariohg said:
I personally (and I think many other users) don't really need cooked roms. With gravity box, xposed and some other apps, I can "cook" my own rom (and believe me, it won't be that hard). All we need is a method for rooting. Using an android without rooting is even worse than an iphone without jailbreaking since iphones are undoubtedly smoother
Click to expand...
Click to collapse
Indeed, a rooting method for version above MM is the most importing thing for us rather than flashing custom rom. However, system-less root is need to root MM or above and this is required modifying boot.img, therefore, bootloader unlocking is need. Unless, we have found a way to sign the modified boot.img to deceive the offical bootloader.
ivangundampc said:
Indeed, a rooting method for version above MM is the most importing thing for us rather than flashing custom rom. However, system-less root is need to root MM or above and this is required modifying boot.img, therefore, bootloader unlocking is need. Unless, we have found a way to sign the modified boot.img to deceive the offical bootloader.
Click to expand...
Click to collapse
What did you mean by "unless"? Have you found an evidence that MM bootloader is unlockable or not?..
presariohg said:
What did you mean by "unless"? Have you found an evidence that MM bootloader is unlockable or not?..
Click to expand...
Click to collapse
I mean even if the bootloader is not unlockable, somethings can be done to let us perform the same things just like bootloader is unlocked.
For example, some dev in G2 and G3 have released a tool called "Bump!" before that can sign any third party image and let it able to be run on offical locked LG bootloader.
source: http://forum.xda-developers.com/lg-g3/orig-development/bump-sign-unlock-boot-images-lg-phones-t2935275
But of course, since LG have fixed the bug, we can no longer do the same tricks now.
In China, there is name ???he has lg tool, this tool can unpack repack kdz tot, add root in tot.
This is weibo id http://m.weibo.cn/u/1684239753
Need help
andy_zhang said:
In China, there is name ???he has lg tool, this tool can unpack repack kdz tot, add root in tot.
This is weibo id
Click to expand...
Click to collapse
Hey, So I've been working to be able to get root, so far I have added root to the system.img and that's all done, I need this tool to be able to repack. Can anyone, or you, contact him and get this tool? This would be so helpful for me to get root and release it!!!!
abine45 said:
Hey, So I've been working to be able to get root, so far I have added root to the system.img and that's all done, I need this tool to be able to repack. Can anyone, or you, contact him and get this tool? This would be so helpful for me to get root and release it!!!!
Click to expand...
Click to collapse
What version of Android you are going to add root? I wonder that you cannot simply add root in /system after Android 6.0.
ivangundampc said:
What version of Android you are going to add root? I wonder that you cannot simply add root in /system after Android 6.0.
Click to expand...
Click to collapse
I'm trying different things but still i need to figure out how to repack a tot to find out what's going to work!! Does anybody know how to get that application?
abine45 said:
I'm trying different things but still i need to figure out how to repack a tot to find out what's going to work!! Does anybody know how to get that application?
Click to expand...
Click to collapse
For MM, unless you've found a way to get the SELinux context needed, repacking the system image will not work.
anyone having any luck with rooting MM?
I think at this point what we really need is a small set of testers who have a good insurance policy on their phones and are willing to risk bricking their phones. We've got the outline of a method which looks viable, but the details haven't been worked out and is hence likely to produce a few bricks before we get it working.
Sorry for dropping of the face of the planet for the past two months. In testing with my device it ended up being FUBAR after wiping my aboot completely and with that the phone would not boot to anything but a black screen. I sent it into LG and after some time they finally just replaced my motherboard. But the absolute sad part is that they have me upgraded to 6.0 which absolutely is crushing my world. SO until further notice I will not be testing the unlocking of the bootloader anymore but I will make efforts here in a few weeks to start work on rooting the device. @alvislee[email protected]