Related
What's legal and illegal when it comes to hacking android (in USA)? I want to unlock the bootloader on my Verizon gs3. Is that illegal?
If you can point me to some definitive or authoritative resources, I would appreciate that. I have been googling this topic for a couple weeks, and as far as I can tell, it's currently legal to unlock your phone for use on another wireless carrier, but it is technically illegal to root or unlock bootloaders (by hacking). But what doesn't fit with that are the bounties I see offered for these activities, so I'm very uncertain either way.
bump
Its legal to do anything to your own device.
You can unlock the bootloader, root the phone, install custom firmwares, or break it to pieces with a hammer as long as it's yours...
Worst case scenario you can always start a new life in Mexico
ishaang said:
Worst case scenario you can always start a new life in Mexico
Click to expand...
Click to collapse
That just made my day.
ishaang said:
Its legal to do anything to your own device.
You can unlock the bootloader, root the phone, install custom firmwares, or break it to pieces with a hammer as long as it's yours...
Worst case scenario you can always start a new life in Mexico
Click to expand...
Click to collapse
Are you allowed to post the info of how to do it?
squebler said:
What's legal and illegal when it comes to hacking android (in USA)? I want to unlock the bootloader on my Verizon gs3. Is that illegal?
If you can point me to some definitive or authoritative resources, I would appreciate that. I have been googling this topic for a couple weeks, and as far as I can tell, it's currently legal to unlock your phone for use on another wireless carrier, but it is technically illegal to root or unlock bootloaders (by hacking). But what doesn't fit with that are the bounties I see offered for these activities, so I'm very uncertain either way.
Click to expand...
Click to collapse
The real issue is with the contract you sign with your carrier. As long as you are in the subsidised portion of your contract (generally 2yrs), the phone technically still belongs to them, not you.
Are they going to look for you to make an issue of it, no. If you need to make a warranty claim though, and they find out it's modified, they have the right to not honor the warranty if they choose (happens occasionally, but not widespread).
I mod my phones all the time, but I do it without any expectation of help from vzw if I break something and can't fix it.
Jmo, hope that helps
squebler said:
What's legal and illegal when it comes to hacking android (in USA)? I want to unlock the bootloader on my Verizon gs3. Is that illegal?
If you can point me to some definitive or authoritative resources, I would appreciate that. I have been googling this topic for a couple weeks, and as far as I can tell, it's currently legal to unlock your phone for use on another wireless carrier, but it is technically illegal to root or unlock bootloaders (by hacking). But what doesn't fit with that are the bounties I see offered for these activities, so I'm very uncertain either way.
Click to expand...
Click to collapse
In my opinion, as long as you have warranty, don't root your phone because it will void the warranty.
Its legal, but can void your warranty with the manufacturer or if you have bought your phone through a carrier they may have a clause in the agreement related to this.
Sony as a manufacturer is cool with you unlocking your bootloader, and they offer the instructions and code on their own website officially, here -http://developer.sonymobile.com/unlockbootloader/unlock-yourboot-loader/
So that's an example of it being legal.
Very helpful info, thanks! Now I think I'll switch to Sony instead of Samsung.
No problem, and good idea!
I've been a Sony user for a very long time, and generally their devices have never failed to deliver. On top of that they are very developer friendly and support the open source community a lot. This has been referenced in XDA also, many times. Besides that I do feel the build quality of Sony products is superior, and in phones their hardware specs and stock UI is also pretty decent.
oh it's good:highfive:
ite's legal to do anything on your phones of course (like unlock bootloader),
but if you want to test(hack) on other's phones, make sure you get their permission ^^
Reading around I've found some passing mention of Block C, how bootloaders should be unlocked on it and such because of Open Use terms set by google. I created a petition here: https://www.change.org/p/federal-co...-circumventing-security-ver?just_created=true that although it may not relate completely to XDA in every sense, needs support I feel. An XDA article on the topic may be found here for more information on the subject: http://www.xda-developers.com/it-is-illegal-for-verizon-to-lock-some-bootloaders/
Thanks in advance for any support, hopefully we can work around having to hack into the thing(s) and just get what we should've gotten all along.
Cheers :fingers-crossed:
Would be nice if we could get it unlocked. Not like they are loosing money off these phones now since they are so old by today's ever so speedy tech market.
Sent from my SM-G900V using Tapatalk
Question: would a bootloader be considered a "user application" in the sense that an application would be software? Or as firmware does it not extend to that?
BTW, here is a copy of my FCC complaint and text within. If anyone who is reading this has experience in the field and any pointers or arguments I could make that would be great:
For a great majority of phones currently sold by Verizon, many of which utilize Block C of the 700Mhz spectrum, the bootloader is locked. The original terms of Open Access allows for two exceptions only, the second being that the device must comply with other regulations, and the first that limitations may be made for "management or protection of the licensee's network." Locked bootloaders are in violation of Open Access, and thus the response from Verizon is that the allowance of such modification could cause breach in security, and thus such restrictions are necessary for that management. The counterargument to this is in part that phones from outside the network, sold by other manufacturers, as well as some sold through Verizon itself by certain manufacturers do not have any such restrictions. This lack in continuity wholly breaches any argument that security of the network could by improved by locking those devices in such a way that the original terms outweigh those exceptions.
Next comment by me:
Upon receiving reply from the subject of complaint, I have not thusfar been given what I would deem any substantial evidence that it is 1) a method of securing the licensee's network that is reasonable or consistently applied in any effective manner 2) not placing substantial burden on the customer relative to that originally applied by the OEM and 3) that it does not restrict the ability of any consumer to install applications (software, by nature including the operating system and related components) excluding for reasonable network management. This final point is troubling as of yet for the very reason that no specific examples or evidence was given to prove that it is necessary or that any plausible abuse or breach in security of the network may be exclusively performed by an end user with only a device with an unrestricted base firmware
And my last comment as of yet:
Thusfar, I have not yet received any written transcription, summary, or identifiable confirmation of receipt by the fcc from Verizon of the contact over phone that I have had with Verizon over this matter. I still find no reasonable objection to, or exception from, the contents of paragraph 222 and footnote 500 of FCC-07-132A1 that would allow for the restriction placed on these devices. Reasonable network management, as quoted as an exception by Verizon, has not been backed up or supported by any example or feasible hypothetical that a locked bootloader provides, in a direct manner, any noticeable or even quantifiably existent protection to the integrity of the carriers system over that of a phone without the restriction.
dreamwave said:
...
Click to expand...
Click to collapse
Verizon isn't going to do anything because you're in the minority. Locked bootloaders appeal to corporate/military for the security of Exchange. Bootloaders are not end user software, it is firmware, and firmware that isn't touched often at best. If you need proof of how locked bootloaders make a device more secure... all of XDA is your example. Anything that allows custom code to be flashed is a security risk.
If you took the time to look at other threads ranging from the S3, Note 4, etc, you'll learn that the S5 isn't the only one. Also, the reason the Devs don't work on it is because a failed bootloader exploit bricks the phone so that not even a JTAG will revive it.
The thing with root is its just injecting things inton a firmware to see if it will take. Any failure just means a stock rom needs to be flashed. While I can't stand the locked bootloader issue either, it's been beaten like a dead horse just as badly as people asking for root for OE1 and OG5 in basically every thread.
Spartan117H3 said:
Verizon isn't going to do anything because you're in the minority. Locked bootloaders appeal to corporate/military for the security of Exchange. Bootloaders are not end user software, it is firmware, and firmware that isn't touched often at best. If you need proof of how locked bootloaders make a device more secure... all of XDA is your example. Anything that allows custom code to be flashed is a security risk.
If you took the time to look at other threads ranging from the S3, Note 4, etc, you'll learn that the S5 isn't the only one. Also, the reason the Devs don't work on it is because a failed bootloader exploit bricks the phone so that not even a JTAG will revive it.
The thing with root is its just injecting things inton a firmware to see if it will take. Any failure just means a stock rom needs to be flashed. While I can't stand the locked bootloader issue either, it's been beaten like a dead horse just as badly as people asking for root for OE1 and OG5 in basically every thread.
Click to expand...
Click to collapse
The burden of proof is on them (as per the regulations), that they must prove that any restriction they make specifically allows for their network (not the phone) to be more secure. They need to prove (even if I am a minority complainee) that it falls under reasonable network management. I know that many parts have been harped on to no end, but what I'm arguing here seems not to have been argued in this way before. Many of the original complainees have not offered much beyond simply touting "open access", no real legal backing. Also, about the minority thing: the FCC has internal courts that are there to deal with complaints that don't necessarily affect a majority. They work like most other courts in that they decide what is right, not who has more money. I'm glad I'm dealing with the FCC now as in times past they were a bit more unresponsive to complaints by many people but now seem to be taking a more proactive approach to most everything.
Also, a major distinction in footnote 502 vs 500:
502: We also note that wireless service providers may continue to use their choice of operating systems, and are not
required to modify their network infrastructure or device-level operating systems to accommodate particular devices
or applications. Device manufacturers and applications developers are free to design their equipment and
applications to work with providers’ network infrastructure and operating systems, and must be given the applicable
parameters as part of the standards provided to third parties.
500: We note that the Copyright Office has granted a three-year exemption to the anti-circumvention provisions of
Section 1201 of the Digital Millennium Copyright Act, for “computer programs in the form of firmware that enable
wireless telephone handsets to connect to wireless telephone communication network, when circumvention is
accomplished for the sole purpose of lawfully connecting to a wireless telephone communication network.” It found
that software locks on mobile handsets adversely affect the ability of consumers to make non-infringing use of the
software in those handsets. 17 Fed. Reg. 68472 (Nov. 27, 2006). We also note that a court appeal of the exemption
ruling is ongoing.
1st point: a distinction between the operating system, and "firmware" as a "program", and by extension an "application"...but not necessary to argue as it, within 500, notes that "software locks on mobile handsets adversely affect the ability of consumers...handsets," and although this exception may have expired the original text acts as a type of precedent that establishes 1. that firmware is independent from the operating system and 2. that its restriction does not conform to "open access" or constitute "reasonable network management"
veedubsky said:
Would be nice if we could get it unlocked. Not like they are loosing money off these phones now since they are so old by today's ever so speedy tech market.
Sent from my SM-G900V using Tapatalk
Click to expand...
Click to collapse
the main reason they do it is because some people who brick their phones doing stuff they can't apply the warrantee to and still call tech support trying to get help
dreamwave said:
the main reason they do it is because some people who brick their phones doing stuff they can't apply the warrantee to and still call tech support trying to get help
Click to expand...
Click to collapse
Yea well they could always have a sign here clause that will relinquish them from any liability then unlock your phone.
veedubsky said:
Yea well they could always have a sign here clause that will relinquish them from any liability then unlock your phone.
Click to expand...
Click to collapse
That's my point but they wouldn't listen in the original chat with them on the phone so...oh well
dreamwave said:
That's my point but they wouldn't listen in the original chat with them on the phone so...oh well
Click to expand...
Click to collapse
Also with all the help here and rescue resources (also knowing that there is that SLIGHT chance to completely brick your phone) you can almost reverse anything... Except some people freak out and first thing they do is call VZW
dreamwave said:
The burden of proof is on them (as per the regulations), that they must prove that any restriction they make specifically allows for their network (not the phone) to be more secure. They need to prove (even if I am a minority complainee) that it falls under reasonable network management. I know that many parts have been harped on to no end, but what I'm arguing here seems not to have been argued in this way before. Many of the original complainees have not offered much beyond simply touting "open access", no real legal backing. Also, about the minority thing: the FCC has internal courts that are there to deal with complaints that don't necessarily affect a majority. They work like most other courts in that they decide what is right, not who has more money. I'm glad I'm dealing with the FCC now as in times past they were a bit more unresponsive to complaints by many people but now seem to be taking a more proactive approach to most everything.
Click to expand...
Click to collapse
So, you're on XDA. You know what an unlocked bootloader brings. And there is proof on here what an unlocked bootloader can do. Your argument is that they have yet to show you proof... but they could simply point to this forum if they were so inclined to respond to you. An unlocked bootloader allows for unsigned code. Unsigned code is a security risk because it's not verified by them. So how is this not reasonable proof?
I brought up the minority issue because you are REQUESTING an unlock, and as a minority, you are not their main customer base/source of profit, so they have little desire to appeal to you. I am NOT talking about being a minority in terms of not being heard in the case of a LEGAL issue, because there are class action lawsuits for that.
They could always simply start saying that their software is closed source, and you're not allowed to modify it/you agree to these terms when buying the phone. It seems that they're locking down the phones without making this disclaimer, because once again... it is only the minority who cares. That is why many of the developers jumped ship to T-Mobile or the Nexus phone.
I don't like the locked bootloader situation myself, but that just means I too will jump ship to the Nexus 6 when it comes out.
Spartan117H3 said:
So, you're on XDA. You know what an unlocked bootloader brings. And there is proof on here what an unlocked bootloader can do. Your argument is that they have yet to show you proof... but they could simply point to this forum if they were so inclined to respond to you. An unlocked bootloader allows for unsigned code. Unsigned code is a security risk because it's not verified by them. So how is this not reasonable proof?
I brought up the minority issue because you are REQUESTING an unlock, and as a minority, you are not their main customer base/source of profit, so they have little desire to appeal to you. I am NOT talking about being a minority in terms of not being heard in the case of a LEGAL issue, because there are class action lawsuits for that.
They could always simply start saying that their software is closed source, and you're not allowed to modify it/you agree to these terms when buying the phone. It seems that they're locking down the phones without making this disclaimer, because once again... it is only the minority who cares. That is why many of the developers jumped ship to T-Mobile or the Nexus phone.
I don't like the locked bootloader situation myself, but that just means I too will jump ship to the Nexus 6 when it comes out.
Click to expand...
Click to collapse
Unsigned code is already possible to run in just installing an application not from the play store. To their network, an unlocked bootloader doesn't allow any code to be run on their network that can't already be run to the same extent on a phone with a locked one. Also, the petition was only really there to raise awareness about the issue to the public. The FCC is the only place I'm really able to do much against verizon.
Spartan117H3 said:
So, you're on XDA. You know what an unlocked bootloader brings. And there is proof on here what an unlocked bootloader can do. Your argument is that they have yet to show you proof... but they could simply point to this forum if they were so inclined to respond to you. An unlocked bootloader allows for unsigned code. Unsigned code is a security risk because it's not verified by them. So how is this not reasonable proof?
I brought up the minority issue because you are REQUESTING an unlock, and as a minority, you are not their main customer base/source of profit, so they have little desire to appeal to you. I am NOT talking about being a minority in terms of not being heard in the case of a LEGAL issue, because there are class action lawsuits for that.
They could always simply start saying that their software is closed source, and you're not allowed to modify it/you agree to these terms when buying the phone. It seems that they're locking down the phones without making this disclaimer, because once again... it is only the minority who cares. That is why many of the developers jumped ship to T-Mobile or the Nexus phone.
I don't like the locked bootloader situation myself, but that just means I too will jump ship to the Nexus 6 when it comes out.
Click to expand...
Click to collapse
And even if they make it closed source, forbidding the modification of the phone would be the subject of the exact terms of complaint that I've outlined
dreamwave said:
Unsigned code is already possible to run in just installing an application not from the play store. To their network, an unlocked bootloader doesn't allow any code to be run on their network that can't already be run to the same extent on a phone with a locked one. Also, the petition was only really there to raise awareness about the issue to the public. The FCC is the only place I'm really able to do much against verizon.
Click to expand...
Click to collapse
That app is sandboxed within the android os, meaning the app is limited by whatever the OS allows it to do. To be able to replace the firmware on the phone is a huge difference. I'm sure the 18k bounty made more headlines than this thread did, considering it was for both AT&T and Verizon, and that many different news outlets reposted it. It doesn't matter if many people know about it, because most people don't care if it doesn't involve them. This type of stuff has been done by other companies as well. Notable examples:
UEFI - Has to be signed before it can boot before windows 8/8.1 (but you can request to have things reviewed and signed, Ubuntu did this).
Intel - they locked down their processors and now sell/mark up K versions to enthusiasts who want to overclock.
dreamwave said:
And even if they make it closed source, forbidding the modification of the phone would be the subject of the exact terms of complaint that I've outlined
Click to expand...
Click to collapse
But then there's this:
dreamwave said:
To their network, an unlocked bootloader doesn't allow any code to be run on their network that can't already be run to the same extent on a phone with a locked one.
Click to expand...
Click to collapse
If you have an unlocked bootloader, couldn't you run whatever you wanted on their network which would be the reason of making it closed source/addressing the quote above this quote? I'm not quite understanding this.
Spartan117H3 said:
That app is sandboxed within the android os, meaning the app is limited by whatever the OS allows it to do. To be able to replace the firmware on the phone is a huge difference. I'm sure the 18k bounty made more headlines than this thread did, considering it was for both AT&T and Verizon, and that many different news outlets reposted it. It doesn't matter if many people know about it, because most people don't care if it doesn't involve them. This type of stuff has been done by other companies as well. Notable examples:
UEFI - Has to be signed before it can boot before windows 8/8.1 (but you can request to have things reviewed and signed, Ubuntu did this).
Intel - they locked down their processors and now sell/mark up K versions to enthusiasts who want to overclock.
But then there's this:
If you have an unlocked bootloader, couldn't you run whatever you wanted on their network which would be the reason of making it closed source/addressing the quote above this quote? I'm not quite understanding this.
Click to expand...
Click to collapse
what I'm disputing is the direct security impact to their network an unlocked bootloader poses compared to a locked one. If it is possible to run the same code on a locked bootloader that would post a direct threat to the integrity of their network then it doesn't constitute reasonable network management.
dreamwave said:
what I'm disputing is the direct security impact to their network an unlocked bootloader poses compared to a locked one. If it is possible to run the same code on a locked bootloader that would post a direct threat to the integrity of their network then it doesn't constitute reasonable network management.
Click to expand...
Click to collapse
But it's not. Unlocked bootloader allows much more freedom/allows you to run code that you can't on a locked one.
Spartan117H3 said:
But it's not. Unlocked bootloader allows much more freedom/allows you to run code that you can't on a locked one.
Click to expand...
Click to collapse
Code that can directly impact the security of their network infrastructure, not just your phone?
dreamwave said:
Code that can directly impact the security of their network infrastructure, not just your phone?
Click to expand...
Click to collapse
In the case of Samsung phones, it would undermine the security of at minimum the device that connects to the Exchange service. To the extent, I have no idea, I'm just here speculating/learning, but I thought that was one of the reasons they gave for locking it down.
Spartan117H3 said:
In the case of Samsung phones, it would undermine the security of at minimum the device that connects to the Exchange service. To the extent, I have no idea, I'm just here speculating/learning, but I thought that was one of the reasons they gave for locking it down.
Click to expand...
Click to collapse
The thing is that they can only restrict devices like that if it has any impact on their network infrastructure, if they can't prove it does they can't really do anything about it
dreamwave said:
The thing is that they can only restrict devices like that if it has any impact on their network infrastructure, if they can't prove it does they can't really do anything about it
Click to expand...
Click to collapse
Couldn't they claim something as simple as, a keylogger on a phone from a corporate/military person which would impact Exchange? Dunno. But that could be done with root. Bootloader makes it possible to root phones that aren't usually rootable though.
Hi
I know that this will sound like another hacked story but I know what to do.
My phone got hacked couple of months back.i didnt know it was untill the hacker started to leave clues. It was then that i started really payibg attention to everything going on. but keeping quiet abort it so that he or she thinks i didn't know
I know of 3 incidents that may have conpronised my security coupled by the fact that I did not practice password hygiene or unique ones for all accounts. I know that its totally my fault and i am not goings to blane Android os. So please dont think of this as one of tjose posts
What i now need is help in understanding what tondo next.
Little details on what happens, lets say i get search for some one on Facebook. The same is Charles smith, I Finish off my search and open Instagram boom i see a pictures where recommended shows a google search page where Charles is written and the Google auto complete is giving options .
Happened twice
I tumlr and I don't really post anything in fact My blog is totally blank. Suddenly i have people followings me and they tend of hame my nick name as their user id .the id displays my WhatsApp status updates.
These and just two examples i have more but i think everyone gets whats going on.
things i have done to prevent such occurences factory formatting the phones mac abd router. Gotten new routers and ready to flash a custom firmware for them.
Password changes .everything.wps2 aes wifi password with random numbers upper case lower case n symbols
Passwords are written on paper without a electronic backup and under lock and key.
I thought that maybe its a key logger but i took my moto x2 n moto e2 to the service center and got them to re load official software.
Two days later bam the same thing.
Any suggestion on where the weakness is ?
The problem is that I am kind of tired if thi
Sent from my XT1092 using XDA Forums
Check account sync settings if it is on more applications can use various private data.
Sent from my A0001 using XDA Free mobile app
i dont understand?
can u explain , i have sync on should I not have it
on different note does anyone suggest rooting and installing something that can isolate and restrict data from being accessed. now i know that exposed does that and marshmallow will work that out. but any other guidance ?
Did you use a virus or malware scanner?
Are there any apps you didn't install on your phone?
If i were you, i would start with doing the following steps by their exact order to get rid of the hacker and operate on a "safe" system.
1- Backup personal files to pc and deep scan them with virus scanner, make sure they're clean.
2- Unlock the bootloader of device and flash every image manually with fastboot from stock factory image.
3- After flashing the images, go to stock recovery and wipe data / factory reset and wipe cache for a complete, untouched system.
4- Change account passwords with stuff that are unrelated to you. I mean if you made a google search for firedance, don't include dance or fire in any your passwords.
* also change the " forgot my password " questions and their answers.
5- Once you boot the system, download any ota packages from the manufacturer to be sure you'd be on a safer and patched software for security.
For future securtity, be sure to check apps permissions before installing anything from google play or external places. Don't root your device and don't enable USB Debugging in developer options. Hope it helps.
Semseddin said:
If i were you, i would start with doing the following steps by their exact order to get rid of the hacker and operate on a "safe" system.
1- Backup personal files to pc and deep scan them with virus scanner, make sure they're clean.
2- Unlock the bootloader of device and flash every image manually with fastboot from stock factory image.
3- After flashing the images, go to stock recovery and wipe data / factory reset and wipe cache for a complete, untouched system.
4- Change account passwords with stuff that are unrelated to you. I mean if you made a google search for firedance, don't include dance or fire in any your passwords.
* also change the " forgot my password " questions and their answers.
5- Once you boot the system, download any ota packages from the manufacturer to be sure you'd be on a safer and patched software for security.
For future securtity, be sure to check apps permissions before installing anything from google play or external places. Don't root your device and don't enable USB Debugging in developer options. Hope it helps.
Click to expand...
Click to collapse
Don't Root your device? Don't check USB debugging? Seriously? That is your answer? Wow, do you work for Verizon or AT&T by some chance? Sorry, but with Root and some nicely placed Xposed modules, this persons phone or tablet would be more safe than anything g Verizon or AT &THE could conjure up. You are a dope! Lol! Seriously, go away. Bother another community. ?
Sent from my SM-N910V using Tapatalk
Jaytronics said:
Don't Root your device? Don't check USB debugging? Seriously? That is your answer? Wow, do you work for Verizon or AT&T by some chance? Sorry, but with Root and some nicely placed Xposed modules, this persons phone or tablet would be more safe than anything g Verizon or AT &THE could conjure up. You are a dope! Lol! Seriously, go away. Bother another community. ?
Sent from my SM-N910V using Tapatalk
Click to expand...
Click to collapse
Pardon me but where does that come from ? Made me laugh. Since this is security forum, the first priority is security not your "nicely put xposed modules whatever that means". It is said many times by security experts rooting an android device removes a big portion of layer of security. I unfortunately don't work for AT&T or Verizon but i wish i worked for them for a nice salary.
This one is coming from the recognized developer and moderator of XDA Android Security forum. Someone who have exploited devices and found vulrenabiliies that you can't even dream of. Lets say i am a "dope" and you're the smart guy. Are jcase, steve kondik dopes as well ?
http://securitywatch.pcmag.com/secu...-have-android-settings-from-a-security-expert
http://www.dailytech.com/CyanogenMod+Creator+Tells+Android+Users+to+Rethink+Rooting/article33058.htm ( yeah, even steve kondik doesn't approve rooting for general users.
https://blog.kaspersky.com/rooting-and-jailbreaking/1979/ " Kasperksky a security platform well known for years are also against rooting.
Think again if you can who is the dope, now, go bother in your nicely put xposed modules forums for the sake of security. :good:
Semseddin said:
Pardon me but where does that come from ? Made me laugh. Since this is security forum, the first priority is security not your "nicely put xposed modules whatever that means". It is said many times by security experts rooting an android device removes a big portion of layer of security. I unfortunately don't work for AT&T or Verizon but i wish i worked for them for a nice salary.
This one is coming from the recognized developer and moderator of XDA Android Security forum. Someone who have exploited devices and found vulrenabiliies that you can't even dream of. Lets say i am a "dope" and you're the smart guy. Are jcase, steve kondik dopes as well ?
http://securitywatch.pcmag.com/secu...-have-android-settings-from-a-security-expert
http://www.dailytech.com/CyanogenMod+Creator+Tells+Android+Users+to+Rethink+Rooting/article33058.htm ( yeah, even steve kondik doesn't approve rooting for general users.
https://blog.kaspersky.com/rooting-and-jailbreaking/1979/ " Kasperksky a security platform well known for years are also against rooting.
Think again if you can who is the dope, now, go bother in your nicely put xposed modules forums for the sake of security. :good:
Click to expand...
Click to collapse
For a dope, I suppose that Root is a security risk. But, just because a device is not Rooted, does not mean it is secure by any stretch of the imagination. Truthfully, they are more unsecured if locked out from the user. That is, if the person is not a dope. What I am saying is that your advice, for the OP to take every update and not Root, was not really that helpful. If the OP installed an app that was a risk, then all the updates and non Root, will not help them. Now, if you were to show them, that if they were to Root, and use certain apps and modules on their device. Then they could keep a better eye out for potential problems. But, even if they did as I just said. If the OP is being a dope, and installing apps that, let's say, they obtained from a torrent site. Then, well, dope would be a fitting title for them as well.
And, if those recognized developers stated that Root was not good at all. Then yes, dope would be a fitting application of the word. Root is only bad for those that are dopes.
I believe that you inadvertently called the OP a dope. You did not help them all that well. What you did was help them to get rid of the problem temporarily. Do we know who apps are on their device? It would be a good idea to know these things. Also, where did they get these apps from? Kind of a big deal there.
But, if you were wondering what it is that I am talking about in regards to xposed. Look it up.
http://repo.xposed.info/module/de.robv.android.xposed.installer
I suggest the OP do the same. As well as anyone else who is having g issues. Now, knowing about xposed and the modules that can accompany it. Will not fully protect anyone from blatant stupidity. Read, read, read. And practice safe device use. There are so many avenues to protecting g ones self. But a big one that anyone can do. Don't download from shady places. Though, it is even very possible to get in trouble from apps from the Play store. Knowing what apps are asking for what permissions is important. What bothered me about your post is that you in the same post, stated for them to unlock the bootloader and then, to not root. Verizon and AT&T are advocates of the no Root behavior. And that sickens me. As well as many others. Instead of helping g people to see the dangers. They are told to do the most simplest of tasks, not to Root. And that they would be fine. Absolutely and completely false and misleading. Now, and again, for a dope. I suppose this would be fine. Though, it is not helpful. Education into matters are. One needs to seek out the underlying issue first. Then attempt to educate. As far as calling you a dope, I do humbly apologize for my Choi e of words. You did not deserve that. It would have been just fine for me to build onto what you suggested. Which was good advice. So, I am sorry. And yes, I am very much a dope at times .
Sent from my SM-N910V using Tapatalk
Jaytronics said:
For a dope, I suppose that Root is a security risk. But, just because a device is not Rooted, does not mean it is secure by any stretch of the imagination. Truthfully, they are more unsecured if locked out from the user. That is, if the person is not a dope. What I am saying is that your advice, for the OP to take every update and not Root, was not really that helpful. If the OP installed an app that was a risk, then all the updates and non Root, will not help them. Now, if you were to show them, that if they were to Root, and use certain apps and modules on their device. Then they could keep a better eye out for potential problems. But, even if they did as I just said. If the OP is being a dope, and installing apps that, let's say, they obtained from a torrent site. Then, well, dope would be a fitting title for them as well.
And, if those recognized developers stated that Root was not good at all. Then yes, dope would be a fitting application of the word. Root is only bad for those that are dopes.
I believe that you inadvertently called the OP a dope. You did not help them all that well. What you did was help them to get rid of the problem temporarily. Do we know who apps are on their device? It would be a good idea to know these things. Also, where did they get these apps from? Kind of a big deal there.
But, if you were wondering what it is that I am talking about in regards to xposed. Look it up.
http://repo.xposed.info/module/de.robv.android.xposed.installer
I suggest the OP do the same. As well as anyone else who is having g issues. Now, knowing about xposed and the modules that can accompany it. Will not fully protect anyone from blatant stupidity. Read, read, read. And practice safe device use. There are so many avenues to protecting g ones self. But a big one that anyone can do. Don't download from shady places. Though, it is even very possible to get in trouble from apps from the Play store. Knowing what apps are asking for what permissions is important. What bothered me about your post is that you in the same post, stated for them to unlock the bootloader and then, to not root. Verizon and AT&T are advocates of the no Root behavior. And that sickens me. As well as many others. Instead of helping g people to see the dangers. They are told to do the most simplest of tasks, not to Root. And that they would be fine. Absolutely and completely false and misleading. Now, and again, for a dope. I suppose this would be fine. Though, it is not helpful. Education into matters are. One needs to seek out the underlying issue first. Then attempt to educate. As far as calling you a dope, I do humbly apologize for my Choi e of words. You did not deserve that. It would have been just fine for me to build onto what you suggested. Which was good advice. So, I am sorry. And yes, I am very much a dope at times .
Sent from my SM-N910V using Tapatalk
Click to expand...
Click to collapse
Humble apology accepted.
You may not like AT&T and Verizon for their tight stance against rooting.I don't like that as well. They're filling their devices with their bloatware and excluding some very useful features from their customers like hotspot for free. However, Anyone who owns an operator variant of a specific device have already signed a contract with his operator already accepted their terms and that's why they get their bloated and controlled devices for cheaper prices in long term instead of paying full in cash. That said, i see nothing wrong with AT&T or Verizon's policy of keeping their devices locked to death since rooting would take a stake from their business and that was not their agreement with their customers. This is not the subject of this thread for sure. Should add, i see nothing wrong if a contracted owner a device wants to take full potencial out of it by rooting since it is the only way for them to get rid of bs in their devices. This is another discussion, not related to this thread.
I will use the word " regular user " instead of "dope" since nobody have to be knowledgeful about android security. Being someone without a clue of android security wouldn't make them a "dope". I currently sport a Moto Maxx, a bootloader unlockable variant of Verizon Droid Turbo sold in Brazil. I paid about 150$ more just to be free of Verizon Bloatware for the exact same hardware. I could have paid 150$ less and bought a Verizon Droid Turbo but i didn't just because i knew i would have Verizons' bs running in my phone every second. There used to be a time for me when rooting was a must with android because i used to own devices bloated with Motoblur, having low amount of ram and storage as well as unavailbility of disabling/deleting of unwanted apps. Now, i have 3gb of ram and 64gb storage with near Vanilla Android experience with my phone. I asked myself, what the heck do i need rooting for ? The answer was easy : nothing.
Lets say, android is an apartment, the root is the key to its door, xposed is the "watchdog" and hacker is the "thief". Would you keep the door unlocked and rely on a dog for its security ? I personally wouldn't do that cause the dogs can be fooled easily by a piece of meat and most importantly they have no responsibility at all. After all, It is just a dog serving for free without any responsibility. I couldn't ask for insurance as well cause i was the one who kept the door unlocked. I am also aware that any door can be opened without a key and the dog can be bypassed easily and the hacker can get whatever he wants. Things will happen if they're destined to be happen, we can't avoid some. Still, it is always our responsibility to keep the door locked in the first place and take counter measurements against. That was what i was pointing in my post.
Disabling USB debugging is the first thing one should do if there're concerns about security and this is not coming from a "dope" but security experts of android. :good:
Semseddin said:
Lets say, android is an apartment, the root is the key to its door, xposed is the "watchdog" and hacker is the "thief". Would you keep the door unlocked and rely on a dog for its security ? I personally wouldn't do that cause the dogs can be fooled easily by a piece of meat and most importantly they have no responsibility at all. After all, It is just a dog serving for free without any responsibility. I couldn't ask for insurance as well cause i was the one who kept the door unlocked. I am also aware that any door can be opened without a key and the dog can be bypassed easily and the hacker can get whatever he wants. Things will happen if they're destined to be happen, we can't avoid some. Still, it is always our responsibility to keep the door locked in the first place and take counter measurements against. That was what i was pointing in my post.
Disabling USB debugging is the first thing one should do if there're concerns about security and this is not coming from a "dope" but security experts of android. :good:
Click to expand...
Click to collapse
To show how ridiculously and persistently wrong you are, I am going to use your above example. If root is your key, then what you are doing is giving that key to Google and device manufacturer, while throwing your own copy away. In your own apartment, you are only allowed to go where google and verizon let you. This makes no sense whatsoever, unless the apartment owner is a real dope (no personal offence meant).
Disabling usb debugging also sounds like an aria from the same opera. If the device is on your person, this provides no additional security at all, as usb debugging is only relevant when your phone is connected to computer. If someone physically takes your device, it would take 10 seconds to enable debugging.
Root provides you an opportunity to control your device and restrict system apps, thereby reducing possibilities for hackers to take over your phone... As I have already mentioned before, every operating system provides root access to users. The only reason it is not done on smart phones is becase manufacturers, carriers and OS providers want to turn users into walking advertising beacon-dopes. Again, no offence meant...
optimumpro said:
To show how ridiculously and persistently wrong you are, I am going to use your above example. If root is your key, then what you are doing is giving that key to Google and device manufacturer, while throwing your own copy away. In your own apartment, you are only allowed to go where google and verizon let you. This makes no sense whatsoever, unless the apartment owner is a real dope (no personal offence meant).
Disabling usb debugging also sounds like an aria from the same opera. If the device is on your person, this provides no additional security at all, as usb debugging is only relevant when your phone is connected to computer. If someone physically takes your device, it would take 10 seconds to enable debugging.
Root provides you an opportunity to control your device and restrict system apps, thereby reducing possibilities for hackers to take over your phone... As I have already mentioned before, every operating system provides root access to users. The only reason it is not done on smart phones is becase manufacturers, carriers and OS providers want to turn users into walking advertising beacon-dopes. Again, no offence meant...
Click to expand...
Click to collapse
I see your point, respect it but disagree. Your example doesn't really work with my logic since you're putting players like Google/Verizon in the same league with an hacker. Yes, they for sure have control over their software since they're the one who created Android and offered the hardware along with an oem in the first place. These big companies are not like 3rd party devs who are irresponsible for any their actions.. If you happen to have sensetive privacy trust issues with Google, leave any android device out, you wouldn't even use google search in your pc.
A hacker having pyshical access to a device who would enable USB debugging in 5 seconds. is this what we're really talking about ? Anyone who have a device in hand doesn't need to be a hacker to get data from it. Have a coffee with the target sitting next to to him, memorize his passcode Done. Another way is to flash twrp and give some adb shell commands to bypass any lockscreen code. Done. USB debugging ON help with apk rooters and computer based root exploits as well.They rely on usb debugging to be on. You're hacked in no time.
I just can't trust any 3rd party dev more than my device manufacturer / operating system provider and network provider. I think the same for you like you're persistently and ridiciolusly wrong by giving too much credit to some unknown sources instead of those who have an actual business address. :good:
Just kiss each other already or dont say anything.
This thread is made by someone who needs help and you two both are taking it off topic instead of helping him. Now out of respect for that user, stop this endless conversation.
Semseddin said:
I see your point, respect it but disagree. Your example doesn't really work with my logic since you're putting players like Google/Verizon in the same league with an hacker. Yes, they for sure have control over their software since they're the one who created Android and offered the hardware along with an oem in the first place. These big companies are not like 3rd party devs who are irresponsible for any their actions.. If you happen to have sensetive privacy trust issues with Google, leave any android device out, you wouldn't even use google search in your pc.
A hacker having pyshical access to a device who would enable USB debugging in 5 seconds. is this what we're really talking about ? Anyone who have a device in hand doesn't need to be a hacker to get data from it. Have a coffee with the target sitting next to to him, memorize his passcode Done. Another way is to flash twrp and give some adb shell commands to bypass any lockscreen code. Done. USB debugging ON help with apk rooters and computer based root exploits as well.They rely on usb debugging to be on. You're hacked in no time.
I just can't trust any 3rd party dev more than my device manufacturer / operating system provider and network provider. I think the same for you like you're persistently and ridiciolusly wrong by giving too much credit to some unknown sources instead of those who have an actual business address. :good:
Click to expand...
Click to collapse
This is not about respect, disrespect or disagreements. The facts (not opinions) remain: every operating system on Earth provides root or administrative privileges to users. However, it is not given to the same user when he turns to a smartphone. There is no security reason whatsoever why a user has root on computer and no root on a smartphone.
As I have already said, there are plenty of non-security reasons for the above: the main one being to prevent the user from removing advertising junk and spying malware inserted there by manufacturers, carriers and software providers. Kids love it (above three) and Mother (NSA) approves...
Every argument against root invalidates itself when applied to computer OS: remember the user is the same.
@its the peanut
Please stop patronizing. This is a security discussion thread and we discuss security, which is beneficial to the poor guy, the OP... :silly:
Semseddin, what do you do to stop fastboot?
rooting and knowledge go hand in hand, the OP states device is rooted, but sounds like hasn't got the interest to know what's behind the process. that is why we don't have the slightest piece of evidence that his device has been compromised. just the users opinion that it has.
having su and adb debugging at least allows them to logcat.
Hello,
I got the ultra for about a month now, and frankly I am starting to get desperate since i couldn't yet unlock its potentials with the rooting. I have been trying different instructions on different websites, which turned out to be fake. rooting apps such as KingRoot fails, so I couldn't find a way!.
Just to be clear, I am very good at rooting any android device as long as I have clear instructions ,,, I mean with step by step guide I am the king of rooting :good:
Thanks for the supportm
While you are waiting for root, be sure to disable all automatic updates so that if root is found, the phone won't get patched accidentally to prevent you exploiting it.
speculatrix said:
While you are waiting for root, be sure to disable all automatic updates so that if root is found, the phone won't get patched accidentally to prevent you exploiting it.
Click to expand...
Click to collapse
True,
I seriously thought rooting an Android would be the same for all or most devices, i guess it's not!
Asus is going to release the bootloader utility for the ultra in a couple of months I persisted with their support services online and the last email I received informed me they are working on it.
I too contacted them, saying I was strongly considering the phone, but won't buy it without being able to unlock the bootloader. I am waiting for the reply.
If a bunch of people also contact them, perhaps they will realise that it really matters to some people and will promoted sales. OTOH, their customer service people might not understand and simply fob us off without passing the message on.
speculatrix said:
I too contacted them, saying I was strongly considering the phone, but won't buy it without being able to unlock the bootloader. I am waiting for the reply.
If a bunch of people also contact them, perhaps they will realise that it really matters to some people and will promoted sales. OTOH, their customer service people might not understand and simply fob us off without passing the message on.
Click to expand...
Click to collapse
where do I contact them?
https://www.asus.com/support/
I received a reply from them. Sadly it was a pre-formatted reply which simply included a link to their online return/repair/RMA service. Pretty pointless since I had specifically said I was *thinking* of buying but would only do so because as an android developer I need an unlocked bootloader. facepalm.
I sent a reply asking them to read my request more carefully. I don't expect much help from them.
I have tried to contact other Asus departments in the past and either never got a reply or only got a useless one.
Me getting desperate as well. The main reason I switched from iPhone to Android was trying its full potential and app development. It sucks they haven't released it yet. So let it be a lesson for the next Android phone I want to buy to do a through research in this forum.
I really want one of these phones but I must have root. I contacted the service centre asking when they will release a unlocked bootloader. Here is their responce -
"Thank you for contacting ASUS Service Care.
My name is Gilliant and it's my pleasure to help you with your problem.
We're so thankful to hear about your consideration of our product.
In regards to your concern, please be noted our new Zenfone series (ex: Zenfone 3, Zenfone 3 ultra, Zenfone 3 deluxe, etc) is not yet available with unlock bootloader tool. However, we also could not inform you the estimated release time of this tool since we don't have any available information yet. "
Sounds like it my never be release from that, so I'm not prepared to take the risk and get one early.
I got similar reply, and added they do not support rooting, like I don't know!
isn't there a way without Asus support? like a community or something!!
someone will almost certainly find a way to unlock the bootloader without Asus's help one day, but it may be a long time, and may be with some considerable risk to your phone.
so at the moment if you absolutely must have permanent root and unlockable bootloader, don't buy.
someone found that the Dirty Cow exploit worked on the Lenovo Phab 2 Pro, which has the same CPU, so there's a chance it might provide temp root on the AZf3U:
http://forum.xda-developers.com/showpost.php?p=69867475&postcount=2
maybe someone can get the binary and try it on the AZf3U?
I asked the guy, he responded with a link and I was able to build the binary using the NDK which I installed alongside Android Studio, and I did get root on my phone with it. I'm happy to share the binary if anyone wants to poke the AZf3U and see if it works.
This link says yes, the device CAN be unlocked/rooted and upgradable to android 7 as well. We're looking at the device, and hope to root, too. Anyone feeling lucky?
http://www.how-to-root.stream/2016/09/asus-zenfone-3-ultra-zu680kl-8130.html
.
hillg001 said:
This link says yes, the device CAN be unlocked/rooted and upgradable to android 7 as well
Click to expand...
Click to collapse
the date on the article means it's quite possibly bogus, given the AZf3U's general availability date.
Well, there are people who wrote 'thanks' for the info, so that would hint of its authenticity. In any event, our 3/ultra device is now on its way, being shipped to us even as i write this. If no one else is brave enough - I'll let you know how it goes once we get it up & running.
Is there someone with an AZf3U willing to trust me and try the dirtycow exploit?
I've uploaded the dirtycow exploit which I built using the Android Studio NDK to
http://www.zaurus.org.uk/download/CV...5195.built.tgz
there's two builds, one for for 32 and the other for 64 bit android
unpack and run on a linux box connected to the phone over ADB
the instructions on how to use it are here:
https://github.com/timwr/CVE-2016-5195
let me know if you need more help
Paul
speculatrix said:
Is there someone with an AZf3U willing to trust me and try the dirtycow exploit?
I've uploaded the dirtycow exploit which I built using the Android Studio NDK to
http://www.zaurus.org.uk/download/CV...5195.built.tgz
there's two builds, one for for 32 and the other for 64 bit android
unpack and run on a linux box connected to the phone over ADB
the instructions on how to use it are here:
https://github.com/timwr/CVE-2016-5195
let me know if you need more help
Paul
Click to expand...
Click to collapse
I'm willing to give this a go but I don't do Linux (way too much hassle and there's always something that doesn't work right out of the box). Is there a way to run this on a Windows machine? Or at the very least through a Hyper-V VM? (The issue with a VM would be access to the USB port...)
It should be possible to map your phone as a USB device through to a linux VM and try the process that way; any decent hypervisor should allow that, with virtualbox or Hyper-V. Create a linux VM using a distro of your choice, ubuntu 16.04 is popular, and then install Android Studio. Do a git clone and build the project. Warning, AndroidStudio is pretty huge, it will take a long while to download, I suggested minimising the number of Android versions you want to support to a minimum. You'll need the toolkit which includes fastboot and adb.
I also think it should be possible to adapt the process to run on a windows machine with a windows binary of ADB. Or, if you are willing, install Android Studio on your windows machine and add the NDK and then build this yourself, if that process would be more familiar.
Has anyone tried the bootloader unlock tool for the regular Zenfone 3 on the ultra??
People are hacking things left and right to effortlessly gain root or remove pattern locks on their Androids and thanks to devs of this wonderful resource they're not spending a dime in the process, but for some reason unlocking a hardlocked bootloader, an age-old problem, has no other method but the one costing $30. I'd love if someone could explain to me what makes it such a conundrum to figure out and why aren't more people trying to come up with a free solution for everyone.
Hi @4qx.
For devices that have OEM Unlocking grayed out (so you can't unlock the bootloader), there can never be a single solution that would work for every device. Different device manufacturers have their own ideas about security and contain proprietory code specific to that manufacturer, and it's further refined as new models from the same manufacturer come out.
Sometimes a device-specific vulnerability is found and can be taken advantage of to gain root. Sometimes the manufacturer makes a very specific but easy-to-find mistake on one particular version of Android on a single device that lets users officially unlock their bootloader, but that mistake is corrected with the next update for the device.
Even though you might not hear of someone working to root particular devices, it doesn't mean that no one is trying. It's common and expected that attempts that involve vulnerabilities would be kept as secret as possible so that a manufacturer can't patch them before developers can take advantage of what they found.
So the combination of different manufacturers, different models, different variations of models, different Android versions, and different manufacturer or device-specific security makes it near impossible to find a way to root all devices without exception.
Lastly, the easiest and universal method to start the path to being rooted is to have a device that lets you unlock the bootloader officially - preferably with no penalties like some manufacturers do. Anyone who buys devices that you can unlock the bootloader officially probably has no interest in finding a way to root other ways since it's so easy to do with an unlocked bootloader.
Edit: Also, regarding "free for everyone", it takes developers time to achieve what they do, so finding a way to root a device usually isn't a way to make money to live, so they do what they can when they can.
give it a try
https://github.com/bkerler/edl#for-generic-unlocking
If you're citizien of EU and bought an Android device in the territory of EU you never will have troubles with unlocking a phone's bootloader and rooting phone's Android.
Huawei will stop providing bootloader unlocking for all new devices
Earlier this month, we wrote about Huawei and Honor users not being unable to access the page for generating bootloader unlock codes. Now, they will stop providing unlock codes completely.
www.xda-developers.com
You shouldn't post here if you've NO knowledge about current legal situation in EU.
I am from germany too and can tell you Vodafone still sells Huawei devices. There are other brands with non-unlockable bootloader (Google, Samsung, Vivo, Oppo). OEMs tend to lock down their devices entirely for reason
aIecxs said:
give it a try
https://github.com/bkerler/edl#for-generic-unlocking
Click to expand...
Click to collapse
Unless I misinterpret what it says, it seems to be for enabling OEM unlocking. I was referring to unlocking a hardlocked bootloader.
Sorry maybe I didn't get you right. kindly share definition / example or at least descripe what you mean with "hardlocked bootloader"?
roirraW edor ehT said:
For devices that have OEM Unlocking grayed out
Click to expand...
Click to collapse
Was talking about something different, though I appreciate the info.
@aIecxs check this out. Some Xperia models, mostly Japanese ones, have unlockable OEM but are not allowed to have their bootloader unlocked.
Fairly enough there exist quit few devices where manufacturer provides official unlock code, but carrier locked down bootloader by ignoring, disabling or hiding OEM unlock toggle or other device specific methods. I feel "hardlocked bootloader" is a good way to differ from "non-unlockable bootloader" where bootloader is locked from manufacturer entirely (like Huawei)
If you can have it unlocked for £23 obviously XZ1C is unlockable, so if you can find sony leaked prog_ufs_firehose_8998_ddr.elf I would give it a try at least. Björn Kerler is a leading reverse engineer in scene and did good job to oppo rooting.
(you can check /dev/block/bootdevice/by-name/* if devinfo or config exist and decide if it's worth a try)