I see that I can add user-settable root of trust to the bootloader so I can set custom secure boot keys like PCs at https://source.android.com/docs/security/features/verifiedboot/device-state , so I think I can use a user modified init_boot image (including the magisk patched one) by signing it with my own keypair.
Also, I know that some manufacturers require 7 days for new devices to be unlocked (like Xiaomi) or do not allow user unlock at all. However, authorized repairers can flash signed factory system images without unlocking it. I guess it is implemented by internal (read-only) root of trust. But can I do this with user-settable root of trust part so I can become authorized repairer to my own device?
P.S. I am using a bootloader-unlocked Pixel 4 XL as my major phone now. I have bought a Pixel 7 Pro but not yet switched to it. I am looking for a method to take both security and scalability into account.
Good and interesting question, sadly I don't have a definitive answer to it - but a few thoughts:
As to your own keypair: I would think that the bootloader checks for integrity and you would need to patch bootloader as well to accept a user-key - not sure if this is feasible.....
AFAIK for Xiaomi devices the authorized repairers use EDL mode with a separate authentification - EDL-mode is (IMO) a separate very low-level boot mode.... I don't think this is related to the "normal" boot mechanism and its keys.....
Is there any specific reason you are aiming for a re-locked bootloader ? The only aspect I could think about is some specific apps that can detect an unlocked bootloader and refuse to function.... from a pure security standpoint I don't see a benefit from re-locking a modified device, at least until you really (!) know all modifications that have been done in low-level detail.....
s3axel said:
Good and interesting question, sadly I don't have a definitive answer to it - but a few thoughts:
As to your own keypair: I would think that the bootloader checks for integrity and you would need to patch bootloader as well to accept a user-key - not sure if this is feasible.....
AFAIK for Xiaomi devices the authorized repairers use EDL mode with a separate authentification - EDL-mode is (IMO) a separate very low-level boot mode.... I don't think this is related to the "normal" boot mechanism and its keys.....
Is there any specific reason you are aiming for a re-locked bootloader ? The only aspect I could think about is some specific apps that can detect an unlocked bootloader and refuse to function.... from a pure security standpoint I don't see a benefit from re-locking a modified device, at least until you really (!) know all modifications that have been done in low-level detail.....
Click to expand...
Click to collapse
The reason why I am aiming for a re-locked bootloader is that everyone can flash a modified image at bootloader. An evil maid or cop may be able to flash a trojan boot image when I am not with my phone.
Related
XDA today published an article about a vulnerability in the OnePlus 6 bootloader that allows the booting of a custom boot.img image without unlocking the bootloader. This is of course a huge security risk but I'm sure OnePlus will patch it in an upcoming update. In the mean time, let's have some fun!
Back in the good old days of the Nexus 4, it was possible to install an app that would write boot config data to the device from userland, with root, to toggle the bootloader between the locked and unlocked states. The object of this post? Do this as a community for the OnePlus 6!
Why do this?
There are two major gains to being able to do this:
Security: once a device is rooted we'd be able to re-lock the bootloader to prevent tampering or unauthorised images from being booted whilst keeping the perks of being rooted
Netflix HD: Widevine L1 keys aren't accessible when the Bootloader is unlocked. This way, we may be able to get our Widevine keys accessible again to get HD Netflix with root
I attempted to reverse some of the bootloader on my own a few weeks back but didn't have much luck. With this vulnerability, my thoughts are that we could dump the data partitions with a locked device (that is exploited using this trick) and compare them with an unlocked device. This might give us the magic data that the bootloader uses to determine whether a device is locked or unlocked. Then, in theory, we should be able to toggle this data from userland. The only caveat to this is that I don't know whether the unlock state is stored somewhere in the TrustZone or if it is written to the flash like they did back in the Nexus days.
I honestly have no idea whether this will work, but surely it's worth a shot? Just for reference, I recommend we look at diffing following partitions before and after locking:
param
sec
sti
ssd
frp
config
misc
We should also, to ensure there is no confusion, stick to OOS 5.1.5 stock + Magisk for root. Images of the above partitions can be obtained using dd.
If anybody has any further tips on bootloaders that either proves that this won't work, or perhaps can suggest other places this lock data could be stored, please do let me know!
NB: getting this data will involve at least one full data wipe of the phone so it might take time to dump the data, switch lock state then dump it again.
I also strongly suspect that we might hit the issue of Android Verified Boot noticing that the device is locked (but has a modified boot image when rooted). This would depend on whether the Android security checks are implemented as per the Android Verified Boot specification.
Who's in?
Couldn't you just hide Netflix HD from root detection in Magisk?
dgunn said:
Couldn't you just hide Netflix HD from root detection in Magisk?
Click to expand...
Click to collapse
No. With an unlocked bootloader the device is switched to Widevine level 3 instead of level 1. This means no HD playback in Netflix (and I believe Amazon) regardless of Magisk hide status. This may be the new normal for all unlocked devices with the Qualcomm SD 845 or newer.
blackthund3r;76765953[* said:
Security: once a device is rooted we'd be able to re-lock the bootloader to prevent tampering or unauthorised images from being booted whilst keeping the perks of being rooted
Click to expand...
Click to collapse
Are you sure about this? On Nexus 4 days Android didn't check at boot that all partitions were correct in order to boot, since some version ago it does (DM-verity). Are you sure you can re-lock the phone with root (system or boot modified) and still boot normally to userspace?
RusherDude said:
Are you sure about this? On Nexus 4 days Android didn't check at boot that all partitions were correct in order to boot, since some version ago it does (DM-verity). Are you sure you can re-lock the phone with root (system or boot modified) and still boot normally to userspace?
Click to expand...
Click to collapse
Well, I can confirm that with SafetyNet test passing, and Magisk hide enabled for Netflix, I can not get HD streaming.
This is highly interesting. I will be following that threat constantly. Thanks for opening that discussion.
So does this vulnerability allow flashing or booting of TWRP through fastboot without unlocking the bootloader. I am interested in keeping Netflix HD and gaining root access, but don't want to brick the device. I know that under normal circumstances you always unlock the bootloader before flashing any mods, but was curious of some devs thoughts on it.
Interesting read. You can root the device without unlocked bootloader
https://www.androidcentral.com/oneplus-6-bootloader-vulnerability-lets-anyone-access-your-phone?amp
the question is can we keep opened this feature and force to be opened.
Unfortunately oneplus bootloader doesn‘t support EIO mode,so it can't be boot if anything modified.
akaHardison said:
Unfortunately oneplus bootloader doesn‘t support EIO mode,so it can't be boot if anything modified.
Click to expand...
Click to collapse
Not true booted a magisk patched boot image and installed some modules
Is there Maby another methode to root hold safety net for widevine lv3
---------- Post added at 06:28 PM ---------- Previous post was at 06:23 PM ----------
joemossjr said:
Not true booted a magisk patched boot image and installed some modules
Click to expand...
Click to collapse
And did you also installed magisk to the boot img?!
Widevine L1 + V4A would make me very happy. Perhaps we should add a financial incentive like a bug bounty? I would certainly contribute some loot for this noble cause!
Since some people with OP5s and OP5Ts sent there phone to OP for L1 with the bootloader unlocked, I wonder if OP would consider offering a similar service. Even if it wasn't completely free I would probably do it unless it required re-locking the bootloader...
Upto this point, what I understand is that the OEMs hold keys that they use to sign the binaries as trusted such that only what they sign will be accepted and rest others will be rejected. Well, some devices I see can simply unlock using fastboot flashing unlock command when OEM Unlocking option is turned on in developers mode, however, some devices such as the ones from Xiaomi require their own special software to unlock the bootloader which they say is to prevent attackers from stealing the phone data. Well, one can easily flash firmware from Xiaomi without unlocking the bootloader. How do they do that? Does their proprietay software use some kind of keys that sign the firmware files? If so, do you know if it would be possible to replace the keys they use to sign.
Android's user data at any time can get stolen by hackers: here it doesn't matter whether device's bootloader is locked or unlocked.
Most of the Android devices comes to the market with a locked bootloader. Locking the bootloader is actually a kind of encryption of the Android system files. OEMs / carriers do so to keep the OS unaltered by the users. And this for good reasons, IMO. One have to respect
that their devices will be restricted to running software ROMs provided only by them.
To re-flash a phone's Stock ROM phone's bootloader must not be unlocked, because the OS is the original one , means not altered in any way by user.
Hello guys, This is my first thread on XDA forum.
I just bought Xiaomi device (Poco X3 Pro Global) a few days ago.
So this is my first time to try custom rom, I searched what I'm trying to do, I'd like to make sure whether what I understand is correct or not since I'm totally new on custom rom.
the sources I mainly referred to:
source1
source2
Basic assumption:
1. Only flash custom rom without rooting
2. All unlocking bootloader and flashing custom rom process done perfectly, and all resouces (recovery, rom, ADB tool etc...) used during process are 100% clean and genuine.
3. No cold boot attack (source2) happens on me.
Q1. source1 is really helpful, but it's from 2012, is this still valid today?
Q2. source1 is posted on Galaxy Nexus forum, but is this applied to all android based devices, right?
Q3. This threat model assumes attacker has physical access to device, then I guess unlocking bootloader itself is 100% totally irrelevant to software level security risks like malware or OS vulnerability, is this right? (assuming no rooting and 100% genuine rom and resources)
Q4. From source1 you can choose between [device encryption] and [relocking bootloader] to protect security, which methods do you recommend using?
I feel I'm much more inclined to try device encryption method since I don't know if it's possible to relock bootloader safely after migrating from Global stock rom to xiaomi.eu rom. (Can anyone confirm this?) I fear it become bricked during relocking process.
Q5. So if I set device encryption with strong password and turn off USB debugging mode, I need not too worrysome?
Are there any other points in terms of security to bear in mind if you use device with unlocked bootloader?
Thank you for reading my thread
[INFO] Understanding the risks of having an unlocked bootloader
While unlocking the bootloader on a Galaxy Nexus unleashes the full potential of the bootloader, it also poses a security risk. Even with your lockscreen protected with a pattern/PIN/password, not having flashed a custom recovery, having an...
forum.xda-developers.com
jwoegerbauer said:
[INFO] Understanding the risks of having an unlocked bootloader
While unlocking the bootloader on a Galaxy Nexus unleashes the full potential of the bootloader, it also poses a security risk. Even with your lockscreen protected with a pattern/PIN/password, not having flashed a custom recovery, having an...
forum.xda-developers.com
Click to expand...
Click to collapse
that's what I linked in thread (source1)
Only a side-remark:
An Android Smartphone bootloader is processor-specific and every OEM has its own version of bootloader specific for the hardware present in its environment.
It's the primary task of every bootloader to verify the Android OS to be loaded is genuine means signed by OEM to ensure the Android OS ( it's by nature a Custom ROM ) works flawlessly as it can be expected by user. People who use a phone as a tool and not as a toy probably never come up with the idea to unlock the bootloader because they know about the strengths and weaknesses of the phone when they bought it, they can expect that OEM did their best with regards to a phone's performance - OEMs are certainly not dumber than generally claimed by the modder / hacker scene.
My POV: Unlocking a phone's bootloader is an unnecessary action at all. If people do so they indirectly admit that they have purchased a phone that does not meet their expectations - they have made a wrong purchase.
Thanks for comment.
I understand your POV.
I realized later Global rom can't do call recording, that's the main reason why I try to flash xiaomi.eu rom and other optimazations are second reason.
And this phone will be my main phone so I wanted to make sure about security risk before I will change rom.
cromcromc said:
Thanks for comment.
I understand your POV.
I realized later Global rom can't do call recording, that's the main reason why I try to flash xiaomi.eu rom and other optimazations are second reason.
And this phone will be my main phone so I wanted to make sure about security risk before I will change rom.
Click to expand...
Click to collapse
Having an unlocked bootloader doesn't need to be a risk whatsover as long as you're not flashing untrusted ROMS and other components to the device and critically control anything being flashed to the device. If you're flashing a signed ROM from the manufacturer as it sounds like is your plan, there is nothing to worry about. You can even lock the BL again after flashing & optimizing if you absolutely wish to although usually not recommended.
Hi,
While going around this forum, i saw a lot that people where claiming that an unlocked phone had it's data fully secure if it was encrypted. Is it actually the case ?
From what i understand, a phone isn't encrypted with your pin code / password. It first generates keys, encrypts the phone with them, and then cyphers these keys using your code. The keys are then stored in a special partition of the phone's memory.
(And thus, if the phone needs be wiped, either remotely or because of too many failed attempts, it just deletes this partition)
Normally, it would be impossible to brute force a lock screen, since the phone will prevent more than ~ 15 attempts. However, with an unlocked device, couldn't an attacker with sufficient knowledge of the hardware be able to use the ability to flash custom boot images / roms to access these keys, and brute force them, bypassing the lock screen ? A sufficiently powerful computer could be able to brute force a 4, 6 or even 10 digits AES key in hours, if not minutes.
So :
1) Is this correct, and how the android encryption works ?
2) if it is, is there any device specific protections to prevent that ?
3) is there any ways to counterbalance that threat with an unlocked device, other than setting a 10 characters password ?
Thank you.
Short answer:
If phone's bootloader is unlocked, someone could take your phone, flash a malicious ROM that contains keystroke loggers or something, and then return the phone to you and wait for you to type your PIN or decryption password. It'd be better to keep the bootloader locked whenever you don't actually need to flash things via Fastboot.
xXx yYy said:
It'd be better to keep the bootloader locked whenever you don't actually need to flash things via Fastboot.
Click to expand...
Click to collapse
I guess this wanders into device specificness, but, at least for my device, pixel 6a, i read that you should never re-lock a bootloader without a completely stock firmware / boot image. So, how can you protect your bootloader while keeping your phone rooted ?
What has a device's bootloader to do with device's Android OS ? Nothing!
xXx yYy said:
What has a device's bootloader to do with device's Android OS ? Nothing!
Click to expand...
Click to collapse
The lockability of the bootloader depends on the signing of the OS!?
you are right. do not lock bootloader on pixel devices. imagine device is fully stock and locked, now some OTA brick device and recovery mode not able to unbrick by sideloading full OTA image - this is nightmare. google's solution is to RMA device, they do not provide any flash tool other than fastboot or WebUSB flash tool (via adb lol)
on the other hand, encryption is secured against bruteforce by gatekeeper (in TEE). as long as your device is powered off your data remains encrypted, unless you decrypt with credentials (we won't talk about the .dismiss() bug on decrypted devices)
Hi, I was wondering if anyone rooted with the most current firmware (November) for the SM-A326U could upload a system dump for me? Not odin firmware, just a system dump minus userdata. If you can help let me know. Or if you are on previous build that might help too. I am going to build a new boot image that allows OEM unlocking if at all possible. Thanks!
Sands207 said:
Hi, I was wondering if anyone rooted with the most current firmware (November) for the SM-A326U could upload a system dump for me? Not odin firmware, just a system dump minus userdata. If you can help let me know. Or if you are on previous build that might help too. I am going to build a new boot image that allows OEM unlocking if at all possible. Thanks!
Click to expand...
Click to collapse
Altering the boot image will not change whether OEM Unlocking is allowed, and is pointless as Android Verified Boot (as well as Samsung Vaultkeeper) will prevent flashing and loading of altered images.
The visibility of the OEM Unlocking toggle is controlled by the system property ro.oem_unlock_supported while the ability to toggle it is controlled by sys.oem_unlock_allowed. The former is set at firmware build time, while the latter is generally set by checking a cloud side whitelist.
In other words...While someone with root could potentially dump their system image, and you could edit these properties, you still wouldn't be able to flash the system image to your device, as you'd need Samsung's private cryptographic key to sign the firmware package.
I guess my question would be then, how are other people oem unlocking other samsung phones that are in the same situation without Samsungs verification?
V0latyle said:
Altering the boot image will not change whether OEM Unlocking is allowed, and is pointless as Android Verified Boot (as well as Samsung Vaultkeeper) will prevent flashing and loading of altered images.
The visibility of the OEM Unlocking toggle is controlled by the system property ro.oem_unlock_supported while the ability to toggle it is controlled by sys.oem_unlock_allowed. The former is set at firmware build time, while the latter is generally set by checking a cloud side whitelist.
In other words...While someone with root could potentially dump their system image, and you could edit these properties, you still wouldn't be able to flash the system image to your device, as you'd need Samsung's private cryptographic key to sign the firmware package.
Click to expand...
Click to collapse
Luckily for me I found a way to both bypass and disable knox and the need for the key...
Sands207 said:
I guess my question would be then, how are other people oem unlocking other samsung phones that are in the same situation without Samsungs verification?
Click to expand...
Click to collapse
Probably has something to do with the leaked code from Samsung, which to my understanding included some of the keys they used to sign updates and application packages. Since we have to stay in the "white" here on XDA, we can't allow any sharing of copyrighted intellectual property, even if it's already in the public domain...basically, our web hosts are pretty nervous about losing advertiser funding because of legal controversy.
Sands207 said:
Luckily for me I found a way to both bypass and disable knox and the need for the key...
Click to expand...
Click to collapse
Care to share? Knox =/= bootloader unlock so if you were able to enable OEM unlocking and unlock the bootloader, it's kinda moot...Knox on the other hand would trip if custom images were flashed, unless you found a way to sign the binaries using an aforementioned leaked key.
I was able to disable knox and FRP using a fairly common toolbox and gain surprisingly temporary root access today that ends when I reboot using a method that is still fairly early in development but does work. I will have time tomorrow to take a closer look