hi all
my theory is this but i ask all of you first if this has already been tried, With OTA updates these are all signed with i imagine official OTA keys so your device will install the update no matter what.
Now my question is, is there any way of reverse engineering the OTA signed zip files to figure out what these keys are so that we can make a ROM that will enable root on devices with Perfect SPLs
all information is appreciated
Thank you
If you have any place for me to download the T-Mobile OTA updates I'd be happy to look at them for you
Im not a proggrammer or lwayer, so take my word with a pinch of salt. Wouldnt this need reverse engineering? Making this whole deal illegal?
Required reading:
http://en.wikipedia.org/wiki/Public-key_cryptography
aron7awol said:
Required reading:
http://en.wikipedia.org/wiki/Public-key_cryptography
Click to expand...
Click to collapse
This. We need T-Mobile's private keys to sign the update, which won't be happening. If you can "reverse engineer" that then get ready to be famous, cause you just broke modern cryptography.
keemyb said:
Im not a proggrammer or lwayer, so take my word with a pinch of salt. Wouldnt this need reverse engineering? Making this whole deal illegal?
Click to expand...
Click to collapse
Depends on what country you live in. In the US, probably. In most other countries....probably not.
Those who know little about serious cryptography often assume that a particular encryption method is safe if nobody has cracked it. However, as the eminent cryptographer Bruce Schneier pointed out in his Crypto-Gram Newsletter dated 15 February 2003, "That's actually backwards. In the world of cryptography, we assume something is broken until we have evidence to the contrary." By this he means that an encryption method can be fully trusted only if it has been subject to rigorous and critical analysis by experts to check its resistance to all known cryptanalytic attacks.
While it is true that it's pretty much impossible to crack it, you can delete the keys and make your own. Although, I'm not exactly sure this is what he is looking for...
its encrypted, although you have a public key, you cant change a update since it breaks the signature... you also cant sign an update since you dont have the private keys... basically, no.
It depends on the strength of the encryption if it is AES-128 good luck you ain't never cracking it. If its RSA-512 It could be cracked by 1 person in 2 months. Or by a team of people say using boinc in 2 days. We cracked all the OS signing keys for the Entire line of Texas Instrument Graphing Calculators got a DMCA take down as well. We got EFF lawyers working to make sure we can keep working.
http://www.ticalc.org/archives/news/articles/14/145/145273.html
http://www.ticalc.org/archives/news/articles/14/145/145377.html
Isnt it illegal though to be cracking this stuff?
Not saying you would get caught but if you did you may or may not be charged.
But its easy to root so why try another approach?
What would make it illegal?
YOU own the equipment.
The modifications you do to your equipment do NOT enable you to break the law and DEFINITELY do not MAKE you do illegal things.
wow thanks for everyones replies, the only reason i question is for all the new android devices come with perfected SPLs which either conquer or make it very hard to gain root, so my theory was if we could get these keys we could make Roms signed by 'android' which would contain modified SPLs and recoverys
A will a way..
With modern encryption ..there are very few people who understand it..IT CAN BE BROKEN. NOw if u want to read about a sort of physical encryption check out quantum cryptograpy.
sync3 said:
With modern encryption ..there are very few people who understand it..IT CAN BE BROKEN. NOw if u want to read about a sort of physical encryption check out quantum cryptograpy.
Click to expand...
Click to collapse
im seeking some help on cracking this on a specialised java programming site so hopefully with some success we may have a solution
redmdc said:
im seeking some help on cracking this on a specialised java programming site so hopefully with some success we may have a solution
Click to expand...
Click to collapse
It's still a terrible idea. You'll make T-Mo very, very angry at both you and XDA, with almost zero real gain. The rooting process is trivial, and it works. I'd also recommend talking to a lawyer if you really intend to proceed.
its only for personal gain 'wink wink' i can do what i want with my own device as long as i do not distribute it intentionally
Actually, so long as you don't distribute any code or products themselves considered proprietary to T-Mobile, if you reverse-engineer their encryption key, there's nothing they can legally do about it.
What I mean by the above is that if we treat the decryption process in a manner similar to how Cyanogen does his current ROMs, and stick to simply releasing OSS-derived code, there's really nothing that T-Mo or anyone else can do 'bout it. The trouble with this is that it would require somehow maintaining the drivers for the SPLs on the device while only modifying the portions that lead to root.
Related
Just so everyone is aware, the kernel and the recovery partition signatures are checked on each boot, changing those will leave you with a brick, until we have proper firmware to recovery with.
I found out the hard way.
On my second Atrix now.
Casualty of war
Taking one for the team
Well that sucks..
any free partitions that we can "steal"? and basically pull a haret where it loads partially from legit bootloader and kernel, then shuffles off to a different partition we CAN write for the real kernel, unloads all that other stuff and then launches the new kernel partiion we've modified?
designgears said:
Just so everyone is aware, the kernel and the recovery partition signatures are checked on each boot, changing those will leave you with a brick, until we have proper firmware to recovery with.
I found out the hard way.
On my second Atrix now.
Click to expand...
Click to collapse
I guess that when we told you this, you just had to find out for yourself. The recovery should only be checked when you attempt to access it, but the kernel is checked on every boot. I hope you did not return to store as defective.
DG, thank you for putting yourself out there, and putting together roms along with the dev work.
Its nice to see some progress being done along side all the people on here saying what we shouldnt be doing/trying with our phones.
Athailias said:
DG, thank you for putting yourself out there, and putting together roms along with the dev work.
Its nice to see some progress being done along side all the people on here saying what we shouldnt be doing/trying with our phones.
Click to expand...
Click to collapse
Don't thank him for repeating something which had been confirmed.
jimmydafish said:
I guess that when we told you this, you just had to find out for yourself. The recovery should only be checked when you attempt to access it, but the kernel is checked on every boot. I hope you did not return to store as defective.
Click to expand...
Click to collapse
So you told me it was checked every boot (first bold), but it should only be checked when you access it (second bold)? Confused, on drugs or what?
I just found out the hard way for you, it's checked every boot accessed or not.
If you want to be elitist and not post up a FAQ about what you know (do you even have an atrix), please stop posting in here, you've done nothing but spout off what you know about other moto devices, it is clear they tightened things down a bit more.
jimmypopulous said:
Don't thank him for repeating something which had been confirmed.
Click to expand...
Click to collapse
everything you guys say, along with others says it SHOULD be checked when accessed, which means I should have been able to boot normally and fail when I boot recovery.
You guys keep saying its CONFIRMED, where is it documented for the atrix. Tests performed with document results as proof.
designgears said:
So you told me it was checked every boot (first bold), but it should only be checked when you access it (second bold)? Confused, on drugs or what?
I just found out the hard way for you, it's checked every boot accessed or not.
If you want to be elitist and not post up a FAQ about what you know (do you even have an atrix), please stop posting in here, you've done nothing but spout off what you know about other moto devices, it is clear they tightened things down a bit more.
everything you guys say, along with others says it SHOULD be checked when accessed, which means I should have been able to boot normally and fail when I boot recovery.
You guys keep saying its CONFIRMED, where is it documented for the atrix. Tests performed with document results as proof.
Click to expand...
Click to collapse
What is being elitist by my statement? That before you started playing with your shiny new toy, we advised that doing certain things with your phone without proper firmware to restore your phone, WOULD result in a "soft brick".
I do not have a motorola ATRIX, never said I did, but I can read the firmware pretty well. If your offended by my post I assume it is because offered up my standard line of "hope you did not return it as defective", because nothing else in that statement should lead you behave like a child.
Here how about this for a Facts, my rom was the first to safely remove Blur from the Droid series of phones safely, after reading the firmware from your phone, and your deodexed version of the firmware there are many portions you could remove safely.
If you have questions you could ask and get the answers, but as it stands right now, we are just trying to help you save yourselves. Many people will enter these forums, and while each person is responsible for their own device, they will try to follow what you have done and they too will soft brick their phone. I'm not sure of your ethical and moral makeup but too many people return their manipulated device to the provider as defective causing every to pay for their mistake.
I just hope you bought another Atrix outright and did not scam ATT/Motorola.
designgears said:
So you told me it was checked every boot (first bold), but it should only be checked when you access it (second bold)? Confused, on drugs or what?
I just found out the hard way for you, it's checked every boot accessed or not.
If you want to be elitist and not post up a FAQ about what you know (do you even have an atrix), please stop posting in here, you've done nothing but spout off what you know about other moto devices, it is clear they tightened things down a bit more.
everything you guys say, along with others says it SHOULD be checked when accessed, which means I should have been able to boot normally and fail when I boot recovery.
Click to expand...
Click to collapse
DesignGears,
Please don't let a claim-to-know-it-all self-righteous Prick like jimmydafish discourage your efforts.
As far as I'm concerned (and probably the majority of people who mash the refresh button on this subforum multiple times a day would agree) it's people like you (people who have actively contributed to the users here at XDA in the past (all your captivate work)), that make me feel lucky to own the same type of device that you and other dedicated devs like yourself own.
Its hard to imagine how someone who probably played a very small part on a team -- a team that, as far as I can tell, has never managed to actually produce any real results on the DX -- can know so much about a device he doesn't even own.
And if reading this post encourages members of any such team to get their panties in a wad and start talking about how they are not going to contribute here now, well then to that I say: good riddance. For every one small tip you may provide it seams like you offer two holier-than-thou-doughe-bag-comments that frankly this section of this forum could do without.
But again, thank you DesginGears and Devs like you
mburris said:
DesignGears,
Please don't let a claim-to-know-it-all self-righteous Prick like jimmydafish discourage your efforts.
As far as I'm concerned (and probably the majority of people who mash the refresh button on this subforum multiple times a day would agree) it's people like you (people who have actively contributed to the users here at XDA in the past (all your captivate work)), that make me feel lucky to own the same type of device that you and other dedicated devs like yourself own.
Its hard to imagine how someone who probably played a very small part on a team -- a team that, as far as I can tell, has never managed to actually produce any real results on the DX -- can know so much about a device he doesn't even own.
And if reading this post encourages members of any such team to get their panties in a wad and start talking about how they are not going to contribute here now, well then to that I say: good riddance. For every one small tip you may provide it seams like you offer two holier-than-thou-doughe-bag-comments that frankly this section of this forum could do without.
But again, thank you DesginGears and Devs like you
Click to expand...
Click to collapse
I can assure you I am not, glad to have support.
--
Jimmy, no hard feelins, sorry I wanted try something and learn from it, sorry you told me two opposing things in the same post(this is what I am *****ing about if you would read you would know that), sorry I act like a child, I guess calling it how I see it is childish. From all the PM's about you I just got and mburris reply, you have made my block list, have fun in there with rafy.
jimmydafish said:
I just hope you bought another Atrix outright and did not scam ATT/Motorola.
Click to expand...
Click to collapse
Maybe if more people softbricked and returned phones that have locked down bootloaders, oems and carriers might finally realize that when someone buys a piece of technology, they own it, and would like to use it as such.
That includes:
1. Not having some POS skin on top of stock android (Blur)
2. Not being locked into paying twice for the data we already pay for (tethering)
3. Not being allowed to easily install non-market apps that we develop without jumping through hoops (slide loading)
4. Not having to wait for the carrier or oem mfg to release an update before we can have a current version of Android.
Call it a Brick-n-Return Protest
mburris said:
Maybe if more people softbricked and returned phones that have locked down bootloaders, oems and carriers might finally realize that when someone buys a piece of technology, they own it, and would like to use it as such.
That includes:
1. Not having some POS skin on top of stock android (Blur)
2. Not being locked into paying twice for the data we already pay for (tethering)
3. Not being allowed to easily install non-market apps that we develop without jumping through hoops (slide loading)
4. Not having to wait for the carrier or oem mfg to release an update before we can have a current version of Android.
Call it a Brick-n-Return Protest
Click to expand...
Click to collapse
LOL, that would surely cause some grief over at at&t, and a good laugh.
They would probably start leasing the phones so you can't say you own them.
Closed by OP request as this is an informational thread stating results of testing.
EDIT: Let's let the dev's have their fun without a bunch of newbs poking in on them. Sorry, devs.
Probably don't want this info to get out to the entire Internets anyways.
CZ Eddie said:
Hmmm..........
http://forum.xda-developers.com/showthread.php?p=51983540
No, you don't have root/unlock for ATT S5.
But...... hmmmm...
**** DO NOT POST IN THAT THREAD. IT IS A DEVELOPERS-ONLY THREAD. DON'T BE A DORK AND POST IN IT.
Click to expand...
Click to collapse
Pretty exciting. I am not a dev. so I dont really know how to distinguish between what exactly is going on, but a little progress and excitement is always good for the community. Not to mention the respect and bounty these devs will get once something major actually does happen.
EDIT: Let's let the dev's have their fun without a bunch of newbs poking in on them. Sorry, devs.
Probably don't want this info to get out to the entire Internets anyways.
CZ Eddie said:
Basically, evilpotatoman located a much-wanted Qualcomm tool that could possibly lead to finally unlocking the bootloader of S4, S5 and Note 3 (and others). *Possibly being the key word.
At the moment it's still not possible, but the tool apparently gives them a huge leap forward in development towards this goal.
They've been looking for something like this for a few years now I believe.
I'm not a dev, don't pretend to be one. The extent of my "development" is writing a few scripts. lol. So remember that I may be misunderstanding some things here. :good:
There are a bunch of files attached to the thread.
But none of us should bother downloading them because you have to be an ultra-dev to know how to use them.
Click to expand...
Click to collapse
My understanding i that this is the SDK for the SoC on the S5 and other phones. It includes a qualcomm dev signing cert but I'm almost 100% certain that no production phone from AT&T will accept BL's signed by the qc dev cert (or someone would have used it to sign one of the unlocked BL's by now plus if that were the case my guess is qc would be freaking out and sending takedown notices by now). So basically if Samsung or AT&T were to provide the signing key or somehow we were to brute force it(very unlikely) we would now be able to easily sign packages for the phone. So while helpful, without the signing keys it doesn't really do anything except provide more insight into how the whole secure boot process works.
http://forum.xda-developers.com/showthread.php?t=2692167&page=11
cciechad said:
My understanding i that this is the SDK for the SoC on the S5 and other phones. It includes a qualcomm dev signing cert but I'm almost 100% certain that no production phone from AT&T will accept BL's signed by the qc dev cert (or someone would have used it to sign one of the unlocked BL's by now plus if that were the case my guess is qc would be freaking out and sending takedown notices by now). So basically if Samsung or AT&T were to provide the signing key or somehow we were to brute force it(very unlikely) we would now be able to easily sign packages for the phone. So while helpful, without the signing keys it doesn't really do anything except provide more insight into how the whole secure boot process works.
Click to expand...
Click to collapse
Qc sent the takedown notice...dun dun duuunnn
Sent from my SAMSUNG-SM-G900A using Tapatalk
CyboLabs is Proud to present
Open Bump!
What is Open Bump?
Open Bump is a recreation of the closed source Bump project run by Codefire.
It will allow you to "sign" your boot images in the same way that Codefire does it, only you don't need an internet connection.
Click to expand...
Click to collapse
What Open Bump is NOT
lets get the obvious out the way. It won't axe murder you.
It is not a direct reverse engineer of Codefire's implementation. I found the key and iv on my own
The magic bytes were taken from Codefire's method however. If anyone has insight has to how they were found, please shout up.
It does NOT take your private data so you can use it. Tin hatters feel free to double check
Click to expand...
Click to collapse
How did I find this out
I had a general idea of what to look for, having heard that the exploit is related uicc, and is signed with a cipher.
Dropping the aboot image in to Ghex led me to finding a reference to "uiccsecurity". Using the bytes around this, I found a repeat of 32 bytes, which was followed by 16 bytes which formed something that resembled "SecureWallpaper".
As you can probably guess, this was mainly trail and error backed by common sense and logical thinking.
you can programmatically find these values with the python script:
Python:
aboot_name = './aboot.img'
aboot = open(aboot_name, 'rb').read()
key_end = aboot.index('uicc')
key_start = key_end - 32
key = aboot[key_start:key_end]
sec_key_start = aboot.index(key, key_end)
iv_start = sec_key_start + 32
iv_end = iv_start + 16
iv = aboot[iv_start:iv_end]
deciphering some already generated "signatures" proved that these were the key and iv used for "signing" the images.
Click to expand...
Click to collapse
What is coming next?
Inspecting the signatures that were originally uploaded and the ones that people can generate now, I found only one pattern.
The only similarities were the first 16 bytes of each "signature". I believe that only the magic number is needed, and none of the garbage that follows. This has been confirmed by the LG G3 dev from CyanogenMod, Invisiblek Done
Click to expand...
Click to collapse
How to use it?
I don't know how well this will run on anything other than linux, so for now.. I won't talk about it.
First, ensure you are using python2
then run the script
Code:
python2 open_bump.py "/path/to/boot.img"
flash the output, and enjoy
Click to expand...
Click to collapse
Thanks to:
Obviously, this wouldn't have been possible without Codefire since I wouldn't have known where to look, or that it was exploitable. And it was them that found the magic key.
Big thank you to @pulser_g2, who offered invaluable input on cryptography
Big thank you to @invisiblek, who I mercilessly kanged the main part of the image padding script from
note:
The original part of finding this information out was done on my own with guidance from pulser. The final results of this are posted above.
XDA:DevDB Information
Open_Bump, Tool/Utility for the LG G2
Contributors
cybojenix
Source Code: https://github.com/CyboLabs/Open_Bump
Version Information
Status: Beta
Created 2014-11-23
Last Updated 2014-11-23
Thanks, thats great news to have an open source tool here!
Do you see any chance that this could be integrated into CWM/TWRP so that the recovery rom could bump the boot/recovery images before flashing?
Because the boot/recovery.img has to be extracted from the ROM-zip before flashing, bumping it here would make sure that the phone can boot the image even with the newer bootloader.
This would be great for rom-devs since they don't have to change anything and it would even bump roms that are not maintained anymore.
g4rb4g3 said:
Thanks, thats great news to have an open source tool here!
Do you see any chance that this could be integrated into CWM/TWRP so that the recovery rom could bump the boot/recovery images before flashing?
Because the boot/recovery.img has to be extracted from the ROM-zip before flashing, bumping it here would make sure that the phone can boot the image even with the newer bootloader.
This would be great for rom-devs since they don't have to change anything and it would even bump roms that are not maintained anymore.
Click to expand...
Click to collapse
simple answer, this can be added to the build step really easily. See this commit
edit:
of course it may be useful to make a c program to do this.... I shall think on it.
Propably stupid question but i ll give a shot. Since we have the magic key we cant just skip the bump stuff totally? As i can understand, i dont wait official developer team join the bump train, thats why the damn development of the device is really back while the hardware is more than capable.
**To the OP i wish i could give you a thousand likes sir!
After getting the bootloader may be open G3؟؟
Why not use the original Bump?
Quote:
Codefire has been extremely vague about their method, obviously to prevent someone else replicating their results.
They are also storing people's data unnecessarily, and even adding some information relating to the user in to the "signature", possibly for tracking purposes.
As a result of it being an external service, many reputable teams (which won't be named unless they want to be) have said they will not use it, and would rather wait till LG releases the official unlock method.
Finally, Codefire have said the sha1sum of the boot image is required. Whether they knew or not, it is NOT required, and I will be changing this tool to compensate for that.
Click to expand...
Click to collapse
Happy you found a new exploit for us builders and devs, just feel like you kinda disrespected codefire team by accusing them of things before actually talking to them, seems a bit counter productive, this may piss them off and next device you can kiss new exploits by them good-bye,
just my 2 cents on the matter,
i'd remove the line...
in any case thank you very much, i will add it to my build script
---------- Post added at 08:34 PM ---------- Previous post was at 08:29 PM ----------
nikosblade said:
Propably stupid question but i ll give a shot. Since we have the magic key we cant just skip the bump stuff totally? As i can understand, i dont wait official developer team join the bump train, thats why the damn development of the device is really back while the hardware is more than capable.
**To the OP i wish i could give you a thousand likes sir!
Click to expand...
Click to collapse
"Bump stuff" has nothing to do with users, the devs and builders do the "bumping", and development of the G series has nothing to do with bumping, it just takes time to bring everything up
Good job cybojenix. (moderator edit: watch your language please)
Way to ruin a good thing.
I'm done with Android now. You can do it all now - since you obviously know better than me and everyone else.
I don't appreciate people trying to blackmail me - EnderBlue and Cybo both.
Don't believe me? http://hastebin.com/gulumezawi.txt
Good job guys. Way to ruin unlocks for all future LG phones.
If I *EVER* decide to come back, I will not be releasing anything as free or open source. You've sullied my impression of the open source community. Anything I do will be private releases from now on.
LG hadn't patched Bump, and they were going to leave it alone for us as long as we kept it as a service.
Well, looks like that's over and done with.
Bump included a hash of the image that you uploaded and a hash of your developer ID, and some random junk bytes. That's all. It's exactly what we said it was doing.
Well, hey, now you're free to take over and write roots and unlocks for all LG phones since you obviously have the talent to do so.
Let's be honest though, without my team's hard work that you stole, you wouldn't have been able to do any of this.
But you knew that, you're just a bottom feeder.
I don't get angry often at all- but congrats! You've succeeded in making me mad! Achievement unlocked!
I'm done. Your turn.
EDIT: Also, you know you can't open source your project either considering it contains 'stolen' LG crypto keys. https://github.com/CyboLabs/Open_Bump/issues/1
Have fun with that one.
thecubed said:
Good job cybojenix. (moderator edit: watch your language please)
Way to ruin a good thing.
I'm done with Android now. You can do it all now - since you obviously know better than me and everyone else.
I don't appreciate people trying to blackmail me - EnderBlue and Cybo both.
Don't believe me? http://hastebin.com/gulumezawi.txt
Good job guys. Way to ruin unlocks for all future LG phones.
If I *EVER* decide to come back, I will not be releasing anything as free or open source. You've sullied my impression of the open source community. Anything I do will be private releases from now on.
LG hadn't patched Bump, and they were going to leave it alone for us as long as we kept it as a service.
Well, looks like that's over and done with.
Bump included a hash of the image that you uploaded and a hash of your developer ID, and some random junk bytes. That's all. It's exactly what we said it was doing.
Well, hey, now you're free to take over and write roots and unlocks for all LG phones since you obviously have the talent to do so.
Let's be honest though, without my team's hard work that you stole, you wouldn't have been able to do any of this.
But you knew that, you're just a bottom feeder.
I don't get angry often at all- but congrats! You've succeeded in making me mad! Achievement unlocked!
I'm done. Your turn.
EDIT: Also, you know you can't open source your project either considering it contains 'stolen' LG crypto keys. https://github.com/CyboLabs/Open_Bump/issues/1
Have fun with that one.
Click to expand...
Click to collapse
First off, I didn't black mail. I gave your team notice about open sourcing it after reverse engineering the LG bootloader, not your "signatures".
It's your choice if you want to leave Android. Pinning the blame on me is somewhat childish though.
LG not patching Bump? That's a ludicrous statement, and even if it's true, it's good that this script got released. That way they know it should be patched, since having it a service clearly makes all the difference to them.
The hardest part of your teams work was getting the keys. If you know where to look, then it's easy enough to get engineering builds which I suspect contain the master magic bytes which you released.
I'm honestly shocked at your reaction though. I gave your team all the credit and stated which parts I did myself. The part about the service, and the deception was justified.
You tried to obscure something which by logic can't be obscured. That's how so many people realised they can just append the bytes to the image.
So which one would you rather have, LG not patching the exploit (as you so claim), and having an unknown number of people in china running around flashing custom boot images, or have everyone know how to do it to force LG to recheck their security measures.
What I did may not have been fantastic for the community, but what you did was insanely dangerous for the 90% of LG users.
All you did was make it so LG locks down the bootloader. And really 90% of users??? There probably isn't even 3 percent of the LG base on this website. All you did was screw everybody else over so you could have YOUR OFFICIAL CM.
As well people saying you didn't do enough and are still using there signing key as well as attacking it as well.
Way to think about yourself. You didn't care about the 90% or you wouldn't have done this.
I personally hope LG locks down the bootloader now. Go the way Samsung did and put an efuse on it and prevent downgrading. Hopefully all this happens with lollipop so you can screw over the rest of the LG crowd.
cybojenix said:
it's good that this script got released. That way they know it should be patched, since having it a service clearly makes all the difference to them.
Click to expand...
Click to collapse
"Hey let's potentially close all future LG unlocks and thus the chance to use CyanogenMod on future LG devices then. Just so I can get the current CM builds to say 'Official' and get a big pat on the back from the CM dudes who probably don't care about me too much."
Is that what went through your mind? That instant gratification and ignorance really shows who you are because that's exactly what I see from this OP of yours. Enjoy your 15 minutes of fame. You probably just killed a chance for years of it.
savoca said:
"Hey let's potentially close all future LG unlocks and thus the chance to use CyanogenMod on future LG devices then. Just so I can get the current CM builds to say 'Official' and get a big pat on the back from the CM dudes who probably don't care about me too much."
Is that what went through your mind? That instant gratification and ignorance really shows who you are because that's exactly what I see from this OP of yours. Enjoy your 15 minutes of fame. You probably just killed a chance for years of it.
Click to expand...
Click to collapse
Yes, because I've been such a massive supporter of cm. (sarcasm in case you didn't realise).
I started reverse engineering the bootloader for research purposes. If it was more complex than what I have said above, then I probably wouldn't have done this thread.
If it weren't for the fact that the magic stays the same across all signatures, then I also wouldn't have done this thread.
The response I got from them when I contacted them before releasing this was pretty much one of lack of care. So I went ahead and posted it.
I couldn't care less about fame. In fact there isn't really a lot I do care about, but I won't have the community alienated in to thinking the codefire service was such a great thing.
And once again, I refuse to take the blame for their team leaving Android.
whoppe862005 said:
All you did was make it so LG locks down the bootloader. And really 90% of users??? There probably isn't even 3 percent of the LG base on this website. All you did was screw everybody else over so you could have YOUR OFFICIAL CM.
As well people saying you didn't do enough and are still using there signing key as well as attacking it as well.
Way to think about yourself. You didn't care about the 90% or you wouldn't have done this.
I personally hope LG locks down the bootloader now. Go the way Samsung did and put an efuse on it and prevent downgrading. Hopefully all this happens with lollipop so you can screw over the rest of the LG crowd.
Click to expand...
Click to collapse
See my other post, I don't care about cm.
Fair enough, 3% are here, so this benefits the security of 97% of lg uses, if the claim that lg was alright with it running s a service is true.
Either way, I did nothing wrong
cybojenix said:
I couldn't care less about fame. In fact there isn't really a lot I do care about, but I won't have the community alienated in to thinking the codefire service was such a great thing.
Click to expand...
Click to collapse
So you only care about ruining good things, and other people's work?
Lol sorry I think I'm done with you. By cybo
savoca said:
So you only care about ruining good things, and other people's work?
Lol sorry I think I'm done with you. By cybo
Click to expand...
Click to collapse
Tbh I thought it would have been clear by now what I care about. Then again I may have been wrong about considering you one of the smart android people.
I care about learning and sharing knowledge. Which is precisely what this thread did.
cybojenix said:
See my other post, I don't care about cm.
Fair enough, 3% are here, so this benefits the security of 97% of lg uses, if the claim that lg was alright with it running s a service is true.
Either way, I did nothing wrong
Click to expand...
Click to collapse
I saw your PM to autoprime in IRC, it was "I am going to post what I found or you do, either way its going there", it wasn't lack of care, it was that you just stated a fact and left, it was a very rude unthoughtful thing to do, also don't try to BS everyone with your research, you and about 100 other people found the "magic keys", the problem is those "magic keys" were placed there by team codefire, you didn't find them, you found that they were using the key and copied their work, anything else you say is a lie, at least the other 99 people who found this had the basic respect to not post it unless the original team allowed it.
There was no reason to post this, their site was working fine, and if you used the API there was no problem of tracking since it just uses a UID to identify to the server.
at least admit you were wrong and say you are sorry, they won't fix anything but will gain you a minimum amount of respect
sooti said:
I saw your PM to autoprime in IRC, it was "I am going to post what I found or you do, either way its going there", it wasn't lack of care, it was that you just stated a fact and left, it was a very rude unthoughtful thing to do, also don't try to BS everyone with your research, you and about 100 other people found the "magic keys", the problem is those "magic keys" were placed there by team codefire, you didn't find them, you found that they were using the key and copied their work, anything else you say is a lie, at least the other 99 people who found this had the basic respect to not post it unless the original team allowed it.
There was no reason to post this, their site was working fine, and if you used the API there was no problem of tracking since it just uses a UID to identify to the server.
at least admit you were wrong and say you are sorry, they won't fix anything but will gain you a minimum amount of respect
Click to expand...
Click to collapse
Wrong, I stated that I was going to open source it, meaning the work of put in to getting the key and how it's used to get the original magic.
It was after that that I realised the final magic is the only thing needed. I actually worked out how to get the magic key a few hours ago, but since I don't have the right images, it won't be globally usable.
Fair enough, I apologise for pointing out the flaws in codefires service, and that they took it badly.
cybojenix said:
See my other post, I don't care about cm.
Fair enough, 3% are here, so this benefits the security of 97% of lg uses, if the claim that lg was alright with it running s a service is true.
Either way, I did nothing wrong
Click to expand...
Click to collapse
OK. If you did nothing wrong please do explain this
Enderblue-"well, would you be willing to open source it so we can have a official cm support?"
IoMonster-"so it would make storm already worse then what it is now? *paraphrasing for language
IoMonster-"no"
Seems like be said he didn't want it open source but you still went ahead any way.
http://hastebin.com/gulumezawi.txt
And then you saying your going to push it for vs985 even after he said no.
I don't know who Enderblue is, and I'm not affiliated with him..
whoppe862005 said:
OK. If you did nothing wrong please do explain this
Enderblue-"well, would you be willing to open source it so we can have a official cm support?"
IoMonster-"so it would make storm already worse then what it is now? *paraphrasing for language
IoMonster-"no"
Seems like be said he didn't want it open source but you still went ahead any way.
http://hastebin.com/gulumezawi.txt
And then you saying your going to push it for vs985 even after he said no.
Click to expand...
Click to collapse
cybojenix said:
I don't know who Enderblue is, and I'm not affiliated with him..
Click to expand...
Click to collapse
It isn't like it matters if you are or not. It says right in the chat he doesn't want it open sourced. I'm sure about 99% of the people on here have seen that already and I'm pretty sure you have seen it as well.
It states right in the chat he didn't want it open sourced.
whoppe862005 said:
It isn't like it matters if you are or not. It says right in the chat he doesn't want it open sourced. I'm sure about 99% of the people on here have seen that already and I'm pretty sure you have seen it as well.
It states right in the chat he didn't want it open sourced.
Click to expand...
Click to collapse
but the chat wasn't with me, so your point is null
autoprime had ample opportunity to say "don't do it yet", or "go talk to IO". but no, no objections were made.
Codefire treated the service like any other company would treat their unlocking service, so I treated them like a company and showed how it was done.
Alright, so we now have root (somewhat), but now, we yearn for BL unlock. I've been investigating, but I've come up short. I'm in no way a developer (other than some basic HTML/CSS knowledge), so maybe the community can brainstorm and churn out ideas. If you have 'em, let 'em rip! :good:
EDIT: Ok, yes, I realize that I 'dun goofed. There are multiple threads about this and I made a mistake between root and WP. I know maiko1 has worked hard on getting us root, and I and everyone else appreciates it. My apologies for disturbing the peace.
jake7405 said:
Alright, so we now have root (somewhat), but now, we yearn for BL unlock. I've been investigating, but I've come up short. I'm in no way a developer (other than some basic HTML/CSS knowledge), so maybe the community can brainstorm and churn out ideas. If you have 'em, let 'em rip! :good:
Click to expand...
Click to collapse
http://forum.xda-developers.com/droid-turbo/general/bounty-disable-write-protection-unlock-t3067615
There are already multiple threads on this topic you are bringing up. Also what u have is root....there is no somewhat or in between. If you dont understand what moforoot does for the turbo then you shouldnt be tweaking your device in the first place.
I think the way is have a moto maxx and droid turbo together and study what changes with unlocking in maxx
the_rooter said:
http://forum.xda-developers.com/droid-turbo/general/bounty-disable-write-protection-unlock-t3067615
There are already multiple threads on this topic you are bringing up. Also what u have is root....there is no somewhat or in between. If you dont understand what moforoot does for the turbo then you shouldnt be tweaking your device in the first place.
Click to expand...
Click to collapse
Right, but that's a bounty thread. This isn't, I must made this for general brainstorming and idea sharing. Also I only called it somewhat root because of write protection, but I get what you mean. Sorry if I'm bringing up an already discussed topic, but I know everyone is yearning for some kind of unlock, and I figure that discussion and brainstorm is good to help keep the idea moving forward.
what gets me, and no offense to anyone, but those with the skills and knowledge to do this do not brainstorm said ideas on xda, but in other resources and areas or in idfferent areas of xda. Too many people who have no idea what they are doing would hinder the process of accomplishing the goal. while i think this threads are a good thing in a way, they are really useless because the ones with the knowledge do not really come here and discuss the insanely complicated procedure of what must be done in order to accomplish things.
Here is another thread with the same idea called Droid Turbo Think Tank.
Nearly every person I've come into contact with has said it is possible to unlock the bootloader so that gives hope. But just don't expect it soon.
jake7405 said:
Alright, so we now have root (somewhat), but now, we yearn for BL unlock. I've been investigating, but I've come up short. I'm in no way a developer (other than some basic HTML/CSS knowledge), so maybe the community can brainstorm and churn out ideas. If you have 'em, let 'em rip! :good:
Click to expand...
Click to collapse
When will this issue die? Root ACCESS, and write protection are NOT the same thing. Totally independent of each other. Everyone assuming that they are the same thing is starting to get ridiculous it has been explained here multiple times.
renegadeone8 said:
When will this issue die? Root ACCESS, and write protection are NOT the same thing. Totally independent of each other. Everyone assuming that they are the same thing is starting to get ridiculous it has been explained here multiple times.
Click to expand...
Click to collapse
Can you explain this difference? I now understand they are different. I previously thought root was defined by having read write and execute permissions everywhere (including to the system)
Clearly I'm not right. But maybe you could explain that to me
Diego1751 said:
Can you explain this difference? I now understand they are different. I previously thought root was defined by having read write and execute permissions everywhere (including to the system)
Clearly I'm not right. But maybe you could explain that to me
Click to expand...
Click to collapse
I may be wrong. That said, how I see it and how wiki answers:
Rooting "is the process of allowing users...running the Android mobile operating system to attain privileged control (known as "root access") over various Android's subsystems."
Privileged control "is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user"
So by that, we have root. We (really maiko1) have exploited a bug that has given us elevated access to the system partition which is normally protected from us, the user.
Write protection is literally what it is. Protection from unauthorized code to be written.
I look at it as, we have root. A (seemingly large portion) of people had the same definition of Root as you, so those people are all upset merely because they started from an incorrect assumption of what they want. (Write access)
So say every birthday (phone) you have, Im going to get you a cake (Root) And every birthday that cake comes out and all your friends (Write access) surround you to celebrate. Well I never said I was bringing your friends, I just said cake. Then one year no friends come and all you have is cake. Now youre saying this isnt cake, where are my friends.. And my response is, no no no, I said I was giving you cake. Heres your cake, Its not my fault you assumed the friends always came with the cake.
Diego1751 said:
Can you explain this difference? I now understand they are different. I previously thought root was defined by having read write and execute permissions everywhere (including to the system)
Clearly I'm not right. But maybe you could explain that to me
Click to expand...
Click to collapse
Basic Analogy: Compare Android to Windows for a second. Pretend that Microsoft removed the Administrator account, so nobody could use it, and they set up write-protection on C:\ and restricted your write abilities to C:\Users\YourUserName. So someone (maiko1) comes along and finds a way to re-enable the Administrator account, and you can use it, but due to write protection, you can only write to anywhere in C:\Users. Make sense?
r3pwn said:
Basic Analogy: Compare Android to Windows for a second. Pretend that Microsoft removed the Administrator account, so nobody could use it, and they set up write-protection on C:\ and restricted your write abilities to C:\Users\YourUserName. So someone (maiko1) comes along and finds a way to re-enable the Administrator account, and you can use it, but due to write protection, you can only write to anywhere in C:\Users. Make sense?
Click to expand...
Click to collapse
ntxct said:
I may be wrong. That said, how I see it and how wiki answers:
Rooting "is the process of allowing users...running the Android mobile operating system to attain privileged control (known as "root access") over various Android's subsystems."
Privileged control "is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user"
So by that, we have root. We (really maiko1) have exploited a bug that has given us elevated access to the system partition which is normally protected from us, the user.
Write protection is literally what it is. Protection from unauthorized code to be written.
I look at it as, we have root. A (seemingly large portion) of people had the same definition of Root as you, so those people are all upset merely because they started from an incorrect assumption of what they want. (Write access)
So say every birthday (phone) you have, Im going to get you a cake (Root) And every birthday that cake comes out and all your friends (Write access) surround you to celebrate. Well I never said I was bringing your friends, I just said cake. Then one year no friends come and all you have is cake. Now youre saying this isnt cake, where are my friends.. And my response is, no no no, I said I was giving you cake. Heres your cake, Its not my fault you assumed the friends always came with the cake.
Click to expand...
Click to collapse
thanks for the explanation guys. I completely understand that root and write protection are different things. I USED to think this when Mofo was released it was the first root I had to pay for and I was also curious about this write protection thing because I had thought (when others explained root to me back when I was a noob) that root was defined by advanced control to the system (which it sounds like it is but this is a VERY loose definition) including read/write/exc acceses to the system and subsystems. after reading for a while to learn the difference I happily bought mofo (partly assuming more dev work will maybe unlock bl or wp) But now people in this thread (and many others) now know
Can we stick to one thread!
My girlfriend forgot the pattern to her note 8. I had bought it for her barely two days before this. She's not at all tech savvy. Thinking she would fix before i found out, (I may occasionally poke fun at her forgetfulness), she googled the problem and was advised to do a factory reset. After the reset of course the frp kicked in. It would be a cake walk except her fogetfullness also kicked in. We've practically begged google to grant her access to her account again to no avail.
I've been working on bypassing it. I've done this for her a couple times in the past actually with other types of phones with success. You all are probably aware Samsung is a whole different ballgame. After a week this is what I know, or at least what I'm fairly sure is accurate from all the reading I've done.
1. The firmware is N950U1UES8DTF2.
2. I need usb debugging enabled to have a hope.
3. There currently is no combo file for this bootloader version.
4. There may be an option with an eng boot file flashed onto the phone?
Anyone know more about this and perhaps where I could download it or even how to make one. I've tried a couple different softwares that claim entering the ap from stock firmware will create the adb enable file. The two i tried this with however, did nothing when i flashed the resulting file with odin.
I'll take any advice anyone has. Maybe there's another route to enable usb debugging that I haven't explored? Hopefully there's something out there as I'm not a man of great means and two hundred and fifty is a great lot to lose on a phone.
Thanks in advance.
Pattern is easy removed with wipe data in stock recovery
jadams7256 said:
My girlfriend forgot the pattern to her note 8. I had bought it for her barely two days before this. She's not at all tech savvy. Thinking she would fix before i found out, (I may occasionally poke fun at her forgetfulness), she googled the problem and was advised to do a factory reset. After the reset of course the frp kicked in. It would be a cake walk except her fogetfullness also kicked in. We've practically begged google to grant her access to her account again to no avail.
I've been working on bypassing it. I've done this for her a couple times in the past actually with other types of phones with success. You all are probably aware Samsung is a whole different ballgame. After a week this is what I know, or at least what I'm fairly sure is accurate from all the reading I've done.
1. The firmware is N950U1UES8DTF2.
2. I need usb debugging enabled to have a hope.
3. There currently is no combo file for this bootloader version.
4. There may be an option with an eng boot file flashed onto the phone?
Anyone know more about this and perhaps where I could download it or even how to make one. I've tried a couple different softwares that claim entering the ap from stock firmware will create the adb enable file. The two i tried this with however, did nothing when i flashed the resulting file with odin.
I'll take any advice anyone has. Maybe there's another route to enable usb debugging that I haven't explored? Hopefully there's something out there as I'm not a man of great means and two hundred and fifty is a great lot to lose on a phone.
Thanks in advance.
Click to expand...
Click to collapse
Unfortunately you're going to have to figure this out for yourself because we do not help people and guide them on how to defeat the FRP and other protections.. You're basically saying she forgot her pattern and then after factory resetting it you're saying she forgot her password to?! That just doesn't sound right and there's a reason why Google refused to help you.. If it really is your phone you can take it to your cellphone carrier or Samsung and they'll fix it.
MrMike2182 said:
Unfortunately you're going to have to figure this out for yourself because we do not help people and guide them on how to defeat the FRP and other protections.. You're basically saying she forgot her pattern and then after factory resetting it you're saying she forgot her password to?! That just doesn't sound right and there's a reason why Google refused to help you.. If it really is your phone you can take it to your cellphone carrier or Samsung and they'll fix it.
Click to expand...
Click to collapse
And figure it out I shall. For your information there are people with a tendency to forget quite a bit. Its hard for her but she makes up for anything she lacks not being a judgemental, small minded ass. Maybe try applying some common sense next time you're plotting out a withering retort genius. Its a carrier unlocked, as some of the more knowledgeable members can most likely glean from the firmware. Bought from ebay to use with her service. What do carriers say when you ask for their support with a handset not purchased from them and therefore not covered under warranty by their company? Yeah. And I guess youve never forgotten a google password and had to deal with their **** or you would have hesitated before letting that drivel roll from your tongue. I lost an email address there permanently once that was quite clearly 'mine'. They just wouldnt allow me access again because i forgot to change my recovery number when I changed my phone carrier.
Now despite your quite clear insinuations the phone is most definitely mine. The situation is just as described. And I guess what I really should have asked for is a question and answer type group comprised of individuals intelligent enough to know that in the case where frp keeps someone from using their own property on account of the fading memory of a loved a one, there must exist a way to continue using said property.
I hope you aren't representative of all your peers that are members here. I hope children make less assumptions in their judgement of others.
jadams7256 said:
And figure it out I shall. For your information there are people with a tendency to forget quite a bit. Its hard for her but she makes up for anything she lacks not being a judgemental, small minded ass. Maybe try applying some common sense next time you're plotting out a withering retort genius. Its a carrier unlocked, as some of the more knowledgeable members can most likely glean from the firmware. Bought from ebay to use with her service. What do carriers say when you ask for their support with a handset not purchased from them and therefore not covered under warranty by their company? Yeah. And I guess youve never forgotten a google password and had to deal with their **** or you would have hesitated before letting that drivel roll from your tongue. I lost an email address there permanently once that was quite clearly 'mine'. They just wouldnt allow me access again because i forgot to change my recovery number when I changed my phone carrier.
Now despite your quite clear insinuations the phone is most definitely mine. The situation is just as described. And I guess what I really should have asked for is a question and answer type group comprised of individuals intelligent enough to know that in the case where frp keeps someone from using their own property on account of the fading memory of a loved a one, there must exist a way to continue using said property.
I hope you aren't representative of all your peers that are members here. I hope children make less assumptions in their judgement of others.
Click to expand...
Click to collapse
Let's see if anyone helps you then! With your attitude and name calling I can see I made the right choice and everyone else is going to see your attitude too and they're not going to want to help you. Being a little 6 year old name caller and crybaby isn't going to persuade anyone to help you. If you're too dim to understand that the FRP is there to protect stolen phones, and you're too dim to see that it seems suspicious when you say she forgot the pattern and then forgot the password right afterwards that's your problem!
jadams7256 said:
And figure it out I shall. For your information there are people with a tendency to forget quite a bit. Its hard for her but she makes up for anything she lacks not being a judgemental, small minded ass. Maybe try applying some common sense next time you're plotting out a withering retort genius. Its a carrier unlocked, as some of the more knowledgeable members can most likely glean from the firmware. Bought from ebay to use with her service. What do carriers say when you ask for their support with a handset not purchased from them and therefore not covered under warranty by their company? Yeah. And I guess youve never forgotten a google password and had to deal with their **** or you would have hesitated before letting that drivel roll from your tongue. I lost an email address there permanently once that was quite clearly 'mine'. They just wouldnt allow me access again because i forgot to change my recovery number when I changed my phone carrier.
Now despite your quite clear insinuations the phone is most definitely mine. The situation is just as described. And I guess what I really should have asked for is a question and answer type group comprised of individuals intelligent enough to know that in the case where frp keeps someone from using their own property on account of the fading memory of a loved a one, there must exist a way to continue using said property.
I hope you aren't representative of all your peers that are members here. I hope children make less assumptions in their judgement of others.
Click to expand...
Click to collapse
As Stated before we will not help you to bypass the FRP Protection!
There is no way to prove what you say is the truth or total LIE!
You are the one that needs common sense! Ask yourself this, if my phone was stolen would you want someone to come to site like xda and ask for a work around FRP on your phone without giving proof and giving some sob story?
Wow! 2 posts and hes already bold enough to lash out. Sounds like a little spoiled petulant kid. Take your attitude elsewhere little child....