Signature Checks on Boot - Atrix 4G Android Development

Just so everyone is aware, the kernel and the recovery partition signatures are checked on each boot, changing those will leave you with a brick, until we have proper firmware to recovery with.
I found out the hard way.
On my second Atrix now.

Casualty of war

Taking one for the team

Well that sucks..
any free partitions that we can "steal"? and basically pull a haret where it loads partially from legit bootloader and kernel, then shuffles off to a different partition we CAN write for the real kernel, unloads all that other stuff and then launches the new kernel partiion we've modified?

designgears said:
Just so everyone is aware, the kernel and the recovery partition signatures are checked on each boot, changing those will leave you with a brick, until we have proper firmware to recovery with.
I found out the hard way.
On my second Atrix now.
Click to expand...
Click to collapse
I guess that when we told you this, you just had to find out for yourself. The recovery should only be checked when you attempt to access it, but the kernel is checked on every boot. I hope you did not return to store as defective.

DG, thank you for putting yourself out there, and putting together roms along with the dev work.
Its nice to see some progress being done along side all the people on here saying what we shouldnt be doing/trying with our phones.

Athailias said:
DG, thank you for putting yourself out there, and putting together roms along with the dev work.
Its nice to see some progress being done along side all the people on here saying what we shouldnt be doing/trying with our phones.
Click to expand...
Click to collapse
Don't thank him for repeating something which had been confirmed.

jimmydafish said:
I guess that when we told you this, you just had to find out for yourself. The recovery should only be checked when you attempt to access it, but the kernel is checked on every boot. I hope you did not return to store as defective.
Click to expand...
Click to collapse
So you told me it was checked every boot (first bold), but it should only be checked when you access it (second bold)? Confused, on drugs or what?
I just found out the hard way for you, it's checked every boot accessed or not.
If you want to be elitist and not post up a FAQ about what you know (do you even have an atrix), please stop posting in here, you've done nothing but spout off what you know about other moto devices, it is clear they tightened things down a bit more.
jimmypopulous said:
Don't thank him for repeating something which had been confirmed.
Click to expand...
Click to collapse
everything you guys say, along with others says it SHOULD be checked when accessed, which means I should have been able to boot normally and fail when I boot recovery.
You guys keep saying its CONFIRMED, where is it documented for the atrix. Tests performed with document results as proof.

designgears said:
So you told me it was checked every boot (first bold), but it should only be checked when you access it (second bold)? Confused, on drugs or what?
I just found out the hard way for you, it's checked every boot accessed or not.
If you want to be elitist and not post up a FAQ about what you know (do you even have an atrix), please stop posting in here, you've done nothing but spout off what you know about other moto devices, it is clear they tightened things down a bit more.
everything you guys say, along with others says it SHOULD be checked when accessed, which means I should have been able to boot normally and fail when I boot recovery.
You guys keep saying its CONFIRMED, where is it documented for the atrix. Tests performed with document results as proof.
Click to expand...
Click to collapse
What is being elitist by my statement? That before you started playing with your shiny new toy, we advised that doing certain things with your phone without proper firmware to restore your phone, WOULD result in a "soft brick".
I do not have a motorola ATRIX, never said I did, but I can read the firmware pretty well. If your offended by my post I assume it is because offered up my standard line of "hope you did not return it as defective", because nothing else in that statement should lead you behave like a child.
Here how about this for a Facts, my rom was the first to safely remove Blur from the Droid series of phones safely, after reading the firmware from your phone, and your deodexed version of the firmware there are many portions you could remove safely.
If you have questions you could ask and get the answers, but as it stands right now, we are just trying to help you save yourselves. Many people will enter these forums, and while each person is responsible for their own device, they will try to follow what you have done and they too will soft brick their phone. I'm not sure of your ethical and moral makeup but too many people return their manipulated device to the provider as defective causing every to pay for their mistake.
I just hope you bought another Atrix outright and did not scam ATT/Motorola.

designgears said:
So you told me it was checked every boot (first bold), but it should only be checked when you access it (second bold)? Confused, on drugs or what?
I just found out the hard way for you, it's checked every boot accessed or not.
If you want to be elitist and not post up a FAQ about what you know (do you even have an atrix), please stop posting in here, you've done nothing but spout off what you know about other moto devices, it is clear they tightened things down a bit more.
everything you guys say, along with others says it SHOULD be checked when accessed, which means I should have been able to boot normally and fail when I boot recovery.
Click to expand...
Click to collapse
DesignGears,
Please don't let a claim-to-know-it-all self-righteous Prick like jimmydafish discourage your efforts.
As far as I'm concerned (and probably the majority of people who mash the refresh button on this subforum multiple times a day would agree) it's people like you (people who have actively contributed to the users here at XDA in the past (all your captivate work)), that make me feel lucky to own the same type of device that you and other dedicated devs like yourself own.
Its hard to imagine how someone who probably played a very small part on a team -- a team that, as far as I can tell, has never managed to actually produce any real results on the DX -- can know so much about a device he doesn't even own.
And if reading this post encourages members of any such team to get their panties in a wad and start talking about how they are not going to contribute here now, well then to that I say: good riddance. For every one small tip you may provide it seams like you offer two holier-than-thou-doughe-bag-comments that frankly this section of this forum could do without.
But again, thank you DesginGears and Devs like you

mburris said:
DesignGears,
Please don't let a claim-to-know-it-all self-righteous Prick like jimmydafish discourage your efforts.
As far as I'm concerned (and probably the majority of people who mash the refresh button on this subforum multiple times a day would agree) it's people like you (people who have actively contributed to the users here at XDA in the past (all your captivate work)), that make me feel lucky to own the same type of device that you and other dedicated devs like yourself own.
Its hard to imagine how someone who probably played a very small part on a team -- a team that, as far as I can tell, has never managed to actually produce any real results on the DX -- can know so much about a device he doesn't even own.
And if reading this post encourages members of any such team to get their panties in a wad and start talking about how they are not going to contribute here now, well then to that I say: good riddance. For every one small tip you may provide it seams like you offer two holier-than-thou-doughe-bag-comments that frankly this section of this forum could do without.
But again, thank you DesginGears and Devs like you
Click to expand...
Click to collapse
I can assure you I am not, glad to have support.
--
Jimmy, no hard feelins, sorry I wanted try something and learn from it, sorry you told me two opposing things in the same post(this is what I am *****ing about if you would read you would know that), sorry I act like a child, I guess calling it how I see it is childish. From all the PM's about you I just got and mburris reply, you have made my block list, have fun in there with rafy.

jimmydafish said:
I just hope you bought another Atrix outright and did not scam ATT/Motorola.
Click to expand...
Click to collapse
Maybe if more people softbricked and returned phones that have locked down bootloaders, oems and carriers might finally realize that when someone buys a piece of technology, they own it, and would like to use it as such.
That includes:
1. Not having some POS skin on top of stock android (Blur)
2. Not being locked into paying twice for the data we already pay for (tethering)
3. Not being allowed to easily install non-market apps that we develop without jumping through hoops (slide loading)
4. Not having to wait for the carrier or oem mfg to release an update before we can have a current version of Android.
Call it a Brick-n-Return Protest

mburris said:
Maybe if more people softbricked and returned phones that have locked down bootloaders, oems and carriers might finally realize that when someone buys a piece of technology, they own it, and would like to use it as such.
That includes:
1. Not having some POS skin on top of stock android (Blur)
2. Not being locked into paying twice for the data we already pay for (tethering)
3. Not being allowed to easily install non-market apps that we develop without jumping through hoops (slide loading)
4. Not having to wait for the carrier or oem mfg to release an update before we can have a current version of Android.
Call it a Brick-n-Return Protest
Click to expand...
Click to collapse
LOL, that would surely cause some grief over at at&t, and a good laugh.
They would probably start leasing the phones so you can't say you own them.

Closed by OP request as this is an informational thread stating results of testing.

Related

Steps to protect private info upon selling G1

Caveat: I am a noob and tried to search first but got too many conflicting threads which did not entirely apply to my phone as far as I could understand. Please no flaming if I am beating a dead horse. I swear the horse died before I started beating it.
You may have read my recent thread where I had asked about how to fix my g1 which was sold to me and the rom crashed leaving it "soft bricked".
Since it was taking so long and I got a good deal on it, I went ahead and bought the Samsung Galaxy S. While waiting for this phone to ship, I have fixed the G1 through the unlocker website's guide for one click rooting.
I started to begin the sign in process after re-rooting the phone with unlocker's generic mod but then thought better since my phone would sync.
My question is since I have gone through the unlocker website's process to re-root the phone, is there any personal info left on the phone that I should remove and how would I do that?
Would it be better, if by re-rooting the phone it wipes all info, to sell it as is?
Should I jail break it and sell it and therefore get more for it?
Should I keep the the sd card?
The phone is in good condition with only minor damage to the sides from dropping it, a screen protector and worked perfectly when I signed in on the original platform.img and I have two batteries for it; the double size and original and two backs and one protective case which I could not put on the larger backing of the larger battery which I should have looked harder for one to fit it eliminating the aesthetic scuffs on the side.
All advice is appreciated; thanks guys.
P.S. I will resist messing with the Samsung or at least backup more often b/c I lost a lot of buisness info when the G1 crashed. Although, I have already applied the GPS fix...it was on cnet for goodness sakes, how could I resist?
Just wipe and reflash any rom... No user data will be left...
Sent from my SGH-T959 using XDA App
junkdruggler said:
Just wipe and reflash any rom... No user data will be left...
Sent from my SGH-T959 using XDA App
Click to expand...
Click to collapse
NOT TRUE!!!!!
Wiping ***DOES NOT*** clear data!
In fact, wiping ONLY clears the FIRST 128 KB of the partition selected for wipe!
If you want to do a proper wipe, you should wipe (also called FORMAT) both the userdata and cache partitions from RECOVERY, mount them in their usual spots, and run "dd if=/dev/zero of=/data/zerofile; dd if=/dev/zero of=/cache/zerofile; sync; rm /data/zerofile /cache/zerofile -f". This line in quotes will write a ZERO to EVERY LOCATION within both the cache and userdata partitions, ensuring that the data is there but not visible, is obliterated.
Re poll question:
Jailbreak that mofo
-- can't break out of a jail that never existed. ANDROID DOES NOT USE CHROOT JAILS.
Keep it rooted, buyers like no assembly required
-- and idiots screw themselves up when they don't know what they're doing....
Vanillarize it/keep it stock; would you buy a toyota home modified into a racecar
-- the meaning of this option is partially indecypherable. I assume you mean "make it stock". Would you really, as a decent human being, lock the buyer out of accessing the device that they legitimately own and have the right to use as they wish?
Jailbreak it and keep it rooted because people like a little coke in their weed
-- again, you can't break out of a jail that does not exist and never has!
You forgot the option to install a stock ROM along with an ENGINEERING BOOTLOADER. If they don't know what they're doing, they won't as likely screw it up. If they DO know what they're doing, they'll be able to use it.
lbcoder said:
Re poll question:
Jailbreak that mofo
-- can't break out of a jail that never existed. ANDROID DOES NOT USE CHROOT JAILS.
Keep it rooted, buyers like no assembly required
-- and idiots screw themselves up when they don't know what they're doing....
Vanillarize it/keep it stock; would you buy a toyota home modified into a racecar
-- the meaning of this option is partially indecypherable. I assume you mean "make it stock". Would you really, as a decent human being, lock the buyer out of accessing the device that they legitimately own and have the right to use as they wish?
Jailbreak it and keep it rooted because people like a little coke in their weed
-- again, you can't break out of a jail that does not exist and never has!
You forgot the option to install a stock ROM along with an ENGINEERING BOOTLOADER. If they don't know what they're doing, they won't as likely screw it up. If they DO know what they're doing, they'll be able to use it.
Click to expand...
Click to collapse
No I don't mean lock them out. I mean installing the STOCK/OEM/INCLUDED IN EVERY BOX platform. I don't understand where you are getting this "lock them out" idea; your first post helpful; your second post a little asidic. Drop the Ph a little. Vanilla has a boring connotation like the stock software which is nothing fancy but nice and safe. Perhaps analogies, metaphors and a touch of misunderstood humor goes over your head. I would add some ad hominem speculation as to why you are speaking so but whatever you are irritated about allow me to quote the Beatles, "Let it be". I would want a little more use out of someone with 2000+ posts as a forum is only as good as its leaders.
dejavecu said:
I would want a little more use out of someone with 2000+ posts as a forum is only as good as its leaders.
Click to expand...
Click to collapse
Your poll is meaningless in the Android world. You talk about both "root" and "jailbreak" as if they are two different things. One doesn't mean anything. lbcoder was trying to help you understand the thing you're trying to sell.
Shrivel said:
Your poll is meaningless in the Android world. You talk about both "root" and "jailbreak" as if they are two different things. One doesn't mean anything. lbcoder was trying to help you understand the thing you're trying to sell.
Click to expand...
Click to collapse
Uggh, notice how I did not reply to his advice except for reverting it to stock and "locking" out the consumer; I found that "indecypherable" but that was much more an issue with tone than the advice itself. Maybe American technology slang is different or I am using it improperly. I don't know which so, to all, if jailbreak is meaningless to you then forget it and please just keep the thread to advice on what you would do. Thanks.
dejavecu said:
Uggh, notice how I did not reply to his advice except for reverting it to stock and "locking" out the consumer; I found that "indecypherable" but that was much more an issue with tone than the advice itself. Maybe American technology slang is different or I am using it improperly. I don't know which so, to all, if jailbreak is meaningless to you then forget it and please just keep the thread to advice on what you would do. Thanks.
Click to expand...
Click to collapse
Look, very simple:
IF you install the stock garbage that comes with the phone, then you ARE LOCKING THE PURCHASER OUT because it will then need to be HACKED to gain proper access.
Also: If YOU do not understand the meaning of certain terms, DO NOT USE THEM!
JAIL has NOTHING to do with ROOT.
JAIL is NOT USED on Android AT ALL.
http://en.wikipedia.org/wiki/Chroot

[TOOL][CyboLabs] Open Bump! Sign your boot images by yourself!

CyboLabs is Proud to present
Open Bump!​
What is Open Bump?
Open Bump is a recreation of the closed source Bump project run by Codefire.
It will allow you to "sign" your boot images in the same way that Codefire does it, only you don't need an internet connection.
Click to expand...
Click to collapse
What Open Bump is NOT
lets get the obvious out the way. It won't axe murder you.
It is not a direct reverse engineer of Codefire's implementation. I found the key and iv on my own
The magic bytes were taken from Codefire's method however. If anyone has insight has to how they were found, please shout up.
It does NOT take your private data so you can use it. Tin hatters feel free to double check
Click to expand...
Click to collapse
How did I find this out
I had a general idea of what to look for, having heard that the exploit is related uicc, and is signed with a cipher.
Dropping the aboot image in to Ghex led me to finding a reference to "uiccsecurity". Using the bytes around this, I found a repeat of 32 bytes, which was followed by 16 bytes which formed something that resembled "SecureWallpaper".
As you can probably guess, this was mainly trail and error backed by common sense and logical thinking.
you can programmatically find these values with the python script:
Python:
aboot_name = './aboot.img'
aboot = open(aboot_name, 'rb').read()
key_end = aboot.index('uicc')
key_start = key_end - 32
key = aboot[key_start:key_end]
sec_key_start = aboot.index(key, key_end)
iv_start = sec_key_start + 32
iv_end = iv_start + 16
iv = aboot[iv_start:iv_end]
deciphering some already generated "signatures" proved that these were the key and iv used for "signing" the images.
Click to expand...
Click to collapse
What is coming next?
Inspecting the signatures that were originally uploaded and the ones that people can generate now, I found only one pattern.
The only similarities were the first 16 bytes of each "signature". I believe that only the magic number is needed, and none of the garbage that follows. This has been confirmed by the LG G3 dev from CyanogenMod, Invisiblek Done
Click to expand...
Click to collapse
How to use it?
I don't know how well this will run on anything other than linux, so for now.. I won't talk about it.
First, ensure you are using python2
then run the script
Code:
python2 open_bump.py "/path/to/boot.img"
flash the output, and enjoy
Click to expand...
Click to collapse
Thanks to:
Obviously, this wouldn't have been possible without Codefire since I wouldn't have known where to look, or that it was exploitable. And it was them that found the magic key.
Big thank you to @pulser_g2, who offered invaluable input on cryptography
Big thank you to @invisiblek, who I mercilessly kanged the main part of the image padding script from
note:
The original part of finding this information out was done on my own with guidance from pulser. The final results of this are posted above.
XDA:DevDB Information
Open_Bump, Tool/Utility for the LG G2
Contributors
cybojenix
Source Code: https://github.com/CyboLabs/Open_Bump
Version Information
Status: Beta
Created 2014-11-23
Last Updated 2014-11-23
Thanks, thats great news to have an open source tool here!
Do you see any chance that this could be integrated into CWM/TWRP so that the recovery rom could bump the boot/recovery images before flashing?
Because the boot/recovery.img has to be extracted from the ROM-zip before flashing, bumping it here would make sure that the phone can boot the image even with the newer bootloader.
This would be great for rom-devs since they don't have to change anything and it would even bump roms that are not maintained anymore.
g4rb4g3 said:
Thanks, thats great news to have an open source tool here!
Do you see any chance that this could be integrated into CWM/TWRP so that the recovery rom could bump the boot/recovery images before flashing?
Because the boot/recovery.img has to be extracted from the ROM-zip before flashing, bumping it here would make sure that the phone can boot the image even with the newer bootloader.
This would be great for rom-devs since they don't have to change anything and it would even bump roms that are not maintained anymore.
Click to expand...
Click to collapse
simple answer, this can be added to the build step really easily. See this commit
edit:
of course it may be useful to make a c program to do this.... I shall think on it.
Propably stupid question but i ll give a shot. Since we have the magic key we cant just skip the bump stuff totally? As i can understand, i dont wait official developer team join the bump train, thats why the damn development of the device is really back while the hardware is more than capable.
**To the OP i wish i could give you a thousand likes sir!
After getting the bootloader may be open G3؟؟
Why not use the original Bump?
Quote:
Codefire has been extremely vague about their method, obviously to prevent someone else replicating their results.
They are also storing people's data unnecessarily, and even adding some information relating to the user in to the "signature", possibly for tracking purposes.
As a result of it being an external service, many reputable teams (which won't be named unless they want to be) have said they will not use it, and would rather wait till LG releases the official unlock method.
Finally, Codefire have said the sha1sum of the boot image is required. Whether they knew or not, it is NOT required, and I will be changing this tool to compensate for that.
Click to expand...
Click to collapse
Happy you found a new exploit for us builders and devs, just feel like you kinda disrespected codefire team by accusing them of things before actually talking to them, seems a bit counter productive, this may piss them off and next device you can kiss new exploits by them good-bye,
just my 2 cents on the matter,
i'd remove the line...
in any case thank you very much, i will add it to my build script
---------- Post added at 08:34 PM ---------- Previous post was at 08:29 PM ----------
nikosblade said:
Propably stupid question but i ll give a shot. Since we have the magic key we cant just skip the bump stuff totally? As i can understand, i dont wait official developer team join the bump train, thats why the damn development of the device is really back while the hardware is more than capable.
**To the OP i wish i could give you a thousand likes sir!
Click to expand...
Click to collapse
"Bump stuff" has nothing to do with users, the devs and builders do the "bumping", and development of the G series has nothing to do with bumping, it just takes time to bring everything up
Good job cybojenix. (moderator edit: watch your language please)
Way to ruin a good thing.
I'm done with Android now. You can do it all now - since you obviously know better than me and everyone else.
I don't appreciate people trying to blackmail me - EnderBlue and Cybo both.
Don't believe me? http://hastebin.com/gulumezawi.txt
Good job guys. Way to ruin unlocks for all future LG phones.
If I *EVER* decide to come back, I will not be releasing anything as free or open source. You've sullied my impression of the open source community. Anything I do will be private releases from now on.
LG hadn't patched Bump, and they were going to leave it alone for us as long as we kept it as a service.
Well, looks like that's over and done with.
Bump included a hash of the image that you uploaded and a hash of your developer ID, and some random junk bytes. That's all. It's exactly what we said it was doing.
Well, hey, now you're free to take over and write roots and unlocks for all LG phones since you obviously have the talent to do so.
Let's be honest though, without my team's hard work that you stole, you wouldn't have been able to do any of this.
But you knew that, you're just a bottom feeder.
I don't get angry often at all- but congrats! You've succeeded in making me mad! Achievement unlocked!
I'm done. Your turn.
EDIT: Also, you know you can't open source your project either considering it contains 'stolen' LG crypto keys. https://github.com/CyboLabs/Open_Bump/issues/1
Have fun with that one.
thecubed said:
Good job cybojenix. (moderator edit: watch your language please)
Way to ruin a good thing.
I'm done with Android now. You can do it all now - since you obviously know better than me and everyone else.
I don't appreciate people trying to blackmail me - EnderBlue and Cybo both.
Don't believe me? http://hastebin.com/gulumezawi.txt
Good job guys. Way to ruin unlocks for all future LG phones.
If I *EVER* decide to come back, I will not be releasing anything as free or open source. You've sullied my impression of the open source community. Anything I do will be private releases from now on.
LG hadn't patched Bump, and they were going to leave it alone for us as long as we kept it as a service.
Well, looks like that's over and done with.
Bump included a hash of the image that you uploaded and a hash of your developer ID, and some random junk bytes. That's all. It's exactly what we said it was doing.
Well, hey, now you're free to take over and write roots and unlocks for all LG phones since you obviously have the talent to do so.
Let's be honest though, without my team's hard work that you stole, you wouldn't have been able to do any of this.
But you knew that, you're just a bottom feeder.
I don't get angry often at all- but congrats! You've succeeded in making me mad! Achievement unlocked!
I'm done. Your turn.
EDIT: Also, you know you can't open source your project either considering it contains 'stolen' LG crypto keys. https://github.com/CyboLabs/Open_Bump/issues/1
Have fun with that one.
Click to expand...
Click to collapse
First off, I didn't black mail. I gave your team notice about open sourcing it after reverse engineering the LG bootloader, not your "signatures".
It's your choice if you want to leave Android. Pinning the blame on me is somewhat childish though.
LG not patching Bump? That's a ludicrous statement, and even if it's true, it's good that this script got released. That way they know it should be patched, since having it a service clearly makes all the difference to them.
The hardest part of your teams work was getting the keys. If you know where to look, then it's easy enough to get engineering builds which I suspect contain the master magic bytes which you released.
I'm honestly shocked at your reaction though. I gave your team all the credit and stated which parts I did myself. The part about the service, and the deception was justified.
You tried to obscure something which by logic can't be obscured. That's how so many people realised they can just append the bytes to the image.
So which one would you rather have, LG not patching the exploit (as you so claim), and having an unknown number of people in china running around flashing custom boot images, or have everyone know how to do it to force LG to recheck their security measures.
What I did may not have been fantastic for the community, but what you did was insanely dangerous for the 90% of LG users.
All you did was make it so LG locks down the bootloader. And really 90% of users??? There probably isn't even 3 percent of the LG base on this website. All you did was screw everybody else over so you could have YOUR OFFICIAL CM.
As well people saying you didn't do enough and are still using there signing key as well as attacking it as well.
Way to think about yourself. You didn't care about the 90% or you wouldn't have done this.
I personally hope LG locks down the bootloader now. Go the way Samsung did and put an efuse on it and prevent downgrading. Hopefully all this happens with lollipop so you can screw over the rest of the LG crowd.
cybojenix said:
it's good that this script got released. That way they know it should be patched, since having it a service clearly makes all the difference to them.
Click to expand...
Click to collapse
"Hey let's potentially close all future LG unlocks and thus the chance to use CyanogenMod on future LG devices then. Just so I can get the current CM builds to say 'Official' and get a big pat on the back from the CM dudes who probably don't care about me too much."
Is that what went through your mind? That instant gratification and ignorance really shows who you are because that's exactly what I see from this OP of yours. Enjoy your 15 minutes of fame. You probably just killed a chance for years of it.
savoca said:
"Hey let's potentially close all future LG unlocks and thus the chance to use CyanogenMod on future LG devices then. Just so I can get the current CM builds to say 'Official' and get a big pat on the back from the CM dudes who probably don't care about me too much."
Is that what went through your mind? That instant gratification and ignorance really shows who you are because that's exactly what I see from this OP of yours. Enjoy your 15 minutes of fame. You probably just killed a chance for years of it.
Click to expand...
Click to collapse
Yes, because I've been such a massive supporter of cm. (sarcasm in case you didn't realise).
I started reverse engineering the bootloader for research purposes. If it was more complex than what I have said above, then I probably wouldn't have done this thread.
If it weren't for the fact that the magic stays the same across all signatures, then I also wouldn't have done this thread.
The response I got from them when I contacted them before releasing this was pretty much one of lack of care. So I went ahead and posted it.
I couldn't care less about fame. In fact there isn't really a lot I do care about, but I won't have the community alienated in to thinking the codefire service was such a great thing.
And once again, I refuse to take the blame for their team leaving Android.
whoppe862005 said:
All you did was make it so LG locks down the bootloader. And really 90% of users??? There probably isn't even 3 percent of the LG base on this website. All you did was screw everybody else over so you could have YOUR OFFICIAL CM.
As well people saying you didn't do enough and are still using there signing key as well as attacking it as well.
Way to think about yourself. You didn't care about the 90% or you wouldn't have done this.
I personally hope LG locks down the bootloader now. Go the way Samsung did and put an efuse on it and prevent downgrading. Hopefully all this happens with lollipop so you can screw over the rest of the LG crowd.
Click to expand...
Click to collapse
See my other post, I don't care about cm.
Fair enough, 3% are here, so this benefits the security of 97% of lg uses, if the claim that lg was alright with it running s a service is true.
Either way, I did nothing wrong
cybojenix said:
I couldn't care less about fame. In fact there isn't really a lot I do care about, but I won't have the community alienated in to thinking the codefire service was such a great thing.
Click to expand...
Click to collapse
So you only care about ruining good things, and other people's work?
Lol sorry I think I'm done with you. By cybo
savoca said:
So you only care about ruining good things, and other people's work?
Lol sorry I think I'm done with you. By cybo
Click to expand...
Click to collapse
Tbh I thought it would have been clear by now what I care about. Then again I may have been wrong about considering you one of the smart android people.
I care about learning and sharing knowledge. Which is precisely what this thread did.
cybojenix said:
See my other post, I don't care about cm.
Fair enough, 3% are here, so this benefits the security of 97% of lg uses, if the claim that lg was alright with it running s a service is true.
Either way, I did nothing wrong
Click to expand...
Click to collapse
I saw your PM to autoprime in IRC, it was "I am going to post what I found or you do, either way its going there", it wasn't lack of care, it was that you just stated a fact and left, it was a very rude unthoughtful thing to do, also don't try to BS everyone with your research, you and about 100 other people found the "magic keys", the problem is those "magic keys" were placed there by team codefire, you didn't find them, you found that they were using the key and copied their work, anything else you say is a lie, at least the other 99 people who found this had the basic respect to not post it unless the original team allowed it.
There was no reason to post this, their site was working fine, and if you used the API there was no problem of tracking since it just uses a UID to identify to the server.
at least admit you were wrong and say you are sorry, they won't fix anything but will gain you a minimum amount of respect
sooti said:
I saw your PM to autoprime in IRC, it was "I am going to post what I found or you do, either way its going there", it wasn't lack of care, it was that you just stated a fact and left, it was a very rude unthoughtful thing to do, also don't try to BS everyone with your research, you and about 100 other people found the "magic keys", the problem is those "magic keys" were placed there by team codefire, you didn't find them, you found that they were using the key and copied their work, anything else you say is a lie, at least the other 99 people who found this had the basic respect to not post it unless the original team allowed it.
There was no reason to post this, their site was working fine, and if you used the API there was no problem of tracking since it just uses a UID to identify to the server.
at least admit you were wrong and say you are sorry, they won't fix anything but will gain you a minimum amount of respect
Click to expand...
Click to collapse
Wrong, I stated that I was going to open source it, meaning the work of put in to getting the key and how it's used to get the original magic.
It was after that that I realised the final magic is the only thing needed. I actually worked out how to get the magic key a few hours ago, but since I don't have the right images, it won't be globally usable.
Fair enough, I apologise for pointing out the flaws in codefires service, and that they took it badly.
cybojenix said:
See my other post, I don't care about cm.
Fair enough, 3% are here, so this benefits the security of 97% of lg uses, if the claim that lg was alright with it running s a service is true.
Either way, I did nothing wrong
Click to expand...
Click to collapse
OK. If you did nothing wrong please do explain this
Enderblue-"well, would you be willing to open source it so we can have a official cm support?"
IoMonster-"so it would make storm already worse then what it is now? *paraphrasing for language
IoMonster-"no"
Seems like be said he didn't want it open source but you still went ahead any way.
http://hastebin.com/gulumezawi.txt
And then you saying your going to push it for vs985 even after he said no.
I don't know who Enderblue is, and I'm not affiliated with him..
whoppe862005 said:
OK. If you did nothing wrong please do explain this
Enderblue-"well, would you be willing to open source it so we can have a official cm support?"
IoMonster-"so it would make storm already worse then what it is now? *paraphrasing for language
IoMonster-"no"
Seems like be said he didn't want it open source but you still went ahead any way.
http://hastebin.com/gulumezawi.txt
And then you saying your going to push it for vs985 even after he said no.
Click to expand...
Click to collapse
cybojenix said:
I don't know who Enderblue is, and I'm not affiliated with him..
Click to expand...
Click to collapse
It isn't like it matters if you are or not. It says right in the chat he doesn't want it open sourced. I'm sure about 99% of the people on here have seen that already and I'm pretty sure you have seen it as well.
It states right in the chat he didn't want it open sourced.
whoppe862005 said:
It isn't like it matters if you are or not. It says right in the chat he doesn't want it open sourced. I'm sure about 99% of the people on here have seen that already and I'm pretty sure you have seen it as well.
It states right in the chat he didn't want it open sourced.
Click to expand...
Click to collapse
but the chat wasn't with me, so your point is null
autoprime had ample opportunity to say "don't do it yet", or "go talk to IO". but no, no objections were made.
Codefire treated the service like any other company would treat their unlocking service, so I treated them like a company and showed how it was done.

PLEASE HELP ME! my phone is "rooted" with 3 third-party apps my BF installed!

PLEASE HELP ME! my phone is "rooted" with 3 third-party apps my BF installed!
I noticed that my nexus 6 was acting funny, and since my boyfriend purchased this phone for me- he set the entire thing up. The day it arrived, he plugged my phone into his laptop and started typing away at what looked like a black screen and a boxy white font with a bunch of rom codes etc(at this point, i was totally clueless and oblivious to what he was doing)...
Then, he would sporadically bring up specific texts that i had sent, and at times would randomly pinpoint specific addresses and times and asked me about them(mind you, they were my friends homes) which left me to wonder "how the hell did he even know about that text or specific location unless my phone is hacked??"
so, i took my phone to a specialist who confirmed that my phone was rooted with a custom ROM along with 3 third-party apps "kernel adiutor", "pure nexus", and "xda labs".
Once i called tech support for my phone, they said they couldn't help me because they're third party apps that are not legal to use in the first place.
long story short, his mom confirmed recently that he in fact has my phone hacked. can somebody please give me insight on the apps he installed and the purpose they serve?? what kind of access/capabilities does he have now that my phone is rooted even if i restore my phone???
Kernel Auditor Xda labs and pure nexus are not phone hacking apps Xda lab is app by xda community and Kernel Auditor is for tweaking the kernel and i think Pure Nexus is a Custom Rom for the Nexus
If you want to get rid of this you can ask service centre to flash Stock Rom of Nexus phone
Sent from my SM-A9000 using XDA-Developers mobile app
Download a factory image from here: https://developers.google.com/android/nexus/images
Follow the instructions on the webpage. Doing this will wipe your phone and put it back to 100% stock.
Also lol @ this:
vneedshelpASAP said:
Once i called tech support for my phone, they said they couldn't help me because they're third party apps that are not legal to use in the first place.
Click to expand...
Click to collapse
You have a very *very* serious problem.
As khanboyz007 says, the apps you mention are entirely pukka, totally normal, nothing suspicious.
But...
If you can't trust your boyfriend so much that you have to post for help from anonymous strangers, then your problem is far deeper than your Nexus 6. From the technical side of your description, he's done nothing at all wrong, but from reading between the lines you don't trust him, and *that's* a dealbreaker.
Why are you asking us instead of him? Give him a chance to explain. Maybe there's nothing more sinister than you (clearly without any technical knowledge... sorry...) don't have your phone password-protected and he's just looked at your texts - in itself a breach of trust, but still not justifying posting in a public forum to strangers.
dahawthorne said:
You have a very *very* serious problem.
As khanboyz007 says, the apps you mention are entirely pukka, totally normal, nothing suspicious.
But...
If you can't trust your boyfriend so much that you have to post for help from anonymous strangers, then your problem is far deeper than your Nexus 6. From the technical side of your description, he's done nothing at all wrong, but from reading between the lines you don't trust him, and *that's* a dealbreaker.
Why are you asking us instead of him? Give him a chance to explain. Maybe there's nothing more sinister than you (clearly without any technical knowledge... sorry...) don't have your phone password-protected and he's just looked at your texts - in itself a breach of trust, but still not justifying posting in a public forum to strangers.
Click to expand...
Click to collapse
I wouldnt say that at all. If he can tell where she has been and what text she is sending then he installed one of the many monitor apps onto her phone which is illegal.
My advise would be to completely wipe your device. Flash a stock rom and dont let him touch your device.
As for your personal life no one can or has any right to say anything about that. Do what you think is best.
If he knows the locations you've been at its possible he has your google+ share location set where it's shared with him. Or possibly he had set up an email for you on it and is signing into it to track your location. As far as the apps you mentioned they are %100 percent legal, most carrier don't know anything about rooting or custom Roms and will not give you adequate advice. But as they said, you can just flash the stock image, make your own Gmail to sign in or make sure to change your Gmail password. After you do make sure that that you put a password on your device that he doesn't know.
"then he installed one of the many monitor apps onto her phone"
Isn't that what I said...? No trust. This isn't in any way a technical question - it's about their relationship.
And since I've seen your many posts here over the years I know you've got a fair amount of life experience, in which case I can assume that you know of Occam's Razor - the simplest explanation is likely to be the correct one, and the simplest explanation here is not that he's installed a monitoring app but is simply looking at the phone. I stand by my comments.
"no one can or has any right to say anything about that"
Yes, I agree, it would be none of my business - *if* she hadn't asked for my advice (as well as yours).
If she has so little trust in her partner, and has asked for advice (technical or otherwise), then the answer has to be "Look very carefully at your relationship".
(P.S. To avoid the inevitable "sexist" comments, yes, I've assumed it's a female poster, but I'm aware that there are alternatives).
To be honest I think it might be a moot point as he is most likely part of this forum and has seen this post.
Then he's got the message...
Or this is just a prank. Like I'm getting private messages from people who haven't even posted yet to fix their phones.
istperson said:
Or this is just a prank.
Click to expand...
Click to collapse
Yes, that same thought had occurred to me. I give the benefit of the doubt unless there's a clear sign that it's a joke, and this one does come close to the edge...
A lot of effort for a not-funny joke though. It would be good if the OP provides some feedback - I do get very fed up with people asking for advice, which is given maybe by half a dozen people who have taken the time and trouble to provide it, only for the OP to vanish into the ether without so much as a "thank you" button press.
Step one, flash the phone back to stock using the links provided eariler posts.
Step two, dump the loser - he is too controlling, and this will never change...
Now that the personal advice has been given, let's bring this thread back to troubleshooting device issues, not relationship issues . Thanks for your cooperation.
vneedshelpASAP said:
.... my boyfriend purchased this phone for me- he set the entire thing up.
Click to expand...
Click to collapse
Your friend has set up your phone the same way as he should do for himself.
There nothing wrong with rooting and the apps you mentioned.
My idea is that ask him very friendly to flash the latest official stock Rom.
Tell him that you prefer the official rom of Google.
Because you want official support when there is something wrong. And you don't need root acces because you only use 'normal' apps.
As everything there are disadvantages.
A rooted phone allows you to install layers. That makes it possible to choose dark themes. And that's important when you need a better battery life.
I Bet he's using Cerberus. Go into your settings>apps, select to include system apps. You'll be looking for a app name: system framework. If you see this He is tracking you using Ceberus, . This app/service is pretty awesome. I was able to track my phone down, see the texts sent, turn the mic on and listen to where my phone was at. .
Like everyone said flash a new rom. clean slate. Then dump dude, there should be no need for that crap.
Here's the link: https://play.google.com/store/apps/details?id=com.lsdroid.cerberus&hl=en
vneedshelpASAP said:
I noticed that my nexus 6 was acting funny, and since my boyfriend purchased this phone for me- he set the entire thing up. The day it arrived, he plugged my phone into his laptop and started typing away at what looked like a black screen and a boxy white font with a bunch of rom codes etc(at this point, i was totally clueless and oblivious to what he was doing)...
Then, he would sporadically bring up specific texts that i had sent, and at times would randomly pinpoint specific addresses and times and asked me about them(mind you, they were my friends homes) which left me to wonder "how the hell did he even know about that text or specific location unless my phone is hacked??"
so, i took my phone to a specialist who confirmed that my phone was rooted with a custom ROM along with 3 third-party apps "kernel adiutor", "pure nexus", and "xda labs".
Once i called tech support for my phone, they said they couldn't help me because they're third party apps that are not legal to use in the first place.
long story short, his mom confirmed recently that he in fact has my phone hacked. can somebody please give me insight on the apps he installed and the purpose they serve?? what kind of access/capabilities does he have now that my phone is rooted even if i restore my phone???
Click to expand...
Click to collapse
to me, a "specialist", it sounds like he did you a favor, by rooting your device, and adding apps that you will need to control your own phone. your "own" i say because otherwise you are just using someone elses device, that you happened to pay for with your money. so, instead of posting a pissy thread, id do a little more research on how to control your own phone, and then tell him thank you.
oh, btw, just because the apps arent from the play store, it does not make them illegal to use, at all. you can use whatever app you want, from wherever you want, LEGALLY.
I'm coming round to istperson's point of view - this thread is beginning to look more and more like an elaborate pointless hoax, and not a very funny one.
There are far too many of these threads where people ask a question and then disappear without the courtesy of a sign-off or even a "thank you". Very discouraging, and makes me less keen on spending my time here trying to help timewasting ingrates...
I'm gonna close this thread for now. If the OP has anything else to add they can contact me again to reopen it.
Not all apps are legal. It really depends on where you are living. As an example. Things like keyloggers, call recorders (depending on local laws) screen recorders and things of this nature are completely legal in some countries like China, while being completely illegal in other places in the world.
Also installing tracking software of any kind on someone's device is also illegal.
We have to remember that many people search for help on something, reg to the forum to get the answer and dont come back until they have another issue. This is becoming far more common as of late.

Does anyone have a boot logo/boot animation/shutdown animation guide?

I've got an N920t and i would love to put a simple 1st boot screen and add my company name and number to it so, if it's stolen, the average person won't have a CLUE how to get rid of the logo.
I would also like to be able to change a cool animated GIF into the animation that pops up after the initial boot.
Lastly, i would like a decent shut-down logo.
I've downloaded Samsung's theme editor and it looks like i was created for the "yesterday" phones. I know where the qmg files are in the system/media.
I just don't know 1) The screen dimensions 2) the conversion process of whatever to qmg. 3) whatever else i may have missed.
Can anyone help?
Kilroy5150 said:
I've got an N920t and i would love to put a simple 1st boot screen and add my company name and number to it so, if it's stolen, the average person won't have a CLUE how to get rid of the logo.
I would also like to be able to change a cool animated GIF into the animation that pops up after the initial boot.
Lastly, i would like a decent shut-down logo.
I've downloaded Samsung's theme editor and it looks like i was created for the "yesterday" phones. I know where the qmg files are in the system/media.
I just don't know 1) The screen dimensions 2) the conversion process of whatever to qmg. 3) whatever else i may have missed.
Can anyone help?
Click to expand...
Click to collapse
Samsung Theme's have nothing to do with what you want to accomplish.. It sounds to me like you don't fully understand what's involved with trying to do what you're asking for.. First of all you'll have to root the phone possibly voiding it's warranty just to get to the files you'd have to replace to begin with and if you don't fully understand what you're trying to do you could possibly turn your phone into a paperweight! You might want to do some research before trying to do what you're asking for..
MrMike2182 said:
Samsung Theme's have nothing to do with what you want to accomplish.. It sounds to me like you don't fully understand what's involved with trying to do what you're asking for.. First of all you'll have to root the phone possibly voiding it's warranty just to get to the files you'd have to replace to begin with and if you don't fully understand what you're trying to do you could possibly turn your phone into a paperweight! You might want to do some research before trying to do what you're asking for..
Click to expand...
Click to collapse
Yeah dude, don't over think it. I'm way way way WAY past a simple rooting. I've installed 100s of roms just not messed with themes very much beyond the occasional bootanimation.zip placement.
But, a piece of advice, next time just say "i don't know" because you really didn't answer my question, you were about as far away from what i asked for as an answer could get. I explained that i checked out the Samsung theme editor, not that i expected it to work. It was just a step i went through.
If i didn't know anything about theming, at all, i wouldn't know about the extension or placement area i mentioned and since you didn't really give any answer of note (beyond a generic warning that's been in every root and rom since the beginning of time) i'm thinking you don't either...
Please, don't give your idea of "help" any further.
Kilroy5150 said:
Yeah dude, don't over think it. I'm way way way WAY past a simple rooting. I've installed 100s of roms just not messed with themes very much beyond the occasional bootanimation.zip placement.
But, a piece of advice, next time just say "i don't know" because you really didn't answer my question, you were about as far away from what i asked for as an answer could get. I explained that i checked out the Samsung theme editor, not that i expected it to work. It was just a step i went through.
If i didn't know anything about theming, at all, i wouldn't know about the extension or placement area i mentioned and since you didn't really give any answer of note (beyond a generic warning that's been in every root and rom since the beginning of time) i'm thinking you don't either...
Please, don't give your idea of "help" any further.
Click to expand...
Click to collapse
Then maybe you should have thought more about what you were saying in your first post and possibly included some other information about how smart you are but yet you can't figure out what the screen dimensions for the phone are? But I stand by what I said Samsungs Theme's having nothing to do with the boot animation at all.. And if you're so great at flashing roms.. Uh wow "claps" that's taking others work and dropping it on to an SD and tapping flash.. SO so hard!! Try building your own rom and kernel from scratch! Since you wanted to act all tough I'm not even going to give you the answer and yes I damn well do know the answer I've been a developer since way back in the day when WebTVs were the thing! And if this is how you're going to act towards developers of other people on here, then don't expect much help now! I'm sure you can figure it out Mr 100s of rom flashes!
MrMike2182 said:
Then maybe you should have thought more about what you were saying in your first post and possibly included some other information about how smart you are but yet you can't figure out what the screen dimensions for the phone are? But I stand by what I said Samsungs Theme's having nothing to do with the boot animation at all.. And if you're so great at flashing roms.. Uh wow "claps" that's taking others work and dropping it on to an SD and tapping flash.. SO so hard!! Try building your own rom and kernel from scratch! Since you wanted to act all tough I'm not even going to give you the answer and yes I damn well do know the answer I've been a developer since way back in the day when WebTVs were the thing! And if this is how you're going to act towards developers of other people on here, then don't expect much help now! I'm sure you can figure it out Mr 100s of rom flashes!
Click to expand...
Click to collapse
Say it with me one more time, just so you realize it ..... "You don't know"....You can wax and waste people's time ALL day long with your big talk but the straight truth is:
If you would have had the answer, you would have posted it.
I already got it, from someone who actually could answer the question. "He" didn't have any trouble with my request, at all, and had it summed up in a small paragraph.
So i guess that makes you the "special" person here...
Don't bother wasting space with a reply, "unsubscribe" was created for a-holes like you wanna talk big but can't come up with the answer. But then again people like you probably get off on posting to yourself anyway.
Kilroy5150 said:
Say it with me one more time, just so you realize it ..... "You don't know"....You can wax and waste people's time ALL day long with your big talk but the straight truth is:
If you would have had the answer, you would have posted it.
I already got it, from someone who actually could answer the question. "He" didn't have any trouble with my request, at all, and had it summed up in a small paragraph.
So i guess that makes you the "special" person here...
Don't bother wasting space with a reply, "unsubscribe" was created for a-holes like you wanna talk big but can't come up with the answer. But then again people like you probably get off on posting to yourself anyway.
Click to expand...
Click to collapse
Lol.. You aren't getting under my skin little man.. I can reply wherever I want!! This isn't YouTube where you tap unsubscribe lmfao!!! You only have less than 50 post and you're going to come to xda with your mister know it all attitude and tell me what I do and don't know?! I have the answer to what you want to do and it's definitely in /system/media but good luck getting it to work (the right way).
If you would have replied nicely and asked nicely like other people on here do I would have showed you how to convert the files you and other stuff you needed but not interested now.. And if you think I'm so dumb and don't know nothing, I just wrote an entire page and a half just for the Galaxy S6 owners to root their phones! And Why? Because someone asked nicely!!
https://forum.xda-developers.com/showthread.php?p=72647478#post72647478
Kilroy5150 said:
I've got an N920t and i would love to put a simple 1st boot screen and add my company name and number to it so, if it's stolen, the average person won't have a CLUE how to get rid of the logo. I would also like to be able to change a cool animated GIF into the animation that pops up after the initial boot. Lastly, i would like a decent shut-down logo. I've downloaded Samsung's theme editor and it looks like i was created for the "yesterday" phones. I know where the qmg files are in the system/media. I just don't know 1) The screen dimensions 2) the conversion process of whatever to qmg. 3) whatever else i may have missed. Can anyone help?
Click to expand...
Click to collapse
MrMike2182 said:
Samsung Theme's have nothing to do with what you want to accomplish.
Click to expand...
Click to collapse
1) This conversation is so petty I'm not even sure why I'm responding to it.
2) Creating a boot animation for Samsung has EVERYTHING to do with Samsung Theme Designer.
3) Here is my tutorial for this.
https://forum.xda-developers.com/showthread.php?p=63963738
4) Ignore the fact that the program looks old school. If you read my tutorial you'll see how that doesn't matter at all.
bogarty said:
1) This conversation is so petty I'm not even sure why I'm responding to it.
2) Creating a boot animation for Samsung has EVERYTHING to do with Samsung Theme Designer.
3) Here is my tutorial for this.
https://forum.xda-developers.com/showthread.php?p=63963738
4) Ignore the fact that the program looks old school. If you read my tutorial you'll see how that doesn't matter at all.
Click to expand...
Click to collapse
Well, i appreciate a straight-forward answer.
I reacted to the other guy the way i did because of his condescending attitude and the fact that he obviously didn't know but went out of his way to give a false impression of "knowledge" in the matter. Personally, i can't stand people who answer with useless information, have an attitude, and waste my time trying to "look" big...i appreciate you "not" being that kind of person.
You're right, it's petty, but sometimes it's necessary because (over the years) i've noticed these forums have become a home for "some" who seem to devote time to not giving people a straight answer and have a superiority complex doing it. Also, the douche bag had the arrogance to "label" me because i didn't post a lot on the forums, probably the biggest ignorance here to assume a person isn't knowledgeable about anything because they don't make a lot of noise in the forums.
It's like i've said from the jump....the guy who knows simply gives the straight answer.
Since that's what i really needed i'll just unsub the thread so i don't have to deal with him spouting any further.
Again, thanks.
Please keep it civil guys. No need to go mad. If you are annoyed by someone, please add them to your ignore list and move on.
No need to be disrespectful. The Forum Rulesforum.xda-developers.com/announcement.php?a=81 clearly state
2.3 Flaming / Lack of respect: XDA is about sharing and this does not involve virtual yelling (flaming) or rudeness. Flaming or posting with a lack of respect is unacceptable. Treat new members in the manner in which you would like to have been treated when you were a new member. When dealing with any member, provide them with guidance, advice and instructions when you can, showing them respect and courtesy. Never post in a demanding, argumentative, disrespectful or self-righteous manner.
Click to expand...
Click to collapse
Hope I made myself clear! Thread cleaned for now.
Regards
Vatsal,
Forum Moderator.
Actually, there isn't anything in the system partition that pertains to the initial graphic shown when the phone starts, that's actually part of the partition known as param, which is little more than a tar archive that's been written to the block device that is designated as PARAM directly. You can use dd to dump it and untar the resulting file with, you guessed it, tar. The images within the archive are png format, but you have to be careful to pay close attention to the very specific palette and compression used in the original images because if you fail to match it exactly then you run the very real risk of rendering the device bricked in an unrecoverable way as the only way to write the PARAM partition is via an environment where you can access dd, or any other utility that is capable of performing direct read and write to block devices, which is either a custom recovery or the running system itself and since it holds the logo shown immediately upon starting the device before the kernel itself or recovery then making a mistake is not an option. Said archive also holds the graphics for download mode as well as the battery image shown prior to the charging animation, which is loaded by the kernel and is a low power mode that partially boots the device and stops just before zygote is brought up, which is the base of the GUI if you were unaware. I've successfully modified every single image in the archive itself and I'd be glad to upload proof to that end as soon as I can borrow another device to capture the result with as I've only got my phone on hand at the moment. I can provide you with more detailed steps, specifically the arguments I used with the convert command from ImageMagick to ensure the image palette and compression were correct since I couldn't get GIMP to save the edited images with the necessary options.
As far as the qmg files, there are several tutorials on the forums that do a great job of detailing that process, but it requires access to a Windows machine as Samsung doesn't see fit to develop a cross-platform tool. Having said that, this is all under the assumption that you're familiar with Linux and a couple of common utilities within it, I don't use Windows save for audio production and the occasional Octoplus unlock, so I can't offer quite as precise information on performing the steps I've mentioned from that environment. I'll go ahead and dig up the arguments I mentioned for the convert utility and post them since I don't recall them from memory as I did this a few months ago. Suffice to say, I know what I'm doing and what I'm talking about and the first order of your request is most definitely possible though I've yet to have ever encountered any instruction on it or even mention of it until now aside from my own venture into that scary process.
It's worth noting that your idea of deterring theft is sound only if the thief would try to sell it and only if the buyer was a noble person, and most thieves don't keep company with good people so it would be something they got a chuckle out of at worst and a minor annoyance at best. Consider how many items must be stolen that have been engraved or otherwise marked and are sold without much ado over it, if they want to steal it they will and not think twice over it. Just my two cents there.
zygh0st said:
Actually, there isn't anything in the system partition that pertains to the initial graphic shown when the phone starts, that's actually part of the partition known as param, which is little more than a tar archive that's been written to the block device that is designated as PARAM directly. You can use dd to dump it and untar the resulting file with, you guessed it, tar. The images within the archive are png format, but you have to be careful to pay close attention to the very specific palette and compression used in the original images because if you fail to match it exactly then you run the very real risk of rendering the device bricked in an unrecoverable way as the only way to write the PARAM partition is via an environment where you can access dd, or any other utility that is capable of performing direct read and write to block devices, which is either a custom recovery or the running system itself and since it holds the logo shown immediately upon starting the device before the kernel itself or recovery then making a mistake is not an option. Said archive also holds the graphics for download mode as well as the battery image shown prior to the charging animation, which is loaded by the kernel and is a low power mode that partially boots the device and stops just before zygote is brought up, which is the base of the GUI if you were unaware. I've successfully modified every single image in the archive itself and I'd be glad to upload proof to that end as soon as I can borrow another device to capture the result with as I've only got my phone on hand at the moment. I can provide you with more detailed steps, specifically the arguments I used with the convert command from ImageMagick to ensure the image palette and compression were correct since I couldn't get GIMP to save the edited images with the necessary options.
As far as the qmg files, there are several tutorials on the forums that do a great job of detailing that process, but it requires access to a Windows machine as Samsung doesn't see fit to develop a cross-platform tool. Having said that, this is all under the assumption that you're familiar with Linux and a couple of common utilities within it, I don't use Windows save for audio production and the occasional Octoplus unlock, so I can't offer quite as precise information on performing the steps I've mentioned from that environment. I'll go ahead and dig up the arguments I mentioned for the convert utility and post them since I don't recall them from memory as I did this a few months ago. Suffice to say, I know what I'm doing and what I'm talking about and the first order of your request is most definitely possible though I've yet to have ever encountered any instruction on it or even mention of it until now aside from my own venture into that scary process.
It's worth noting that your idea of deterring theft is sound only if the thief would try to sell it and only if the buyer was a noble person, and most thieves don't keep company with good people so it would be something they got a chuckle out of at worst and a minor annoyance at best. Consider how many items must be stolen that have been engraved or otherwise marked and are sold without much ado over it, if they want to steal it they will and not think twice over it. Just my two cents there.
Click to expand...
Click to collapse
Yeah, i had some luck with Odin based flashing of the initial boot screen but haven't had a lot of time to play around with it. I just enjoy customizing the phone to the point to where (if anyone steals it) there's no doubt it's mine. I can walk in and say "It does this on boot" without even looking and i've done that in the past and it's worked out great with reclaiming a stolen phone. The more customized you make it, the harder it is for the pawn-shop owner to argue it's not yours (and they WILL try). I've had to bring the authorities in. "Noble" is not a word that most pawn-shop owners seem to know
It's just odd how these phones change their structure so much that general "boot animation" apps have no effect on them at all.
Thanks for the info.
Kilroy5150 said:
Yeah, i had some luck with Odin based flashing of the initial boot screen but haven't had a lot of time to play around with it. I just enjoy customizing the phone to the point to where (if anyone steals it) there's no doubt it's mine. I can walk in and say "It does this on boot" without even looking and i've done that in the past and it's worked out great with reclaiming a stolen phone. The more customized you make it, the harder it is for the pawn-shop owner to argue it's not yours (and they WILL try). I've had to bring the authorities in. "Noble" is not a word that most pawn-shop owners seem to know
It's just odd how these phones change their structure so much that general "boot animation" apps have no effect on them at all.
Thanks for the info.
Click to expand...
Click to collapse
The easiest way I've found is RomToolbox pro.
Sent from my SM-N920T using Tapatalk
mainmast2 said:
The easiest way I've found is RomToolbox pro.
Sent from my SM-N920T using Tapatalk
Click to expand...
Click to collapse
Yup, had it for a long time. But it seems to have no effect on my phone since i got Nougat. In fact, "none" of the usual apps seem to work. Must be a new set of rules. The only ways i've seen them change are by Odin and that rom installer (Aroma, isn't it?) that everyone is so fond of.
Kilroy5150 said:
Yup, had it for a long time. But it seems to have no effect on my phone since i got Nougat. In fact, "none" of the usual apps seem to work. Must be a new set of rules. The only ways i've seen them change are by Odin and that rom installer (Aroma, isn't it?) that everyone is so fond of.
Click to expand...
Click to collapse
Huh, I haven't changed mine since switching to nougat. The custom logo hasn't changed from before the upgrade. Thanks for the info.
Sent from my SM-N920T using Tapatalk

(No progress yet)Root dev for Galaxy S9 Plus SM-G965U (Snapdragon)

Do not ask for an ETA
Once the mods start getting onto people for asking, I'll take my dev work off site. I don't want to upset mods and admin over people being impatient.
I've been looking and root isn't available yet for the Snapdragon version. I've created root access for a few devices so far, be it years ago. I want root, so I've decided to start dev work on my own. Can't say how long it will take, or if I will be able to, but anyone that is willing to test or help, feel free to comment and say so, since help would be greatly appreciated. Testers are needed.
First off though, what advancements have been made so far? Several posts I've seen have dead links to data, so to start, I'll need to know what's been done already. No need to reproduce failed outcomes.
Reserved for future links.
drakaina said:
Do not ask for an ETA
Once the mods start getting onto people for asking, I'll take my dev work off site. I don't want to upset mods and admin over people being impatient.
I've been looking and root isn't available yet for the Snapdragon version. I've created root access for a few devices so far, be it years ago. I want root, so I've decided to start dev work on my own. Can't say how long it will take, or if I will be able to, but anyone that is willing to test or help, feel free to comment and say so, since help would be greatly appreciated. Testers are needed.
First off though, what advancements have been made so far? Several posts I've seen have dead links to data, so to start, I'll need to know what's been done already. No need to reproduce failed outcomes.
Click to expand...
Click to collapse
One guy flashed a combination version of the firmware and got the OEM unlock toggle to show on a SM-G960U. It switched on and off but I am not sure if it actually unlocked the bootloader or not. There is a TWRP already ported to the Snapdragon version as well, although only for the Chinese and Hong Kong version, it should work on our device if you can get the bootloader unlocked first. I have been scouring online and in the forums since the phone came out and that's all I nave found thus far. Im sure you already know these things, but I figured I would say it just in case you weren't aware. Hope you get it figured out! Good luck! ?
The only development I've heard of is one user claiming he got a diagnostic boot with SElinux permissive. (In the S9 root dev forum/thread) I also have a source who is NOT trying to be identified publicly because he works for google, but he informed me that "the android O build for SAMSUNG DEVICES, was developed with special instructions in it to automatically kick a KERNEL PANIC , if ANY app NOT on some internal White List attempts to access, modify, or send SU commands through any NOT LISTED app with those permissions granted already." ... now I'm not an Android level programmer, but I'm an old Linux dev/ penetration systems tester (lol) and from what I am gathering is that the patches or whatever that Samsung added to the O.S. also included an encrypted or hidden white list, which he says is VERY small, (as in number of items actually in the list) , but even he said they do not have any access nor knowledge of where they stored this. He did tell me that they delivered an incomplete or infant code for Samsung Snapdragon Model Note 8,9 and s8,9, and it was so crude that not only would it not compile because of missing crap Samsung deliberately did not supply them with... but he said that it was NOT lockable in that state, so Samsung either inserted their own locked kernel and whatever to create this B.S. broke down version of Android that is Root crippled. BUT the only clue he could give me was that "On no level can an E-fuse provide an unbreakable chain of trust, and that if an extreme modded were to actually break down the system board of an S9, they could in theory remove or add some sort of device that would bypass the Qualcomm Secure boot completely!" ... now this ain't a best friend or nothing so truthfully I'm surprised I got this much from him... but I've known who he was and that hes worked for Google nearly 12 years as a developer and software engineer. So I dont know if any of that info helps... but my contribution is that I can get my device (s9+ from Sprint USA Sm-g965U) replaced with little to no hassle, so I'm 100% willing to do any tests u need, providing that you give me at least a basic level of instruction, as to each set of commands or package u want me to flash. I'm pretty android savvy considering it's just a linux derivative... and I know Samsung 100% .. I've had every S - galaxy since day 1 . BUT throwing blind commands at my device that I have 0 understanding of their impact, makes me feel like a squirrel running across the freeway during rush hour! Plz Do me a favor and shoot me a private message and I'll give you my cell number and email so u can reach me quicker when you have something u need tested! Now please people don't berate me if something he said to me was not correct or you have different data to disprove what he said. I literally took notes by hand and had him confirm them, so I'm just the messenger/informant and u gotta realize that as a google employee, he #1 is partially not knowledgeable of ways to exploit the O.S. which is what the hackers come into play for. And make the developers work **** tons harder to FIX the hole the ****ed up in the 1st place! ? Lol... and #2. I did ask about the possibility of a $$$$ number he would take in order to provide an actual Eng-boot like that of the S8, and he said that "Those are developed by each individual corporation after they are provided the build source code", and that "google has no interest in possessing or archiving any such file because the O.S. does not need it to provide a developers version of the O.S., which is as far as Google goes in providing a new system to the companies.... so for something like that, reach out to one of the underpaid factories full of workers and I'm sure they would happily give you what you want for much cheaper than you imagine!" Ok that was very long winded but I wanted to cover all I could because I prob wont check this thread anymore.... plz PM me bro so I can get you my info ... and let's put this Flashing Guinea Pig (me) to work in getting this ***** at least hack rooted or maybe full!!!
Hello, i've just finished reading all above and from what I've read I can tell that not all hopes are lost as well I'm offering my help to be a (TESTER) for any attempts you wanna try, however, please note that I'm NO DEV just a user who would like to his phone rooted ASAP that's all, so please explain the commands that you would give me and the steps. plz PM me so I can get you my contact info
It ain't happening with the known exploits.
Ok, so far I have a few routes I plan to take that have worked on other devices. Working on the first, but not at the moment. The rude comment compelled me to post my own. Devs don't follow old ways of doing things so get that out of your head if you want to think forward, not backwards. I have found what could be an exploit in the rom itself that "might" be the starting point to get root access. This is NOT an ETA but hopefully we can start testing in the next few weeks.
I'll say it now, don't get overly excited a possible exploit has been found. I make no guarantee on it being THE exploit needed. Just be patient, and if you have insight on a way to attack this or another possible exploit, do say so.
If anyone knows of the bootloader partition already having been copied, post a link. I share mine at the moment so I don't always have it around, so any of the bootloader data would help greatly.
drakaina said:
Ok, so far I have a few routes I plan to take that have worked on other devices. Working on the first, but not at the moment. The rude comment compelled me to post my own.
Click to expand...
Click to collapse
I saw no rude comment, just a dose of reality for you, a little thin skinned are we?
You're continuing to be rude and attempting to derail the point of the thread. Meh, I'm getting back to work since it not good to feed trolls.
Pretty sure placeholder threads are not allowed on XDA...
I am making presence known now. I will be watching this closely
Technicly this thread don't even need to exist right now.
drakaina said:
Do not ask for an ETA
First off though, what advancements have been made so far? Several posts I've seen have dead links to data, so to start, I'll need to know what's been done already. No need to reproduce failed outcomes.
Click to expand...
Click to collapse
Myself and a handful of other people involved in us snapdragon s8/s8+/n8+ took a brief crack at it a little while ago to no avail. I don't want to go into too many details on here as 1) Samsung is watching surely and 2) the contents from the peanut gallery get old quick but here are the cliff notes. Feel free to pm me here or on telegram for more details. (Backstory on me, I created samfail which was the first/only n8 root method and the second for the s8/s8+ and the only published one beyond bootloader v1.
- samfail is 100% patched. No known way to modify system
- you can't mix combo boot with stock images anymore. Samsung got wise to that. Figured out how to track it if we can force write a system image
- there is a ton of new system level security because they had to move out of the boot image due to treble. Probably the first big nail in the coffin I'm.
- don't waste your time on the oem unlock toggle in the combo/factory rom. No it doesn't unlock the bootloader. The us snapdragons don't respect it's value outside of turning off frp, but that was with the s8 idk if it is still true on the s9.
- the other poster is right about the anti root thing. It's in the open source kernel code. If anything being exexuted under uid 0 matches a list of common/known root mods/not stuff that is supposed to be there, instant kernel panic. Things like "binary is called BusyBox" are on that list.
This was the point I gave up. Partially because I don't have the device so testing is extremely difficult (I wised up this year and purchased a intl. Snapdragon sm-g9650 which has full oem unlock just like the exy).
In sure there's things in forgetting right now and again, being too transparent here results in root method bring patched faster, hit me up if you want more brain dump
drakaina said:
You're continuing to be rude and attempting to derail the point of the thread. Meh, I'm getting back to work since it not good to feed trolls.
Click to expand...
Click to collapse
Although I have seen a lot worse on these threads, his comment was pretty negative, which is what we do not need in this thread. I wish people would just keep their thoughts to themselves if they have nothing to add to the discussion. I also will test so let me know if there is anything I can do to help.
i also have a g965u and have been trying various mwthods to no avail at this point.. we need new exploits to be found.. all the obvious stuff will not work
It is because of this is why I will never buy another Galaxy phone. I need root.
zzEvilGeniuszz said:
It is because of this is why I will never buy another Galaxy phone. I need root.
Click to expand...
Click to collapse
Just don't buy snapdragon, the Exynos S9s are unlocked
*Detection* said:
Just don't buy snapdragon, the Exynos S9s are unlocked
Click to expand...
Click to collapse
You cannot buy Exynos from a carrier. You have to buy directly from Samsung for that. I know because I requested a Exynos variant. Sprint said they couldn't (or wouldn't) give me one.
edit: nvm not worth it.
zzEvilGeniuszz said:
You cannot buy Exynos from a carrier. You have to buy directly from Samsung for that. I know because I requested a Exynos variant. Sprint said they couldn't (or wouldn't) give me one.
Click to expand...
Click to collapse
i talked to samsung a couple months ago before i got my s9 and they told me they wont sell you one directly with the Exynos. I was going to get the s8 with the exynos if they would of sold me one. They wouldn'ty so i bought a tmobile s9 with my carrier.
has anyone been able to reboot phone into edl mode?

Categories

Resources