development to get around all the security in 4x - LG Optimus 4X HD

Lets see if we can get
- Locked bootloader
- Custom rom security issues
and maybe other security related problems in one development thread and how we make apps to get around this
I take the lead for now, since i started testing custom roms (JellyBean) right now.
and the DRM check at bootup is important to get around, otherwise we end up, having to restore a v10 image again and again, too often.
i suspect that it can be done using a bind folder. but lets see where this takes us.
just update with other issues seen.

Dexter_nlb said:
Lets see if we can get
- Locked bootloader
- Custom rom security issues
and maybe other security related problems in one development thread and how we make apps to get around this
I take the lead for now, since i started testing custom roms (JellyBean) right now.
and the DRM check at bootup is important to get around, otherwise we end up, having to restore a v10 image again and again, too often.
i suspect that it can be done using a bind folder. but lets see where this takes us.
just update with other issues seen.
Click to expand...
Click to collapse
Sounds little bit like Chinese for me but hope you can get a break through and goodluck for all who trying to make it for us an even great phone

ok, i have had my jellybean semi running and oneX rom running, both not very functional, as most hardware did not work well.
the lgdrmserver kept crashing on me as well, but probably less important.
the solution i made was the early boot used the original libraries from /lib from and vendor/lib , so i simply mapped the 2 files in /lib with a symlink to the /system/drm folder and ran the wallpaper binary and it worked fine.
secondly changed a vold binary to be a little script, that
1: bind'd new libraries for drm in drm2 folder (mount -obind drm2 drm) so the new booting os would get related files.
2: start vold
and the workaround seemed to do just fine for the drm security check.
IF it fails during regular boot if you unintentionally copied over the files, do not worry. booting into safe mode (keep VOL UP pressed and press power) you can connect with a shell and bypass the check, and fix your failure and reboot.

Hi
Is DRM checking forced from kernel?
Can we live without it?

no, its called from init.d

Dexter_nlb said:
Lets see if we can get
- Locked bootloader
- Custom rom security issues
and maybe other security related problems in one development thread and how we make apps to get around this
I take the lead for now, since i started testing custom roms (JellyBean) right now.
and the DRM check at bootup is important to get around, otherwise we end up, having to restore a v10 image again and again, too often.
i suspect that it can be done using a bind folder. but lets see where this takes us.
just update with other issues seen.
Click to expand...
Click to collapse
It is allways exciting to see people like you fellow.
Curious, courageous, openminded, wise and most of all doing all without expecting anything.
Success on your way..:good:

Dexter_nlb, You're a hero :good:
When will be released some beta?

since we have root, shouldnt init.d be accessable and easily modifyable?

The Troll said:
since we have root, shouldnt init.d be accessable and easily modifyable?
Click to expand...
Click to collapse
its part of the boot.img (ramdisk), so not really, but the 2nd-init makes it possible to make a new ramdisk and start it. but its only ramdisk, not the kernel, which remains static.

downgrade mode?
sorry, im a htc user thinking of buying this phone.. *since s3 isn't tegra, not thd games and one x kinda sucks with the lack of sd card and stuff..*
but htc has a dorwngrade mode.. 2 exposed connectors close to the camera.. short circuit them to access downgrade mode.. and then flashable though linux..
if im right, that should give u open access to bootloader..
evo 3d cdma used this method to get s-off.. as in bootloader unlocked and accessable with all write restrictions removed on all partitions..
oh forgot to meantion, this can brick ur device.. actually downgrade mode itself is a bricking method.. so i'd be careful *assuming this method is true for gs as well*

The Troll said:
downgrade mode?
sorry, im a htc user thinking of buying this phone.. *since s3 isn't tegra, not thd games and one x kinda sucks with the lack of sd card and stuff..*
but htc has a dorwngrade mode.. 2 exposed connectors close to the camera.. short circuit them to access downgrade mode.. and then flashable though linux..
if im right, that should give u open access to bootloader..
evo 3d cdma used this method to get s-off.. as in bootloader unlocked and accessable with all write restrictions removed on all partitions..
oh forgot to meantion, this can brick ur device.. actually downgrade mode itself is a bricking method.. so i'd be careful *assuming this method is true for gs as well*
Click to expand...
Click to collapse
nah, we haven't nothing to lose... someone should try it

The Troll said:
but htc has a dorwngrade mode.. 2 exposed connectors close to the camera.. short circuit them to access downgrade mode.. and then flashable though linux..
if im right, that should give u open access to bootloader..
evo 3d cdma used this method to get s-off.. as in bootloader unlocked and accessable with all write restrictions removed on all partitions..
Click to expand...
Click to collapse
i believe you reference a different hardware platform not Nvidia based. o4x is nvidia tegra3 and different from omap and other platforms security wise.
can you link to the tegra fuse , you reference here? (fuse is a connector which will break the firmware open and full access granted, but can also cause firmware to not load, since fuse is broken)

reas0n said:
nah, we haven't nothing to lose... someone should try it
Click to expand...
Click to collapse
flash image GUI..
someone rooted should try that first..
also, unlimited.io <--- website.. for details of the downgrade mode trick..
http://forum.xda-developers.com/showthread.php?t=1547695
http://forum.xda-developers.com/showthread.php?t=1491107
http://forum.xda-developers.com/showthread.php?t=1563342
http://forum.xda-developers.com/showthread.php?t=1627917
the basic idea of this is 2 connectors close to the camera.. short circuit them to switch the phone to downgrade mode *QHSUSB_DLOAD*.. bricking the device and mounting all partitions as read and writable.. then using linux to find the right partition to flash/dump the hboot *the bootloader*
at the end, if it uses fastboot/adb, i dun think this will be too different from the evo 3d..
try it.. but dont say i didnt warn you..
im not sure its a fuse, its more of a reset?
also, i dont exactly have the phone *yet* so i cant tell..
but for the 3d, its exposed.. 2 holes in the back under the cover, next to the camera..
http://unlimited.io/juopunutbear-public-beta-0-1/instructions/evo-3d-cdma-shooter/
or you can find a schematic of the phone itself..
if you dont mind me asking, whats the reason for the lack of devs?
this is an excellent phone..
is it the extreme security?
iphone got a jailbreak too :/

ok, this is a QUALCOMM solution, not for our tegra3 based platform

Dexter_nlb said:
ok, this is a QUALCOMM solution, not for our tegra3 based platform
Click to expand...
Click to collapse
how did one x get the kernels running?
**edit.. nvm.. htcdev.. forgot..

Hope you guys can pass by all that anoyeingsecurity. Would like to buy that phone but without real controll over the hardware aand custom rom community i would seariously reconsider buying it...

Dexter, the One X solution is for Tegra3 devices. The QUALCOMM-Device is called HTC One XL. So if the chipset is nearly the same, there must be a solution? If I could code anything, I would. But I cannot

Hilmy said:
Hope you guys can pass by all that anoyeingsecurity. Would like to buy that phone but without real controll over the hardware aand custom rom community i would seariously reconsider buying it...
Click to expand...
Click to collapse
Instead of trying to bypass, people should be asking LG for an unlock mechanism. I've been talking to them about this for over half a year, and today they still feel there is no demand for it (unlock tools)
Show of hands: How many people here have actually e-mailed LG asking for an unlock procedure, for this or any other of the current locked generation?

aremcee said:
Instead of trying to bypass, people should be asking LG for an unlock mechanism. I've been talking to them about this for over half a year, and today they still feel there is no demand for it (unlock tools)
Show of hands: How many people here have actually e-mailed LG asking for an unlock procedure, for this or any other of the current locked generation?
Click to expand...
Click to collapse
do you have the mail address we can use? then we can engage a mailrobot to send them 10000s of mails regarding the unlocker, and maybe they will follow asus and motorola/google on this one.

Dexter_nlb said:
do you have the mail address we can use? then we can engage a mailrobot to send them 10000s of mails regarding the unlocker, and maybe they will follow asus and motorola/google on this one.
Click to expand...
Click to collapse
I'd rather not forewarn them by asking for a contact for this
My personal opinion: a mailrobot would be a bad idea, they'd just filter it out. Actual users, with actual devices (serial numbers in the message and all that) would carry much more weight than just generic "gimme". From experience... petitions don't work, either, unless they hit visible news outlets;
My suggestion would be to hit a support contact, consistently (instead of dispersing the message to random contacts); most companies will escalate any issue given enough occurrences of it. On the other hand, I can't find contacts besides the country-specific ones at http://www.lg.com/global/supports/service-sites.jsp ...

Related

Rooting ?

Soooo folks , my Baby has arrived yesterday and now i have following Question:
Anyone know how to root this shard? Same as Hero? .... I don´t think so...
Thx for Answers
how did u get it so fast. where did u buy it from?
I think rooting the Legend would be like for the Nexus One, because it's the first 2.1 OS to be rooted, anyway why would you root it if no dev made a ROM yet?
We will have certainly modded ROMs with fully working Live Wallpapers but give them a little time
BicolXpress said:
how did u get it so fast. where did u buy it from?
Click to expand...
Click to collapse
Buyed it yesterday from here: http://obchod.sunnysoft.cz/zbozi/041ZHT-158/htc-legend.html but thats in Prague CZ ....
vegetaleb said:
I think rooting the Legend would be like for the Nexus One, because it's the first 2.1 OS to be rooted, anyway why would you root it if no dev made a ROM yet?
Click to expand...
Click to collapse
I dont need a custom ROM yet.. But i need root access for Market Enabler , i have some Apps that i buyed with HERO and in CZ i see only Free Apps .... lol
@michalst .. quite expensive . I bought the phone yesterday for 390,-Eur (2x phones, me a and my wife).. agem (dot) sk
but anyway. my question is, if I am in Germany with the fone, can I use amrket for buying application, or not? Many thanks for info (my first android)
jafemaster said:
@michalst .. quite expensive . I bought the phone yesterday for 390,-Eur (2x phones, me a and my wife).. agem (dot) sk
but anyway. my question is, if I am in Germany with the fone, can I use amrket for buying application, or not? Many thanks for info (my first android)
Click to expand...
Click to collapse
Depends allways from your Provider, when is your Provider West-EU u can use Market without restriction....
If the Legend is not Rooted we can't install APK games and apps?
It's exciting to see the Legend finally released. But I'm waiting for the Desire
About the apps. I'm sure we can install any apk files on the Legend. As for the paid apps bought on the Hero, you can get the apk file from your Hero using Root Explorer. I have purchased one application and the apk file is located in /system/sd/app-private folder.
The problem here is that if the developer relases an update to the market you won't be able to update your app!!!
So I found my Apps in Hero in /data/app so i can install them to Legend... thats important for first time and later when Rooted then i will use Market...
Bootloader mode, may be helpful for anyone ....
Does Anyone has a solution for rootingthe phone and activate then Market Enabler... Here in Belgium we have the same problem...
is it possible to root it without reinstalling a new rom ?
thx
Yes, i mean it will be possible , we need to wait a bit ... i´m in contact with one dev that working already on the solution ...
Stupid question, but what does rooting does? Is it like gaining full admin rights? Also what is the market activation thing people talk about?
sjaak1234 said:
Stupid question, but what does rooting does? Is it like gaining full admin rights? Also what is the market activation thing people talk about?
Click to expand...
Click to collapse
Rooting gives you access to functions that're normally shielded from the end-user. Yes, this means you can do more, but you should also be aware of the risks. First and foremost tampering with the software in the device will always void your warranty. Moreover if your machine somehow has vulnerabilities, and they're exploited, they'll not only have regular access but they'll have full admin access to your phone. It happened to the iPhone, which resulted in ransomware being installed on some iPhones (hacked ones where the terminal password wasn't changed by the owner upon rooting it). So it'll give you plenty of extra's, but do read up on what you're doing.
MarketEnabler is an app which allows you to set different regions for the market. Then you'll be able to download apps which might not be available in your region (developers can control in which regions they want to sell their apps, and some regions don't have paid apps yet).
I'm not worried about warranty. Besides you can always flash a official rom back right?
Checked up some more on rooting and it doesnt seem too usefull yet? Removing default apps you dont use and move the cache to SD card seems to be the most usefull at the moment. And maybe running apps from SD though that doesnt seem fail safe and google is working on that anyway right?
Sorry for the questions. I get plenty of experience with WiMo but this will be the first time I get a android phone so its kinda like having to learn things all over again
On WiMo its sooo each Just flash and find you .cab's and your good to go. About that, does android actually have some decent copy protection? or is it like wimo where you only need a .cab or the iPhone that also runs whatever you want after jailbreak?
When i look in the settings menu there's also an option accesibility only its shield of.
Does a root give me acces to this option?
I'm currently thinking of getting a Vodafone-branded Legend since it's much cheaper here in my region.
How are the chances of getting rid of the branding (it's software-only, just 2 links on the home screen and a boot animation) and to upload the original rom image to the phone? I want to have the latest updates on the phone when they're released by HTC...
Your going to need a hacked SPL to be able to change the boot image... and as this phone has just been released I'm guessing your chances are very slim at this point in time..
What i mean is to replace the complete ROM with the stock ROM from HTC.
What i've heard is that future updates will probably be released later for the branded phones, so i just want to have updates for the ROM as early as possible.
Most probably it's too early to make any assumptions here.
sjaak1234 said:
I'm not worried about warranty. Besides you can always flash a official rom back right?
Checked up some more on rooting and it doesnt seem too usefull yet? Removing default apps you dont use and move the cache to SD card seems to be the most usefull at the moment. And maybe running apps from SD though that doesnt seem fail safe and google is working on that anyway right?
Sorry for the questions. I get plenty of experience with WiMo but this will be the first time I get a android phone so its kinda like having to learn things all over again
On WiMo its sooo each Just flash and find you .cab's and your good to go. About that, does android actually have some decent copy protection? or is it like wimo where you only need a .cab or the iPhone that also runs whatever you want after jailbreak?
Click to expand...
Click to collapse
Well, for the Legend there aren't too much options yet, but for the Hero there's a ****storm of custom ROM's, from leaked 2.1 ROMs to AOSP (Android Open Source Project) vanilla Android builds ( means without HTC's modifications). So for me (not a developer), it's a matter of waiting 'til the device gets rooted and some custom ROMs start popping up. 'Til then: no, rooting won't do you much good .

A few questions before I root.

I did my research but I'm still unsure of a few things.
Once you root your device there is no going back if there is a problem with your phone and need to send it back HTC will know or can you completely go back to 100% unroot/stock like you could with the HTC Magic? Is this true?
I don't plan on installing a custom ROM I just want to use some root programs such as WiFi teather. Will I still get OTA updates from Google?
Wow every single question you just asked has been asked so many times its not even funny..
There really REALLY needs to be a Rooting 101 thread to inform people properly of what rooting does and is, and what are the benefits. Searching just isn't happening it seems..
I'm still searching the forums for definitive answers to my questions and I'm not finding them.
Eclair~ said:
Wow every single question you just asked has been asked so many times its not even funny..
There really REALLY needs to be a Rooting 101 thread to inform people properly of what rooting does and is, and what are the benefits. Searching just isn't happening it seems..
Click to expand...
Click to collapse
broken89 said:
I'm still searching the forums for definitive answers to my questions and I'm not finding them.
Click to expand...
Click to collapse
@ Eclair-I have a feeling people don't see the page2 button at the bottom....
@ Broken89- Search back a few pages.....answer is NO.....N1 un-locking is final.....There is no going back *YET*!!!!
- You will not get OTA updates unless you install the stock ROM and the default recovery (or so I heard, don't know about the recover part) though many ROMs include OTA features before they are released. Like himem (using all the available RAM), trackball colors, and gif image support.
- Once you unlock your bootloader (which you have to do to root) you cannot at this time re-lock it on our N1's. Notice I said 'at this time'. It seems HTC is still covering hardware defects such as dust and touch screen calibration issues for SOME people, while others are being charged or refused. You can unroot, but you cannot relock your unlocked bootloader.
- WiFi tethering I believe may still require custom ROMs.
martin0285 said:
@ Eclair-I have a feeling people don't see the page2 button at the bottom....
@ Broken89- Search back a few pages.....answer is NO.....N1 un-locking is final.....There is no going back *YET*!!!!
Click to expand...
Click to collapse
I went far beyond page 10 in both QA and General. I don't know if I just overlooked what I was looking for or what.
Eclair~ said:
- You will not get OTA updates unless you install the stock ROM and the default recovery (or so I heard, don't know about the recover part) though many ROMs include OTA features before they are released. Like himem (using all the available RAM), trackball colors, and gif image support.
- Once you unlock your bootloader (which you have to do to root) you cannot at this time re-lock it on our N1's. Notice I said 'at this time'. It seems HTC is still covering hardware defects such as dust and touch screen calibration issues for SOME people, while others are being charged or refused. You can unroot, but you cannot relock your unlocked bootloader.
- WiFi tethering I believe may still require custom ROMs.
Click to expand...
Click to collapse
Meh you were right apparently the stock kerenel dosent support it. If I update the Kerenl will I still get OTA Updates from google? and would there be any harm from doing so?
Thanks for the help guys.

Full NAND Unlock

Does anyone know if this will also work on the DInc?
http://forum.xda-developers.com/showthread.php?p=6800690
supagene said:
Does anyone know if this will also work on the DInc?
http://forum.xda-developers.com/showthread.php?p=6800690
Click to expand...
Click to collapse
not a chance unless/until we get an engineering build for the incredible (they tend to be hard to come by sometimes)
NAND has already been unlocked through a patched hboot on the Incredible, we're just waiting for a possible release.
Is this what you are referring to?
"Team unrEVOked is proud to announce that we and @AndroidBruce have the first HTC Incredible with a patched bootloader." - 6:00 PM Jul 16th via web
http://twitter.com/unrevoked
supagene said:
Is this what you are referring to?
"Team unrEVOked is proud to announce that we and @AndroidBruce have the first HTC Incredible with a patched bootloader." - 6:00 PM Jul 16th via web
http://twitter.com/unrevoked
Click to expand...
Click to collapse
Yup. Of course, that doesn't mean they're going to release soon, or maybe not at all, since there's a very real risk of bricking when you're ****ing with hboot.
Noob question here. I tried to search for the answer but couldn't find one.
Why would I want to do this when it seems to me that all of the options are available when I root the phone with Unrevoked3? Is there something more we gain with this full nand unlock?
Some applications try to write to /system for example AdFree so they can modify the hosts file. Currently none of the applications can actually write on the DInc because we only have write permissions when in recovery mode only. Once NAND is fully unlocked, we'll have all the applications running as expected.
supagene said:
Some applications try to write to /system for example AdFree so they can modify the hosts file. Currently none of the applications can actually write on the DInc because we only have write permissions when in recovery mode only. Once NAND is fully unlocked, we'll have all the applications running as expected.
Click to expand...
Click to collapse
I'd love to be able to use metamorph so I don't have to update themes so much... pushing apks with the phone booted really helps me to develop themes as well. Nand unlocked is something I miss about my old android phones....
heavensblade23 said:
Yup. Of course, that doesn't mean they're going to release soon, or maybe not at all, since there's a very real risk of bricking when you're ****ing with hboot.
Click to expand...
Click to collapse
Why would they announce and never release? If the were able to make an easy root app, I hope they can release something for the nand unlock. I wonder how long it will take them to release...
Sent from my ADR6300 using XDA App
supagene said:
Why would they announce and never release? If the were able to make an easy root app, I hope they can release something for the nand unlock. I wonder how long it will take them to release...
Sent from my ADR6300 using XDA App
Click to expand...
Click to collapse
They say they don't want to release the vulnerability they exploit for the NAND flash unlock because they don't want to to go away (get "fixed" by htc).
You can read about it at their wiki if you go to their site, select the Incredible, and select "More Info?"
ok too much misinformation seems to be getting linked together. so just this once ill comment.
we do have a few completely nand unlocked devices now. we have some more experimentation to go with hboot before it will be worthy of release, ie the fastboot commands. patching it is a slower process as you are correct, its easy to brick. we will be planning a release but do not presently have a timeframe. one problem is while with recovery a error would be corrected by trying again, hboot will brick. so if we do release its going to be a slightly technical process requiring more thought and knowledge so that you have the best chance of success.
aotothemax said:
They say they don't want to release the vulnerability they exploit for the NAND flash unlock because they don't want to to go away (get "fixed" by htc).
You can read about it at their wiki if you go to their site, select the Incredible, and select "More Info?"
Click to expand...
Click to collapse
The vulnerability has already been shown... i have a copy of the zip saved on my PC and can unlock my nand at will.. You go into hboot and type in some commands and then reboot and upon reboot into android your NAND is unlocked and you can do anything you want including write to /system while in actual android... then upon rebooting your phone a second time your nand relocks by default...
The reason i know this works is that i did the nand unlock and AdFree was able to successfully install a new hosts file on my phone with no problems.. and that program needs specific /system write access while in android itself... also i can remove files in my /system folder while in android using root explorer on the phone itself, without have to do adb at all
what unrevoked is trying to do now is make it permanent where it stays unlocked after a reboot.. but for now its pretty simple, all i have to do is not turn off my phone and my nand will stay unlocked
Shadowmite and Joe92T, thanks for clearing things up for everyone. I hope nobody goes looking for that zip and bricks their device before unrEVOked's release.
mahkee said:
Shadowmite and Joe92T, thanks for clearing things up for everyone. I hope nobody goes looking for that zip and bricks their device before unrEVOked's release.
Click to expand...
Click to collapse
The whole thread it was located in has been deleted because it was a leaked file and not an official release,the only people that have it are unrevoked and the people lucky enough to download the attachment before the mods found out
I'm glad it's being worked on. Once it works running true linux on the phone will be possible as would dual booting the phone.
Oh, I didn't know that. Thanks for clearing that up!
Sent from my ADR6300 using XDA App
sorry. Edited for your protection
The Dinc is my first android phone (from blackberries), but from what I can tell, HTC seems to not be as anal about exploits found as some other Android phone makers. I like that.
Does a full NAND unlock allow deleting system apps that were previously not able to be uninstalled with the device on ?
Yes that's what it means,
Sent from my HTC Incredible using Tapatalk

Google Nexus 5 Bootloader

Note: This is not asking how to unlock. Please do not tell me how to unlock it.
This thread is for discussing the Nexus 5's bootloader.
Current available bootloader versions:
hhz11d
hhz11k
Looking to work out the exact differences in these.
On a side-note, Is anyone aware of a way to accurately/successfully decompile the Nexus 5's bootloader in order to look into these?
DanseMacabreD2 said:
Is anyone aware of a way to accurately/successfully decompile the Nexus 5's bootloader?
Note: This is not asking how to unlock. Please do not tell me how to unlock it.
Click to expand...
Click to collapse
i wont tell you to unlock your bootloader, or explain how to. but i will tell you that questions go into the q&a section, not general. people dont look to answer question here, but they do look into q&a.
simms22 said:
i wont tell you to unlock your bootloader, or explain how to. but i will tell you that questions go into the q&a section, not general. people dont look to answer question here, but they do look into q&a.
Click to expand...
Click to collapse
This isn't really a Question thread. It's a discussion thread on the Nexus 5's Bootloader, which does unfortunately start with a question :/
"Is anyone aware of a way to accurately/successfully decompile the Nexus 5's bootloader?"
is 100% a question, and the only real subject in your post. "EDIT: This is also for discussing the Nexus 5's bootloader." isnt really a way to start a discussion about bootloaders.
I haven't seen it done but I'm pretty sure it might be possible? Just a guess.
Sent from my Nexus 5 using xda app-developers app
simms22 said:
"Is anyone aware of a way to accurately/successfully decompile the Nexus 5's bootloader?"
is 100% a question, and the only real subject in your post. "EDIT: This is also for discussing the Nexus 5's bootloader." isnt really a way to start a discussion about bootloaders.
Click to expand...
Click to collapse
Yeah, Took your feedback and applied it; note the better OP. How else would you start a discussion on bootloaders without mucking about in them, eh?
This thread is to discuss the bootloader on the Nexus 5; It's constraints, it's features and it's modifiability.
the possibility to decompile the bootloader is there, but one of extreme difficulty. i have never seen it done on any android device since the very beginning of android. the bootloader is there to provide the phone security, and because of that it isnt made to be easy to do. it is nearly impossible, nearly because it was developed by humans, and humans make mistakes. will someone from xda be able to do it? most likely not.
simms22 said:
the possibility to decompile the bootloader is there, but one of extreme difficulty. i have never seen it done on any android device since the very beginning of android. the bootloader is there to provide the phone security, and because of that it isnt made to be easy to do. it is nearly impossible, nearly because it was developed by humans, and humans make mistakes. will someone from xda be able to do it? most likely not.
Click to expand...
Click to collapse
On the one hand, I'd actually say that the bootloader is not there to provide the phone security. Quite the contrary, in fact. Most bootloaders allow overflashing of the current stored data with the stock/factory data. This is a security flaw, in my eyes.
On the other hand regarding your 'developed by humans' comment: "Anything made by human can be torn down by human" - Source unknown.
The bootloader is a simple program of 2.44 mb of ARMv7 bytecode, hardly 'nearly impossible'.
In the long run, I'd like to see a boot-loader/Recovery pairing that does provide the security.
simms22 said:
the possibility to decompile the bootloader is there, but one of extreme difficulty. i have never seen it done on any android device since the very beginning of android. the bootloader is there to provide the phone security, and because of that it isnt made to be easy to do. it is nearly impossible, nearly because it was developed by humans, and humans make mistakes. will someone from xda be able to do it? most likely not.
Click to expand...
Click to collapse
The Optimus 3D
Sent from my Nexus 5 using xda app-developers app
JunDavis said:
The Optimus 3D
Sent from my Nexus 5 using xda app-developers app
Click to expand...
Click to collapse
Do you have some more details on this? A cursory google is contaminated with 'plshow2unlock'
DanseMacabreD2 said:
Do you have some more details on this? A cursory google is contaminated with 'plshow2unlock'
Click to expand...
Click to collapse
I think the RSA keys were leaked for that device which allowed for for custom u-boot images.
Edit: http://forum.xda-developers.com/showthread.php?t=1971014
Yep
Sent from my Nexus 5 using xda app-developers app
JunDavis said:
I think the RSA keys were leaked for that device which allowed for for custom u-boot images.
Edit: http://forum.xda-developers.com/showthread.php?t=1971014
Yep
Sent from my Nexus 5 using xda app-developers app
Click to expand...
Click to collapse
Thanks for this, looks interesting!
Found some more resources regarding the boot.img file, so going to go digging.
DanseMacabreD2 said:
Thanks for this, looks interesting!
Found some more resources regarding the boot.img file, so going to go digging.
Click to expand...
Click to collapse
Boot.img is the kernel/ramdisk not the bootloader.
As for the bootloader It CAN be decompiled, but is pretty pointless as we have fast boot and access fully.
The reason to decompile was for things like LG which it has been disabled/blocked from access and the only way to access it is to decompile the bootloader and find a exploitable flaw to unlock it like how the nexus is.
If for any reason you still wanna try you need to know c language and know hex and hashes.
IDA Pro + hex + C language is your friend.
loonycgb2 said:
Boot.img is the kernel/ramdisk not the bootloader.
As for the bootloader It CAN be decompiled, but is pretty pointless as we have fast boot and access fully.
The reason to decompile was for things like LG which it has been disabled/blocked from access and the only way to access it is to decompile the bootloader and find a exploitable flaw to unlock it like how the nexus is.
If for any reason you still wanna try you need to know c language and know hex and hashes.
IDA Pro + hex + C language is your friend.
Click to expand...
Click to collapse
I know all this.
I would like to lock the bootloader and Recovery in a root-friendly way, and it seems like the bootloader is the place to start.
What I meant by 'resources' was links to the required tools. Nosying inside them now.
DanseMacabreD2 said:
I know all this.
I would like to lock the bootloader and Recovery in a root-friendly way, and it seems like the bootloader is the place to start.
What I meant by 'resources' was links to the required tools. Nosying inside them now.
Click to expand...
Click to collapse
What do you mean by "Lock bootloader and recovery in Root Friendly way" ??
vin4yak said:
What do you mean by "Lock bootloader and recovery in Root Friendly way" ??
Click to expand...
Click to collapse
Such that the bootloader will always boot to the (secured, with tracking applications) Android instance underlying it if someone attempts to enter fastboot/recovery mode without authorisation from the owner of the device.
Additional idea could be to lock out control to the power switch if a 'stolen' flag is set.
DanseMacabreD2 said:
Such that the bootloader will always boot to the (secured, with tracking applications) Android instance underlying it if someone attempts to enter fastboot/recovery mode without authorisation from the owner of the device.
Additional idea could be to lock out control to the power switch if a 'stolen' flag is set.
Click to expand...
Click to collapse
So to say you want to make a replica of the samsung knox but even more secure to the point of making the device useless if needed.
For this you would decompile the bootloader edit the source Code then create a working img since you do not have the keys... Then you have what you want
loonycgb2 said:
So to say you want to make a replica of the samsung knox but even more secure to the point of making the device useless if needed.
For this you would decompile the bootloader edit the source Code then create a working img since you do not have the keys... Then you have what you want
Click to expand...
Click to collapse
On the contrary, the device will still be unlockable by an authorised user/owner, therefore the device is useless to a thief for example, but when recovered it can be re-activated.
DanseMacabreD2 said:
On the contrary, the device will still be unlockable by an authorised user/owner.
Click to expand...
Click to collapse
Download mode has full read & write access to the bootloader which would make your idea useless again.
Samsung created a key system which download mode was custom made to check the key in the bootloader to see if the bootloader could be written or not.
Without this type of system any user could replace the bootloader back with the original..
Even then further down the line you still would have a useless system since the hardware is completely open which samsung has changed in a way to make changing the bootloader impossible.
Jtaging the device would defeat your idea.
Im not trying to kill your idea but i am showing you the reason why its just not worth it.
Basically to get the perfect system the jtag,bootloader,download mode would all have to be modified then a 2nd operation like multirom would need to be made to secure it the exact way you want it as android os is in user mode and not boot mode like recovery is.
loonycgb2 said:
Download mode has full read & write access to the bootloader which would make your idea useless again.
Samsung created a key system which download mode was custom made to check the key in the bootloader to see if the bootloader could be written or not.
Without this type of system any user could replace the bootloader back with the original..
Even then further down the line you still would have a useless system since the hardware is completely open which samsung has changed in a way to make changing the bootloader impossible.
Jtaging the device would defeat your idea.
Im not trying to kill your idea but i am showing you the reason why its just not worth it.
Basically to get the perfect system the jtag,bootloader,download mode would all have to be modified then a 2nd operation like multirom would need to be made to secure it the exact way you want it as android os is in user mode and not boot mode like recovery is.
Click to expand...
Click to collapse
The aim isn't to 100% secure the device, but to buy the time required to locate and recover the device. The idea would be to trick a device thief that the device will be an easy one that they can simply use fastboot/recovery to de-protect.
What would be a nice possible solution would be for the bootloader to boot android as normal allowing location/recovery processes to work, but preventing a false fastboot screen.
It's not about 100% security, but about a better chance of recovery.

Delete all files and re-partition all?

If you ever had loaded into recovery in temporary TWRP you'll note that even after formating /data/ and doing an advance wipe (selecting everything), then enter the file manager there is still a bunch of folders and some files throughout your device.
Is there a way to wipe out everything and start completely 100% fresh?
DO NOT DO THIS --- OR --- DO but do not cry about it
I have an answer to my question and it is as I suspected. The short and more official answer is, no. The longer answer is, yes, technically. -- But you should not try it unless you are 100% sure you can live without your phone (forever).
As it turns out no one had a full 100% flash for the whole device and its complete file system structure (except for Motorola). But as it turns out without a manufacturing cable it would be useless anyway. This is because part of your phone is protected and cannot be wiped clean and flashed so blindly... ie... Unlike your desktop computer. But if you're like me you have noticed some orphan files (a few logs).
Is it worth taking the risk just to clear some orphan files? Probably not. But since you do not have a manufacturing cable and technically, your phone can recover, what you can do is the following.
Do NOT use the TWRP installed on your phone. Rather use it in memory
Code:
sudo fastboot boot twrp-3.3.1-0-payton.img
Load TWRP and format DATA
Reboot, go to advance wipe, wipe everything.
Reboot to TWRP (again)
In TWRP via the terminal type in
HTML:
rm -r -f *
You will see a lot of things that cannot be deleted. This is because you do not have permission to do so. What little is removed will likely be restored after reboot from the master rom hidden somewhere on your phone which cannot be played with unless you have a manufacturing cable (so I am told). ---- If you have such a cable --- DO NOT DO THIS. --- If you suspect you have such a cable --- Do NOT do this. -- I did this with just my normal charging cable.
After you have run the command which will take forever. Tell TWRP to reboot to bootloader. You will now have a BLACK screen. This is where I panicked. I waited a while and long pressed down the power button (presumably turning off my device). Then I pressed down the power button and the lower volume button. -- Keep holding the buttons. -- It will take longer than you like but your phone will boot up. And low and behold everything that was in the master rom (chip?) has been restored and you will now see the bootloader screen (finally). Load TWRP and install your ROM of choice.
How many times have I done this successfully? 2x
Does this mean this is dependable? Unlikely
Do I recommend this? No.
Should you depend on this? No.
Are you taking a large gable? YES
Can this brick your device? YES, more than likely.
Should you do this if you have any doubts? NO.
Will you get any help if this goes wrong? NO.
So why did I do it? As I look to possibly upgrade my phone in the future I feel a little more daring and can afford to do so. lol
you say "yes, technically", but I have yet to see someone get back to a fully operational stock. The best they can do is get to a mostly operational custom ROM. I (and a bunch of other folks here) would love to be proven wrong.
KrisM22 said:
you say "yes, technically", but I have yet to see someone get back to a fully operational stock. The best they can do is get to a mostly operational custom ROM. I (and a bunch of other folks here) would love to be proven wrong.
Click to expand...
Click to collapse
After performing this I installed only the official firmware. No additional ROM or GSI. The firmware itself includes the stock software.
A word of caution. --- I did this on 3 phones now. 2 work just fine. But 1 does not. The one that does not reports my IMEI as 0. This means it boots, it loads, it will play games and apps and update via Google Play Store, but it will never make a single phone call ever again. --- Food for thought.
Thanks. That got me thinking - I wonder if you took the one with no IMEI and plugged it to Moto's Smart Assistant, would it recognize it? Would it allow you to force flash it?
KrisM22 said:
Thanks. That got me thinking - I wonder if you took the one with no IMEI and plugged it to Moto's Smart Assistant, would it recognize it? Would it allow you to force flash it?
Click to expand...
Click to collapse
The world will never know. lol --- I'm a Linux user and their app doesn't seem to like Wine. I suppose I could set up a virtual machine with Windows and hope to connect through that. But I was once informed you really cannot do that via a virtual machine. Unless I was misinformed?! In any case, flashing the phone is not a problem. I can wipe it and reinstall any ROM or GSI at the moment. Or I can repeat my process too back to stock under a full wipe. The results appear to be the same.
I already have ordered a cheap Moto G7 from Google as a replacement. My current plan will be to find a very light (small), bare-bones ROM / GSI and install it onto this Moto X4. From there I'll load it up with games and such and let the kids play with it. Figure since it cannot make or receive calls anymore (or text messages either) it will make for a fun little toy.
MotoX4 said:
The world will never know. lol --- I'm a Linux user and their app doesn't seem to like Wine. I suppose I could set up a virtual machine with Windows and hope to connect through that. But I was once informed you really cannot do that via a virtual machine. Unless I was misinformed?! In any case, flashing the phone is not a problem. I can wipe it and reinstall any ROM or GSI at the moment. Or I can repeat my process too back to stock under a full wipe. The results appear to be the same.
I already have ordered a cheap Moto G7 from Google as a replacement. My current plan will be to find a very light (small), bare-bones ROM / GSI and install it onto this Moto X4. From there I'll load it up with games and such and let the kids play with it. Figure since it cannot make or receive calls anymore (or text messages either) it will make for a fun little toy.
Click to expand...
Click to collapse
Thanks! Yeah, in the past I have been a lot on Ubuntu and stuff like this is not forgiving for wine.
It's a darn shame that we can't just send these phones to Moto with $25 and get it fixed. Oh well!
KrisM22 said:
Thanks. That got me thinking - I wonder if you took the one with no IMEI and plugged it to Moto's Smart Assistant, would it recognize it? Would it allow you to force flash it?
Click to expand...
Click to collapse
Moto smart assistant can`t recognize the phone in rescue mode..
St.Noigel said:
Moto smart assistant can`t recognize the phone in rescue mode..
Click to expand...
Click to collapse
I know it can't on yours, and most folks with this prob. I was wondering about MotoX4's case. But thanks for trying it!
I had high hopes for that smart assistant when I discovered it, but no joy. When we lost RSDlite, we lost a lot - unless they upgrade it...
KrisM22 said:
I know it can't on yours, and most folks with this prob. I was wondering about MotoX4's case. But thanks for trying it!
I had high hopes for that smart assistant when I discovered it, but no joy. When we lost RSDlite, we lost a lot - unless they upgrade it...
Click to expand...
Click to collapse
RSDlite? Lost? Is this what you seek? https://rsdlitetool.com/
MotoX4 said:
RSDlite? Lost? Is this what you seek? https://rsdlitetool.com/
Click to expand...
Click to collapse
6.2.4 won't recognize a Moto X4 after it is upgraded to Pie.
I used RSDLite since the times of the P2K and MAGX (Linux)... but since it's easier to use fastboot commands...
I have a stock X4 Android One around, if I want to flash Pixel Experience, can I go back to stock in the future?
joel_sinbad said:
...snip...
I have a stock X4 Android One around, if I want to flash Pixel Experience, can I go back to stock in the future?
Click to expand...
Click to collapse
In all probability, NO.
Then I'm gonna stay on Stock Rom, so... If I want to flash custom Roms, there's not way back...
joel_sinbad said:
Then I'm gonna stay on Stock Rom, so... If I want to flash custom Roms, there's not way back...
Click to expand...
Click to collapse
If you read a lot on this forum, that's the message I see.
I agree, NO going back. You can, I have... flash any factory Pie rom . All will flash fine and no IMEI, wifi. Radios are gone. I use Google Fi and cell data services go wierd on custom roms, if you want carrier switching.
This makes me think that the Moto X4 is more dangerous than the back then Atrix 4G with their Tegra 2 chipset...
joel_sinbad said:
This makes me think that the Moto X4 is more dangerous than the back then Atrix 4G with their Tegra 2 chipset...
Click to expand...
Click to collapse
I don't recall thinking that the Moto Atrix 4g was at all dangerous when I had one - a rather nice phone imho, though that was a very long time ago. I don't think of the Moto X4 as "dangerous" - it is simply that there is not a correct understanding of the Pie file structure by the custom ROM devs such that their ROMs would not so change the file structure of the phone as to prevent it from being flashed back to stock.
Users need to recognize that, with this phone, you can't get back to stock if you flash any custom ROM.
afaik.
This change happened with the file structure and boot structure changes of the Pie update. Prior to that, folks could get away with all manner of mods. Devs for this phone need to approach modifications with the idea of assuring that any mod can be flashed back to stock, BEFORE it is released. That has not happened. And likely won't. User beware!
KrisM22..... Thank you for stating what I could not do as well.
kkjb said:
KrisM22..... Thank you for stating what I could not do as well.
Click to expand...
Click to collapse
we ALL do it, and CAN do it - all in hopes of saving some newbie from disaster!

Categories

Resources