Related
guys,
please read the text below and let me know what you think about it...
although people try to mask the situation by giving it good names the truth is that this is happening and something has to be done before things get worse.
some folks are using this forum to sell what they call 'their' products. they get these ROMs, they make changes to it by adding or removing software. then they publish it as if they are 'sharing' their 'work' but, strangely, they do it in a very commercial way by naming their 'work' with appealing words to get attention.
when these ROMs go published, they often take a few first posts of the thread as they have a lot of information to add..... and screenshots to publish..... and donations to 'suggest'...... and donors' names to publish.
sometimes it will happen that a few folks who are trying these home cooked ROMs with applications that are less likely to be used by most people will end up having serious problems that eventually will get fixed by the 'chef' .... on a new version.
the principle of sharing a piece of work entirely made by yourself is that it cannot be asked anything in exchange otherwise, even if slightly suggested, it's nothing but a sale and by getting copyrighted software, making changes to it, 'sharing' and suggesting donations from the testers, well.... i'm pretty sure this isn't completely nice.... and either legal.
although i never really bothered to look into these roms to see what's really inside them (even flashing them on my phones sometimes) i decided to do it earlier this week. the funny thing you see when you dump these roms. they are not being shared with other folks, they are being sold, and they should not be touched.
another interesting thing is that if you look into the other subforums carefully you'll see that the same chefs often publish roms for more than one handset which gets me thinking two things: 1) do they really have all these handsets they publish ROMs for? 2) if so, are these roms really tested before they go online?
i don't want to be seen as a troublemaker cause it seems that these folks have made a living out of this cooked rom thing and they appear to have gotten themselves a pretty nice bunch of fans too. however, what i want with this thread is to raise a debate and the reason is that i really like this forum and i'm concerned about something that is happening and i completely disagree.
So what is your main concern?
That the chefs would like to have donations?
Or that someone takes a pile of code and alters it not according to the original programmer?
abe
big people talk about idea..
small people talk about other people..
You have a point with "selling someone else's code, slightly altered and selling it as your own", but I think the ROM cookers only like donations for the work they do tuning the original roms and most of the time adding functionality to the device. A lot of the "better known" chefs have gathered testers around them, so most of the bugs are gone before a release.
What exactly is the debate? Where are the facts/proof that this is occuring? you cant make such a statement without backing it up with some evidence.
I know some chefs actually put ALOT of time and effort into cooking a rom, testing it and informing the community about any errors found.
I've cooked a Rom or two myself and am working on a driver set for MSM devices. It takes ALOT of my time to do so and it's not only for my own benefit. Thank God there are people out there who help me with that. (you know who you are, if you're reading this)
I'm not saying that it's right to pass your ROMs off as your own, but I do know some chefs are better in making the devices perform alot better than HTC's programmers do. And if people want to reward them for their time and effort through donations, who am I to question that?
On the other hand, I find the "lack" of community more disturbing. Some people aren't sharing their knowledge for the common good, but for getting credited or donations. I believe that's the discussion here.
Just my 2 cents.
Well, I think that if they "invest" lot of their time (and they do), it is ok to have donation button. Nobody if forceing you to pay for rom. If you like it you can donate. Fair deal if you ask me!
SlakerBoi said:
guys,
the funny thing you see when you dump these roms. they are not being shared with other folks, they are being sold, and they should not be touched.
Click to expand...
Click to collapse
This part I don't like. I think that they shouldn't do that, because in that case, like you said, roms are in some way being sold. That is not in the spirit of xda.
I think what he may be referring to is some members that take the ROM's from a known cook and post it with screenshots in other forums and other language forums with potential to gain off someone else work. I know of 1 instance where a Link to a ROM for only a beta test ended up with more than 500 downloads when intended for less than 10. It was found posted around in different forums.
To reward someone for there hard work in customization is up to the community. I think most people know the ROM's are not the property of the cooks, but just the cooks work in rearranging, adding, deleting, and customizing. I for one can tell you the amount of donations most cooks receive is very small and in most cases would barely cover a unlimited account for downloads. I myself think of it as I'm cooking for myself and if other people like then that's ok too.
Hi
If I use HTC mobiles is because the cooked roms...
Iosu
NeoS2007 said:
On the other hand, I find the "lack" of community more disturbing. Some people aren't sharing their knowledge for the common good, but for getting credited or donations. I believe that's the discussion here.
Click to expand...
Click to collapse
For me the first thing to do in order to solve this "problem" is to prohibit any "protected" ROM. I think its not fair to take official ressources, work with tools, which can be found in this forums, and then "protect" the ROM, claiming that its your own choice.
I don't think that this is the right way to go, as other (new) cookers could learn a lot from these ROMs.
But, I don't think that this is the "problem" that SlakerBoi is talking about, is it?
As these discussions tend to come and go every now and then ...
Indeed it costs a huge amount of time in the first place. And a lot of users appreciate the work all cooks are doing overhere. Besides the cooking giving people advise. I can tell you that most cooks share their knowledge. Not always visible to everyone but most of them have contact and help each other. Furthermore, is offering your rom for dumping without any guidance the best way to share?
Everyone that asks for a package, help or guidance in any way is supported in the cooking thread. Some did publish a very nice rom after some time. In my opinion it is a far better contribution then offering an open rom without any support.
The reason I cook my own roms the way I do is for speed purpose. If you have another opinion that is fine with me. But tolerate each other on having a different approach. These kind of statements in threads only give xda a bad vibe. Open your mind, when you want or need something ask for it. It's not supposed to be a tv diner anyway.
I quote you , my friend!
Well this is how it goes for a long time. I think if you don't like it, go somehwere else.
What will you get from debating??
SlakerBoi my first question for you is "have you every cooked a ROM?" i am sure your answer will be "No" because i know how much time n effords need to be put. When i cooked my first rom it took me 4 sleepless night to build a basic beta quality rom. After such a hard work someone reward you by donating. That feeling can't be said in words SlakerBoi. So please stop raising this type of question.
One more thing most of the ROM developers buy new phone with the donations they go so it's not a issue if they release rom for many devices.
Please don't continue this decisions so that this post will go to some corner.
MOD this post hurts lot of ppl feeling so please delete it.
before the flame wars starts
i am going to close this....as these questions will cause fighting.
if you have a problem with someone...contact them....don't post like this
you know this is only going to end in fighting.
thread closed.
As a chef, and a moderator (chef came first), I'll add my thoughts.
I started into cooking when AT&T released their official WM6.1 ROM for the Kaiser. I always liked the design of AT&T ROMs, but not all of the bloat they included... most of which could not be uninstalled. I had the very "simple" goal of removing the bloat in an attempt to speed up the ROM, and increase storage space.
Once I downloaded the ROM, and extracted it using KaiserKitchen, I immediately realized that I was in over my head. I am a very good with PC and Mac computers in the professional/personal world, but I had never looked at the contents of a decompiled WM ROM. There are hundreds of folders, 10,000+ files, and no real explanation of what you're looking at... that is where XDA-Developers came in.
Within 1 week of public release, I was ready with a ROM that could be considered "extreme beta". It worked, and it was fast, but it had quite a few glitches that could not have been discovered without a public release, and a few dozen people testing the ROM. One thing in the background, that is never seen, is the number of hours spent just flashing our phones (I am NOT counting the cooking process) with numerous revisions testing all the bugs/issues reported. My Tilt was flashed no less then 1000 times in it's life, and my Fuze has been through over 500 so far.
I consider myself to be a pretty good ROM chef. But I also know that I am far from the best, and that most of my knowledge came from the very large XDA-Developers community. Some ROM chefs do not share information about the inner workings of their ROM in the ROM thread itself, but a simple email/PM will usually get you the information you seek. Look at it this way: If someone uses a ROM as released, and has no desire to modify it, then why should the thread be clogged with hundreds of questions/answers relating to how this was done, or how that was done.
My ROMs are "protected" using RaphaelKitchen, but it wasn't always this way. It has been shown that merging the RGU/DSM files into one large file speeds up the ROM because you now have several hundred less files sitting on the device. In addition, I also release my kitchen, in it's complete form, when I release a new ROM version. People are free to download the kitchen, extract it to their computer, and fully customize my ROMs. I know this is a popular route, because my Fuze and Touch Pro kitchens have been downloaded over 100 times since v4.7 of my ROM came out last month.
On to donations... I have a donation link in my signature for people who wish to appreciate the amount of work/hours poured into creating custom WM ROMs. Just as my signature says, I never require monetary compensation, but I also accept whatever people give, because it allows me to improve my work. For example, I purchased WinCE CAB Creator with some of my donations, so that I could create CAB files of items removed from the ROM. I also maintain a Rapidshare Premium account so that I never have to delete any file uploaded to XDA. Another form of donation I received was web hosting on a fast server that provided an alternative to Rapidshare.
I've said all of this before, but it's been awhile, and I cannot find the post. In closing, I don't see anything wrong with the items you pointed out. We've had issues in the past with members who used donations as a way to obtain a piece of software (ROM or otherwise), and as soon as it was brought to our attention, it was dealt with.
Let me know what you guys think???
A place for rookies and anvance hackers - testing ROMS and stuff!
VerizonTBolt
www.verizontbolt.webuda.com
Nicw thanks
Sent from my ADR6400L using XDA
frankzua77 said:
Let me know what you guys think???
A place for rookies and anvance hackers - testing ROMS and stuff!
VerizonTBolt
www.verizontbolt.webuda.com
Click to expand...
Click to collapse
Don't take this the wrong way, but creating a website for the Thunderbolt right now is like showing up late to a party with a 12 pack of Bud Light. Everyone will be happy you came, but you didn't bring anything that wasn't already there. Now, if you show up with a bottle of Single Barrel Jack Daniel's, you will be the shiznit at the party. So, if you can, please try to bring something different to your website. With that said, I'll be sure to keep checking on your site, it's always nice to have more people at the party.
COMING SOON!!!!!!!
Sent from my ADR6400L using XDA
!
Thanks for the input guys!
TheBeardedMann said:
Don't take this the wrong way, but creating a website for the Thunderbolt right now is like showing up late to a party with a 12 pack of Bud Light. Everyone will be happy you came, but you didn't bring anything that wasn't already there. Now, if you show up with a bottle of Single Barrel Jack Daniel's, you will be the shiznit at the party. So, if you can, please try to bring something different to your website. With that said, I'll be sure to keep checking on your site, it's always nice to have more people at the party.
Click to expand...
Click to collapse
To be honest, I love this idea. It's kind of hard to find updated roms and mods for any phone, not to mention the Thunderbolt. BeardedMan... Why is making a website like this, which will (hopefully) be a good hub for Thunderbolt mods and roms, getting "late to the party?" Is there another website out there like this, besides the android forms or Rom Manager? If there is, I'd like to know.
frankzua77, I would like to say thank you. If this website becomes what I think it will, it will make modding the Thunderbolt so much easier. If you need any help, just let me know.
I think the problem beardedman is referencing is the fact that there are a lot of android websites/forums already (even thunderbolt specific) and that there are a lot of much newer phones getting the attention. I have yet to not find anything I'm looking for without a 10 second search on Google. And the Thunderbolt is real close to being yesterday's superphone, if it's not already.
Plus, the problem with any of these sites is someone has to maintain it...which means sifting through posts, updating daily, etc. Unless it's a wiki that anyone can update, it's the same reason that the stickies all get outdated. Heck, it's the same reason I've started threads on many forums for many topics trying to compile information and eventually given up.
Now that I've rained on the parade and come off as a prick, I do applaud the effort...even if it doesn't stay updated or become the hub you imagine, at least you have an idea and a passion and are trying to do something about it. Don't lose that. And who knows...maybe it's just what the community needs
http://www.droidforums.net/forum/htc-thunderbolt-forum/
http://forum.xda-developers.com/forumdisplay.php?f=940
http://www.teambamf.net/index.php/forum/15-htc-thunderbolt/
http://themikmik.com/forumdisplay.php?1004-HTC-Thunderbolt-ROM-Development
http://androidforums.com/htc-thunderbolt/
I have a "Thunderbolt" folder in my Bookmarks (just like I used to with my Incredible) that I have the five links in. I can open all the links and catch up with all the newest Thunderbolt news, for the most part. And the Thunderbolt is old news actually, just being honest.
TUDrewser understood what I meant, I wasn't being rude. ThunderNet, trying checking the above sites, I bet you'll find answers to whatever questions you have.
ThunderNet said:
To be honest, I love this idea. It's kind of hard to find updated roms and mods for any phone, not to mention the Thunderbolt. BeardedMan... Why is making a website like this, which will (hopefully) be a good hub for Thunderbolt mods and roms, getting "late to the party?" Is there another website out there like this, besides the android forms or Rom Manager? If there is, I'd like to know.
frankzua77, I would like to say thank you. If this website becomes what I think it will, it will make modding the Thunderbolt so much easier. If you need any help, just let me know.
Click to expand...
Click to collapse
Please see my sig..
Users can submit a MOD, Downlad mods or whatever right from the web.
Still a WIP, but just needs attention.
Not knocking this idea at all, but should really consider opening it up to a wiki format and not center only on the thunderbolt.
!
I really appreciate everyone that makes their point, I am currently working on the page. One of my goals is to have videos that can show you a ROM even before you consider downloading it. I know we are focusing on the tbolt, who knows maybe later on this expands to having other phones and stuff...
I need your help on deciding on a domain name! Right now im using a free domain service but I would like to purchase a domain, any ideas???
Also please click on the ads on the bottom as this is how the site will be funded for right now.
www.verizontbolt.webuda.com
Interesting
Sent from my ADR6400L using XDA
CyboLabs is Proud to present
Open Bump!
What is Open Bump?
Open Bump is a recreation of the closed source Bump project run by Codefire.
It will allow you to "sign" your boot images in the same way that Codefire does it, only you don't need an internet connection.
Click to expand...
Click to collapse
What Open Bump is NOT
lets get the obvious out the way. It won't axe murder you.
It is not a direct reverse engineer of Codefire's implementation. I found the key and iv on my own
The magic bytes were taken from Codefire's method however. If anyone has insight has to how they were found, please shout up.
It does NOT take your private data so you can use it. Tin hatters feel free to double check
Click to expand...
Click to collapse
How did I find this out
I had a general idea of what to look for, having heard that the exploit is related uicc, and is signed with a cipher.
Dropping the aboot image in to Ghex led me to finding a reference to "uiccsecurity". Using the bytes around this, I found a repeat of 32 bytes, which was followed by 16 bytes which formed something that resembled "SecureWallpaper".
As you can probably guess, this was mainly trail and error backed by common sense and logical thinking.
you can programmatically find these values with the python script:
Python:
aboot_name = './aboot.img'
aboot = open(aboot_name, 'rb').read()
key_end = aboot.index('uicc')
key_start = key_end - 32
key = aboot[key_start:key_end]
sec_key_start = aboot.index(key, key_end)
iv_start = sec_key_start + 32
iv_end = iv_start + 16
iv = aboot[iv_start:iv_end]
deciphering some already generated "signatures" proved that these were the key and iv used for "signing" the images.
Click to expand...
Click to collapse
What is coming next?
Inspecting the signatures that were originally uploaded and the ones that people can generate now, I found only one pattern.
The only similarities were the first 16 bytes of each "signature". I believe that only the magic number is needed, and none of the garbage that follows. This has been confirmed by the LG G3 dev from CyanogenMod, Invisiblek Done
Click to expand...
Click to collapse
How to use it?
I don't know how well this will run on anything other than linux, so for now.. I won't talk about it.
First, ensure you are using python2
then run the script
Code:
python2 open_bump.py "/path/to/boot.img"
flash the output, and enjoy
Click to expand...
Click to collapse
Thanks to:
Obviously, this wouldn't have been possible without Codefire since I wouldn't have known where to look, or that it was exploitable. And it was them that found the magic key.
Big thank you to @pulser_g2, who offered invaluable input on cryptography
Big thank you to @invisiblek, who I mercilessly kanged the main part of the image padding script from
note:
The original part of finding this information out was done on my own with guidance from pulser. The final results of this are posted above.
XDA:DevDB Information
Open_Bump, Tool/Utility for the LG G2
Contributors
cybojenix
Source Code: https://github.com/CyboLabs/Open_Bump
Version Information
Status: Beta
Created 2014-11-23
Last Updated 2014-11-23
Thanks, thats great news to have an open source tool here!
Do you see any chance that this could be integrated into CWM/TWRP so that the recovery rom could bump the boot/recovery images before flashing?
Because the boot/recovery.img has to be extracted from the ROM-zip before flashing, bumping it here would make sure that the phone can boot the image even with the newer bootloader.
This would be great for rom-devs since they don't have to change anything and it would even bump roms that are not maintained anymore.
g4rb4g3 said:
Thanks, thats great news to have an open source tool here!
Do you see any chance that this could be integrated into CWM/TWRP so that the recovery rom could bump the boot/recovery images before flashing?
Because the boot/recovery.img has to be extracted from the ROM-zip before flashing, bumping it here would make sure that the phone can boot the image even with the newer bootloader.
This would be great for rom-devs since they don't have to change anything and it would even bump roms that are not maintained anymore.
Click to expand...
Click to collapse
simple answer, this can be added to the build step really easily. See this commit
edit:
of course it may be useful to make a c program to do this.... I shall think on it.
Propably stupid question but i ll give a shot. Since we have the magic key we cant just skip the bump stuff totally? As i can understand, i dont wait official developer team join the bump train, thats why the damn development of the device is really back while the hardware is more than capable.
**To the OP i wish i could give you a thousand likes sir!
After getting the bootloader may be open G3؟؟
Why not use the original Bump?
Quote:
Codefire has been extremely vague about their method, obviously to prevent someone else replicating their results.
They are also storing people's data unnecessarily, and even adding some information relating to the user in to the "signature", possibly for tracking purposes.
As a result of it being an external service, many reputable teams (which won't be named unless they want to be) have said they will not use it, and would rather wait till LG releases the official unlock method.
Finally, Codefire have said the sha1sum of the boot image is required. Whether they knew or not, it is NOT required, and I will be changing this tool to compensate for that.
Click to expand...
Click to collapse
Happy you found a new exploit for us builders and devs, just feel like you kinda disrespected codefire team by accusing them of things before actually talking to them, seems a bit counter productive, this may piss them off and next device you can kiss new exploits by them good-bye,
just my 2 cents on the matter,
i'd remove the line...
in any case thank you very much, i will add it to my build script
---------- Post added at 08:34 PM ---------- Previous post was at 08:29 PM ----------
nikosblade said:
Propably stupid question but i ll give a shot. Since we have the magic key we cant just skip the bump stuff totally? As i can understand, i dont wait official developer team join the bump train, thats why the damn development of the device is really back while the hardware is more than capable.
**To the OP i wish i could give you a thousand likes sir!
Click to expand...
Click to collapse
"Bump stuff" has nothing to do with users, the devs and builders do the "bumping", and development of the G series has nothing to do with bumping, it just takes time to bring everything up
Good job cybojenix. (moderator edit: watch your language please)
Way to ruin a good thing.
I'm done with Android now. You can do it all now - since you obviously know better than me and everyone else.
I don't appreciate people trying to blackmail me - EnderBlue and Cybo both.
Don't believe me? http://hastebin.com/gulumezawi.txt
Good job guys. Way to ruin unlocks for all future LG phones.
If I *EVER* decide to come back, I will not be releasing anything as free or open source. You've sullied my impression of the open source community. Anything I do will be private releases from now on.
LG hadn't patched Bump, and they were going to leave it alone for us as long as we kept it as a service.
Well, looks like that's over and done with.
Bump included a hash of the image that you uploaded and a hash of your developer ID, and some random junk bytes. That's all. It's exactly what we said it was doing.
Well, hey, now you're free to take over and write roots and unlocks for all LG phones since you obviously have the talent to do so.
Let's be honest though, without my team's hard work that you stole, you wouldn't have been able to do any of this.
But you knew that, you're just a bottom feeder.
I don't get angry often at all- but congrats! You've succeeded in making me mad! Achievement unlocked!
I'm done. Your turn.
EDIT: Also, you know you can't open source your project either considering it contains 'stolen' LG crypto keys. https://github.com/CyboLabs/Open_Bump/issues/1
Have fun with that one.
thecubed said:
Good job cybojenix. (moderator edit: watch your language please)
Way to ruin a good thing.
I'm done with Android now. You can do it all now - since you obviously know better than me and everyone else.
I don't appreciate people trying to blackmail me - EnderBlue and Cybo both.
Don't believe me? http://hastebin.com/gulumezawi.txt
Good job guys. Way to ruin unlocks for all future LG phones.
If I *EVER* decide to come back, I will not be releasing anything as free or open source. You've sullied my impression of the open source community. Anything I do will be private releases from now on.
LG hadn't patched Bump, and they were going to leave it alone for us as long as we kept it as a service.
Well, looks like that's over and done with.
Bump included a hash of the image that you uploaded and a hash of your developer ID, and some random junk bytes. That's all. It's exactly what we said it was doing.
Well, hey, now you're free to take over and write roots and unlocks for all LG phones since you obviously have the talent to do so.
Let's be honest though, without my team's hard work that you stole, you wouldn't have been able to do any of this.
But you knew that, you're just a bottom feeder.
I don't get angry often at all- but congrats! You've succeeded in making me mad! Achievement unlocked!
I'm done. Your turn.
EDIT: Also, you know you can't open source your project either considering it contains 'stolen' LG crypto keys. https://github.com/CyboLabs/Open_Bump/issues/1
Have fun with that one.
Click to expand...
Click to collapse
First off, I didn't black mail. I gave your team notice about open sourcing it after reverse engineering the LG bootloader, not your "signatures".
It's your choice if you want to leave Android. Pinning the blame on me is somewhat childish though.
LG not patching Bump? That's a ludicrous statement, and even if it's true, it's good that this script got released. That way they know it should be patched, since having it a service clearly makes all the difference to them.
The hardest part of your teams work was getting the keys. If you know where to look, then it's easy enough to get engineering builds which I suspect contain the master magic bytes which you released.
I'm honestly shocked at your reaction though. I gave your team all the credit and stated which parts I did myself. The part about the service, and the deception was justified.
You tried to obscure something which by logic can't be obscured. That's how so many people realised they can just append the bytes to the image.
So which one would you rather have, LG not patching the exploit (as you so claim), and having an unknown number of people in china running around flashing custom boot images, or have everyone know how to do it to force LG to recheck their security measures.
What I did may not have been fantastic for the community, but what you did was insanely dangerous for the 90% of LG users.
All you did was make it so LG locks down the bootloader. And really 90% of users??? There probably isn't even 3 percent of the LG base on this website. All you did was screw everybody else over so you could have YOUR OFFICIAL CM.
As well people saying you didn't do enough and are still using there signing key as well as attacking it as well.
Way to think about yourself. You didn't care about the 90% or you wouldn't have done this.
I personally hope LG locks down the bootloader now. Go the way Samsung did and put an efuse on it and prevent downgrading. Hopefully all this happens with lollipop so you can screw over the rest of the LG crowd.
cybojenix said:
it's good that this script got released. That way they know it should be patched, since having it a service clearly makes all the difference to them.
Click to expand...
Click to collapse
"Hey let's potentially close all future LG unlocks and thus the chance to use CyanogenMod on future LG devices then. Just so I can get the current CM builds to say 'Official' and get a big pat on the back from the CM dudes who probably don't care about me too much."
Is that what went through your mind? That instant gratification and ignorance really shows who you are because that's exactly what I see from this OP of yours. Enjoy your 15 minutes of fame. You probably just killed a chance for years of it.
savoca said:
"Hey let's potentially close all future LG unlocks and thus the chance to use CyanogenMod on future LG devices then. Just so I can get the current CM builds to say 'Official' and get a big pat on the back from the CM dudes who probably don't care about me too much."
Is that what went through your mind? That instant gratification and ignorance really shows who you are because that's exactly what I see from this OP of yours. Enjoy your 15 minutes of fame. You probably just killed a chance for years of it.
Click to expand...
Click to collapse
Yes, because I've been such a massive supporter of cm. (sarcasm in case you didn't realise).
I started reverse engineering the bootloader for research purposes. If it was more complex than what I have said above, then I probably wouldn't have done this thread.
If it weren't for the fact that the magic stays the same across all signatures, then I also wouldn't have done this thread.
The response I got from them when I contacted them before releasing this was pretty much one of lack of care. So I went ahead and posted it.
I couldn't care less about fame. In fact there isn't really a lot I do care about, but I won't have the community alienated in to thinking the codefire service was such a great thing.
And once again, I refuse to take the blame for their team leaving Android.
whoppe862005 said:
All you did was make it so LG locks down the bootloader. And really 90% of users??? There probably isn't even 3 percent of the LG base on this website. All you did was screw everybody else over so you could have YOUR OFFICIAL CM.
As well people saying you didn't do enough and are still using there signing key as well as attacking it as well.
Way to think about yourself. You didn't care about the 90% or you wouldn't have done this.
I personally hope LG locks down the bootloader now. Go the way Samsung did and put an efuse on it and prevent downgrading. Hopefully all this happens with lollipop so you can screw over the rest of the LG crowd.
Click to expand...
Click to collapse
See my other post, I don't care about cm.
Fair enough, 3% are here, so this benefits the security of 97% of lg uses, if the claim that lg was alright with it running s a service is true.
Either way, I did nothing wrong
cybojenix said:
I couldn't care less about fame. In fact there isn't really a lot I do care about, but I won't have the community alienated in to thinking the codefire service was such a great thing.
Click to expand...
Click to collapse
So you only care about ruining good things, and other people's work?
Lol sorry I think I'm done with you. By cybo
savoca said:
So you only care about ruining good things, and other people's work?
Lol sorry I think I'm done with you. By cybo
Click to expand...
Click to collapse
Tbh I thought it would have been clear by now what I care about. Then again I may have been wrong about considering you one of the smart android people.
I care about learning and sharing knowledge. Which is precisely what this thread did.
cybojenix said:
See my other post, I don't care about cm.
Fair enough, 3% are here, so this benefits the security of 97% of lg uses, if the claim that lg was alright with it running s a service is true.
Either way, I did nothing wrong
Click to expand...
Click to collapse
I saw your PM to autoprime in IRC, it was "I am going to post what I found or you do, either way its going there", it wasn't lack of care, it was that you just stated a fact and left, it was a very rude unthoughtful thing to do, also don't try to BS everyone with your research, you and about 100 other people found the "magic keys", the problem is those "magic keys" were placed there by team codefire, you didn't find them, you found that they were using the key and copied their work, anything else you say is a lie, at least the other 99 people who found this had the basic respect to not post it unless the original team allowed it.
There was no reason to post this, their site was working fine, and if you used the API there was no problem of tracking since it just uses a UID to identify to the server.
at least admit you were wrong and say you are sorry, they won't fix anything but will gain you a minimum amount of respect
sooti said:
I saw your PM to autoprime in IRC, it was "I am going to post what I found or you do, either way its going there", it wasn't lack of care, it was that you just stated a fact and left, it was a very rude unthoughtful thing to do, also don't try to BS everyone with your research, you and about 100 other people found the "magic keys", the problem is those "magic keys" were placed there by team codefire, you didn't find them, you found that they were using the key and copied their work, anything else you say is a lie, at least the other 99 people who found this had the basic respect to not post it unless the original team allowed it.
There was no reason to post this, their site was working fine, and if you used the API there was no problem of tracking since it just uses a UID to identify to the server.
at least admit you were wrong and say you are sorry, they won't fix anything but will gain you a minimum amount of respect
Click to expand...
Click to collapse
Wrong, I stated that I was going to open source it, meaning the work of put in to getting the key and how it's used to get the original magic.
It was after that that I realised the final magic is the only thing needed. I actually worked out how to get the magic key a few hours ago, but since I don't have the right images, it won't be globally usable.
Fair enough, I apologise for pointing out the flaws in codefires service, and that they took it badly.
cybojenix said:
See my other post, I don't care about cm.
Fair enough, 3% are here, so this benefits the security of 97% of lg uses, if the claim that lg was alright with it running s a service is true.
Either way, I did nothing wrong
Click to expand...
Click to collapse
OK. If you did nothing wrong please do explain this
Enderblue-"well, would you be willing to open source it so we can have a official cm support?"
IoMonster-"so it would make storm already worse then what it is now? *paraphrasing for language
IoMonster-"no"
Seems like be said he didn't want it open source but you still went ahead any way.
http://hastebin.com/gulumezawi.txt
And then you saying your going to push it for vs985 even after he said no.
I don't know who Enderblue is, and I'm not affiliated with him..
whoppe862005 said:
OK. If you did nothing wrong please do explain this
Enderblue-"well, would you be willing to open source it so we can have a official cm support?"
IoMonster-"so it would make storm already worse then what it is now? *paraphrasing for language
IoMonster-"no"
Seems like be said he didn't want it open source but you still went ahead any way.
http://hastebin.com/gulumezawi.txt
And then you saying your going to push it for vs985 even after he said no.
Click to expand...
Click to collapse
cybojenix said:
I don't know who Enderblue is, and I'm not affiliated with him..
Click to expand...
Click to collapse
It isn't like it matters if you are or not. It says right in the chat he doesn't want it open sourced. I'm sure about 99% of the people on here have seen that already and I'm pretty sure you have seen it as well.
It states right in the chat he didn't want it open sourced.
whoppe862005 said:
It isn't like it matters if you are or not. It says right in the chat he doesn't want it open sourced. I'm sure about 99% of the people on here have seen that already and I'm pretty sure you have seen it as well.
It states right in the chat he didn't want it open sourced.
Click to expand...
Click to collapse
but the chat wasn't with me, so your point is null
autoprime had ample opportunity to say "don't do it yet", or "go talk to IO". but no, no objections were made.
Codefire treated the service like any other company would treat their unlocking service, so I treated them like a company and showed how it was done.
Before I start saying anything and before anyone starts ranting or fighting or whatever I want to make one thing crispy clear: I don't want, under any circumstances, to fight or argue in any way with other developers, contributors, users, whatsoever nor do I want to claim anything as correct. I am anytime ready to accept it if I am proven wrong for anything. Show me a proof against what I said and I will accept it. I'm not claiming anything to be right what I'm saying, but as long as it is not proven wrong I'm assuming it is right. Of course some statements base on assumptions and guesses, hence there is no reason for ranting about something particular I said that I am not entirely sure of. I just want to get this out because it has been sitting inside of me for a while and this is the only way I can get it out without offending or insulting anyone.
A statement from my side regarding TWRP and ROMs for the OP5:
I have seen many device trees so far, and the "official" TWRP as well and I'm pretty disappointed to see people not wanting to work together. Of course there are exceptions, for example I have been working together with @benschhold and @gtpitch on TWRP as well as on ROMs and it has been a pretty good experience so far. But I have also seen @Dees_Troy releasing his own TWRP. I tried to contact him and whoever is behind TWRP earlier to get a working TWRP up and running and official. No response. At least I haven't seen anything. I am anytime ready to work together and build working stuff, but I'm not ready to see something that is exactly the same as I did (his TWRP literally has the same, if not more, issues than mine, as far as user reports have told us) and releases it as an official product which should have been tested and does not even fix the issues we have so far.
I know mine is unofficial and I have stated nowhere that this would be official but if you check the sources used for my recovery as well as take the user reports into consideration you will notice that none of the issues we currently have on the now latest recovery image, that is version 72, have been fixed in either mine or his recovery. I would have liked to work together with developers to build a stable, fully working custom recovery with as many parts of it totally free and open-sourced for anyone to inspect. Regarding authorship, I'm anytime ready to correct authors in case they are wrong. What I am not ready for is seeing others taking my work and putting it under their own authorship so that nobody will know about what I did and instead honor the non-existent work of others misleadingly causing the community to think I would have stolen the work from others.
As I already said, I am open to any corrections regarding this.
Another aspect is the custom ROM section. While it's all good and fine to see ROMs coming out for the OP5, none of these are actually stable and fully tested. They might have been flashed and booted up and roughly checked for functionality but not actually tested for quality (not claiming anything here). I really can see a race between ROMs, maybe even a war, everyone perhaps even stealing the work of each other and claiming to be first but of course saying it's super highly experimental and whatsoever.
Why is this happening? I know I have very low reputation for saying anything in this matter, even though I am lead developer and co-founder of a ROM. I don't want to claim that anyone stole my work, and I don't want to be showing examples as they might not even be right because some things can really be done by anyone without seeing what others did. But still, everyone is racing against each other, except for a few ROMs, and trying to say hey yo we brought this rom out for jellyburger super fast and we are the best... blablabla, whatsoever, make sure to decrypt, make sure not to do this not to do that, note this doesn't work.... I guess y'all get the point.
Why do people work against each other and not together? Just trying to be the best, the first, whatsoever? I mean it's cool when you are first and best but it's not cool pretending to be so and in reality just having taken a WIP tree from whatever github profile you just went on and saying your ROM is the first, while in reality you actually don't have any idea about what you are doing. Guys, really.... I appreciate when people do in fact help bringing up custom roms for the OP5, I admit that I also take advantage of that for building my own rom, but I also try to improve it, contribute to it, to make sure others have access to my work and using it without changing authorship. Of course many developers e. g. copy whole directories into their device tree instead of getting the whole commit history in, and, to some extent, that is more or less acceptable, because there is no really convenient way of doing so, but at least, when picking individual commits, do keep authorship. Thanks for your understanding and I hope this community does not become corrupted.
I'm open for a peaceful discussion in this thread, let's get it started!
Cheeseburger developers and testers who can provide logs shall join https://t.me/joinchat/AAAAAEN_kkG6_WJe8IlG2Q
nadejo said:
Cheeseburger developers and testers who can provide logs shall join https://t.me/joinchat/AAAAAEN_kkG6_WJe8IlG2Q
Click to expand...
Click to collapse
Is not a bad beginning, but there actually is a dev group, so in case anyone wants to work together with each other, let me know. (Developers only)
Sad but true how many ROMs for the op5 have there source in the op?
Surely it's better for all of us to work collectively towards building a better base
Sent from my ONEPLUS A5000 using XDA-Developers Legacy app
a g bell said:
Sad but true how many ROMs for the op5 have there source in the op?
Surely it's better for all of us to work collectively towards building a better base
Sent from my ONEPLUS A5000 using XDA-Developers Legacy app
Click to expand...
Click to collapse
Trees don't have to be equal but everyone should share contributions and help each other.
xdvs23 said:
Trees don't have to be equal but everyone should share contributions and help each other.
Click to expand...
Click to collapse
The general issue here is we all work opensource even if they are official teamwin they could just copycated your changes(im not saying this just assuming), dont want to insult anyone here but thats how it goes opensource projects are open and you cant change this, on the other hand they could actually start working on it legitely even if your recorvery is pretty stable(i would say 99%) they started it before but were able to get it to same point but later. As for now we need more developers in kernel section but i see you doing a good job keep it up my dude. :good:
MasterDomino said:
The general issue here is we all work opensource even if they are official teamwin they could just copycated your changes(im not saying this just assuming), dont want to insult anyone here but thats how it goes opensource projects are open and you cant change this, on the other hand they could actually start working on it legitely even if your recorvery is pretty stable(i would say 99%) they started it before but were able to get it to same point but later. As for now we need more developers in kernel section but i see you doing a good job keep it up my dude. :good:
Click to expand...
Click to collapse
The point is that it seems to be that they don't even care about their users. Don't quote me on that, as it might be wrong, but it seems to be that they simply just want to look down on other developers and be the big guys.
While I try to provide good support as much as possible, and release all my changes mostly individually, he simply gave it out once and every now and then might eventually look at the last 5 posts and maybe answer. I mean... I know he probably has alot of work to do but still. Released something officially without even checking for bugs. They say they make sure they provide quality but I can't see the quality there.
And for the other thing you mentioned... Most of the things they have in their tree really seem to be something that has been around for a longer time, but not actually made by themselves and just committed recently:
I don't really know why everyone tells to.keep authorship and maintaining a commit history and what not but end up simply copy and pasting the whole tree and commit that at once. Whatever. If this doesn't stop soon, I will start thinking about whether it is really worth doing this because from my point of view this is just looking down on me and releasing something that does not even work quite as well just to keep me away. I know I might be wrong anytime but this is what it feels like.
xdvs23 said:
The point is that it seems to be that they don't even care about their users. Don't quote me on that, as it might be wrong, but it seems to be that they simply just want to look down on other developers and be the big guys.
While I try to provide good support as much as possible, and release all my changes mostly individually, he simply gave it out once and every now and then might eventually look at the last 5 posts and maybe answer. I mean... I know he probably has alot of work to do but still. Released something officially without even checking for bugs. They say they make sure they provide quality but I can't see the quality there.
And for the other thing you mentioned... Most of the things they have in their tree really seem to be something that has been around for a longer time, but not actually made by themselves and just committed recently:
I don't really know why everyone tells to.keep authorship and maintaining a commit history and what not but end up simply copy and pasting the whole tree and commit that at once. Whatever. If this doesn't stop soon, I will start thinking about whether it is really worth doing this because from my point of view this is just looking down on me and releasing something that does not even work quite as well just to keep me away. I know I might be wrong anytime but this is what it feels like.
Click to expand...
Click to collapse
The next thing here is we shouldn't really assume anything cuz it might be making us look stupid, i would generally say to not care about what they do and i can say that most phones i had, used twrp from users there was no official ones and even if there was it wasn't functioning like other.
Right now how i see it is they opened a thread and called it official(i don't remember if they called it stable) and most users like official stuff so this generally looks funny from your pov, from mine too as i am self called open source developer and i know general ideas behind being open.
The only issue here i can see is that he doesn't respond to you soo it looks bad i really wouldn't assume anything cuz it can piss off a few ppl that's what i want to generally tell you to kindof watch out on the community around this because it already looks weird. If you want you can pm me with your telegram nickname and ill add you to a group where we work on a kernel fixing a small gelatinous issue some(me included) have. Would be for best if he answered to your pms soo you can have a talk and for now it looks like "stolen" work but at the same time we shouldn't assume stuff, for now i don't really know what to say on this whole matter it really looks quite weird and i don't like it too.
MasterDomino said:
The next thing here is we shouldn't really assume anything cuz it might be making us look stupid, i would generally say to not care about what they do and i can say that most phones i had, used twrp from users there was no official ones and even if there was it wasn't functioning like other.
Right now how i see it is they opened a thread and called it official(i don't remember if they called it stable) and most users like official stuff so this generally looks funny from your pov, from mine too as i am self called open source developer and i know general ideas behind being open.
The only issue here i can see is that he doesn't respond to you soo it looks bad i really wouldn't assume anything cuz it can piss off a few ppl that's what i want to generally tell you to kindof watch out on the community around this because it already looks weird. If you want you can pm me with your telegram nickname and ill add you to a group where we work on a kernel fixing a small gelatinous issue some(me included) have. Would be for best if he answered to your pms soo you can have a talk and for now it looks like "stolen" work but at the same time we shouldn't assume stuff, for now i don't really know what to say on this whole matter it really looks quite weird and i don't like it too.
Click to expand...
Click to collapse
Yeah that"s what I thought too but on the other hand, if you don't say anything, then nothing will change. Perhaps it won't change even after saying, but often it does.
You can add me to the telegram group if you want to, pm me the group link and I'll join but I can't promise to constantly be active there throughout the day.
xdvs23 said:
Yeah that"s what I thought too but on the other hand, if you don't say anything, then nothing will change. Perhaps it won't change even after saying, but often it does.
You can add me to the telegram group if you want to, pm me the group link and I'll join but I can't promise to constantly be active there throughout the day.
Click to expand...
Click to collapse
tru dat.
Hi guys and gals.
I'm here to learn how to hack my new Xiaomi Pad 5. The MIUI is awful and sometimes overrides my defaults. Although the hardware is good. I don't trust neither Xiaomi nor Google.
I'm rather a newbie to Android (before my iPhones I had Nexus 5). Recently coming from Apple devices. I decided to switch system because Apple did me wrong and I was a good customer. I don't want to emphasize here but Apples behaviour is rather disturbing.
At the moment my base is Switzerland. I'm native Italian and German speaking and I know some other languages. I'm rather old you'll say but my mind is young.
So far i learned that I've to install ADB on the Mac. Than TWRP on Pad 5. I like to research.
The greeting message in this board was appealing and gave me a good feeling. I'll look around here.
I want to install Magisk. It seems rather interesting.
Have a wonderful day y'all.
Best.
Skianto
Skianto said:
Hi guys and gals.
I'm here to learn how to hack my new Xiaomi Pad 5. The MIUI is awful and sometimes overrides my defaults. Although the hardware is good. I don't trust neither Xiaomi nor Google.
I'm rather a newbie to Android (before my iPhones I had Nexus 5). Recently coming from Apple devices. I decided to switch system because Apple did me wrong and I was a good customer. I don't want to emphasize here but Apples behaviour is rather disturbing.
At the moment my base is Switzerland. I'm native Italian and German speaking and I know some other languages. I'm rather old you'll say but my mind is young.
So far i learned that I've to install ADB on the Mac. Than TWRP on Pad 5. I like to research.
The greeting message in this board was appealing and gave me a good feeling. I'll look around here.
I want to install Magisk. It seems rather interesting.
Have a wonderful day y'all.
Best.
Skianto
Click to expand...
Click to collapse
Welcome to XDA! Enjoy the forums, and let me know if you need help with anything.
ethical_haquer said:
Welcome to XDA! Enjoy the forums, and let me know if you need help with anything.
Click to expand...
Click to collapse
Hello ethical_haquer
Thank You very much for Your kind words. I appreciate it very much.
It's the first time I'm in such a forum.
Honestly when I saw the MIUI and it's behaviour I was concerned about the privacy issues and I "panicked" a bit. I knew that Google spies on us and I was prepared. But these people from Xiaomi are even worse it seems. They make me troubles with the VPN and the private DNS. Fortunately Browsec has the feature of always on.
In order to get developer USB access and backup the device in my old MBP I needed to register with Xiaomi and you know what they gave me an id starting with triple 6. Rather weird
Here is summertime I have a lot to do and enjoy the summer biking Probably I'll start in Autumn with this project
As I found out the device could be bricked "messing" around with rooting and ROM's. I need to research more to be more sure to take the risk.
I'll surf here and see if there's a "save" way or do You know a safer way? I know only taxes and death are for sure but I would appreciate Your opinion very much in order to understand and evaluate even better.
Have a nice day.
Skianto said:
Hello ethical_haquer
Thank You very much for Your kind words. I appreciate it very much.
It's the first time I'm in such a forum.
Honestly when I saw the MIUI and it's behaviour I was concerned about the privacy issues and I "panicked" a bit. I knew that Google spies on us and I was prepared. But these people from Xiaomi are even worse it seems. They make me troubles with the VPN and the private DNS. Fortunately Browsec has the feature of always on.
In order to get developer USB access and backup the device in my old MBP I needed to register with Xiaomi and you know what they gave me an id starting with triple 6. Rather weird
Here is summertime I have a lot to do and enjoy the summer biking Probably I'll start in Autumn with this project
As I found out the device could be bricked "messing" around with rooting and ROM's. I need to research more to be more sure to take the risk.
I'll surf here and see if there's a "save" way or do You know a safer way? I know only taxes and death are for sure but I would appreciate Your opinion very much in order to understand and evaluate even better.
Have a nice day.
Click to expand...
Click to collapse
I try to avoid Google as well.
Skianto said:
In order to get developer USB access and backup the device in my old MBP I needed to register with Xiaomi and you know what they gave me an id starting with triple 6. Rather weird
Click to expand...
Click to collapse
It sure is!
What are you planning to try out on your phone? Don't be to worried about bricking it, although not uncommon it's mostly do to people not understanding what they're doing. If you just want to root it I would flash Magisk. Although honestly I wouldn't bother with rooting it before you install a custom ROM. Which will remove lots of the crap-ware and spy-ware that's built in. A custom ROM will run faster too. Once again, feel free to ask any questions!
ethical_haquer said:
I try to avoid Google as well.
It sure is!
What are you planning to try out on your phone? Don't be to worried about bricking it, although not uncommon it's mostly do to people not understanding what they're doing. If you just want to root it I would flash Magisk. Although honestly I wouldn't bother with rooting it before you install a custom ROM. Which will remove lots of the crap-ware and spy-ware that's built in. A custom ROM will run faster too. Once again, feel free to ask any questions! To say it in short. Weird things are happening with MIUI.
Click to expand...
Click to collapse
Briefly I want to get rid of MIUI and Google. Weird things happened lately.
So far many say LineageOS and Magisk, others blah.
Than appstore. Aurora or FD. I've some apps I would like to keep.
It's a tablet Xiaomi pad 5.
Than the question security..
It's really not easy to find out the best