Database Develop

[Q] Router level wifi host blocking for Kindle 2 OS/Firmware updates

Hello, my Kindle2 recently updated itself as soon as I connected to wifi the day I got it to 10.2.3 which doesn't appear to be rootable (?) currently.
I want to block access to further updates via my router since it only has wifi and will have to go through my router to get to the updates to prevent it from potentially updating to any other versions until someone figures out how to root this version of the software, or until I can find the information and get it to work.
Does anyone know exactly what addresses or whatnot I need to block on the router to prevent updates? Help greatly appreciated.

That is ridiculous. Next time you get root... just rename otacerts.zip and be done with it.

DssTrainer said:
That is ridiculous. Next time you get root... just rename otacerts.zip and be done with it.
Click to expand...
Click to collapse
I never -had- root.
It came, updated itself, and by the time I got around to looking up info on how to root it had updated itself.

PSA: The new OTA (build 12840) patches the bootloader exploit used to obtain root

Update
Since this thread seems to have become quite popular, I thought I'd update it to give people all the newest information in one place.
Since I've made this post, there has been another OTA (build 12940) that improves bootloader security even further and prevents some potential root methods which were being developed for 12840. As of now, neither build 12840, build 12940, nor build 13300 has a published root method. New units have the patched bootloader preloaded from the factory and are not rootable. If you buy a unit at this point, there is a good chance that you will get one that is patched. (EDIT 2013-10-22: People are reporting that units they have purchased from Best Buy and Amazon are still running the vulnerable build. It is unclear if this is simply old stock or if there are still vulnerable units being produced.)
As for the methods described below, they cannot be performed through a shell (i.e. telnet) since the root filesystem is formatted as squashfs, which is read-only. Instead, the root images must be manually repacked for each OTA and flashed using a USB drive with an image such as FlashCast. @ddggttff3 maintains a FlashCast mod to update Chromecasts to the latest firmware without losing root, which can be found here.
For those of you who have managed to keep your vulnerable bootloaders, keep your eyes out. There should be some very cool releases in the near future.
Original post
As can be seen in this commit to Google's Chromecast source mirror, firmware version 1.1 adds a check for the result of image verification on line 755. This check will cause GTVHacker's USB image to fail to boot, and you will not be able to obtain root. Even if another root exploit is found, it seems very unlikely that it will be as clean or simple as the one which exists now, which simply uses version 0.7's unlocked bootloader to flash a new system image.
Unfortunately, I don't have a Chromecast to test on, so I cannot recommend a method of disabling OTAs. However, from looking at the system image, there are a few possibilities I see. THE FOLLOWING METHODS ARE UNTESTED AND ARE NOT GUARANTEED TO WORK OR LEAVE YOUR CHROMECAST IN A WORKING STATE. PERFORM THEM AT YOUR OWN RISK.
After telnetting into your rooted Chromecast or otherwise obtaining a root shell, you can try these two possible methods
Rename otacerts.zip to otacerts.zip.bak in /system/etc/security/. This may remove the OTA signing keys and cause the Chromecast to reject any OTAs. However, I do not know whether this file is actually used or whether is simply a remnant from Chromecast's Android base.
Replace /chrome/update_engine with an empty, executable, shell script (make sure to make a backup copy first). I am very unsure of this method, since it is simply going off the name of the update_engine binary. If update_engine happens to perform some task core to the system, doing this will leave your device in an unusable state. If this happens, simply re-rooting using GTVHacker's USB image should restore your system to how it was.
Again, I am not responsible for any bricked Chromecasts which may result from attempting this. If you do try either method, please report whether or not it appeared to work or have any ill effects.

Any idea when they'll push the update?

xuser said:
Any idea when they'll push the update?
Click to expand...
Click to collapse
According to Google, it's rolling out now.

Thanks for this, just checked my unit, which is still on the old version. Am waiting for my cable to get here so I can root it, so glad I caught it before it updated!

Looks like the update will be automatic and my Chromecast is plugged up at home (connected to wifi). Hope it doesn't get pushed today. My powered USB OTG cable hasn't arrived yet so I can't even root it ATM.
Sent from my GT-N5110 using Xparent Green Tapatalk 2

joshw0000 said:
Looks like the update will be automatic and my Chromecast is plugged up at home (connected to wifi). Hope it doesn't get pushed today. My powered USB OTG cable hasn't arrived yet so I can't even root it ATM.
Sent from my GT-N5110 using Xparent Green Tapatalk 2
Click to expand...
Click to collapse
find out the server name/ip for the OTA update, block it on your router

paperWastage said:
find out the server name/ip for the OTA update, block it on your router
Click to expand...
Click to collapse
Here are the URLs:
Stable channel updates http://goo.gl/3yy01K
Beta channel updates http://goo.gl/53l5sA
Dev channel updates http://goo.gl/JVkHhl
Weird...when I just loaded those, the stable channel has the highest build number. Stable is at 12840 (which is the update that is rolling out now), Beta is at 12726, Dev is at 12819

paperWastage said:
find out the server name/ip for the OTA update, block it on your router
Click to expand...
Click to collapse
I wont be home until later tonight.
Sent from my GT-N5110 using Xparent Green Tapatalk 2

also, i'd assume replacing /boot/recovery.img with a custom recovery or just removing it would also prevent updates. not sure though, I also don't have a chromecast.
also, if you are feeling adventurous, try this: http://db.tt/Ja1XBNgH. if it works, you'll have the latest software, root, and no updated bootloader. if it doesn't work, you might be able to recover by using gtvhacker's image. no promises though, since I don't own a chromecast, I cant test it. Don't blame me if your chromecast quits working, explodes, kills your puppy, or hands north korea some working nukes.
@xuser your signature made me think there was an actual bug on my screen. I tried to kill it, but it ignored my attempts and kept crawling around under the glass

[removed]

Wouldn't it be possible to flash build 12072 back onto the device (since it is signed by Google), and then root it using that build? That is a fairly common practice for many devices that have exploits in early releases. Is there a copy of the image for build 12072 floating around yet?

It's possible. But it seems like more and more manufacturers are preventing downgrading. Who actually manufacturers this thing?
Sent from my SCH-I545 using Xparent Green Tapatalk 2

the chromecast seems to have a recovery mode (like android) that flashes update zips (like android). so if we found a google signed update for the original firmware that includes flashing the insecure bootloader, then downgrades are possible. but the update zips posted above include a build date check,which means you have to either modify your build.prop (requires root, which is what we are trying to accomplish) or modify the update zip (which will make it no longer google signed and valid, so it would need a custom recovery. which requires root). so, unless google lets us, downgrading is not possible.
I'm still hoping that google built in a dev-mode, like their chrome os devices.

Hmm I wonder if I were to order one now would it come with the old software or the new update?

I'm guessing that it would still be on the old build (assuming you get it shipped soon, or pick it up at Best Buy). My Chromecast sticks still haven't updated to the latest build.

joshw0000 said:
Who actually manufacturers this thing?
Sent from my SCH-I545 using Xparent Green Tapatalk 2
Click to expand...
Click to collapse
Good question.

mine updated itself today and lost root

no one tried my image yet?

I'm curious if you had your Chromecast powered off during the day today. And if so, did you see it update when you turned it on?
I have been using my Chromecast to stream music all day, and so far it hasn't updated to the latest build. I would assume as long as the Chromecast is off or in use casting then the update will not be performed.

Louer Adun said:
I'm curious if you had your Chromecast powered off during the day today. And if so, did you see it update when you turned it on?
I have been using my Chromecast to stream music all day, and so far it hasn't updated to the latest build. I would assume as long as the Chromecast is off or in use casting then the update will not be performed.
Click to expand...
Click to collapse
I've turned it off a few times but it finally updated ~30 min ago.

[Q] Any chance of rooting 13300 build?

Just wanted to confirm that I have locked the root by updating to 13300 build. Did I?
I did not even think before updating to the latest version and when i did, it was too late. Hopefully, sm1 will be able to break it. Thanks.
Mef.

mefistofel666 said:
Just wanted to confirm that I have locked the root by updating to 13300 build. Did I?
Click to expand...
Click to collapse
If it auto-updated at all (not that it gives you a choice) and you were not already using a rooted firmware like PwnedCast, then yes, you no longer have root and cannot get root by any of the current means (Flashcast).
PwnedCast has an auto-update function that updates to new versions that preserve root.
Hopefully there will be other root methods discovered after the SDK is released, but until something new pops up, you can only use the Google-supplied apps - in other words, your Chromecast is "just" a regular Chromecast.

bhiga said:
in other words, your Chromecast is "just" a regular Chromecast.
Click to expand...
Click to collapse
By "Regular Chromecast" you mean "a lemon" right?

still no luck?
still nothing on rooting 13300?

mefistofel666 said:
still nothing on rooting 13300?
Click to expand...
Click to collapse
No, and build 14651 is rolling out for stock Chromecasts. It's a moving target, unless a vulnerability is found in the SDK, but first the SDK needs to be released.

New Fire - what to do?

So I'm getting my new Fire tablet tomorrow, got it at the $35 sale...
Planning to not allow it to connect to WiFi till I can load Google Play and disable OTA using the script given here (already did it on another one and it worked great) so it doesn't get 5.1.1.
Two questions:
1. How can I tell if it's running 5.0.0 or 5.0.1 (without doing the software update check obviously...)
(also not sure how to see it once OTA is disabled, any other place it shows up?)
2. If it's on 5.0.0. can I sideload the 5.0.1 image using ADB, seems that I should be on that version to get Google Play to work OK.
Thanks

I think Amazon is shipping these new ones with 5.1.1, but if they don't, just go to the latest 5.0.1 in RootJunky's video. After that is done, just skip the part in Setup which requires you to connect to Wi-Fi, disable the OTA Apks, and connect to Wi-Fi. You should be set from there, and you can do whatever modifications you want.

Vlasp said:
I think Amazon is shipping these new ones with 5.1.1, but if they don't, just go to the latest 5.0.1 in RootJunky's video. After that is done, just skip the part in Setup which requires you to connect to Wi-Fi, disable the OTA Apks, and connect to Wi-Fi. You should be set from there, and you can do whatever modifications you want.
Click to expand...
Click to collapse
Any reports of people receiving Fire's preloaded with 5.1.1?

First things first... Don't connect to wifi and disable ota updates.. Root.. Flash cm12.1 and never look back!

@87racer would love if you could capture the 5.1.1 update for us!

tuckerwagner said:
@87racer would love if you could capture the 5.1.1 update for us!
Click to expand...
Click to collapse
thanks @tuckerwagner, looks like we @p0lt just posted one for us. downloading now, should help us discern what happens during the 5.1.1 upgrade and maybe recover our bricks.

87racer said:
thanks @tuckerwagner, looks like we @p0lt just posted one for us. downloading now, should help us discern what happens during the 5.1.1 upgrade and maybe recover our bricks.
Click to expand...
Click to collapse
SWEET! I'd help but in don't know where to even start. Good luck!

The update from 5.0.1 to 5.1.1 isn't instantaneous. The device has to download the new version before installing it. Check your version and if it starts to download 5.1.1, just turn off your wifi. It will say "Download paused." Then disable OTAs or flash one of the two ROMs.
That said, it is highlyunlikely that you would get one that is still on 5.0.0. The one I got last week was already on 5.0.1

register it first so you can contact support for a replacement if it is "defective"... for my $35 fire all you had to do was enable adb, reboot to fastboot, and continue from there. Didn't mess with the fire OS at all except for registering the device.

levytom said:
So I'm getting my new Fire tablet tomorrow, got it at the $35 sale...
Planning to not allow it to connect to WiFi till I can load Google Play and disable OTA using the script given here (already did it on another one and it worked great) so it doesn't get 5.1.1.
Two questions:
1. How can I tell if it's running 5.0.0 or 5.0.1 (without doing the software update check obviously...)
(also not sure how to see it once OTA is disabled, any other place it shows up?)
2. If it's on 5.0.0. can I sideload the 5.0.1 image using ADB, seems that I should be on that version to get Google Play to work OK.
Thanks
Click to expand...
Click to collapse
Update:
Got the Fire tablet and this is what I did if you want to try the same:
1. Turned on the device
2. Skipped configuration process when it asked me to connect to WiFi
3. Setting->Devicve options->System update confirmed I'm on 5.0.1 (yey) it can't update obviously since WiFi is not connected, so I'm safe for now
4. Use the 1-click script to install google play, remove ads (http://forum.xda-developers.com/amazon-fire/general/installing-google-framework-playstore-t3216122)
5. Disable OTA using the same script (menu option 3)
6. Reboot
7. Install Gmail (cause later there's a stage where native email app doesn't work...) and email myself the pre downloaded fire launcher (http://forum.xda-developers.com/attachment.php?attachmentid=3528797&d=1446499184) which will fix it
8. Replace launcher, using the launcher replace script (http://forum.xda-developers.com/amazon-fire/general/alternative-launcher-one-click-script-t3239966)
9. install fire launcher apk (because otherwise some stuff doesn't work) - and choose not to use it when clicking the home button
What's left?
1. Didn't root <any reason to root?>
2. Write access to SD card is reported not to work, didn't try that yet... maybe by the time I need it someone will solve it
3. Hope that OTA won't happen and disabling worked... (something is probably done right, because if you try to check for update it says that updates are disabled...) hopefully that's good enough...
4. Say thanks to sd_shadow, ChrBeck, and Awesomeslayerg for the information they provided as well as many others participating in this forum... so Thanks.

levytom said:
What's left?
1. Didn't root <any reason to root?>
2. Write access to SD card is reported not to work, didn't try that yet... maybe by the time I need it someone will solve it
3. Hope that OTA won't happen and disabling worked... (something is probably done right, because if you try to check for update it says that updates are disabled...) hopefully that's good enough...
4. Say thanks to sd_shadow, ChrBeck, and Awesomeslayerg for the information they provided as well as many others participating in this forum... so Thanks.
Click to expand...
Click to collapse
1. Personal choice, but ad blocking alone makes root essential for me.
2. Oh and the SDfix app on Play store needs root for that matter... https://play.google.com/store/apps/details?id=nextapp.sdfix
3. You can now flash the 5.1.1 update as seen in the http://forum.xda-developers.com/amazon-fire/general/howto-install-fireos-5-1-1-root-gapps-t3265594 thread so wouldn't need to worry about the current update at least.

Samsung Galaxy Note 8 (Unlocked) 11/29/2017 OTA Android update, Safe or not?

Hello.
Does anyone know the actual contents of this OTA update that was released today 11/29/17? After the horrible time Samsung and Android gave me after the Note7 fiasco I have become very untrusting of them. The first Note8 OTA update left me with little options relating to rollback and such things.
I would like to know what is exactly in this update. The page I found is vague. The information they leave for the average consumer is always vague.
If no one knows, can anyone lead me to where I can find more information about this particular update?
So that leaves me at this point. If I install this update will it limit my options as for Odin, custom firmware, etc?
So all that Samsung tells me can be found here: http://doc.samsungmobile.com/SM-N950U1/ATT/doc.html
Thank you in advance for any and all assistance. It is always appreciated.

Have not seen any issue's so far on this OTA.
Head over to sammobile dot com, to read more.
In short:
"In addition to the November security patch, the update brings improved performance in the Calendar, Gallery, Voice Recorder, and Reminder apps, a new secure Wi-Fi function, and a fix for an unexplained Samsung DeX error. The firmware version is N950FXXU1BQK6, and at upwards of 840 MB, is among the biggest OTA updates that don’t bring a major Android version upgrade that we have seen"

Safe? It will, at least temporarily, block any attempt at root. If you're running a Substratum theme, it's best to uninstall it before running the update, based on the experience of those who got the October update. Do not reinstall apps that were backed up while running the theme.

Thank you. I am going to Sammobile right now to read more about it.

douger1957 said:
Safe? It will, at least temporarily, block any attempt at root. If you're running a Substratum theme, it's best to uninstall it before running the update, based on the experience of those who got the October update. Do not reinstall apps that were backed up while running the theme.
Click to expand...
Click to collapse
Is it designed to block rooting?

Can you still do the WiFi hotspot trick. Where you try to sing into a hotspot with wrong password then turn on hotspot and quickly turn off WiFi. Can't live without that.

ConcernedCustomer said:
Is it designed to block rooting?
Click to expand...
Click to collapse
The method for rooting Snapdragon phones won't work with updated firmware.

ConcernedCustomer said:
Is it designed to block rooting?
Click to expand...
Click to collapse
Yes it blocks current SamFail method. The U2 bootloader also cannot be downgraded once installed.

sefrcoko said:
Yes it blocks current SamFail method. The U2 bootloader also cannot be downgraded once installed.
Click to expand...
Click to collapse
Thank you for explaining. I was wondering if I would be able to rollback to original stock firmware after updating.
How can I get rid of this update and block all future OTAs?
This update is just sitting somewhere in my phone waiting for me to hit that button. What do I do, boot into factory tech mode and clear the cache or something?

douger1957 said:
The method for rooting Snapdragon phones won't work with updated firmware.
Click to expand...
Click to collapse
How can I get rid of this update and block all future OTAs?
This update is just sitting somewhere in my phone waiting for me to hit that button. What do I do, boot into factory tech mode and clear the cache or something?

pospower said:
Can you still do the WiFi hotspot trick. Where you try to sing into a hotspot with wrong password then turn on hotspot and quickly turn off WiFi. Can't live without that.
Click to expand...
Click to collapse
What this about? First time I'm hearing about this. Is it like getting free internet or something? If the instructions are anywhere on this website would you be so kind as to post the link here.

ConcernedCustomer said:
Thank you for explaining. I was wondering if I would be able to rollback to original stock firmware after updating.
How can I get rid of this update and block all future OTAs?
This update is just sitting somewhere in my phone waiting for me to hit that button. What do I do, boot into factory tech mode and clear the cache or something?
Click to expand...
Click to collapse
Not 100% sure to be honest, but you can maybe try disabling security updates in settings/security menu or maybe disabling/freezing "software update" through an app like TitaniumBackup.
Check the SamFail thread for more info:
https://forum.xda-developers.com/showthread.php?p=74074361

I have the unlocked Note from Samsung on Verizon's network. Currently, tethering works straight out the box. Can anyone confirm that this update does not break this? Thanks

I probably wont update until Oreo...

BlueFox721 said:
I probably wont update until Oreo...
Click to expand...
Click to collapse
That's what I'm trying to hold out for. I have not as of yet experienced any glitches or problems of any kind so I don't see why an update is justified. Just give us Oreo!!! It should've been pre-built into the Note8.

sefrcoko said:
Not 100% sure to be honest, but you can maybe try disabling security updates in settings/security menu or maybe disabling/freezing "software update" through an app like TitaniumBackup.
Check the SamFail thread for more info:
https://forum.xda-developers.com/showthread.php?p=74074361
Click to expand...
Click to collapse
Thank you very much. I'm looking into it for more information now....

Took the update. So far so good. OpenVPN and MS RDP working fine as usual. I was a bit worried as I've read reports of updates screwing up WiFi. I've recently tried these apps on three new Samsung devices and had disconnect issues with all. Oddly, one was a dex using Ethernet - maybe this will fix that, I'll test it. Btw the other devices were a Chromebook pro and a galaxy tab a.