Related
I have an ATT S5 (SM-G900A), completely stock, unrooted, updated to the latest 5.0 OTA update. My requirements for my phone are that it be able to pass Airwatch checks and that it be able to be encrypted (Personal device used at work). Some background first:
Last time I tried to play around with rooting, other mods, and whatnot was on my ATT S3 (I think I747?) and I discovered that an unspecified combination of rooting, installing a custom loader (CWM in my case) and installing a custom mod (Cyanogenmod at the time) made my phone unable to encrypt. At the time I was not required to use Airwatch, but encryption was required for my phone to connect to work, so I gave up on the whole lot.
I have now discovered that ATT, in their infinite wisdom, has replaced the S Voice drive mode with their own "ATT Drive Mode", and it's been verified they went so far as to remove the related APKs from the phone entirely. For those unaware, S Voice Drive mode is an feature of S Voice that (when turned on) reads out all callers and text messages, and then verbally prompts you for actions; reply, answer, ignore, etc. It allows fully hands free functionality. ATT Drive Mode, on the other hand, automatically kicks in whenever speeds of 20 MPH are detected (even if you're a passenger), rejects all calls and texts excluding a user-defined 5 person list, and essentially makes your phone useless anytime you're in a car. The goal is to "reduce texting and distracted driving", but as I'm on-call as part of my job and need to at least be aware of texts that come in within 10 minutes of receipt, it actually makes my drive much more dangerous. ATT Drive mode is a good idea for teens, perhaps, but i'm not a teen.
This brings me to my question: What are my options?
--Does rooting break my ability to encrypt? I know airwatch will flag, but I'm thinking there's a possibility of being able to root, put a custom loader on my phone, and then restore stock with that custom loader, whereupon I can try to install the drive mode APK...which leads me to my next question:
--Does having a custom loader (like safestrap or CWM or whatever is in use nowadays) break my ability to encrypt?
--Does anyone know of a way to install the S Voice drive mode in the G900A? I tried searching, but the only references involved being rooted, or ended with something vague like "download a stock rom and find the apk using root explorer" as the solution (which is vague to me because I don't know which stock rom to use, what apk to look for, and last time I used root explorer on my s3, it needed root...)
Honestly, the ideal solution would be something like the stock rom from the international version that would run on my ATT version...but I don't know if such a thing exists or is possible. I don't mind Samsung's cruft, but I do dislike ATT's lobotomizing of my phone to push their own little product that treats me like a kid. I know that I am less safe as a driver without the S Voice drive mode than I was with it.
I take it I have no options? And that no one knows how rooting affects encryption?
Sent from my SAMSUNG-SM-G900A using XDA Free mobile app
sheaiden said:
I take it I have no options? And that no one knows how rooting affects encryption?
Sent from my SAMSUNG-SM-G900A using XDA Free mobile app
Click to expand...
Click to collapse
I will make it easy for you. Since you took the 5.0 OTA update rooting is not possible anymore. Also there is no way to downgrade to KitKat which was rootable. Sorry. Not much you can do until someone finds a way to root 5.0. If you find the S Voice Drive app, you can side load it and see if it works.
Waiting4MyAndroid said:
I will make it easy for you. Since you took the 5.0 OTA update rooting is not possible anymore. Also there is no way to downgrade to KitKat which was rootable. Sorry. Not much you can do until someone finds a way to root 5.0. If you find the S Voice Drive app, you can side load it and see if it works.
Click to expand...
Click to collapse
Actually, while I greatly appreciate the fact that you took the time to reply (seriously! at least you took the time!), this is neither easy nor related to the questions I asked. If you look at my post, I'm not asking "how can I root", I'm asking three rather different questions:
--Does rooting break my ability to encrypt? I know airwatch will flag, but I'm thinking there's a possibility of being able to root, put a custom loader on my phone, and then restore stock with that custom loader, whereupon I can try to install the drive mode APK...which leads me to my next question:
--Does having a custom loader (like safestrap or CWM or whatever is in use nowadays) break my ability to encrypt?
--Does anyone know of a way to install the S Voice drive mode in the G900A? I tried searching, but the only references involved being rooted, or ended with something vague like "download a stock rom and find the apk using root explorer" as the solution (which is vague to me because I don't know which stock rom to use, what apk to look for, and last time I used root explorer on my s3, it needed root...)
In fact, I am unable to remain rooted (Airwatch; it's part of the post title), and the whole point and thrust of my question lies in the fact that I am looking to find out what affects encryption and what options I have as far as getting S Voice Drive mode on my phone while staying Airwatch compliant (not rooted). In addition, "if you can find the s voice drive app" is part of the problem too, as evidenced by the third question I asked above; I don't know where to find said app.
Does anyone know anything regarding what I was actually asking?
Everything that you want to do requires ROOT! Safstrap needs root, CWM will brick you phone since the bootloader is locked. Again, there is no way as of now to root the S5 with 5.0 att OTA.
Here is the link to download the GS4 S Voice app. You can try and side load it,
https://www.dropbox.com/s/oe7i2g81iuhjv38/S-Voice_Android_phone_J.apk?dl=0
Waiting4MyAndroid said:
Everything that you want to do requires ROOT! Safstrap needs root, CWM will brick you phone since the bootloader is locked. Again, there is no way as of now to root the S5 with 5.0 att OTA.
Here is the link to download the GS4 S Voice app. You can try and side load it,
Click to expand...
Click to collapse
Awesome, I'll start with that sideloading, and test it out. Thanks! As far as the rest, I suppose that does clarify some things (that I admittedly already knew), so I do appreciate it, but it still does leave the answers to the other questions. I can infer, of course, that the answer to whether having a custom bootloader on the Galaxy S5 breaks encryption will be dependent on whether root breaks the encryption, since as you pointed out custom bootloaders need root to install, but the fantasy I entertained for a little while was rooting when there's a method (hope springs eternal, so I'm hoping it will eventually be possible), installing a custom bootloader so I can do things like backups and sideload, getting the proper apk's installed for the drive app, and then unrooting it so I can connect it via airwatch to my work's network. Perhaps I should have marked this as a solidly theoretical question, since as you said, there currently exists no root. I just want to know, with the unique way that Samsung implemented Knox and the encryption on the S5, what will break encryption and what won't?
Of course, there is a side question brought up by all this...how possible is it to load another firmware on my phone? as in, use Odin to put the tmobile image on my phone. That is likely a bad example, since I'm fairly certain there are actual hardware differences between the ATT and the tmobile models, but the concept still stands. At what level are the hardware configurations different between phone companies?
sheaiden said:
Awesome, I'll start with that sideloading, and test it out. Thanks! As far as the rest, I suppose that does clarify some things (that I admittedly already knew), so I do appreciate it, but it still does leave the answers to the other questions. I can infer, of course, that the answer to whether having a custom bootloader on the Galaxy S5 breaks encryption will be dependent on whether root breaks the encryption, since as you pointed out custom bootloaders need root to install, but the fantasy I entertained for a little while was rooting when there's a method (hope springs eternal, so I'm hoping it will eventually be possible), installing a custom bootloader so I can do things like backups and sideload, getting the proper apk's installed for the drive app, and then unrooting it so I can connect it via airwatch to my work's network. Perhaps I should have marked this as a solidly theoretical question, since as you said, there currently exists no root. I just want to know, with the unique way that Samsung implemented Knox and the encryption on the S5, what will break encryption and what won't?
Of course, there is a side question brought up by all this...how possible is it to load another firmware on my phone? as in, use Odin to put the tmobile image on my phone. That is likely a bad example, since I'm fairly certain there are actual hardware differences between the ATT and the tmobile models, but the concept still stands. At what level are the hardware configurations different between phone companies?
Click to expand...
Click to collapse
You will not be able to change your bootloader period... At this point the locked bootloader is unbreakable. That leads to your next question about tmobile and that's a no as well due to the locked down bootloader.
Even with root you won't be able to do anything you've suggested due to the locked bootloader.
OPOfreak said:
You will not be able to change your bootloader period... At this point the locked bootloader is unbreakable. That leads to your next question about tmobile and that's a no as well due to the locked down bootloader.
Even with root you won't be able to do anything you've suggested due to the locked bootloader.
Click to expand...
Click to collapse
Interesting. I had been under the impression that I had seen people referring to installing clockworkmod or some similar thing on an S5, but I think I may be getting caught up in terminology; those are recoveries, aren't they? not bootloaders? Or perhaps people were posting about the other S5s with unlocked bootloaders. 15 different versions of S5, and I get stuck with the most apple-like of all the carriers....(in the sense of "you take what we give you and don't play with it!")
So, assuming I don't manage to get it installed via the link Waiting4MyAndroid was kind enough to post, I think that rules out anything other than the method of:
--wait for a root method to be established for the new OTA
--root, install the drive apk
--unroot, so I can encrypt and pass airwatch
Does anyone know if the old method of rooting broke encryption? and whether encryption was able to be performed after unrooting again?
Edit: Attempted to Sideload. Sadly, it is telling me "App not installed" (other sideloads do work; it's not the unknown sources setting). I'm thinking either the apk is marked for s4, and it's not compatible, or it's trying to overwrite files from the established svoice system, and that's not allowed. I suppose if someone has the drive apks from a tmobile S5 image or some such thing (same model, different carrier), then I could try again, but unfortunately this apk doesn't work. Thanks for the attempt, Waiting4MyAndroid!
Hey guys, this is my first post on XDA, so I hope I have it in the correct format and place; if not, just politely let me know and I will adjust the post accordingly. This is also just a theory I have on how to achieve root with the OTA 5.0 update, and would like the community's feedback on whether this would work or not.
First, let me start by saying that I don't have much experience with rooting, but I have done a lot of reading and research about how it works and feel like I have a good understanding of how it works. I do however, have a lot of programming and computer security experience, so I like to stay current on active vulnerabilities and such, whether it be on mobile devices or computers.
So I was stupid took the OTA update to 5.0 before checking to see if anyone managed to achieve root, to find out that 5.0 root hasn't been achieved on my model yet so I started to look for a way to do it myself. As I was browsing around for general info on the G900A, the keyboard vulnerability stuck out to me immediately.
To summarize the vuln: "A remote attacker capable of controlling a user’s network traffic can manipulate the keyboard update mechanism on Samsung phones and execute code as a privileged (system) user on the target’s phone. This can be exploited in a manner that requires no user interaction — a user does not have to explicitly choose to download a languagePack update to be exploited." So essentially, if I were to set up my own rogue Wi-Fi access point, I'd be able to execute any code I want in a privileged context.
On NowSecure's website, they go into deep detail on the specific steps of recreating this exploit, but to summarize here are the general steps:
Step 1:
Set a global Wi-Fi proxy and point our device at mitmproxy on our computer
(Essentially creating your own controlled Man-In-The-Middle attack for your phone)
Step 2:
Write a script that feeds the phone a zip containing our payload upon download request from the keyboard
Step 3:
Precompute the SHA1 of our payload and create a custom manifest file containing the SHA1
Add path traversal to the payload and attempt to write to /data/
Now, we have an arbitrary file write as system user. Next, we attempt to turn this file write ability into code execution.
Step 4:
Choose DeviceTest.apk as our target to exploit (this file is owned by a group system and is automatically invoked)
Generate an odex file with code for a BroadcastReceiver named com.sec.factory.entry.FactoryTestBroadcastReceiver
The exploit source will look like this:
Code:
➜cat FactoryTestBroadcastReceiver.java | head
package com.sec.factory.entry;
import java.lang.Class;
import java.io.File;
import android.content.BroadcastReceiver;
import android.content.Context;
import android.content.Intent;
import android.util.Log;
public class FactoryTestBroadcastReceiver extends BroadcastReceiver {
//Exploit code here
}
Step 5:
Once the payload is created, we compile it and run it through the DalvikExchange (dx) tool to get a .jar file which includes our dalvik bytecode
Push our jar to our phone and generate the odex using
Code:
ANDROID_DATA=/data/local/tmp dalvikvm -cp /data/local/tmp/<payload.jar> com.sec.factory.entry.FactoryTestBroadcastReceiver
This will put our cache file in a directory that is readable by the shell user.
Step 6:
Patch our .odex to contain the CRC32 and modification time from the original APK's zip file so it appears to be generated from the original DeviceTest.apk
Step 7:
Trigger the vulnerability to execute the payload
Here is the fully detailed article .
So my question is: would it be feasible to use this vuln to create a payload that injects root into the system?
To check to see if you're vulnerable to this exploit
Download a terminal emulator on your phone and type:
Code:
ls -l /system/app/SamsungIME*
If you see a line that looks like:
Code:
-rw-r--r-- root root 7243414 2008-08-01 07:00 SamsungIME.apk
and the date is older than 2015-03-16 you are vulnerable.
UPDATE: As of July 1, 2015, AT&T appears to have rolled out a small OTA update that updates the bootloader from OC4 to OF2 as well as patches the keyboard vulnerability. As long as you don't take the update and the date modified for SamsungIME.apk is earlier than 2015-03-16, this vulnerability could still be of some potential benefit.
Here is the link your wanting to post.
https://www.nowsecure.com/blog/2015/06/16/remote-code-execution-as-system-user-on-samsung-phones/
I really hope you are on to something.
I used terminal emulator and it looks like this (attached)
Looks like I'm vulnerable.
You seem to know your stuff and I hope some people can work with you to make some things happen
I just read the full article your source.. in theory root should be possible. I'm not sure how but maybe using the exploit to install cf as a system app. Then it could run with higher privileges I suppose. Or maybe just a custom zip to obtain the root.
Damn this makes me happy! I only wish I was smart enough to make it work lol
Sent from my SAMSUNG-SM-G900A using XDA Free mobile app
adam_ky said:
I really hope you are on to something.
I used terminal emulator and it looks like this (attached)
Looks like I'm vulnerable.
Click to expand...
Click to collapse
Thank you!
I'd really love to collaborate with some devs or something. I would be able to test most of those steps out myself, but would need help with the scripting of the actual payload. Then if it actually works, I ultimately would want to automate it and turn it into a redistributable application that anyone could use by just clicking a few buttons (seeing as how literally every non-rooted S5 should be vulnerable, I would want anyone to be able to use it). But I would need some help on that as well.
Also, until I (or anyone else) can confirm that this method either succeeds or fails, I'd hold off on taking any security updates that may patch this, just in case this method does end up working.
adam_ky said:
I just read the full article your source.. in theory root should be possible. I'm not sure how but maybe using the exploit to install cf as a system app. Then it could run with higher privileges I suppose. Or maybe just a custom zip to obtain the root.
Click to expand...
Click to collapse
That's exactly what I was thinking. If this exploit works the way I think it will, there should be no real constraints on the code you can execute and privilege escalation should be a breeze whether it's with something like cf, or a custom zip.
adam_ky said:
Damn this makes me happy! I only wish I was smart enough to make it work lol
Click to expand...
Click to collapse
Haha I was pretty ecstatic when I happened upon this and I couldn't really believe that no one else had put these two ideas together before I did. I tend to be more of a lurker on forums, so I was kind of iffy about posting this, but I'm really glad it's being well-received so far!
I'm really excited for this exploit's potential and can't wait to see where this leads!
https://www.nowsecure.com/blog/2015/06/16/remote-code-execution-as-system-user-on-samsung-phones/
I'm not sure it would be possible for an automated means of execution via an app or something. The one step in the process mentions that what has to be entered is device unique. But with the exploit it is kind enough to give you that bit of info needed.
The best we might be able to hope for here is connecting to your own personal wifi network with capabilities of injecting code exploit. Which shouldn't be to hard really.
We just need someone to create a payload for us and have a good step by step howto.
I'd be willing to volunteer both my time and device for testing this. I like you, just need a but of help.
However if no help comes I may try it myself lol
I'm pretty sure I can work out the steps . And set up a connection that's capable of injecting the code threw the keyboard exploit. I just need help with the scripts.
This exploit could do so much really... besides root. You could use it to delete preload bloat system apps. You could use it to edit the build.prop. you could use it to manually edit the host file. Should be able to run the script that allows read/write permissions over whole device for user.
I'm glad I have had my security updates set to off since the beginning as this has supposedly been fixed and pushed by samsung threw the policy updates
Sent from my SAMSUNG-SM-G900A using XDA Free mobile app
adam_ky said:
I'm not sure it would be possible for an automated means of execution via an app or something. The one step in the process mentions that what has to be entered is device unique. But with the exploit it is kind enough to give you that bit of info needed.
The best we might be able to hope for here is connecting to your own personal wifi network with capabilities of injecting code exploit. Which shouldn't be to hard really.
We just need someone to create a payload for us and have a good step by step howto.
I'd be willing to volunteer both my time and device for testing this. I like you, just need a but of help.
However if no help comes I may try it myself lol
I'm pretty sure I can work out the steps . And set up a connection that's capable of injecting the code threw the keyboard exploit. I just need help with the scripts.
This exploit could do so much really... besides root. You could use it to delete preload bloat system apps. You could use it to edit the build.prop. you could use it to manually edit the host file. Should be able to run the script that allows read/write permissions over whole device for user.
I'm glad I have had my security updates set to off since the beginning as this has supposedly been fixed and pushed by samsung threw the policy updates
Sent from my SAMSUNG-SM-G900A using XDA Free mobile app
Click to expand...
Click to collapse
Yeah, by automating it, I was thinking more along the lines of building an executable to be run on a computer that contains the necessary MITMproxy program, script for feeding the phone a zip, the actual payload, etc.
And the unique identifiers should only change based on the current version of android and which variant of the phone it is. So if I'm reading it right, the identifiers should all be the same for every G900A running 5.0. Either way, this exploit should be easy enough for most everyone to use, but it'd still be nice to make a program with a nice interface to it.
Yeah, I think with this exploit you could basically have control over just about anything you want, the only hard part would be making a payload for each thing you want to do.
As far as the exploit being fixed by Samsung, I think they have acknowledged the exploit and have "fixed" it, but the patches either haven't been pushed from Samsung to the carriers for distribution or the carriers haven't pushed out the update to fix it yet. According to NowSecure's website,
"As of June 16 2015, this is the known (but not all-inclusive) list of impacted devices by carrier with patch status:
Device | Carrier* | Patch Status
Galaxy S6 | Verizon | Unpatched
Galaxy S6 | AT&T | Unknown
Galaxy S6 | Sprint | Unpatched
Galaxy S6 | T-Mobile | Unknown
Galaxy S5 | Verizon | Unknown
Galaxy S5 | AT&T | Unknown
Galaxy S5 | Sprint | Unknown
Galaxy S5 | T-Mobile | Unpatched
Galaxy S4 | Verizon | Unknown
Galaxy S4 | AT&T | Unknown
Galaxy S4 | Sprint | Unknown
Galaxy S4 | T-Mobile | Unknown
Galaxy S4 Mini | Verizon | Unknown
Galaxy S4 Mini | AT&T | Unpatched
Galaxy S4 Mini | Sprint | Unknown
Galaxy S4 Mini | T-Mobile | Unknown
"
So I'm fairly certain that there won't be many phones that have the exploit patched (yet), which is definitely a good thing for all of us right now.
I wish some other people would chime in... surely this intrests more ppl than just you and I.
I'm sure this community can make something workable out of this exploit.
Sent from my SAMSUNG-SM-G900A using XDA Free mobile app
I really do too. I thought people would be all over this, and this is really the best place to post it
Today I had a talk with Samsung IT crew. General reason was wifi leakage on boc3 firmware on Sm-n910c. Also had a talk about keyboard vulnerability. Samsung's IT leading engineer told they know about it and it's on final stage of fixing. So in very short time it's gonna be fixed and no more hacking over keyboard will be available. So this door is finally to close soon(bad part is that also rooting over it will be impossible, but it's nice that Samsung very soon rolls out a fix for it so no more remote injections and rahcking will be possible). So hurry up, doors are closing soon finally. You should contact chainfire, maybe he will help you in rooting that phone.
Sent from my Galaxy Note SM-910C running SweetROM v14 using XDA free app
Sapphire999 said:
Today I had a talk with Samsung IT crew. General reason was wifi leakage on boc3 firmware on Sm-n910c. Also had a talk about keyboard vulnerability. Samsung's IT leading engineer told they know about it and it's on final stage of fixing. So in very short time it's gonna be fixed and no more hacking over keyboard will be available. So this door is finally to close soon(bad part is that also rooting over it will be impossible, but it's nice that Samsung very soon rolls out a fix for it so no more remote injections and rahcking will be possible). So hurry up, doors are closing soon finally. You should contact chainfire, maybe he will help you in rooting that phone.
Sent from my Galaxy Note SM-910C running SweetROM v14 using XDA free app
Click to expand...
Click to collapse
Oh interesting. Did they happen to mention any kind of time frame or just that they were in the final stages?
And I'll try to contact chainfire, but it seems like he hasn't been active on his G+ for a few months.
They told it's on final tasting stage. But that about Galaxy Note 4 talk, that we had. Not sure about other models. I simply asked of it since it bad when over wifi my phone can be hacked by some man in a middle. So if you plan still use that keyboard hack, you probably should ban updates to avoid that door closed.
And as they told roll out can happen from day to day. Meant very soon.
I also searched the web, your device should be rootable. If last ota update hack fails, use sammobile and downgrade os to root it and then search rooted custom roms
Sent from my Galaxy Note SM-910C running SweetROM v14 using XDA free app
Sapphire999 said:
They told it's on final tasting stage. But that about Galaxy Note 4 talk, that we had. Not sure about other models. I simply asked of it since it bad when over wifi my phone can be hacked by some man in a middle. So if you plan still use that keyboard hack, you probably should ban updates to avoid that door closed.
And as they told roll out can happen from day to day. Meant very soon.
I also searched the web, your device should be rootable. If last ota update hack fails, use sammobile and downgrade os to root it and then search rooted custom roms
Sent from my Galaxy Note SM-910C running SweetROM v14 using XDA free app
Click to expand...
Click to collapse
Ah, ok. Thank you for sharing and I'll definitely keep any updates disabled.
And I think there's a problem with downgrading due to the bootloader being locked by AT&T.
You're welcome. My device is unlocked likely. Any way guess you can search sammobile. Maybe you will sucess somehow to downgrade.
Loool. I have an idea. If you success hacking keyboard etc, probably you could somehow face ota to downgrade firmware. Hmmm... you know what. There is an option. Not sure if it will work, but still. Try getting custom rom. And boot your phone even with original firmware into recovery mode. Usually volume up + home + power. If it works, you can make restore from zip deploying custom rom.
Maybe it will not work, but you can try. If a bit lucky, you wouldn't need root on current rom. No warranties and it just in theory. Try at your own risk.
Sent from my Galaxy Note SM-910C running SweetROM v14 using XDA free app
---------- Post added at 04:42 AM ---------- Previous post was at 04:22 AM ----------
http://hexamob.com/how-to-root/android-rooting-method-samsung-galaxy-s5/
Doesn't this one work for you?
No, that way doesn't work and is for a previous version of android, not 5.0. When the G900A is updated to 5.0, the bootloader firmware is updated to patch the exploit that that method uses.
https://www.youtube.com/watch?v=1dYoDX07Cks
Told any S5 lolipopp running. Unfortunally or likely, I don't know what locked bootloader mean. Never had such. Does it mean that recovery mode and odin mode are unavailable(not launchable)?
As of this moment, if a att s5 sm g900a took the ota update to lolipop, there is no means to gain root access.
If you achieve root on kitkat, you can update to lolipop and keep root.. but that's it.
This keyboard exploit is our only possible ray of hope at this moment.
Root may not even be possible with it as it runs with system privilages.. which is actually not the same as root privilages.. however system privilages can do a lot and I got hope for it.
Even if root can't be obtained.. this exploit could be used to do things to the device that we currently cant. Could possibly remove system and preinstalled bloat. It can defiantly install an app as a system app... that should be able to a compliance quite a bit.
The possibilities are endless really.
I am thankful the exploit is there and hope we can acompliwb something with it before everyone gets patched.
I have my security policy updates disabled and I suggest you do the same for the time being if anyone out there is in the same boat as us.
Sent from my SAMSUNG-SM-G900A using XDA Free mobile app
Couldn't have said it better myself.
Also, I have attempted to contact Chainfire on both of his G+ accounts, so hopefully something can come of that too.
Hmm if so, just keep it mind not only to disable updates, but to keep away from wifis with internet access. On some conditions auto update setting are ignored, if connected to wifi. Surely depends on exact system and model. But keep it in mind. Well. If you gain system app privilegies, then possibly you get partitions access. That a hope to deploy something like twrp recovery and flash custom rom. Info about soon coming keyboard breach fix I got for GN4 model SEB (Baltic) region. Cann't say anything exact about other models and regions. But generally if Samsung is one step away from rolling it out in Baltic, quite possible other regions coming also soon.
Sent from my Galaxy Note SM-910C running SweetROM v14 using XDA free app
I just got an update and it's a bootloader upgrade from oc4 to I forgot and I suspended the update till I can get some more info . Check and see if you have it .
Sent from my SAMSUNG-SM-G900A using Tapatalk
superp32 said:
I just got an update and it's a bootloader upgrade from oc4 to I forgot and I suspended the update till I can get some more info . Check and see if you have it .
Sent from my SAMSUNG-SM-G900A using Tapatalk
Click to expand...
Click to collapse
From all the information I've gathered, this update does appear to patch the keyboard.
EDIT: I do have an available update too and attached a screenshot.
EDIT 2: I've seen the "Date modified" of the SamsungIME.apk change to one of two dated after taking the small OTA, either 2014-03-25 or 2015-03-16. If the date is the one from 2014, the vulnerability should still be active, but if it's the newer one, it appears to have been patched.
FYI... I posted the screen shot showing the 2015 update but my phone was already loaded with 5.0/OC4 when I received it from at&t last week and I have not updated to the new bl. Hope some can still benefit from the keyboard vulnerability even if I can't.
Hi all, so I'm looking to root my new Galaxy S6 from AT&T. My current version is 5.0.2, but the kernel was built after May 15th, so the Ping Pong method is not supposed to work. My question is, will the CF-auto root method work, and if so which files should I download. A bit new to Samsung phones, thanks I have attached my info here.
When did you get the device? The OF3 firmware update, which you have, pushed out only a couple days ago.
I haven't been following the CF auto root thread closely, but I don't believe it will currently work on ATT due to the locked bootloader. I may be wrong though as things may have changed over the past couple months. You will very likely trip knox if it does work though.
As far as i know you can not root it for now. You gotta wait some more time i guess
http://forum.xda-developers.com/att-galaxy-s6/help/s6-active-root-t3135960/page6
So I actually don't have the S5, or any Samsung device for that matter, but a friend of mine does, and really wants to root their phone. I had no idea the AT&T S5 was so secure, but it's pretty interesting too. I've been researching for over 15 hours. I may not have been able to root his phone, but I think I have learned a couple things and maybe some possible root methods.
1.) Since using ODIN to downgrade would soft brick the phone, would it be possible to download the stock Lollipop update onto a computer, give the update super user access, replace the recovery with a custom one, or unlock the bootloader from the computer, then flash it through ODIN?
2.) Intercept any sort of OTA update, then alter it to flash a custom recovery or unlock bootloader? I don't know how you would go around this though.
3.) If someone hasn't taken the OTA update that patched the Stagefright exploit, could someone purposely use the exploit to allow installation of a custom recovery or even to unlock the bootloader since the Stagefright bug has super user access (or so I've heard).
Also, I'm sorry if these are stupid ideas. I know close to nothing about Samsung so everything I'm basing this off of is what I've read in the past 15 hours.
jsmithfms said:
So I actually don't have the S5, or any Samsung device for that matter, but a friend of mine does, and really wants to root their phone. I had no idea the AT&T S5 was so secure, but it's pretty interesting too. I've been researching for over 15 hours. I may not have been able to root his phone, but I think I have learned a couple things and maybe some possible root methods.
1.) Since using ODIN to downgrade would soft brick the phone, would it be possible to download the stock Lollipop update onto a computer, give the update super user access, replace the recovery with a custom one, or unlock the bootloader from the computer, then flash it through ODIN?
2.) Intercept any sort of OTA update, then alter it to flash a custom recovery or unlock bootloader? I don't know how you would go around this though.
3.) If someone hasn't taken the OTA update that patched the Stagefright exploit, could someone purposely use the exploit to allow installation of a custom recovery or even to unlock the bootloader since the Stagefright bug has super user access (or so I've heard).
Also, I'm sorry if these are stupid ideas. I know close to nothing about Samsung so everything I'm basing this off of is what I've read in the past 15 hours.
Click to expand...
Click to collapse
The issue is that AT&T (and Verizon) use an encrypted signature key to verify they are the correct unaltered files as well as the means to unlock the bootloader to allow the OTA. Without that key, the tasks you mention are near impossible. They are not stupid ideas at all..just very difficult with all the security checks included.
KennyG123 said:
The issue is that AT&T (and Verizon) use an encrypted signature key to verify they are the correct unaltered files as well as the means to unlock the bootloader to allow the OTA. Without that key, the tasks you mention are near impossible. They are not stupid ideas at all..just very difficult with all the security checks included.
Click to expand...
Click to collapse
Crap... well does anyone know how that encyption key is generated? Like, could I theoretically get an algorithm from a ROM?
Honestly for the time being I wouldn't bother with ROMS for that Device and carrier at the moment. Especially being that its someone elses device. Towelroot should be a good start. If Im not mistaken I don't think its supposed to trip knox.
Sent from my HTCEVODesign4G using XDA Free mobile app
jsmithfms said:
Crap... well does anyone know how that encyption key is generated? Like, could I theoretically get an algorithm from a ROM?
Click to expand...
Click to collapse
This is the riddle of the Sphinx my friend. I am sure the super devs have tried their best so far to crack it. It has been an ongoing effort to make phones more and more secure, not against the amateur developers and rooters, but against the hackers. These smartphones are now our personal computers, diaries, personal assistants, financial operator, and more. They basically are a person's (and business's) life. AT&T and Verizon have taken the big steps to appeal to the Exchange clients, corporate, government and military contracts. Even the general public want to know their phone is secure. This is what keeps me stuck on the Sprint network.
Have you tried Kingroot?
I successfully rooted my wife's AT&T S4 on OC3 lollipop (supposedly unrootable) with the desktop version. Mobile version didn't work but desktop did without a hiccup. Maybe it'll work on the S5.
http://forum.xda-developers.com/android/apps-games/one-click-root-tool-android-2-x-5-0-t3107461
Rockin' a l337 with Goldeneye v49.1 + Wanam Xposed and loving life on AT&T's 4G LTE network
S5 on lollipop has a new nasty boot loader.... it was a miracle on its own that they ever came up with safestrap to duck the boot loader on earlier versions of android
Howdy guys and gals. Once again, it has been a VERY long time since I have posted. I just received my new Pixel XL today (free warranty replacement from Google for battery issues on my 6P).
Very first thing I did was install twrp recovery and SuperSU, so I could do the Carrier Entitlement mod and have my wifi hotspot. I have a couple of questions:
1. Can I unroot and keep the work I have done to enable my wifi hotspot or will it revert back after I unroot?
2. What can I do to update to 8.0? Honestly, I wouldn't mind losing root via updating OTA, but I don't want to end up with a brick and I don't want to lose my newly added wifi hotspot.
I greatly appreciate any help or input!! Thanks!
EDIT: I did find a tiny bit of info on this topic in the last few posts on this thread (page 2), but I really was hoping for some clarification since it is a bit vague. Link: https://forum.xda-developers.com/pi...ermod-systemless-install-guide-t3501448/page2
jonmike13 said:
Howdy guys and gals. Once again, it has been a VERY long time since I have posted. I just received my new Pixel XL today (free warranty replacement from Google for battery issues on my 6P).
Very first thing I did was install twrp recovery and SuperSU, so I could do the Carrier Entitlement mod and have my wifi hotspot. I have a couple of questions:
1. Can I unroot and keep the work I have done to enable my wifi hotspot or will it revert back after I unroot?
2. What can I do to update to 8.0? Honestly, I wouldn't mind losing root via updating OTA, but I don't want to end up with a brick and I don't want to lose my newly added wifi hotspot.
I greatly appreciate any help or input!! Thanks!
EDIT: I did find a tiny bit of info on this topic in the last few posts on this thread (page 2), but I really was hoping for some clarification since it is a bit vague. Link: https://forum.xda-developers.com/pi...ermod-systemless-install-guide-t3501448/page2
Click to expand...
Click to collapse
1 - If you unroot, the CarrierEntitlement.apk mod will stop working. Assuming you are using the method you linked below. This method on Nougat, relied on placing a modified CarrierEntitlement.apk in the SuperSu (or sbin/supersu directories and then binding that modified app to the original version in priv-app on boot. Essentially replacing the real app with this modified one which short circuits the provisioning check for tethering and allows tethering to work as needed. However, once you unroot those root directories will not exist or won't be accessible and this method will cease to work. Also, once you upgrade to 8.0, this specific method for gaining tethering also won't work. It appears that in 8.0 and above CarrierEntitlement.apk has been deprecated and replaced by TetheringEntitlement.apk. And a similarly modified version of TetheringEntitlement.apk doesn't exist at this point. (I tried and failed to create one.) However, as the posts you linked to indicate, on 8.0 you are able (if rooted) to add the needed line at the end of the build.prop which prevents the provisioning check from running at all. You do need to be rooted to make that build.prop modification. I do not know if making the change while rooted and then unrooting would still allow that build.prop modification to work. I suspect that it would still work since that line would remain in the build.prop even once unrooted, but I have not personally verified this. I would ask why you are so anxious to unroot...if you are wanting android pay to work, safetynet to pass, etc...you can install suhide after rooting and that would solve that problem. The simplest rooting with SuperSu / install suhide instructions I have found are in the OP of Chainfire's suhide post....linked below...
https://forum.xda-developers.com/apps/supersu/suhide-lite-t3653855
2 - See above. Once you upgrade, you will need to reroot and make the same modifications referenced above in the build.prop.
Good luck!
sb1893 said:
1 - If you unroot, the CarrierEntitlement.apk mod will stop working. Assuming you are using the method you linked below. This method on Nougat, relied on placing a modified CarrierEntitlement.apk in the SuperSu (or sbin/supersu directories and then binding that modified app to the original version in priv-app on boot. Essentially replacing the real app with this modified one which short circuits the provisioning check for tethering and allows tethering to work as needed. However, once you unroot those root directories will not exist or won't be accessible and this method will cease to work. Also, once you upgrade to 8.0, this specific method for gaining tethering also won't work. It appears that in 8.0 and above CarrierEntitlement.apk has been deprecated and replaced by TetheringEntitlement.apk. And a similarly modified version of TetheringEntitlement.apk doesn't exist at this point. (I tried and failed to create one.) However, as the posts you linked to indicate, on 8.0 you are able (if rooted) to add the needed line at the end of the build.prop which prevents the provisioning check from running at all. You do need to be rooted to make that build.prop modification. I do not know if making the change while rooted and then unrooting would still allow that build.prop modification to work. I suspect that it would still work since that line would remain in the build.prop even once unrooted, but I have not personally verified this. I would ask why you are so anxious to unroot...if you are wanting android pay to work, safetynet to pass, etc...you can install suhide after rooting and that would solve that problem. The simplest rooting with SuperSu / install suhide instructions I have found are in the OP of Chainfire's suhide post....linked below...
https://forum.xda-developers.com/apps/supersu/suhide-lite-t3653855
2 - See above. Once you upgrade, you will need to reroot and make the same modifications referenced above in the build.prop.
Good luck!
Click to expand...
Click to collapse
I greatly appreciate you bringing me up to speed. It has been so long since I have done anything like this. It seems like I'm away for a year or so until I get a new phone, and then I'm back at it again. :laugh:
I used the first method on this link to carry out the deed: https://www.theandroidsoul.com/enab...ing-pixel-and-pixel-xl-verizon-sprint-others/
Really, the only reason I want to unroot is to update to 8.0. I would be totally fine with keeping root (would actually prefer it), but I want to get on 8.0, and I can't find any guides for updating and retaining root and my tethering. It appears as though that won't be an option for now based on your post unless I want to modify the build.prop. I wouldn't mind doing that, but I would need a guide for updating and then another guide for the build.prop, and I'm just not as brave as I used to be with this stuff. Back in the day, I would take some info a run with it, and adapt as necessary. It's almost like I have gotten "old" and haven't kept up with the times and constantly worry I'm going to turn the phone into a paper weight. :laugh:
EDIT: Would I be able to just use the OTA update and it basically undo everything I have done and then re-root myself and then do the build.prop mod, or would I need to get back to a factory state before being able to run the OTA update?
My preferred method of taking upgrades on the pixel xl has been to just sideload the OTA for both monthly security patches and minor releases. I did flash the full factory image for the upgrade to 8.0 (removing the -w from flashall.bat to retain my data). Both methods have worked great for me. In either case, you do need to reroot, reflash suhide, reedit build.prop. But the entire process takes less than 45 min start to finish and had worked well each month since December 2016 for me. When you sideload the OTA or flash the factory image, any changes to build.prop, etc do not prevent the update from completing which is in contrast to what happens if you try to just take the OTA the standard way within android without first restoring to factory stock.
Guides for all of these steps are easily found here on the pixel xl forum. The basic steps for side loading ota/flashing factory can be found at the location they are published on Google's Android image pages.
sb1893 said:
My preferred method of taking upgrades on the pixel xl has been to just sideload the OTA for both monthly security patches and minor releases. I did flash the full factory image for the upgrade to 8.0 (removing the -w from flashall.bat to retain my data). Both methods have worked great for me. In either case, you do need to reroot, reflash suhide, reedit build.prop. But the entire process takes less than 45 min start to finish and had worked well each month since December 2016 for me. When you sideload the OTA or flash the factory image, any changes to build.prop, etc do not prevent the update from completing which is in contrast to what happens if you try to just take the OTA the standard way within android without first restoring to factory stock.
Guides for all of these steps are easily found here on the pixel xl forum. The basic steps for side loading ota/flashing factory can be found at the location they are published on Google's Android image pages.
Click to expand...
Click to collapse
Thanks for the information! I got impatient today and went ahead and updated to 8.0. I tried using the Disable Services app to get rid of the annoying notification to update, but was unsuccessful.
I'm going to re-root tomorrow evening and go through the whole process again to gain the hotspot. Now with the information I received in this thread, and the other links I emailed myself today at work, I'm starting to ease back into the modding world.
jonmike13 said:
Thanks for the information! I got impatient today and went ahead and updated to 8.0. I tried using the Disable Services app to get rid of the annoying notification to update, but was unsuccessful.
I'm going to re-root tomorrow evening and go through the whole process again to gain the hotspot. Now with the information I received in this thread, and the other links I emailed myself today at work, I'm starting to ease back into the modding world.
Click to expand...
Click to collapse
Nice work! Welcome back to the fun! Good luck!