Related
I posted links to a free Diamond unlocker on here last week and subsequently recieved a 7 day ban.
The ban stated the reason was "posting other peoples work".
I didnt know if the software was working,fake,safe or easy to use as my device is already unlocked but in the nature of xdadev forums i posted it in case it was of use to anybody.
I most definately didnt claim the software as my own nor did i try to profit from the work of others.
I guess it upset somebody as like i said i recieved a weeks ban for my efforts which i think was kinda harsh considering.
Wouldve have been a bit more civil to have just removed the post,links and PMed asking/demanding that i dont post the software here or anywhere else and i would have happily complied.
**** i still dont know who banned me and for what reason exactly but i aint complaining about a poxy 7 day ban that was easily bypassed by logging in as a guest to browse the forums, just wouldve been nice to been asked a question before being shot.
Just for the record
If your post was legitimate (which I don't know if it was), surely somebody was jealous and wanted his own work promoted.
Wouldn't surprise me if he even wants money for it.
It's cuz the devs are charging money for unlocking the devices. They say it will be free later, so I guess until then nobody else can start giving out codes for free.
There's a couple of posts about it in the ROM Dev thread
adwinp said:
If your post was legitimate (which I don't know if it was), surely somebody was jealous and wanted his own work promoted.
Wouldn't surprise me if he even wants money for it.
Click to expand...
Click to collapse
Yea thats what happened as far as I can see.
The software I aquired is being sold by the dev/devs which is fair enough if they feel its worth the asking price and theres a market then **** it
let them eat cake.
My reason for this post was just that I didnt care for the way the matter was dealt with by banning me with out so much as a valid reason or reply to my attempts to contact them over the last week.
I also posted to state the fact that i didnt claim the software to be mine or attempt to gain financial or kudos rewards for the post.
If like I stated I had been approached with the facts rather than just getting banned I would have happily removed the link and file from my hosting and even blagged that the software I had was a fake if that would have appeased the powers that be and kept the coin rolling in for the dev/devs.
The fact is the unlock solution is now in the wild and its probably pissed on theyre chips.
Also im now getting unsolicited PMs asking for the software and I aint the ignorant type.
I can understand people being pissed off as i was unintentionaly offering for free what they was selling but i just think the matter could have been dealt with differently.
Fex
I think that the software author in general has the right to ask for a remuneration for his hard work, if he feels like it.
I know exactly the feeling.
But what bothers me, is exactly what you've described: the WAY it's been delt with.
adwinp said:
I think that the software author in general has the right to ask for a remuneration for his hard work, if he feels like it.
I know exactly the feeling.
But what bothers me, is exactly what you've described: the WAY it's been delt with.
Click to expand...
Click to collapse
I wholeheartedly agree with you mate which is why like I mentioned If I had been informed I would have if able to, happily taken measures to repair and repent my minor discretion
I understand where you’re coming from innocent until proven guilty and all that. But, sh*t happens then you die... so don’t worry about it.
fex said:
The fact is the unlock solution is now in the wild and its probably pissed on theyre chips.
Click to expand...
Click to collapse
I also agree with you regarding the unlocker is out in the wild. It’s available on bit torrent and various online forums mostly in foreign languages...
I do like the idea that they have come up with which is to give it out for free to people who support this site and charge the ones that don’t as its most likely these people who will go on to profit out of the software by selling it on as a service.
hint hint:
well, one of the names it goes by is libera_diamond.
im sure someone in this forum selling that...http://forum.xda-developers.com/showthread.php?t=414835 see the link and any question of who banned you will be solved my friend...
adwinp said:
hint hint:
well, one of the names it goes by is libera_diamond.
Click to expand...
Click to collapse
I already found it.... used it... and... IT WORKS!...
Just unlocked 16 Diamonds from Portuguese TMN!...
adwinp said:
hint hint:
well, one of the names it goes by is libera_diamond.
Click to expand...
Click to collapse
Well, found it as well, cheers!
instructions within
can anyone assist with a bit more user friendly instructions for the above topic, and do i need to use an xp system rather than my vista device?
all help would be appreciated.
cheers
help....
can someone supply better instructions, for this unlocker....
Works on Vista Ultimate Perfectly!
The unlocker works on vista. I should know. It worked perfectly on my phone.
The last step's hit and miss. For some reason (i'm guessing the dev had a twisted sense of humor), the app'll close instantly unless you try and freeze it open. The best way to do this is launch diamunlock.exe and press the UP button on your phone REPEATEDLY. After about 5-10 tries, the program will stay open and you can take your time.
I do admire what the dev was doing by selling this but TBH from what i've seen about XDA-Dev, software is given away and donations are asked for later. This new approach of charge first and that's it, while expected, doesn't seem to fit with the ethos of xda-dev and as such, i don't feel like i should promote it by paying for the software.
Now if it had been donationware? Hell yeah you best believe i'd have sent 10-20 bucks the dev's way.
Hy,
With this solution I've unlocked severall phones, and since I believe that knollege should be payed, I've given already 2 donations to this forum in general... of course I refuse to pay to anyone in specific if the solution is out for free!...
And I think everyone should recognise this forum's usefullness with some sort of donation, either knollege or money.
BR
Well, this thread surely doesnt serve any purpose other than simply gossiping (in a polite language) about someone else's work around here. So thread closed and I dont think its wrong. Will be moved to trash soon, just wanting the OP to take his time and read this post. PM a MOD if you feel otherwise
This is taken from engadget.com
HTC is legendary for its tacit support of the Android ROM cooking community. Motorola... not so much, thanks in large part to the company's policy of locking down the bootloader as a means to prevent unapproved software from running on its Droid handsets. An annoyance recently exacperated by a moderator of Moto's YouTube channel who suggested that customers looking to install custom ROMs should "buy elsewhere." Ouch. The resulting public relations kerfuffle then prompted Motorola to publish a clarification to its bootloader policy on Facebook:
We apologize for the feedback we provided regarding our bootloader policy. The response does not reflect the views of Motorola. We are working closely with our partners to offer a bootloader solution that will enable developers to use our devices as a development platform while still protecting our users' interests. More detailed information will follow as we get closer to availability.
Obviously, we'll have wait for said details to get official before calling this a shift in strategy. It's certainly an improvement over Moto's previous approach of lawyering-up with cease and desist orders. Perhaps Motorola is taking a cue from Microsoft who seems to have recently discovered that it's better to embrace than to annoy a motivated hacking community -- customers who tend to be a company's most dedicated fans and evangelists.
Good news?
Direct Link: http://www.engadget.com/2011/01/21/motorola-ready-to-make-sweet-love-to-rom-devs-and-rooters/
its a maybe. maybe they will launch our froyo locked, maybe it'll be open. we never know.
i just read this also. this could be great news or another terrible taunt whih leads to nothing.
im not gonna get my hopes up just yet.
available Q1 of 2046, stay tuned! lol
Sent from my Milestone using XDA App
Sounds like a PR stunt to quell the immediate situation before waiting for it to blow over.
Sent from my Milestone using XDA App
I dont believe in manufaturer, i believe in XDA dev's..... this a "cold water" not a hope for us.
I hope this isn't just some PR bull and moto actually enables us to load custom kernels.
That press release says nothing about unlocking the bootloader, only that they will help devs which could mean anything!
DummyPLUG said:
available Q1 of 2046, stay tuned! lol
Sent from my Milestone using XDA App
Click to expand...
Click to collapse
LMFAO!!!
i dnt believe motorolsh!t will do that(unlocking the bootloader)
I so love my new HTC Desire! couldnt stand this situation anymore....! sorry guys...
It is just the usual PR crap which companies like them give when they screw up on the social networking front. The "..buy elsewhere.." was just a such screw up. A Royal one I would say!
They are now trying to calm down the situation by giving us this crap..
I think it's just a excuse about the bad comments in youtube video, nothing more than that.
DummyPLUG said:
available Q1 of 2046, stay tuned!
Click to expand...
Click to collapse
2046???
...that seems a little too soon... dont ya think?
Menelkir said:
I think it's just a excuse about the bad comments in youtube video, nothing more than that.
Click to expand...
Click to collapse
That seems most likely but perhaps the fallout and bad press from that will push them to do what they should have done long ago, free the bootloader in some form so we can get custom ROMs on it.
Dyonas said:
That seems most likely but perhaps the fallout and bad press from that will push them to do what they should have done long ago, free the bootloader in some form so we can get custom ROMs on it.
Click to expand...
Click to collapse
Yes, I really want to see this happening, but I don't have any hope about Motorola opening the bootloader.
If they do, ok, excelent news to the community, to all developers that will make even better ROMs and for all of us that have a Motorola phone. We can see the quality of alternative ROMs for Motorola Milestone today as example. It's obvious that the only limitation is the bootloader, so the quality can be massively improved if we can change and optimize the kernel.
But I think all people here are already tired from Motorola's position about his costumers: Censorship on comments (youtube and motorola forums), censorship on criticism (even the very good ones, Motorola does not seem to care about the opinion of his costumers), cease and desist in community cases like the ROM of Droid X and sites with roms (that its very stupid IMHO)... and the list goes on...
By the way, my only hope is, if that happens and I have not exchanged my phone yet, good.. I'll make good use of it. But honestly? I have now my last phone from Motorola.
Am I missing something? Forgive my ignorance, but what is "locked up" about the bootloader? I'm running CM6 along with the overclocked CM6 kernel, and there are tons of other custom ROMs out for the Droid as it stands. What is restricted by Motorola?
vapor63 said:
Am I missing something? Forgive my ignorance, but what is "locked up" about the bootloader? I'm running CM6 along with the overclocked CM6 kernel, and there are tons of other custom ROMs out for the Droid as it stands. What is restricted by Motorola?
Click to expand...
Click to collapse
Milestone users cannot use custom kernels. All the AOSP ROMs still have to use the SAME kernel, supplied by Mot. They lock it to the bootloader. This means problems trying to compile modules and customer kernels and no way to patch bugs.
It is much more work for devs to get stuff done for the milestone than other phone (htc comes to mind).
Examples of issues: battery life, phone sleeping, waiting for compatible kernel or hack for new android versions, swap support, vpn support, other filesystem support... the list goes on.
But you allowed to be happy with your phone. Not everybody needs these things...
Sent from my Milestone using Tapatalk
He has a very good point. Where other android device builders seem to be promoting development (Huawei excluded, theyre miser's just like Motorola), this company seems to be more prominent on the restriction of development on their devices.
One very good reason for this is that Motorola has been such a huge phone developer for such a long time, that they have probably let it go to their head. Now instead of saying "our consumers said they need this", they're sayin "we think they really only need this." I've used Motorola phones for about 8 years now, and I would DEFINITELY say someone forgot that their customers put them where their at.
I agree. Someone needs to get out there and give them a taste of Good Customer Service. I dont think restricting dev's is a great marketing idea, or revenue booster anyways. BUt then again, to each, his own.
This is PR.Nothing more.
Know motorola they do not update РСТ(Russian legal)Milestone, they do not
need to unlock this crap bootloader.
Visit Groubal and sign the petition: http://www.groubal.com/motorola-lockedencrypted-bootloader-policy/
Retweet: http://twitter.com/#!/ibproud/status/52265679990169600
Facebook Page: http://www.facebook.com/unlockmoto
UPDATE (14th June 2011):
We are now over the 10,000 mark.
I have now spoken with Motorola and gotten confirmation that Motorola plan to unlock every device that will get an update in the second half of this year. This will include maintenance & firmware updates, but is still subject to Carrier approval.
The promising sign is that Verizon has already allowed Motorola to unlock a device on their network, the Xoom, which utilizes the unlockable/re-lockable model that Motorola intends on using across their devices.
I'm still looking to work with Motorola in the coming months to help see if we can make this a smooth process for Motorola and the community.
You can read the article here:
http://ausdroid.net/2011/06/14/an-u...witter&utm_campaign=Feed:+ausdroid+(Ausdroid)
Please share this where you can and keep it alive. I will continue to work with Motorola to see if we can get this thing torn wide open.
UPDATE (26th April 2011):
We are now at ~8,700 mark.
Motorola has now responded to me, stating that they are looking at unlocking bootloaders across their devices late 2011.
The article for the story can be found here:
http://ausdroid.net/2011/04/26/the-little-aussie-taking-on-motorola-u-s/#more-8184
We're still seeking clarity around whether this will be for current devices or only future devices.
I couldn't have gotten this far without the support of everyone here. You guys and girls have been a huge support and help me turn this snowball into a wrecking ball.
Please share this where you can and keep it alive. I will continue to work with Motorola to see if we can get this thing torn wide open.
Previous Update (4th April 2011):
We are now at ~7600 mark.
We're starting to slow down from our initial boom, so I have now set up a Facebook page to see if we can wrangle in some supporters that don't use Twitter or XDA.
I will need your help getting this out there. So share the facebook page where you can.
I'm also looking to see if anyone is interested in helping me Moderate the page. Please PM if you are.
Original Post:
Hi All,
I have created a Groubal (online petition) to get a response from Motorola on it's bootloader policy.
>>This petition started for the Atrix, but I made sure that it was for Motorola's overall Bootloader Policy. I have reached 200 signatures in 2 weeks, but now believe it's time to expand this out of the Atrix space and into the larger Motorola Dev community.
Ok guys, we now have nearly 800 signatures, nearly 500 in one night alone.
Keep up the great work everyone, this wouldn't be going anywhere without your support.
Sent from my Atrix (in Australia)
signed
10 char
Thank you everyone for your support.
Updated First Post!
I put it on facebook and i signed it. I really want this phone and bootloaders makes it a no deal.
Used my fascinating voodoo powers
Just updated Original Post, some very interesting developments today.
I posted/reposted everywhere i know to and asked for them to repost. Hopefully moto will get this.
Used my fascinating voodoo powers
Signed. Does anyone else feel this should be posted in the General section of every android device? We need to protect AOSP!
absens said:
Signed. Does anyone else feel this should be posted in the General section of every android device? We need to protect AOSP!
Click to expand...
Click to collapse
It would be even better if we could get XDA to post it as an announcement across all the forums, but unfortunately I don't know any of the administrators well enough to do it.
If you want to champion that for us, that would be greatly appreciate. I'm starting to find myself spread to thin on this one.
Groubal has been attacked again!
Hello Irwin,
Yes indeed...Groubal was hacked once again. We have our technical team and our hosting enterprise working feverishly on this to remedy the problem.
Clearly your petition and all your supporters have touched off serious nerves; and your message has created amazing awareness around the world now.
We will fix the problem and move forward. Please take the time to let everyone know on all the forums what has happened to Groubal.
Thanks in advance,
Groubal Customer Care
Click to expand...
Click to collapse
I will update the post when they are back to normal operations.
I posted this on a few other forums around xda. I also posted this on fascinates forum to since thats where i hang out. I got a bunch of negative feedback at first. Then come to find out the new samsung phones are going to have it too.
Used my fascinating voodoo powers
Updated OP
Just sent this tip to Engadget.com
Please shed some light on the petition by the Android user community requesting that Motorola to unlock the bootloaders on their Droid phones. Smartphones are not just phones that can browse the web, they are mobile computing devices that can make phone calls.
We pay a large sum of money to own these mobile computing devices but we are not able to modify the operating system like any other personal computer that each of us own.
http://www.groubal.com/motorola-lockedencrypted-bootloader-policy/
Thank you,
CaliTilt said:
Just sent this tip to Engadget.com
Please shed some light on the petition by the Android user community requesting that Motorola to unlock the bootloaders on their Droid phones. Smartphones are not just phones that can browse the web, they are mobile computing devices that can make phone calls.
We pay a large sum of money to own these mobile computing devices but we are not able to modify the operating system like any other personal computer that each of us own.
http://www.groubal.com/motorola-lockedencrypted-bootloader-policy/
Thank you,
Click to expand...
Click to collapse
Thank you. Hopefully they will shed their spot lights on it.
Used my fascinating voodoo powers
Thanks everyone for the support, Motorola has noticed us.
Updated OP.
I had not realized that you posted on the dx forum. I found a list where you have posted. I've been posting to milestone 2, fascinate, and facebook. I will keep these 3 up to date with the info you pass out.
Updated OP.
New Facebook Page!
SIGNED!!!!!
We need to get as many ppl to sign this as we can.
signed!!
moto and other manufactures need to stop this!! if we buy a device...we have the right to do what we want with it...its our money!!!
Signed. I'm rocking a Thunderbolt right now, but I still play with my Droid X from time to time.
EDIT: Let's let the dev's have their fun without a bunch of newbs poking in on them. Sorry, devs.
Probably don't want this info to get out to the entire Internets anyways.
CZ Eddie said:
Hmmm..........
http://forum.xda-developers.com/showthread.php?p=51983540
No, you don't have root/unlock for ATT S5.
But...... hmmmm...
**** DO NOT POST IN THAT THREAD. IT IS A DEVELOPERS-ONLY THREAD. DON'T BE A DORK AND POST IN IT.
Click to expand...
Click to collapse
Pretty exciting. I am not a dev. so I dont really know how to distinguish between what exactly is going on, but a little progress and excitement is always good for the community. Not to mention the respect and bounty these devs will get once something major actually does happen.
EDIT: Let's let the dev's have their fun without a bunch of newbs poking in on them. Sorry, devs.
Probably don't want this info to get out to the entire Internets anyways.
CZ Eddie said:
Basically, evilpotatoman located a much-wanted Qualcomm tool that could possibly lead to finally unlocking the bootloader of S4, S5 and Note 3 (and others). *Possibly being the key word.
At the moment it's still not possible, but the tool apparently gives them a huge leap forward in development towards this goal.
They've been looking for something like this for a few years now I believe.
I'm not a dev, don't pretend to be one. The extent of my "development" is writing a few scripts. lol. So remember that I may be misunderstanding some things here. :good:
There are a bunch of files attached to the thread.
But none of us should bother downloading them because you have to be an ultra-dev to know how to use them.
Click to expand...
Click to collapse
My understanding i that this is the SDK for the SoC on the S5 and other phones. It includes a qualcomm dev signing cert but I'm almost 100% certain that no production phone from AT&T will accept BL's signed by the qc dev cert (or someone would have used it to sign one of the unlocked BL's by now plus if that were the case my guess is qc would be freaking out and sending takedown notices by now). So basically if Samsung or AT&T were to provide the signing key or somehow we were to brute force it(very unlikely) we would now be able to easily sign packages for the phone. So while helpful, without the signing keys it doesn't really do anything except provide more insight into how the whole secure boot process works.
http://forum.xda-developers.com/showthread.php?t=2692167&page=11
cciechad said:
My understanding i that this is the SDK for the SoC on the S5 and other phones. It includes a qualcomm dev signing cert but I'm almost 100% certain that no production phone from AT&T will accept BL's signed by the qc dev cert (or someone would have used it to sign one of the unlocked BL's by now plus if that were the case my guess is qc would be freaking out and sending takedown notices by now). So basically if Samsung or AT&T were to provide the signing key or somehow we were to brute force it(very unlikely) we would now be able to easily sign packages for the phone. So while helpful, without the signing keys it doesn't really do anything except provide more insight into how the whole secure boot process works.
Click to expand...
Click to collapse
Qc sent the takedown notice...dun dun duuunnn
Sent from my SAMSUNG-SM-G900A using Tapatalk
CyboLabs is Proud to present
Open Bump!
What is Open Bump?
Open Bump is a recreation of the closed source Bump project run by Codefire.
It will allow you to "sign" your boot images in the same way that Codefire does it, only you don't need an internet connection.
Click to expand...
Click to collapse
What Open Bump is NOT
lets get the obvious out the way. It won't axe murder you.
It is not a direct reverse engineer of Codefire's implementation. I found the key and iv on my own
The magic bytes were taken from Codefire's method however. If anyone has insight has to how they were found, please shout up.
It does NOT take your private data so you can use it. Tin hatters feel free to double check
Click to expand...
Click to collapse
How did I find this out
I had a general idea of what to look for, having heard that the exploit is related uicc, and is signed with a cipher.
Dropping the aboot image in to Ghex led me to finding a reference to "uiccsecurity". Using the bytes around this, I found a repeat of 32 bytes, which was followed by 16 bytes which formed something that resembled "SecureWallpaper".
As you can probably guess, this was mainly trail and error backed by common sense and logical thinking.
you can programmatically find these values with the python script:
Python:
aboot_name = './aboot.img'
aboot = open(aboot_name, 'rb').read()
key_end = aboot.index('uicc')
key_start = key_end - 32
key = aboot[key_start:key_end]
sec_key_start = aboot.index(key, key_end)
iv_start = sec_key_start + 32
iv_end = iv_start + 16
iv = aboot[iv_start:iv_end]
deciphering some already generated "signatures" proved that these were the key and iv used for "signing" the images.
Click to expand...
Click to collapse
What is coming next?
Inspecting the signatures that were originally uploaded and the ones that people can generate now, I found only one pattern.
The only similarities were the first 16 bytes of each "signature". I believe that only the magic number is needed, and none of the garbage that follows. This has been confirmed by the LG G3 dev from CyanogenMod, Invisiblek Done
Click to expand...
Click to collapse
How to use it?
I don't know how well this will run on anything other than linux, so for now.. I won't talk about it.
First, ensure you are using python2
then run the script
Code:
python2 open_bump.py "/path/to/boot.img"
flash the output, and enjoy
Click to expand...
Click to collapse
Thanks to:
Obviously, this wouldn't have been possible without Codefire since I wouldn't have known where to look, or that it was exploitable. And it was them that found the magic key.
Big thank you to @pulser_g2, who offered invaluable input on cryptography
Big thank you to @invisiblek, who I mercilessly kanged the main part of the image padding script from
note:
The original part of finding this information out was done on my own with guidance from pulser. The final results of this are posted above.
XDA:DevDB Information
Open_Bump, Tool/Utility for the LG G2
Contributors
cybojenix
Source Code: https://github.com/CyboLabs/Open_Bump
Version Information
Status: Beta
Created 2014-11-23
Last Updated 2014-11-23
Thanks, thats great news to have an open source tool here!
Do you see any chance that this could be integrated into CWM/TWRP so that the recovery rom could bump the boot/recovery images before flashing?
Because the boot/recovery.img has to be extracted from the ROM-zip before flashing, bumping it here would make sure that the phone can boot the image even with the newer bootloader.
This would be great for rom-devs since they don't have to change anything and it would even bump roms that are not maintained anymore.
g4rb4g3 said:
Thanks, thats great news to have an open source tool here!
Do you see any chance that this could be integrated into CWM/TWRP so that the recovery rom could bump the boot/recovery images before flashing?
Because the boot/recovery.img has to be extracted from the ROM-zip before flashing, bumping it here would make sure that the phone can boot the image even with the newer bootloader.
This would be great for rom-devs since they don't have to change anything and it would even bump roms that are not maintained anymore.
Click to expand...
Click to collapse
simple answer, this can be added to the build step really easily. See this commit
edit:
of course it may be useful to make a c program to do this.... I shall think on it.
Propably stupid question but i ll give a shot. Since we have the magic key we cant just skip the bump stuff totally? As i can understand, i dont wait official developer team join the bump train, thats why the damn development of the device is really back while the hardware is more than capable.
**To the OP i wish i could give you a thousand likes sir!
After getting the bootloader may be open G3؟؟
Why not use the original Bump?
Quote:
Codefire has been extremely vague about their method, obviously to prevent someone else replicating their results.
They are also storing people's data unnecessarily, and even adding some information relating to the user in to the "signature", possibly for tracking purposes.
As a result of it being an external service, many reputable teams (which won't be named unless they want to be) have said they will not use it, and would rather wait till LG releases the official unlock method.
Finally, Codefire have said the sha1sum of the boot image is required. Whether they knew or not, it is NOT required, and I will be changing this tool to compensate for that.
Click to expand...
Click to collapse
Happy you found a new exploit for us builders and devs, just feel like you kinda disrespected codefire team by accusing them of things before actually talking to them, seems a bit counter productive, this may piss them off and next device you can kiss new exploits by them good-bye,
just my 2 cents on the matter,
i'd remove the line...
in any case thank you very much, i will add it to my build script
---------- Post added at 08:34 PM ---------- Previous post was at 08:29 PM ----------
nikosblade said:
Propably stupid question but i ll give a shot. Since we have the magic key we cant just skip the bump stuff totally? As i can understand, i dont wait official developer team join the bump train, thats why the damn development of the device is really back while the hardware is more than capable.
**To the OP i wish i could give you a thousand likes sir!
Click to expand...
Click to collapse
"Bump stuff" has nothing to do with users, the devs and builders do the "bumping", and development of the G series has nothing to do with bumping, it just takes time to bring everything up
Good job cybojenix. (moderator edit: watch your language please)
Way to ruin a good thing.
I'm done with Android now. You can do it all now - since you obviously know better than me and everyone else.
I don't appreciate people trying to blackmail me - EnderBlue and Cybo both.
Don't believe me? http://hastebin.com/gulumezawi.txt
Good job guys. Way to ruin unlocks for all future LG phones.
If I *EVER* decide to come back, I will not be releasing anything as free or open source. You've sullied my impression of the open source community. Anything I do will be private releases from now on.
LG hadn't patched Bump, and they were going to leave it alone for us as long as we kept it as a service.
Well, looks like that's over and done with.
Bump included a hash of the image that you uploaded and a hash of your developer ID, and some random junk bytes. That's all. It's exactly what we said it was doing.
Well, hey, now you're free to take over and write roots and unlocks for all LG phones since you obviously have the talent to do so.
Let's be honest though, without my team's hard work that you stole, you wouldn't have been able to do any of this.
But you knew that, you're just a bottom feeder.
I don't get angry often at all- but congrats! You've succeeded in making me mad! Achievement unlocked!
I'm done. Your turn.
EDIT: Also, you know you can't open source your project either considering it contains 'stolen' LG crypto keys. https://github.com/CyboLabs/Open_Bump/issues/1
Have fun with that one.
thecubed said:
Good job cybojenix. (moderator edit: watch your language please)
Way to ruin a good thing.
I'm done with Android now. You can do it all now - since you obviously know better than me and everyone else.
I don't appreciate people trying to blackmail me - EnderBlue and Cybo both.
Don't believe me? http://hastebin.com/gulumezawi.txt
Good job guys. Way to ruin unlocks for all future LG phones.
If I *EVER* decide to come back, I will not be releasing anything as free or open source. You've sullied my impression of the open source community. Anything I do will be private releases from now on.
LG hadn't patched Bump, and they were going to leave it alone for us as long as we kept it as a service.
Well, looks like that's over and done with.
Bump included a hash of the image that you uploaded and a hash of your developer ID, and some random junk bytes. That's all. It's exactly what we said it was doing.
Well, hey, now you're free to take over and write roots and unlocks for all LG phones since you obviously have the talent to do so.
Let's be honest though, without my team's hard work that you stole, you wouldn't have been able to do any of this.
But you knew that, you're just a bottom feeder.
I don't get angry often at all- but congrats! You've succeeded in making me mad! Achievement unlocked!
I'm done. Your turn.
EDIT: Also, you know you can't open source your project either considering it contains 'stolen' LG crypto keys. https://github.com/CyboLabs/Open_Bump/issues/1
Have fun with that one.
Click to expand...
Click to collapse
First off, I didn't black mail. I gave your team notice about open sourcing it after reverse engineering the LG bootloader, not your "signatures".
It's your choice if you want to leave Android. Pinning the blame on me is somewhat childish though.
LG not patching Bump? That's a ludicrous statement, and even if it's true, it's good that this script got released. That way they know it should be patched, since having it a service clearly makes all the difference to them.
The hardest part of your teams work was getting the keys. If you know where to look, then it's easy enough to get engineering builds which I suspect contain the master magic bytes which you released.
I'm honestly shocked at your reaction though. I gave your team all the credit and stated which parts I did myself. The part about the service, and the deception was justified.
You tried to obscure something which by logic can't be obscured. That's how so many people realised they can just append the bytes to the image.
So which one would you rather have, LG not patching the exploit (as you so claim), and having an unknown number of people in china running around flashing custom boot images, or have everyone know how to do it to force LG to recheck their security measures.
What I did may not have been fantastic for the community, but what you did was insanely dangerous for the 90% of LG users.
All you did was make it so LG locks down the bootloader. And really 90% of users??? There probably isn't even 3 percent of the LG base on this website. All you did was screw everybody else over so you could have YOUR OFFICIAL CM.
As well people saying you didn't do enough and are still using there signing key as well as attacking it as well.
Way to think about yourself. You didn't care about the 90% or you wouldn't have done this.
I personally hope LG locks down the bootloader now. Go the way Samsung did and put an efuse on it and prevent downgrading. Hopefully all this happens with lollipop so you can screw over the rest of the LG crowd.
cybojenix said:
it's good that this script got released. That way they know it should be patched, since having it a service clearly makes all the difference to them.
Click to expand...
Click to collapse
"Hey let's potentially close all future LG unlocks and thus the chance to use CyanogenMod on future LG devices then. Just so I can get the current CM builds to say 'Official' and get a big pat on the back from the CM dudes who probably don't care about me too much."
Is that what went through your mind? That instant gratification and ignorance really shows who you are because that's exactly what I see from this OP of yours. Enjoy your 15 minutes of fame. You probably just killed a chance for years of it.
savoca said:
"Hey let's potentially close all future LG unlocks and thus the chance to use CyanogenMod on future LG devices then. Just so I can get the current CM builds to say 'Official' and get a big pat on the back from the CM dudes who probably don't care about me too much."
Is that what went through your mind? That instant gratification and ignorance really shows who you are because that's exactly what I see from this OP of yours. Enjoy your 15 minutes of fame. You probably just killed a chance for years of it.
Click to expand...
Click to collapse
Yes, because I've been such a massive supporter of cm. (sarcasm in case you didn't realise).
I started reverse engineering the bootloader for research purposes. If it was more complex than what I have said above, then I probably wouldn't have done this thread.
If it weren't for the fact that the magic stays the same across all signatures, then I also wouldn't have done this thread.
The response I got from them when I contacted them before releasing this was pretty much one of lack of care. So I went ahead and posted it.
I couldn't care less about fame. In fact there isn't really a lot I do care about, but I won't have the community alienated in to thinking the codefire service was such a great thing.
And once again, I refuse to take the blame for their team leaving Android.
whoppe862005 said:
All you did was make it so LG locks down the bootloader. And really 90% of users??? There probably isn't even 3 percent of the LG base on this website. All you did was screw everybody else over so you could have YOUR OFFICIAL CM.
As well people saying you didn't do enough and are still using there signing key as well as attacking it as well.
Way to think about yourself. You didn't care about the 90% or you wouldn't have done this.
I personally hope LG locks down the bootloader now. Go the way Samsung did and put an efuse on it and prevent downgrading. Hopefully all this happens with lollipop so you can screw over the rest of the LG crowd.
Click to expand...
Click to collapse
See my other post, I don't care about cm.
Fair enough, 3% are here, so this benefits the security of 97% of lg uses, if the claim that lg was alright with it running s a service is true.
Either way, I did nothing wrong
cybojenix said:
I couldn't care less about fame. In fact there isn't really a lot I do care about, but I won't have the community alienated in to thinking the codefire service was such a great thing.
Click to expand...
Click to collapse
So you only care about ruining good things, and other people's work?
Lol sorry I think I'm done with you. By cybo
savoca said:
So you only care about ruining good things, and other people's work?
Lol sorry I think I'm done with you. By cybo
Click to expand...
Click to collapse
Tbh I thought it would have been clear by now what I care about. Then again I may have been wrong about considering you one of the smart android people.
I care about learning and sharing knowledge. Which is precisely what this thread did.
cybojenix said:
See my other post, I don't care about cm.
Fair enough, 3% are here, so this benefits the security of 97% of lg uses, if the claim that lg was alright with it running s a service is true.
Either way, I did nothing wrong
Click to expand...
Click to collapse
I saw your PM to autoprime in IRC, it was "I am going to post what I found or you do, either way its going there", it wasn't lack of care, it was that you just stated a fact and left, it was a very rude unthoughtful thing to do, also don't try to BS everyone with your research, you and about 100 other people found the "magic keys", the problem is those "magic keys" were placed there by team codefire, you didn't find them, you found that they were using the key and copied their work, anything else you say is a lie, at least the other 99 people who found this had the basic respect to not post it unless the original team allowed it.
There was no reason to post this, their site was working fine, and if you used the API there was no problem of tracking since it just uses a UID to identify to the server.
at least admit you were wrong and say you are sorry, they won't fix anything but will gain you a minimum amount of respect
sooti said:
I saw your PM to autoprime in IRC, it was "I am going to post what I found or you do, either way its going there", it wasn't lack of care, it was that you just stated a fact and left, it was a very rude unthoughtful thing to do, also don't try to BS everyone with your research, you and about 100 other people found the "magic keys", the problem is those "magic keys" were placed there by team codefire, you didn't find them, you found that they were using the key and copied their work, anything else you say is a lie, at least the other 99 people who found this had the basic respect to not post it unless the original team allowed it.
There was no reason to post this, their site was working fine, and if you used the API there was no problem of tracking since it just uses a UID to identify to the server.
at least admit you were wrong and say you are sorry, they won't fix anything but will gain you a minimum amount of respect
Click to expand...
Click to collapse
Wrong, I stated that I was going to open source it, meaning the work of put in to getting the key and how it's used to get the original magic.
It was after that that I realised the final magic is the only thing needed. I actually worked out how to get the magic key a few hours ago, but since I don't have the right images, it won't be globally usable.
Fair enough, I apologise for pointing out the flaws in codefires service, and that they took it badly.
cybojenix said:
See my other post, I don't care about cm.
Fair enough, 3% are here, so this benefits the security of 97% of lg uses, if the claim that lg was alright with it running s a service is true.
Either way, I did nothing wrong
Click to expand...
Click to collapse
OK. If you did nothing wrong please do explain this
Enderblue-"well, would you be willing to open source it so we can have a official cm support?"
IoMonster-"so it would make storm already worse then what it is now? *paraphrasing for language
IoMonster-"no"
Seems like be said he didn't want it open source but you still went ahead any way.
http://hastebin.com/gulumezawi.txt
And then you saying your going to push it for vs985 even after he said no.
I don't know who Enderblue is, and I'm not affiliated with him..
whoppe862005 said:
OK. If you did nothing wrong please do explain this
Enderblue-"well, would you be willing to open source it so we can have a official cm support?"
IoMonster-"so it would make storm already worse then what it is now? *paraphrasing for language
IoMonster-"no"
Seems like be said he didn't want it open source but you still went ahead any way.
http://hastebin.com/gulumezawi.txt
And then you saying your going to push it for vs985 even after he said no.
Click to expand...
Click to collapse
cybojenix said:
I don't know who Enderblue is, and I'm not affiliated with him..
Click to expand...
Click to collapse
It isn't like it matters if you are or not. It says right in the chat he doesn't want it open sourced. I'm sure about 99% of the people on here have seen that already and I'm pretty sure you have seen it as well.
It states right in the chat he didn't want it open sourced.
whoppe862005 said:
It isn't like it matters if you are or not. It says right in the chat he doesn't want it open sourced. I'm sure about 99% of the people on here have seen that already and I'm pretty sure you have seen it as well.
It states right in the chat he didn't want it open sourced.
Click to expand...
Click to collapse
but the chat wasn't with me, so your point is null
autoprime had ample opportunity to say "don't do it yet", or "go talk to IO". but no, no objections were made.
Codefire treated the service like any other company would treat their unlocking service, so I treated them like a company and showed how it was done.