Unlock Bootloaders without Fastboot on Galaxy Nexus, Nexus 4, and 10
Posted January 8, 2013 at 10:00 am by jerdog
Bootloaders are like locks on a cookie jar: They’re just begging to be unlocked. When users on XDA see a locked bootloader, they immediately start looking for the accomplished developer who is working on hacking the device. It is for this reason that we like to hold Google Nexus devices as the gold standard for how manufacturers (and carriers) should approach their bootloaders, as well as firmware openness.
Nexus devices are easy to unlock: You go into fastboot mode, type ‘fastboot oem unlock’, and you’re done. Easy peasy. Of course, Google’s method involves an automatic wipe of your data, which functions as a pseudo-security measure. There of course is a way to get that data back after the wipe on the Galaxy Nexus, but what most users fail to think about is locking their bootloader again once they’ve gotten their ROM to where they want it to be. This opens up their device to all sorts of potential problems, especially those of the malicious kind.
Recently there has been talk about the Samsung Exynos 4 memory exploit, which leaves Exynos 4-based devices open to malicious attackers. With the fact that Samsung has never fixed the eMMC Brick Bug issue, which affects stock and non-stock Exynos 4 devices, you have the perfect storm of malicious attacker meets manufacturer negligence. Users can have their devices bricked and/or wiped in a matter of moments, and they would be none the wiser.
XDA Senior Member segv11 came across something in the Nexus bootloader, which is cause for concern for the Galaxy Nexus, Google Nexus 4 and Google Nexus 10. segv11 created a bootloader unlock, which does not follow the normal convention. Instead, it falls back on a process where you can keep your bootloader locked, and still keep a sense of security. He does this by simply changing a couple of bits in the /param partition, while keeping the bootloader locked for security reasons. XDA Elite Recognized Developer AdamOutler also released a similar process for the Galaxy Nexus back in April of 2012 which utilizes a brute-force method to unlock the bootloader by replacing the entire /param partition instead of just adjusting the bits.
This app highlights an issue with the way Google has chosen to lock the bootloader, especially when it’s easy to just change the aforementioned bit. What else is contained in there that can be hacked? What else is there that a malicious app, with root privileges, could potentially render your device a pricey brick? It’s for this very reason that we encourage users to be very careful before they mess around with their devices, and to make sure they read all of the instructions the developers put together beforehand.
Want something on the XDA Portal? Send us a tip!