May 24, 2013 By: Mike Szczys
After reading about Dan Rosenberg’s bootloader exploit for the Samsung Galaxy S 4, I figured it would not be long before someone would craft a package for loading custom ROMs. Of course, I shouldn’t be surprised that Dan is the one who figured it out.
You may know him better as XDA Recognized Developer Djrbliss. In his original thread, you’ll learn about the Loki package he put together to load custom recovery and ROM images into AT&T and Verizon variants of the GS4. The device must already be rooted, but he links to guides that can walk you through that as well.
There are a couple of caveats to the exploit. The first is that it will be very easy for the carriers to patch against it, so avoid OTA updates unless you know they don’t contain a patch. The second is that the Loki package is intended for developers, which means it’s not just a one-click operation. Having looked through the code repositories, it does look like a very straightforward set of command line operations, so don’t be scared off either.
The exploit side steps the signature check when the phone launches a ROM. Dan found it when looking at the phones aboot partition. Searching for some of the strings found in his disassembly, he discovered it’s nearly identical to the Little Kernel open source bootloader. This made it significantly easier to figure out how the boot process works. It turns out that the signature check function is written to memory during the boot process. His exploit overwrites this code to return a confirmation that the ROM is signed even though it is not.
May 7, 2013 By: Jimmy McGee
Recently, HTC released its latest flagship device, the HTC One. The HTC One comes in variants including AT&T, Sprint and T-Mobile. After numerous delays, the phone started shipping. And what do we do here at XDA developers once we get a new device? That’s right, we customize it.
In this episode, XDA Developer TV Producer Steve shows you how to unlock the bootloader on the HTC One. This allows you to be about to install custom recoveries and customer ROMs. You can then gain root access to your device. Check out this video to find out who wins.
Dan Rosenberg has done it again… Well, he claims to have unlocked the Samsung Galaxy S 4 bootloader, giving only this slightly blurry image as proof. But anyone who’s been paying attention will know that Dan, aka XDA Recognized Developer djrbliss, is good for his word.
The news comes via a set of Twitter posts over the last few days. The proof photo was posted about five hours ago, with zero details on how he did it. But if you hit his feed and look back a few posts, the picture becomes a little more clear. Two posts dated on April 29th give cryptic clues, literally. He mentions that RSA-2048 is used to sign the kernel and recovery. Looking at a quick Wikipedia reference on this key length tells us that this security is estimated to be uncrackable until at least the year 2030. So how the heck did he do it? Thus far, we know it was not due to a leak:
Is this the result of a leak?
No. I would not associate myself with the publication of confidential materials that are proprietary to these companies, regardless of the fact that I disagree with their policies on device openness. Plus, where’s the fun in that?
Watch the XDA Portal for more news as this develops. And if you’ve got a tasty tidbit of information on this or other exploits use the “Tip Us” button on the top menu bar to help spread the word. To learn more from the source himself, visit the original thread.
Update: Thanks to Recognized Developer k0nane for the correction!
April 11, 2013 By: Mike Szczys
Dan Rosenberg (a.k.a. XDA Recognized Developer djrbliss) gets the credit for finding exploits on a lot of devices, and now you can add to it the line of Motorola units that use the Qualcomm MSM8960 chipset. There are currently three models included in this category, the Atrix HD, Razr HD, and Razr M. They’re based on the processor marketed as the Qualcomm Snapdragon, and they’re hiding some interesting tricks that may eventually keep users from loading their own ROMs. Dan’s investigation did lead to an exploit, but I find some of the pseudocode he authored based on the disassembly an interesting look at what the future might bring from Motorola.
Those of you who purchased a Samsung Galaxy S III on Verizon and were disappointed upon finding out that its bootloader was encrypted (not-unlockable) may now rejoice. An insecure bootloader is now available for the device. For those unaware, here is the back story: The Verizon Galaxy S III is probably the first Android device by Samsung that shipped with an encrypted bootloader, making it harder to root and sparking a petition by the community. Based on Samsung’s track record of always shipping devices with unlocked bootloaders, we can all safely deduce that Verizon is the one to blame here.
The devs here at XDA came to rescue shortly and it was rooted, but custom ROMs and kernels were still a no-go. Our developers didn’t give up, and soon we had a proof-of-concept method of bypassing the locked bootloader for custom kernel installation. Finally, in the true spirit of XDA, our very own XDA Elite Recognized Developer AdamOutler got to work on the encrypted bootloader and now we have the results!
You can install the insecure bootloader on your Verizon SGS III using the method provided in detail in this forum post. The tools also allow you to root the device, install hacking tools, flash CWM recovery, and much more. You will need to be running Linux or Mac OS X to load the required tools.
Note that once you unlock your device using this method, do NOT accept any OTA update that you get afterwards. It may possibly brick your device. If you must, first flash the full ODIN stock restoration packages provided in this post, or simply stick with custom ROMs. Also note that Samsung or Verizon may break this method in the future, but there is an exploit waiting for when that happens. Enjoy!
March 3, 2012 By: Conan Troutman
After having been released for less than a week, and with a forum added only a few days ago, the Sony Xperia S is the most recent device to find a home on XDA. Even so, we’re already pleased to bring you information on how to unlock and relock the bootloader, as well as how to root your brand-spanking-new device.
XDA senior member DooMLoRD put together a very comprehensive tutorial on dealing with the bootloaders, which is based on lollylost’s similar tutorial for the Xperia Arc. There are quite a few steps to achieving the end result, but they are clearly explained, with all the necessary links provided. The actual method for unlocking is via the official SonyMobile site, so it’s only fair that we also show some thanks for their developer friendly attitude. DooMLoRD continues in his second post, and explains how to relock your bootloader using FlashTool.
Meanwhile senior member Bin4ry makes sure you’re able to get root access by providing a pre-rooted system.img, which is to be flashed via fastboot. After a quick reboot you should have root. He goes on to say that a more convenient method is sure to follow.
If you are the proud owner of a shiny new Xperia S and can’t wait to start tinkering with your device, DooMLoRD’s tutorial and Bin4ry’s rooting thread are undoubtedly the first places you should visit.
February 13, 2012 By: Joseph Hindy
Some users have been having a lot of problems with the HTC dev bootloader unlock method. Not only does it not completely unlock the bootloader, but it causes problems with flashing things such as kernels and radios.
This problem is especially present on the HTC Sensation, who suffer from issues such as not being able to flash some radio files and some kernels, unless installed in a specific manner, can cause some problems such as WiFi problems.
XDA Senior Member tkraaa has has taken a deeper look at some of these problems and, more important, ways around them or ways to fix them along with links to more threads that can help fix them. Here’s tkraaa’s take on the WiFi issues:
it allows you to install Custom Roms , But what htc don’t tell you is that the custom rom should be using their htc Stock kernel in order to work without errors !!!!!!! . ( Otherwise for Roms with custom kernels , you have to install Custom Kernels in a certain Method to avoid errors like WiFi error !!!! )
So, if you’re facing some of these woes and need them fixed, you can check out all the fixes and explanations in the original thread. Additionally, you can find links to other threads that deal with these problems as well in case you need them.
January 25, 2012 By: liwen
At the beginning of this year, there was on outrage over the discovery of one of our forum members who found that the bootloader on the Transformer Prime tablet was locked and encrypted. Protest ensued, and ASUS quickly gave in and announced that it would develop an unlock tool. Now their official Twitter account revealed that the unlock tool (which they erroneously call ‘root tool’, for whatever reason) is expected to arrive in February.
— ASUS (@ASUS) Januar 24, 2012
Of course, this can mean anything from next week to 30-something days, but in any case, it’s still pretty nice to see the company respond and act so quickly. We’ve also seen their support being considerably stepped up and above of that of competitors, with ASUS Technical Marketing Manager Gary Key offering official support in our forums.
January 10, 2012 By: liwen
HTC has updated its bootloader unlock database with a few more devices, this time the Desire HD and additional Desire and Wildfire models.
Of course, HTC announced two weeks ago that all phones launched after September 2011 are unlock-able, and seems to be making pretty good progress on older models as well. The Desire, Wildfire, Wildfire S and two more devices were added just a few days ago.
So, keep it up, HTC, and Motorola better follow along.
January 6, 2012 By: azrienoch
Following their move to unlock all bootloaders on phones released after September 2011, HTC announced today that the HTC Wildfire S, Wildfire, Desire, Merge, and A315c (a Wildfire CDMA variant) joined the official list. It looks like all the devices they added right after Christmas are on the list as well.
The dropdown menu of supported devices on HTCDev’s bootloader page changed formats as well. Now included, at the very bottom of the list, is an All Other Supported Models option. That is for all future models, because eventually HTC won’t have that list there. You’ll also notice asterisks by some devices in the list. HTCDev explains,
In certain cases you may be required to install an RUU first in order to go through the unlock process. These devices are indicated with an asterisk in the list below.
There are added steps for those devices because you’re updating HBOOT. Head over to HTCDev.com and try it out.
January 5, 2012 By: liwen
2011 came and went, and Google wasn’t the only one breaking their promises. Back in March, Motorola said they would unlock their notoriously secured bootloaders before the end of 2011, and guess what? They haven’t.
So, what do we do? Of course, start a petition. This has worked wonders with HTC, and, only a few days ago, ASUS. Both quickly gave in to the pressure and eventually provided (or are in the process of doing so) official unlocking solutions. Motorola originally said they were doing the same, but they didn’t, and here’s what they get for it:
OPERATION: Make Ourselves Heard (#OPMOSH)
About this movement:
Motorola Mobility Inc. has become famous for its lies, slanderous ways, and tendency to flat out prove time and time again that it cares not for its customers after they walk out of that store with their Motorola-branded device. Since the early days of Android, post Droid 1, we have sat down and took our locked bootloaders like a man. There came to be a boiling point – and a full-out war was launched on their social media sites. Sound familiar? The same thing that worked with HTC and now with Asus. We received a generic “second half of 2011″ timing. Guess what! It’s now Q1 2012, and not only have they missed their deadline, but they have IGNORED all bootloader-related questions, given NO official announcement of their plans still being in motion, and thus must have forgotten that we are a core, dedicated community that wishes nothing more than to enjoy the phones we were given. Let’s make ourselves heard yet again, turn the heat up, and make Moto (like HTC) get off of their asses and DO SOMETHING. Everyone counts!
January 3, 2012 By: liwen
ASUS just announced that it will develop an unlock tool for the bootloader of its Transformer Prime tablet. This comes only slightly more than 48 hours after a forum member has found its bootloader to be locked and encrypted, triggering a massive amount of protest posts on its Facebook wall.
As the original reason for locking the bootloader, ASUS cites the “content providers’ requirement for DRM client devices to be as secure as possible” in order to support Google DRM for “a high quality video rental experience”. Thus, it notes that unlocking the bootloader will not only void your warranty, but also make Google video rental unavailable – which makes no difference for many users since the service is only available in the US and UK (and possibly other English-speaking markets, thanks to nanu*1 for pointing out) as of the time of this writing.
Below is the juicy bit of the statement.
Regarding the bootloader, the reason we chose to lock it is due to content providers’ requirement for DRM client devices to be as secure as possible. ASUS supports Google DRM in order to provide users with a high quality video rental experience. Also, based on our experience, users who choose to root their devices risk breaking the system completely. However, we know there is demand in the modding community to have an unlocked bootloader. Therefore, ASUS is developing an unlock tool for that community. Please do note that if you choose to unlock your device, the ASUS warranty will be void, and Google video rental will also be unavailable because the device will be no longer protected by security mechanism.
I made a mistake. A few days ago I reported that, with a slew of new kernel source codes posted on HTCdev, HTC is now GPL compliant. That wasn’t true. I found out after saying it again on XDA TV. On Twitter, @gu1dry said,
That was true. Somehow, I overlooked the HTC Kingdom (HTC EVO Design 4G and HTC Hero S) when making my list of HTC’s non-GPL-compliant devices.
I don’t like being wrong. And it looks like HTC doesn’t like it when I’m wrong, either. Things get messy, or something. So HTC fast-tracked the release of the Kingdom kernel source code. It’s available on the HTCdev website. So now, HTC is mostly GPL-compliant.
I was also reminded of the fact that GPL compliance means making an Android kernel source code available as soon as the Android device releases. HTC has yet to do that. Once they get a system in place to make that happen, they’ll be GPL-compliant. I’m sure that with all the recent successes at HTCDev, we’ll see this soon. Looking forward to it. For now, being up to date with all the Android devices on shelves is definitely a victory for everyone.