jerdog · Jan 8, 2013 at 10:00 am

Unlock Bootloaders without Fastboot on Galaxy Nexus, Nexus 4, and 10

Bootloaders are like locks on a cookie jar: They’re just begging to be unlocked. When users on XDA see a locked bootloader, they immediately start looking for the accomplished developer who is working on hacking the device. It is for this reason that we like to hold Google Nexus devices as the gold standard for how manufacturers (and carriers) should approach their bootloaders, as well as firmware openness.

Nexus devices are easy to unlock: You go into fastboot mode, type ‘fastboot oem unlock’, and you’re done. Easy peasy. Of course, Google’s method involves an automatic wipe of your data, which functions as a pseudo-security measure. There of course is a way to get that data back after the wipe on the Galaxy Nexus, but what most users fail to think about is locking their bootloader again once they’ve gotten their ROM to where they want it to be. This opens up their device to all sorts of potential problems, especially those of the malicious kind.

Recently there has been talk about the Samsung Exynos 4 memory exploit, which leaves Exynos 4-based devices open to malicious attackers. With the fact that Samsung has never fixed the eMMC Brick Bug issue, which affects stock and non-stock Exynos 4 devices, you have the perfect storm of malicious attacker meets manufacturer negligence. Users can have their devices bricked and/or wiped in a matter of moments, and they would be none the wiser.

XDA Senior Member segv11 came across something in the Nexus bootloader, which is cause for concern for the Galaxy Nexus, Google Nexus 4 and Google Nexus 10. segv11 created a bootloader unlock, which does not follow the normal convention. Instead, it falls back on a process where you can keep your bootloader locked, and still keep a sense of security. He does this by simply changing a couple of bits in the /param partition, while keeping the bootloader locked for security reasons. XDA Elite Recognized Developer AdamOutler also released a similar process for the Galaxy Nexus back in April of 2012 which utilizes a brute-force method to unlock the bootloader by replacing the entire /param partition instead of just adjusting the bits.

This app highlights an issue with the way Google has chosen to lock the bootloader, especially when it’s easy to just change the aforementioned bit. What else is contained in there that can be hacked? What else is there that a malicious app, with root privileges, could potentially render your device a pricey brick? It’s for this very reason that we encourage users to be very careful before they mess around with their devices, and to make sure they read all of the instructions the developers put together beforehand.


_________
Want something on the XDA Portal? Send us a tip!
Pulser_G2 · Jan 31, 2015 at 02:08 pm · no comments

New AOSP Branch Details Potential Build System Upgrades?

While there are frequent unexplained changes and pushes to Google's AOSP repositories, an interesting-looking new branch has been pushed out recently, called "master-soong". Taking a look at the changes made to the manifest repository (which is used to specify the repositories to be downloaded when building Android), it appears there are some new repositories making an appearance. Of note here are new prebuilt repositories for Go, and Ninja. Go is a programming language, created by Google, which compiles to produce...

XDA NEWS
GermainZ · Jan 30, 2015 at 09:29 pm · 1 comment

Send Links to Any Nearby Device with CaastMe

There already are many solutions on the Google Play store if you want to send a link to one of your devices -- but what if you wanted to do it quickly without having to install any software or logging in to a website on the recipient end? Most apps require you to do either or both, which can be a hassle (or even a security risk) in some cases. Luckily, XDA Forum Member wyemun has developed CaastMe. Inspired by...

XDA NEWS
Mario Tomás Serrafero · Jan 30, 2015 at 03:39 pm · 3 comments

The Witcher Battle Arena: Hectic Multiplayer MOBA Fun

Do you like MOBAs? Do you like gaming on your phone? Given that MOBAs (multi player battle arenas) have amassed millions upon millions of players, there's a chance you play LoL or DOTA. And here at XDA we love phones, and we spend a lot of time on them, so if you were to like gaming outside of smartphones you probably like some on them too. I personally like neither, and I simply download the latest 3D games to see the progression...

XDA NEWS