jerdog · Jan 8, 2013 at 10:00 am

Unlock Bootloaders without Fastboot on Galaxy Nexus, Nexus 4, and 10

Bootloaders are like locks on a cookie jar: They’re just begging to be unlocked. When users on XDA see a locked bootloader, they immediately start looking for the accomplished developer who is working on hacking the device. It is for this reason that we like to hold Google Nexus devices as the gold standard for how manufacturers (and carriers) should approach their bootloaders, as well as firmware openness.

Nexus devices are easy to unlock: You go into fastboot mode, type ‘fastboot oem unlock’, and you’re done. Easy peasy. Of course, Google’s method involves an automatic wipe of your data, which functions as a pseudo-security measure. There of course is a way to get that data back after the wipe on the Galaxy Nexus, but what most users fail to think about is locking their bootloader again once they’ve gotten their ROM to where they want it to be. This opens up their device to all sorts of potential problems, especially those of the malicious kind.

Recently there has been talk about the Samsung Exynos 4 memory exploit, which leaves Exynos 4-based devices open to malicious attackers. With the fact that Samsung has never fixed the eMMC Brick Bug issue, which affects stock and non-stock Exynos 4 devices, you have the perfect storm of malicious attacker meets manufacturer negligence. Users can have their devices bricked and/or wiped in a matter of moments, and they would be none the wiser.

XDA Senior Member segv11 came across something in the Nexus bootloader, which is cause for concern for the Galaxy Nexus, Google Nexus 4 and Google Nexus 10. segv11 created a bootloader unlock, which does not follow the normal convention. Instead, it falls back on a process where you can keep your bootloader locked, and still keep a sense of security. He does this by simply changing a couple of bits in the /param partition, while keeping the bootloader locked for security reasons. XDA Elite Recognized Developer AdamOutler also released a similar process for the Galaxy Nexus back in April of 2012 which utilizes a brute-force method to unlock the bootloader by replacing the entire /param partition instead of just adjusting the bits.

This app highlights an issue with the way Google has chosen to lock the bootloader, especially when it’s easy to just change the aforementioned bit. What else is contained in there that can be hacked? What else is there that a malicious app, with root privileges, could potentially render your device a pricey brick? It’s for this very reason that we encourage users to be very careful before they mess around with their devices, and to make sure they read all of the instructions the developers put together beforehand.


_________
Want something on the XDA Portal? Send us a tip!

jerdog

jerdog is an editor on XDA-Developers, the largest community for Android users. Jeremy has been an XDA member since 2007, and has been involved in technology in one way or another, dating back to when he was 8 years old and was given his first PC in 1984 - which promptly got formatted. It was a match made in the stars, and he never looked back. He has owned, to date, over 60 mobile devices over the last 15 years and mobile technology just clicks with him. In addition to being a News Editor and OEM Relations Manager, he is a Senior Moderator and member of the Developer and Moderator Committees at XDA. View jerdog's posts and articles here.
Tomek Kondrat · Apr 1, 2015 at 10:11 am · no comments

Hi Locker to Help You With Lockscreen Headache

The lockscreen is a part of the OS that we see hundreds of times every day, whether we're using Android or iOS. The look of the lockscreen depends on the Android version, device manufacturer or ROM chef. In short, it differs for almost every user. Luckily enough, users can use third party alternatives that bring more features. One such application is Hi Locker, developed by XDA Senior Member thotran7989. Hi Locker can be found both on the Play store and...

XDA NEWS
Jimmy McGee · Apr 1, 2015 at 07:00 am · 2 comments

Must Have App Review: Spider Squisher Pro Extreme

Here on XDA TV we have a series we like to call Must Have Apps. These are apps that we think are so great and useful that you must have them. We’ve given this title to such programs as Pushbullet, Light Flow, Helium, the AROMA File Manager, ROM Toolbox and Pocket Casts. But today we have an app that surpasses them all. Former XDA TV Producer Adam Outler offers up a must have application. In this video, XDA TV Producer...

XDA NEWS
Aamir Siddiqui · Apr 1, 2015 at 04:30 am · 2 comments

OnePlus DR-1 Quadcopter Drone Available for Purchase

OnePlus has been teasing a new product for a while now, hailing it as a game-changer which isn't a tablet or a smartwatch. While speculations were rife about what this game-changing device could be, the company did confirm that the product was indeed a drone in their recent AMA. A tweet and vine from OnePlus shed some more light on this product, which was confirmed to be named as DR-1 (dr-one, get it?) and was to reach stores "next month". In a...

XDA NEWS
Share This