5,604,050 Members 47,435 Now Online
XDA Developers Android and Mobile Development Forum

[APP][2013-12-31][root][GNex/Dev] BootUnlocker for Nexus Devices -- version 1.5.2

Tip us?
 
segv11
Old
(Last edited by segv11; 31st December 2013 at 08:53 AM.) Reason: New Version
#1  
segv11's Avatar
Senior Member - OP
Thanks Meter 425
Posts: 340
Join Date: Mar 2012
Default [APP][2013-12-31][root][GNex/Dev] BootUnlocker for Nexus Devices -- version 1.5.2

NEW:
  • Adds Nexus 7 (2013) support.
  • Adds tamper flag management on Nexus 4 and Nexus 5


BootUnlocker for Nexus Devices -- Unlock your bootloader without fastboot.

This application REQUIRES a Galaxy Nexus (maguro, toro or toroplus), Nexus 4 (mako), Nexus 5 (hammerhead), Nexus 7 2013 (deb or flo), or Nexus 10 (manta), with root.


You've rooted your Galaxy Nexus, Nexus 4, Nexus 5, Nexus 7 (2013), or Nexus 10, and you are trying to decide between the security of relocking your bootloader (with stock recovery and USB Debugging off), and the flexibility of leaving it unlocked.

You know that in order to prevent an unauthorized user from accessing your data by flashing a custom recovery, "fastboot oem unlock" wipes your data. This also means that if you relock your bootloader, you will need to do a full backup-and-restore whenever you decide to unlock it again.

BootUnlocker for Nexus Devices lets you have the best of both worlds by using root privileges to unlock your bootloader from within Android, without wiping your data. This allows you to keep your bootloader locked for security, with this application safely protected behind your lockscreen password. Whenever you want to unlock or relock your bootloader, just unlock your screen and run BootUnlocker.




License
BootUnlocker for Nexus Devices is Open Source Software, licensed under the Apache License, Version 2.0:
http://www.apache.org/licenses/LICENSE-2.0.html.
You can redistribute, reuse, or modify this software as permitted under this license.

Source code is maintained on Google Code, along current and previous versions of the complied application:
https://code.google.com/p/boot-unlocker-gnex/

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

For support, please leave a comment on this thread, or open an issue on the Google Code project page.

Downloads
The Following 84 Users Say Thank You to segv11 For This Useful Post: [ Click to Expand ]
 
segv11
Old
(Last edited by segv11; 31st December 2013 at 10:26 PM.) Reason: spelling correction
#2  
segv11's Avatar
Senior Member - OP
Thanks Meter 425
Posts: 340
Join Date: Mar 2012
Default How It Works

BootUnlocker for Nexus Devices avoids using "fastboot oem unlock", with its associated "userdata" wipe. When fastboot unlocks it updates a lock status flag, stored on a partition of your device's internal storage. Device partitions, positions and state values (locked/unlocked) are as follows:

On the Galaxy Nexus, the bootloader uses at position 0x000007C (124 decimal) of the "param" partition, stored as 01 / 00.
On the Nexus 10, the bootloader uses position 0x0000224 (548 decimal) of the "param" partition, stored as 00 / 01.
On the Nexus 4 and Nexus 5, the bootloaders use position 0x0004010 (16400 decimal) of the "misc" partition, stored as 00 / 01.
On the Nexus 7 (2013), the bootloader uses position 0x04FFC00 (5241856 decimal) of the "aboot" partition, stored as 00 / 02.

The Nexus 4 and Nexus 5 bootloaders also keep a "Tamper" flag at position 0x0004014 (16404 decimal) of the "misc" partition. It is stored as 00 / 01 (untampered/tampered), and can be viewed using "fastboot oem device-info". BootUnlocker for Nexus Devices can set and clear this flag too.


BootUnlocker uses root privileges to write to to the appropriate location directly, bypassing fastboot. This allows you to lock and unlock your bootloader from within Android, without wiping your "userdata" partition.

The technique used was discovered through the efforts of several contributors on another XDA thread: http://forum.xda-developers.com/show...650830&page=13

Special thanks go to those who posted raw images of their device partitions, helped with/conducted the analysis, or put their devices in harm's way to beta test: efrant, osm0sis, iuss, Archpope, AdamOutler, NCguy, Raftysworld, Mach3.2, Meep70, and others. This application could not have been written without their contributions.

To learn more about how this app works, and plans for future functionality, follow this project on Google Code: https://code.google.com/p/boot-unlocker-gnex/
The Following 18 Users Say Thank You to segv11 For This Useful Post: [ Click to Expand ]
 
segv11
Old
(Last edited by segv11; 31st December 2013 at 08:54 AM.) Reason: New Version
#3  
segv11's Avatar
Senior Member - OP
Thanks Meter 425
Posts: 340
Join Date: Mar 2012
Default ChangeLog

Version 1.5.2:
  • Updated wording for tamper flag management

Version 1.5.1:
  • Adds support for "flo" and "deb" (Nexus 7 2013)
  • Adds tamper flag management on "mako" (Nexus 4) and "hammerhead" (Nexus 5)

Version 1.4:
  • Adds support for "hammerhead" (Nexus 5)

Version 1.3.1:
  • Adds android.permission.ACCESS_SUPERUSER permission

Version 1.3:
  • Adds support for "mako" (Nexus 4)

Version 1.2:
  • Adds support for "manta" (Nexus 10)
  • Adds status area (bottom-left) to display information about the device and app.

Version 1.1:
  • Adds support for "toroplus" (Sprint Galaxy Nexus)
  • Corrects multiple-su-request issue for users of ChainsDD's Superuser app

Version 1.0:
  • Initial Release



Known Issues:
  • Prompt for root access on first launch takes longer than it should.
  • Some users may experience a race condition where the display does not immediately update after locking or unlocking the bootloader. Changing device orientation or restarting the app will update the display.
  • Nexus 7 (2012 version) is not supported. See this thread http://forum.xda-developers.com/show....php?t=2068207 for an alternative.
The Following 7 Users Say Thank You to segv11 For This Useful Post: [ Click to Expand ]
 
Thegodfather156
Old
#4  
Thegodfather156's Avatar
Senior Member
Thanks Meter 46
Posts: 553
Join Date: Oct 2010
Location: Portland, Oregon
thanks for this OP. sweet app
RasBean Jelly/TRINITY

Technician I Am
 
segv11
Old
(Last edited by segv11; 14th August 2013 at 06:11 AM.) Reason: Moved from later in the thread
#5  
segv11's Avatar
Senior Member - OP
Thanks Meter 425
Posts: 340
Join Date: Mar 2012
Default How to help bring BootUnlocker to new Nexus devices

For those of you who are thinking of helping to bring this app to a new device, you should know what is involved. First, it should be a Nexus device, with "fastboot oem unlock" and "fastboot oem lock". Second you should know which devices are already supported, and which we probably can't support.

You will want up-to-date nandroids, copied off-device. Backup your /sdcard off-device too, as nandroids don't save this.

The general idea is that we take images of all the partitions, in both the locked and unlocked states. We then compare them to see where the changes were. Once we've figured it out, we test it by flashing back the appropriate images to make sure that they change the lockstate of the device. If we can't figure it out, we will need to unlock your device using "fastboot oem unlock", which will wipe ALL of /data, including /sdcard...

If your device started locked, we would:
  1. run "ls -lR /dev/block" and send me the result
  2. I'll send back a list of "dd" commands to dump all the paritions to /sdcard
  3. dump all the partitions
  4. take md5's of each image for quick change detection
  5. copy the images off-device
  6. reboot bootloader
  7. fastboot oem lock
  8. reboot
  9. dump all the partitions again, to a different directory
  10. take md5's of each new image for quick change detections
  11. copy new the images off-device

If your device started locked, we would:
  1. run "ls -lR /dev/block" and send me the result
  2. I'll send back a list of "dd" commands to dump all the paritions to /sdcard
  3. dump all the partitions
  4. take md5's of each image for quick change detection
  5. copy the images off-device
  6. reboot bootloader
  7. fastboot oem unlock (wipes device!)
  8. reboot
  9. re-enable ADB debugging
  10. dump all the partitions again, to a different directory
  11. take md5's of each new image for quick change detections
  12. copy new the images off-device
  13. restore a nandroid of userdata


At this point, we can use the md5's to check which partitions have changed, which are hopefully only a few. We'll discuss which ones seem "interesting", so you can zip up and send as few images as necessary. I'll run "xxd" to make hexdumps of them, and "diff" and friends to analyze them.

If we have a candidate set of changes, then you would use dd to copy back the relevant image(s) and reboot bootloader, to verify that this does indeed unlock and lock the device. If everything works, then I can change BootUnlocker to recognize the device. If things don't work, and you want an unlocked bootloader, you will need to unlock it with "fastboot oem unlock" and then restore your nandroid.

As you can see, there is a significant risk of data loss. You also need to be comfortable with fastboot, adb, and the adb/linux shell on your device. And of course, you need root.

We've got the Galaxy Nexus, Nexus 4, and Nexus 10 in the bag. The ASUS bootloader in the Nexus 7 (2012 edition) stores the lockstate using device-specific encryption; we cannot support that device. If you've got some other Nexus device and feel like some hacking, PM me and we'll see if we can figure your device out.

On the other hand, I'm not the only one who can do this work; many of us figured out the G-Nex together, on a different XDA thread. If you've already done the relevant hacking on your bootloader and know how it stores the lockstate, send me the info and I'd be happy to add it to BootUnlocker.
The Following User Says Thank You to segv11 For This Useful Post: [ Click to Expand ]
 
LoveNFC
Old
#6  
Senior Member
Thanks Meter 61
Posts: 161
Join Date: May 2012
Excellent application. But a question:

Does this now also mean that a tech-savvy thief would be able to unlock the bootloader without wiping data? Assuming that my phone is rooted and I don't place a PIN on the lockscreen.
 
Smabbage
Old
(Last edited by Smabbage; 25th June 2012 at 09:56 PM.)
#7  
Smabbage's Avatar
Senior Member
Thanks Meter 22
Posts: 177
Join Date: May 2010
Location: Lost in Arkansas
I had to backup my ROM before I jumped in feet first. Tested a lock and a unlock and I can now say it worked without a hitch. Thanks to everyone involved in the production of this APP.
I NEVER Fail!!

I simply redefine my objectives.

Widget Locker Themes: http://smabbage.atspace.co.uk/ (Set up a new free website. Hope it holds out. )
The Following User Says Thank You to Smabbage For This Useful Post: [ Click to Expand ]
 
segv11
Old
#8  
segv11's Avatar
Senior Member - OP
Thanks Meter 425
Posts: 340
Join Date: Mar 2012
Quote:
Originally Posted by LoveNFC View Post
Excellent application. But a question:

Does this now also mean that a tech-savvy thief would be able to unlock the bootloader without wiping data? Assuming that my phone is rooted and I don't place a PIN on the lockscreen.
Yes, if your phone was rooted and you had no PIN/password the thief could use this to unlock the bootloader without wiping data. But if you were rooted with no PIN, you've got bigger problems than this app.

For example: a thief (or even a "visitor") could run Titanium Backup and then copy the backup off the device.
The Following User Says Thank You to segv11 For This Useful Post: [ Click to Expand ]
 
NCguy
Old
#9  
Senior Member
Thanks Meter 147
Posts: 1,144
Join Date: Jul 2010
Location: NC
Quote:
Originally Posted by LoveNFC View Post
Excellent application. But a question:

Does this now also mean that a tech-savvy thief would be able to unlock the bootloader without wiping data? Assuming that my phone is rooted and I don't place a PIN on the lockscreen.
If your phone is already rooted and you don't have a pin then the thief doesn't need to unlock, he can just walk in and help himself.
 
NCguy
Old
#10  
Senior Member
Thanks Meter 147
Posts: 1,144
Join Date: Jul 2010
Location: NC
Segv11, congrats!

If the google play GNs use this to relock their bootloaders will a fastboot unlock do a wipe or will the play store devices still fail to wipe?

Tags
bootloader, galaxy nexus, nexus 10, nexus 4, root
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes