Post Reply

[APP][2015-01-09][root][GNex/Dev] BootUnlocker for Nexus Devices -- version 1.6.1

OP segv11

25th June 2012, 10:15 PM   |  #1  
segv11's Avatar
OP Senior Member
Thanks Meter: 473
 
367 posts
Join Date:Joined: Mar 2012
More
NEW: Even though it is not a Nexus device, the OnePlus One is now supported.

BootUnlocker for Nexus Devices -- Unlock your bootloader without fastboot.

This application REQUIRES a Galaxy Nexus (maguro, toro or toroplus), Nexus 4 (mako), Nexus 5 (hammerhead), Nexus 7 2013 (deb or flo), Nexus 10 (manta), or OnePlus One (bacon / A0001), with root.


You've rooted your device, and you are trying to decide between the security of relocking your bootloader (with stock recovery and USB Debugging off), and the flexibility of leaving it unlocked.

You know that in order to prevent an unauthorized user from accessing your data by flashing a custom recovery, "fastboot oem unlock" wipes your data. This also means that if you relock your bootloader, you will need to do a full backup-and-restore whenever you decide to unlock it again.

BootUnlocker for Nexus Devices lets you have the best of both worlds by using root privileges to unlock your bootloader from within Android, without wiping your data. This allows you to keep your bootloader locked for security, with this application safely protected behind your lockscreen password. Whenever you want to unlock or relock your bootloader, just unlock your screen and run BootUnlocker.




License
BootUnlocker for Nexus Devices is Open Source Software, licensed under the Apache License, Version 2.0:
http://www.apache.org/licenses/LICENSE-2.0.html.
You can redistribute, reuse, or modify this software as permitted under this license.

Source code is maintained on Google Code, along current and previous versions of the complied application:
https://code.google.com/p/boot-unlocker-gnex/

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

For support, please leave a comment on this thread, or open an issue on the Google Code project page.

Downloads
Last edited by segv11; 12th January 2015 at 10:23 AM.
The Following 97 Users Say Thank You to segv11 For This Useful Post: [ View ]
25th June 2012, 10:21 PM   |  #2  
segv11's Avatar
OP Senior Member
Thanks Meter: 473
 
367 posts
Join Date:Joined: Mar 2012
More
How It Works
BootUnlocker for Nexus Devices avoids using "fastboot oem unlock", with its associated "userdata" wipe. When fastboot unlocks it updates a lock status flag, stored on a partition of your device's internal storage. Device partitions, positions and state values (locked/unlocked) are as follows:
  • On the Galaxy Nexus, the bootloader uses position 0x000007C of the "param" partition, stored as 01 / 00.
  • On the Nexus 10, the bootloader uses position 0x0000224 of the "param" partition, stored as 00 / 01.
  • On the Nexus 4 and Nexus 5, the bootloaders use position 0x0004010 of the "misc" partition, stored as 00 / 01. The Nexus 4 and Nexus 5 bootloaders also keep a "Tamper" flag at position 0x0004014 of the "misc" partition. It is stored as 00 / 01 (untampered/tampered).
  • On the Nexus 7 (2013), the bootloader uses position 0x04FFC00 of the "aboot" partition, stored as 00 / 02.
  • On the OnePlus One, the bootloader uses position 0x000FFE10 of the "aboot" partition, stored as 00 / 01. The OnePlus One has a "Tamper" flag, at position 0x000FFE14 of the "aboot" partition.

On devices with Tamper flag locations listed above, BootUnlocker for Nexus Devices can also set and clear this flag. You can also view this flag using "fastboot oem device-info".

BootUnlocker uses root privileges to write to to the appropriate location directly, bypassing fastboot. This allows you to lock and unlock your bootloader from within Android, without wiping your "userdata" partition.

The technique used was discovered through the efforts of several contributors on http://forum.xda-developers.com/show...650830&page=13

Special thanks go to those who posted raw images of their device partitions, helped with/conducted the analysis, or put their devices in harm's way to beta test: efrant, osm0sis, iuss, Archpope, AdamOutler, NCguy, Raftysworld, Mach3.2, Meep70, Polarfuchs, and others. This application could not have been written without their contributions.

To learn more about how this app works, and plans for future functionality, follow this project on Google Code, or subscribe the application's XDA thread: http://bit.ly/BootUnlocker

Please note that the Nexus 7 (2012 version) cannot be supported in BootUnlocker. See this XDA thread for an alternative: http://forum.xda-developers.com/show....php?t=2068207
Last edited by segv11; 12th January 2015 at 10:26 AM.
The Following 22 Users Say Thank You to segv11 For This Useful Post: [ View ]
25th June 2012, 10:22 PM   |  #3  
segv11's Avatar
OP Senior Member
Thanks Meter: 473
 
367 posts
Join Date:Joined: Mar 2012
More
ChangeLog
Version 1.6.1:
  • Adds support for bacon / A0001 (OnePlus One)

Version 1.5.2:
  • Updated wording for tamper flag management

Version 1.5.1:
  • Adds support for flo and deb (Nexus 7 2013)
  • Adds tamper flag management on mako (Nexus 4) and hammerhead (Nexus 5)

Version 1.5beta2:
  • Experimental tamper flag management on mako (Nexus 4) and hammerhead (Nexus 5)

Version 1.5beta1:
  • Experimental support for flo and deb (Nexus 7 2013)

Version 1.4:
  • Adds support for hammerhead (Nexus 5)

Version 1.3.2 Beta:
  • Experimental support for hammerhead (Nexus 5)

Version 1.3:
  • Adds support for mako (Nexus 4)

Version 1.2.5 Beta:
  • Experimental support for mako (Nexus 4)

Version 1.2:
  • Adds support for manta (Nexus 10)
  • Adds status area (bottom-left) to display information about the device and app

Version 1.2 Beta 1:
  • Adds support for manta (Nexus 10)

Version 1.1:
  • Adds support for toroplus (Sprint Galaxy Nexus)
  • Corrects multiple-su-request issue for users of ChainsDD's Superuser app

Version 1.0:
  • Initial Release on XDA and Play Store

Version 0.9 Beta:
  • Fixed race conditions from exec()ing su on the main thread
  • Removed the need for busybox

Version 0.8 Beta:
  • New launcher icons and screenshots

Version 0.7 Beta:
  • Device restrictions in the Manifest to prevent installation on many non-Galaxy Nexus devices

Version 0.6 Beta:
  • Checks that you have a toro or maguro device before doing anything.
  • Makes diagnostic output to logcat.
  • Various code cleanups

Version 0.5 ALPHA:
  • First testing Release on XDA
Last edited by segv11; 12th January 2015 at 10:27 AM.
The Following 7 Users Say Thank You to segv11 For This Useful Post: [ View ]
25th June 2012, 10:27 PM   |  #4  
Thegodfather156's Avatar
Senior Member
Flag Portland, Oregon
Thanks Meter: 46
 
553 posts
Join Date:Joined: Oct 2010
More
thanks for this OP. sweet app
25th June 2012, 10:30 PM   |  #5  
segv11's Avatar
OP Senior Member
Thanks Meter: 473
 
367 posts
Join Date:Joined: Mar 2012
More
How to help bring BootUnlocker to new Nexus devices
For those of you who are thinking of helping to bring this app to a new device, you should know what is involved. First, it should be a Nexus device, with "fastboot oem unlock" and "fastboot oem lock". Second you should know which devices are already supported, and which we probably can't support.

You will want up-to-date nandroids, copied off-device. Backup your /sdcard off-device too, as nandroids don't save this.

The general idea is that we take images of all the partitions, in both the locked and unlocked states. We then compare them to see where the changes were. Once we've figured it out, we test it by flashing back the appropriate images to make sure that they change the lockstate of the device. If we can't figure it out, we will need to unlock your device using "fastboot oem unlock", which will wipe ALL of /data, including /sdcard...

If your device started locked, we would:
  1. run "ls -lR /dev/block" and send me the result
  2. I'll send back a list of "dd" commands to dump all the paritions to /sdcard
  3. dump all the partitions
  4. take md5's of each image for quick change detection
  5. copy the images off-device
  6. reboot bootloader
  7. fastboot oem lock
  8. reboot
  9. dump all the partitions again, to a different directory
  10. take md5's of each new image for quick change detections
  11. copy new the images off-device

If your device started locked, we would:
  1. run "ls -lR /dev/block" and send me the result
  2. I'll send back a list of "dd" commands to dump all the paritions to /sdcard
  3. dump all the partitions
  4. take md5's of each image for quick change detection
  5. copy the images off-device
  6. reboot bootloader
  7. fastboot oem unlock (wipes device!)
  8. reboot
  9. re-enable ADB debugging
  10. dump all the partitions again, to a different directory
  11. take md5's of each new image for quick change detections
  12. copy new the images off-device
  13. restore a nandroid of userdata


At this point, we can use the md5's to check which partitions have changed, which are hopefully only a few. We'll discuss which ones seem "interesting", so you can zip up and send as few images as necessary. I'll run "xxd" to make hexdumps of them, and "diff" and friends to analyze them.

If we have a candidate set of changes, then you would use dd to copy back the relevant image(s) and reboot bootloader, to verify that this does indeed unlock and lock the device. If everything works, then I can change BootUnlocker to recognize the device. If things don't work, and you want an unlocked bootloader, you will need to unlock it with "fastboot oem unlock" and then restore your nandroid.

As you can see, there is a significant risk of data loss. You also need to be comfortable with fastboot, adb, and the adb/linux shell on your device. And of course, you need root.

We've got the Galaxy Nexus, Nexus 4, and Nexus 10 in the bag. The ASUS bootloader in the Nexus 7 (2012 edition) stores the lockstate using device-specific encryption; we cannot support that device. If you've got some other Nexus device and feel like some hacking, PM me and we'll see if we can figure your device out.

On the other hand, I'm not the only one who can do this work; many of us figured out the G-Nex together, on a different XDA thread. If you've already done the relevant hacking on your bootloader and know how it stores the lockstate, send me the info and I'd be happy to add it to BootUnlocker.
Last edited by segv11; 14th August 2013 at 07:11 AM. Reason: Moved from later in the thread
The Following User Says Thank You to segv11 For This Useful Post: [ View ]
25th June 2012, 10:48 PM   |  #6  
Senior Member
Thanks Meter: 62
 
161 posts
Join Date:Joined: May 2012
Excellent application. But a question:

Does this now also mean that a tech-savvy thief would be able to unlock the bootloader without wiping data? Assuming that my phone is rooted and I don't place a PIN on the lockscreen.
25th June 2012, 10:54 PM   |  #7  
Smabbage's Avatar
Senior Member
Flag Lost in Arkansas
Thanks Meter: 25
 
187 posts
Join Date:Joined: May 2010
More
I had to backup my ROM before I jumped in feet first. Tested a lock and a unlock and I can now say it worked without a hitch. Thanks to everyone involved in the production of this APP.
Last edited by Smabbage; 25th June 2012 at 10:56 PM.
The Following User Says Thank You to Smabbage For This Useful Post: [ View ]
25th June 2012, 11:00 PM   |  #8  
segv11's Avatar
OP Senior Member
Thanks Meter: 473
 
367 posts
Join Date:Joined: Mar 2012
More
Quote:
Originally Posted by LoveNFC

Excellent application. But a question:

Does this now also mean that a tech-savvy thief would be able to unlock the bootloader without wiping data? Assuming that my phone is rooted and I don't place a PIN on the lockscreen.

Yes, if your phone was rooted and you had no PIN/password the thief could use this to unlock the bootloader without wiping data. But if you were rooted with no PIN, you've got bigger problems than this app.

For example: a thief (or even a "visitor") could run Titanium Backup and then copy the backup off the device.
The Following User Says Thank You to segv11 For This Useful Post: [ View ]
25th June 2012, 11:13 PM   |  #9  
Senior Member
Flag NC
Thanks Meter: 194
 
1,384 posts
Join Date:Joined: Jul 2010
More
Quote:
Originally Posted by LoveNFC

Excellent application. But a question:

Does this now also mean that a tech-savvy thief would be able to unlock the bootloader without wiping data? Assuming that my phone is rooted and I don't place a PIN on the lockscreen.

If your phone is already rooted and you don't have a pin then the thief doesn't need to unlock, he can just walk in and help himself.
25th June 2012, 11:22 PM   |  #10  
Senior Member
Flag NC
Thanks Meter: 194
 
1,384 posts
Join Date:Joined: Jul 2010
More
Segv11, congrats!

If the google play GNs use this to relock their bootloaders will a fastboot unlock do a wipe or will the play store devices still fail to wipe?

The Following User Says Thank You to NCguy For This Useful Post: [ View ]
Post Reply Subscribe to Thread

Tags
bootloader, galaxy nexus, nexus 10, nexus 4, root
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes