CVE-2014-0973: Possible Bootloader Unlock?

Status
Not open for further replies.
Search This thread

eragon5779

Senior Member
Dec 1, 2013
320
148
Samsung Galaxy Tab S4
LG G8
A new CVE was found yesterday pertaining to the Little Kernel bootloader, which is closely related to the Samsung bootloader. This CVE would allow us to load our own images and possibly unlock the bootloader permanently. There is a patch for it; however, first looks suggest that the S5 bootloader may not be patched if it is exploitable. The link below explains the CVE and includes the link for the patch.

https://www.codeaurora.org/projects...arsing-during-boot-image-authentication-leads

Feel free to discuss this. However, please follow the forum rules, and only discuss bootloader subjects on this thread.

Sent from my ROOTED white SM-G900V using XDA Premium 4
 
Last edited:
  • Like
Reactions: kprice8

Dennisg34

Senior Member
Jan 30, 2013
1,295
654
New Hampshire
If this is something that's confirmed from another Dev would be awesome if they or @geohot can exploit this as well, and I would be willing to pay more money towards this for an unlocked BL.
 

eragon5779

Senior Member
Dec 1, 2013
320
148
Samsung Galaxy Tab S4
LG G8
If this is something that's confirmed from another Dev would be awesome if they or @geohot can exploit this as well, and I would be willing to pay more money towards this for an unlocked BL.

I was hoping to maybe get @djrbliss involved. He unlocked the S4 bootloader. But I'm not sure how busy he is.

Sent from my ROOTED white SM-G900V using XDA Premium 4
 
Last edited:

typxyt

Senior Member
Dec 2, 2012
132
81
Someone start a bounty? I'd be willing to donate as I did for root.

Sent from my SM-G900V using Tapatalk
 

Franzie3

Senior Member
Sep 24, 2010
1,709
853
Newburgh, NY
Little side note,.....You know its funny how the community works. On one had, 2 months ago we had one of the most secured phones on the market. Then we had a community up in arms about not having root bootloader unlock etc etc. Not so much up in arms maybe but upset root didn't come as quick as it did. Fast forward 1 month, people learning to live without root, people giving up all hope and dumping the device, people getting further frustrated, and many people looking into any exploit found to see if it can be done for us. And then another month later we get root and everything that happened before hand is gone....people learnign to live without it - rooted, people who gave up - rooted, those who were frustrated - rooted and can finally sleep at night.

Now something like this comes up.....
It sounds like it may work just based on the CVE description, but im not sure how much it pertains to the S5. I'm happy with root and man if this worked the flood gates will truly open.
 

Travisholt92

Senior Member
Jun 28, 2012
1,369
1,225
32
Fort Wayne, Indiana
OnePlus 8
OnePlus 8T
Wow the community has picked up alotttttt since root has been obtained. I can only imagine the potential this phone has with a cm based rom *starts to drool at the thought* and to think I was one of those who was about to ditch the s5 and switch to the m8. I sincerely thank every developer putting effort into making this dream a reality. If it weren't so hard for me to find a job right now I would be donating like crazy to everybody involved.
 

davidstre

Senior Member
Feb 25, 2009
336
134
NYNY
Idk if starting a bounty for everything: root, safestrap, and bootloader is really a good idea. I mean I get it for some stuff like root, obviously that was needed but do you guys really want to have to buy every single mod? maybe we should cool our heels a bit enjoy root and see what comes our way before we start opening up our wallets, you can always donate after the fact.

Sent from my SM-G900V using XDA Premium 4 mobile app
 
G

GuestK00143

Guest
No need for that yet, as this isn't confirmed if it's related to us.

Idk if starting a bounty for everything: root, safestrap, and bootloader is really a good idea. I mean I get it for some stuff like root, obviously that was needed but do you guys really want to have to buy every single mod? maybe we should cool our heels a bit enjoy root and see what comes our way before we start opening up our wallets, you can always donate after the fact.

Sent from my SM-G900V using XDA Premium 4 mobile app
I agree 100%.
 

Dennisg34

Senior Member
Jan 30, 2013
1,295
654
New Hampshire
Idk if starting a bounty for everything: root, safestrap, and bootloader is really a good idea. I mean I get it for some stuff like root, obviously that was needed but do you guys really want to have to buy every single mod? maybe we should cool our heels a bit enjoy root and see what comes our way before we start opening up our wallets, you can always donate after the fact.

Sent from my SM-G900V using XDA Premium 4 mobile app

Never thought we'd need a bounty, just as you said to donate to whoever could find the exploit for an unlocked BL. SS would be next no matter what, with rumors he's currently looking into it for us, but what we really need is a dev to see this and see if this is anything special, or like with the bounty thread, just a bunch of nothing. I will agree with you here, for once ;)

Sent from my SM-G900V using XDA Free mobile app
 

elgiraffe

Senior Member
Dec 25, 2011
66
14
Idk if starting a bounty for everything: root, safestrap, and bootloader is really a good idea. I mean I get it for some stuff like root, obviously that was needed but do you guys really want to have to buy every single mod? maybe we should cool our heels a bit enjoy root and see what comes our way before we start opening up our wallets, you can always donate after the fact.

Sent from my SM-G900V using XDA Premium 4 mobile app

I agree. I'm happy that geohot got the bounty(and a thousand thanks to the man!!!), but let's not jump the gun on this one. I'm no dev so I have no idea on this, but I think that the past 2 months shows that if we're just patient then it will come. The bounty pages are a huge hassle for moderators and the whole concept is a little iffy if you ask me. Don't get me wrong, I pledged and will be donating on Friday. But I think if we are just patient and donate to the devs like we should be anyway, everything will work out. This phone is too popular not to get devs working on it.

Again, a million thanks to all the devs that have made my tinkering dreams come true(a full computer to tinker with any time in my pocket... priceless). If I'm out of line here, then just ignore me. But I can't wait to see if this exploit pans out!!!
 
Last edited:

eragon5779

Senior Member
Dec 1, 2013
320
148
Samsung Galaxy Tab S4
LG G8
Idk if starting a bounty for everything: root, safestrap, and bootloader is really a good idea. I mean I get it for some stuff like root, obviously that was needed but do you guys really want to have to buy every single mod? maybe we should cool our heels a bit enjoy root and see what comes our way before we start opening up our wallets, you can always donate after the fact.

Sent from my SM-G900V using XDA Premium 4 mobile app

I agree. I don't want to start another bounty. If people want to donate to whoever figures it out, if it is figured out, then that's awesome. They support the devs who put a lot of time into this kind of stuff. But a bounty shouldn't be one of the first things started for unlocking/rooting a phone.

Sent from my ROOTED white SM-G900V using XDA Premium 4
 

Franzie3

Senior Member
Sep 24, 2010
1,709
853
Newburgh, NY
before we get to excited, has anyone privately reached out to one of the devs to see if this is even reasonable to do with the GS5?
 
D

Deleted member 4684318

Guest
This would be way too awesome

Energized from SM-G900V
 

Legitsu

Senior Member
Aug 30, 2013
1,475
518
probably the quickest path to croms would be chain-loading instead of dicking around unlocking the boot-loader and risking a hardbrick
also can we not discuss easily patched exploits on the public boards ... come on people this is how stuff gets patched
 
Last edited:
  • Like
Reactions: Shaffer678

BigBot96

Senior Member
Mar 17, 2012
1,558
2,377
Ooltewah
android.garrettek.com
probably the quickest path to croms would be chain-loading instead of dicking around unlocking the boot-loader and risking a hardbrick
also can we not discuss easily patched exploits on the public boards ... come on people this is how stuff gets patched

Well with root (as long as the SDM apk is removed) we don't have to worry about Samsung/VZW forcing a patch on us.. so this isn't that big of a problem anymore. :good:
 
D

Deleted member 4684318

Guest
Well with root (as long as the SDM apk is removed) we don't have to worry about Samsung/VZW forcing a patch on us.. so this isn't that big of a problem anymore. :good:

What about people who buy the phone after they've patched? If they don't know what to patch they probably won't invest the time into figuring it out.

Energized from SM-G900V
 

vacaloca

Senior Member
Jun 11, 2010
263
115
What about people who buy the phone after they've patched? If they don't know what to patch they probably won't invest the time into figuring it out.

Energized from SM-G900V

Even if Samsung has their own source tree for lk/aboot, it's wouldn't be surprising that (a) they already know about this and (b) they might have patched it already in their own sources. The real question is if it's patched in the binary that's on the phone.. and the way to figure that out is to disassemble the code knowing what you're looking for. And no, I do not care to do this.. I'm not qualified to.. because I know people will ask :p
 

Legitsu

Senior Member
Aug 30, 2013
1,475
518
it really doesn't matter what the bootloader is the kernel as far as I know doesn't have a signature check enforced even if it does you could write a chain--loader to get around it then its just a matter of
stock bootloader > stock kernel > our kernel > our rom
of course writing the code and making the necessary modifications to /system and /data are complicated at best foolhardy at worst
 
Last edited:
Status
Not open for further replies.

Top Liked Posts

  • There are no posts matching your filters.
  • 4
    Idk if starting a bounty for everything: root, safestrap, and bootloader is really a good idea. I mean I get it for some stuff like root, obviously that was needed but do you guys really want to have to buy every single mod? maybe we should cool our heels a bit enjoy root and see what comes our way before we start opening up our wallets, you can always donate after the fact.

    Sent from my SM-G900V using XDA Premium 4 mobile app
    4
    Yeah that was pretty rude of him wasnt it? Wow, great communicator to the crowd that one...

    Think about it this way. There are two ways to handle when this situation arises
    1) Identify the specific thread or user and say something, effectively calling them out.
    2) Use a generalization to get the same point across (aka tact)

    Keep in mind people are probably spamming him and @djrbliss to crazy town on these.
    Professionally he did communicate that well. It gets the message across without singling anyone out.

    So, in summary, it's being said that this can't be exploited by a known security expert.
    Let's call it a day on this one unless something changes that.
    Thank you for your time.
    3
    Little side note,.....You know its funny how the community works. On one had, 2 months ago we had one of the most secured phones on the market. Then we had a community up in arms about not having root bootloader unlock etc etc. Not so much up in arms maybe but upset root didn't come as quick as it did. Fast forward 1 month, people learning to live without root, people giving up all hope and dumping the device, people getting further frustrated, and many people looking into any exploit found to see if it can be done for us. And then another month later we get root and everything that happened before hand is gone....people learnign to live without it - rooted, people who gave up - rooted, those who were frustrated - rooted and can finally sleep at night.

    Now something like this comes up.....
    It sounds like it may work just based on the CVE description, but im not sure how much it pertains to the S5. I'm happy with root and man if this worked the flood gates will truly open.
    1
    A new CVE was found yesterday pertaining to the Little Kernel bootloader, which is closely related to the Samsung bootloader. This CVE would allow us to load our own images and possibly unlock the bootloader permanently. There is a patch for it; however, first looks suggest that the S5 bootloader may not be patched if it is exploitable. The link below explains the CVE and includes the link for the patch.

    https://www.codeaurora.org/projects...arsing-during-boot-image-authentication-leads

    Feel free to discuss this. However, please follow the forum rules, and only discuss bootloader subjects on this thread.

    Sent from my ROOTED white SM-G900V using XDA Premium 4
    1
    Someone start a bounty? I'd be willing to donate as I did for root.

    Sent from my SM-G900V using Tapatalk

    No need for that yet, as this isn't confirmed if it's related to us.