5,597,647 Members 33,145 Now Online
XDA Developers Android and Mobile Development Forum

DON'T ACCEPT OTA UPDATES

Tip us?
 
AdamOutler
Old
(Last edited by AdamOutler; 26th January 2013 at 06:35 AM.)
#1  
AdamOutler's Avatar
Recognized Developer - OP
Thanks Meter 9428
Posts: 5,123
Join Date: Feb 2011
Location: Louisiana

 
DONATE TO ME
Default DON'T ACCEPT OTA UPDATES

UPDATE: New Jailbreak here: http://forum.xda-developers.com/show....php?t=2118348







Here's the bottom line up-front
Samsung has inserted code to blacklist our baseline and mitigate our exploits in the bootloader patch they began pushing out last night. You will need to flash the updated bootloader baseline and stock pit in order to restore your device to operational status. The How-To Unlock your Bootloader thread is invalid at this time.

Going Forward
I need your help with CASUAL. In order to mitigate this problem, I began working on a CASUAL update system on January 13. If you feel inconvienced now, contribute to the Casual Update System beta by testing it. Currently, CASUAL is dumb. If there is a problem you won't know until after you flash. The idea behind the Update System is to either update the CASUAL to work again, or kill-switch it and automatically bring you to a thread like this one. Obviously it's infinitely more helpful than a simple failure and I need testing on Windows, Linux, Mac and firewalls.

The CASUAL Unlock method will be updated when we figure it out and it will be possible to auto-update or do a helpful kill-switch in the next version.

Addressing Security Patches:
Recognized Developer Ralekdev has began work on a new exploit. It's not going to be as simple as it was before.

Bootloader Blacklisting
You can view the updated code here: http://pastie.org/private/zzfhwlrgeeuzweiccjdpvg#22
Previously, Odin Mode would accept any SBOOT with the proper signature. Samsung has implemented a blacklist which causes properly signed flashes to fail if they are contained in the blacklist.
Code:
      bytes_to_hexstr(BL1_blacklist_str, base_addr + 0x1BF0, 16);
      if ( !strcmp(BL1_blacklist_str, BL1_blacklists[i]) )
      {
        sub_43E03A00("BL1 of the blacklist - %s\n", BL1_blacklists[i]);
        return -1;
      }
The old bootloader contained random ARM hex data "CD D2 04 85 63 83 52 7C C9 8A 97 1A CD 30 78 FB".. The new one contains an identifier "EXYNOS_4412 1220". The new bootloader is also programmed to not be able to flash itself.

Non-Header Code Execution
You can view the updated code here: http://pastie.org/private/ryxaraypnnhbmtt6nswvq
Previously, if the ANDROID header was missing from the kernel, SBOOT would execute the partition as raw ARM code. This allowed Ralekdev's exploit to jump into the SBOOT.bin and execute download mode without security checks. However the code has been replaced..
Code:
  if ( !memcmp(v5, "ANDROID!", 8) )
  {
    *** DO NORMAL SECURE BOOT ****
  }
  else
  {
    dprintf("Could not do normal boot. (invalid magic)\n");// this is where we exploited it last time to load my code
    s5p_start_download_mode(v9);
  }
  return 0;
}
So obviously, this execution of arbitrary code exploit has been patched.



Conclusion
We are working to bring a new exploit and make it easier that the last one. Ralekdev will be analyzing and working on a new exploit. I will work on deployment techniques. For now if youre having problems, flash back to stock and root your device.
Flash with Odin on Windows, Linux and Mac. Use JOdin3, Available in a web browser or offline
Check out my developer pages. Add me to your circles on Google Plus.
The Following 71 Users Say Thank You to AdamOutler For This Useful Post: [ Click to Expand ]
 
idle0095
Old
#2  
idle0095's Avatar
Senior Member
Thanks Meter 163
Posts: 1,737
Join Date: Dec 2006
Location: ▂ ▃ ▅ ▆ █
Why cant Samsung and Verizon just leave this **** alone and let android be real AOSP.
GOOGLE Glass (The Glass Explorer Program)
LG G Flex GSM Global
OPPO N1 GSM
Samsung Galaxy Note 3 (Verizon)
Nexus 5 (Unlocked)
LG G2 (Verizon)

 
Previous Devices
Samsung Galaxy S4 (VZW)
Nexus 7 2013
LG Optimus G Pro AT&T
HTC ONE AT&T
IPAD 3
LG NEXUS 4 AT&T
Samsung Galaxy Note 2 (VZW)
HTC Droid DNA
Samsung Galaxy Note (AT&T)
Galaxy Nexus


Thanks for the F-Shack, Love Dirty Mike and the Boys
The Following 3 Users Say Thank You to idle0095 For This Useful Post: [ Click to Expand ]
 
1ManWolfePack
Old
#3  
1ManWolfePack's Avatar
Senior Member
Thanks Meter 1529
Posts: 2,049
Join Date: Jul 2012
Default Re: DO NOT ACCEPT OTA UPDATES!

Thanks for the update. I had a bad feeling about trying it last night. One of the only times I've ever hesitated in android. I'm sure you guys will figure it out.

Thanks!

Sent from my SCH-I605 using Tapatalk 2
 
DaRkL3AD3R
Old
#4  
DaRkL3AD3R's Avatar
Senior Member
Thanks Meter 214
Posts: 706
Join Date: Dec 2010
Damn!

Should've known they'd take whatever chances they can to lock this thing up ASAP.

Thanks for the hard work everyone. It's much appreciated.
Samsung Galaxy Note 2 on Verizon
Cyanogen Mod 11 Nightlies
The Following User Says Thank You to DaRkL3AD3R For This Useful Post: [ Click to Expand ]
 
iflip
Old
(Last edited by iflip; 19th January 2013 at 07:07 PM.)
#5  
Senior Member
Thanks Meter 43
Posts: 689
Join Date: Apr 2010
Default Re: DO NOT ACCEPT OTA UPDATES!

Quote:
Originally Posted by idle0095 View Post
Why cant Samsung and Verizon just leave this **** alone and let android be real AOSP.
+1!!! I'm hoping sometime in the future that there will be a nexus device that would be similar to this phone. Full aosp stock Android, Large, stylus included and have an aosp feature comparable to multi Window. It's the greatest innovation for Android ever made so far.

Sent from my SCH-I605 using Tapatalk 2
The Following User Says Thank You to iflip For This Useful Post: [ Click to Expand ]
 
adrynalyne
Old
#6  
adrynalyne's Avatar
Recognized Developer
Thanks Meter 5661
Posts: 9,618
Join Date: Dec 2008
I warned people not to flash it. I warned, and it was brushed aside because someone thought you could re-unlock (without 100% confirmation).

http://forum.xda-developers.com/show....php?t=2106158

Thanks for more information on the issue.
If you like what I do, buy me a brew!
The Following 10 Users Say Thank You to adrynalyne For This Useful Post: [ Click to Expand ]
 
imablackhat
Old
#7  
imablackhat's Avatar
Senior Member
Thanks Meter 256
Posts: 1,871
Join Date: Sep 2005
Default Re: DO NOT ACCEPT OTA UPDATES!

What about us people of like clean rom 4.0.5 international rom.

We're already unlocked and rooted. As long as we never take otas it can't ruin anything and I can always flash roms from the forum? You can't even get otas on this rom.

Sent from my SCH-I605 using xda app-developers app
 
adrynalyne
Old
#8  
adrynalyne's Avatar
Recognized Developer
Thanks Meter 5661
Posts: 9,618
Join Date: Dec 2008
Quote:
Originally Posted by imablackhat View Post
What about us people of like clean rom 4.0.5 international rom.

We're already unlocked and rooted. As long as we never take otas it can't ruin anything and I can always flash roms from the forum? You can't even get otas on this rom.

Sent from my SCH-I605 using xda app-developers app
You answered your own question.
If you like what I do, buy me a brew!
The Following 3 Users Say Thank You to adrynalyne For This Useful Post: [ Click to Expand ]
 
1ManWolfePack
Old
#9  
1ManWolfePack's Avatar
Senior Member
Thanks Meter 1529
Posts: 2,049
Join Date: Jul 2012
Default Re: DO NOT ACCEPT OTA UPDATES!

Quote:
Originally Posted by imablackhat View Post
What about us people of like clean rom 4.0.5 international rom.

We're already unlocked and rooted. As long as we never take otas it can't ruin anything and I can always flash roms from the forum? You can't even get otas on this rom.

Sent from my SCH-I605 using xda app-developers app
Obviously you're fine. Stay where you're at.

Sent from my SCH-I605 using Tapatalk 2
The Following User Says Thank You to 1ManWolfePack For This Useful Post: [ Click to Expand ]
 
scrosler
Old
(Last edited by scrosler; 19th January 2013 at 09:27 PM.)
#10  
scrosler's Avatar
Recognized Developer
Thanks Meter 47260
Posts: 21,869
Join Date: Feb 2007
Location: Fargo

 
DONATE TO ME
Quote:
Originally Posted by adrynalyne View Post
You answered your own question.
That was funny!



Here is the part about the OTA that is being left out.

If you look at the OTA it wont execute the updater portion of bootloader until the end.

The first thing the OTA does is examine the partitions, files, etc to see if they have been altered... If the checks fail the OTA just quits with error 7 (or 8 I forget). When it quits nothing flashes. This will occur on pretty much any custom ROM unless you edit the OTA to bypass the checks (see next line)...

I'm not saying be stupid and TRY to flash the OTA on a custom ROM but I built an L4 base last night with the OTA so you really dont need to anyways. To do this I had to remove those checks I just mentioned.

This thread should be sticked in two forums, this and general, because people thinking about rooting and on the edge need to do so now before the stock ROM forces the OTA!


But as far as a custom ROM accepting and succesfully flashing the OTA? Pretty much zero to none. Trust me on this ;c)


-Scott

The Following 16 Users Say Thank You to scrosler For This Useful Post: [ Click to Expand ]
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes