Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,814,319 Members 51,341 Now Online
XDA Developers Android and Mobile Development Forum

DON'T ACCEPT OTA UPDATES

Tip us?
 
AdamOutler
Old
(Last edited by AdamOutler; 26th January 2013 at 06:35 AM.)
#1  
AdamOutler's Avatar
Recognized Developer - OP
Thanks Meter 9,627
Posts: 5,197
Join Date: Feb 2011
Location: Louisiana

 
DONATE TO ME
Default DON'T ACCEPT OTA UPDATES

UPDATE: New Jailbreak here: http://forum.xda-developers.com/show....php?t=2118348







Here's the bottom line up-front
Samsung has inserted code to blacklist our baseline and mitigate our exploits in the bootloader patch they began pushing out last night. You will need to flash the updated bootloader baseline and stock pit in order to restore your device to operational status. The How-To Unlock your Bootloader thread is invalid at this time.

Going Forward
I need your help with CASUAL. In order to mitigate this problem, I began working on a CASUAL update system on January 13. If you feel inconvienced now, contribute to the Casual Update System beta by testing it. Currently, CASUAL is dumb. If there is a problem you won't know until after you flash. The idea behind the Update System is to either update the CASUAL to work again, or kill-switch it and automatically bring you to a thread like this one. Obviously it's infinitely more helpful than a simple failure and I need testing on Windows, Linux, Mac and firewalls.

The CASUAL Unlock method will be updated when we figure it out and it will be possible to auto-update or do a helpful kill-switch in the next version.

Addressing Security Patches:
Recognized Developer Ralekdev has began work on a new exploit. It's not going to be as simple as it was before.

Bootloader Blacklisting
You can view the updated code here: http://pastie.org/private/zzfhwlrgeeuzweiccjdpvg#22
Previously, Odin Mode would accept any SBOOT with the proper signature. Samsung has implemented a blacklist which causes properly signed flashes to fail if they are contained in the blacklist.
Code:
      bytes_to_hexstr(BL1_blacklist_str, base_addr + 0x1BF0, 16);
      if ( !strcmp(BL1_blacklist_str, BL1_blacklists[i]) )
      {
        sub_43E03A00("BL1 of the blacklist - %s\n", BL1_blacklists[i]);
        return -1;
      }
The old bootloader contained random ARM hex data "CD D2 04 85 63 83 52 7C C9 8A 97 1A CD 30 78 FB".. The new one contains an identifier "EXYNOS_4412 1220". The new bootloader is also programmed to not be able to flash itself.

Non-Header Code Execution
You can view the updated code here: http://pastie.org/private/ryxaraypnnhbmtt6nswvq
Previously, if the ANDROID header was missing from the kernel, SBOOT would execute the partition as raw ARM code. This allowed Ralekdev's exploit to jump into the SBOOT.bin and execute download mode without security checks. However the code has been replaced..
Code:
  if ( !memcmp(v5, "ANDROID!", 8) )
  {
    *** DO NORMAL SECURE BOOT ****
  }
  else
  {
    dprintf("Could not do normal boot. (invalid magic)\n");// this is where we exploited it last time to load my code
    s5p_start_download_mode(v9);
  }
  return 0;
}
So obviously, this execution of arbitrary code exploit has been patched.



Conclusion
We are working to bring a new exploit and make it easier that the last one. Ralekdev will be analyzing and working on a new exploit. I will work on deployment techniques. For now if youre having problems, flash back to stock and root your device.
Flash with Odin on Windows, Linux and Mac. Use JOdin3, Available in a web browser or offline
Check out my developer pages. Add me to your circles on Google Plus.
Wanna see the longest Linux BASH script ever made? click here.
The Following 72 Users Say Thank You to AdamOutler For This Useful Post: [ Click to Expand ]
 
idle0095
Old
#2  
idle0095's Avatar
Senior Member
Thanks Meter 228
Posts: 2,037
Join Date: Dec 2006
Location: ▂ ▃ ▅ ▆ █
Why cant Samsung and Verizon just leave this **** alone and let android be real AOSP.
GOOGLE Glass (The Glass Explorer Program)
Samsung Galaxy S5 Verizon
Samsung Galaxy Note 3 (Verizon)
GEAR 2 & GEAR 2 NEO
Sony SW2 & Pebble Steel & Qualcomm Toq

 
Other Devices
LGG2 Verizon
Nexus 5 (Unlocked)
Samsung Galaxy S4 (VZW)
Nexus 7 2013
LG Optimus G Pro AT&T
HTC ONE AT&T
IPAD 4
LG NEXUS 4 AT&T
Samsung Galaxy Note 2 (VZW)

Thanks for the F-Shack, Love Dirty Mike and the Boys
Click Thanks If I helped
The Following 3 Users Say Thank You to idle0095 For This Useful Post: [ Click to Expand ]
 
1ManWolfePack
Old
#3  
Account currently disabled
Thanks Meter 1,764
Posts: 2,366
Join Date: Jul 2012
Default Re: DO NOT ACCEPT OTA UPDATES!

Thanks for the update. I had a bad feeling about trying it last night. One of the only times I've ever hesitated in android. I'm sure you guys will figure it out.

Thanks!

Sent from my SCH-I605 using Tapatalk 2
 
DaRkL3AD3R
Old
#4  
DaRkL3AD3R's Avatar
Senior Member
Thanks Meter 228
Posts: 745
Join Date: Dec 2010
Damn!

Should've known they'd take whatever chances they can to lock this thing up ASAP.

Thanks for the hard work everyone. It's much appreciated.
Samsung Galaxy Note 2 on Verizon
Cyanogen Mod 11 Nightlies
The Following User Says Thank You to DaRkL3AD3R For This Useful Post: [ Click to Expand ]
 
iflip
Old
(Last edited by iflip; 19th January 2013 at 07:07 PM.)
#5  
Senior Member
Thanks Meter 46
Posts: 708
Join Date: Apr 2010
Default Re: DO NOT ACCEPT OTA UPDATES!

Quote:
Originally Posted by idle0095 View Post
Why cant Samsung and Verizon just leave this **** alone and let android be real AOSP.
+1!!! I'm hoping sometime in the future that there will be a nexus device that would be similar to this phone. Full aosp stock Android, Large, stylus included and have an aosp feature comparable to multi Window. It's the greatest innovation for Android ever made so far.

Sent from my SCH-I605 using Tapatalk 2
The Following User Says Thank You to iflip For This Useful Post: [ Click to Expand ]
 
adrynalyne
Old
#6  
adrynalyne's Avatar
Recognized Developer
Thanks Meter 5,671
Posts: 9,620
Join Date: Dec 2008
I warned people not to flash it. I warned, and it was brushed aside because someone thought you could re-unlock (without 100% confirmation).

http://forum.xda-developers.com/show....php?t=2106158

Thanks for more information on the issue.
If you like what I do, buy me a brew!
The Following 10 Users Say Thank You to adrynalyne For This Useful Post: [ Click to Expand ]
 
imablackhat
Old
#7  
imablackhat's Avatar
Senior Member
Thanks Meter 261
Posts: 1,926
Join Date: Sep 2005
Default Re: DO NOT ACCEPT OTA UPDATES!

What about us people of like clean rom 4.0.5 international rom.

We're already unlocked and rooted. As long as we never take otas it can't ruin anything and I can always flash roms from the forum? You can't even get otas on this rom.

Sent from my SCH-I605 using xda app-developers app
 
adrynalyne
Old
#8  
adrynalyne's Avatar
Recognized Developer
Thanks Meter 5,671
Posts: 9,620
Join Date: Dec 2008
Quote:
Originally Posted by imablackhat View Post
What about us people of like clean rom 4.0.5 international rom.

We're already unlocked and rooted. As long as we never take otas it can't ruin anything and I can always flash roms from the forum? You can't even get otas on this rom.

Sent from my SCH-I605 using xda app-developers app
You answered your own question.
If you like what I do, buy me a brew!
The Following 3 Users Say Thank You to adrynalyne For This Useful Post: [ Click to Expand ]
 
1ManWolfePack
Old
#9  
Account currently disabled
Thanks Meter 1,764
Posts: 2,366
Join Date: Jul 2012
Default Re: DO NOT ACCEPT OTA UPDATES!

Quote:
Originally Posted by imablackhat View Post
What about us people of like clean rom 4.0.5 international rom.

We're already unlocked and rooted. As long as we never take otas it can't ruin anything and I can always flash roms from the forum? You can't even get otas on this rom.

Sent from my SCH-I605 using xda app-developers app
Obviously you're fine. Stay where you're at.

Sent from my SCH-I605 using Tapatalk 2
The Following User Says Thank You to 1ManWolfePack For This Useful Post: [ Click to Expand ]
 
scrosler
Old
(Last edited by scrosler; 19th January 2013 at 09:27 PM.)
#10  
scrosler's Avatar
Recognized Developer
Thanks Meter 51,831
Posts: 23,666
Join Date: Feb 2007
Location: Fargo

 
DONATE TO ME
Quote:
Originally Posted by adrynalyne View Post
You answered your own question.
That was funny!



Here is the part about the OTA that is being left out.

If you look at the OTA it wont execute the updater portion of bootloader until the end.

The first thing the OTA does is examine the partitions, files, etc to see if they have been altered... If the checks fail the OTA just quits with error 7 (or 8 I forget). When it quits nothing flashes. This will occur on pretty much any custom ROM unless you edit the OTA to bypass the checks (see next line)...

I'm not saying be stupid and TRY to flash the OTA on a custom ROM but I built an L4 base last night with the OTA so you really dont need to anyways. To do this I had to remove those checks I just mentioned.

This thread should be sticked in two forums, this and general, because people thinking about rooting and on the edge need to do so now before the stock ROM forces the OTA!


But as far as a custom ROM accepting and succesfully flashing the OTA? Pretty much zero to none. Trust me on this ;c)


-Scott

The Following 16 Users Say Thank You to scrosler For This Useful Post: [ Click to Expand ]
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes