Welcome to XDA

Search to go directly to your device's forum

Register an account

Unlock full posting privileges

Ask a question

No registration required
Post Reply

DON'T ACCEPT OTA UPDATES

OP AdamOutler

19th January 2013, 07:51 PM   |  #1  
UPDATE: New Jailbreak here: http://forum.xda-developers.com/show....php?t=2118348







Here's the bottom line up-front
Samsung has inserted code to blacklist our baseline and mitigate our exploits in the bootloader patch they began pushing out last night. You will need to flash the updated bootloader baseline and stock pit in order to restore your device to operational status. The How-To Unlock your Bootloader thread is invalid at this time.

Going Forward
I need your help with CASUAL. In order to mitigate this problem, I began working on a CASUAL update system on January 13. If you feel inconvienced now, contribute to the Casual Update System beta by testing it. Currently, CASUAL is dumb. If there is a problem you won't know until after you flash. The idea behind the Update System is to either update the CASUAL to work again, or kill-switch it and automatically bring you to a thread like this one. Obviously it's infinitely more helpful than a simple failure and I need testing on Windows, Linux, Mac and firewalls.

The CASUAL Unlock method will be updated when we figure it out and it will be possible to auto-update or do a helpful kill-switch in the next version.

Addressing Security Patches:
Recognized Developer Ralekdev has began work on a new exploit. It's not going to be as simple as it was before.

Bootloader Blacklisting
You can view the updated code here: http://pastie.org/private/zzfhwlrgeeuzweiccjdpvg#22
Previously, Odin Mode would accept any SBOOT with the proper signature. Samsung has implemented a blacklist which causes properly signed flashes to fail if they are contained in the blacklist.
Code:
      bytes_to_hexstr(BL1_blacklist_str, base_addr + 0x1BF0, 16);
      if ( !strcmp(BL1_blacklist_str, BL1_blacklists[i]) )
      {
        sub_43E03A00("BL1 of the blacklist - %s\n", BL1_blacklists[i]);
        return -1;
      }
The old bootloader contained random ARM hex data "CD D2 04 85 63 83 52 7C C9 8A 97 1A CD 30 78 FB".. The new one contains an identifier "EXYNOS_4412 1220". The new bootloader is also programmed to not be able to flash itself.

Non-Header Code Execution
You can view the updated code here: http://pastie.org/private/ryxaraypnnhbmtt6nswvq
Previously, if the ANDROID header was missing from the kernel, SBOOT would execute the partition as raw ARM code. This allowed Ralekdev's exploit to jump into the SBOOT.bin and execute download mode without security checks. However the code has been replaced..
Code:
  if ( !memcmp(v5, "ANDROID!", 8) )
  {
    *** DO NORMAL SECURE BOOT ****
  }
  else
  {
    dprintf("Could not do normal boot. (invalid magic)\n");// this is where we exploited it last time to load my code
    s5p_start_download_mode(v9);
  }
  return 0;
}
So obviously, this execution of arbitrary code exploit has been patched.



Conclusion
We are working to bring a new exploit and make it easier that the last one. Ralekdev will be analyzing and working on a new exploit. I will work on deployment techniques. For now if youre having problems, flash back to stock and root your device.
Last edited by AdamOutler; 26th January 2013 at 07:35 AM.
The Following 72 Users Say Thank You to AdamOutler For This Useful Post: [ View ]
19th January 2013, 07:55 PM   |  #2  
idle0095's Avatar
Senior Member
Flag ▂ ▃ ▅ ▆ █
Thanks Meter: 352
 
2,108 posts
Join Date:Joined: Dec 2006
More
Why cant Samsung and Verizon just leave this **** alone and let android be real AOSP.
The Following 3 Users Say Thank You to idle0095 For This Useful Post: [ View ]
19th January 2013, 07:56 PM   |  #3  
Account currently disabled
Thanks Meter: 1,765
 
2,366 posts
Join Date:Joined: Jul 2012
More
Re: DO NOT ACCEPT OTA UPDATES!
Thanks for the update. I had a bad feeling about trying it last night. One of the only times I've ever hesitated in android. I'm sure you guys will figure it out.

Thanks!

Sent from my SCH-I605 using Tapatalk 2
19th January 2013, 07:59 PM   |  #4  
DaRkL3AD3R's Avatar
Senior Member
Thanks Meter: 228
 
745 posts
Join Date:Joined: Dec 2010
More
Damn!

Should've known they'd take whatever chances they can to lock this thing up ASAP.

Thanks for the hard work everyone. It's much appreciated.
The Following User Says Thank You to DaRkL3AD3R For This Useful Post: [ View ]
19th January 2013, 08:03 PM   |  #5  
Senior Member
Thanks Meter: 46
 
708 posts
Join Date:Joined: Apr 2010
Re: DO NOT ACCEPT OTA UPDATES!
Quote:
Originally Posted by idle0095

Why cant Samsung and Verizon just leave this **** alone and let android be real AOSP.

+1!!! I'm hoping sometime in the future that there will be a nexus device that would be similar to this phone. Full aosp stock Android, Large, stylus included and have an aosp feature comparable to multi Window. It's the greatest innovation for Android ever made so far.

Sent from my SCH-I605 using Tapatalk 2
Last edited by iflip; 19th January 2013 at 08:07 PM.
The Following User Says Thank You to iflip For This Useful Post: [ View ]
19th January 2013, 08:07 PM   |  #6  
adrynalyne's Avatar
Recognized Developer
Thanks Meter: 5,772
 
9,787 posts
Join Date:Joined: Dec 2008
I warned people not to flash it. I warned, and it was brushed aside because someone thought you could re-unlock (without 100% confirmation).

http://forum.xda-developers.com/show....php?t=2106158

Thanks for more information on the issue.
The Following 10 Users Say Thank You to adrynalyne For This Useful Post: [ View ]
19th January 2013, 08:10 PM   |  #7  
imablackhat's Avatar
Senior Member
Thanks Meter: 262
 
1,926 posts
Join Date:Joined: Sep 2005
Re: DO NOT ACCEPT OTA UPDATES!
What about us people of like clean rom 4.0.5 international rom.

We're already unlocked and rooted. As long as we never take otas it can't ruin anything and I can always flash roms from the forum? You can't even get otas on this rom.

Sent from my SCH-I605 using xda app-developers app
19th January 2013, 08:12 PM   |  #8  
adrynalyne's Avatar
Recognized Developer
Thanks Meter: 5,772
 
9,787 posts
Join Date:Joined: Dec 2008
Quote:
Originally Posted by imablackhat

What about us people of like clean rom 4.0.5 international rom.

We're already unlocked and rooted. As long as we never take otas it can't ruin anything and I can always flash roms from the forum? You can't even get otas on this rom.

Sent from my SCH-I605 using xda app-developers app

You answered your own question.
The Following 3 Users Say Thank You to adrynalyne For This Useful Post: [ View ]
19th January 2013, 08:13 PM   |  #9  
Account currently disabled
Thanks Meter: 1,765
 
2,366 posts
Join Date:Joined: Jul 2012
More
Re: DO NOT ACCEPT OTA UPDATES!
Quote:
Originally Posted by imablackhat

What about us people of like clean rom 4.0.5 international rom.

We're already unlocked and rooted. As long as we never take otas it can't ruin anything and I can always flash roms from the forum? You can't even get otas on this rom.

Sent from my SCH-I605 using xda app-developers app

Obviously you're fine. Stay where you're at.

Sent from my SCH-I605 using Tapatalk 2
The Following User Says Thank You to 1ManWolfePack For This Useful Post: [ View ]
19th January 2013, 09:20 PM   |  #10  
scrosler's Avatar
Recognized Developer
Flag Fargo
Thanks Meter: 56,417
 
25,034 posts
Join Date:Joined: Feb 2007
Donate to Me
Quote:
Originally Posted by adrynalyne

You answered your own question.

That was funny!



Here is the part about the OTA that is being left out.

If you look at the OTA it wont execute the updater portion of bootloader until the end.

The first thing the OTA does is examine the partitions, files, etc to see if they have been altered... If the checks fail the OTA just quits with error 7 (or 8 I forget). When it quits nothing flashes. This will occur on pretty much any custom ROM unless you edit the OTA to bypass the checks (see next line)...

I'm not saying be stupid and TRY to flash the OTA on a custom ROM but I built an L4 base last night with the OTA so you really dont need to anyways. To do this I had to remove those checks I just mentioned.

This thread should be sticked in two forums, this and general, because people thinking about rooting and on the edge need to do so now before the stock ROM forces the OTA!


But as far as a custom ROM accepting and succesfully flashing the OTA? Pretty much zero to none. Trust me on this ;c)


-Scott
Last edited by scrosler; 19th January 2013 at 10:27 PM.

The Following 16 Users Say Thank You to scrosler For This Useful Post: [ View ]
Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes