Here's the bottom line up-front
Samsung has inserted code to blacklist our baseline and mitigate our exploits in the bootloader patch they began pushing out last night. You will need to flash the updated bootloader baseline and stock pit in order to restore your device to operational status. The How-To Unlock your Bootloader thread is invalid at this time.
Going Forward
I need your help with CASUAL. In order to mitigate this problem, I began working on a CASUAL update system on January 13. If you feel inconvienced now, contribute to the Casual Update System beta by testing it. Currently, CASUAL is dumb. If there is a problem you won't know until after you flash. The idea behind the Update System is to either update the CASUAL to work again, or kill-switch it and automatically bring you to a thread like this one. Obviously it's infinitely more helpful than a simple failure and I need testing on Windows, Linux, Mac and firewalls.
The CASUAL Unlock method will be updated when we figure it out and it will be possible to auto-update or do a helpful kill-switch in the next version.
Addressing Security Patches:
Recognized Developer Ralekdev has began work on a new exploit. It's not going to be as simple as it was before.
Bootloader Blacklisting
You can view the updated code here: http://pastie.org/private/zzfhwlrgeeuzweiccjdpvg#22
Previously, Odin Mode would accept any SBOOT with the proper signature. Samsung has implemented a blacklist which causes properly signed flashes to fail if they are contained in the blacklist.
Code:
bytes_to_hexstr(BL1_blacklist_str, base_addr + 0x1BF0, 16);
if ( !strcmp(BL1_blacklist_str, BL1_blacklists[i]) )
{
sub_43E03A00("BL1 of the blacklist - %s\n", BL1_blacklists[i]);
return -1;
}
The old bootloader contained random ARM hex data "CD D2 04 85 63 83 52 7C C9 8A 97 1A CD 30 78 FB".. The new one contains an identifier "EXYNOS_4412 1220". The new bootloader is also programmed to not be able to flash itself.
Non-Header Code Execution
You can view the updated code here: http://pastie.org/private/ryxaraypnnhbmtt6nswvq
Previously, if the ANDROID header was missing from the kernel, SBOOT would execute the partition as raw ARM code. This allowed Ralekdev's exploit to jump into the SBOOT.bin and execute download mode without security checks. However the code has been replaced..
Code:
if ( !memcmp(v5, "ANDROID!", 8) )
{
*** DO NORMAL SECURE BOOT ****
}
else
{
dprintf("Could not do normal boot. (invalid magic)\n");// this is where we exploited it last time to load my code
s5p_start_download_mode(v9);
}
return 0;
}
So obviously, this execution of arbitrary code exploit has been patched.
Conclusion
We are working to bring a new exploit and make it easier that the last one. Ralekdev will be analyzing and working on a new exploit. I will work on deployment techniques. For now if youre having problems, flash back to stock and root your device.
I ignore PMs with questions that could be answered by searching. If you PM me, I probly won't respond.
Check out my developer pages. Add me to your circles on Google Plus.
Thanks for the update. I had a bad feeling about trying it last night. One of the only times I've ever hesitated in android. I'm sure you guys will figure it out.
Why cant Samsung and Verizon just leave this **** alone and let android be real AOSP.
+1!!! I'm hoping sometime in the future that there will be a nexus device that would be similar to this phone. Full aosp stock Android, Large, stylus included and have an aosp feature comparable to multi Window. It's the greatest innovation for Android ever made so far.
What about us people of like clean rom 4.0.5 international rom.
We're already unlocked and rooted. As long as we never take otas it can't ruin anything and I can always flash roms from the forum? You can't even get otas on this rom.
Sent from my SCH-I605 using xda app-developers app
What about us people of like clean rom 4.0.5 international rom.
We're already unlocked and rooted. As long as we never take otas it can't ruin anything and I can always flash roms from the forum? You can't even get otas on this rom.
Sent from my SCH-I605 using xda app-developers app
What about us people of like clean rom 4.0.5 international rom.
We're already unlocked and rooted. As long as we never take otas it can't ruin anything and I can always flash roms from the forum? You can't even get otas on this rom.
Sent from my SCH-I605 using xda app-developers app
Here is the part about the OTA that is being left out.
If you look at the OTA it wont execute the updater portion of bootloader until the end.
The first thing the OTA does is examine the partitions, files, etc to see if they have been altered... If the checks fail the OTA just quits with error 7 (or 8 I forget). When it quits nothing flashes. This will occur on pretty much any custom ROM unless you edit the OTA to bypass the checks (see next line)...
I'm not saying be stupid and TRY to flash the OTA on a custom ROM but I built an L4 base last night with the OTA so you really dont need to anyways. To do this I had to remove those checks I just mentioned.
This thread should be sticked in two forums, this and general, because people thinking about rooting and on the edge need to do so now before the stock ROM forces the OTA!
But as far as a custom ROM accepting and succesfully flashing the OTA? Pretty much zero to none. Trust me on this ;c)
When writing an app with performance in mind, you most likely want to write it native code using the … more
XDA Developers was founded by developers, for developers. It is now a valuable resource for people who want to make the most of their mobile devices, from customizing the look and feel to adding new functionality. Are you a developer?
Introducing XDA:DevCon – A Conference For Developers By Developers
>
DON'T ACCEPT OTA UPDATES
Print
Email
DON'T ACCEPT OTA UPDATES
View Profile
View Forum Posts
Follow on Twitter
Follow on Google+
View GitHub profile
Visit Homepage
View Facebook page
Linear Mode
