Search results

This thread is for people currently working on unlocking the Galaxy S7 Active bootloader. Developers only. If you do not want to help unlock the device, please do not post in this thread. Here are possible attack vectors -- let me know if you are aware of any others: 1. crafted boot.img that...

I can escalate to root and arbitrarily change SELinux policies. The kicker is that I cannot modify the /system partition, boot.img, recovery.img, or aboot.img without breaking signatures. Is there a way to make the entire supersu system work without modifying these partitions? I tried making an...

Anyone care to share a datasheet on the msm8996? Also called APQ8096? I want to learn about the fuses to see just how hard it will be to pop the bootloader. If anyone has any leads, I'd appreciate it :)

Does anyone know if the bootloader is (cryptographically) verified at boot? I'm thinking about taking a crack at popping it open, but I don't want to skip easy mode if its available. Long story short -- if I land a patched bootloader (aboot.img, not boot.img) will I have a paperweight?

I flashed a Galaxy S7 Active (ATT) with a TWRP recovery image that I built. To my dismay, when I rebooted I got: "Custom binary blocked by SECURE BOOT (recovery.img)" This is different from the OEM lock in the developer menu since that has been turned on. Is there any way around this, short...

Hey all, I wrote an exploit to use cow root to pull/push images. I've only tested it on the Galaxy S7 Active, but it should also work for other arm64 phones. Let me know how it works out for you all! https://github.com/freddierice/farm-root Also, don't run `make push` if you don't know what...