[LOKI] Bootloader hack official FAQ thread

Search This thread

JarrettG

New member
Dec 16, 2012
4
2
Updated of 'Loki-enabled' Version of ClockwordMod Recovery?

Is there a way, or available, to update the ClockworkMod Recovery I'm using of my SGS4 (AT&T) with this solution? It's been on 6.0.4.7 (if I'm remembering correctly) forever.

Thanks.
 

przyrodnik35

Member
Jun 28, 2014
15
3
Hi!
Could someone port it to LG G4c? I would like to get help by somebody because I don't know how to find a secure key.
 

caez360@hotmail.com

New member
Apr 27, 2016
1
0
hello i can donwgrade from lollipop 5.0.1 OK2 to 4.2.2 MDK , and flash loky pacht?? and install recovery TWRP ? NO BRICKED THE PHONE TTO INSTALL STOCK ROM 4.4.2 FROM SAMMOBILE ?
 

StoneyJSG

Senior Member
Jul 28, 2014
1,197
194
I don't think loki can be ported to another device as it's a bypass for the at&t s4. You can only use loki on that device running the MDB or MDL bootloader.

Once you are on Android 4.3 or later (MK2, NB1, etc.) you cannot go back to a previous version with the exception of NB1 I think it is.

So if you're on Android 4.2.2 you're good to install Loki, any other version is a no go.
 

BBRecon

Senior Member
May 2, 2016
94
35
So, if you have an OC4 bootloader for example, it's not possible to downflash to a vulnerable bootloader so that we can exploit this flaw?
 

Top Liked Posts

  • There are no posts matching your filters.
  • 402
    I just released Loki, a set of tools for developers and users to flash custom kernels and recoveries on the AT&T and Verizon branded Samsung Galaxy S4.

    The tool is available at:
    https://github.com/djrbliss/loki

    The technical details on how the exploit works are described at:
    http://blog.azimuthsecurity.com/2013/05/exploiting-samsung-galaxy-s4-secure-boot.html

    This is a support thread that I will check regularly until I decide to hand over support to the community. Feel free to ask any questions, and I may add the answers to this post. As a guideline, if it's a question that's already been answered in this thread or in the README for Loki, I will ignore it.


    Does this make any permanent changes to the device?

    No permanent changes are made to your device when using loki_flash. The bootloader itself is untouched. By restoring the original system, boot, and recovery images (via Odin or otherwise), the device will be in a stock state.

    Can this be patched?

    Absolutely. Any update that includes a new aboot will almost definitely cause your custom kernel or recovery to fail to boot without running it through loki_patch again, and if the update contains a fix for the vulnerability Loki exploits, it may permanently prevent using the tool. It's possible for Samsung to ship an update that prevents downgrading aboot to a vulnerable version, so I recommend avoiding installing any OTA updates without confirmation that it's safe.

    What about the bounty?

    As usual, I encourage anyone looking to donate (as part of the bounty or otherwise) to give their money to a reputable charity organization instead. If you insist on donating to me, I'm sure you can find my Paypal account somehow. ;)

    This all seems complicated. What about a step-by-step guide?

    These tools are primarily intended for developers, who will be able to use them and provide ordinary users with easy ways to flash custom ROMs. Be patient, I'm sure your favorite ROM developer will come up with something for you.

    I've installed a Loki-patched recovery. Can I just install regular custom ROMs now?

    Any ROMs that include a replacement boot.img must be modified to include a Loki-patched boot.lok file instead. Otherwise, your phone will fail to boot until you restore a Samsung-signed boot.img or a custom boot.lok image via your custom recovery, or flash a stock image via Odin.

    So this is just like kexec?

    This is similar to kexec in that it works around a locked bootloader, but this approach is much more flexible and robust. Kernel and recovery developers can build their projects just as they would for an unlocked device, run the final result through Loki, and then it's ready to be flashed. No hackery and brokenness required.
    15
    Thank you very much!!!!

    Sent from my SAMSUNG-SGH-I337 using Tapatalk 2
    15
    Question... what is the benefit to using this method versus an actual unlock? Im honestly just trying to learn and understand.

    Sent from my SCH-I545 using Tapatalk 2

    The biggest benefit is that this actually exists, and the other doesn't.

    Also, there are some perks to not permanently modifying the hardware, such as not setting off any irreversible "warranty voided" flags. Note: I do not encourage warranty fraud in any way.
    13
    Thats good to know!

    Will Nandroids and such be able to flash? Does the backups use loki also when created?

    You'll definitely be able to flash a Nandroid backup for everything except for the recovery and boot partitions. As for recovery and boot, I suspect that would work fine (assuming the aboot hasn't changed), but I don't know for sure, so I don't encourage you to try it unless you really know what you're doing.
    12
    Hey Dan, I remember a few weeks ago you had posted a photo of AT&T Galaxy S4 on your twitter that had a cracked code listed on the device. Was this the same Loki method or you were able to actually hack into the bootloader?

    I'm not sure what you mean by "actually hack into the bootloader". Loki allows me to execute code in the context of the bootloader, which is pretty much the definition of "hacking" it. For the picture, rather than booting a custom kernel or recovery, I had my code cause the bootloader to print that teaser message. So yes, it was the same method, just a different payload.