• XDA Forums have been migrated to XenForo. We are aware of several issues including missing threads, logins not working, and more. To discuss, use this thread.

Palm phone firmware?

terence.tan

New member
Jan 13, 2017
38
78
0
Canberra
keybase.io
So I've spent the last several hours going through the files, and I believe the answers to your above questions are yes, yes, and YES! It appears that this contains EVERYTHING that you mentioned, but it also looks like there are a bunch of extra goodies that the creators put in (like a bunch of other drivers and such) before they had firmly decided which hardware components to use. Another awesome thing- the file contains none of the Verizon system apps or files that come preinstalled on the Verizon version. So this means that once i finish flashing this on to my Verizon version, I expect that it will finally be free from that bloat.

Unfortunately, I don't know enough about developing to be able to get rooted and change system files...
But if anyone can point me in the right direction, I can try to tweak the stock rom into a battery/storagespace friendly custom ROM. If I can get something that works on one of my PVG100s, then I'll make the custom ROM available for ya'll on Dropbox or something.
Any ideas for where to begin? I just have Android studio, no special hardware/equipment.
Hi all,

I've inspected the file "PVG100/PVG100_OpenSource_SourceCode_20181016.tar.xz" and I'm afraid the answer is "no".

The archive contains source code to the Linux kernel for PVG100 and for some other utilities. They will be very useful for developing a ROM (or recovery) for the device. But useless for gaining access via fastboot/EDL in the first place.

Every Android phone runs millions of lines of code from hundreds of different software projects. Some projects are released as free software under the GNU General Public License (GPL); some are released under other open source licences; and some are proprietary and you have no rights to the source code.

The archive contains all the GPL source code but none of the other code. So it is valuable to a developer, but only part of what we need. It's been released because that's a legal condition of the GPL, not necessarily to help developers.

Exactly! That's what I want to do since the beginning! (see my posts about QPST and UFST). You can also enter EDL mode with the adb reboot EDL command!

Do programmer files for phones with the same CPU work?
I consider this very unlikely.

Every "firehose programmer" file has a digital signature that is unique to the model of device and generated by the manufacturer. This is because Android uses Verified Boot, which uses cryptography to ensure that each file loaded has been authorised by the manufacturer. This is why a Pixel 3 firehose programmer (for instance) won't work on the Palm.

I would be happy to be proven wrong here!

Otherwise you will need a PVG100-specific firehose programmer file. This will be available from Palm/TCL but they will be very unlikely to give it to you. It's possible it may also be "leaked" from authorised repair shops, if you can find one that services Palm devices and convince them of the need.

One last question for you experts: what is the full list of files needed for programs like QPST to work when the phone is in "Qualcomm HS-USB QDLoader 9008" mode (the COM port device name of this phone in EDL mode)?
How many .mbn or .hex files and what do they exactly do?
How many .xml files and what do they exactly do?
I can't speak in specific terms, but in general:

There will be a single .xml file and it will be a "catalog" of files to flash, along with their parameters and other information.

There will be an .mbn file or equivalent for each partition on the device. Enough files to restore a device to factory-fresh condition from blank. There can be more than 20 partitions on the device. The Android developer documentation on Partitions and Images can give you an idea of what's involved, noting that Qualcomm devices can have even more specialised partitions than that.

Typically these files are released by the manufacturer when they want to give users a way to self-service restore a "bricked" phone. As opposed to sending it back to an authorised repair shop. Not all manufacturers release these files. I don't think Palm will.

I should note that the EDL is one way of flashing custom code to a device, but if someone finds a way to access (and unlock) fastboot, that's probably the better approach.

I would imagine that its a combination of holding down the power button and going throught a number of reboot cycles, but i dont know.
That will get you into recovery mode.

It's the supported way of getting into recovery, but to me it seems a gross hack: you "crash" the system boot 3 times in a row, then Android notices you're having trouble booting and redirects you to the recovery screen. Would not be necessary if we just had volume-up and volume-down buttons.

I don't know how to access fastboot mode, but here are some random suggestions that someone with too much time can try:

  • Using a "recovery cable". Already suggested. Already reported not to work?
  • Some Wear OS smartwatches can access fastboot via "swiping from top left to bottom right" during boot?
  • Plug in a USB headset and hold down the headset button during boot? (I tried this and all it got me was EDL mode...)
  • Disassembling the device and looking for test points?
  • Just ask Palm really nicely?


---------- Post added at 21:43 ---------- Previous post was at 21:30 ----------

When Verizon pushed out their most recent update, I kept a copy of "logcat" and copied the URLs of the update packages.

They mainly consist of "delta" upgrade files, which means they only contain the changes since the previous version; not a full copy.

So I don't think they'll be of much use to anybody. But in case you want to have a poke around:

https://cdn2.vzwdm.com/PVG_PVG100_v1AGN-0_v1AMD-0.bin (539 MB)
https://cdn2.vzwdm.com/PVG_PVG100_v1AGL-0_v1AGN-0.bin (102 MB)
 

StormSeeker1

New member
Sep 22, 2019
74
8
0
Hi all,

I've inspected the file "PVG100/PVG100_OpenSource_SourceCode_20181016.tar.xz" and I'm afraid the answer is "no".

The archive contains source code to the Linux kernel for PVG100 and for some other utilities. They will be very useful for developing a ROM (or recovery) for the device. But useless for gaining access via fastboot/EDL in the first place.

Every Android phone runs millions of lines of code from hundreds of different software projects. Some projects are released as free software under the GNU General Public License (GPL); some are released under other open source licences; and some are proprietary and you have no rights to the source code.

The archive contains all the GPL source code but none of the other code. So it is valuable to a developer, but only part of what we need. It's been released because that's a legal condition of the GPL, not necessarily to help developers.



I consider this very unlikely.

Every "firehose programmer" file has a digital signature that is unique to the model of device and generated by the manufacturer. This is because Android uses Verified Boot, which uses cryptography to ensure that each file loaded has been authorised by the manufacturer. This is why a Pixel 3 firehose programmer (for instance) won't work on the Palm.

I would be happy to be proven wrong here!

Otherwise you will need a PVG100-specific firehose programmer file. This will be available from Palm/TCL but they will be very unlikely to give it to you. It's possible it may also be "leaked" from authorised repair shops, if you can find one that services Palm devices and convince them of the need.



I can't speak in specific terms, but in general:

There will be a single .xml file and it will be a "catalog" of files to flash, along with their parameters and other information.

There will be an .mbn file or equivalent for each partition on the device. Enough files to restore a device to factory-fresh condition from blank. There can be more than 20 partitions on the device. The Android developer documentation on Partitions and Images can give you an idea of what's involved, noting that Qualcomm devices can have even more specialised partitions than that.

Typically these files are released by the manufacturer when they want to give users a way to self-service restore a "bricked" phone. As opposed to sending it back to an authorised repair shop. Not all manufacturers release these files. I don't think Palm will.

I should note that the EDL is one way of flashing custom code to a device, but if someone finds a way to access (and unlock) fastboot, that's probably the better approach.



That will get you into recovery mode.

It's the supported way of getting into recovery, but to me it seems a gross hack: you "crash" the system boot 3 times in a row, then Android notices you're having trouble booting and redirects you to the recovery screen. Would not be necessary if we just had volume-up and volume-down buttons.

I don't know how to access fastboot mode, but here are some random suggestions that someone with too much time can try:

  • Using a "recovery cable". Already suggested. Already reported not to work?
  • Some Wear OS smartwatches can access fastboot via "swiping from top left to bottom right" during boot?
  • Plug in a USB headset and hold down the headset button during boot? (I tried this and all it got me was EDL mode...)
  • Disassembling the device and looking for test points?
  • Just ask Palm really nicely?


---------- Post added at 21:43 ---------- Previous post was at 21:30 ----------

When Verizon pushed out their most recent update, I kept a copy of "logcat" and copied the URLs of the update packages.

They mainly consist of "delta" upgrade files, which means they only contain the changes since the previous version; not a full copy.

So I don't think they'll be of much use to anybody. But in case you want to have a poke around:

https://cdn2.vzwdm.com/PVG_PVG100_v1AGN-0_v1AMD-0.bin (539 MB)
https://cdn2.vzwdm.com/PVG_PVG100_v1AGL-0_v1AGN-0.bin (102 MB)
Wow! Great comprehensive advice, sir! Thank you so much for all the explanations!
According to my understanding, just 1 or 2 .mbn files are needed to flash or to backup the whole phone memory, not 20 (but probably I'm wrong). Please have a look at the interface of the eMMC Software Download application in the QPST suite and let me know...above all, please tell me: are any .mbn or .xml files needed for READING ALL the phone partitions to get a backup or is it just a matter of having the correct Windows drivers and the phone in the right COM interface mode? I'm not getting it...
 

terence.tan

New member
Jan 13, 2017
38
78
0
Canberra
keybase.io
Wow! Great comprehensive advice, sir! Thank you so much for all the explanations!
According to my understanding, just 1 or 2 .mbn files are needed to flash or to backup the whole phone memory, not 20 (but probably I'm wrong). Please have a look at the interface of the eMMC Software Download application in the QPST suite and let me know...above all, please tell me: are any .mbn or .xml files needed for READING ALL the phone partitions to get a backup or is it just a matter of having the correct Windows drivers and the phone in the right COM interface mode? I'm not getting it...
I think it's possible. The .xml file is the "program" for the firehose programmer. So you could possibly construct one to backup the entire device.

But you need that firehose programmer. As I understand, without one of these you'll get nowhere.
 

terence.tan

New member
Jan 13, 2017
38
78
0
Canberra
keybase.io
Security is a thing

Google and hardware vendors spend a lot of time and effort to "hardening" the Android boot process. This means that your phone can't be tampered with. Not by the FBI. Not by North Korea. Not by cyber criminals, not by malware authors, not by your employer or ex-partner, not by cosmic rays, and not by hackers or homebrew developers. (That's us).

I alluded to this with Verified Boot above but it's worth repeating. If you want to crack open your own device, you need to either:

  • Breach the device's security
  • Get an official key from the manufacturer
I don't want to discourage anyone. I would like this as much as anyone else! It's possible to break the security; nobody will ever create a 100% secure system that you can still use. And sharing the cool things we've done with hardware is the entire point of this site! I just want to remind us of the reality.
 
Last edited:

Mattzees

New member
Jan 4, 2015
39
0
0
I don't want to discourage anyone. I would like this as much as anyone else! It's possible to break the security; nobody will ever create a 100% secure system that you can still use. And sharing the cool things we've done with hardware is the entire point of this site! I just want to remind us of the reality.
Is there something special about this phone that makes it especially hard to crack, or are you just making a general statement?
 

steeltoe

New member
Mar 29, 2018
46
6
0
Hi all,

I've inspected the file "PVG100/PVG100_OpenSource_SourceCode_20181016.tar.xz" and I'm afraid the answer is "no".

The archive contains source code to the Linux kernel for PVG100 and for some other utilities. They will be very useful for developing a ROM (or recovery) for the device. But useless for gaining access via fastboot/EDL in the first place.

Every Android phone runs millions of lines of code from hundreds of different software projects. Some projects are released as free software under the GNU General Public License (GPL); some are released under other open source licences; and some are proprietary and you have no rights to the source code.

The archive contains all the GPL source code but none of the other code. So it is valuable to a developer, but only part of what we need. It's been released because that's a legal condition of the GPL, not necessarily to help developers.



I consider this very unlikely.

Every "firehose programmer" file has a digital signature that is unique to the model of device and generated by the manufacturer. This is because Android uses Verified Boot, which uses cryptography to ensure that each file loaded has been authorised by the manufacturer. This is why a Pixel 3 firehose programmer (for instance) won't work on the Palm.

I would be happy to be proven wrong here!

Otherwise you will need a PVG100-specific firehose programmer file. This will be available from Palm/TCL but they will be very unlikely to give it to you. It's possible it may also be "leaked" from authorised repair shops, if you can find one that services Palm devices and convince them of the need.



I can't speak in specific terms, but in general:

There will be a single .xml file and it will be a "catalog" of files to flash, along with their parameters and other information.

There will be an .mbn file or equivalent for each partition on the device. Enough files to restore a device to factory-fresh condition from blank. There can be more than 20 partitions on the device. The Android developer documentation on Partitions and Images can give you an idea of what's involved, noting that Qualcomm devices can have even more specialised partitions than that.

Typically these files are released by the manufacturer when they want to give users a way to self-service restore a "bricked" phone. As opposed to sending it back to an authorised repair shop. Not all manufacturers release these files. I don't think Palm will.

I should note that the EDL is one way of flashing custom code to a device, but if someone finds a way to access (and unlock) fastboot, that's probably the better approach.



That will get you into recovery mode.

It's the supported way of getting into recovery, but to me it seems a gross hack: you "crash" the system boot 3 times in a row, then Android notices you're having trouble booting and redirects you to the recovery screen. Would not be necessary if we just had volume-up and volume-down buttons.

I don't know how to access fastboot mode, but here are some random suggestions that someone with too much time can try:

  • Using a "recovery cable". Already suggested. Already reported not to work?
  • Some Wear OS smartwatches can access fastboot via "swiping from top left to bottom right" during boot?
  • Plug in a USB headset and hold down the headset button during boot? (I tried this and all it got me was EDL mode...)
  • Disassembling the device and looking for test points?
  • Just ask Palm really nicely?


---------- Post added at 21:43 ---------- Previous post was at 21:30 ----------

When Verizon pushed out their most recent update, I kept a copy of "logcat" and copied the URLs of the update packages.

They mainly consist of "delta" upgrade files, which means they only contain the changes since the previous version; not a full copy.

So I don't think they'll be of much use to anybody. But in case you want to have a poke around:

https://cdn2.vzwdm.com/PVG_PVG100_v1AGN-0_v1AMD-0.bin (539 MB)
https://cdn2.vzwdm.com/PVG_PVG100_v1AGL-0_v1AGN-0.bin (102 MB)
Excellent work, I actually tried sniffing the urls of the system update, but was unable to due to ?
(ssl pinning???).

I will work on extracting the below image, the first one actually looks like a full system and not just a delta, so this may be a great start. Thanks

---------- Post added at 02:13 AM ---------- Previous post was at 02:09 AM ----------

I am going to try to use https://github.com/cyxx/extract_android_ota_payload to extract the oem updates and see if we can learn anything from it. will post back.

We still need fastboot support though

---------- Post added at 02:30 AM ---------- Previous post was at 02:13 AM ----------

Excellent work, I actually tried sniffing the urls of the system update, but was unable to due to ?
(ssl pinning???).

I will work on extracting the below image, the first one actually looks like a full system and not just a delta, so this may be a great start. Thanks

---------- Post added at 02:13 AM ---------- Previous post was at 02:09 AM ----------

I am going to try to use https://github.com/cyxx/extract_android_ota_payload to extract the oem updates and see if we can learn anything from it. will post back.

We still need fastboot support though
You were right, they are both deltas
 

hardbodyrichert

New member
Oct 15, 2019
22
5
0
Google and hardware vendors spend a lot of time and effort to "hardening" the Android boot process. This means that your phone can't be tampered with. Not by the FBI. Not by North Korea. Not by cyber criminals, not by malware authors, not by your employer or ex-partner, not by cosmic rays, and not by hackers or homebrew developers. (That's us).

I alluded to this with Verified Boot above but it's worth repeating. If you want to crack open your own device, you need to either:

  • Breach the device's security
  • Get an official key from the manufacturer
I don't want to discourage anyone. I would like this as much as anyone else! It's possible to break the security; nobody will ever create a 100% secure system that you can still use. And sharing the cool things we've done with hardware is the entire point of this site! I just want to remind us of the reality.
So I definitely don't want North Korea looking at anybody's secret naked pics or anything... but isn't this the same security problem that ALL rooted phones incur? Or is there something particularly pernicious about unlocking the bootloader that you are warning about?

Also, because I have a few of these already dissected, I am able to find the JTAG contact points. (I don't have a JTAG cable though.) So I see a bunch of little contacts here, but I don't know if I have the equipment to test the contact points to find which to short. I tried looking at where the contact points were on other phones, but that didn't really help since the contact locations on this device are unique. If anyone could advise as to which contacts to short, I can volunteer to try it out on one of my devices. For reference on the contact points, you can look at the contacts in Palm's FCC application images: (see attached .zip)
 
  • Like
Reactions: terence.tan

terence.tan

New member
Jan 13, 2017
38
78
0
Canberra
keybase.io
So I definitely don't want North Korea looking at anybody's secret naked pics or anything... but isn't this the same security problem that ALL rooted phones incur? Or is there something particularly pernicious about unlocking the bootloader that you are warning about?
No special security problem past the usual. I am referring to "unlocking" rather than "rooting" though.

Also, because I have a few of these already dissected, I am able to find the JTAG contact points. (I don't have a JTAG cable though.) So I see a bunch of little contacts here, but I don't know if I have the equipment to test the contact points to find which to short. I tried looking at where the contact points were on other phones, but that didn't really help since the contact locations on this device are unique. If anyone could advise as to which contacts to short, I can volunteer to try it out on one of my devices. For reference on the contact points, you can look at the contacts in Palm's FCC application images: (see attached .zip)
My wild guess would be to short the two contact points southwest of "C3 1813" in the middle of the board, then apply power.
 

StormSeeker1

New member
Sep 22, 2019
74
8
0
I think it's possible. The .xml file is the "program" for the firehose programmer. So you could possibly construct one to backup the entire device.

But you need that firehose programmer. As I understand, without one of these you'll get nowhere.
What do you actually mean by "that firehose programmer"? Is it the .xml file? Or is it a .mbn file? Or is it a hardware box or dongle?

What makes my confusion bigger is that programs like QPST make a lot of confusion between the device on which the flasher program (QPST) runs (the PC) and the device which you want to flash (the phone)! To me it looks like sometimes the term "download" (which appears in the program buttons) is used to mean "transfer from phone to PC", which is perfectly correct, since while you perform that operation you are in front of your PC, using QPST, and some other times it is used to mean "transfer from PC to phone", WHICH IS CRAZY! (When you send file from one device that you are controlling to another device, like you do when you control your PC and send files to a remote web server, then YOU UPLOAD!). This makes me refrain from using those buttons, since I never know if I'm performing harmless READ attempts or destructive WRITE attempts! One question for you: is it possible that all this confusion is caused by the fact that, to READ data from the phone, you need to send some file to the phone? I mean: does eMMC reading require that the flashing program sends some file (.xml? .mbn? .hex?) to the phone before being able to read the phone contents? This would be very strange to me, given the fact that, in my opinion, the purpose of those files should just be to tell the flasher program (QPST) how to interpret data exchanged with the phone, NOT TO SEND FILES TO THE PHONE TO UNLOCK SOME KIND OF SECURITY! I'm puzzled...
 

terence.tan

New member
Jan 13, 2017
38
78
0
Canberra
keybase.io
What do you actually mean by "that firehose programmer"? Is it the .xml file? Or is it a .mbn file? Or is it a hardware box or dongle?
An .mbn file with a filename similar to "prog_emmc_firehose_8940.mbn" but possibly different, only note that it must be signed by Palm and is specific to the PVG100.

As to the rest of the quote. Have a read of this security analysis (it's in 5 parts) and see if it helps clarify.
 

StormSeeker1

New member
Sep 22, 2019
74
8
0
Request sent to palm

Hi guys, I've just sent a message to Palm company, let's see if their are interested in selling their phones or if they prefer losing customers as they are currently doing, considering that the web is full of bad reviews about their product battery life, usability and price. This is what I wrote, please be patient about the fact that I referred to our community as "our team of developers", but I'm sure you know why we have to be altogether to have some appeal on a phone company ;)


Good morning

I'm the owner of two Palm Phones and I'm in contact with my team of fellow developers on XDA Developers Forum. The community (the biggest developer community on the web) would love your phone and all my fellow developers own one or more Palm Phone devices each. But, to push your phone to a wide audience, we must be able to unlock fastboot mode and to use flashing programs, like QPST, QXDM or UFST. And, of course we need the source code for the full operating system. The web is full of videos and reviews blaming Palm for the uselessness of the PVG100, but our team of developers thinks that this phone has a lot of potential to fight current phone trends and we would like to help your company (for free, of course), improving your phone and making more people want to own one, but you'll have to help us in helping you!
What can you do to help us helping you?
To begin with: can you provide us with programmer files to access the phone memory from programs like QPST? Can you tell us how to unlock bootloader (or which contacts on the board need to be shortened to bypass this protection)?

Thank you very much in advance by XDA Developers community, we will make good use of your guidance

---------- Post added at 05:37 AM ---------- Previous post was at 05:24 AM ----------

To all of you: Does anyone know somebody who knows how to reverse-engineer fastboot prevention? I mean, in the following link it shows you that Verizon has protected some phones with an app preventing reboot into fastboot mode, which, when killed, stops preventing it and lets you reboot the phone into fastboot:

https://www.xda-developers.com/unlock-bootloader-verizon-google-pixel-xl/

I'm sure there is a way to debug the system to gain knowledge of which Linux process and then which Android app is responding to the attempt to unlock the bootloader!
 

steeltoe

New member
Mar 29, 2018
46
6
0
Hi guys, I've just sent a message to Palm company, let's see if their are interested in selling their phones or if they prefer losing customers as they are currently doing, considering that the web is full of bad reviews about their product battery life, usability and price. This is what I wrote, please be patient about the fact that I referred to our community as "our team of developers", but I'm sure you know why we have to be altogether to have some appeal on a phone company ;)


Good morning

I'm the owner of two Palm Phones and I'm in contact with my team of fellow developers on XDA Developers Forum. The community (the biggest developer community on the web) would love your phone and all my fellow developers own one or more Palm Phone devices each. But, to push your phone to a wide audience, we must be able to unlock fastboot mode and to use flashing programs, like QPST, QXDM or UFST. And, of course we need the source code for the full operating system. The web is full of videos and reviews blaming Palm for the uselessness of the PVG100, but our team of developers thinks that this phone has a lot of potential to fight current phone trends and we would like to help your company (for free, of course), improving your phone and making more people want to own one, but you'll have to help us in helping you!
What can you do to help us helping you?
To begin with: can you provide us with programmer files to access the phone memory from programs like QPST? Can you tell us how to unlock bootloader (or which contacts on the board need to be shortened to bypass this protection)?

Thank you very much in advance by XDA Developers community, we will make good use of your guidance

---------- Post added at 05:37 AM ---------- Previous post was at 05:24 AM ----------

To all of you: Does anyone know somebody who knows how to reverse-engineer fastboot prevention? I mean, in the following link it shows you that Verizon has protected some phones with an app preventing reboot into fastboot mode, which, when killed, stops preventing it and lets you reboot the phone into fastboot:

https://www.xda-developers.com/unlock-bootloader-verizon-google-pixel-xl/

I'm sure there is a way to debug the system to gain knowledge of which Linux process and then which Android app is responding to the attempt to unlock the bootloader!
Just a quick update, based on the released kernel source code. The palm is vulnerable to cve 2019-2215. I have tested it using the following code https://github.com/arpruss/cve2019-2215-3.18/ and it appears to work. Now all we need a is a root exploit based on this.
 

terence.tan

New member
Jan 13, 2017
38
78
0
Canberra
keybase.io
Just a quick update, based on the released kernel source code. The palm is vulnerable to cve 2019-2215. I have tested it using the following code https://github.com/arpruss/cve2019-2215-3.18/ and it appears to work. Now all we need a is a root exploit based on this.
Huh, by coincidence @arpruss was a developer of Palm software way back in history when Palm was the famous company who made PDAs, not who they are today.

Nothing else to this post. Just found it mildly interesting.
 

StormSeeker1

New member
Sep 22, 2019
74
8
0
Just a quick update, based on the released kernel source code. The palm is vulnerable to cve 2019-2215. I have tested it using the following code https://github.com/arpruss/cve2019-2215-3.18/ and it appears to work. Now all we need a is a root exploit based on this.
Wow! Great news!
Can you please explain what this attack does and how to carry it out (step by step)? (I'm new to the exploit of vulnerabilities).
Additionally, a couple of other questions:
Did you make sure that both Verizon ROMs are vulnerable (1AGL and 1AGN)?
What is the path to follow, when you have root access, to:
1)Take a full backup of ALL partitions on the phone and be able to restore each of them to the initial state?
2)Unlock the bootloader
3)Compile a working version of TWRP specific to this phone?
4)Modify the ROM without the source code?
5)Modify LTE bands for another country? (very important for many of us)
Thank you very much in advance for your kind explanation!

Also, I got an update from Palm Support Team on my ticket:

Hi there,
Thanks for contacting us. Please reach out to Rodrigo at [email protected], as he will be more than happy to speak with you.
We hope you enjoy your day!
Thanks,
Palm Support Team

I've just shot a message to this "rodrigo", let's see...

Oh, another idea: you know that the Verizon version of this phone displays an icon in the top left notification zone indicating that the SIM card used is not from Verizon; I suspect that the app displaying that icon might also be responsible for preventing bootloader unlock. Is there a way to backtrack that notification icon and see what app is displaying that notification?

One last thing: does anybody of you have a version of this phone NOT coming from Verizon? They say that the bootloader is unlocked!
Palm Support Team some weeks ago told me "Our unlocked Palm supports unlocking the bootloader." and they also told me "All Palms with four digit build codes starting with either 1 or 2 are Verizon specific, and do not feature unlocked bootloaders." and also "The 1AGN version of the Palm does not support unlocking the bootloader" and also "All Palms with four digit build codes starting with either 1 or 2 are Verizon specific, and do not feature unlocked bootloaders"

OH, AND LOOK AT THIS!
https://hernan.de/blog/2019/10/15/tailoring-cve-2019-2215-to-achieve-root/
https://github.com/grant-h/qu1ckr00t
https://github.com/kangtastic/cve-2019-2215
 
Last edited:

terence.tan

New member
Jan 13, 2017
38
78
0
Canberra
keybase.io
Wow! Great news!
Can you please explain what this attack does and how to carry it out (step by step)? (I'm new to the exploit of vulnerabilities).
I'm not going to hold your hand. Others might, not me right now.

I suggest you search the web for "CVE-2019-2215". Understand what it does, how it works, who discovered it (and when). Then compile the sample exploit code for yourself and run it on your own device. You'll need developer tools. You can set this up yourself without us needing to give you a step-by-step guide. It will be a steep learning curve. Good luck!
 

StormSeeker1

New member
Sep 22, 2019
74
8
0
I'm not going to hold your hand. Others might, not me right now.

I suggest you search the web for "CVE-2019-2215". Understand what it does, how it works, who discovered it (and when). Then compile the sample exploit code for yourself and run it on your own device. You'll need developer tools. You can set this up yourself without us needing to give you a step-by-step guide. It will be a steep learning curve. Good luck!
No problem if you don't have time to help me, but since it could be of some use to the community to have people able to make attempts, I hope someone can tell me briefly what software is needed and which toolchains are needed, then I will be able to better collaborate with the community :)
By the way, I've been a developer in C, fortran, JS and many other languages, so I learn quickly ;) Learning curves are steep in programming only when you don't have someone who tells you the tools for the job and functional sample code and the details of the first steps to take, this is what I always teach to my students at school ;)
 
Last edited:

StormSeeker1

New member
Sep 22, 2019
74
8
0
Conversation with palm company

Rodrigo from Palm has responded to me:

Hi – Thanks for reaching us out and for your interest in our product. I’m still not clear how you will be helping us, could you please elaborate a little bit more on how you plan to improve the product?
BR,
Rodrigo

This is what I told him:

Good evening, Rodrigo and nice to meet you

I've been interested in one of a kind phones for quite a long time and I'm one of the few lovers of small phones (not the current trend, as you certainly know) and of devices making smartphone use less addictive.
My web friends and I love having the possibility to make devices customizable to better suit everyone's specific needs, which is the core of most XDA activities.
XDA is an active and always up-to-date community of developers and enthusiasts posting solutions for the whole web community and many many specialistic and dedicated websites link back to XDA.
In the many months passed since the PVG release no-one on the web has ever released custom roms, bootloader unlock methods or rooting methods for your phone, while for most other devices plenty of material and activities are out there on the web, which means that the community hasn't given this phone much attention (for sure not the attention I and my fellow developers think it deserves).
Your phone is unique and we think it's a pity that the audience has lost interest in it (maybe for bad reviews existing on the web...there's plenty, unfortunately, some for good reasons, some others just because many people don't understand it or because of misunderstandings, like the fact that Pepito is just a companion phone, which is not anymore!).
XDA community findings, releases and community support for users help a lot increasing the interest of enthusiasts for a product, keeping the attention on a product alive when the product is losing fans and XDA ranks very high on search engines for people looking for ways to customize a device to decide whether to purchase one; it has helped a lot of smartphones getting famous (just think about the OnePlus, which was one of the first phones ever having root access from the factory, which the community pushed a lot for this). Considering that, as we said, Palm Phone is not a phone of everybody, given the fact that it has a form factor very far from the mainstream and that we would like that form factor to actually BECOME THE MAINSTREAM GOLDEN STANDARD (big phones are absolutely a fool unnatural thing, a monstrosity in my personal opinion), I think it would be very interesting to widen the niche to which the phone is currently restricted to include phone customization enthusiasts.
Given the fact that nobody has ever released any article or code for the phone, this makes our thread on XDA the top source of information for Palm PVG100 customization in the whole web.
Please let me know if you are willing to share information with the community and we will post the new findings in our thread and we will start spreading the word.

Sincerely
 

StormSeeker1

New member
Sep 22, 2019
74
8
0
I also contacted "arpruss" and he kindly and promptly responded to my message: "Good morning, sir, and nice to meet you

With other members of this community we are trying to get access to a device called PALM PHONE PVG100 (PEPITO) (VERIZON).
Kernel version is 3.18.71-perf-g3e31da9
I see that you developed code to take advantage of vulnerability cve2019-2215, to exploit it and to root a phone with 3.18 version of the Android kernel.
Would you be so kind to provide us with some detailed help on how to port your code to our device, how to compile it (step by step) and how to use it?
Please feel free to send me a private message or to post information on our thread here on XDA Our thread is here:
https://forum.xda-developers.com/android/help/palm-phone-firmware-t3958254/page6

Thank you so much for your great work!"

Here's the guidance he provided us with:

"There is a good chance that could be done, but really I don't have the time to be creating detailed instructions on porting things. The code is moderately readable: if you have a similar kernel to mine, you just need to change some offsets. The compilation is perfectly standard ndk compilation."

Thanks a lot to him!
 
Our Apps
Get our official app! (coming soon)
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone