[R&D] Unlock Bootloaders

Status
Not open for further replies.
cdesai

cdesai

Inactive Recognized Developer
Jan 16, 2011
2,296
4,088
0
IN YOUR HEAD
Jul 25, 2012 at 4:22 PM
@AdamOutler your second idea can be easily achieved.

1. Rename the init binary to something else, and make it a script instead
Make it grep dmesg for a key press, and if a key is pressed, copy the normal init.rc and other files and then exec /realinit.
^Quick and easy to do :)

2. Move the recovery one step down, and present a boot menu instead of recovery, with options to boot into android, boot to recovery, reboot and power off - and p do accordingly.
^Complicated but better :)

Sent from my GT-P1000
 
  • Like
Reactions: Smok3d, neh4pres, tpike and 1 other person
M

MichaelVash7886

Senior Member
Nov 24, 2011
138
12
0
Jul 25, 2012 at 9:12 PM
appye said:
With a default timeout to Android! Say five seconds? This is how i set things up on the Windows PC 's in our network.

If my post here is inappropriate, i understand if a mod deletes it...
Click to expand...
That would be a good idea.

Only thing is the current root method to get to this could be easily patched via an OTA right? I mean it's still building off the inital root method found by inviblek right? I heard that would be easy to fix and Verizon was already planning an OTA to address just that. Unless this newer root method is more difficult to block.
 
  • Like
Reactions: TheDiabolicaL1
Desterly

Desterly

Member
Jul 7, 2012
38
27
0
Jul 25, 2012 at 9:23 PM
I've started to modify the boot menu we used on the X to accomplish this.. although I'm not that far and I'm sure someone could do it far better than I.

The idea being boot from recovery partition -> custom kernel -> led flashes blue
-> User hits the volume down key -> custom menu shows w/ option to reboot or recovery
-> User hits nothing, rom boots as normal.

The only problem that I would see (and this might already be solved) is that the users will have to choose to boot from recovery from cold boot
 
  • Like
Reactions: TheDiabolicaL1, yonith and schu9120
T

tonu42

Senior Member
Nov 14, 2010
1,145
439
0
Jul 26, 2012 at 6:44 AM
Just saying what all of you are suggesting we do with this whole boot process thing has been done already if I am not mistaken. The KEXEC boot-hijack does what all of you are saying. And its automated too instead of selecting.

my 2 cents, delete if what I said isnt related.
 
  • Like
Reactions: TheDiabolicaL1, yonith and NightxFall
AdamOutler

AdamOutler

Retired Senior Recognized Developer
Feb 18, 2011
5,224
9,808
0
Miami, Fl̨̞̲̟̦̀̈̃͛҃҅͟orida
Jul 26, 2012 at 5:59 PM
tonu42 said:
Just saying what all of you are suggesting we do with this whole boot process thing has been done already if I am not mistaken. The KEXEC boot-hijack does what all of you are saying. And its automated too instead of selecting.

my 2 cents, delete if what I said isnt related.
Click to expand...
Kexec boots the device then reboots into another kernel. We are talking about a single kernel with a recovery built in, just like the Galaxy S series has had in the past. No kexec hacks. We aren't extending boot times. This method will work better than kexec.
 
  • Like
Reactions: tehh4ck3r, yonith, schu9120 and 9 others
flamus

flamus

Senior Member
Mar 3, 2008
432
118
0
Jul 26, 2012 at 6:34 PM
AdamOutler said:
Kexec boots the device then reboots into another kernel. We are talking about a single kernel with a recovery built in, just like the Galaxy S series has had in the past. No kexec hacks. We aren't extending boot times. This method will work better than kexec.
Click to expand...
Won't this require a full reflash for a new (or different from rom) kernel?

Maybe I have been spoiled with my DINC1 and on the fly flashing / unbricking my phone. :-\

Sent from my SCH-I535 using Tapatalk 2
 
  • Like
Reactions: TheDiabolicaL1
Desterly

Desterly

Member
Jul 7, 2012
38
27
0
Jul 26, 2012 at 6:44 PM
flamus said:
Won't this require a full reflash for a new (or different from rom) kernel?

Maybe I have been spoiled with my DINC1 and on the fly flashing / unbricking my phone. :-\

Sent from my SCH-I535 using Tapatalk 2
Click to expand...
Yes/No

you have to flash the new rom as is however rom's are installed via an installer script (in CWM). there's no reason the zip couldn't contain both images w/ instructions to flash them to the recovery partition.

and updating the kernel would be as easy as a dd into the recovery partition.

If the initrd was configured to point to the system drive or sdcard or another location as well there is no reason you couldn't just update the kernel w/out having to update the recovery/boot


The only downside I see is getting the device to always boot into recovery w/out having to hold down keys to do so... but that might just be the trade off for custom roms of this sort
 
Last edited:
  • Like
Reactions: TheDiabolicaL1 and flamus
flamus

flamus

Senior Member
Mar 3, 2008
432
118
0
Jul 26, 2012 at 6:57 PM
Desterly said:
Yes/No

you have to flash the new rom as is however rom's are installed via an installer script (in CWM). there's no reason the zip couldn't contain both images w/ instructions to flash them to the recovery partition.

and updating the kernel would be as easy as a dd into the recovery partition.

The only downside I see is getting the device to always boot into recovery w/out having to hold down keys to do so... but that might just be the trade off for custom roms of this sort
Click to expand...
Yeah. Friend has SGS2 Epic 4G Touch and has to do this. Just have to test roms before heading from the computer, since not as easy to flash on the go.

No opposed to this method. Just setup Arch Linux (XFCE4+SLiM) and Win7 dual boot; so not afraid of doing this.

Thanks 4 information.

Sent from my SCH-I535 using Tapatalk 2
 
  • Like
Reactions: TheDiabolicaL1
alquimista

alquimista

Senior Member
Mar 20, 2008
218
118
0
Los Angeles
Jul 27, 2012 at 1:14 AM
{q} samsung_mdm

I've been fiddling with my SGS3 and a Mac, as I've run into a complete block on trying to dissasemble the bootloader (plus ralekdev seems to have that covered).

The only interesting thing that I have found so far is that I can connect via USB while the device is in ODIN Mode, and it shows up as SAMSUNG_MDM in sysinfo. I can then actually connect to that device via serial terminal. Problem is, I don't know any commands to send. Usually when I talk to a device over serial there's a menu, but there's no menu that I can find.

Here are the settings that I used to actually connect to the device (using GoSerial):
Serial Port: SAMSUNG_MDM
Speed: 115200bps
Data Bits: 8
Parity: None
Stop Bits: 1
Hardware Flow Control
Input: RTS
Output: CTS​

MDM usually stands for Mobile Device Management, as in being able to lock or wipe the device remotely. I'm not sure why this would be available while in ODIN mode, since that kind of mobile management is done via a server and not a direct serial conection. Point is, since the device is in Odin mode, maybe we can poke at it and see what comes out.

Does anyone know anything about this? Any settings or commands?

I'm going to post a list of all the strings I could find while trying to disassemble the bootloader in a separate post.

Thanks,
ALQI

---------- Post added at 05:14 PM ---------- Previous post was at 04:16 PM ----------

I posted an edited version of all the important strings I could find in aboot. I deleted anything that I thought was not relevant to trying to research the bootloader (images, nonsensical data, etc).

Here's the link to pastebin for what I put together:
SGS3_aboot_Strings

The bootloader pretty much looks like the (L)ittle (K)ernel bootloader mentioned here:
CodeAurora - LK Base Android Bootloader

The source for the LK bootloader can be found here:
CodeAurora lk Git Repo

There's one string in particular that I am interested in:
Code: 
ERROR: Could not do normal boot. Reverting to fastboot mode.
This is from the aboot dump, not the source code. Would it be possible force this error to happen and thus get into fastboot mode?

Ta Very Much,
ALQI
 
  • Like
Reactions: E:V:A, Marcismo55, neh4pres and 3 others
J

Jiggity Janx

Senior Member
Feb 19, 2010
1,397
286
0
Jul 27, 2012 at 2:43 AM
Safestrap and its predecessor "Bootstrap" do what you are looking for. And they are done on a bootloader locked device on the same network with the same Verizon warning messages. I wont mess up the explanation again but I do recommend talking with hash0fcodes. He may already be working on something for it as he collabs with dhacker29.
 
Last edited:
Status
Not open for further replies.

New posts

Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone