Root possible?

Search This thread

zelendel

Senior Member
Aug 11, 2008
23,370
20,593
You're right, at least with the NSA you know they are loggin you input. ;) No but seriously, what makes you say that? Of course you can send SMS without gapps on Android.
You must be joking, right? Apple and security? That's like calling a tank peaceful. Not only does Apple collect a lot of data about their customers (more than their competitors do), they also had several icloud leaks and even the US government was able to crack that terrorist's iphone without Apple's help. Additionally, Mac OS is also not secure. There are still a lot of Apple users out there who think there is no malware on Mac OS (but there is) and that's what makes them vulnerable. Nothing about Mac OS is more secure than any other OS. Also, where are you getting that about Mac OS being the go-to-OS for the corp world? I know Apple devices are popular among some - but not all - artists (graphic, video, music). But I've never seen or heard of corporations using stricly Mac OS in their offices. And honestly, I wouldn't know a reason why they should.


Gapps are only part of android. SMS is routed through googles messaging service. We have a googleless set up in the threads and you can see the issues that come from them removing all of googles stuff. Things like GPS, sms and other things have issues.

As to why I said that. Well You were mostly right. I know they are spying on me ( I even made sure of it lol) I just trust the Gov of the country I live in more then one I dont. ITs just a matter of where one lives.


As for the other part. I used to deal with corp orders for a few Carriers and the device of choice for large orders was always IOS. Now we are seeing more for Samsung devices as well due to their completely locked down nature. I never said Mac OS was the choice just the Iphone. While not completely secure it is far more secure then most android devices at this point. If you look around even the most security minded developers here carry an iphone for their everyday device and save their androids for their hobby. When compared to the rest IOS is more secure when compared to the rest. Yes the FBI cracked the iphone but that was expected when every security agency came forward and offered to help crack it for them. But it also cost them millions of $ to do it.
 

nbreight

Member
Jan 14, 2016
12
0
Apple doesn't aim to be the biggest, they are making as much money with as useless technology as is only possible... As long as it is only shiny and dummies pay premium for it.
This being said, the risk or safety of a device is not in the device itself but in the use made of it.
downloading FF from Yandex is giving you exactly the same FF as from Ggl play or fdroid.
if one is stupid enough to download games and knows gawd what other useless crap, of course you are ending up with malware all over the place.
The user's choice(s).
Same thing goes for the Android itself. whether one uses Gmail from a browser (Internet Explorer or FF or Chrome or even Ghost...........) Ggl will read one's emails and sGam the user based on it.
worst comes to worst, just install AOSP WITHOUT GApps, install Ghost and do everything in there.
 
Last edited:
Mar 24, 2011
30
4
I believe these phones have never had their bootloader unlocked on verizon: Droid 3 Droid 4 Note 3 Galaxt S5

sorry I cant give you a source. I read this on reditt or a blog post



hmm. So do you think it would be possible to unlock the bootloader or it can never be unlocked?
btw slightly offtopic, but is there any phone which has a completely locked bootloader (ie has never been unlocked)?
 

LuH

Senior Member
Aug 10, 2007
193
43
CZ
I believe these phones have never had their bootloader unlocked on verizon: Droid 3 Droid 4 Note 3 Galaxt S5
I have Droid 4 and confirm the bootloader has never been unlocked - and refuses to boot if file systems / partitions get significantly changed. However, the phone was rooted and a Safestrap system has been developed to circumvent the bootloader lock: as far as I understand it, the boot process is hijacked early on (after the original kernel is loaded from an original ramdisk I think) and second system booted on top of the starting original one, either from main system partition where only bootloader-required files are kept, or from a disk image in the user memory. It acts as another bootloader with TWRP environment for managing other ROMs installations, backup, etc.

AFAIK Safestrap was developed from earlier Bootstrap by @Hashcode and now most of Droid 4 development including updated Safestrap is maintained by @stargo – maybe they could help? But for this you need root first.

I'd love to get Priv to replace my aging and recently unbelievably slow Droid 4 and like the HW a lot, but there's no way I buy unrootable phone :rolleyes:
 

zelendel

Senior Member
Aug 11, 2008
23,370
20,593
I have Droid 4 and confirm the bootloader has never been unlocked - and refuses to boot if file systems / partitions get significantly changed. However, the phone was rooted and a Safestrap system has been developed to circumvent the bootloader lock: as far as I understand it, the boot process is hijacked early on (after the original kernel is loaded from an original ramdisk I think) and second system booted on top of the starting original one, either from main system partition where only bootloader-required files are kept, or from a disk image in the user memory. It acts as another bootloader with TWRP environment for managing other ROMs installations, backup, etc.

AFAIK Safestrap was developed from earlier Bootstrap by @Hashcode and now most of Droid 4 development including updated Safestrap is maintained by @stargo – maybe they could help? But for this you need root first.

I'd love to get Priv to replace my aging and recently unbelievably slow Droid 4 and like the HW a lot, but there's no way I buy unrootable phone :rolleyes:
I wouldn't count in it. They are locking android down more and more. Sooner or later only the nexus line will be modable at all and that encludes root.
 

nbreight

Member
Jan 14, 2016
12
0
Any manufacturer with companies as potential customers has indeed to prevent moding by all means but i think there will be if not a whole OEM dedicated to consumers at least having a couple devices that can be unlocked, rooted and moded as one sees fit.
saw a Android Central article ( www.androidcentral.com/your-privacy-your-fingerprints-and-fifth-amendment ) which points out that law enforcement can request the unlocking of a device with finger print which can not be denied but not with a (PIN) code. Furthermore they thus advice to shutdown one's device if police shows up (and PIN lock the boot).
And conclude that if a device is unlocked (which usually shows on the boot screen) any data can be copied off the device...
obviously also true for anyone finding / stealing the device.
 

QuantumFluxx

Senior Member
Sep 21, 2012
81
43
I was listening to a podcast about law the other day. The host was reading from a warrant that was signed by a judge back in May. The warrant give the police the right to search a house and seize any evidence that they were looking for. But, it also authorized the police to take enhanced biometric data from anyone in the house that they believed owned a device that could be unlocked by fingerprint. The host also pointed out that the data they needed couldn't be a print that was lifted from a car, but a more 'enhanced' mapping of the fingerprint was required. You can invoke your fifth amendment right to not incriminate yourself by revealing your password, but there's little you can do to stop them from physically duplicating your prints to unlock your device. The host also pointed out that you can't change your fingertips, lol. They weren't clear on how they used the data to unlock the phone, or even if they did - which is what I'm most curious about.

I wonder if something like Smart Lock's On-Body Detection will eventually involve the fingerprint scanner. Like, imprint to unlock as long as the device hasn't been set on a flat surface. Otherwise, authenticate with a password.
 

niko99

Senior Member
May 15, 2008
403
166
anyone tried this https://gist.github.com/Arinerron/0e99d69d70a778ca13a0087fa6fdfd80

exploits the dirtyc0w for root


Sent from my STV100-1 using XDA-Developers mobile app

YES its is possible to work, but to have chances to get root with Dirty Cow exploit you can't use a newest security update from BB ( 07 November 2016 ) because they put fix for it

*****************
ummary Description CVE

Elevation of Privilege in Kernel Subsystem
An elevation of privilege vulnerability in the kernel memory management subsystem could enable a local malicious application to execute arbitrary code within the context of a privileged process.
CVE-2016-5195
*************************
 

WaterMan!

Senior Member
Aug 12, 2009
275
49
It is a shame. I played around with a Priv the other day, to me it is THE perfect phone. However, I simply cannot get an android phone without root, I change so many things that a stock device is barely usable to me. All of my Tasker automation, battery tweaking, UI-fixing would be gone, and on a system like Android this is not something I can live with. Gah
 

niko99

Senior Member
May 15, 2008
403
166
Like i wrote before i dont install security fix from bb 07 November 2016 this update fix dirty cow exploit

I install DRAMMER to chcek if exploit is possible on priv and

e9snyh.jpg
 

riaz.baldeo

Member
Jan 18, 2015
13
0
For me, the reason to have root is adblock. If Blackberry had implemented adblock, I'd buy the Priv like now.
I am thinking to buy this phone in 2017 and the main issue I have have is rooting to install adaway.

---------- Post added at 12:49 AM ---------- Previous post was at 12:48 AM ----------

mate, totally. I had AdBlock on so long on my S5.... I feel like i'm drowning in adverts on my PRiv!

Did you ever find a way to disable/block the ads? I'm thinking about buy this phone.

---------- Post added at 12:50 AM ---------- Previous post was at 12:49 AM ----------

That's really my only reason for wanting root as well. I can not stand youtube ads and haven't seen any non-root implementation of a youtube adblock.
Hello. Did you find a way to block ads on the priv?
 

gcbxda

Senior Member
Jan 5, 2009
227
17
California
I am thinking to buy this phone in 2017 and the main issue I have have is rooting to install adaway.

---------- Post added at 12:49 AM ---------- Previous post was at 12:48 AM ----------



Did you ever find a way to disable/block the ads? I'm thinking about buy this phone.

---------- Post added at 12:50 AM ---------- Previous post was at 12:49 AM ----------


Hello. Did you find a way to block ads on the priv?

The only reasons i still haven't trashed this garbage phone are:
- firefox with noscript extension (waiting for uMatrix. If you don't like noScript to block ads, there is ad blocker extensions just fine. but blocking script also makes everything fast!)
- NetGuard (firewall, block network access to all apps that have ads and don't use network)
 

fedcas

Senior Member
Dec 2, 2008
60
16
The only reasons i still haven't trashed this garbage phone are:
- firefox with noscript extension (waiting for uMatrix. If you don't like noScript to block ads, there is ad blocker extensions just fine. but blocking script also makes everything fast!)
- NetGuard (firewall, block network access to all apps that have ads and don't use network)

Talking about browsers, brave is another option (chrome+ad blocker)
 

Top Liked Posts

  • There are no posts matching your filters.
  • 10
    I imagine root is just a matter of time. Unless they lock the system partition, which other manufacturers have done in the past (Looking at you HTC). Even so, it has been done and s-on/off has been cracked before. Alternatives to locking include e-fuses, like in legacy motorola devices.

    Bootloaders on the other hand, we're probably going to have to get some concrete evidence. It is most likely locked in my personal opinion.

    This is all just speculation. Hopefully Blackberry can find a good balance.

    They're going to lock it down as tight as they can.... but you *CAN'T* put an absolute lock on the system partition, since that would make system updates impossible. I'm sure that the main device you are referring to when you reference HTC was the "Vision", but you will recall that the system partition was only locked out in a *normal* boot. A recovery boot exposed a writable system partition, there just wasn't any way to use it because of recovery limitations.

    BUT, this doesn't mean that it is possible to take over control of your phone! Here is the big problem; bootloader chain of trust!
    On a NEXUS, we have a boot process that looks like this; hardware boot from EEPROM --> PBL (signature validation) --> SBL1..n+TZ (signature validation) --> ABOOT (signature validation) --> Linux kernel boot/recovery

    The handoff from ABOOT to the Linux kernel is an interesting one.
    In the Nexus case, the Linux kernel boot/recovery partitions are not signature validated. At least not always.

    So what happens in the bootup is that each bootloader is signature validated by the previous bootloader PRIOR to executing it. If any stage fails validation, the device will go into HSUSB-BULK mode. In fact, the ONLY way to get into HSUSB-BULK mode is for a bootloader to fail validation.

    So what this means, is that there is NO WAY to replace ANY of the bootloaders up to and including ABOOT/LK. Even on a Nexus. Why? Because it breaks the chain of trust.

    Now, something added into Android 6.0; dm-verity. Well, technically, it was added back in 4.4, but not actually used back then. So why now? Hmmm, may be related to Blackberry. Yes, they are using 5.1, but that doesn't mean that the feature now used in Nexus devices can't be enabled in 5.1.

    dm-verity is the part that complains about the system being in various compromised or compromisable stated during boot. dm-verity is able to completely block boot.

    But you say that dm-verity is a component of the linux kernel, enabled in the boot partition of the device that is being protected by it... yes, but that is only helpful because there is no signature check on the boot partition. Now imagine for a moment that ABOOT/LK is configured to require boot and recovery partition signature checking before handing over control.... what that will mean, is that you can't modify the boot partition to disable it like you can on an unlocked Nexus 6. If you modify the boot partition, then ABOOT will go into whatever recovery mode is deemed proper. It'll probably fall back to recovery when the boot partition can't be verified, or fastboot (which can actually be unlocked safely on such a device, since you would have to load something that will pass signature checks, or it won't boot).

    Now what does dm-verity actually do? It verifies that each block being read is unchanged from original. Most people don't understand this -- that it is an on-the-fly validation.

    I.e., if it was just a boot-time validation, you could fake it by modifying the data and not the filesystem database. That could, in theory, allow a modified partition to boot, but then what happens later is that when the modified data gets read, it generates an I/O error.


    So where does this leave us in terms of hacking such a protected device? Not a very good position at all, since there is no interface to interfere with the process during the boot. In other words, you would have to find and exploit a flaw in dm-verity itself. You can't change the bootloaders because of the eeprom that starts off the entire chain. You can't change the boot partition because of the bootloaders. You can't change the dm-verity keys because they are part of the boot partition. You can't change the system partition because of dm-verity.

    So attack vectors;
    1) hardware attack; if you can replace/rewrite the eeprom that sets off the boot process, then you can shove in your own bootloader stack. I'm not sure if this is even possible, those snapdragons have some interesting hardware level protections. It might refuse to boot a PBL that isn't signed by qualcomm.
    2) exploit flaw in dm-verity; figure out some way feed it a new key and hash table on the fly.
    3) exploit other software flaw and cause a second installation of Android to boot from some non-verified location.

    #2 and #3 are incredibly difficult, especially when you have a solid selinux policy preventing you from doing anything fun.
    3
    FYI I have busybox, and su binarys executing on the Priv over adb, local user (connectbot/terminal) on the phone has different permissions and cannot execute these.

    busybox is fully functional, su does nothing. but posts no errors.

    currently sat in /data/local/tmp as I have not yet found a way to correctly execute the su binary, you also cannot disable verity via adb.

    Guessing we have to find a way to exploit a bug in an app that has elevated permissions.

    *pokes priv with stick* ... nope that didn't work :)

    edit: to be clear, dev options exist and have plenty of choices, hidden menu like all new androids
    booting into recovery does not work - it does not appear to have one.
    fastboot does not work so far. bootloader has the option but it does nothing.
    2
    Anyway to block google services pinging their servers or to remove them completely if root cannot be achieved? I don't see how it can be called a phone for Privacy if you can't stop the data mining that google does.
    Not without root. The phone is not meant for privacy, that is the Blackphone. This one is meant to be secure in that it can't be modified. Two very different target audiences.
    2
    I'm just saying this isn't going to be that kind of hack.

    Don't rule anything out. The bootloader is locked and supposedly each device has cryptographic keys injected, implying some sort of hardware check. The 360 had efuses to prevent downgrading or booting unsigned code, but we found a way around that. One of the DVD drives for the 360 was released to curb piracy, and it was found that by drilling into the drive, you could cut a wire and make it so the dvd drive could be written to, enabling a custom firmware.

    Who knows what the future will bring? With enough interest, there will be someone creative enough to get by this.
    1
    I can't see things like developer options/USB debugging etc being outright blocked. That just seems like a great way to alienate the majority of the userbase that a device like this is targeted towards.
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone