can we somehow hide those two screens at every boot up? I looked up some tuts saying to edit param file, but that file is not in BL stock firmware... so we can't?
Related
I was wondering if it were possible to change the bootloader logos (not the boot animation, which displays during the Android startup process) for the HD 8.9" (jem). Would we be able to change both the white & orange and white & blue "Kindle Fire" logos, or would we only be able to modify the white & blue logo? I know the second logo must be modifiable somehow, as Hashcode did it when he wrote the 2nd bootloader image for the HD devices.
Using existing bug in bootloader only 2nd one is possible to change. Orange logo is shown by the stock amazon bootloader which is signed and those the device will refuse to boot it if you will modify it. To modify the second bootlogo you should recompile 2nd bootloader and rebuild boot.img
ipipipipip said:
Using existing bug in bootloader only 2nd one is possible to change. Orange logo is shown by the stock amazon bootloader which is signed and those the device will refuse to boot it if you will modify it. To modify the second bootlogo you should recompile 2nd bootloader and rebuild boot.img
Click to expand...
Click to collapse
1) So I would need to modify initlogo.rle and then recompile the u-boot file?
2) After that, would I need to flash that file to the bootloader partition on the Kindle?
3) Finally, would the new u-boot bootloader brick my kindle?
If you flash it in place of second bootloader you are safe (second bootloader is built-in into "boot" partition), if you alter actual "bootloader" partition -- you'll get a brick (it is signed, and its integrity is checked by xloader (also signed xD)) (and I'm not sure if it is possible to recover from this state without disassembling the device and connecting directly to emmc pins).
TL;DR; It's not possible to get rid of orange kf logo, but you can change the blue one.
ipipipipip said:
If you flash it in place of second bootloader you are safe (second bootloader is built-in into "boot" partition), if you alter actual "bootloader" partition -- you'll get a brick (it is signed, and its integrity is checked by xloader (also signed xD)) (and I'm not sure if it is possible to recover from this state without disassembling the device and connecting directly to emmc pins).
TL;DR; It's not possible to get rid of orange kf logo, but you can change the blue one.
Click to expand...
Click to collapse
Sorry for the (really) late reply, but I read the post, and I was planning on building CM for myself. Would I flash the u-boot file directly to the boot partition, or does it need to be wrapped into a ROM boot image somehow? Also, if if needs to be embedded into the boot image (and I'm assuming it does), where would it need to be placed?
There is a prebuilt binary of uboot (in the device specific files) https://github.com/KFire-Android/android_device_amazon_jem/tree/cm-12.0/prebuilt/boot that is attached to the boot.img while building the ROM
ipipipipip said:
There is a prebuilt binary of uboot (in the device specific files) https://github.com/KFire-Android/android_device_amazon_jem/tree/cm-12.0/prebuilt/boot that is attached to the boot.img while building the ROM
Click to expand...
Click to collapse
I figured that out, and I was able to change the 2nd bootloader image successfully.
However, whenever I directly reboot to recovery without pressing and holding the volume up button (i.e.: when choosing to reboot to recovery from within TWRP or Android), the blue and white "Kindle Fire" logo shows up instead of my custom image. I'm thinking that this is because the initlogo.rle is also baked into the custom bootloader partition (which I think uses u-boot as well). Would there be any way to decompile the bootloader (not the u-boot.binary in the device-specific files), replace initlogo.rle, and then recompile into a usable bootloader image?
the initlogo.rle is also baked into the custom RECOVERY partition
Click to expand...
Click to collapse
don't touch the partition called "bootloader" without correct signature you'll get a brick that is quite hard to recover.
recovery partition is built almost the same way as the boot one, and I suppose you may use the same uboot binary (the one with replaced initlogo.rle) for it, just place it with a specific offset into your TWRP (or whatever you use) recovery image.
https://github.com/KFire-Android/android_device_amazon_jem/blob/cm-12.0/boot.mk#L53
ipipipipip said:
don't touch the partition called "bootloader" without correct signature you'll get a brick that is quite hard to recover.
recovery partition is built almost the same way as the boot one, and I suppose you may use the same uboot binary (the one with replaced initlogo.rle) for it, just place it with a specific offset into your TWRP (or whatever you use) recovery image.
https://github.com/KFire-Android/android_device_amazon_jem/blob/cm-12.0/boot.mk#L53
Click to expand...
Click to collapse
I'll try that out. Thanks so much for the help!
[TuT]-How to unlock Samsung Smartphones FRP/FAP boot lock without "Loosing your data"
How to reset FRP-Lock without Loosing your Data
HII..Guyss...
I am Nishant ...here to help you with your FRP-Locked Samsung Devices..
Now from hereby:- I am not Responsible if you gone Rabbit and done something wrong to your device
CAUSE:-
Actually this is beacuse you have flashed with custom binaries..
Custom binaries are like:-Custom Recovery(TWRP,CWM,SuperSU) or any other custom binaries that is not official.
Now these custom binaries modify boot sectors of your smartphone..
and these changes were not detected by your smartphone UNTIL and UNLESS you Turn off OEM-UNLOCK from DEVELOPER option..Result:-when you turn "OEM-UNLOCK to Off" OEM-LOCK will be enabled and on your next reboot (it also happens by mistake when you switch you developer option "switch")
OEM-Lock prevent your smartphone from booting with custom binaries...NOW,
.neither you can boot your phone nor you can access in Recovery-mode to wipe and reset..
and that prevent smartphone from booting with any custom binaries inside it..
So,
what now,if you know something about flashing than u have no choice offcourse either flash your smartphone with odin or you have to give it to
Samsung service center to make it work..which means loss of all your DATA (except extSdCard)
but,
I am here to solve your problem.. without Loosing a bit data of yours so, Follow me..
Solution:
1:-first download either your stock Firmware(I am not telling you to Flash your whole android smartphone).
Or...Manage to get your stock Boot.img and recovery.img file from anywhere on the web it is packed inside "your-Firmware.tar.md5" file
if you get your Boot and recovery.img file then skip to step 3
2:- Dwnloaded your firmware files now extract it using 7zip somewhere and copy out boot.img and recovery.img
3:- Download .img-to-tar from below and convert them from .img to .tar.md5 (odin-Flashable file)..
4:- Now first flash recovery.tar.md5 from odin to your smartphone.
5:-Secondly Flash boot.tar.md5 to your smartphone..
The Above Steps will reset your boot and recovery to stock version
Done......
Again its your Buddy Nishant...:good::good: ........enjoyy your FRP unlock
"Dont forget to turn on OEM-Unlock from developer option.."
.
The title of your thread should be "How to fix Samsung Phones which get stuck on Samsung logo with "Custom binary blocked by FRP Lock" Cause your title means how to remove frp not how to solve the stuck problem ..
Thank you
To All,
Following the instructions on one of the threads of this forum, I was able to root my Samsung Galaxy S7 Active. The next thing I would like to do is to change the boot splash screen. Right now, I get the Samsung boot splash screen with the unlocked icon. I have tried some of the techniques used for older Samsung Galaxy S Active devices, such as identifying the param partition and uncompressing it but I haven't been successful during the uncompress process. When attempting to uncompress it, I get an error stating that the tar command cannot understand the file header for the param partition. I have searched the forum and some people have stated that the boot splash screen might be embedded in the kernel although this has only been briefly discussed in other threads not directly related with my question. Also, I didn't see any threads addressing this question, which is the reason I decided to start one. Has anybody tried to modify the boot splash screen for this device after rooting it?
Thanks!
- Trucudrulo
I am seeing the mod from @miniminus does change the bootscreen, but not the very initial splash where displaying the "S7 Active" and the "unlocked" padlock. Perhaps you should root the device first, then look into the system directory?
How was the bootloader locked? Is it possible to remove "different OS" message?
I'm curious about how "verified boot" and bootloader lock things work.
In the beginning, after some googling, I found there're already tons of tutorials which taught you how to "bypass the bootloader lock on Z2". I tried to follow one of these tutorials, then I confirmed it's true. I'm actually able to flash magisk/twrp/lineageos/etc using the QFIL partition manager under Qualcomm EDL (9008) mode - the "bootloader lock" seems to be totally useless, since such "lock" actually allows me to flash & boot non-official images smoothly. Although there's a warning screen saying "Your device has loaded a different operating system" during boot, it didn't stop me from booting non-official images.
I tried to hash the whole EMMC, including all partitions, the GPT, and the gaps (unpartitioned space) between partitions. After comparing them before/after fastboot oem unlock, I found some partitions indeedly changed. However, after "restoring" them, the bootloader still told me it's "unlocked" or "relocked", instead of "locked".
It seems that the bootloader lock mechanism relies on something outside the EMMC.
I then tried to downgrade to old stock ROM (ZUI 1.9) using QPST/QFIL, it's said that such action could restore the bootloader lock state - I confirmed that it's true, the bootloader was restored to "locked" state - however, I have no idea how it worked.
Hexeditor finds the "Your device has loaded a different operating system" string in aboot.img. However, flashing a modified aboot.img (I'm still not able to remove that check, I just slightly modified the string) didn't seem to be allowed, the device would be "bricked" into 900E (can be unbricked again under 9008).
I feel I'm somewhat getting it... Apologies/thanks to @npjohnson for disturbing him. These articles also helped me a lot: https://alephsecurity.com/2018/01/22/qualcomm-edl-1/
https://lineageos.org/engineering/Qualcomm-Firmware/
My current understanding to this problem is as follows (might contain some errors still):
ZUK Z2, as a Qualcomm MSM device, adopts QCOM SecureBoot as well, which has the following flow chart of boot:
PBL/BootROM -> SBL(xbl) -> aboot(littlekernel) -> boot(linux kernel, ramdisk and cmdline)
There is a "chain of trust": PBL knows the hash of a pubkey, therefore it can verify if the SBL is officially signed or not, then SBL verifies aboot, and so on.
Although I still don't know exactly what pub/private keys are involved during this process, it seems that all of those private keys (for Z2) are not publicly available, obviously.
The bootloader (aboot/lk) locking state is supposed to be stored in EFUSE/QFUSE, which could not be accessed through ordinary ways.
Due to the practice of reverting to "locked" state by flashing the stock ZUI 1.9 ROM, I guess it should be stored in EFUSE instead of QFUSE (which is physically blown).
I don't know why Lenovo would allow custom boot/recovery images to boot, without executing the official unlocking procedure. It might be their carelessness, or just an intentional "convenience" (to reduce support pressure/costs from "undisciplined users", while still keeping the device integrity state evident, I guess?)
I once thought EFIdroid is able to replace the offical aboot/lk, then it turned out I just misunderstood it - EFIdroid is actually installed to boot partition, instead of aboot partition.
To be short, it doesn't seem to be possible to eliminate the "Your device has loaded a different operating system" warning, until some sort of vulnerability can be exploited.
First image when you turn your phone says Redmi, I fond slash screen MI.img, but don't know how to change it.
Phone is rotted.
I google but didn't find nothing secure.
This is image that I want
And when I go to oFox, what to choose?
Or is there any other way to change it in root file explorer? Or is it it that for boot IMG?
tze_vitamin said:
First image when you turn your phone says Redmi, I fond slash screen MI.img, but don't know how to change it.
Phone is rotted.
I google but didn't find nothing secure.
This is image that I want
And when I go to oFox, what to choose?
Or is there any other way to change it in root file explorer? Or is it it that for boot IMG?
Click to expand...
Click to collapse
.\fastboot flash logo name .img
Worked on all my Xiaomi.