Interesting exploit code anyone willing to read it over quick and verify - OnePlus 8 Guides, News, & Discussion

First off I apologize if this is in the wrong section if it is could a mod please move it to the proper location many thanks
https://googleprojectzero.blogspot.com/2020/09/attacking-qualcomm-adreno-gpu.html?m=1
Is source code for a soon to be patched gpu exploit and I have a background in cyber security however exploit code is not my strongest area however I can clearly see that it makes sys calls from user issued gpu commands via a attacker controlled instructions table anyone know if it's possible to obtain root through this on a 8uw (I know I know I'm bad with impulsive behaviors when I'm stranded without a phone that's a completely different topic) anywho if someone can verify that it's possible and maybe instruct the last few steps that would need to be taken to make it happen I'd happily throw a bounty your way

kingsblend420 said:
First off I apologize if this is in the wrong section if it is could a mod please move it to the proper location many thanks
https://googleprojectzero.blogspot.com/2020/09/attacking-qualcomm-adreno-gpu.html?m=1
Is source code for a soon to be patched gpu exploit and I have a background in cyber security however exploit code is not my strongest area however I can clearly see that it makes sys calls from user issued gpu commands via a attacker controlled instructions table anyone know if it's possible to obtain root through this on a 8uw (I know I know I'm bad with impulsive behaviors when I'm stranded without a phone that's a completely different topic) anywho if someone can verify that it's possible and maybe instruct the last few steps that would need to be taken to make it happen I'd happily throw a bounty your way
Click to expand...
Click to collapse
Someone had already found a way to unlock verizon. There's a thread in these forums updated today with folks showing unlocked status on UW

crazynapkinman said:
Someone had already found a way to unlock verizon. There's a thread in these forums updated today with folks showing unlocked status on UW
Click to expand...
Click to collapse
I haven't haven't seen one. If that's the case can you link the thread your talking about?

kingsblend420 said:
I haven't haven't seen one. If that's the case can you link the thread your talking about?
Click to expand...
Click to collapse
https://forum.xda-developers.com/showpost.php?p=83769667&postcount=95

Scott said:
https://forum.xda-developers.com/showpost.php?p=83769667&postcount=95
Click to expand...
Click to collapse
I can confirm unlocked bootloader status on Verizon op8 5G UW. Been unlocked since early November. Running lineage 18.1 with no issues as a daily driver. WideVine L1 also.

Related

My letter to Motorola

If anyone was curious I wrote a letter to Motorola, I know it may be a snowballs chance in hell they work with us but its worth a try right?
Ill be posting their reply here.
Hello,
I have a Droid X that I would like to unlock and install custom Android images on, however to my dismay I noticed that the boot loader is encrypted preventing it from being unlocked. As this is my hardware I have purchased, I respectfully request that I be given the information I need to unlock my device's boot-loader. The action of locking the phone in such away goes against the opensource spirit of Android which your device uses.
I have also contacted Google regarding this matter, and am looking forward to your cooperation.
Thank you
Maybe they will lake the apple route and mail u a phone case lol!
Sent from my Eris using Tapatalk
borillion_star said:
If anyone was curious I wrote a letter to Motorola, I know it may be a snowballs chance in hell they work with us but its worth a try right?
Ill be posting their reply here.
Hello,
I have a Droid X that I would like to unlock and install custom Android images on, however to my dismay I noticed that the boot loader is encrypted preventing it from being unlocked. As this is my hardware I have purchased, I respectfully request that I be given the information I need to unlock my device's boot-loader. The action of locking the phone in such away goes against the opensource spirit of Android which your device uses.
I have also contacted Google regarding this matter, and am looking forward to your cooperation.
Thank you
Click to expand...
Click to collapse
You're wasting your time. Motorola has every right to do what they're doing. Asking nicely isn't going to change their mind. Especially when you're implying a threat by mentioning that Google was contacted. If you ever looked at the phone, you would notice it says "with Google" on the back, meaning the phone is approved by Google.

FCC Requires Unlocking Under Some Conditions by February 11, 2015

Here is the link from the FCC website. http://www.fcc.gov/device-unlocking-faq
ok... but how/why is it relevant to this forum?
jj14 said:
ok... but how/why is it relevant to this forum?
Click to expand...
Click to collapse
I think that they are making a reference to one of the other threads that talk about the imei numbers and how vzw and sprint may not accept a phone from off their networks imei database. I think it's important however to remember that the case study on the nexus 5 that was used for that thesis was prior to the unlocking laws being solidified. Still I have no idea which side of the aisle is right on this thing.
ah, ok. I still think it would make more sense in that specific thread, rather than creating a new thread with no background about what this is referring to...

Let's Talk Root! [Non Dev Members]

In attempt to stop repeated questions and thread clutter in "Let's Talk Root" thread by non-developers (myself included), I've created this thread. A place for newbies and general people to ask questions and share rooting ideas. This will save developers time in the original thread. Most devs already know or have tried what you think might work to gain root.
Please stay on the topic of root, be respectful and helpful, and use the search! (both this site and google)
Current Root Status:​No Root​
Things to keep in mind...
CF-AUTOROOT: Will not work with retail version of the note 4 (this means you bought it from verizon or another retailer) The CF-Autoroot you may come acrossed is the Developer edition. Unless you bought your phone specifically through samsung, you most likely have retail as Developer edition cannot be obtained through bestbuy, verizon, or any retailer. Also, CF-Autoroot works only with Unlocked bootloader. Verizon, At&T and some other Note 4 variants have Locked bootloaders. Flash CF-Autoroot and you might brick your device. For more information visit Chainfires cf-auto-root site.
TowelRoot Towelroot has been made popular due to it's wide spread ability to root a lot of devices. However, Towelroot doesn't work on the Note 4. Towelroot utilizes the Futex bug found in android. Futex is also known as CVE-2014-3153. This bug is confirmed patched on our device.
One click Root programs: While some programs do contain vulnerabilities present in the Note 4 as of now none of them contain one that allows developers to write to /system partition (which is important). where these vulnerabilities may come in handy is combining one or more to obtain root. Still the vulnerability doesn't exist yet. Before posting one click programs do your homework. Google the CVE it utilizes or ask the developer you found it from. Then google that CVE. Look at the date it was found and compare that date to the date the Note 4 was released. As non-developers, its pretty much safe to say any CVE found before the release of the device has been patched. Programs that were meant to root 4.4.2> X.X.X are also pretty safe to assume to be patched.
Know the difference between carrier unlock and bootloader unlock: While it would be nice, the government wouldn't make all phones unlockable in terms of bootloader. What government is doing is unlocking sims. Meaning they are giving you the ability to take your phone to another carrier if you choose to. Even though you maybe taking your Verizon note 4 to T-mobile (which has an unlocked bootloader note 4) You still have a verizon device. Therefore it still has a locked bootloader.
Things that may help...
A way to unlock the bootloader: Probably the least likely to happen, but would guarantee root. This includes turning a retail version into developer edition. (because developer edition is unlocked )
A CVE (vulnerability) that allows code to be written to system: Most probable way root will be achieved.
An app that has root permissions that can be exploited to run our code to inject root: There may be a way through gear VR as VR has special permissions over usual apps. That being said it's only a potential avenue for developers to look at. As VR is so new not much is really know about it.
Want to follow the progress?: Feel free to follow these post. Please do not comment on them asking questions unless you have absolute knowledge to what is being talked about. Keep those thread clean for developers.
Let's Talk Root
Root Attempt #1
Galaxy Note 4 Root Progress (At&t)
I am no way claiming to be a developer. I do not claim to know everything either. I am happy to clarify and change the O.P. to be more accurate .
When you say "an app that has root permissions that can be exploited to run our code to inject root..", do you mean ANY app? Or do you have some specific ones in mind? If it's any app, then man there are a lot of them that actually ask for shell permissions. I usually find that out through the " xprivacy" module that I use to block apps from gaining unnecessary perms on my phone. I have a good list of those ones if that helps. One of them is actually Facebook. lol
K-alz said:
When you say "an app that has root permissions that can be exploited to run our code to inject root..", do you mean ANY app? Or do you have some specific ones in mind? If it's any app, then man there are a lot of them that actually ask for shell permissions. I usually find that out through the " xprivacy" module that I use to block apps from gaining unnecessary perms on my phone. I have a good list of those ones if that helps. One of them is actually Facebook. lol
Click to expand...
Click to collapse
=======
Example.....VR apps...
Sent from my SM-N910V / VZW Note 4 DE / Factory Bootloader Unlocked / Rooted / Custom Kernel-ed / TWRP 2.8.5.0.trltevzw
manbat said:
=======
Example.....VR apps...
Sent from my SM-N910V / VZW Note 4 DE / Factory Bootloader Unlocked / Rooted / Custom Kernel-ed / TWRP 2.8.5.0.trltevzw
Click to expand...
Click to collapse
Well, I'm no note 4 owner. I don't know if the VR app is just a regular app like any app in the play store or if it's something different. I looked it up in the play store and it wasn't there.
VR = virtual reality. It's a seperate device for VR and it is only for the Galaxy Note 4.
Sent from my SM-N910V using Tapatalk
In before close.
K-alz said:
When you say "an app that has root permissions that can be exploited to run our code to inject root..", do you mean ANY app? Or do you have some specific ones in mind? If it's any app, then man there are a lot of them that actually ask for shell permissions. I usually find that out through the " xprivacy" module that I use to block apps from gaining unnecessary perms on my phone. I have a good list of those ones if that helps. One of them is actually Facebook. lol
Click to expand...
Click to collapse
Certain apps have permissions that others don't. And some apps could be more vaulnerable dealing with the Gear VR.
eskomo said:
In before close.
Certain apps have permissions that others don't. And some apps could be more vaulnerable dealing with the Gear VR.
Click to expand...
Click to collapse
I'm just going out on a limb here. It may get closed, but when the same questions keep being asked and our root thread keeps going off topic it makes it hard for devs to even take it seriously. For the progression of root, those technical threads need to stay clean of side chatter. At least there is a place for people to go to have some of the popular questions answered. As a community we need to help each other and that doesn't happen by telling people to get lost because there technical skill is lower than the rest of the guys participating. I see no reason this thread cant have a chance. While I do believe we dont need anymore root threads, this one will be able to cut down on those post too.
K-alz said:
When you say "an app that has root permissions that can be exploited to run our code to inject root..", do you mean ANY app? Or do you have some specific ones in mind? If it's any app, then man there are a lot of them that actually ask for shell permissions. I usually find that out through the " xprivacy" module that I use to block apps from gaining unnecessary perms on my phone. I have a good list of those ones if that helps. One of them is actually Facebook. lol
Click to expand...
Click to collapse
K-alz said:
Well, I'm no note 4 owner. I don't know if the VR app is just a regular app like any app in the play store or if it's something different. I looked it up in the play store and it wasn't there.
Click to expand...
Click to collapse
eskomo said:
In before close.
Certain apps have permissions that others don't. And some apps could be more vaulnerable dealing with the Gear VR.
Click to expand...
Click to collapse
The way the Gear VR works is the api for that device grants the applications a hardware level access to connect, this means they basically have root access. Now these last I saw of this was a while ago and the vulnerability is pretty well known at this point, so patches are a possibility and it's also possible that it doesn't grant the correct permissions for attaining root, the report was pretty vague in that respect.
Now on to separate matters, do we really need another root discussion thread? I'm going to temporarily allow third one, let's see if it can stand on its own because I like the concept here and the op is pretty well organized. Keep in mind though, most of the chatter will be identical between the two threads, so it may not last.
Good luck guys.
Figured I'd mention this, looks like people in the AT&T side have possibly found an SYSTEM (not bootloader) exploit!
http://forum.xda-developers.com/showpost.php?p=58920677&postcount=1051
Stryke_the_Orc said:
The way the Gear VR works is the api for that device grants the applications a hardware level access to connect, this means they basically have root access. Now these last I saw of this was a while ago and the vulnerability is pretty well known at this point, so patches are a possibility and it's also possible that it doesn't grant the correct permissions for attaining root, the report was pretty vague in that respect.
Now on to separate matters, do we really need another root discussion thread? I'm going to temporarily allow third one, let's see if it can stand on its own because I like the concept here and the op is pretty well organized. Keep in mind though, most of the chatter will be identical between the two threads, so it may not last.
Good luck guys.
Click to expand...
Click to collapse
Thank you so much for the explanation, sir.
BTW, please don't close this thread because it's gonna be a stress relief for us non-devs people to gush our b!tching about root here since we are not willing to clutter those active threads with our useless posts. [emoji16] [emoji23]
Thank you in advance.
veteranmina said:
Figured I'd mention this, looks like people in the AT&T side have possibly found an SYSTEM (not bootloader) exploit!
http://forum.xda-developers.com/showpost.php?p=58920677&postcount=1051
Click to expand...
Click to collapse
They have definitely found something VERY promising. Even jcase chimed in stating that the bootloader isn't actually encrypted which amazing news for us. Vulnerability exists in the note 4 and they're catching it very soon. So exciting.
K-alz said:
Thank you so much for the explanation, sir.
BTW, please don't close this thread because it's gonna be a stress relief for us non-devs people to gush our b!tching about root here since we are not willing to clutter those active threads with our useless posts. [emoji16] [emoji23]
Thank you in advance.
They have definitely found something VERY promising. Even jcase chimed in stating that the bootloader isn't actually encrypted which amazing news for us. Vulnerability exists in the note 4 and they're catching it very soon. So exciting.
Click to expand...
Click to collapse
very promising indeed. In the event we receive root in the coming days, I will rewrite this thread into a noob guide.
Sent from my bandaid smelling s-pen
just a heads up, the att root thread was closed by moderators because the tards over there were much like the tards over here and couldn't keep off topic posts out of the discussion... i. e, how much they love devs, the phone, or hate the phone, or telling others root will come soon and to be patient.
either way, if the same people keep posting bs in our thread, it'll be closed too.
Sent from my Samsung Galaxy Note 4 using Tapatalk.
jayochs said:
just a heads up, the att root thread was closed by moderators because the tards over there were much like the tards over here and couldn't keep off topic posts out of the discussion... i. e, how much they love devs, the phone, or hate the phone, or telling others root will come soon and to be patient.
either way, if the same people keep posting bs in our thread, it'll be closed too.
Sent from my Samsung Galaxy Note 4 using Tapatalk.
Click to expand...
Click to collapse
The good news is that orc said that that thread will open when real progress is made, so if we see that thread reopen, we will know we're in business.
So this post isn't pointless and because this thread is for non-devs, I'll let people know where things were in that thread last.
There are two known CVE's that both the Verizon and AT&T Note 4 are vulnerable to. These CVE's, once exploited, will be a two-pronged attack and will likely achieve root. The developers are now trying to compile an apk that can implement these exploits. The mood from the devs wasn't so much "guessing" or "maybe", it was a mood of confidence. Many of them truly believe these CVE's will lead to root.
Sent from my SAMSUNG-SM-N910A using Tapatalk
I was wondering if we could implement something like safestrap or if anything like it could be used . I was just looking up info as for possible solutions for root and happened to come across this I hope I'm not off topic or derailing the thread if so I apologize in advance
http://gs5.wonderhowto.com/how-to/i...loader-locked-galaxy-s5-at-t-verizon-0156728/
Never mind sorry folks I just realized that the device had to be rooted in order to use safestrap I'm apologize please carry on..
Sent from my SM-N910V using XDA Premium HD app
rrjskj said:
I was wondering if we could implement something like safestrap or if anything like it could be used . I was just looking up info as for possible solutions for root and happened to come across this I hope I'm not off topic or derailing the thread if so I apologize in advance
http://gs5.wonderhowto.com/how-to/i...loader-locked-galaxy-s5-at-t-verizon-0156728/
Sent from my SM-N910V using XDA Premium HD app
Click to expand...
Click to collapse
It is a good question but however with safestrap you must have root access in order to install it into the system. I used it in the past on my DROID bionic. It hijacks the boot process giving you a form of custom recovery.
Lol I just realized that after I reread what the steps are in order to use it sorry I thought I might have been onto something thanks for the fast response though
Sent from my SM-N910V using XDA Premium HD app
rrjskj said:
Lol I just realized that after I reread what the steps are in order to use it sorry I thought I might have been onto something thanks for the fast response though
Sent from my SM-N910V using XDA Premium HD app
Click to expand...
Click to collapse
No problem! This is the non dev thread. Shouldn't be any bashing for questions like that.
While doing a search to see if there was root for my wife's lg g3 I stumbled across this it says it can root any android device I thought it might be useful so here goes
http://androidxda.com/download-root-genius
Sent from my SM-N910V using XDA Premium HD app
rrjskj said:
While doing a search to see if there was root for my wife's lg g3 I stumbled across this it says it can root any android device I thought it might be useful so here goes
http://androidxda.com/download-root-genius
Click to expand...
Click to collapse
Don't take my word for it completely, but if I remember correctly from some thread, the Galaxy Note 4 has a newer Kernel version, therefore would not be subject to the same exploit as the LG G3.
rrjskj said:
I was wondering if we could implement something like safestrap or if anything like it could be used . I was just looking up info as for possible solutions for root and happened to come across this I hope I'm not off topic or derailing the thread if so I apologize in advance
Click to expand...
Click to collapse
From what I understand, you need an unlocked bootloader for that, let alone, root as well. Again, don't take my word completely for it. Achieving root will give apps root access, but it won't allow us to change our bootloader and load custom ROMs....if I'm wrong, please someone correct me on this.
@ the OP...can you use some other color other than bright green? It's a little hard to read, but if I'm the only one, don't just change it for little ole me. Also, if I'm correct regarding (not) being able to install Safestrap and do custom ROMs, can you add that to the OP as well? Just want to help reduce redundancy. Very good thread as well. Thanks!
rrjskj said:
While doing a search to see if there was root for my wife's lg g3 I stumbled across this it says it can root any android device I thought it might be useful so here goes
http://androidxda.com/download-root-genius
Sent from my SM-N910V using XDA Premium HD app
Click to expand...
Click to collapse
So did you try it? I doubt it works

DMCA new rules! Old-method bootloader unlock maybe now legal to release!

Hi all,
some time ago some people got their device (bootloader) unlocked but could not recreate this unlock because the original creator @jcase) could not release it for legal issues. The problem was that the DMCA would not permit the unlock of a tablet, now apparently the things have changed. The US Library of Congress has updated their Library adding wearable devices and TABLETS.
Now the problem is that these changes take 1 year to take effect. Can anyone confirm this?
Thanks
P.S.: @jcase were still looking at you...
aaronkatrini said:
Hi all,
some time ago some people got their device (bootloader) unlocked but could not recreate this unlock because the original creator @jcase) could not release it for legal issues. The problem was that the DMCA would not permit the unlock of a tablet, now apparently the things have changed. The US Library of Congress has updated their Library adding wearable devices and TABLETS.
Now the problem is that these changes take 1 year to take effect. Can anyone confirm this?
Thanks
P.S.: @jcase were still looking at you...
Click to expand...
Click to collapse
its patched
jcase said:
its patched
Click to expand...
Click to collapse
thanks for your fast reply, anyway many people here (me included) have blocked OTA and are on older versions, any chances ?
aaronkatrini said:
thanks for your fast reply, anyway many people here (me included) have blocked OTA and are on older versions, any chances ?
Click to expand...
Click to collapse
I have no plans to release anything new, outside of htc and mayabe moto, for a while. Working on something bigger.
Most people are still on 3.2.8 and I'm guessing its patched in the newer versions. I guess that other developers in the forum can help if @jcase doesn't have time to release his unlock, but probably at least give some hints and maybe someone else could achieve it similar to you.
johim said:
Most people are still on 3.2.8 and I'm guessing its patched in the newer versions. I guess that other developers in the forum can help if @jcase doesn't have time to release his unlock, but probably at least give some hints and maybe someone else could achieve it similar to you.
Click to expand...
Click to collapse
Please DO NOT contact me about this. I have other things going on, I won't be releasing it, nor assisting others.
I'm not sure what the point of this thread is...a bootloader unlock was already released.
EncryptedCurse said:
I'm not sure what the point of this thread is...a bootloader unlock was already released.
Click to expand...
Click to collapse
jcase said:
Please DO NOT contact me about this. I have other things going on, I won't be releasing it, nor assisting others.
Click to expand...
Click to collapse
Let's close this thread and give @jcase a break. Over the years he has been a tremendous resource to the community for which many of us owe a debt of gratitude. He has now moved on to other pursuits which is great. It was reasonable to ask; the answer came quick and was decisive.
The solutions provided by @ggow fill in most of the gaps. Sure, everyone would love an unlocked bootloader but pure Nexus/cm11 on a locked (and now discontinued) hdx is pretty sweet deal! A far cry from the balky Frankenkindles created by layering Google Services on FireOS.
Agreed
Unless you screwed up like me and now have a Saturn Device. That said, from the 5.0 beta Amazon sent out, it looks very close to the stock android skin. THAT I am personally fine with.
The main question is, what is jcase working on...

[Proof of Concept] Modded kernel injection using Sprint userdebug FW on N930T

I've opened this thread so that there can be a CLEAN thread for devs to discuss the development of a kernel mod to the Sprint userdebug firmware to allow a hybrid T-mo/Sprint ROM to be built that preserves T-Mo features such a Wi-Fi Calling and VoLTE.
If you are not a dev currently contributing to this particular effort, please refrain from posting in this thread and use the "ALL THINGS ROOT..." thread here for all other root related discussion.
See Post #2 for ORDER OF EVENTS, CURRENT STATUS AND REQUEST FOR HELP.
See Post #3 for a compiled summary of everything we know and have tried as of this moment.
Let me know if there is anything that you think I should add to this post that might help keep this process on track.
I believe this goal to be attainable but it will likely require some teamwork and collective imagination.
YOU CAN DO IT! :good:
Click to expand...
Click to collapse
ORDER OF EVENTS, CURRENT STATUS AND REQUEST FOR HELP:​
1. T-Mo Note 7 ships with locked bootloader.
2. freeza manages to supply Sprint Note 7 users with a userdebug firmware that allows root access to be gained on the N930P
3. ethanscooter posts the following info in which he shares his experience that the N930P userdebug flashes normally to the N930T, allows boot and root:
Here's how you do it: Follow the EXACT SAME GUIDE FROM THE SPRINT NOTE 7 SECTION!
Click to expand...
Click to collapse
http://forum.xda-developers.com/spri...alaxy-t3447202
To get LTE to work again just add the T-Mobile APN (not that hard).
Also, you might want to freeze all the "Sprint OMADM" packages with titanium backup once you're rooted (will cause less of a hassle every time you boot. I understand the devs in the "all things root" thread are holding this from you because they want to fix WiFi calling but I think giving you root at all will tie you over for now. Also, I'm having problems downloading the gear VR apps with this so it's related to following this tutorial.
Thank you so much to the developers who made this possible for the Sprint note 7 and for everyone who brought this to the other variants (the T-Mobile note 7 was the easiest imo). It's a little funny to think that this whole time it was this easy and we could've been rooted all along. *If you really need the T-Mobile firmware rooted so you can enjoy wifi calling I've been working on something for a few hours but it's not ready.*
T-Mobile APN: https://bestmvno.com/apn-settings/t-...-apn-settings/
Click to expand...
Click to collapse
5. The loss of WI-Fi Calling and VoLTE as well as other T-Mo specific customizations (Visual Voicemail?) is identified as a major drawback of using the Sprint fw.Edit: Other issues as reported so far: Samsung Apps cannot be updated, any Bluetooth pairings that are made must be re-paired after every reboot​ 6. A T-Mobile engineering build is being sought to no avail as of yet. This would resolve the primary issue by allowing us to use a T-Mobile FW with the appropriate T-Mobile modifications for WiFi Calling and VoLTE. (Not sure yet what might be causing the issues with Samsung apps and Bluetooth)
7. In the absence of a Tmo eng boot, several devs are organizing to find a solution. The current idea is to dd a modded kernel after flashing the Sprint fw which would (hypothetically) remove the validation checks that prevent flashing modified images. Then build a deodexed T-Mobile build with the modded kernel and su included.​
Progress has been somewhat limited up until now. Partially because most devs have been working quietly in their own silos and communicating ideas and knowledge has been a challenge with the previous threads becoming dominated by chatter rather than the facts as they have and are being discovered.
The other hindrance has been that many devs who are keen to work on this issue are without a device such as Rx8Driver and Chainfire.
ATTENTION:
ANYONE THAT IS NOT A DEVELOPER BUT IS LOOKING TO CONTRIBUTE TO THIS EFFORT, PLEASE DONATE TO THE TWO DEVS MENTIONED ABOVE SO THAT THEY CAN HAVE A DEVICE WITH WHICH TO WORK. ALSO, SINCE I KNOW YOU ARE ALL EAGERLY POURING OVER THESE THREADS, KEEP AN EYE OUT FOR OTHER DEVS INTERESTED IN HELPING THAT MAY NEED A DEVICE AND TRY TO HELP THEM GET THEIR HANDS ON ONE.
ANOTHER OTHER WAY TO CONTRIBUTE WOULD, OF COURSE, BE TESTING. BE WARNED THAT NO ONE HERE AT XDA ASSUMES ANY RESPONSIBILITY FOR ANY CODE THAT IS PROVIDED TO TESTERS OR USERS AND BRICKING YOUR DEVICE IS A VERY REAL POSSIBILITY.
THOSE INTERESTED IN TESTING, PLEASE START A SEPARATE THREAD IN DEV SO THAT GUINEA PIGS CAN ADD THEIR NAME TO THE LIST OF WILLING TESTERS. (PLEASE KEEP THAT THREAD SIMPLE AND TO THE POINT)
In Post #3, I will do my best to provide a straight-forward compilation of all we know and have tried as of this moment.
WHAT WE KNOW (OR AT LEAST THINK WE KNOW):
The following is the list of details that we currently know regarding the T-Mobile Samsung Galaxy Note 7 (SM-N930T) and its locked bootloader including concepts, ideas and loosely confirmed information:
FROM CHAINFIRE ON G+ (regarding SU challenges and some work-arounds):
New exploit protections
As isn't uncommon with Samsung, they've built-in some new (and arguably ineffective to actual exploits) protections directly to the kernel code, that cannot be turned off by just modifying the boot image ramdisk.
This time, they've decided to kernel panic in case a 'priviliged' process (uid or gid below or equal to 1000, so this includes root and system processes) creates another process that isn't stored in /system or rootfs. SuperSU itself does this, but so do a great many root apps. Any time this happens: immediate reboot.
I'm not going to elaborate why in my opinion this is a fairly useless protection exploit-wise, but needless to say it is fairly bothersome for the normal root user, which is probably a lot more relevant for the average reader here.
Unfortunately - unlike many of the security features developed by Google - this feature is not easily disabled by modifying initramfs (boot image ramdisk), and requires further trickery to bypass.
Maybe a better bypass is yet to by found, but for the time being, I have resorted to patching the check inside the kernel itself when the systemless SuperSU boot image is created. This prevents the user from needing a custom source-built kernel, but it's questionable how long this hex patch will work. The code that performs this patch is fairly trivial - it may keep working the rest of the Note7's lifetime, or stop working the next update.
In other words, this could end up being resource intensive to support, or not. We don't know yet. We have to wait and see what Samsung is going to do.
Bearer of bad news
We know S and Note development are generally strongly related, so we should assume to see the same 'protections' appear in the S7 sooner or later as well. This is probably the (ugly) way forward.
Workarounds
Aside from the binary/hex patch SuperSU employs (see common/hexpatch inside the ZIP), there are some more ways to get around this protection.
If you're compiling kernels from source, it seems that setting CONFIG_RKP_NS_PROT=n gets rid of these protections. You may want to disable other RKP and TIMA settings as well, but that is the one directly relating to this issue.
This protection also disables itself in recovery mode, so simply copying a boot image with these protections to the recovery partition and rebooting into recovery (which will then just launch Android) will work beautifully as well.
CF-Auto-Root
The test CFARs I have made so far for the Note7 have not worked, so since both TWRP and SuperSU ZIPs are already available for this device, I'm dropping CFAR development until I have a device in-hand.
Click to expand...
Click to collapse
FROM
STILL WORKING ON THIS - NEED TO TAKE A BREAK - FEEL FREE TO BEGIN USING THIS THREAD FOR DEV RELATED DISCUSSION ONLY
REMINDER: See above link to "ALLTHINGS ROOT..." thread for open discussion that is not directly related to solving this issue. Thanks!
​
Post #4
RESERVED
This is a spectacular thread with solid information and an accurate description of our intentions....i want to state that although i appreciate any efforts made that contribute to obtaining a development device I CANNOT IN GOOD FAITH MAKE ANY PROMISES OF RESULTS NOR CAN I SUPPLY A TIME FRAME SHOULD A DEVICE BECOME AVAILABLE. That said, in time I'll have the device no matter what (assuming i don't just buy an Intl F variant- although that's unlikely since $150 on the barrel head is much more palatable than $900 when i literally just had a baby 4 days ago... plus i work 50hrs a week at my regular job) so i don't want folks to think if they don't contribute I'll never get the device- in fact, honestly if I buy it myself there's even MORE likelihood it'll be a T variant- because i will...
Also, be aware the Chinese model is said to be sd820 as well, and has it's own chances of being unlocked, so when everyone's pitched in to buy myself or Chainfire a device then Samsung releases a Chinese Bootloader we can use that's unlocked and solve all our problems, i don't want a bunch of butt hurt fellow members angry with me because the necessity dried up before i could produce the intended Results. I think @freeza and a few other members who have known me around the forums these past few years will vouch that I'm a Stand Up Dude and truly intend to go as far as reverse engineering the T Bootloader to unlock it. Can I? Idk. Am i knowledgeable enough at this very moment to do it? Probably not. Can i still figure it out? I hope so. Will i brick the device? Good chance. Will i try my best and promise to research and learn whatever is necessary to make it happen? Absolutely.
Those are my terms. If you as an individual reading this don't 100% agree then keep your money in your wallet and wait until i can buy the device myself. That's as straight up as i can be. I'll make another promise. Should anyone donate but the total come up short of obtaining a device before i can on my own, i will leave all the donations in my PayPal and refund everyone's money. Only if enough is gained to buy a device will the money move from PayPal, and then it'll be one transaction to purchase the device using the account. If not enough is collected I'll refund everything that was donated...I'll also agree to prove with screenshots...
So again if you're uncomfortable then DO NOT SEND MONEY.
Thanks to all and i look forward to busting this whole Bootloader open! Or giving it one heck of a try if not!
Sent from my SM-N930F using Tapatalk
Thread moved to General
Thanks for starting something like this gentleman, but as with the bootloader thread, this is not actual development so it belongs in general. Carry on.

Categories

Resources