Related
This is taken from engadget.com
HTC is legendary for its tacit support of the Android ROM cooking community. Motorola... not so much, thanks in large part to the company's policy of locking down the bootloader as a means to prevent unapproved software from running on its Droid handsets. An annoyance recently exacperated by a moderator of Moto's YouTube channel who suggested that customers looking to install custom ROMs should "buy elsewhere." Ouch. The resulting public relations kerfuffle then prompted Motorola to publish a clarification to its bootloader policy on Facebook:
We apologize for the feedback we provided regarding our bootloader policy. The response does not reflect the views of Motorola. We are working closely with our partners to offer a bootloader solution that will enable developers to use our devices as a development platform while still protecting our users' interests. More detailed information will follow as we get closer to availability.
Obviously, we'll have wait for said details to get official before calling this a shift in strategy. It's certainly an improvement over Moto's previous approach of lawyering-up with cease and desist orders. Perhaps Motorola is taking a cue from Microsoft who seems to have recently discovered that it's better to embrace than to annoy a motivated hacking community -- customers who tend to be a company's most dedicated fans and evangelists.
Good news?
Direct Link: http://www.engadget.com/2011/01/21/motorola-ready-to-make-sweet-love-to-rom-devs-and-rooters/
its a maybe. maybe they will launch our froyo locked, maybe it'll be open. we never know.
i just read this also. this could be great news or another terrible taunt whih leads to nothing.
im not gonna get my hopes up just yet.
available Q1 of 2046, stay tuned! lol
Sent from my Milestone using XDA App
Sounds like a PR stunt to quell the immediate situation before waiting for it to blow over.
Sent from my Milestone using XDA App
I dont believe in manufaturer, i believe in XDA dev's..... this a "cold water" not a hope for us.
I hope this isn't just some PR bull and moto actually enables us to load custom kernels.
That press release says nothing about unlocking the bootloader, only that they will help devs which could mean anything!
DummyPLUG said:
available Q1 of 2046, stay tuned! lol
Sent from my Milestone using XDA App
Click to expand...
Click to collapse
LMFAO!!!
i dnt believe motorolsh!t will do that(unlocking the bootloader)
I so love my new HTC Desire! couldnt stand this situation anymore....! sorry guys...
It is just the usual PR crap which companies like them give when they screw up on the social networking front. The "..buy elsewhere.." was just a such screw up. A Royal one I would say!
They are now trying to calm down the situation by giving us this crap..
I think it's just a excuse about the bad comments in youtube video, nothing more than that.
DummyPLUG said:
available Q1 of 2046, stay tuned!
Click to expand...
Click to collapse
2046???
...that seems a little too soon... dont ya think?
Menelkir said:
I think it's just a excuse about the bad comments in youtube video, nothing more than that.
Click to expand...
Click to collapse
That seems most likely but perhaps the fallout and bad press from that will push them to do what they should have done long ago, free the bootloader in some form so we can get custom ROMs on it.
Dyonas said:
That seems most likely but perhaps the fallout and bad press from that will push them to do what they should have done long ago, free the bootloader in some form so we can get custom ROMs on it.
Click to expand...
Click to collapse
Yes, I really want to see this happening, but I don't have any hope about Motorola opening the bootloader.
If they do, ok, excelent news to the community, to all developers that will make even better ROMs and for all of us that have a Motorola phone. We can see the quality of alternative ROMs for Motorola Milestone today as example. It's obvious that the only limitation is the bootloader, so the quality can be massively improved if we can change and optimize the kernel.
But I think all people here are already tired from Motorola's position about his costumers: Censorship on comments (youtube and motorola forums), censorship on criticism (even the very good ones, Motorola does not seem to care about the opinion of his costumers), cease and desist in community cases like the ROM of Droid X and sites with roms (that its very stupid IMHO)... and the list goes on...
By the way, my only hope is, if that happens and I have not exchanged my phone yet, good.. I'll make good use of it. But honestly? I have now my last phone from Motorola.
Am I missing something? Forgive my ignorance, but what is "locked up" about the bootloader? I'm running CM6 along with the overclocked CM6 kernel, and there are tons of other custom ROMs out for the Droid as it stands. What is restricted by Motorola?
vapor63 said:
Am I missing something? Forgive my ignorance, but what is "locked up" about the bootloader? I'm running CM6 along with the overclocked CM6 kernel, and there are tons of other custom ROMs out for the Droid as it stands. What is restricted by Motorola?
Click to expand...
Click to collapse
Milestone users cannot use custom kernels. All the AOSP ROMs still have to use the SAME kernel, supplied by Mot. They lock it to the bootloader. This means problems trying to compile modules and customer kernels and no way to patch bugs.
It is much more work for devs to get stuff done for the milestone than other phone (htc comes to mind).
Examples of issues: battery life, phone sleeping, waiting for compatible kernel or hack for new android versions, swap support, vpn support, other filesystem support... the list goes on.
But you allowed to be happy with your phone. Not everybody needs these things...
Sent from my Milestone using Tapatalk
He has a very good point. Where other android device builders seem to be promoting development (Huawei excluded, theyre miser's just like Motorola), this company seems to be more prominent on the restriction of development on their devices.
One very good reason for this is that Motorola has been such a huge phone developer for such a long time, that they have probably let it go to their head. Now instead of saying "our consumers said they need this", they're sayin "we think they really only need this." I've used Motorola phones for about 8 years now, and I would DEFINITELY say someone forgot that their customers put them where their at.
I agree. Someone needs to get out there and give them a taste of Good Customer Service. I dont think restricting dev's is a great marketing idea, or revenue booster anyways. BUt then again, to each, his own.
This is PR.Nothing more.
Know motorola they do not update РСТ(Russian legal)Milestone, they do not
need to unlock this crap bootloader.
Just curious if there is a general ETA on SBFs for a phone?
Do we usually see it within the few 2-3 months, randomly, ?
Hah I was going to reply with "Patience young padawan" then I saw your name was jediman lol.. what a coincidence.
Or maybe my subconscious picked up your name first and I thought of replying because of it..
Anyways! yeah an SBF is going to be incredibly hard to obtain, if not impossible.
Dmw017 said:
Anyways! yeah an SBF is going to be incredibly hard to obtain, if not impossible.
Click to expand...
Click to collapse
Impossible? Nah, we will def get one. When? Thats another story.
Nothings impossible. Plus, with Google acquiring Motorola, there may be a lot of changes, which hopefully means unlocked bootloaders and more freedom for developers.
This.. tho I am new to android devices.
I'm also pretty sure Google's acquisition of Motorola is going to make all of Motorola's phones in general more accessible to developers.
Nolam20 said:
Nothings impossible. Plus, with Google acquiring Motorola, there may be a lot of changes, which hopefully means unlocked bootloaders and more freedom for developers.
Click to expand...
Click to collapse
Sent from my DROID3 using XDA App
DROID 3 Fastboot IMG?
[19:28] <techdigital> my question is, since fastboot img's dont have to be signed
[19:28] <techdigital> cant anybody with a working D3 make them
[19:28] <techdigital> ?
[19:29] <techdigital> Fastboot = ADB when there is no ADB
[19:29] <techdigital> it can in a sense push files
[19:29] <techdigital> using the flash command
[19:29] <techdigital> so lets say someone made a img of the system
[19:30] <techdigital> then it would respond as adb does after a push with size and time it took
[19:32] <techdigital> my question is can someone with a working device make system,boot,Framework, and Preinstall img's to get all softbricked back
[19:34] <techdigital> yes you would have to push the different images using fastboot
[19:34] <techdigital> but it seems like a win
[19:34] <techdigital> im just not in touch with the big dev's to ask about such a thing
[19:35] <techdigital> if we had our own set of img files would it not be just as good as a sbf
Yes google did buy motorola mobility, but its not going to happen just like that. itll be a few months before you see google do anything with it. So unless it gets leaked from motorola/verizon within that time, i don't see us having an sbf anytime soon.
also i heard the sbf's are watermarked now, so if it does get leaked, its going to cost someone a job.
Unless I am missing something, some of the images must be signed to flash in fastboot. Preinstall is the only one we know about right now that does not require a sig.
Sent from my DROID3 using XDA Premium App
What about the moto dev site?
Haven't some of the SBF's come there?
I know the Xoom images for wifi and I thought Verizon were there as well?
Nolam20 said:
Nothings impossible. Plus, with Google acquiring Motorola, there may be a lot of changes, which hopefully means unlocked bootloaders and more freedom for developers.
Click to expand...
Click to collapse
i've been thinking about the acquisition and Motorola's "promise" that devices will have unlocked bootloaders this year and have been wondering if Moto's promise was insight into the Google acquisition.
these things don't just happen overnight. G&M had to have been talking about this for a while before going public.
640k said:
i've been thinking about the acquisition and Motorola's "promise" that devices will have unlocked bootloaders this year and have been wondering if Moto's promise was insight into the Google acquisition.
these things don't just happen overnight. G&M had to have been talking about this for a while before going public.
Click to expand...
Click to collapse
I'm pretty convinced this is exactly what they meant.
The approval for the purchase in the USA, Europe and elsewhere probably won't happen until 2012. So, I doubt we'll see Google have much influence until then, and, whatever changes they make won't come quickly.
Finally, my guess is Motorola is locked into agreements with the carriers, especially Verizon, to keep the phones locked. I think this more than anything else is preventing them from releasing anything right now. What Motorola said is they'll unlock bootloaders in late 2011 if allowed by the carrier. That's when the OG Droid turns two and is probably no coincidence.
is there not a rule against these questions?! I mean.. in terms of it being an entire post.. come on!
TheDeathly said:
also i heard the sbf's are watermarked now, so if it does get leaked, its going to cost someone a job.
Click to expand...
Click to collapse
there has to be a disgruntled moto employee somewhere lol
Here is the bottom line.
Every time an SBF file is released, someone risked their job to make that happen.
Motorola never releases SBF files for public use.
Whenever you get one, be thankful because these are extremely valuable and very difficult to acquire resources.
jediman said:
Just curious if there is a general ETA on SBFs for a phone?
Do we usually see it within the few 2-3 months, randomly, ?
Click to expand...
Click to collapse
We get them when they leak, which was usually before the phones are even released. Motorola cracked down on leaks at the beginning of the summer so the flow of leaked SBFs and dev phones for that matter has tapered off. I wouldn't expect it to take much longer. We can make SBFs, but in order to that someone needs to post the CDT at a minimum so those of us without D3 can make one
Tell me how and I can do that and I can when I get off. My girlfriend has a Droid 3 too. Nothing has been done to it except apps from the market.
nullness said:
We get them when they leak, which was usually before the phones are even released. Motorola cracked down on leaks at the beginning of the summer so the flow of leaked SBFs and dev phones for that matter has tapered off. I wouldn't expect it to take much longer. We can make SBFs, but in order to that someone needs to post the CDT at a minimum so those of us without D3 can make one
Click to expand...
Click to collapse
Sent from my DROID3 using XDA App
There is a petition going on as you may know and we need 95 more signatures to force at&t and LG to release the update !
(use one more w as im not permitted to put external links)
ww.change.org/petitions/att-wireless-lg-thrill-gingerbread-update
Thanks you.
Wait, why would 95 more change their mind and the complaint isn't exactly that they won't release it but that they're not done with it. My experience with Rogers GB is that if ours is anything like this I don't want it. They need to get their act together and actually work on it so it's ready for release. I don't know where you heard a specific number of signatures would achieve that but I hope your right and I hope you get them.
UPDATE: Signed.
Actually number is important for change.org. The web site says 405 signatures out of 500. According to my knowledge they submit the petition once they receive a predefined number of signatures.
Correct me if im worng. According to LG, at&t has to request for the update.
Sent from my LG-P925 using XDA App
Ok, so this isn't the first petition I've signed on this matter so I can only assume the other got submitted and didn't accomplish anything. Yes, the update is entirely up to ATT, LG will host it on their website if ATT wants them to. I was just wondering what made you think 500 signatures would make ATT do anything. Hopefully these are all getting them to move their asses. I'm having serious BB issues with the Rogers GB on my ATT Thrill.
EDIT: Let's let the dev's have their fun without a bunch of newbs poking in on them. Sorry, devs.
Probably don't want this info to get out to the entire Internets anyways.
CZ Eddie said:
Hmmm..........
http://forum.xda-developers.com/showthread.php?p=51983540
No, you don't have root/unlock for ATT S5.
But...... hmmmm...
**** DO NOT POST IN THAT THREAD. IT IS A DEVELOPERS-ONLY THREAD. DON'T BE A DORK AND POST IN IT.
Click to expand...
Click to collapse
Pretty exciting. I am not a dev. so I dont really know how to distinguish between what exactly is going on, but a little progress and excitement is always good for the community. Not to mention the respect and bounty these devs will get once something major actually does happen.
EDIT: Let's let the dev's have their fun without a bunch of newbs poking in on them. Sorry, devs.
Probably don't want this info to get out to the entire Internets anyways.
CZ Eddie said:
Basically, evilpotatoman located a much-wanted Qualcomm tool that could possibly lead to finally unlocking the bootloader of S4, S5 and Note 3 (and others). *Possibly being the key word.
At the moment it's still not possible, but the tool apparently gives them a huge leap forward in development towards this goal.
They've been looking for something like this for a few years now I believe.
I'm not a dev, don't pretend to be one. The extent of my "development" is writing a few scripts. lol. So remember that I may be misunderstanding some things here. :good:
There are a bunch of files attached to the thread.
But none of us should bother downloading them because you have to be an ultra-dev to know how to use them.
Click to expand...
Click to collapse
My understanding i that this is the SDK for the SoC on the S5 and other phones. It includes a qualcomm dev signing cert but I'm almost 100% certain that no production phone from AT&T will accept BL's signed by the qc dev cert (or someone would have used it to sign one of the unlocked BL's by now plus if that were the case my guess is qc would be freaking out and sending takedown notices by now). So basically if Samsung or AT&T were to provide the signing key or somehow we were to brute force it(very unlikely) we would now be able to easily sign packages for the phone. So while helpful, without the signing keys it doesn't really do anything except provide more insight into how the whole secure boot process works.
http://forum.xda-developers.com/showthread.php?t=2692167&page=11
cciechad said:
My understanding i that this is the SDK for the SoC on the S5 and other phones. It includes a qualcomm dev signing cert but I'm almost 100% certain that no production phone from AT&T will accept BL's signed by the qc dev cert (or someone would have used it to sign one of the unlocked BL's by now plus if that were the case my guess is qc would be freaking out and sending takedown notices by now). So basically if Samsung or AT&T were to provide the signing key or somehow we were to brute force it(very unlikely) we would now be able to easily sign packages for the phone. So while helpful, without the signing keys it doesn't really do anything except provide more insight into how the whole secure boot process works.
Click to expand...
Click to collapse
Qc sent the takedown notice...dun dun duuunnn
Sent from my SAMSUNG-SM-G900A using Tapatalk
CyboLabs is Proud to present
Open Bump!
What is Open Bump?
Open Bump is a recreation of the closed source Bump project run by Codefire.
It will allow you to "sign" your boot images in the same way that Codefire does it, only you don't need an internet connection.
Click to expand...
Click to collapse
What Open Bump is NOT
lets get the obvious out the way. It won't axe murder you.
It is not a direct reverse engineer of Codefire's implementation. I found the key and iv on my own
The magic bytes were taken from Codefire's method however. If anyone has insight has to how they were found, please shout up.
It does NOT take your private data so you can use it. Tin hatters feel free to double check
Click to expand...
Click to collapse
How did I find this out
I had a general idea of what to look for, having heard that the exploit is related uicc, and is signed with a cipher.
Dropping the aboot image in to Ghex led me to finding a reference to "uiccsecurity". Using the bytes around this, I found a repeat of 32 bytes, which was followed by 16 bytes which formed something that resembled "SecureWallpaper".
As you can probably guess, this was mainly trail and error backed by common sense and logical thinking.
you can programmatically find these values with the python script:
Python:
aboot_name = './aboot.img'
aboot = open(aboot_name, 'rb').read()
key_end = aboot.index('uicc')
key_start = key_end - 32
key = aboot[key_start:key_end]
sec_key_start = aboot.index(key, key_end)
iv_start = sec_key_start + 32
iv_end = iv_start + 16
iv = aboot[iv_start:iv_end]
deciphering some already generated "signatures" proved that these were the key and iv used for "signing" the images.
Click to expand...
Click to collapse
What is coming next?
Inspecting the signatures that were originally uploaded and the ones that people can generate now, I found only one pattern.
The only similarities were the first 16 bytes of each "signature". I believe that only the magic number is needed, and none of the garbage that follows. This has been confirmed by the LG G3 dev from CyanogenMod, Invisiblek Done
Click to expand...
Click to collapse
How to use it?
I don't know how well this will run on anything other than linux, so for now.. I won't talk about it.
First, ensure you are using python2
then run the script
Code:
python2 open_bump.py "/path/to/boot.img"
flash the output, and enjoy
Click to expand...
Click to collapse
Thanks to:
Obviously, this wouldn't have been possible without Codefire since I wouldn't have known where to look, or that it was exploitable. And it was them that found the magic key.
Big thank you to @pulser_g2, who offered invaluable input on cryptography
Big thank you to @invisiblek, who I mercilessly kanged the main part of the image padding script from
note:
The original part of finding this information out was done on my own with guidance from pulser. The final results of this are posted above.
XDA:DevDB Information
Open_Bump, Tool/Utility for the LG G2
Contributors
cybojenix
Source Code: https://github.com/CyboLabs/Open_Bump
Version Information
Status: Beta
Created 2014-11-23
Last Updated 2014-11-23
Thanks, thats great news to have an open source tool here!
Do you see any chance that this could be integrated into CWM/TWRP so that the recovery rom could bump the boot/recovery images before flashing?
Because the boot/recovery.img has to be extracted from the ROM-zip before flashing, bumping it here would make sure that the phone can boot the image even with the newer bootloader.
This would be great for rom-devs since they don't have to change anything and it would even bump roms that are not maintained anymore.
g4rb4g3 said:
Thanks, thats great news to have an open source tool here!
Do you see any chance that this could be integrated into CWM/TWRP so that the recovery rom could bump the boot/recovery images before flashing?
Because the boot/recovery.img has to be extracted from the ROM-zip before flashing, bumping it here would make sure that the phone can boot the image even with the newer bootloader.
This would be great for rom-devs since they don't have to change anything and it would even bump roms that are not maintained anymore.
Click to expand...
Click to collapse
simple answer, this can be added to the build step really easily. See this commit
edit:
of course it may be useful to make a c program to do this.... I shall think on it.
Propably stupid question but i ll give a shot. Since we have the magic key we cant just skip the bump stuff totally? As i can understand, i dont wait official developer team join the bump train, thats why the damn development of the device is really back while the hardware is more than capable.
**To the OP i wish i could give you a thousand likes sir!
After getting the bootloader may be open G3؟؟
Why not use the original Bump?
Quote:
Codefire has been extremely vague about their method, obviously to prevent someone else replicating their results.
They are also storing people's data unnecessarily, and even adding some information relating to the user in to the "signature", possibly for tracking purposes.
As a result of it being an external service, many reputable teams (which won't be named unless they want to be) have said they will not use it, and would rather wait till LG releases the official unlock method.
Finally, Codefire have said the sha1sum of the boot image is required. Whether they knew or not, it is NOT required, and I will be changing this tool to compensate for that.
Click to expand...
Click to collapse
Happy you found a new exploit for us builders and devs, just feel like you kinda disrespected codefire team by accusing them of things before actually talking to them, seems a bit counter productive, this may piss them off and next device you can kiss new exploits by them good-bye,
just my 2 cents on the matter,
i'd remove the line...
in any case thank you very much, i will add it to my build script
---------- Post added at 08:34 PM ---------- Previous post was at 08:29 PM ----------
nikosblade said:
Propably stupid question but i ll give a shot. Since we have the magic key we cant just skip the bump stuff totally? As i can understand, i dont wait official developer team join the bump train, thats why the damn development of the device is really back while the hardware is more than capable.
**To the OP i wish i could give you a thousand likes sir!
Click to expand...
Click to collapse
"Bump stuff" has nothing to do with users, the devs and builders do the "bumping", and development of the G series has nothing to do with bumping, it just takes time to bring everything up
Good job cybojenix. (moderator edit: watch your language please)
Way to ruin a good thing.
I'm done with Android now. You can do it all now - since you obviously know better than me and everyone else.
I don't appreciate people trying to blackmail me - EnderBlue and Cybo both.
Don't believe me? http://hastebin.com/gulumezawi.txt
Good job guys. Way to ruin unlocks for all future LG phones.
If I *EVER* decide to come back, I will not be releasing anything as free or open source. You've sullied my impression of the open source community. Anything I do will be private releases from now on.
LG hadn't patched Bump, and they were going to leave it alone for us as long as we kept it as a service.
Well, looks like that's over and done with.
Bump included a hash of the image that you uploaded and a hash of your developer ID, and some random junk bytes. That's all. It's exactly what we said it was doing.
Well, hey, now you're free to take over and write roots and unlocks for all LG phones since you obviously have the talent to do so.
Let's be honest though, without my team's hard work that you stole, you wouldn't have been able to do any of this.
But you knew that, you're just a bottom feeder.
I don't get angry often at all- but congrats! You've succeeded in making me mad! Achievement unlocked!
I'm done. Your turn.
EDIT: Also, you know you can't open source your project either considering it contains 'stolen' LG crypto keys. https://github.com/CyboLabs/Open_Bump/issues/1
Have fun with that one.
thecubed said:
Good job cybojenix. (moderator edit: watch your language please)
Way to ruin a good thing.
I'm done with Android now. You can do it all now - since you obviously know better than me and everyone else.
I don't appreciate people trying to blackmail me - EnderBlue and Cybo both.
Don't believe me? http://hastebin.com/gulumezawi.txt
Good job guys. Way to ruin unlocks for all future LG phones.
If I *EVER* decide to come back, I will not be releasing anything as free or open source. You've sullied my impression of the open source community. Anything I do will be private releases from now on.
LG hadn't patched Bump, and they were going to leave it alone for us as long as we kept it as a service.
Well, looks like that's over and done with.
Bump included a hash of the image that you uploaded and a hash of your developer ID, and some random junk bytes. That's all. It's exactly what we said it was doing.
Well, hey, now you're free to take over and write roots and unlocks for all LG phones since you obviously have the talent to do so.
Let's be honest though, without my team's hard work that you stole, you wouldn't have been able to do any of this.
But you knew that, you're just a bottom feeder.
I don't get angry often at all- but congrats! You've succeeded in making me mad! Achievement unlocked!
I'm done. Your turn.
EDIT: Also, you know you can't open source your project either considering it contains 'stolen' LG crypto keys. https://github.com/CyboLabs/Open_Bump/issues/1
Have fun with that one.
Click to expand...
Click to collapse
First off, I didn't black mail. I gave your team notice about open sourcing it after reverse engineering the LG bootloader, not your "signatures".
It's your choice if you want to leave Android. Pinning the blame on me is somewhat childish though.
LG not patching Bump? That's a ludicrous statement, and even if it's true, it's good that this script got released. That way they know it should be patched, since having it a service clearly makes all the difference to them.
The hardest part of your teams work was getting the keys. If you know where to look, then it's easy enough to get engineering builds which I suspect contain the master magic bytes which you released.
I'm honestly shocked at your reaction though. I gave your team all the credit and stated which parts I did myself. The part about the service, and the deception was justified.
You tried to obscure something which by logic can't be obscured. That's how so many people realised they can just append the bytes to the image.
So which one would you rather have, LG not patching the exploit (as you so claim), and having an unknown number of people in china running around flashing custom boot images, or have everyone know how to do it to force LG to recheck their security measures.
What I did may not have been fantastic for the community, but what you did was insanely dangerous for the 90% of LG users.
All you did was make it so LG locks down the bootloader. And really 90% of users??? There probably isn't even 3 percent of the LG base on this website. All you did was screw everybody else over so you could have YOUR OFFICIAL CM.
As well people saying you didn't do enough and are still using there signing key as well as attacking it as well.
Way to think about yourself. You didn't care about the 90% or you wouldn't have done this.
I personally hope LG locks down the bootloader now. Go the way Samsung did and put an efuse on it and prevent downgrading. Hopefully all this happens with lollipop so you can screw over the rest of the LG crowd.
cybojenix said:
it's good that this script got released. That way they know it should be patched, since having it a service clearly makes all the difference to them.
Click to expand...
Click to collapse
"Hey let's potentially close all future LG unlocks and thus the chance to use CyanogenMod on future LG devices then. Just so I can get the current CM builds to say 'Official' and get a big pat on the back from the CM dudes who probably don't care about me too much."
Is that what went through your mind? That instant gratification and ignorance really shows who you are because that's exactly what I see from this OP of yours. Enjoy your 15 minutes of fame. You probably just killed a chance for years of it.
savoca said:
"Hey let's potentially close all future LG unlocks and thus the chance to use CyanogenMod on future LG devices then. Just so I can get the current CM builds to say 'Official' and get a big pat on the back from the CM dudes who probably don't care about me too much."
Is that what went through your mind? That instant gratification and ignorance really shows who you are because that's exactly what I see from this OP of yours. Enjoy your 15 minutes of fame. You probably just killed a chance for years of it.
Click to expand...
Click to collapse
Yes, because I've been such a massive supporter of cm. (sarcasm in case you didn't realise).
I started reverse engineering the bootloader for research purposes. If it was more complex than what I have said above, then I probably wouldn't have done this thread.
If it weren't for the fact that the magic stays the same across all signatures, then I also wouldn't have done this thread.
The response I got from them when I contacted them before releasing this was pretty much one of lack of care. So I went ahead and posted it.
I couldn't care less about fame. In fact there isn't really a lot I do care about, but I won't have the community alienated in to thinking the codefire service was such a great thing.
And once again, I refuse to take the blame for their team leaving Android.
whoppe862005 said:
All you did was make it so LG locks down the bootloader. And really 90% of users??? There probably isn't even 3 percent of the LG base on this website. All you did was screw everybody else over so you could have YOUR OFFICIAL CM.
As well people saying you didn't do enough and are still using there signing key as well as attacking it as well.
Way to think about yourself. You didn't care about the 90% or you wouldn't have done this.
I personally hope LG locks down the bootloader now. Go the way Samsung did and put an efuse on it and prevent downgrading. Hopefully all this happens with lollipop so you can screw over the rest of the LG crowd.
Click to expand...
Click to collapse
See my other post, I don't care about cm.
Fair enough, 3% are here, so this benefits the security of 97% of lg uses, if the claim that lg was alright with it running s a service is true.
Either way, I did nothing wrong
cybojenix said:
I couldn't care less about fame. In fact there isn't really a lot I do care about, but I won't have the community alienated in to thinking the codefire service was such a great thing.
Click to expand...
Click to collapse
So you only care about ruining good things, and other people's work?
Lol sorry I think I'm done with you. By cybo
savoca said:
So you only care about ruining good things, and other people's work?
Lol sorry I think I'm done with you. By cybo
Click to expand...
Click to collapse
Tbh I thought it would have been clear by now what I care about. Then again I may have been wrong about considering you one of the smart android people.
I care about learning and sharing knowledge. Which is precisely what this thread did.
cybojenix said:
See my other post, I don't care about cm.
Fair enough, 3% are here, so this benefits the security of 97% of lg uses, if the claim that lg was alright with it running s a service is true.
Either way, I did nothing wrong
Click to expand...
Click to collapse
I saw your PM to autoprime in IRC, it was "I am going to post what I found or you do, either way its going there", it wasn't lack of care, it was that you just stated a fact and left, it was a very rude unthoughtful thing to do, also don't try to BS everyone with your research, you and about 100 other people found the "magic keys", the problem is those "magic keys" were placed there by team codefire, you didn't find them, you found that they were using the key and copied their work, anything else you say is a lie, at least the other 99 people who found this had the basic respect to not post it unless the original team allowed it.
There was no reason to post this, their site was working fine, and if you used the API there was no problem of tracking since it just uses a UID to identify to the server.
at least admit you were wrong and say you are sorry, they won't fix anything but will gain you a minimum amount of respect
sooti said:
I saw your PM to autoprime in IRC, it was "I am going to post what I found or you do, either way its going there", it wasn't lack of care, it was that you just stated a fact and left, it was a very rude unthoughtful thing to do, also don't try to BS everyone with your research, you and about 100 other people found the "magic keys", the problem is those "magic keys" were placed there by team codefire, you didn't find them, you found that they were using the key and copied their work, anything else you say is a lie, at least the other 99 people who found this had the basic respect to not post it unless the original team allowed it.
There was no reason to post this, their site was working fine, and if you used the API there was no problem of tracking since it just uses a UID to identify to the server.
at least admit you were wrong and say you are sorry, they won't fix anything but will gain you a minimum amount of respect
Click to expand...
Click to collapse
Wrong, I stated that I was going to open source it, meaning the work of put in to getting the key and how it's used to get the original magic.
It was after that that I realised the final magic is the only thing needed. I actually worked out how to get the magic key a few hours ago, but since I don't have the right images, it won't be globally usable.
Fair enough, I apologise for pointing out the flaws in codefires service, and that they took it badly.
cybojenix said:
See my other post, I don't care about cm.
Fair enough, 3% are here, so this benefits the security of 97% of lg uses, if the claim that lg was alright with it running s a service is true.
Either way, I did nothing wrong
Click to expand...
Click to collapse
OK. If you did nothing wrong please do explain this
Enderblue-"well, would you be willing to open source it so we can have a official cm support?"
IoMonster-"so it would make storm already worse then what it is now? *paraphrasing for language
IoMonster-"no"
Seems like be said he didn't want it open source but you still went ahead any way.
http://hastebin.com/gulumezawi.txt
And then you saying your going to push it for vs985 even after he said no.
I don't know who Enderblue is, and I'm not affiliated with him..
whoppe862005 said:
OK. If you did nothing wrong please do explain this
Enderblue-"well, would you be willing to open source it so we can have a official cm support?"
IoMonster-"so it would make storm already worse then what it is now? *paraphrasing for language
IoMonster-"no"
Seems like be said he didn't want it open source but you still went ahead any way.
http://hastebin.com/gulumezawi.txt
And then you saying your going to push it for vs985 even after he said no.
Click to expand...
Click to collapse
cybojenix said:
I don't know who Enderblue is, and I'm not affiliated with him..
Click to expand...
Click to collapse
It isn't like it matters if you are or not. It says right in the chat he doesn't want it open sourced. I'm sure about 99% of the people on here have seen that already and I'm pretty sure you have seen it as well.
It states right in the chat he didn't want it open sourced.
whoppe862005 said:
It isn't like it matters if you are or not. It says right in the chat he doesn't want it open sourced. I'm sure about 99% of the people on here have seen that already and I'm pretty sure you have seen it as well.
It states right in the chat he didn't want it open sourced.
Click to expand...
Click to collapse
but the chat wasn't with me, so your point is null
autoprime had ample opportunity to say "don't do it yet", or "go talk to IO". but no, no objections were made.
Codefire treated the service like any other company would treat their unlocking service, so I treated them like a company and showed how it was done.