CyboLabs is Proud to present
Open Bump!
What is Open Bump?
Open Bump is a recreation of the closed source Bump project run by Codefire.
It will allow you to "sign" your boot images in the same way that Codefire does it, only you don't need an internet connection.
Click to expand...
Click to collapse
What Open Bump is NOT
lets get the obvious out the way. It won't axe murder you.
It is not a direct reverse engineer of Codefire's implementation. I found the key and iv on my own
The magic bytes were taken from Codefire's method however. If anyone has insight has to how they were found, please shout up.
It does NOT take your private data so you can use it. Tin hatters feel free to double check
Click to expand...
Click to collapse
How did I find this out
I had a general idea of what to look for, having heard that the exploit is related uicc, and is signed with a cipher.
Dropping the aboot image in to Ghex led me to finding a reference to "uiccsecurity". Using the bytes around this, I found a repeat of 32 bytes, which was followed by 16 bytes which formed something that resembled "SecureWallpaper".
As you can probably guess, this was mainly trail and error backed by common sense and logical thinking.
you can programmatically find these values with the python script:
Python:
aboot_name = './aboot.img'
aboot = open(aboot_name, 'rb').read()
key_end = aboot.index('uicc')
key_start = key_end - 32
key = aboot[key_start:key_end]
sec_key_start = aboot.index(key, key_end)
iv_start = sec_key_start + 32
iv_end = iv_start + 16
iv = aboot[iv_start:iv_end]
deciphering some already generated "signatures" proved that these were the key and iv used for "signing" the images.
Click to expand...
Click to collapse
What is coming next?
Inspecting the signatures that were originally uploaded and the ones that people can generate now, I found only one pattern.
The only similarities were the first 16 bytes of each "signature". I believe that only the magic number is needed, and none of the garbage that follows. This has been confirmed by the LG G3 dev from CyanogenMod, Invisiblek Done
Click to expand...
Click to collapse
How to use it?
I don't know how well this will run on anything other than linux, so for now.. I won't talk about it.
First, ensure you are using python2
then run the script
Code:
python2 open_bump.py "/path/to/boot.img"
flash the output, and enjoy
Click to expand...
Click to collapse
Thanks to:
Obviously, this wouldn't have been possible without Codefire since I wouldn't have known where to look, or that it was exploitable. And it was them that found the magic key.
Big thank you to @pulser_g2, who offered invaluable input on cryptography
Big thank you to @invisiblek, who I mercilessly kanged the main part of the image padding script from
note:
The original part of finding this information out was done on my own with guidance from pulser. The final results of this are posted above.
XDA:DevDB Information
Open_Bump, Tool/Utility for the LG G2
Contributors
cybojenix
Source Code: https://github.com/CyboLabs/Open_Bump
Version Information
Status: Beta
Created 2014-11-23
Last Updated 2014-11-23
Thanks, thats great news to have an open source tool here!
Do you see any chance that this could be integrated into CWM/TWRP so that the recovery rom could bump the boot/recovery images before flashing?
Because the boot/recovery.img has to be extracted from the ROM-zip before flashing, bumping it here would make sure that the phone can boot the image even with the newer bootloader.
This would be great for rom-devs since they don't have to change anything and it would even bump roms that are not maintained anymore.
g4rb4g3 said:
Thanks, thats great news to have an open source tool here!
Do you see any chance that this could be integrated into CWM/TWRP so that the recovery rom could bump the boot/recovery images before flashing?
Because the boot/recovery.img has to be extracted from the ROM-zip before flashing, bumping it here would make sure that the phone can boot the image even with the newer bootloader.
This would be great for rom-devs since they don't have to change anything and it would even bump roms that are not maintained anymore.
Click to expand...
Click to collapse
simple answer, this can be added to the build step really easily. See this commit
edit:
of course it may be useful to make a c program to do this.... I shall think on it.
Propably stupid question but i ll give a shot. Since we have the magic key we cant just skip the bump stuff totally? As i can understand, i dont wait official developer team join the bump train, thats why the damn development of the device is really back while the hardware is more than capable.
**To the OP i wish i could give you a thousand likes sir!
After getting the bootloader may be open G3؟؟
Why not use the original Bump?
Quote:
Codefire has been extremely vague about their method, obviously to prevent someone else replicating their results.
They are also storing people's data unnecessarily, and even adding some information relating to the user in to the "signature", possibly for tracking purposes.
As a result of it being an external service, many reputable teams (which won't be named unless they want to be) have said they will not use it, and would rather wait till LG releases the official unlock method.
Finally, Codefire have said the sha1sum of the boot image is required. Whether they knew or not, it is NOT required, and I will be changing this tool to compensate for that.
Click to expand...
Click to collapse
Happy you found a new exploit for us builders and devs, just feel like you kinda disrespected codefire team by accusing them of things before actually talking to them, seems a bit counter productive, this may piss them off and next device you can kiss new exploits by them good-bye,
just my 2 cents on the matter,
i'd remove the line...
in any case thank you very much, i will add it to my build script
---------- Post added at 08:34 PM ---------- Previous post was at 08:29 PM ----------
nikosblade said:
Propably stupid question but i ll give a shot. Since we have the magic key we cant just skip the bump stuff totally? As i can understand, i dont wait official developer team join the bump train, thats why the damn development of the device is really back while the hardware is more than capable.
**To the OP i wish i could give you a thousand likes sir!
Click to expand...
Click to collapse
"Bump stuff" has nothing to do with users, the devs and builders do the "bumping", and development of the G series has nothing to do with bumping, it just takes time to bring everything up
Good job cybojenix. (moderator edit: watch your language please)
Way to ruin a good thing.
I'm done with Android now. You can do it all now - since you obviously know better than me and everyone else.
I don't appreciate people trying to blackmail me - EnderBlue and Cybo both.
Don't believe me? http://hastebin.com/gulumezawi.txt
Good job guys. Way to ruin unlocks for all future LG phones.
If I *EVER* decide to come back, I will not be releasing anything as free or open source. You've sullied my impression of the open source community. Anything I do will be private releases from now on.
LG hadn't patched Bump, and they were going to leave it alone for us as long as we kept it as a service.
Well, looks like that's over and done with.
Bump included a hash of the image that you uploaded and a hash of your developer ID, and some random junk bytes. That's all. It's exactly what we said it was doing.
Well, hey, now you're free to take over and write roots and unlocks for all LG phones since you obviously have the talent to do so.
Let's be honest though, without my team's hard work that you stole, you wouldn't have been able to do any of this.
But you knew that, you're just a bottom feeder.
I don't get angry often at all- but congrats! You've succeeded in making me mad! Achievement unlocked!
I'm done. Your turn.
EDIT: Also, you know you can't open source your project either considering it contains 'stolen' LG crypto keys. https://github.com/CyboLabs/Open_Bump/issues/1
Have fun with that one.
thecubed said:
Good job cybojenix. (moderator edit: watch your language please)
Way to ruin a good thing.
I'm done with Android now. You can do it all now - since you obviously know better than me and everyone else.
I don't appreciate people trying to blackmail me - EnderBlue and Cybo both.
Don't believe me? http://hastebin.com/gulumezawi.txt
Good job guys. Way to ruin unlocks for all future LG phones.
If I *EVER* decide to come back, I will not be releasing anything as free or open source. You've sullied my impression of the open source community. Anything I do will be private releases from now on.
LG hadn't patched Bump, and they were going to leave it alone for us as long as we kept it as a service.
Well, looks like that's over and done with.
Bump included a hash of the image that you uploaded and a hash of your developer ID, and some random junk bytes. That's all. It's exactly what we said it was doing.
Well, hey, now you're free to take over and write roots and unlocks for all LG phones since you obviously have the talent to do so.
Let's be honest though, without my team's hard work that you stole, you wouldn't have been able to do any of this.
But you knew that, you're just a bottom feeder.
I don't get angry often at all- but congrats! You've succeeded in making me mad! Achievement unlocked!
I'm done. Your turn.
EDIT: Also, you know you can't open source your project either considering it contains 'stolen' LG crypto keys. https://github.com/CyboLabs/Open_Bump/issues/1
Have fun with that one.
Click to expand...
Click to collapse
First off, I didn't black mail. I gave your team notice about open sourcing it after reverse engineering the LG bootloader, not your "signatures".
It's your choice if you want to leave Android. Pinning the blame on me is somewhat childish though.
LG not patching Bump? That's a ludicrous statement, and even if it's true, it's good that this script got released. That way they know it should be patched, since having it a service clearly makes all the difference to them.
The hardest part of your teams work was getting the keys. If you know where to look, then it's easy enough to get engineering builds which I suspect contain the master magic bytes which you released.
I'm honestly shocked at your reaction though. I gave your team all the credit and stated which parts I did myself. The part about the service, and the deception was justified.
You tried to obscure something which by logic can't be obscured. That's how so many people realised they can just append the bytes to the image.
So which one would you rather have, LG not patching the exploit (as you so claim), and having an unknown number of people in china running around flashing custom boot images, or have everyone know how to do it to force LG to recheck their security measures.
What I did may not have been fantastic for the community, but what you did was insanely dangerous for the 90% of LG users.
All you did was make it so LG locks down the bootloader. And really 90% of users??? There probably isn't even 3 percent of the LG base on this website. All you did was screw everybody else over so you could have YOUR OFFICIAL CM.
As well people saying you didn't do enough and are still using there signing key as well as attacking it as well.
Way to think about yourself. You didn't care about the 90% or you wouldn't have done this.
I personally hope LG locks down the bootloader now. Go the way Samsung did and put an efuse on it and prevent downgrading. Hopefully all this happens with lollipop so you can screw over the rest of the LG crowd.
cybojenix said:
it's good that this script got released. That way they know it should be patched, since having it a service clearly makes all the difference to them.
Click to expand...
Click to collapse
"Hey let's potentially close all future LG unlocks and thus the chance to use CyanogenMod on future LG devices then. Just so I can get the current CM builds to say 'Official' and get a big pat on the back from the CM dudes who probably don't care about me too much."
Is that what went through your mind? That instant gratification and ignorance really shows who you are because that's exactly what I see from this OP of yours. Enjoy your 15 minutes of fame. You probably just killed a chance for years of it.
savoca said:
"Hey let's potentially close all future LG unlocks and thus the chance to use CyanogenMod on future LG devices then. Just so I can get the current CM builds to say 'Official' and get a big pat on the back from the CM dudes who probably don't care about me too much."
Is that what went through your mind? That instant gratification and ignorance really shows who you are because that's exactly what I see from this OP of yours. Enjoy your 15 minutes of fame. You probably just killed a chance for years of it.
Click to expand...
Click to collapse
Yes, because I've been such a massive supporter of cm. (sarcasm in case you didn't realise).
I started reverse engineering the bootloader for research purposes. If it was more complex than what I have said above, then I probably wouldn't have done this thread.
If it weren't for the fact that the magic stays the same across all signatures, then I also wouldn't have done this thread.
The response I got from them when I contacted them before releasing this was pretty much one of lack of care. So I went ahead and posted it.
I couldn't care less about fame. In fact there isn't really a lot I do care about, but I won't have the community alienated in to thinking the codefire service was such a great thing.
And once again, I refuse to take the blame for their team leaving Android.
whoppe862005 said:
All you did was make it so LG locks down the bootloader. And really 90% of users??? There probably isn't even 3 percent of the LG base on this website. All you did was screw everybody else over so you could have YOUR OFFICIAL CM.
As well people saying you didn't do enough and are still using there signing key as well as attacking it as well.
Way to think about yourself. You didn't care about the 90% or you wouldn't have done this.
I personally hope LG locks down the bootloader now. Go the way Samsung did and put an efuse on it and prevent downgrading. Hopefully all this happens with lollipop so you can screw over the rest of the LG crowd.
Click to expand...
Click to collapse
See my other post, I don't care about cm.
Fair enough, 3% are here, so this benefits the security of 97% of lg uses, if the claim that lg was alright with it running s a service is true.
Either way, I did nothing wrong
cybojenix said:
I couldn't care less about fame. In fact there isn't really a lot I do care about, but I won't have the community alienated in to thinking the codefire service was such a great thing.
Click to expand...
Click to collapse
So you only care about ruining good things, and other people's work?
Lol sorry I think I'm done with you. By cybo
savoca said:
So you only care about ruining good things, and other people's work?
Lol sorry I think I'm done with you. By cybo
Click to expand...
Click to collapse
Tbh I thought it would have been clear by now what I care about. Then again I may have been wrong about considering you one of the smart android people.
I care about learning and sharing knowledge. Which is precisely what this thread did.
cybojenix said:
See my other post, I don't care about cm.
Fair enough, 3% are here, so this benefits the security of 97% of lg uses, if the claim that lg was alright with it running s a service is true.
Either way, I did nothing wrong
Click to expand...
Click to collapse
I saw your PM to autoprime in IRC, it was "I am going to post what I found or you do, either way its going there", it wasn't lack of care, it was that you just stated a fact and left, it was a very rude unthoughtful thing to do, also don't try to BS everyone with your research, you and about 100 other people found the "magic keys", the problem is those "magic keys" were placed there by team codefire, you didn't find them, you found that they were using the key and copied their work, anything else you say is a lie, at least the other 99 people who found this had the basic respect to not post it unless the original team allowed it.
There was no reason to post this, their site was working fine, and if you used the API there was no problem of tracking since it just uses a UID to identify to the server.
at least admit you were wrong and say you are sorry, they won't fix anything but will gain you a minimum amount of respect
sooti said:
I saw your PM to autoprime in IRC, it was "I am going to post what I found or you do, either way its going there", it wasn't lack of care, it was that you just stated a fact and left, it was a very rude unthoughtful thing to do, also don't try to BS everyone with your research, you and about 100 other people found the "magic keys", the problem is those "magic keys" were placed there by team codefire, you didn't find them, you found that they were using the key and copied their work, anything else you say is a lie, at least the other 99 people who found this had the basic respect to not post it unless the original team allowed it.
There was no reason to post this, their site was working fine, and if you used the API there was no problem of tracking since it just uses a UID to identify to the server.
at least admit you were wrong and say you are sorry, they won't fix anything but will gain you a minimum amount of respect
Click to expand...
Click to collapse
Wrong, I stated that I was going to open source it, meaning the work of put in to getting the key and how it's used to get the original magic.
It was after that that I realised the final magic is the only thing needed. I actually worked out how to get the magic key a few hours ago, but since I don't have the right images, it won't be globally usable.
Fair enough, I apologise for pointing out the flaws in codefires service, and that they took it badly.
cybojenix said:
See my other post, I don't care about cm.
Fair enough, 3% are here, so this benefits the security of 97% of lg uses, if the claim that lg was alright with it running s a service is true.
Either way, I did nothing wrong
Click to expand...
Click to collapse
OK. If you did nothing wrong please do explain this
Enderblue-"well, would you be willing to open source it so we can have a official cm support?"
IoMonster-"so it would make storm already worse then what it is now? *paraphrasing for language
IoMonster-"no"
Seems like be said he didn't want it open source but you still went ahead any way.
http://hastebin.com/gulumezawi.txt
And then you saying your going to push it for vs985 even after he said no.
I don't know who Enderblue is, and I'm not affiliated with him..
whoppe862005 said:
OK. If you did nothing wrong please do explain this
Enderblue-"well, would you be willing to open source it so we can have a official cm support?"
IoMonster-"so it would make storm already worse then what it is now? *paraphrasing for language
IoMonster-"no"
Seems like be said he didn't want it open source but you still went ahead any way.
http://hastebin.com/gulumezawi.txt
And then you saying your going to push it for vs985 even after he said no.
Click to expand...
Click to collapse
cybojenix said:
I don't know who Enderblue is, and I'm not affiliated with him..
Click to expand...
Click to collapse
It isn't like it matters if you are or not. It says right in the chat he doesn't want it open sourced. I'm sure about 99% of the people on here have seen that already and I'm pretty sure you have seen it as well.
It states right in the chat he didn't want it open sourced.
whoppe862005 said:
It isn't like it matters if you are or not. It says right in the chat he doesn't want it open sourced. I'm sure about 99% of the people on here have seen that already and I'm pretty sure you have seen it as well.
It states right in the chat he didn't want it open sourced.
Click to expand...
Click to collapse
but the chat wasn't with me, so your point is null
autoprime had ample opportunity to say "don't do it yet", or "go talk to IO". but no, no objections were made.
Codefire treated the service like any other company would treat their unlocking service, so I treated them like a company and showed how it was done.
Related
Just so everyone is aware, the kernel and the recovery partition signatures are checked on each boot, changing those will leave you with a brick, until we have proper firmware to recovery with.
I found out the hard way.
On my second Atrix now.
Casualty of war
Taking one for the team
Well that sucks..
any free partitions that we can "steal"? and basically pull a haret where it loads partially from legit bootloader and kernel, then shuffles off to a different partition we CAN write for the real kernel, unloads all that other stuff and then launches the new kernel partiion we've modified?
designgears said:
Just so everyone is aware, the kernel and the recovery partition signatures are checked on each boot, changing those will leave you with a brick, until we have proper firmware to recovery with.
I found out the hard way.
On my second Atrix now.
Click to expand...
Click to collapse
I guess that when we told you this, you just had to find out for yourself. The recovery should only be checked when you attempt to access it, but the kernel is checked on every boot. I hope you did not return to store as defective.
DG, thank you for putting yourself out there, and putting together roms along with the dev work.
Its nice to see some progress being done along side all the people on here saying what we shouldnt be doing/trying with our phones.
Athailias said:
DG, thank you for putting yourself out there, and putting together roms along with the dev work.
Its nice to see some progress being done along side all the people on here saying what we shouldnt be doing/trying with our phones.
Click to expand...
Click to collapse
Don't thank him for repeating something which had been confirmed.
jimmydafish said:
I guess that when we told you this, you just had to find out for yourself. The recovery should only be checked when you attempt to access it, but the kernel is checked on every boot. I hope you did not return to store as defective.
Click to expand...
Click to collapse
So you told me it was checked every boot (first bold), but it should only be checked when you access it (second bold)? Confused, on drugs or what?
I just found out the hard way for you, it's checked every boot accessed or not.
If you want to be elitist and not post up a FAQ about what you know (do you even have an atrix), please stop posting in here, you've done nothing but spout off what you know about other moto devices, it is clear they tightened things down a bit more.
jimmypopulous said:
Don't thank him for repeating something which had been confirmed.
Click to expand...
Click to collapse
everything you guys say, along with others says it SHOULD be checked when accessed, which means I should have been able to boot normally and fail when I boot recovery.
You guys keep saying its CONFIRMED, where is it documented for the atrix. Tests performed with document results as proof.
designgears said:
So you told me it was checked every boot (first bold), but it should only be checked when you access it (second bold)? Confused, on drugs or what?
I just found out the hard way for you, it's checked every boot accessed or not.
If you want to be elitist and not post up a FAQ about what you know (do you even have an atrix), please stop posting in here, you've done nothing but spout off what you know about other moto devices, it is clear they tightened things down a bit more.
everything you guys say, along with others says it SHOULD be checked when accessed, which means I should have been able to boot normally and fail when I boot recovery.
You guys keep saying its CONFIRMED, where is it documented for the atrix. Tests performed with document results as proof.
Click to expand...
Click to collapse
What is being elitist by my statement? That before you started playing with your shiny new toy, we advised that doing certain things with your phone without proper firmware to restore your phone, WOULD result in a "soft brick".
I do not have a motorola ATRIX, never said I did, but I can read the firmware pretty well. If your offended by my post I assume it is because offered up my standard line of "hope you did not return it as defective", because nothing else in that statement should lead you behave like a child.
Here how about this for a Facts, my rom was the first to safely remove Blur from the Droid series of phones safely, after reading the firmware from your phone, and your deodexed version of the firmware there are many portions you could remove safely.
If you have questions you could ask and get the answers, but as it stands right now, we are just trying to help you save yourselves. Many people will enter these forums, and while each person is responsible for their own device, they will try to follow what you have done and they too will soft brick their phone. I'm not sure of your ethical and moral makeup but too many people return their manipulated device to the provider as defective causing every to pay for their mistake.
I just hope you bought another Atrix outright and did not scam ATT/Motorola.
designgears said:
So you told me it was checked every boot (first bold), but it should only be checked when you access it (second bold)? Confused, on drugs or what?
I just found out the hard way for you, it's checked every boot accessed or not.
If you want to be elitist and not post up a FAQ about what you know (do you even have an atrix), please stop posting in here, you've done nothing but spout off what you know about other moto devices, it is clear they tightened things down a bit more.
everything you guys say, along with others says it SHOULD be checked when accessed, which means I should have been able to boot normally and fail when I boot recovery.
Click to expand...
Click to collapse
DesignGears,
Please don't let a claim-to-know-it-all self-righteous Prick like jimmydafish discourage your efforts.
As far as I'm concerned (and probably the majority of people who mash the refresh button on this subforum multiple times a day would agree) it's people like you (people who have actively contributed to the users here at XDA in the past (all your captivate work)), that make me feel lucky to own the same type of device that you and other dedicated devs like yourself own.
Its hard to imagine how someone who probably played a very small part on a team -- a team that, as far as I can tell, has never managed to actually produce any real results on the DX -- can know so much about a device he doesn't even own.
And if reading this post encourages members of any such team to get their panties in a wad and start talking about how they are not going to contribute here now, well then to that I say: good riddance. For every one small tip you may provide it seams like you offer two holier-than-thou-doughe-bag-comments that frankly this section of this forum could do without.
But again, thank you DesginGears and Devs like you
mburris said:
DesignGears,
Please don't let a claim-to-know-it-all self-righteous Prick like jimmydafish discourage your efforts.
As far as I'm concerned (and probably the majority of people who mash the refresh button on this subforum multiple times a day would agree) it's people like you (people who have actively contributed to the users here at XDA in the past (all your captivate work)), that make me feel lucky to own the same type of device that you and other dedicated devs like yourself own.
Its hard to imagine how someone who probably played a very small part on a team -- a team that, as far as I can tell, has never managed to actually produce any real results on the DX -- can know so much about a device he doesn't even own.
And if reading this post encourages members of any such team to get their panties in a wad and start talking about how they are not going to contribute here now, well then to that I say: good riddance. For every one small tip you may provide it seams like you offer two holier-than-thou-doughe-bag-comments that frankly this section of this forum could do without.
But again, thank you DesginGears and Devs like you
Click to expand...
Click to collapse
I can assure you I am not, glad to have support.
--
Jimmy, no hard feelins, sorry I wanted try something and learn from it, sorry you told me two opposing things in the same post(this is what I am *****ing about if you would read you would know that), sorry I act like a child, I guess calling it how I see it is childish. From all the PM's about you I just got and mburris reply, you have made my block list, have fun in there with rafy.
jimmydafish said:
I just hope you bought another Atrix outright and did not scam ATT/Motorola.
Click to expand...
Click to collapse
Maybe if more people softbricked and returned phones that have locked down bootloaders, oems and carriers might finally realize that when someone buys a piece of technology, they own it, and would like to use it as such.
That includes:
1. Not having some POS skin on top of stock android (Blur)
2. Not being locked into paying twice for the data we already pay for (tethering)
3. Not being allowed to easily install non-market apps that we develop without jumping through hoops (slide loading)
4. Not having to wait for the carrier or oem mfg to release an update before we can have a current version of Android.
Call it a Brick-n-Return Protest
mburris said:
Maybe if more people softbricked and returned phones that have locked down bootloaders, oems and carriers might finally realize that when someone buys a piece of technology, they own it, and would like to use it as such.
That includes:
1. Not having some POS skin on top of stock android (Blur)
2. Not being locked into paying twice for the data we already pay for (tethering)
3. Not being allowed to easily install non-market apps that we develop without jumping through hoops (slide loading)
4. Not having to wait for the carrier or oem mfg to release an update before we can have a current version of Android.
Call it a Brick-n-Return Protest
Click to expand...
Click to collapse
LOL, that would surely cause some grief over at at&t, and a good laugh.
They would probably start leasing the phones so you can't say you own them.
Closed by OP request as this is an informational thread stating results of testing.
Well, this is sure an interesting email that I just received back from LG's support team, when asked about the kernel sources.
The rep seems to know what I'm asking for-- but for whatever reason denies my request (which is reasonable by the GPL).
Anyway, full email here:
Dear Tyler,
Thank you for inquiring of LG Electronics.
We do apologize for any inconvenience this may have caused.
We would be more than happy to provide the Kernel source which is: 2.6.32.9-PERF
[email protected] #1
Unfortunately, the source will not be released.
Please feel free to contact us if you have any additional questions or concerns. Thank you again for contacting LG Electronics.
Maya C
E-Mail Administrator
Customer Interactive Center
LGEAI
-----------Original Customer Inquiry------------
Received Date : 06/22/2011 02:03 10
The type of inquiry : Others
Product/Model No. : CDMA/LGVS910
As per the GPL, is there somewhere that I can find kernel sources for the LGVS910?
It is not on your LG Open Source page, is there an alternate location I should look?
If there is no public place to download the source, what is your timeline for releasing it?
Thank you!
Click to expand...
Click to collapse
Hmm, should I quote the GPL back to them, or try asking nicely again?
thecubed said:
Well, this is sure an interesting email that I just received back from LG's support team, when asked about the kernel sources.
The rep seems to know what I'm asking for-- but for whatever reason denies my request (which is reasonable by the GPL).
Anyway, full email here:
Hmm, should I quote the GPL back to them, or try asking nicely again?
Click to expand...
Click to collapse
Yeah, that's an invalid response if the code is GPLed.
I'm not quite sure why or how they think they can get away with that, considering the source for all their other phones is available here: http://www.lg.com/global/support/opensource/opensource.jsp
Even the tmobile g2x has it's sources posted...
What I wonder is if they're just saying that _this_ kernel's sources won't be posted.
Maybe they're embarassed? Hope not, because I demand this kernel's source!
thecubed said:
I'm not quite sure why or how they think they can get away with that, considering the source for all their other phones is available here: http://www.lg.com/global/support/opensource/opensource.jsp
Even the tmobile g2x has it's sources posted...
What I wonder is if they're just saying that _this_ kernel's sources won't be posted.
Maybe they're embarassed? Hope not, because I demand this kernel's source!
Click to expand...
Click to collapse
They may be protecting Microsoft's interests (they think) or they had a side agreement with Netflix. Either way, they can't deny a derivative work. It doesn't work that way. (at least I think? I haven't read the most recent GPL in a while...lol)
majorpay said:
They may be protecting Microsoft's interests (they think) or they had a side agreement with Netflix. Either way, they can't deny a derivative work. It doesn't work that way. (at least I think? I haven't read the most recent GPL in a while...lol)
Click to expand...
Click to collapse
As far as my understanding of the GPL, any code they modify that is released as GPL must be released as GPL also.
So, they (CodeAurora) modified Linux-2.6.32.9, which is GPL, hence they must release any modifications.
Where it gets grey is in terms of proprietary modules. However, if it's compiled into the kernel, I understand that it must also be released as source also. The only way to avoid that is to use module loading and taint the kernel, which then does some other license-protecting stuff.
Damn, the GPL is complicated.
EDIT: I'm in LG Live Chat right now asking...
thecubed said:
As far as my understanding of the GPL, any code they modify that is released as GPL must be released as GPL also.
So, they (CodeAurora) modified Linux-2.6.32.9, which is GPL, hence they must release any modifications.
Where it gets grey is in terms of proprietary modules. However, if it's compiled into the kernel, I understand that it must also be released as source also. The only way to avoid that is to use module loading and taint the kernel, which then does some other license-protecting stuff.
Damn, the GPL is complicated.
Click to expand...
Click to collapse
Yeah, it gets more so every year, and depending on what version of GPL is in use depends on what the specifics are. I'd have to say even if their module loading taints the kernel, they should be able to (read: must) release the modified source prior to the dirty side mods.
if they are anything like samsung, they will sit on it for as long as possible.
LG Chat:
Jorge: Hello Guest. Welcome to LG Electronics! How may I provide you with excellent service today?
Guest: Hello, I was wondering when the kernel sources for the LGVS910 would be posted? Specifically kernel 2.6.32.9-PERF [email protected]
Jorge: unfortunately we do not have a date
Guest: Any reasonable estimate?
Jorge: I will love to say a date but we do not have information.
Guest: Okay, thank you.
Click to expand...
Click to collapse
Well, maybe the person in the email was misinformed, or just plain ol confused...
thecubed said:
LG Chat:
Well, maybe the person in the email was misinformed, or just plain ol confused...
Click to expand...
Click to collapse
Or... the current rep is stalling? Why would there be a delay? Shouldn't the GPLed kernel be available immediately at request?
I'm going to assume it won't be too long before they release 2.3 for this phone.
majorpay said:
Or... the current rep is stalling? Why would there be a delay? Shouldn't the GPLed kernel be available immediately at request?
I'm going to assume it won't be too long before they release 2.3 for this phone.
Click to expand...
Click to collapse
Me too.
To give LG some benefit of the doubt, it is possible they just don't want to put the work into it, considering they may have something brand new around the corner.
But-- what I worry about is OTA locking down the phone.... hence my want/need for sources, just in case.
thecubed said:
Me too.
To give LG some benefit of the doubt, it is possible they just don't want to put the work into it, considering they may have something brand new around the corner.
But-- what I worry about is OTA locking down the phone.... hence my want/need for sources, just in case.
Click to expand...
Click to collapse
Yes, and I've seen 2.3 turn otherwise perfectly good phones into piles of poo, so I definitely want a way back if that happens here. Resource requirements and overall overhead seems to increase 10 fold on 2.3
Come to think of it... I just realized I should be really worried for the next OTA update...
Now, those of us with clockwork need not worry, since it just will say "invalid signature" when LG's updates try to install (since clockwork is signed with the testkeys from cyanogenmod). Once it says "invalid signature" you'd just click "reboot now" and grab the update file from /cache .
But still... the unknown is killing me!
Isn't that exactly what happend with the thunderbolt?
thecubed said:
Come to think of it... I just realized I should be really worried for the next OTA update...
Now, those of us with clockwork need not worry, since it just will say "invalid signature" when LG's updates try to install (since clockwork is signed with the testkeys from cyanogenmod). Once it says "invalid signature" you'd just click "reboot now" and grab the update file from /cache .
But still... the unknown is killing me!
Click to expand...
Click to collapse
Well, we can work on the assumption that it's never coming... because you know how Verizon is about releasing updates.
However, in the meantime LG needs to cough up the goods per legal requirement. It could all be part of a greater conspiracy, ha! Release the next batch of goods and destroy what had been previously done, THEN release the source code to the first kernel.
So in other words when we get 2.3 they'll unsuspectingly give us everything we need for custom roms and kernels once one of us extracts it from the cache...
Little Buddy Sr.
MXFrodo195 said:
So in other words when we get 2.3 they'll unsuspectingly give us everything we need for custom roms and kernels once one of us extracts it from the cache...
Little Buddy Sr.
Click to expand...
Click to collapse
Not likely... They'll release the source for 2.2 to the public when 2.3 gets pushed. We're helping them find all the holes they left in 2.2.
I guess the phones work differently. I have only experienced OTAs on the original droid. In that phone's case; once you got the OTA and the phone rebooted, it would reboot to clockwork. If you wanted to apply the OTA you just selected "Update from SD" (or something like that). If you didn't you just rebooted the phone. Now granted that it will keep on bugging you that you don't have the latest until you trick it by changing the signature (on one of the prop files I believe it was - not sure if it still works that way).
Someone please let me know what I need to say over live chat or by email ill send or talk with them. Nothing to lose and alot to gain. And several cold beverages of my choice will help. I'm just not in the know on open sorce code etc.... I want to help.
From the GPL:
4. Conveying Verbatim Copies.
You may convey verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice; keep intact all notices stating that this License and any non-permissive terms added in accord with section 7 apply to the code; keep intact all notices of the absence of any warranty; and give all recipients a copy of this License along with the Program.
You may charge any price or no price for each copy that you convey, and you may offer support or warranty protection for a fee.
5. Conveying Modified Source Versions.
You may convey a work based on the Program, or the modifications to produce it from the Program, in the form of source code under the terms of section 4, provided that you also meet all of these conditions:
a) The work must carry prominent notices stating that you modified it, and giving a relevant date.
b) The work must carry prominent notices stating that it is released under this License and any conditions added under section 7. This requirement modifies the requirement in section 4 to “keep intact all notices”.
c) You must license the entire work, as a whole, under this License to anyone who comes into possession of a copy. This License will therefore apply, along with any applicable section 7 additional terms, to the whole of the work, and all its parts, regardless of how they are packaged. This License gives no permission to license the work in any other way, but it does not invalidate such permission if you have separately received it.
d) If the work has interactive user interfaces, each must display Appropriate Legal Notices; however, if the Program has interactive interfaces that do not display Appropriate Legal Notices, your work need not make them do so.
A compilation of a covered work with other separate and independent works, which are not by their nature extensions of the covered work, and which are not combined with it such as to form a larger program, in or on a volume of a storage or distribution medium, is called an “aggregate” if the compilation and its resulting copyright are not used to limit the access or legal rights of the compilation's users beyond what the individual works permit. Inclusion of a covered work in an aggregate does not cause this License to apply to the other parts of the aggregate.
Click to expand...
Click to collapse
As long as they hold out, they are in violation of the GPL. It should be noted, however, that they aren't the only ones in the Android world doing this. It has been the discussion hot topic for a lot of Android device manufacturers.
It could all be nothing, and they may not have "gotten around to it" yet. They have released all their previous and current works. It does question why this phone is on hold, and I'd venture to guess (but could be completely wrong) that it revolves around Microsoft protecting their digs in this machine.
The full thing is here if you want to review it...
http://www.gnu.org/licenses/gpl.html
Well guys, looks like Xposed for 5.0 won't ever happen.
REVISION: This edit was added on 2.13.14
The above statement was purely a joke when Xposed for LP was merely a dream. To clarify, as of now there is no ETA for Xposed. Ever. Don't ask. Stop. Don't think of it. If you ask, you shall be banned as of the words of the moderator.
I know it may be hard to read sometimes, so I started a new paragraph. If you are confused, look up. ETAs don't exist on this developer website. Thank you.
Xposed is IN THE WORKS and no, there is no beta version. If you beg to differ, post a comment. Don't flame me or anybody.
=D have a WONDERFUL, hate free day.
The full comment posted at https://github.com/rovo89/Xposed/issues/18 is:
Thanks guys. Actually, there is no need to worry about alternative approaches. It's not easy to "hack" ART in a similar way as Dalvik, but it's generally working.
What most people forget:
a) ART isn't the only new thing in Lollipop. SELinux requires a lot of extra code and even more thoughts to work around the restrictions. And 64 bit breaks the assumption that everything starts in a single process, as there are two Zygote processes now. I think it's important to consider this right from the start.
b) The actual (net) time required to write code is far away from the time that passes. It's not like I work on Xposed every evening. There are weeks when I don't look at the code at all. Yes, I do have other things in my life, and some have a higher priority. So even if something would take just a few evenings to code, it might take me a couple of weeks to actually do it. And once I publish something, you probably wouldn't like it if I took off for a few weeks.
If it was just about coding, pushing the source could be helpful. But that works best if there's already a clear concept of what is needed and an idea how this can be split up into work packages. Often it takes hours to come up with a concept that can be coded in 20 lines. Remember how many people are using Xposed meanwhile. We don't want to have some quick code that works by accident, so it's vital to think everything through carefully, and that takes time.
So yeah. It will take more time, I still don't give any ETA, but I'm quite confident that we'll have something nice some day.
Click to expand...
Click to collapse
No new "work in progress" sources = no help from other contributors. That's it.
pyler said:
No new "work in progress" sources = no help from other contributors. That's it.
Click to expand...
Click to collapse
You can probably count the people who really understand Xposed and how it works at one hand (and you'll basically have to start from scratch for lollipop).
It's not like there were hundreds of contributors in the past, so what you're trying to say here is invalid.
Yes, there would probably be some people who could help out, but keep in mind that every minute rovo is helping others to better understand what's going on isn't available for him to do some actual development (which includes research and drafting ideas).
I'm sure that any top tier dev who feels confident to actually bring xposed for lollipop forward can contact rovo anytime and get his wip code, but so far no one has spoken out.
The sad truth is that 95% of the xda users are people without any real technical knowledge - and the only thing they do is to offer to "test" something to gain access to something before it's release.
Unfortunately those testers are rarely ever needed, at least not within the core development phase, here it takes way more time to explain people what is needed than to just test it yourself.
When you're rolling something out to production and want to make sure that the last little bugs within different usage cases and configurations are squashed, sure you'll need testers, but not before.
But for now that's not the case, so it might be better to keep the unhelpful comments to oneself
KevinDixson said:
Well guys, looks like Xposed for 5.0 won't ever happen.
(To all you downers out there, its called a joke. Laugh about it. Next thread.)
Click to expand...
Click to collapse
Liar
So yeah. It will take more time, I still don't give any ETA, but I'm quite confident that we'll have something nice some day.
Click to expand...
Click to collapse
If you can't offer something better then be patient.
Primokorn said:
Liar
If you can't offer something better then be patient.
Click to expand...
Click to collapse
Just like the op stated.... Its a JOKE
He had 666 Followers and I thought it was funny and would lighten up a few peoples stress filled days. The only reason I saw this was because I was going through his posts and READING all of them to get an update as to where we stand.
KevinDixson said:
(To all you downers out there, its called a joke. Laugh about it. Next thread.)
Click to expand...
Click to collapse
I found it for you ^ since sometimes I know its REALLY hard to understand the concept of a joke.
KevinDixson said:
Just like the op stated.... Its a JOKE
He had 666 Followers and I thought it was funny and would lighten up a few peoples stress filled days. The only reason I saw this was because I was going through his posts and READING all of them to get an update as to where we stand.
I found it for you ^ since sometimes I know its REALLY hard to understand the concept of a joke.
Click to expand...
Click to collapse
Yep sorry I misread your post. I feel a little bit stressed with all this story lol
Anyways, 666 is the patience and Rovo the angel
Primokorn said:
Yep sorry I misread your post. I feel a little bit stressed with all this story lol
Anyways, 666 is the patience and Rovo the angel
Click to expand...
Click to collapse
Hahaha no worries bro just keepin the haters out of this thread :bruh:
just for waiting...
Hope xposed will be ported to lollipop eventually!!!
Hi guys! Yeah, I'm part of those 95% (I'm a lawyer), but I'm very grateful to rovo for his work. I have Nexus 5, but I'm still on Android 4.4.4 because of Xposed, and I'm not going to update to 5.0 until the new version of Xposed is done. You can see how important it is for me. @rovo89, I'm pretty sure that many people would pay you to complete your work. I understand that you have higher priorities and you are doing all of this for fun, but have you thought that you have almost 3 millions of downloads? If you create your team of software engineers and sell Xposed at 2$ (2€), you work on it every day for several months, and we assume that most of the current users buy your product, you will have enough money to pay your team and dedicate all of your time at what you want. It's just a suggestion of one of these 3 millions of users, that would pay more than 2$ and appreciate your work so much! Best regards from Spain!
rovo has said on multiple occasions that he won't take money for working on Xposed as he does not want it to become a job where he feels obligated to work on it full time.
He's working on it already. Offers of monetary gain won't make that work go any faster. Everyone will just have to be patient.
Sent from my C6603
We don't know if he is really doing on it (I hope yes but..) since we have no proofs (only claims) and no documentable code progress since August 2014. Plus, rovo89 was active here last year till August or so. Then he left.
If there are people who want work on it and have enough skills to port it, they should fork it and not wait. I saw some guys on github who want to work on ART port.
He flat out stated he would not post progress publicly either on GitHub or here and to wait until he had something worth publishing (that real contributors could help with) without bothering him. Comments on issues on GitHub do show he is/was working on it.
The real problem is that people are impatient and feel entitled to updates on progress, even though rovo explicitly stated that he wouldn't be doing that.
As for others *wanting* to work on it; nobody is stopping them forking the project and doing so. If they get it working then that would be fantastic and I'm sure everyone including rovo would be happy and grateful. That's the great thing about open source.
Sent from my C6603
1. Work hard to create something really, really useful.
2. Make it (and all the resources for re-creating it) available for free.
3. Millions of people use it.
4. Decide not to work so hard on it.
5. Get hounded day in and day out for months by thousands of people.
This is a classic example of "No good deed goes unpunished".
Rovo is a saint. In his shoes, I would have told all of the "hounders" to f**k off a long time ago.
In other words, people, learn how to be grateful, get off of Rovo's case, and move on.
.
This is sad, I would donate to help the dev, especially since all this is free
i'm a user and for me is normally this long time...the system of cache is completaly changed....and see it immediately in the booting process and the loading apps process.
Be patient!
Go On Rovo u can do that =)
I hope you are wrong
KevinDixson said:
Well guys, looks like Xposed for 5.0 won't ever happen.
(To all you downers out there, its called a joke. Laugh about it. Next thread.)
Click to expand...
Click to collapse
It is already 2015 and there is still no support for lollipop. It was working fine with jelly bean. I just installed a custom lollipop rom and I wanted to user xposed with greenify. It seems I have to wait and your saying will just be a conspiracy. You should really stop creating this kind of threads. Value people's creativity. That fact that, there is a delay doors not mean it will not be made. If for anything at all, give them some morale
Lollipop is a completely new system. The difference between KitKat and Lollipop is almost the same as between Windows 95 and Windows XP, if not larger... Lollipop looks like ordinary Android, acts like it, but it is NOT it...
Before I start saying anything and before anyone starts ranting or fighting or whatever I want to make one thing crispy clear: I don't want, under any circumstances, to fight or argue in any way with other developers, contributors, users, whatsoever nor do I want to claim anything as correct. I am anytime ready to accept it if I am proven wrong for anything. Show me a proof against what I said and I will accept it. I'm not claiming anything to be right what I'm saying, but as long as it is not proven wrong I'm assuming it is right. Of course some statements base on assumptions and guesses, hence there is no reason for ranting about something particular I said that I am not entirely sure of. I just want to get this out because it has been sitting inside of me for a while and this is the only way I can get it out without offending or insulting anyone.
A statement from my side regarding TWRP and ROMs for the OP5:
I have seen many device trees so far, and the "official" TWRP as well and I'm pretty disappointed to see people not wanting to work together. Of course there are exceptions, for example I have been working together with @benschhold and @gtpitch on TWRP as well as on ROMs and it has been a pretty good experience so far. But I have also seen @Dees_Troy releasing his own TWRP. I tried to contact him and whoever is behind TWRP earlier to get a working TWRP up and running and official. No response. At least I haven't seen anything. I am anytime ready to work together and build working stuff, but I'm not ready to see something that is exactly the same as I did (his TWRP literally has the same, if not more, issues than mine, as far as user reports have told us) and releases it as an official product which should have been tested and does not even fix the issues we have so far.
I know mine is unofficial and I have stated nowhere that this would be official but if you check the sources used for my recovery as well as take the user reports into consideration you will notice that none of the issues we currently have on the now latest recovery image, that is version 72, have been fixed in either mine or his recovery. I would have liked to work together with developers to build a stable, fully working custom recovery with as many parts of it totally free and open-sourced for anyone to inspect. Regarding authorship, I'm anytime ready to correct authors in case they are wrong. What I am not ready for is seeing others taking my work and putting it under their own authorship so that nobody will know about what I did and instead honor the non-existent work of others misleadingly causing the community to think I would have stolen the work from others.
As I already said, I am open to any corrections regarding this.
Another aspect is the custom ROM section. While it's all good and fine to see ROMs coming out for the OP5, none of these are actually stable and fully tested. They might have been flashed and booted up and roughly checked for functionality but not actually tested for quality (not claiming anything here). I really can see a race between ROMs, maybe even a war, everyone perhaps even stealing the work of each other and claiming to be first but of course saying it's super highly experimental and whatsoever.
Why is this happening? I know I have very low reputation for saying anything in this matter, even though I am lead developer and co-founder of a ROM. I don't want to claim that anyone stole my work, and I don't want to be showing examples as they might not even be right because some things can really be done by anyone without seeing what others did. But still, everyone is racing against each other, except for a few ROMs, and trying to say hey yo we brought this rom out for jellyburger super fast and we are the best... blablabla, whatsoever, make sure to decrypt, make sure not to do this not to do that, note this doesn't work.... I guess y'all get the point.
Why do people work against each other and not together? Just trying to be the best, the first, whatsoever? I mean it's cool when you are first and best but it's not cool pretending to be so and in reality just having taken a WIP tree from whatever github profile you just went on and saying your ROM is the first, while in reality you actually don't have any idea about what you are doing. Guys, really.... I appreciate when people do in fact help bringing up custom roms for the OP5, I admit that I also take advantage of that for building my own rom, but I also try to improve it, contribute to it, to make sure others have access to my work and using it without changing authorship. Of course many developers e. g. copy whole directories into their device tree instead of getting the whole commit history in, and, to some extent, that is more or less acceptable, because there is no really convenient way of doing so, but at least, when picking individual commits, do keep authorship. Thanks for your understanding and I hope this community does not become corrupted.
I'm open for a peaceful discussion in this thread, let's get it started!
Cheeseburger developers and testers who can provide logs shall join https://t.me/joinchat/AAAAAEN_kkG6_WJe8IlG2Q
nadejo said:
Cheeseburger developers and testers who can provide logs shall join https://t.me/joinchat/AAAAAEN_kkG6_WJe8IlG2Q
Click to expand...
Click to collapse
Is not a bad beginning, but there actually is a dev group, so in case anyone wants to work together with each other, let me know. (Developers only)
Sad but true how many ROMs for the op5 have there source in the op?
Surely it's better for all of us to work collectively towards building a better base
Sent from my ONEPLUS A5000 using XDA-Developers Legacy app
a g bell said:
Sad but true how many ROMs for the op5 have there source in the op?
Surely it's better for all of us to work collectively towards building a better base
Sent from my ONEPLUS A5000 using XDA-Developers Legacy app
Click to expand...
Click to collapse
Trees don't have to be equal but everyone should share contributions and help each other.
xdvs23 said:
Trees don't have to be equal but everyone should share contributions and help each other.
Click to expand...
Click to collapse
The general issue here is we all work opensource even if they are official teamwin they could just copycated your changes(im not saying this just assuming), dont want to insult anyone here but thats how it goes opensource projects are open and you cant change this, on the other hand they could actually start working on it legitely even if your recorvery is pretty stable(i would say 99%) they started it before but were able to get it to same point but later. As for now we need more developers in kernel section but i see you doing a good job keep it up my dude. :good:
MasterDomino said:
The general issue here is we all work opensource even if they are official teamwin they could just copycated your changes(im not saying this just assuming), dont want to insult anyone here but thats how it goes opensource projects are open and you cant change this, on the other hand they could actually start working on it legitely even if your recorvery is pretty stable(i would say 99%) they started it before but were able to get it to same point but later. As for now we need more developers in kernel section but i see you doing a good job keep it up my dude. :good:
Click to expand...
Click to collapse
The point is that it seems to be that they don't even care about their users. Don't quote me on that, as it might be wrong, but it seems to be that they simply just want to look down on other developers and be the big guys.
While I try to provide good support as much as possible, and release all my changes mostly individually, he simply gave it out once and every now and then might eventually look at the last 5 posts and maybe answer. I mean... I know he probably has alot of work to do but still. Released something officially without even checking for bugs. They say they make sure they provide quality but I can't see the quality there.
And for the other thing you mentioned... Most of the things they have in their tree really seem to be something that has been around for a longer time, but not actually made by themselves and just committed recently:
I don't really know why everyone tells to.keep authorship and maintaining a commit history and what not but end up simply copy and pasting the whole tree and commit that at once. Whatever. If this doesn't stop soon, I will start thinking about whether it is really worth doing this because from my point of view this is just looking down on me and releasing something that does not even work quite as well just to keep me away. I know I might be wrong anytime but this is what it feels like.
xdvs23 said:
The point is that it seems to be that they don't even care about their users. Don't quote me on that, as it might be wrong, but it seems to be that they simply just want to look down on other developers and be the big guys.
While I try to provide good support as much as possible, and release all my changes mostly individually, he simply gave it out once and every now and then might eventually look at the last 5 posts and maybe answer. I mean... I know he probably has alot of work to do but still. Released something officially without even checking for bugs. They say they make sure they provide quality but I can't see the quality there.
And for the other thing you mentioned... Most of the things they have in their tree really seem to be something that has been around for a longer time, but not actually made by themselves and just committed recently:
I don't really know why everyone tells to.keep authorship and maintaining a commit history and what not but end up simply copy and pasting the whole tree and commit that at once. Whatever. If this doesn't stop soon, I will start thinking about whether it is really worth doing this because from my point of view this is just looking down on me and releasing something that does not even work quite as well just to keep me away. I know I might be wrong anytime but this is what it feels like.
Click to expand...
Click to collapse
The next thing here is we shouldn't really assume anything cuz it might be making us look stupid, i would generally say to not care about what they do and i can say that most phones i had, used twrp from users there was no official ones and even if there was it wasn't functioning like other.
Right now how i see it is they opened a thread and called it official(i don't remember if they called it stable) and most users like official stuff so this generally looks funny from your pov, from mine too as i am self called open source developer and i know general ideas behind being open.
The only issue here i can see is that he doesn't respond to you soo it looks bad i really wouldn't assume anything cuz it can piss off a few ppl that's what i want to generally tell you to kindof watch out on the community around this because it already looks weird. If you want you can pm me with your telegram nickname and ill add you to a group where we work on a kernel fixing a small gelatinous issue some(me included) have. Would be for best if he answered to your pms soo you can have a talk and for now it looks like "stolen" work but at the same time we shouldn't assume stuff, for now i don't really know what to say on this whole matter it really looks quite weird and i don't like it too.
MasterDomino said:
The next thing here is we shouldn't really assume anything cuz it might be making us look stupid, i would generally say to not care about what they do and i can say that most phones i had, used twrp from users there was no official ones and even if there was it wasn't functioning like other.
Right now how i see it is they opened a thread and called it official(i don't remember if they called it stable) and most users like official stuff so this generally looks funny from your pov, from mine too as i am self called open source developer and i know general ideas behind being open.
The only issue here i can see is that he doesn't respond to you soo it looks bad i really wouldn't assume anything cuz it can piss off a few ppl that's what i want to generally tell you to kindof watch out on the community around this because it already looks weird. If you want you can pm me with your telegram nickname and ill add you to a group where we work on a kernel fixing a small gelatinous issue some(me included) have. Would be for best if he answered to your pms soo you can have a talk and for now it looks like "stolen" work but at the same time we shouldn't assume stuff, for now i don't really know what to say on this whole matter it really looks quite weird and i don't like it too.
Click to expand...
Click to collapse
Yeah that"s what I thought too but on the other hand, if you don't say anything, then nothing will change. Perhaps it won't change even after saying, but often it does.
You can add me to the telegram group if you want to, pm me the group link and I'll join but I can't promise to constantly be active there throughout the day.
xdvs23 said:
Yeah that"s what I thought too but on the other hand, if you don't say anything, then nothing will change. Perhaps it won't change even after saying, but often it does.
You can add me to the telegram group if you want to, pm me the group link and I'll join but I can't promise to constantly be active there throughout the day.
Click to expand...
Click to collapse
tru dat.
Do not ask for an ETA
Once the mods start getting onto people for asking, I'll take my dev work off site. I don't want to upset mods and admin over people being impatient.
I've been looking and root isn't available yet for the Snapdragon version. I've created root access for a few devices so far, be it years ago. I want root, so I've decided to start dev work on my own. Can't say how long it will take, or if I will be able to, but anyone that is willing to test or help, feel free to comment and say so, since help would be greatly appreciated. Testers are needed.
First off though, what advancements have been made so far? Several posts I've seen have dead links to data, so to start, I'll need to know what's been done already. No need to reproduce failed outcomes.
Reserved for future links.
drakaina said:
Do not ask for an ETA
Once the mods start getting onto people for asking, I'll take my dev work off site. I don't want to upset mods and admin over people being impatient.
I've been looking and root isn't available yet for the Snapdragon version. I've created root access for a few devices so far, be it years ago. I want root, so I've decided to start dev work on my own. Can't say how long it will take, or if I will be able to, but anyone that is willing to test or help, feel free to comment and say so, since help would be greatly appreciated. Testers are needed.
First off though, what advancements have been made so far? Several posts I've seen have dead links to data, so to start, I'll need to know what's been done already. No need to reproduce failed outcomes.
Click to expand...
Click to collapse
One guy flashed a combination version of the firmware and got the OEM unlock toggle to show on a SM-G960U. It switched on and off but I am not sure if it actually unlocked the bootloader or not. There is a TWRP already ported to the Snapdragon version as well, although only for the Chinese and Hong Kong version, it should work on our device if you can get the bootloader unlocked first. I have been scouring online and in the forums since the phone came out and that's all I nave found thus far. Im sure you already know these things, but I figured I would say it just in case you weren't aware. Hope you get it figured out! Good luck! ?
The only development I've heard of is one user claiming he got a diagnostic boot with SElinux permissive. (In the S9 root dev forum/thread) I also have a source who is NOT trying to be identified publicly because he works for google, but he informed me that "the android O build for SAMSUNG DEVICES, was developed with special instructions in it to automatically kick a KERNEL PANIC , if ANY app NOT on some internal White List attempts to access, modify, or send SU commands through any NOT LISTED app with those permissions granted already." ... now I'm not an Android level programmer, but I'm an old Linux dev/ penetration systems tester (lol) and from what I am gathering is that the patches or whatever that Samsung added to the O.S. also included an encrypted or hidden white list, which he says is VERY small, (as in number of items actually in the list) , but even he said they do not have any access nor knowledge of where they stored this. He did tell me that they delivered an incomplete or infant code for Samsung Snapdragon Model Note 8,9 and s8,9, and it was so crude that not only would it not compile because of missing crap Samsung deliberately did not supply them with... but he said that it was NOT lockable in that state, so Samsung either inserted their own locked kernel and whatever to create this B.S. broke down version of Android that is Root crippled. BUT the only clue he could give me was that "On no level can an E-fuse provide an unbreakable chain of trust, and that if an extreme modded were to actually break down the system board of an S9, they could in theory remove or add some sort of device that would bypass the Qualcomm Secure boot completely!" ... now this ain't a best friend or nothing so truthfully I'm surprised I got this much from him... but I've known who he was and that hes worked for Google nearly 12 years as a developer and software engineer. So I dont know if any of that info helps... but my contribution is that I can get my device (s9+ from Sprint USA Sm-g965U) replaced with little to no hassle, so I'm 100% willing to do any tests u need, providing that you give me at least a basic level of instruction, as to each set of commands or package u want me to flash. I'm pretty android savvy considering it's just a linux derivative... and I know Samsung 100% .. I've had every S - galaxy since day 1 . BUT throwing blind commands at my device that I have 0 understanding of their impact, makes me feel like a squirrel running across the freeway during rush hour! Plz Do me a favor and shoot me a private message and I'll give you my cell number and email so u can reach me quicker when you have something u need tested! Now please people don't berate me if something he said to me was not correct or you have different data to disprove what he said. I literally took notes by hand and had him confirm them, so I'm just the messenger/informant and u gotta realize that as a google employee, he #1 is partially not knowledgeable of ways to exploit the O.S. which is what the hackers come into play for. And make the developers work **** tons harder to FIX the hole the ****ed up in the 1st place! ? Lol... and #2. I did ask about the possibility of a $$$$ number he would take in order to provide an actual Eng-boot like that of the S8, and he said that "Those are developed by each individual corporation after they are provided the build source code", and that "google has no interest in possessing or archiving any such file because the O.S. does not need it to provide a developers version of the O.S., which is as far as Google goes in providing a new system to the companies.... so for something like that, reach out to one of the underpaid factories full of workers and I'm sure they would happily give you what you want for much cheaper than you imagine!" Ok that was very long winded but I wanted to cover all I could because I prob wont check this thread anymore.... plz PM me bro so I can get you my info ... and let's put this Flashing Guinea Pig (me) to work in getting this ***** at least hack rooted or maybe full!!!
Hello, i've just finished reading all above and from what I've read I can tell that not all hopes are lost as well I'm offering my help to be a (TESTER) for any attempts you wanna try, however, please note that I'm NO DEV just a user who would like to his phone rooted ASAP that's all, so please explain the commands that you would give me and the steps. plz PM me so I can get you my contact info
It ain't happening with the known exploits.
Ok, so far I have a few routes I plan to take that have worked on other devices. Working on the first, but not at the moment. The rude comment compelled me to post my own. Devs don't follow old ways of doing things so get that out of your head if you want to think forward, not backwards. I have found what could be an exploit in the rom itself that "might" be the starting point to get root access. This is NOT an ETA but hopefully we can start testing in the next few weeks.
I'll say it now, don't get overly excited a possible exploit has been found. I make no guarantee on it being THE exploit needed. Just be patient, and if you have insight on a way to attack this or another possible exploit, do say so.
If anyone knows of the bootloader partition already having been copied, post a link. I share mine at the moment so I don't always have it around, so any of the bootloader data would help greatly.
drakaina said:
Ok, so far I have a few routes I plan to take that have worked on other devices. Working on the first, but not at the moment. The rude comment compelled me to post my own.
Click to expand...
Click to collapse
I saw no rude comment, just a dose of reality for you, a little thin skinned are we?
You're continuing to be rude and attempting to derail the point of the thread. Meh, I'm getting back to work since it not good to feed trolls.
Pretty sure placeholder threads are not allowed on XDA...
I am making presence known now. I will be watching this closely
Technicly this thread don't even need to exist right now.
drakaina said:
Do not ask for an ETA
First off though, what advancements have been made so far? Several posts I've seen have dead links to data, so to start, I'll need to know what's been done already. No need to reproduce failed outcomes.
Click to expand...
Click to collapse
Myself and a handful of other people involved in us snapdragon s8/s8+/n8+ took a brief crack at it a little while ago to no avail. I don't want to go into too many details on here as 1) Samsung is watching surely and 2) the contents from the peanut gallery get old quick but here are the cliff notes. Feel free to pm me here or on telegram for more details. (Backstory on me, I created samfail which was the first/only n8 root method and the second for the s8/s8+ and the only published one beyond bootloader v1.
- samfail is 100% patched. No known way to modify system
- you can't mix combo boot with stock images anymore. Samsung got wise to that. Figured out how to track it if we can force write a system image
- there is a ton of new system level security because they had to move out of the boot image due to treble. Probably the first big nail in the coffin I'm.
- don't waste your time on the oem unlock toggle in the combo/factory rom. No it doesn't unlock the bootloader. The us snapdragons don't respect it's value outside of turning off frp, but that was with the s8 idk if it is still true on the s9.
- the other poster is right about the anti root thing. It's in the open source kernel code. If anything being exexuted under uid 0 matches a list of common/known root mods/not stuff that is supposed to be there, instant kernel panic. Things like "binary is called BusyBox" are on that list.
This was the point I gave up. Partially because I don't have the device so testing is extremely difficult (I wised up this year and purchased a intl. Snapdragon sm-g9650 which has full oem unlock just like the exy).
In sure there's things in forgetting right now and again, being too transparent here results in root method bring patched faster, hit me up if you want more brain dump
drakaina said:
You're continuing to be rude and attempting to derail the point of the thread. Meh, I'm getting back to work since it not good to feed trolls.
Click to expand...
Click to collapse
Although I have seen a lot worse on these threads, his comment was pretty negative, which is what we do not need in this thread. I wish people would just keep their thoughts to themselves if they have nothing to add to the discussion. I also will test so let me know if there is anything I can do to help.
i also have a g965u and have been trying various mwthods to no avail at this point.. we need new exploits to be found.. all the obvious stuff will not work
It is because of this is why I will never buy another Galaxy phone. I need root.
zzEvilGeniuszz said:
It is because of this is why I will never buy another Galaxy phone. I need root.
Click to expand...
Click to collapse
Just don't buy snapdragon, the Exynos S9s are unlocked
*Detection* said:
Just don't buy snapdragon, the Exynos S9s are unlocked
Click to expand...
Click to collapse
You cannot buy Exynos from a carrier. You have to buy directly from Samsung for that. I know because I requested a Exynos variant. Sprint said they couldn't (or wouldn't) give me one.
edit: nvm not worth it.
zzEvilGeniuszz said:
You cannot buy Exynos from a carrier. You have to buy directly from Samsung for that. I know because I requested a Exynos variant. Sprint said they couldn't (or wouldn't) give me one.
Click to expand...
Click to collapse
i talked to samsung a couple months ago before i got my s9 and they told me they wont sell you one directly with the Exynos. I was going to get the s8 with the exynos if they would of sold me one. They wouldn'ty so i bought a tmobile s9 with my carrier.
has anyone been able to reboot phone into edl mode?