Related
First off, I want to apologize if this information is either or both regurgitated and irrelevant.
I was looking for information on eMMC, and there really isn't much, and I found an old article that describes how data reliance works with eMMC. At least a cursory look.
One of the features of Reliance (and Reliance Nitro) file system is that it never overwrites live data. It will always use free space on disk or in case there is no space, it will give “disk full” error back to the application. Reliance also has a special transaction mode called “Application-controlled”. In this case, Reliance only conducts a transaction point when asked by the application.
Click to expand...
Click to collapse
Full article here. Information about integration with embedded linux, here.
What struck me was the "Application-controlled" part. It would explain the technology that is undoing changes to /system when the system kills the temp root. I wonder if its possible for temp root to trigger the "commit" function of reliance once some small changes have been made...
Hope this is of some use.
CyWhitfield said:
First off, I want to apologize if this information is either or both regurgitated and irrelevant.
I was looking for information on eMMC, and there really isn't much, and I found an old article that describes how data reliance works with eMMC. At least a cursory look.
Full article here. Information about integration with embedded linux, here.
What struck me was the "Application-controlled" part. It would explain the technology that is undoing changes to /system when the system kills the temp root. I wonder if its possible for temp root to trigger the "commit" function of reliance once some small changes have been made...
Hope this is of some use.
Click to expand...
Click to collapse
Just an FYI, system is an EXT4 FS. This would require not only a custom kernel, but a lot of one offs in the way it's dealing with data. From what I've seen, this isn't what they are using.
But that's a very good find, I am looking into some of the information. Never heard of this before.
Thanks for the info. I would love to find out more about how this memory technology works. More articles are welcome!
Isn't that basically just wear leveling?
Is your name Ben? Or are you perhaps searching on this because of a post that Ben made on HTC? His claim was that even with an unlocked bootloader, that the eMMC could still be locked and prevent us from getting root. This seems far fetched to me.
edufur said:
Is your name Ben? Or are you perhaps searching on this because of a post that Ben made on HTC? His claim was that even with an unlocked bootloader, that the eMMC could still be locked and prevent us from getting root. This seems far fetched to me.
Click to expand...
Click to collapse
In all reality, I'm thinking this is the eventuality. Sprint knows that with root access we can circumvent the WiFi tether that they want to charge you for. They would never be OK with that.
Sent from my PG86100 using Tapatalk
Just an FYI, system is an EXT4 FS. This would require not only a custom kernel, but a lot of one offs in the way it's dealing with data. From what I've seen, this isn't what they are using.
But that's a very good find, I am looking into some of the information. Never heard of this before.
Click to expand...
Click to collapse
Given that you have taken a much closer look at the inner workings than I have, I will defer to your observation with a caveat
According to wiki eMMC supports something called Reliable Write. This suggests that the reversion capability is a part of the eMMC standard. Reliance sounds more and more like a commercial implementation of this function decoupled from a specific media type. After looking it over again, nowhere in the article about Reliance is eMMC mentioned.
Isn't that basically just wear leveling?
Click to expand...
Click to collapse
Wear leveling is a byproduct of what reliable write is doing. The difference is the ability to defer commitment of file system changes, so that a failed system update wont brick the device.
I do not know if changes made to the device are immediate and revertable (i.e., if eMMC is not told to commit a write, the changes just "go away" when its remounted). Nor do I know if reversions can be made on the fly, as we are experiencing when temp root gets deactivation.
There really isn't much information out there about this that is easy to find.
Is your name Ben? Or are you perhaps searching on this because of a post that Ben made on HTC? His claim was that even with an unlocked bootloader, that the eMMC could still be locked and prevent us from getting root. This seems far fetched to me.
Click to expand...
Click to collapse
Neither. eMMC isn't "locked" per se. HTC is using some mechanism that will revert the contents of /system to a prior state when some unknown condition is met. I do not mean to suggest that this is being done through "reliable write" or "Reliance", since it has already been pointed out by someone much more knowledgable on the subject than I that a standard EXT4 file system is being used. I honestly have no idea. I found this information somewhat by accident, and thought that if it could prove useful I should share it here.
Something is dynamically protecting the contents of /system. Once the phone is rooted, I have no doubt that this "something" will be rendered quite impotent. If it were not possible to do so in the first place, OTAs wouldn't work
Sprint knows that with root access we can circumvent the WiFi tether that they want to charge you for. They would never be OK with that.
Click to expand...
Click to collapse
The first part of your statement is true, Sprint knows full well that we can circumvent their attempts to charge us for WiFi tethering with root access. They have known this for years. They also know that in reality there is no way they can completely prevent someone from tethering their phone in one way or another. Even without root access. Ref: PDANet.
In my opinion, this protection of the eMMC contents was designed to reduce support costs from failed OTA updates bricking phones, and perhaps as protection against malware that can attain root, not unlike what Temp Root does.
I am not as paranoid as some here and refuse to accept that this was done specifically to thwart efforts to root the phone. The vast (and i mean VAST) majority of people who buy this phone will never even consider rooting the devices. This same majority has a subset of people that are easily stupid enough to screw up an OTA update or download and install malware.
I will take it a step further and opine that the only reason HTC is unlocking the bootloader is because we are such a minority AND that by tinkering with an unlocked device, we are actually helping HTC improve their product. They would rather have a more appealing facebook page than worry about losing a minuscule fraction of wifi tethering income.m Moreover, take a good look at where Sprint stands in the market, and what they have done recently to improve their position. They are doing a lot of really cool things, and have taken impressive steps to improve customer service and corporate image. That they would allow this bashing of HTC to continue unabated over a handful of tethering dollars is unlikely.
I appreciate your canter, very informative. A thanks will come your way.
Sent from my PG86100 using Tapatalk
Does pdanet allow wireless tether? I didn't think it did.
Sent from my PG86100 using Tapatalk
Nutzy said:
Does pdanet allow wireless tether? I didn't think it did.
Sent from my PG86100 using Tapatalk
Click to expand...
Click to collapse
It doesn't act as a hotspot, no.
Sent from my PG86100 using XDA App
Nutzy said:
I appreciate your canter, very informative. A thanks will come your way.
Sent from my PG86100 using Tapatalk
Click to expand...
Click to collapse
Much appreciated!
Sent from my PG86100 using XDA App
So, I would be interested in hearing more thoughts on this. Is the eMMC independent of the OS? In other words, would a custom ROM have to obey and work with the eMMC? Or could a custom ROM be made to either disable the eMMC or make it do what we want?
edufur said:
So, I would be interested in hearing more thoughts on this. Is the eMMC independent of the OS? In other words, would a custom ROM have to obey and work with the eMMC? Or could a custom ROM be made to either disable the eMMC or make it do what we want?
Click to expand...
Click to collapse
I think you're misunderstanding this. The eMMC is the memory inside the device that everything is stored on. It replaced the old NAND chips in older devices.
The OS is stored & runs off of eMMC memory, it's not independent. If you were to 'turn off' the eMMC the device would do nothing. A lot of the security features available on the chip itself probably aren't in use. HTC has been using their own form of write protection since early last year, even on the NAND based Evo 4G. I'd stake a bet they're using the same system here, and we just need to find a way to flash the ENG bootloader like we did last year to get around it.
I agree with you. reliance is setup to ward against "unauthorized" changes to the /system partitions. i believe the developer community takes way too deep a look at each action made by a corporation (htc) and view them as "big brother", when infact most changes are actually approved, reviewed, and committed by someone in accounting with no technical skills whatsoever. these people are forced to look at the bigger scheme of things and make a decision about it (after working for sprint for almost 2 years now...i can tell you how many decisions are literally made by someone who has no idea what the heck he is making decisions on).
instead of looking at them "trying to stop the development community from unlocking wireless tether" look at them as a CEO (who most of the time has no technical knowledge) and a PR rep (who really only cares about how their company is viewed) and using this kind of encryption is only there to "safeguard" their devices against attacks.
one would think the secret to perm rooting the device is triggering the reliance write function so it commits the changes instead of reloading them. if /system doesnt get changed unless theres an OTA of some sorts....theres more than likely a hash table that reliance would check against to verify...so an OTA would need to write to that table first, then make the changes....
more than likely some other noob has already said something along those lines and been flamed for it as well...just throwing it out there....
newkidd said:
.........
one would think the secret to perm rooting the device is triggering the reliance write function so it commits the changes instead of reloading them. if /system doesnt get changed unless theres an OTA of some sorts....theres more than likely a hash table that reliance would check against to verify...so an OTA would need to write to that table first, then make the changes....
........
Click to expand...
Click to collapse
that stuck out in bold to me..... hmmmmmm
I probably was overlooking what eMMC was, however based on the links the user gave, I later learned a little more about its potential. It would appear that HTC is doing something along the lines of the operations expressed in the link. And if they are not fully replicating efforts, it would be a shame. I like the concept of wear leveling and efficient read/writes. It would be my hope that we could integrate all those functions within a custom rom.
I found a page on the Micron site on eMMC. In the tech notes section there are informational downloads for just one chip. Specifically, the Qualcomm QSC6695
You have to register to download them. A process I have already started. Their site claims it takes a half hour to register a new account.
Once I have the PDFs, I will attach them to the OP.
I don't know if this is the chip the evo 3d is using, but if it is these may prove beneficial to have.
EDIT: Nevermind. i'd have to sign an NDA first.
EDIT: Although, this looks interesting.
Geniusdog254 said:
A lot of the security features available on the chip itself probably aren't in use. HTC has been using their own form of write protection since early last year, even on the NAND based Evo 4G. I'd stake a bet they're using the same system here, and we just need to find a way to flash the ENG bootloader like we did last year to get around it.
Click to expand...
Click to collapse
Perhaps, but a hint at the design really tells me that it would only make sense to offload this protection to the eMMC. Posted a link just a minute ago with the eMMC "enablement" model in PDF form. Interesting read...
CyWhitfield said:
I found a page on the Micron site on eMMC. In the tech notes section there are informational downloads for just one chip. Specifically, the Qualcomm QSC6695
You have to register to download them. A process I have already started. Their site claims it takes a half hour to register a new account.
Once I have the PDFs, I will attach them to the OP.
I don't know if this is the chip the evo 3d is using, but if it is these may prove beneficial to have.
EDIT: Nevermind. i'd have to sign an NDA first.
EDIT: Although, this looks interesting.
Click to expand...
Click to collapse
VERY interesting link & read for sure
CyWhitfield said:
The first part of your statement is true, Sprint knows full well that we can circumvent their attempts to charge us for WiFi tethering with root access. They have known this for years. They also know that in reality there is no way they can completely prevent someone from tethering their phone in one way or another. Even without root access. Ref: PDANet.
In my opinion, this protection of the eMMC contents was designed to reduce support costs from failed OTA updates bricking phones, and perhaps as protection against malware that can attain root, not unlike what Temp Root does.
I am not as paranoid as some here and refuse to accept that this was done specifically to thwart efforts to root the phone. The vast (and i mean VAST) majority of people who buy this phone will never even consider rooting the devices. This same majority has a subset of people that are easily stupid enough to screw up an OTA update or download and install malware.
I will take it a step further and opine that the only reason HTC is unlocking the bootloader is because we are such a minority AND that by tinkering with an unlocked device, we are actually helping HTC improve their product. They would rather have a more appealing facebook page than worry about losing a minuscule fraction of wifi tethering income.m Moreover, take a good look at where Sprint stands in the market, and what they have done recently to improve their position. They are doing a lot of really cool things, and have taken impressive steps to improve customer service and corporate image. That they would allow this bashing of HTC to continue unabated over a handful of tethering dollars is unlikely.
Click to expand...
Click to collapse
I completely agree with all of that. Other carriers have taken many steps to try to prevent wireless tethering. They've asked google to filter certain apps from the market from their customers, they've sent out letters to their customers who they suspect of tethering, they've used ECM's to try to stop it.
But Sprint...they've been remarkably silent on that front. Hell they don't even seem to plan on putting any usage caps in place. In my opinion, I suspect that Sprint wants to be different from the other carriers. They can't outright allow tethering because people would go nuts with it and it would saturate their network. Instead they have this approach of telling you that you can't do it without paying extra, but they look the other way when you do.
I don't know if I fully agree on why HTC locks the phone so tight though. I mean they really went out of their way to make sure nobody touches it. There could have been far more simple countermeasures in place to prevent malware yet still be open to somebody who has physical access to the phone.
It can't be that Sprint insisted on it being that way, otherwise Sprint would have insisted that the Nexus S be fully locked, so I don't believe that this is a carrier issue at all, at least not as far as the Evo 3D is concerned.
One of my suspicions is that HTC may make a profit off of having certain apps installed, much in the way that PC OEM's get paid to preload different apps (e.g. norton.) It could be that they want to make sure that you can't remove them. However that profit they make off of these apps may be significantly offset by having a really negative facebook page, hence the decision to unlock.
Hard to say really.
This is a quote from the Sprint forums. I happened to subscribe to the thread and got this through e-mail:
I have seen first hand the current level of protection HTC has built into the device, and it is impressive. Should some rogue software use an exploit to obtain root, and make changes to the /system partition, the system detects this, revokes the root priveledge from the process that obtained it, then reverses all changes to /system. The technology behind part of this is a feature of eMMC called reliable write. A write-up on a commercial adaptation of this is http://blog.datalight.com/doing-in-place-os-updates-for-embedded-devices here. This sounds ideal for ensuring that a failed OTA update won't break the phone, and protection against malware and the like, but it also makes it impossible to flash roms or make other customisations to the core of the phone.
Click to expand...
Click to collapse
-Posted by some guy named MS072467
Here is the link to the original discussion on Sprint.com:
http://community.sprint.com/baw/message/313016#313016
Wow is all i can say thatrs really involved thanks a lot HTC (eyes roll)
Sucks for root but makes the phone much safer from malware.
Seriously, it's a piece of brilliance as far as system security goes, and I hope we can continue to use it to our advantage once we've cracked the phone open, as it's a great idea. The problem is not that the system reverts writes, it's that we can't tell it what writes are good. We're locked out of our own devices, and the built-in security measures are being used against the owners. That's not good.
canteenboy said:
Sucks for root but makes the phone much safer from malware.
Click to expand...
Click to collapse
Malware is really that big of a problem to warrant a complete lock-down of the phone? Been using Android for over a year, downloading any app I felt like, and never once had a "virus" take over my phone.
Mike
mikeyxda said:
Malware is really that big of a problem to warrant a complete lock-down of the phone? Been using Android for over a year, downloading any app I felt like, and never once had a "virus" take over my phone.
Mike
Click to expand...
Click to collapse
Does that mean we ignore system security? Malware might not have been a serious problem before, but you throw something like this in, and it all but guarantees that it will continue to not be a problem for some time to come.
Again, the problem here is not that the phone is locked down, the problem is that the owners didn't get the key when they bought the property.
I honestly dont see this as a big saving grace. After all, most malware is likely to come in the form of rogue legit looking apps like a keyboard that could log our passwords without needing root.
IMO they weren't thinking of malware when they implemented this, they were thinking of xda!
Sent from my PG86100 using XDA Premium App
naw they were more thinking about how much $$$ they would save from being able to effectively push a software update correctly the first time...
if they were really that worried about keeping "xda" out of the phone they wouldnt be unlocking bootloaders. i cant even begin to tell you how much easier my job would be if i didnt have to replace one more device because they did an update and now their phone doesnt work.
sn0b0ard said:
This is a quote from the Sprint forums. I happened to subscribe to the thread and got this through e-mail:
-Posted by some guy named MS072467
Here is the link to the original discussion on Sprint.com:
http://community.sprint.com/baw/message/313016#313016
Click to expand...
Click to collapse
That would be me I started a similar thread on the subject here. It was moved to General from Dev some time ago.
Just to clarify, Reliable Write being the culprit was just an assumption, based on what we all see happening when /system reverts, and that it would be the most logical mechanism for performing the reversions, given that it is a feature of eMMC to begin with.
There was a dev who replied to the original thread that disagreed, and thought it may be a proprietary emulation of similar technology.
I contacted Micron to get permission to view the documentation of the technology but never received a reply.
sn0board - Many thanks for the helpful info.
The Shift uses eMMC and we had perm root after a fairly short time - lotta work (tip of the topper for the many who worked that) - but we got it.
http://forum.xda-developers.com/showthread.php?t=932153
I wonder if they'd implemented that feature for the Shift - visionary or z4root provide workable temp root without the difficulties here.
CyWhitfield said:
That would be me I started a similar thread on the subject here. It was moved to General from Dev some time ago.
Just to clarify, Reliable Write being the culprit was just an assumption, based on what we all see happening when /system reverts, and that it would be the most logical mechanism for performing the reversions, given that it is a feature of eMMC to begin with.
There was a dev who replied to the original thread that disagreed, and thought it may be a proprietary emulation of similar technology.
I contacted Micron to get permission to view the documentation of the technology but never received a reply.
Click to expand...
Click to collapse
Ahh makes sense now. The more information we can get on the protection mechanisms behind eMMC and the Evo 3D, the better.
It's odd that they keep moving these posts that talk about the protection of the eMMC. I mean, if we can't disable this write protection, then how are we going to develop ROMs for it in the first place?
sn0b0ard said:
Ahh makes sense now. The more information we can get on the protection mechanisms behind eMMC and the Evo 3D, the better.
It's odd that they keep moving these posts that talk about the protection of the eMMC. I mean, if we can't disable this write protection, then how are we going to develop ROMs for it in the first place?
Click to expand...
Click to collapse
Given that arguably the largest obstacle to loading the ENG bootloader is this eMMC protection, I don't understand how its considered irrelevant to development either.
In a way, I hope it is irrelevant. I hope its easier to break this thing than what I have read in the articles I posted would suggest.
eMMC JEDEC standard
I'm not sure who makes the eMMC chips in our phones even though I heard someone say Micron, but I would assume the support or use JEDEC standards which attempts to standardize environment, data handling and such. I am not sure what the current standard is even though I think it is 4.41. Here is an interesting pdf on mapped commands and bit setting used to handle the writing of data to eMMC. Standard in this PDF is 4.4.
http://rere.qmqm.pl/~mirq/JESD84-A44.pdf
Jason0071 said:
I'm not sure who makes the eMMC chips in our phones even though I heard someone say Micron, but I would assume the support or use JEDEC standards which attempts to standardize environment, data handling and such. I am not sure what the current standard is even though I think it is 4.41. Here is an interesting pdf on mapped commands and bit setting used to handle the writing of data to eMMC. Standard in this PDF is 4.4.
http://rere.qmqm.pl/~mirq/JESD84-A44.pdf
Click to expand...
Click to collapse
Interesting find
We have three options.. the second being most probable.
One:
I've spent the better part of the last few days trying to figure out how to root this device. I've gotten down to the fact that we can add most .zip files into our recovery and it'll try to run them.
Sadly.. they are all unsigned (except for the asus official ones) as i do not have the private key and i've searched with a hex editor on that zip for ANY clues for many hours.. i have given up hope on that. We need to get an unlocked BL that allows unsigned APKs.. or the key..then i could create an app to just make it so much easier! but alas..
Second Option
Pray the devs at androidroot.mobi want to work on the TP and get NVFLASH working. This is the most probable way..it would allow custom roms to be flashed.. to which we have incorporated root.. then we could throw CWM into the recovery partition and we're golden
Third Option
Someone another hole (like the gingerbreak method) is found in ICS
Anyone else heard anything?
I read the blog at androidroot.mobi, and I am not encouraged.
No one gives me grief if I OC my home PC, no one says anything about any warranty being voided if I install my own software, and that's even on the closed architecture brand names (HP, Compaq, Dell, etc) if I'm stupid enough to buy one.
So I see this as nothing but a power/money grab by this industry. Sure, all other mobile devices have had proprietary, closed source, OSs on them until Android.
But it's not that way any more. And I'm seriously wondering if a class action lawsuit can set this straight.
Screw saying "Mother, may I?" on something I paid $500 or more for. Or paid $10 or less for, for that matter. It's a matter of principle at this point.
They are in a particularly weak position on a wifi tablet; at least they could argue for phones that carriers were subsidising them and wanted control for that reason, but there's little case for it here. The RazorClaw exploit should have been fixed since it could have been used for malware, but flashing new firmware is a pretty deliberate act. I'm sure the objections are that they don't want to support devices bricked by tinkering, but I imagine most would be fine with that being considered to be at your own risk.
HTC show that it's possible for companies to be persuaded to unlock the bootloader, of course, if there's enough pressure... not saying that's necessarily likely with Asus though.
I really hope this can be resolved or these guys are able to find a way around it again. It seems really silly why I can't load whatever I want on it...
I just purchased one of these and if it can't rooted and rom'd, I guess it'll be going back to BestBuy.
we still have to give it time. this product literally just rolled out. also add to the fact that its very hard to get one since in such high demand. have to give developers/hackers time to mess around with this. it hasn't even really been a full 2 weeks since anyone had this in their possession. with a device as powerful as this, we can count on root being available sooner than later. once it does, would be well worth the wait. 4 overclocked cores to 1.8-2Ghz a piece or more oh the joys...lol optimized roms, optimized/increased power on GPU CM9
It's the latest and greatest android device on the market.... if it doesn't get root something is very wrong lol
My SGSII HercuDom needs more w00t. It always needs more w00t!
So this is my first foray into the android tablet scene, but been using android phones for awhile now. Does the TFP have an encrypted bootloader?
Cm9 would/will be sweet but I'd flip for a tab opted miui rom on the prime.
BixBix78 said:
Cm9 would/will be sweet but I'd flip for a tab opted miui rom on the prime.
Click to expand...
Click to collapse
Initially, my reaction to MIUI was "if I wanted that interface, I'd buy a product with iOS". But then I used it on my phone for a while, and was completely sold. The battery life was astounding on my Thunderbolt. The *huge* amount of themes available for MIUI, all of which change the entire aspect of the interface (not just icons and the dock), really sold me. Plus, it was smoother than any other ROM I had tried to date, including CM7.
I would be absolutely stoked to have MIUI running on the Prime...
Col.Kernel said:
It's a matter of principle at this point.
Click to expand...
Click to collapse
Exactly. (I don't know about a class action suit but...)
This is my machine. If I want to change the name of a folder I should be allowed to. I want to see all files. Don't hide them from me. I am an admin of my own devices and I don't appreciate being treated like a luser.
demandarin said:
we still have to give it time. this product literally just rolled out. also add to the fact that its very hard to get one since in such high demand. have to give developers/hackers time to mess around with this. it hasn't even really been a full 2 weeks since anyone had this in their possession. with a device as powerful as this, we can count on root being available sooner than later. once it does, would be well worth the wait. 4 overclocked cores to 1.8-2Ghz a piece or more oh the joys...lol optimized roms, optimized/increased power on GPU CM9
Click to expand...
Click to collapse
+1 cm9 on this device overclocked to 2.0 = mind f**ked
tylermaciaszek said:
+1 cm9 on this device overclocked to 2.0 = mind f**ked
Click to expand...
Click to collapse
I'm drooling over the thought of overclocking this quad-core to 2.0ghz. Will need some way of having a permanant charging cable connected though .
tbns said:
I'm drooling over the thought of overclocking this quad-core to 2.0ghz. Will need some way of having a permanant charging cable connected though .
Click to expand...
Click to collapse
Depends how the room is optimized will certainly need battery tweaks and such but yes I'm drooling over it to
i dont know much about the rooting with androod devices but is there anything really different about the prime that qould make it more difficult to root then other devices? And if so has there been any other devices like it before thats been able to get rooted?
BongoBong said:
i dont know much about the rooting with androod devices but is there anything really different about the prime that qould make it more difficult to root then other devices? And if so has there been any other devices like it before thats been able to get rooted?
Click to expand...
Click to collapse
Secure boot loader which seems to handle all of the writing to system partitions. but there isn't much info about. It's not clear to me what level of escalation is possible at all without finding exploits.
Has anyone tried to root with Razorclaw and then install Voodoo OTA RootKeeper before the update?
phunk311 said:
Has anyone tried to root with Razorclaw and then install Voodoo OTA RootKeeper before the update?
Click to expand...
Click to collapse
Before the update it was rootable after the update its not
phunk311 said:
Has anyone tried to root with Razorclaw and then install Voodoo OTA RootKeeper before the update?
Click to expand...
Click to collapse
Quite a few posts about this. Been tired, only work son select few Primes that had shipped to reviewers and other lucky few. As far as we know all Primes sold now are shipping with OTA that is not rootable.
On TF101 you could install older update in order to make it rootable. But I suppose if there was none before the (yet) unrootable one, there is no update to try it. I'm not goint to buy a device with Android that is not rootable. Especially now when ICS is open sourced.
we dont have any older updates available for us
the update patched the method it was using to root in the first place
The thread that Adam and others are using for development level conversations about the unlocking of the bootloader is awesome, but it goes over the head of many of us enthusiastic noobs.
This thread is so that we can try and move our questions and confusion to here so as to un-clog the other thread.
It looks like the only way to bypass the bootloader we have seen so far, is to perform a hardware mod. After the hardware mod, we should be able to boot from SD or reinstall the ROM.
Discuss!
If i first get to have the chip from outside USA i surely will go for it, if its totally worthy.
Really, for me, it depends on just how involved the hardware mod is---whether it requires soldering and such.
Sent from my rooted Nook Tablet using Tapatalk 8)
I wouldn't mind doing it myself, no matter the level of difficulty. Also a send-in service by some 3rd party company (N2A comes to mind). We'll see what the success rate is, and what can be done.
I already opted for $50 more than the KF, then another $40 for a 32gb sd card... i cant see spending even mor eto buy the mod chip. At that point, i shouldve bought a better tablet.
I'll wait on a software bypass, it'll get here eventually.
Plus, i have no interest in linux. I doubt i even need ICS, but if it comes and its free... why not?
From what I have read so far the hardware mod would not be challenging or expensive. Two screws and 4 solder points. According to Adam the chip is only $3 USD, and I would assume that it could be programed with a printer port.
I already opted for $50 more than the KF, then another $40 for a 32gb sd card... i cant see spending even mor eto buy the mod chip. At that point, i shouldve bought a better tablet.
I'll wait on a software bypass, it'll get here eventually.
Plus, i have no interest in linux. I doubt i even need ICS, but if it comes and its free... why not?
Click to expand...
Click to collapse
I think the cost of the SD is irrelevant. You would have to do this with any tablet, and if your comparing to the KF then this one section of your argument is even more so invalid.
The mod chip also looks like it will be very inexpensive.
EDIT: I highly doubt ICS will be released for our tablets by B&N ever... So we will be waiting for someone like the CM team to get it working for us.
The hardware mod interests me even if solely as a way to learn a bit about embedded security. I do find it unsettling that I can't install linux on my linux computer.
I don't want to be dependent on having a boot sdcard installed at all times. A hardware modification is good ONLY if it leads to PERMANENTLY disabling the anti-hack mechanism so that the hardware modification doesn't have to be performed again every time the device is booted up.
I would accept precisely this;
Plug in some device,
Boot on sdcard,
Modify the secure boot process WITHIN DEVICE STORAGE (not within RAM),
Remove device,
Store on shelf until it is needed for another hacking project.
There are multiple options for modification of the secure boot process, in particular, replacing the signing keys stored on the device allowing us to use OUR OWN signing key to satisfy the secure boot process. Another option is to eliminate the signature check. I believe that the former will be simpler since it is just a DATA modification rather than reverse engineering.
I wonder if the hardware has an equivalent of "S-OFF" that HTC phones have? As I recall, on most HTC phones, there is a ONE BYTE EDIT that has to be made within one partition of the eMMC to TOTALLY disable all of the device's bootloader sig checks and hardware write protect. The issue was that the partition in question would be hardware write protected. Presumably, with the hardware modification for NT, a similar state *should* be achievable.
The_Joe said:
Would you hardware mod your NT?
Click to expand...
Click to collapse
Absolutely not!
I also wouldn't because you never will get your in the same condition as it was before you opened it and everybody can see that you did something to the device. You also don't have warranty anymore after that process.
Sent from my SGH-T989 using Tapatalk
Pete1612 said:
I also wouldn't because you never will get your in the same condition as it was before you opened it and everybody can see that you did something to the device. You also don't have warranty anymore after that process.
Click to expand...
Click to collapse
Whaaaaa???
Unlike you, most intelligent people will select jeweler's tools to open something like this rather than a crowbar and a sledgehammer.
Further, most people would actually perform the modification using a temperature controlled and grounded soldering iron, rather than an acetylene torch, thus no damage caused even internally.
As far as warranty goes, it is EASY to restore it to factory condition, unless you use the Neanderthal approach to hardware modification, in which case warranty provision is determined by YOUR HONESTY to only warranty it for something that YOU DID NOT CAUSE (in which case there is no morality issue to be worried over).
I also wouldn't because you never will get your in the same condition as it was before you opened it and everybody can see that you did something to the device. You also don't have warranty anymore after that process.
Click to expand...
Click to collapse
Soldering is not that big a deal once you have developed the touch. I am fairly certain that I could solder the four wires required for this chip and then later un-solder them and no one would be able to tell.
It's a great device regardless of installing a ROM. I just rooted it and installed the gapps and OTA block. I still have all the B&N stuff and everything work fine. I have all the apps loaded I want (that make sense without gps and 3g) and I WOULD hardware modify this puppy in a heartbeat to get back what I have if B&N happens to force an OTA through that took away root.
I have been having a lot of fun trying lots of different apps and schemes. The hardware mod is easy and I have already taken it apart and looked at where the soldering goes and it is back together without a hitch.
Big hand to the devs who are doing their thing so we can do ours.
Bill
Oh yes, I'm sure he had a rock and mallet in mind for the modification. How neanderthal of him to suggest that hardware modification is well out of his, and many other's, reach.
It's easy to unroot. I doubt physically messing around with the internals using any manner of ultra sophisticated museum art thief tools will leave behind changes that are unnoticeable.
Duely blundered from my thunderdolt
I would do it just to do it. I am one of those guys that just like to mod stuff for the hell of it. No, I'm not very good at creating any of the mods, but if it will make my experience better and it's not rocket surgery, I'm game.
As for the warranty issue and opening up the case, it really doesn't look like its that big of a deal. I am guessing that with a set of precision screwdrivers and a guitar pick it can be opened simply and be very nearly undetectable. Besides, if I am going to open it and solder it, I am not worried about the warranty anyway. If someone IS worried about it, then they shouldn't be doing anything that will void it.
JM2C
Would unlocking the phone allow you to add "DUN" as an APN protocol? Or would I need to wait for root or a factory image to come out?
If it's like the old Motorola Cliq's ( yeah I'm old) you had to have root and a custom recovery.
I'm not sure if this article is useful but it looks like what you're looking for.
https://help.ivanti.com/mi/help/en_...Content/DMGfiles/Using_Custom_APN_with_Sa.htm
I’m actually somewhat familiar with MobileIron. It’s more so a product aimed at corporations to control everything from security aspects to pushing updates to mobile phones. It might work, but you would have to spin up a server on a trial bases I would guess and I don’t even know if they have trial software available.
nouseforaname69 said:
I’m actually somewhat familiar with MobileIron. It’s more so a product aimed at corporations to control everything from security aspects to pushing updates to mobile phones. It might work, but you would have to spin up a server on a trial bases I would guess and I don’t even know if they have trial software available.
Click to expand...
Click to collapse
Oh I didn't realize that's what it was. I just saw something about editing the APN through the work profile. Apologies.