Researcher Unlocks Galaxy S4 Bootloader For AT&T, Verizon Phones 75
Trailrunner7 writes "Those of you who like to tinker and jailbreak Android phones should take notice of some new research conducted on Samsung Galaxy S4 Android devices shipped by AT&T and Verizon. Both devicemakers ship the Galaxy S4 smartphones with a locked-down bootloader that prevents users from uploading custom kernels or from making modifications to software on the phone. Azimuth Security researcher Dan Rosenberg has found a vulnerability in the manner in which the devices do cryptographic checks of boot image signatures and was able to exploit the flaw and upload his own unsigned kernel to the device."
not a true unlock (Score:5, Informative)
Unfortunately this is not a bootloader unlock, it allows you to load unsigned kernels and recovery images but the bootloader must be exploited each time you install a new image. Further it's easily fixed and the next OTA from at&t/vzw is expected to patch it.
Re: (Score:3, Insightful)
Re:not a true unlock (Score:5, Insightful)
A smart person doesn't buy a carrier locked phone in the first place.
Re: (Score:1)
It's morel like if you forgot to lock your back door so your neighbor slips in it once or twice, you notice lock the back door and its back to secure.
Re:not a true unlock (Score:5, Interesting)
It's morel like if you forgot to lock your back door so your neighbor slips in it once or twice, you notice lock the back door and its back to secure.
Yeah, it's like that, but also: Then the neighbor slips in your window instead. So, you lock that. Then you notice them crawling in right through the damn wall?! Oh, that's right you live in a Swiss Cheese Shanty. Bah, but who cares, you'll be moving out soon -- You're building a whole new home, and it's going to be Sweet! Most Secure System Ever. No ones ever tried to tunnel their way into a Funnelcake Fortress before!
Meanwhile the list of your previous homes includes Calamari Castle, Macaroni Mansion, and a Doughnut Domicile, so it doesn't seem like the future bodes well for your boot-locking strategies.... Oh! What about a Footwear Flat? I know an old lady looking to part with one on the cheap, roof's a bit 'leaky' though...
Re:not a true unlock (Score:5, Funny)
Re: (Score:1)
We don't have the keys to the bootloader and samsung is likely to patch it on phones sold in the future. Further this unlock doesn't allow us to load the same recoveries/roms/kernels other galaxy s4 devices have, the kernels and recoveries have to be modified to exploit this attack.
Re: (Score:3)
The neighbor (now owner) thinks that's pretty stupid since it's his house now, and he wants to be able to use the other doors. He manages to pick the lock on the back door to open it, and gets the lock changed so he can use the back door. Next time you drop by to visit and fix some things which were broken when you sold
Re: (Score:1)
It's more like if you forgot to lock your neighbors back door so your neighbor slips in it once or twice, you notice lock the back door and laugh at your idiot neighbor's misfortune in being unable to enter his own house that he paid for and rightfully owns. He even goes as far as to call the police but they just arrest him because he's irrationally demanding to enter his own house. Meanwhile you just kick back and feel slightly ashamed that you're not paying a billionaire for the entertainment you're getti
Device Maker... (Score:3, Informative)
It is the same device maker.
Real News: Galaxy S4 not easily unlocked yet! (Score:5, Insightful)
The real news to me is that the Galaxy S4 is not already easily unlocked. I would have assumed that with the S3 being easily unlocked that the S4 would be similar.
I would think the best strategy for the phone companies and the handset makers would be to make it just difficult enough that most people wouldn't bother, but easy enough that people who really care wouldn't avoid the phones.
Re:Real News: Galaxy S4 not easily unlocked yet! (Score:5, Informative)
It should be made illegal to lock cell phones. As nice as the S4 is, pick up a Nexus 4 and have a phone you don't need to 'jailbreak'.
Re:Real News: Galaxy S4 not easily unlocked yet! (Score:4, Informative)
Re:Real News: Galaxy S4 not easily unlocked yet! (Score:5, Insightful)
It will be.
But jailbreaking isn't the answer. The answer is breaking AT&T into little bitty pieces and making contracts like the one between AT&T and Samsung illegal.
If the anti-trust laws were enforced, S4's would cost about $150 and there would be no such thing as 2 year contracts for service. And there definitely wouldn't be the kind of collusion between hardware manufacturers, service providers and content providers that is destroying competition and making customers miserable and overcharged.
Re:Real News: Galaxy S4 not easily unlocked yet! (Score:5, Insightful)
Actually, it costs $237 to make one, so the price to consumers in a competitive market would probably be about $400 now while it's the latest and greatest thing, or $300 in six to twelve months. And of course, there should be a competitive market for financing for those who want to pay for it in installments.
Re: (Score:2)
Let me guess: these are Samsung's figures, yes?
Re: (Score:2)
My Nexus $200. An S4 does not have $400 worth of additional parts than the Nexus.
My point is the relationship between Samsung and AT&T distorts the entire cost chain to such an extent, and not to the benefit of the consumer.
Re: (Score:2)
I googled: galaxy s4 teardown
And I found this:
http://allthingsd.com/20130508/samsung-galaxy-s4-costs-237-to-build-teardown-analysis-shows/ [allthingsd.com]
Another example of why you should Google things before you post.
Re: (Score:2)
Do you realize that those teardowns show the cost of the components if you were to buy them individually?
Do you think they get a teeny discount for buying 500,000? Like maybe a 20:1 discount?
Even without this certain discount, which would bring the cost of building the S4 closer to $100, don't you think >300% profit is a tiny bit high?
How much profit you think there is in a $200 Nexus 7, which is similar tech? Is the cost of building the Nexus 7 really an order of magnitud
Re: (Score:1)
No way on the $150 price. Just the parts that go into an S4 are more than $150. The S4 would still cost close to what it costs to buy it outright now, but the plans would end up being much more affordable, due to the competition and the lack of phone subsidy cost.
Re:Real News: Galaxy S4 not easily unlocked yet! (Score:5, Insightful)
You are shitting me right? Talk about self indulgent pricks. If you want an unlocked S4, go buy it from Google's Play Store. Only $650 or so.
The reason cell companies have $200 S4 is because they're fronting the money for it, and they want to make it back up (plus a nice multiplier, obviously) over the next 2 years. That is why your data plans are also so expensive, because they know once they've locked you in, you can't move for 2 years.
And in 2 years, they front another $400 for you, so that you can get the S6 for $200. And they continue to milk you.
But make no mistake about it - the S4 does *NOT* cost $150, and only a fucking moron thinks it does.
Re:Real News: Galaxy S4 not easily unlocked yet! (Score:4, Informative)
But make no mistake about it - the S4 does *NOT* cost $150, and only a fucking moron thinks it does.
Nope, it doesn't cost $150. It costs $244, including the manufacturing. [ihs.com]
Re: (Score:1)
Re: (Score:1)
Notice that it's priced out as if they were making them individually, to order.
They give you the price of the processor if you bought only one and the price of the memory if you bought one module and the price of the screen if you bought only one screen.
I've got a feeling they get a little bit of a discount when they source the materials to make a few million of them.
It reminds me of how they used to publish what it would cost an individual to build a Corvette f
Re: (Score:2)
You really need to learn to read and comprehend better. The break down prices are what it cost the manufacturers to buy them.
For some manufacturers that also make their own components, like Samsung, it may be cheaper, but that just means the component division made less money.
Re: (Score:3)
That is why your data plans are also so expensive, because they know once they've locked you in, you can't move for 2 years.
What does this have to do with locking the bootloader? The rest of the world is in the same boat except without locked bootloaders. We are in the boat because of contractual agreements. So where is the incentive now? If I unlock my bootloader and go elsewhere I'm obliged to pay out the minimum contract cost which is quite expensive. If I upgrade then I still am required to pay the same contract cost.
I am on a contract. I pay $x per month over 2 years. I get my data allowance, sms, calls etc. My phone howeve
Re: (Score:3)
The real question is if this applies to S4s not sold by Verizon and AT&T.
Re: (Score:3)
No. Verizon and AT&T are the only known carriers locking the Galaxy S4 bootloader.
AT&T and Verizon are not "devicemakers" (Score:5, Informative)
Samsung is the device maker.
How hard is it? (Score:5, Interesting)
When the phone powers up, there is usually a watchdog circuit that holds a pin low (ground) for a short time, usually 50-100ms, then it allows the pin to rise, and that pin then allows firmware to be loaded which starts the bootloader process (or is the bootloader process). Usually you can short that pin, and after the amount of time required to load the OS, the firmware can be updated (reflash the chip with new bootloader/os). I realise finding the pin and reflashing the chip can be a bit of a job, but its not impossible (I've used techniques like this to unbrick/reflash bootloaders in routers and other devices, and likewise upload new firmware).
Re:How hard is it? (Score:4, Informative)
The kind that is comfortable doing live BIOS swaps. Some of us really hate having to dick around with software or drive-by solutions. Doing it 100% ourselves is the 'proper' way we do things.
AKA any half-competent computer repair tech.
Re: (Score:1)
Except for the fact that "pin" is usually between two circuits on the same IC die contained in the same ceramic packaging.
Sure, you can grind off the ceramic coating, put the die under your microscope, find what trace performs the locking function, and either short it or replace the fuses that were blown to enable the lockout.
But after spending that much time and money on modifying what is essentially a phone someone else paid for and you are borrowing from them until it is paid off two years later, you cou
Not a cryptography weakness (Score:3)
Re: (Score:2)
My S4 clone may not be quite as fancy as a samsung, but it's damned close and its *mine* out of the box. No carrier lock, no bootloader lock.. Nothin. Oh and it was 1/3 the price.. ( not out of pocket for a subsidy extension, but actual cost of the phone )
you could just as well have bought a real s4 from samsung and have had the unlocked bootloader.. calling something that's more of a s2 clone a s4 clone is a bit stretchy..
I'm not paying $1000 for a damaged phone (Score:2, Insightful)
Why would I buy a brain damaged piece of crap? Also I'm not likely to buy Samsung again due to their abandoning the Galaxy S which I'm still using.
Re: (Score:2, Interesting)
Tracfone prepaid
My tracfone is a 18 year old Motorola flip phone no net just phone and it still supported
Re: (Score:2)
Tracfone prepaid
My tracfone is a 18 year old Motorola flip phone no net just phone and it still supported
...supported in what way? galaxy s1 still works on modern networks. you can still get software for it from google play.
an 18 year old phone wouldn't work on most networks anymore..
Re: (Score:2)
was replying to the one above
Re: (Score:1, Troll)
"Show a phone maker who supports something that old or fuck off."
Nokia Tracfone. In fact, mine is almost a decade old and still gets support.
Oh, and I can dial 911 and boot faster than any smartphone.
I also get about 10x the battery life.
You stupid fools and your 'smart' phones.
Re: (Score:2)
Re: (Score:2)
You stupid fools and your 'smart' phones.
Hmmm, why would I have an internet-enabled and feature-rich computer that easily fits in my pocket, that can also make phone calls, when I could be dragging a laptop *and* a phone around? Nope, I'm drawing a blank. You got me there.
Re: (Score:2)
So just pay $600 for an unlocked one like the rest of the non AT&T / Verizon world.
Some times I wonder..... (Score:1)
Requires root access beforehand? (Score:2)
"I flash this image by leveraging root access in the Android operating system to write to the boot block device"
Isn't it usually rooting you want to achieve when you unlock the bootloader?
Or is there already a root exploit available, and this will allow you to not only root a stock image, but instead load custom images?
Re: (Score:2)
I find this sentence from the article interesting:
"I flash this image by leveraging root access in the Android operating system to write to the boot block device"
Isn't it usually rooting you want to achieve when you unlock the bootloader?
Or is there already a root exploit available, and this will allow you to not only root a stock image, but instead load custom images?
You can have root on systems without exploits.. but having root doesn't mean that you can boot your own kernel.
verizon chip (Score:1)