• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Root Just got this phone on at&t, Working on a root, Bootloader hack

Dm47021

Dm47021

Android Expert
Screenshot from 2015-09-22 01:40:01.png
Screenshot from 2015-09-22 01:40:31.png
Screenshot from 2015-09-22 01:40:39.png
Hello,
Iam DM47021
some of you may be familiar with my work, some of you may not be but thats okay.
Soo. i just got the phone on at$t :(
and iam currently working on a permenent root, bootloader hack.
iam on to something here, as i have found the encryption key used for the S5, and also the NOTE4, i really wanted the note so i started tinkering.
You guys ask.. who is this guy, and how does he have a key
the answer, its always been there, it has to be in the boot.img, recovery.img or else they will not boot.. period.

just to show you iam not lying

my first thought was to try and port LOKI, and reverse engineer the aboot_signature, base, and hdr address with hex edit, but.. these knox bootloaders dont appear the be loki exploitable
 
Good luck.. I'm on the Verizon S5 with a locked bootloader as well. Got the phone a month or so ago and it was updated already , unfortunately. I'm sure you have alot of people 'rooting' for you to be successful! lol
 
Slight update, Still not rooted, but have made some progress. iam able to flash a zip from the stock recovery without tripping the knox flag
 
My whole idea at this point, is to use the stock update.zip from at&t, use their install script with the keys, to install a modded (original file) install-recovery.sh since it is already a service that runs as root in the current ramdisk. should be able to use the script to install the su binary and superuser apk from a temp area into /system using this method..

sounds simple doesnt it.
 
ive got the entire exploit done, now i need to
A either get install-recovery.sh to flash from stock recovery "need to find the keys for the install script"
or
B somehow gain system RW access

any help will be appreciated
 
Really excited that someone is finally working on the bootloader lock I wish I could help but i have no experience coding and what not. Hopefully you can get it working what edition of linux mint are you working on I at least want to try it out I'm also hoping this will work on Verizon s5.
 
Last edited:
I rooted by downgrading to 4.4 then flashing kernal then towel rooting then flashfire to upgrade to lolipop to keep root hope this might help
 
Tacoking said:
I have been doing a lot of research on this and I be leave you should read threw this article and comments. It's about remote hacking your phone threw your key bored and giving you samsungs private signing key wich lets it run on the most privileged contexts on the device, system user. https://www.nowsecure.com/blog/2015/06/16/remote-code-execution-as-system-user-on-samsung-phones/
Click to expand...


Very interesting to say the least. iam not sure yet how i could use it as an easy root method for everyone, but definetly has potentia
 
Dm47021 said:
Very interesting to say the least. iam not sure yet how i could use it as an easy root method for everyone, but definetly has potentia
Click to expand...
Hey DM, are you still going to work on F6 I'm trying to get u one asap with my money, if not I'm just gonna buy me a g3, moto x 2014 or s5
 
Last edited:
OneShotGoGetter said:
Hey DM, are you still going to work on F6 I'm trying to get u one asap with my money, if not I'm just gonna buy me a g3, moto x 2014 or s5
Click to expand...

Planning to yes, iam at a stand still, cant do anymore without the device..

i tend to support multiple devices all the time
 
Any luck playing with the key board? Iv been writing script but I won't be able to try anything tell I get a spare phone.
 
Dm47021 said:
Slight update, Still not rooted, but have made some progress. iam able to flash a zip from the stock recovery without tripping the knox flag
Click to expand...
What happens if the knox flag is tripped? Does it hurt your phone or just the warranty?
Can you come up with a method of rooting that Does trip knox?
 
whamer how would removing knox benefit us? I'm not trying to be critical. I know as much about linux programming as you do about rebuilding an Engine. (unless of course you DO know how to rebuild an engine then feel free to substitute something you don't know how to do)

Also, I remember reading somewhere that the Canadian variant does not have the unrootable bootloader. Is it possible to flash the canadian bootloader via Odin but somehow substitute that key? If I flash the Canadian bootloader, and I have a problem could I just re-flash the BOG5 bootloader via odin?
 
swing4thefence said:
whamer how would removing knox benefit us? I'm not trying to be critical. I know as much about linux programming as you do about rebuilding an Engine. (unless of course you DO know how to rebuild an engine then feel free to substitute something you don't know how to do)

Also, I remember reading somewhere that the Canadian variant does not have the unrootable bootloader. Is it possible to flash the canadian bootloader via Odin but somehow substitute that key? If I flash the Canadian bootloader, and I have a problem could I just re-flash the BOG5 bootloader via odin?
Click to expand...

thats a extremely risky flash right there, if it doesnt boot, you wont be able to get into download mode, as dl mode is part of the bootloader itself
 
Please keep working on it. If you can succeed and I can unlock my S5 bootloader so I can root, I've got $50 to send you by Paypal or whatever. You have my word (only the KJV bible is better than my word). I so hate Samsung/Verizon. BTW, my phone is a refurbised S5 to replace an old S3 I broke falling on rocks. So I don't give a crap about warranties. Get ahold of me thru this forum or use my email.
 
Last edited:
Found this on an endless search to root BOG5; hope it helps!
 

Attachments

  • Screenshot_2015-12-14-01-41-51.png
    Screenshot_2015-12-14-01-41-51.png
    342.3 KB · Views: 299
You must log in or register to reply here.
Back
Top Bottom