Project

General

Profile

Actions

GTI9100GBootloaderFreedom » History » Revision 19

« Previous | Revision 19/56 (diff) | Next »
Denis 'GNUtoo' Carikli, 03/17/2020 06:47 PM


I9100GBootloader

How to check if you have a signed bootloader

How to check from the bootloader interface to install the recovery.

To do that you need to get into the ODIN MODE that is typically used to install the Replicant recovery:

  1. Start the device by holding the following key combination: Volume down, Select, Power,
  2. Hold the key combination until the device shows a Warning message.
  3. Confirm that you want to download a custom OS using volume up
  4. Make sure the device is in Downloading mode

When this is done, it should show some text:

ODIN MODE
PRODUCT NAME: GT-I9100G_CHN_CHN

Here CHN_CHN probably refers to the Chinese version. And it looks like that version has a signed bootloader: According to a thread on the XDA developers forum "Means that you own a chinese bootloader locked I9100G. You can't flash any other bootloader than the chinese one."

How to check with command line utilities

To get the bootrom to try to boot on USB, you need to do the following:
  • Connect the USB cable to the device but make sure it's not connected on the computer.
  • Power off the device
  • Connect the USB cable

If we do that, we get the following in the kernel log of your laptop:

usb 1-1: new high-speed USB device number 24 using ehci-pci
usb 1-1: unable to get BOS descriptor or descriptor too short
usb 1-1: New USB device found, idVendor=0451, idProduct=d00f, bcdDevice= 0.00
usb 1-1: New USB device strings: Mfr=33, Product=37, SerialNumber=0
usb 1-1: Product: OMAP4430
usb 1-1: Manufacturer: Texas Instruments

We can also try to get a bit more infos with omap-usb-boot:

$ sudo omap-usb-boot -v -w boot invalidbootmedia
Finding and opening USB device
Found and opened omap4 USB device: OMAP4430
ASIC device id: 4430, HS device
Booting from device invalidbootmedia...
Booting device invalidbootmedia not found
Booting from device failed

Here we know the device is signed because it's a "HS device".
If it was not signed it would print "GP device" instead.

Using the Android version or other devices properties?

hpagseddy/i9100g_xloader is based on ths-backup/i9100g_xloader which has an ics (Icecream Sandwitch, an Android version) branch only. According to hpagseddy, that branch is also used for Android Jelly brean.

It's still unclear if there is some correlation between Android version and signed bootloaders.

The device that was given to GNUtoo that has a signed bootloader also has the following characteristics:

Software state: Running the stock OS, unmodified
Android version: Android 2.3.6
Baseband version: IG9100GZCLC2
Build number: GINGERBREAD.ZCLC2
Kernel version: 2.6.35.7 se.infra@SEI-30#2

According to a thread on XDA there is a corelation between the Baseband version and the geographic zone that is targeted. And as we can see above, the Build number seem to be related to the Baseband version as well. While the list of baseband versions is incomplete, we can still use it to avoid the Chinese version (CHN_CHN) which has a signed bootloader.

At this point it's also still unclear if any of the other characteristics above correlate to signed or unsigned bootloaders.

As the binaries are under the GPLv2 or later, It would also be a good idea to collect all of them, match them with the device characteristics like the Build number and Baseband version, and verify if they are signed or not with some tool.

Source code

TODO

  • Document the various firmware version mentioned here: https://www.sammobile.com/samsung/galaxy-s2/firmware/#GT-I9100G
  • Understand how to get unsigned versions (Android version, serial number, etc)
  • Get a device with an unsigned bootloader and u-boot and ask samsung for source code
  • Check the boot order on unsigned devices (is it possible to boot from USB easily?)
  • Try to boot the xloader nevertheless, as the device could be in some "verify but not enforce mode" for signatures

Updated by Denis 'GNUtoo' Carikli about 4 years ago · 19 revisions

Also available in: PDF HTML TXT