GTI9100GBootloaderFreedom » History » Version 20
Denis 'GNUtoo' Carikli, 03/17/2020 06:48 PM
1 | 1 | Denis 'GNUtoo' Carikli | h1. I9100GBootloader |
---|---|---|---|
2 | |||
3 | 9 | Denis 'GNUtoo' Carikli | {{toc}} |
4 | 3 | Denis 'GNUtoo' Carikli | |
5 | 11 | Denis 'GNUtoo' Carikli | h2. How to check if you have a signed bootloader |
6 | 3 | Denis 'GNUtoo' Carikli | |
7 | 11 | Denis 'GNUtoo' Carikli | h3. How to check from the bootloader interface to install the recovery. |
8 | 7 | Denis 'GNUtoo' Carikli | |
9 | 8 | Denis 'GNUtoo' Carikli | To do that you need to get into the ODIN MODE that is typically used to install the Replicant recovery: |
10 | 1 | Denis 'GNUtoo' Carikli | |
11 | 7 | Denis 'GNUtoo' Carikli | # Start the device by holding the following key combination: *Volume down, Select, Power*, |
12 | # Hold the key combination until the device shows a *Warning* message. |
||
13 | # Confirm that you want to download a custom OS using volume up |
||
14 | # Make sure the device is in *Downloading* mode |
||
15 | |||
16 | When this is done, it should show some text: |
||
17 | <pre> |
||
18 | ODIN MODE |
||
19 | PRODUCT NAME: GT-I9100G_CHN_CHN |
||
20 | </pre> |
||
21 | |||
22 | 10 | Denis 'GNUtoo' Carikli | Here CHN_CHN probably refers to the Chinese version. And it looks like that version has a signed bootloader: According to "a thread on the XDA developers forum":https://forum.xda-developers.com/galaxy-s2/development/guide-repair-totally-sleep-dead-boot-t1701471 "Means that you own a chinese bootloader locked I9100G. You can't flash any other bootloader than the chinese one." |
23 | 1 | Denis 'GNUtoo' Carikli | |
24 | 12 | Denis 'GNUtoo' Carikli | h3. How to check with command line utilities |
25 | 5 | Denis 'GNUtoo' Carikli | |
26 | 1 | Denis 'GNUtoo' Carikli | To get the bootrom to try to boot on USB, you need to do the following: |
27 | * Connect the USB cable to the device but make sure it's not connected on the computer. |
||
28 | * Power off the device |
||
29 | * Connect the USB cable |
||
30 | |||
31 | If we do that, we get the following in the kernel log of your laptop: |
||
32 | <pre> |
||
33 | usb 1-1: new high-speed USB device number 24 using ehci-pci |
||
34 | usb 1-1: unable to get BOS descriptor or descriptor too short |
||
35 | usb 1-1: New USB device found, idVendor=0451, idProduct=d00f, bcdDevice= 0.00 |
||
36 | usb 1-1: New USB device strings: Mfr=33, Product=37, SerialNumber=0 |
||
37 | usb 1-1: Product: OMAP4430 |
||
38 | usb 1-1: Manufacturer: Texas Instruments |
||
39 | </pre> |
||
40 | |||
41 | We can also try to get a bit more infos with omap-usb-boot: |
||
42 | <pre> |
||
43 | $ sudo omap-usb-boot -v -w boot invalidbootmedia |
||
44 | Finding and opening USB device |
||
45 | Found and opened omap4 USB device: OMAP4430 |
||
46 | ASIC device id: 4430, HS device |
||
47 | Booting from device invalidbootmedia... |
||
48 | Booting device invalidbootmedia not found |
||
49 | Booting from device failed |
||
50 | </pre> |
||
51 | |||
52 | Here we know the device is signed because it's a "HS device". |
||
53 | If it was not signed it would print "GP device" instead. |
||
54 | 9 | Denis 'GNUtoo' Carikli | |
55 | 11 | Denis 'GNUtoo' Carikli | h3. Using the Android version or other devices properties? |
56 | 9 | Denis 'GNUtoo' Carikli | |
57 | 15 | Denis 'GNUtoo' Carikli | "hpagseddy/i9100g_xloader":https://github.com/hpagseddy/i9100g_xloader is based on "ths-backup/i9100g_xloader":https://github.com/ths-backup/i9100g_xloader which has an ics (Icecream Sandwitch, an Android version) branch only. According to hpagseddy, that branch is also used for Android Jelly brean. |
58 | 9 | Denis 'GNUtoo' Carikli | |
59 | It's still unclear if there is some correlation between Android version and signed bootloaders. |
||
60 | |||
61 | The device that was given to [[People#Denis-GNUtoo-Carikli|GNUtoo]] that has a signed bootloader also has the following characteristics: |
||
62 | |||
63 | *Software state*: Running the stock OS, unmodified |
||
64 | *Android version*: Android 2.3.6 |
||
65 | *Baseband version*: IG9100GZCLC2 |
||
66 | *Build number*: GINGERBREAD.ZCLC2 |
||
67 | *Kernel version*: 2.6.35.7 se.infra@SEI-30#2 |
||
68 | |||
69 | 18 | Denis 'GNUtoo' Carikli | According to "a thread on XDA":https://forum.xda-developers.com/galaxy-s2/development/bootloader-t1754158 there is a corelation between the @Baseband version@ and the geographic zone that is targeted. And as we can see above, the @Build number@ seem to be related to the @Baseband version@ as well. While the list of baseband versions is incomplete, we can still use it to avoid the Chinese version (CHN_CHN) which has a signed bootloader. |
70 | 17 | Denis 'GNUtoo' Carikli | |
71 | At this point it's also still unclear if any of the other characteristics above correlate to signed or unsigned bootloaders. |
||
72 | 2 | Denis 'GNUtoo' Carikli | |
73 | 20 | Denis 'GNUtoo' Carikli | As the binaries are under the GPLv2 or later, It would also be a good idea to collect all of them, match them with the device characteristics like the @Build@ number and @Baseband version@, and verify if they are signed or not with some free software tool. |
74 | 19 | Denis 'GNUtoo' Carikli | |
75 | 2 | Denis 'GNUtoo' Carikli | h2. Source code |
76 | |||
77 | * https://github.com/hpagseddy/i9100g_xloader This got rebuilt and flashed, and it worked on the device it was tested on. |
||
78 | * https://blog.the-leviathan.ch/?p=408 |
||
79 | |||
80 | 1 | Denis 'GNUtoo' Carikli | h2. TODO |
81 | |||
82 | 16 | Denis 'GNUtoo' Carikli | * Document the various firmware version mentioned here: https://www.sammobile.com/samsung/galaxy-s2/firmware/#GT-I9100G |
83 | 1 | Denis 'GNUtoo' Carikli | * Understand how to get unsigned versions (Android version, serial number, etc) |
84 | 13 | Denis 'GNUtoo' Carikli | * Get a device with an unsigned bootloader and u-boot and ask samsung for source code |
85 | 14 | Denis 'GNUtoo' Carikli | * Check the boot order on unsigned devices (is it possible to boot from USB easily?) |
86 | 6 | Denis 'GNUtoo' Carikli | * Try to boot the xloader nevertheless, as the device could be in some "verify but not enforce mode" for signatures |