Project

General

Profile

GTI9100GBootloaderFreedom » History » Version 9

Denis 'GNUtoo' Carikli, 03/07/2020 12:06 AM

1 1 Denis 'GNUtoo' Carikli
h1. I9100GBootloader
2
3 9 Denis 'GNUtoo' Carikli
{{toc}}
4 3 Denis 'GNUtoo' Carikli
5 8 Denis 'GNUtoo' Carikli
h2. Versions with signed bootloaders
6 3 Denis 'GNUtoo' Carikli
7 8 Denis 'GNUtoo' Carikli
h3. Checking if you have a signed bootloader
8 7 Denis 'GNUtoo' Carikli
9 8 Denis 'GNUtoo' Carikli
To do that you need to get into the ODIN MODE that is typically used to install the Replicant recovery:
10 1 Denis 'GNUtoo' Carikli
11 7 Denis 'GNUtoo' Carikli
# Start the device by holding the following key combination: *Volume down, Select, Power*,
12
# Hold the key combination until the device shows a *Warning* message.
13
# Confirm that you want to download a custom OS using volume up
14
# Make sure the device is in *Downloading* mode
15
16
When this is done, it should show some text:
17
<pre>
18
ODIN MODE
19
PRODUCT NAME: GT-I9100G_CHN_CHN
20
</pre>
21
22
Here CHN_CHN probably refers to the chinese version. According to "a thread on the XDA developers forum":https://forum.xda-developers.com/galaxy-s2/development/guide-repair-totally-sleep-dead-boot-t1701471 ("Means that you own a chinese bootloader locked I9100G. You can't flash any other bootloader than the chinese one.") , that version has a signed bootloader.
23 8 Denis 'GNUtoo' Carikli
24 1 Denis 'GNUtoo' Carikli
25 5 Denis 'GNUtoo' Carikli
h2. How to check for signed bootloader
26
27 1 Denis 'GNUtoo' Carikli
To get the bootrom to try to boot on USB, you need to do the following:
28
* Connect the USB cable to the device but make sure it's not connected on the computer.
29
* Power off the device
30
* Connect the USB cable
31
32
If we do that, we get the following in the kernel log of your laptop:
33
<pre>
34
usb 1-1: new high-speed USB device number 24 using ehci-pci
35
usb 1-1: unable to get BOS descriptor or descriptor too short
36
usb 1-1: New USB device found, idVendor=0451, idProduct=d00f, bcdDevice= 0.00
37
usb 1-1: New USB device strings: Mfr=33, Product=37, SerialNumber=0
38
usb 1-1: Product: OMAP4430
39
usb 1-1: Manufacturer: Texas Instruments
40
</pre>
41
42
We can also try to get a bit more infos with omap-usb-boot:
43
<pre>
44
$ sudo omap-usb-boot -v -w boot invalidbootmedia
45
Finding and opening USB device
46
Found and opened omap4 USB device: OMAP4430
47
ASIC device id: 4430, HS device
48
Booting from device invalidbootmedia...
49
Booting device invalidbootmedia not found
50
Booting from device failed
51
</pre>
52
53
Here we know the device is signed because it's a "HS device".
54
If it was not signed it would print "GP device" instead.
55 9 Denis 'GNUtoo' Carikli
56
h2. Using the Android version or other devices properties?
57
58
"hpagseddy/i9100g_xloader":https://github.com/hpagseddy/i9100g_xloader is based on "ths-backup/i9100g_xloader":https://github.com/ths-backup/i9100g_xloader which has an ics (Icecream Sandwitch, an Android version) branch only.
59
60
It's still unclear if there is some correlation between Android version and signed bootloaders.
61
62
The device that was given to [[People#Denis-GNUtoo-Carikli|GNUtoo]] that has a signed bootloader also has the following characteristics:
63
64
*Software state*: Running the stock OS, unmodified
65
*Android version*: Android 2.3.6
66
*Baseband version*: IG9100GZCLC2
67
*Build number*: GINGERBREAD.ZCLC2
68
*Kernel version*: 2.6.35.7 se.infra@SEI-30#2
69
70
At this point it's also still unclear if any of the characteristics above correlate to signed or unsigned bootloaders.
71 2 Denis 'GNUtoo' Carikli
72
h2. Source code
73
74
* https://github.com/hpagseddy/i9100g_xloader This got rebuilt and flashed, and it worked on the device it was tested on.
75
* https://blog.the-leviathan.ch/?p=408
76
77 1 Denis 'GNUtoo' Carikli
h2. TODO
78
79
* Understand how to get unsigned versions (Android version, serial number, etc)
80
* Get a device with u-boot and ask samsung for source code
81 6 Denis 'GNUtoo' Carikli
* Try to boot the xloader nevertheless, as the device could be in some "verify but not enforce mode" for signatures