GTI9100GBootloaderFreedom » History » Revision 9
Revision 8 (Denis 'GNUtoo' Carikli, 03/06/2020 11:59 PM) → Revision 9/56 (Denis 'GNUtoo' Carikli, 03/07/2020 12:06 AM)
h1. I9100GBootloader {{toc}} h2. Unsigned versions We need to correlate some devices property (like the Android version it's shipped with, serial numbers, etc) to be able to easily differentiate between signed and unsigned versions, to makes it much more simple to get devices with unsigned bootloaders. "hpagseddy/i9100g_xloader":https://github.com/hpagseddy/i9100g_xloader is based on "ths-backup/i9100g_xloader":https://github.com/ths-backup/i9100g_xloader which has an ics (Icecream Sandwitch, an Android version) branch only. Devices with Android 4.0.4 or 4.1.2 might have the unsigned bootloader while at least one device with Android 2.3.6 have a signed bootloader. h2. Versions with signed bootloaders h3. Checking if you have a signed bootloader To do that you need to get into the ODIN MODE that is typically used to install the Replicant recovery: # Start the device by holding the following key combination: *Volume down, Select, Power*, # Hold the key combination until the device shows a *Warning* message. # Confirm that you want to download a custom OS using volume up # Make sure the device is in *Downloading* mode When this is done, it should show some text: <pre> ODIN MODE PRODUCT NAME: GT-I9100G_CHN_CHN </pre> Here CHN_CHN probably refers to the chinese version. According to "a thread on the XDA developers forum":https://forum.xda-developers.com/galaxy-s2/development/guide-repair-totally-sleep-dead-boot-t1701471 ("Means that you own a chinese bootloader locked I9100G. You can't flash any other bootloader than the chinese one.") , that version has a signed bootloader. h2. How to check for signed bootloader To get the bootrom to try to boot on USB, you need to do the following: * Connect the USB cable to the device but make sure it's not connected on the computer. * Power off the device * Connect the USB cable If we do that, we get the following in the kernel log of your laptop: <pre> usb 1-1: new high-speed USB device number 24 using ehci-pci usb 1-1: unable to get BOS descriptor or descriptor too short usb 1-1: New USB device found, idVendor=0451, idProduct=d00f, bcdDevice= 0.00 usb 1-1: New USB device strings: Mfr=33, Product=37, SerialNumber=0 usb 1-1: Product: OMAP4430 usb 1-1: Manufacturer: Texas Instruments </pre> We can also try to get a bit more infos with omap-usb-boot: <pre> $ sudo omap-usb-boot -v -w boot invalidbootmedia Finding and opening USB device Found and opened omap4 USB device: OMAP4430 ASIC device id: 4430, HS device Booting from device invalidbootmedia... Booting device invalidbootmedia not found Booting from device failed </pre> Here we know the device is signed because it's a "HS device". If it was not signed it would print "GP device" instead. h2. Using the Android version or other devices properties? "hpagseddy/i9100g_xloader":https://github.com/hpagseddy/i9100g_xloader is based on "ths-backup/i9100g_xloader":https://github.com/ths-backup/i9100g_xloader which has an ics (Icecream Sandwitch, an Android version) branch only. It's still unclear if there is some correlation between Android version and signed bootloaders. The device that was given to [[People#Denis-GNUtoo-Carikli|GNUtoo]] that has a signed bootloader also has the following characteristics: *Software state*: Running the stock OS, unmodified *Android version*: Android 2.3.6 *Baseband version*: IG9100GZCLC2 *Build number*: GINGERBREAD.ZCLC2 *Kernel version*: 2.6.35.7 se.infra@SEI-30#2 At this point it's also still unclear if any of the characteristics above correlate to signed or unsigned bootloaders. h2. Source code * https://github.com/hpagseddy/i9100g_xloader This got rebuilt and flashed, and it worked on the device it was tested on. * https://blog.the-leviathan.ch/?p=408 h2. TODO * Understand how to get unsigned versions (Android version, serial number, etc) * Get a device with u-boot and ask samsung for source code * Try to boot the xloader nevertheless, as the device could be in some "verify but not enforce mode" for signatures