GTI9100GBootloaderFreedom » History » Revision 9

Revision 8 (Denis 'GNUtoo' Carikli, 03/06/2020 11:59 PM) → Revision 9/56 (Denis 'GNUtoo' Carikli, 03/07/2020 12:06 AM)

h1. I9100GBootloader 

 {{toc}} h2. Unsigned versions 

 We need to correlate some devices property (like the Android version it's shipped with, serial numbers, etc) to be able to easily differentiate between signed and unsigned versions, to makes it much more simple to get devices with unsigned bootloaders. 

 "hpagseddy/i9100g_xloader": is based on "ths-backup/i9100g_xloader": which has an ics (Icecream Sandwitch, an Android version) branch only. 

 Devices with Android 4.0.4 or 4.1.2 might have the unsigned bootloader while at least one device with Android 2.3.6 have a signed bootloader. 

 h2. Versions with signed bootloaders 

 h3. Checking if you have a signed bootloader 

 To do that you need to get into the ODIN MODE that is typically used to install the Replicant recovery: 

 # Start the device by holding the following key combination: *Volume down, Select, Power*, 
 # Hold the key combination until the device shows a *Warning* message. 
 # Confirm that you want to download a custom OS using volume up 
 # Make sure the device is in *Downloading* mode 

 When this is done, it should show some text: 

 Here CHN_CHN probably refers to the chinese version. According to "a thread on the XDA developers forum": ("Means that you own a chinese bootloader locked I9100G. You can't flash any other bootloader than the chinese one.") , that version has a signed bootloader. 


 h2. How to check for signed bootloader 

 To get the bootrom to try to boot on USB, you need to do the following: 
 * Connect the USB cable to the device but make sure it's not connected on the computer. 
 * Power off the device 
 * Connect the USB cable 

 If we do that, we get the following in the kernel log of your laptop: 
 usb 1-1: new high-speed USB device number 24 using ehci-pci 
 usb 1-1: unable to get BOS descriptor or descriptor too short 
 usb 1-1: New USB device found, idVendor=0451, idProduct=d00f, bcdDevice= 0.00 
 usb 1-1: New USB device strings: Mfr=33, Product=37, SerialNumber=0 
 usb 1-1: Product: OMAP4430 
 usb 1-1: Manufacturer: Texas Instruments 

 We can also try to get a bit more infos with omap-usb-boot: 
 $ sudo omap-usb-boot -v -w boot invalidbootmedia 
 Finding and opening USB device 
 Found and opened omap4 USB device: OMAP4430 
 ASIC device id: 4430, HS device 
 Booting from device invalidbootmedia... 
 Booting device invalidbootmedia not found 
 Booting from device failed 

 Here we know the device is signed because it's a "HS device". 
 If it was not signed it would print "GP device" instead. 


 h2. Using the Android version or other devices properties? 

 "hpagseddy/i9100g_xloader": is based on "ths-backup/i9100g_xloader": which has an ics (Icecream Sandwitch, an Android version) branch only. 

 It's still unclear if there is some correlation between Android version and signed bootloaders. 

 The device that was given to [[People#Denis-GNUtoo-Carikli|GNUtoo]] that has a signed bootloader also has the following characteristics: 

 *Software state*: Running the stock OS, unmodified 
 *Android version*: Android 2.3.6 
 *Baseband version*: IG9100GZCLC2 
 *Build number*: GINGERBREAD.ZCLC2 
 *Kernel version*: se.infra@SEI-30#2 

 At this point it's also still unclear if any of the characteristics above correlate to signed or unsigned bootloaders. 

 h2. Source code 

 * This got rebuilt and flashed, and it worked on the device it was tested on. 


 h2. TODO 

 * Understand how to get unsigned versions (Android version, serial number, etc) 
 * Get a device with u-boot and ask samsung for source code 
 * Try to boot the xloader nevertheless, as the device could be in some "verify but not enforce mode" for signatures