I am seeing a growing discussion on the need for more Linux phones in the market given Google’s problematic behaviour w.r.t the changes that will be introduced to that OS.
One very good point that some community member raised was that Android itself wasn’t the problem but the locking of the bootloader in the phone. If the bootloader could be unlocked, then it significantly lowers the bar for the end user to install their OS of choice.
I have dabbled with flashing OSs in old smartphones (GrapheneOS, Post market and Lineage). I commend the developers because I could do that without truly having to “understand the code” at the lower levels. But I assume that was possible because the boot loader could be unlocked somehow*. It seems that isn’t the case with many/most phone fro. Samsung / Xiomi, etc.
Are their bootloaders truly unlockable? Is it simply impossible to unlock and relock bootloaders?
- I know that with lineage, the bootloader couldn’t be relocked and that was touted as a security flaw. If someone could explain why this lock/unlock is so complex, I’d appreciate it.
Different ways:
Sometimes it’s a cryptographic key thing, if the bootloader doesn’t see an image signed with a trusted key it won’t boot.
Sometimes it’s a flag set in storage that is secure and not writable. Bootloader checks the flag, if it’s set then it enforces signature verification.
Sometimes it’s a hardware thing. Newer chips can come with programmable fuses that can be set to pop. This literally severs an electrical connection within the soc or cpu or whatever and then that is the flag. The nintendo switch’s tegra used this to prevent downgrading; if you upgraded legitimately you’d “burn fuses” and then would be locked on that firmware permanently. downgrading could potentially brick the system. (Maybe someone’s figured out a way around this now, I haven’t fucked with switch stuff since tears of the kingdom came out).
There’s other ways too.
Defeating these methods is generally quite difficult. Sometimes you get lucky and a glaring bootloader exploit is found early on (fusee gelee for the switch) or one that applies to many generations of hardware (checkm8, unpatchable bootrom exploit for iphone 4s-iphone x) but at the same time companies have learned to harden their shit as much as possible and throw money at people who do find these exploits. Even nintendo, who has been notoriously laughably bad at this kind of thing seems to have come much harder at the switch 2. The only thing released to date is a minor userland exploit and even if something more substantial is released they’ll just brick your console for finding/running it
It blew my mind that they implemented RSA cryptography for the DS, with every cartridge encrypted with an unique game specific key… but then forgot to check if the signature was valid, making this completely useless. And they left this unpatched for the whole console generation
The 3ds free shop debacle with titlekeys being easily reused was pretty bad too. Like I suppose it could happen to anyone but if that happened to MS or Sony you know it would be patched in a matter of days (or hours, even) whereas the free shop worked for almost 2 full years. It is absolutely unimaginable in the modern context to think that a modern gaming company would allow an exploit that allowed you to simply download any game or update you wanted from their cdn and have your console immediately see it as legit. To think that such a thing would go on for years is mind blowing nowadays (and partially explains why the switch 2 is draconian, though it doesn’t excuse it. Just do better at security)
Why do people buy this hardware in the first place then if it won’t be theirs?
What kind of phone, laptop, game console, car, iot devices, etc do you have? I guarantee you support this stuff somewhere in your life. It’s inescapable.
But to answer you more directly apathy and consumerism. Why do people buy the switch 2 despite extremely anti consumer practices? Because they want to play slightly better Mario kart. Why do people buy a macbook? Because they want a computer that largely “just works”.
With phones it’s a bit different though. The choices are slowly being taken from you. It’s still possible right this second to buy something with an open bootloader but in 2030? Maybe not so much unless you’re cool with going back to a flip phone
With stuff like smartphones there’s literally no choice that allows you to do all smartphone stuff while also keeping control.
Sure you can buy a Pinephone, but that’s not a phone, it’s just an idealistic toy.
If you want a phone that works for 2FA, works with your bank and with your city’s public transport app, then there’s no libre option.
Even a fairphone with /e/ OS isn’t fully libre.
@ragebutt @TheLeadenSea don’t forget steriotypes, history and old habits almost always work for non-tech savvy, for example, many people avoid Samsung devices because they explode in spite that even happened last time years ago, I know they still explode but it is a rare even and its causes are known
You won’t need a flip phone, a Nexus or OPO will work as well.
Simple answer most people don’t know/care until it gets in their way.
And even then people have an incredible ability to just “get use to it” because for them it takes less effort that switching to a more ethical platform.
deleted by creator
I feel like this would be counterproductive in that it would ultimately be turned against the hacker group and used as fuel to increase control of devices when said group bricks 500,000+ phones or whatever. At least in the us the media and government will always side with corporations and that takes a huge amount of the population along with them
Android is probably one of the most secure systems out there
Good luck although I don’t condone cybercrime as it primary harms innocent bystanders
afaik custom firmware will stop these fuses from tripping so you can rollback as needed.
Can’t get it on if the bootloaders locked
on the switch we exploit it first.
Bc someone managed to find a bootrom exploit very early in the consoles life, which is fairly (and increasingly) uncommon (to find at all, let alone early). Still worth searching of course and still theoretically possible always but not something to count on
pretty much, yea. it is a workaround we can use on the og switch though.
Thanks Ragebutt
Comprehensive answers
That what I like
Thank you
my motorola example:
fastboot oem get_unlock_data
3A35219112984799#5A593232444743424E46006D6F746F726F6C0000#869D8063DBECC893461CCDA39BC5560898D31E77E0EA41ED679205BA559DC4A1#663D5E2D000000000000000000000000
could this be cracked with Hashcat?
you upload this to motorola
They then send you this to unlock your bootloader
Here is the unique code to unlock the bootloader of your Motorola phone.
Unlock Code: YGS5FHGWSJDQKBTSWXBS
fastboot oem unlock YGS5FHGWSJDQKBTSWXBS
fastboot oem unlock YGS5FHGWSJDQKBTSWXBS
(bootloader) Bootloader is unlocked!
OKAY [ 13.949s]
Finished. Total time: 13.949s
I have wondered if Hashcat could crack the hash sand give the Unlock Code.
When you consider how long a WPA2 hash is and it s still very possible to crack WPA2 as long. 3-4 hours to run through an 8 char uppercase keyspace on an old sky router.
WPA021709ba709b92c3eb7b662036b02e843c6c5940096fb664cc2edaeb526c686c64ca37bb6be93179b0ce86e0f4e393d742fca6854ace6791f29a7d0c0ec15340860103007502010a00000000000000000001f09960e32863aa57ba250769b6e12d959a5a1f1cc8939d6bed4401a16092fa72000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac040100000fac040100000fac02000000
but a 20 char Unlock Code would be impossible on my gaming rig.
The device throttles attempts so it isn’t crackable before the heat death of the universe.
Motorola has one of the better bootloader unlock programs. Many other companies make you jump though hoop after hoop or don’t allow it at all
Well the Better unlock program is the one where it’s just a toggle in dev settings and not one that depends on an online server that can be turned off at any moment. Especially those that makes the unlock irreversible or that immediately void hardware warranty
funny you mention it because motorola does use that to take away the possibility to unlock on older devices.
blocking bootloader unlock imho is more about sending more devices to the landfill rather than actual security
Thanks Possibly linux
Isn’t crackable before the heat death of the universe
so its a long way off then LOL