2 replies to this topic

[bcetxs]

I was wondering if anyone has compared the samsung bootloaders and the motorola bootloaders, "SafeRoot" which was originally for the Samsung Phones has been discovered to ROOT the new  "9.8.1Q-94-1" update for the xt907. if rooting gets us closer to unlocking a device, then theriedically speaking they must have some significant similarities.

 

Anyone Care to throw the thinking cap on?

 

I accept criticism, and guidance. "either order works"

 

"THEORY is only the mind trying to find the inner Ro0TS" : : : :

[livinginkaos]

The previous hole that allowed the moto bootloader to be vulnerable was in the tz partition. That hole has been patched and the exploit god that found it had looked thru it after the patch and started there were no more holes. The other issues you have is the age of this series of device is such that those with the skills to do it have moved on to more current devices. The fact that root was discovered over a month ago was a fluke in that a previous exploit was found to work, not that one of these security guys worked on it.

Sent From My DEV X

[SamuriHL]

Beyond that, I don't know why people confuse root and bootloaders.  One has nothing to do with the other.  Just because you can root a phone does not automatically mean the bootloader is vulnerable.  The reason that the safe root exploit works on so many phones is because it exploited a known Linux kernel bug that allowed privilege escalation.  Being a Linux kernel bug means that it is applicable to any version of Android that's using that flawed kernel, which was quite a few.  But that has absolutely nothing at all to do with the bootloader.  As Kaos mention, the previous unlock exploited a flaw in the TZ (trusted zone) code.  This allowed the code that blew the eFuse to unlock the device to be executed as root.  That flaw has been patched.  Since the TZ partition can't be downgraded even on an unlocked phone, there is no way to exploit it once the phone has been upgraded past the vulnerable version.  The security on Samsung devices is extremely different.  They do not use an eFuse to determine the security state.  Instead, they use a signed aboot partition to determine whether the phone is unlocked or not.  At least on the S4.