Do you have any tutorial or articles regarding the information you supplied, so I can read on? Sadly, I don't have any direct link at hand. You may want to search at XDA.
If you're interested in the Odin tool, though, I was researching its features, and you can find my notes under a question named Odin configuration file analysis , or something similar, in this very SE. DeathMaskSalesman I issued the reboot bootloader and rebooted into normal mode, same happened when I issued the adb reboot-bootloader.
The only one that worked was adb reboot recovery. DeathMaskSalesman For realz though, is totally stealing your comment and reposting it as an answer like the guy did below allowed here on SE? Show 4 more comments. Active Oldest Votes. Improve this answer. David Fraser. Add a comment. Sign up or log in Sign up using Google.
Sign up using Facebook. Sign up using Email and Password. It seems that we are indeed in presence of cryptography, probably AES related. It looks like a whitebox cryptography implementation as we only have tables but no hardcoded key. Instead of reverse engineering these functions, which can be time consuming without symbols, let's try to search for binaries related to them:. Pretty interesting, isn't it? To sum up, if we put specific data at a specific location in the param partition, then we can prevent aboot to switch the download mode.
This data is encrypted by something that seems to be a whitebox AES implementation. This becomes more interesting :. One may think that forging AES encrypted data without having the key seems to be problematic, but it's not. Even if I'm not a crypto guy and I don't break the whitebox AES implementation maybe in a next blog post?
Indeed, we can invoke the code inside libSecurityManagerNative. This is great, your download mode is locked! Now, what if you soft-brick your device for a random reason and you need to reflash it? You can't access download mode anymore, which is a bit problematic. To prevent such access loss and to allow easy switching between locked and unlocked state, I decided to implement a new command inside the adbd daemon and to put the modified adbd in the recovery of my smartphone.
This way, each time I need to unlock the download mode, I only have to boot in recovery, enter the good password through the custom adb command, and then reboot in download mode. Because we need to allow modification of param partition, our custom adbd binary has to be executed as root. To avoid bypass or security issues, we need to reduce the attack surface and we must not to expose adbd functionalities like adb shell or jdwp.
I have chosen to implement a new service command in minadbd instead reusing of adbd. Minadbd is a light version of adbd , used generally to expose only the adb sideloading feature of a stock recovery.
Please note that this code snippet is only a sample of what can be done, it is not recommended to use it on your smartphone as it doesn't implement any protection like anti bruteforce. It's just a PoC. Once flashed, we can reboot the smartphone in recovery mode and check if an adb device is detected:.
It was the universal method until all Samsung phones and tablets had the Power, Home, and Volume keys. However, with the departure of the Home button and with the introduction of the Bixby button on some Galaxy devices, the hardware key combination to get into the Download Mode has not only changed but also varies from device to device.
Smartphones like Samsung Galaxy A8 , etc. If you own one such Samsung device, follow the steps below. On such devices, you can get into the Download Mode as follows.
To boot such devices into the Download Mode, follow these steps:. Galaxy S21 Ultra recovery mode. Samsung is changing the way we used to enter the download and recovery mode on Samsung devices. The method also works on the Galaxy S20 and Galaxy Note Galaxy S21 Ultra Download Mode. In case the Power button on your Samsung phone or Galaxy Tab is not functioning, you can boot it into the Odin mode using the volume keys only.
0コメント