23
May
whitethumb

When news broke that Verizon's and AT&T's versions of the Galaxy S4 would ship with locked/non-unlockable bootloaders, people were... upset. This sort of action was basically expected from Verizon, but AT&T had historically left its device's bootloaders unlocked, allowing users to do what they wanted with their own handsets. To make matters worse, the Galaxy S4's bootloader signature verification is nearly impossible to crack.

Then, at the first of the month, all-around genius hacker Dan Rosenberg released a teaser for his upcoming tool that would "hack" the AT&T's versions bootloader. That tool, now knows as Loki, is finally available for download, and it also works on Verizon's version of the device.

Before you get too excited, though, it's worth noting that this is a developer-only tool. It's designed for ROM and recovery devs and is not a utility made for the average Joe. In other words, don't expect to just download Loki and flash it through ADB or some other method.

The good news here is that it has been done. This tool, once implemented, will allow the bootloader to be bypassed and a custom kernel to be executed. According to Dan, this is similar to kexec "in that it works around a locked bootloader, but this approach is much more flexible and robust."

For more technical information on how Loki works, check out this post on the Azimuth Security blog, along with this FAQ on XDA.

Cameron Summerson
Cameron is a self-made geek, Android enthusiast, horror movie fanatic, musician, and cyclist. When he's not pounding keys here at AP, you can find him spending time with his wife and kids, plucking away on the 6-string, spinning on the streets, or watching The Texas Chainsaw Massacre on repeat.

  • therealbiglou

    It's important to note that he only now released the tool AFTER the launch of the Verizon version so that they didn't have time to patch the loophole before launch.

    • http://www.androidpolice.com/ Artem Russakovskii

      We did indeed note this in the att post a few weeks back.

      • therealbiglou

        He's a smart dude.

    • sgtguthrie

      What happens when they patch it with the first ota though? Won't it be necessary to take it to update radios? Then we'll just need a new exploit...

      • squiddy20

        It has been my experience that, on certain ROMs, the OTAs don't go through. I've got a Sprint Galaxy Nexus and have been on CM since I got it a year ago, and not once have I seen a prompt about an OTA update, despite there having been 4 or so.

        • sgtguthrie

          Well no shit you don't take an ota with a custom rom, even if you could! That wasn't my point and you're comparing it with a fully unlocked device. They're apples and oranges. You want to change radios, you flash them. On the vzw gs4 (because the bootloader is still locked) you'll likely have to go back to stock and take the update I think to get it. Unless you can flash just the radios in Odin. If that's the case, it's no big deal I guess.

  • downtownjeff

    All hail Dan!

  • duse

    Cool to see, but this game can't go on forever. As a buyer, I wouldn't want to have to wonder what exploit I'll have to use the next time I buy a phone, or whether an exploit will even be available. I would never purchase a device from Verizon or AT&T. They are literally the only carriers in the world that do this.

    • Anotherworld

      Once you unlocked the bootloader there is no reasone to use the stock ROM anymore,

      • duse

        Yes, but that's not the point. I wouldn't want to be bothered every time I buy a phone wondering what its security will be and whether I will be able to circumvent it or how. You shouldn't have to scour XDA downloading strange tools and reading guides just to be able to get a phone to operate how it should out of the box. You should be able to buy the device and use it and get on with life. Out of principle, Verizon and AT&T deserve no money from customers for their practices. If you buy it you are only giving them the OK to continue doing this every year.

        • Cuvis

          Couldn't agree more. That's why I stick with T-Mobile, and will continue to stick with them as long as I can.

          • sgtguthrie

            I would love to, but they just don't have the network to go with it...

  • TechGuy22

    they just announced HTC ONE S OFF at XDA. i cant wait.

Quantcast