Hi Denis, thank you for these insights. My answers follow below: On Monday, 10 September 2018 15:03, Denis 'GNUtoo' Carikli <[email protected]> wrote:
> On Sun, 09 Sep 2018 09:17:52 +0000 > Fil Lupin [email protected] wrote: > > > Hello, > > After searching, I did not find any method working on all devices to > > allow to backup a device's partitions without flashing it to get > > root. > > Could you add a summary of your research on the wiki? Yes, of course. It seems I do not have access to modify the wiki pages. Waiting for those rights, those informations should probably go into a section into https://redmine.replicant.us/projects/replicant/wiki#Other Some informations are device-specific and need to be specified. > > Moreover, I found several posts assuring this is not possible > > for GT-I9300 > > At the beginning of Replicant, I also had a lot of comments on Android > IRC channels telling me that what I was trying to do (replace the HTC > Dream nonfree libraries with free software) was impossible. Indeed, I am aware of that, in fact, this comes from 1st Clarke's law (https://en.wikipedia.org/wiki/Clarke%27s_three_laws). ;) > > (see B.6. in > > https://forum.xda-developers.com/showthread.php?t=723596). > > I didn't find anything stating that in B.6. I was thinking to this: You can backup most of your firmware through Clockwork Recovery, however, **since this already requires root** > > On GT-I9300 (Samsung Galaxy S3), it seems the only way to get root is > > to flash recovery partition. > > There is a bootloader exploit with a hello world (helloworld.c) in > git://github.com/oranav/i9300_emmc_toolbox.git that gives you code > execution at the bootloader level. Beside that I didn't do enough > research on rooting to have something tangible, but I know that some > have source code. This idea reminds me something, I probably read it on the forum a few years ago. I have to read it again, thanks for pointing me this repo. :) > > First step should then be to get a > > recovery partition which will not harm the device before installing > > it on device. What I mean here is one should not only checking > > integrity of the downloaded file by checking MD5 signature but also > > checking that recovery partition will do what it is made for and only > > this. > > MD5 checksums are broken. And checksums only tells you that the file > you downloaded (for instance the recovery image) matches the checksum > that you check against. > > To get better assurance that the file you downloaded really comes from > the developers you could rely on either or both: > > - Your TLS connection, assuming that the developer(s) control the > website they distribute the recovery from. > > - detached GPG signature files, that enables you to check that the > file you downloaded really comes from the developers. Actually, I did not enter into details but I precisely talked about that: an asymetric cryptographic signature to assure the partition is what is pretends to be. > > Some websites allow to download firmware but I do not know how to > > guaranty those firmware authenticity. Since I am not an expert, I > > hope someone can let me know how to do this. > > I've no idea beside comparing them with the stock device images that > you dumped yourself. If the websites publish hashes of the images, it > could enable people to check it way more easily. > > At the end of the day I don't see many uses cases of making a backup of > the i9300 recovery: All devices are most probably out of warranty from > Samsung by now. As for the warranties of the shops selling it second > hand, they often already have TWRP or similar. > > There may be cases where it might be interesting to run the stock OS > on it to test things or to understand how the stock RIL works, but so > far all that could also be done with Cyanogenmod or LineageOS. In fact, thinking about it, I conclude the same: this is essentially useful for research. If you want to get back to the device's original state, for documentation or testing, this is needed. If one want to use her or his phone as a phone, recovery backup is not needed. > Assuming you really need a valid recovery because you need to run the > stock OS, and it complains about you using a wrong recovery, you could > still try dodgy recoveries and look if it still complains. I would prefer to avoid to test this. :) > If the stock OS is able to somehow check the integrity of the recovery, > there might be a way to find how to do it ourselves. Galaxy S3 GT-I9300 does not seem to be able to do that. This is why it is so easy to change stock ROM with a custom one if I understood well: 0. recovery check that stock ROM is well signed so one has to get rid of recovery to change stock ROM. 1. change recovery (through Heimdall/Odin) 2. then change stock ROM through custom recovery I precise that this is what I understood, but I can be wrong. > The Bootloader > might also do that, in that case it's probably way easier to do it > ourselves. > > However if you manage to backup all the other partitions without > erasing the user data partition, in a way that is easy enough for users > to do, and doesn't require to run nonfree or dodgy apk, it could enable > people to backup their data (but not the recovery) and be able to > migrate to Replicant without loosing all their data. > > If you manage to build a free software a root exploit that works on > some Replicant compatible devices, then it should be fairly easy to > modify the source code to backup the recovery and enable users to do a > full backup. > > Alternatively you could try to go use bootloader exploit to run u-boot > or something like that. There is someone working on porting u-boot to > the i9300. When USB support will be ready for u-boot, you could try to > run the this command to export the eMMC over USB: > > > ums 0 mmc 0 > > or this one: > > > ums 0 mmc 1 > > Both paths requires some work but it would be very beneficial as users > could way more easily migrate their data. I still need to read about the boot process to understand it well, but I found a page which seems well documented (https://forum.xda-developers.com/android/general/info-boot-process-android-vs-linux-t3785254), I will spend some time on it. The way proposed by Kurtis to sold some resistor still seems interesting to better understand the behaviour, but sadly, I do not have the skills needed yet. :) - Fil Lupin. _______________________________________________ Replicant mailing list [email protected] https://lists.osuosl.org/mailman/listinfo/replicant
