Android bootloader tampered

Android-bootloader-tampered-featured.jpg

The Android Boot Loader

To be able to manipulate the internal disks in your Android device, you must understand how to work with the boot loader. This is a part of the firmware administrating the loading of the boot image, but also other tasks such as reflashing it over USB and more.

The bootloader may be of one of the following.

Open Bootloader
Locked Bootloader
Conditionally open bootloader

Open Bootloader

This is, of course, the best. Often, anyway. The cost of an open bootloader, is the fact that your Android device isn’t tamper proof. You may tamper with it. The manufacturer may not want this, due to the fact that Digital Rights Management (DRM) requires your phone to be a secure perimeter.
Locked Bootloader

With a locked bootloader, you may not tamper with your phone’s firmware. The only accepted image you may download, must be cryptographically signed by the phone manufacturer. To reflash this phone with an own unsigned firmware, you must use some exploit to circumvent this (i.e. crack the phone).
Conditionally Open Bootloader

This is quite common today. The music industry required DRM hence a tamper proof device, but the users demanded the possibility to use custom firmwares. The compromise is the Conditionally Open Bootloader. When you get the device, it’s locked, but you have the ability to unlock it. The cost of this is often all DRM data. I.e. when you enter the magic codes to unlock the bootloader, it will at the same time erase all DRM data. You may still treat this as a locked bootloader if you want to keep the DRM data but still be able to use a custom rom.

The manufacturer will also probably disclaim all responsibilities now that you may tamper with the phone out of their control and support, once you unlock the boot loader.

Sony (Ericsson) Xperia official Bootloader unlocking

Functionality of the Bootloader

Another aspect of the bootloader is its functionality. The phone often got two different bootloaders. Some magic key combination when you power on the phone makes it enter on or the other. Common is Volume-Up during Power-On or USB cable insert of the powered-off device, and Volume-Down for the other. But this is very vendor specific. Google is your friend.
Fastboot

Fastboot is the Android standard bootloader. You communicate with the fastboot bootloader via the fastboot command in Android SDK. Commands for booting images over usb, flashing, unlocking (if supported), etc can be issued here.
Proprietary bootloader

Fastboot may be stripped of functionality or missing on some device. It may be quite useless on a locked device because it won’t allow you to neither flash nor boot unsigned images anyway. Therefore your phone got a proprietary bootloader to flash those signed images from your vendor. The functionally of this loader may vary. Some may only flash a new signed image, others may flash unsigned custom images as well as download the images already in the device to your computer. To communicate with this bootloader you’ll need the vendor tools, e.g. nvflash for NVIDIA Tegra based devices, or a third part tool using the vendors protocol, e.g. Flashtool for Sony Ericsson Xperia devices.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>