Or just take one of the open sourced recoveries and add a password prompt to it. (Partial solution - it won't affect odin..)
Just need to make sure the recovery doesn't start adb or anything else before getting a correct password. On Thu, Aug 23, 2012 at 7:21 PM, Pau Oliva Fora <[email protected]> wrote: > You'll have to implement this in the bootloader, which in most cases is > closed source, so roughly you'll have to: > > - find the binary blob of the bootloader, probably in a factory image or > dump it from the device > - find the base address of the bootloader blob and disassemble it properly > (use IDA pro) > - find a place -big enough- where you can inject your own code for the > password prompt > - find a place in the early stages of device boot where you can place a jump > instruction and branch to your code, this should be right after the > bootloader code detects if the fastboot or odin button combinations are > pressed. > > I'll suggest to write your code in C unless you are an arm assembly guru, > and try to make it the smallest possible... if the password is correct, then > it should jump back to the place right after where the execution was > interrupted with your initial jump and continue with the normal bootloader > process. > > Also, I wouldn't do the tests by flashing your patched bootloader directly > into the phone (replacing the phone's stock bootloader), as a small mistake > in your patches can totally brick the device. To properly test your patches, > you'll need to find a way to place the bootloader in RAM (from Android) and > jump into it, and to do this you'll need to disable interrupts, invalidate > CPU caches, reset MMU, and continue execution from physical address space > where you've copied the bootloader in RAM, this will simulate a reboot from > bootloader but using your patched one in RAM instead of the stock one in > NAND, not an easy task I guess... but if you have some progress, let us know > :D > > Cheers, > > pof > > > > On 08/23/2012 09:59 PM, Muddy Water wrote: >> >> This may be a redundant topic but I was wondering if anyone could point >> me in the direction to begin to be able to implement an on screen >> password before getting into recovery and odin. I've gotten my boot logs >> off to see where to begin. Just wondering if anyone can assist. >> >> **Points I have already heard: it is pointless because it is recovery >> etc...** >> >> -- >> You received this message because you are subscribed to the Google >> Groups "Android Security Discussions" group. >> To view this discussion on the web visit >> https://groups.google.com/d/msg/android-security-discuss/-/ZC8Aiz1odiwJ. >> To post to this group, send email to >> [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/android-security-discuss?hl=en. > > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
