Samsung UART - DEMO - Hardware Hacking Series #9

Рет қаралды 29,346

Күн бұрын

Пікірлер: 34

@samirgunic Жыл бұрын

Thank you for making this video series! I have seen them all. I also absorbed the blog post like a sponge. If you have read any of my previous comments then you know by now that I have completed this circuit. I call it a circuit instead of cable, since I used a breadboard instead of a prototype board, with much less permanency (and bad connections as a result). I tried to avoid soldering as much as possible. This has been very helpful in diagnosing my "dead" Galaxy S7. Dead? It started talking when I hooked it up to this circuit. Who said that the dead can't talk? You just need the right equipment to listen in. Unfortunately, I was not able to extract any data. Sadly, it appears that the UFS controller has failed. But I learned a lot in the process and it was fun. I also tested two other Galaxy S7 phones in working condition, but I was not successful in getting the S-BOOT prompt. Presumably because they run on patched up software versions. So I am grateful for your videos. I know it's wishful thinking, as I imagine you're probably too occupied with work, but I really hope to see more of you and your videos in the future. Best wishes on your future hacking adventures! Keep the shades on. 😎

@CrazyDanishHacker Жыл бұрын

Thanks for the feedback and your story about your Galaxy S7 device. If you want to extract data from it, the first step if you can't boot even with that type of cable, is to buy a chip reader and desolder it (with a heat gun I think they use). Louis Rossman sometimes shows how he removes and replaces chips on Macbooks and iPhones. The concept is similar, use too much heat you and risk destroying the chip though. Also after you have the chip, chip reader, and patience, you will need some sort of software. Now that I have no clue about what exists and how much of it is freely available, but it is a starting point if you're very keen on extracting data from the device. I guess the "other solution", is to desolder the flash (i.e. memory file storage) chip and solder it on another used S7 device. (I dont think the flash chips are "locked" to the devices, but if it's encrypted, then it might not work without a second "TPM" chip as well maybe. It depends on how the file content is encrypted.)

@oussamalarbi6637 6 жыл бұрын

finely u r back ,best videos ever

@shadowgallery97 6 жыл бұрын

A revolution without dancing is a revolution not worth having.

@jojo-fp1zv 5 жыл бұрын

Sickest outro ever seen!

@dellodel9502 3 жыл бұрын

Crazy Video 👏👏👏👏💯

@abhishekchaudhari970 6 жыл бұрын

Awesome video 👌 learned something new waiting for more

@CrazyDanishHacker 6 жыл бұрын

Thanks, I got more videos coming up soon

@abhishekchaudhari970 6 жыл бұрын

Crazy Danish Hacker which series are u gonna start after this ? I just love ur glasses 🤭

@CrazyDanishHacker 6 жыл бұрын

I would like to move over to another topic for a while, where I use the computer more. I haven't fully decided yet, but the next series will likely be about how to create a Multi-RTL. (If you make one that works, then it could potentially be used for things like passive radar.) The sunglasses are Oakley Fuel Cell with Ice Iridium lenses I believe. I bought them around 5 years ago and they still look pretty good. (The lenses have a few tiny scratches which I could replace, but they're not scratched so much that it's worth buying new yet.)

@NathanCroucher 2 жыл бұрын

can you access or use any of the phones hardware? camera, wifi, upload custom firmware? Turn it into like a super pi

@CrazyDanishHacker Жыл бұрын

With root access to an Android phone you kind of can, but it is much easier to do with a normal USB cable and ADB shell. If you go this route, I would recommend getting a phone where the entire operating system is open source. To access just the camera and wifi and some other network functionality you can probably just develop a mobile app with the right permissions to the file system, camera, etc.

@arvindh4327 Жыл бұрын

I'm trying to do a similar thing, since pi's are practically impossible to buy nowadays, I wanted to install PostmarketOS on my old Honor7x. I was successful in unlocking the bootloader, but unable to root even using twrp or magisk. Also tried searching for the firmware version, no luck. XDA-community, no response. So can I pull the boot image through this method and then, will it be possible to root my device?!

@samirgunic Жыл бұрын

That's a very good question! Just what can you do with this S-BOOT console? I have not seen anyone explore these commands in depth. The original author (Nitay Artenstein) had this to say on the first blog post: "As you can see, the console already exposes some pretty interesting commands. But we're keeping the real fun for our next post." But as far as I can tell, post number two was never released. The main objective appears to have been to access the S-BOOT console, and the story ended there. I was successful in building this interface. I tested it with two different S7 phones. I even got my dead S7 to start talking. But I was not able to get to the S-BOOT prompt on any one of them. Presumably because the software version they're on has already been patched.

@joakoc.6235 5 жыл бұрын

Hi there, did you know what is the command to do a Battery Accumulated Usage Initialization on a Galaxy S7? I recently change the battery with an original one from samsungparts.com and its not performing as when the phone was new, so I download the service manual of my model and it says that when you change battery you need to reset this counter and them do it with the samsung anyway jig, any idea if I can do that with this method? Thanks!

@CrazyDanishHacker 4 жыл бұрын

Based on your question, I am pretty sure this is the type of cable you need to create. If you google this: "Battery Accumulated Usage Initialization", there will be one single result on Google with a PDF that indicates it may contain the answer you seek. Before opening this PDF, run it through an anti-virus scanner and also open it in Google Chrome as that should be more safe than most native PDF readers. (PDFs can contain malware, so please be careful.)

@CrazyDanishHacker 4 жыл бұрын

If you already have that service manual, then you don't need to download that PDF which apparently costs money to access if you don't have a scribd account.

@androidmodification1823 6 жыл бұрын

Hello brother, I've only just found you. Excellent work. I've spent the last day making the cable and it's tested and all good to go. But I can't get putty to work to test this cable on an S7 G930F. I'm using windows 7. I've downloaded putty and entered the settings per recommendation but it just says unable to open com port. I've never ventured into this particular area at all. Despite spending a few hours online trying to solve this I'm not getting anywhere. Could you recommend a tutorial please, one of your own preferred if you've made a clip covering this topic. Thankyou

@CrazyDanishHacker 6 жыл бұрын

It should work with a Samsung S7, but I haven't tried this method with that model though. Have look at this guide: forum.xda-developers.com/showthread.php?t=1901376 Try and recreate the cable using a breadboard for example, maybe get a used S6 that has a cracked screen or some other defect, where the owner will sell it super cheap. (Like 20$ to 50$) For a specific project not in relation to this channel I bought a few older iPhones and they cost me like 50$ each from an actual store. I would've answered your question earlier, but for some reason I'm only getting very few notifications about new comments.

@samirgunic Жыл бұрын

Have you entered the correct COM port? Have you installed the drivers for the USB RS232 to TTL device? I have made this cable, or circuit rather, using a breadboard, jumper wires, 1 MOhm resistor set to 619 kOhm, a 20 cm microUSB to microUSB OTG cable, and a USB RS232 to TTL device. The circuit works, since the phone does provide a boot log over the wires. But I was not successful in getting the S-BOOT prompt. Probably because the phones that I tested have already been patched. I tested with two Galaxy S7 phones. So yes, the cable does work with S7. Even my dead S7 started talking. So I have tested with three S7 phones, one of which is dead. I can't tell you if you can get to the S-BOOT prompt since I have not been there myself. But if you downgrade your software version, you might find out. So there is that also. You need to have a vulnerable version of the software. Let's not forget. Never upgrade a phone you intend to hack, if you want to be able to use the available exploit.

@oussamalarbi6637 6 жыл бұрын

can u make a video showing us u r studio and tools

@CrazyDanishHacker 6 жыл бұрын

That's going to be a bit hard as I moved out of my main office sometime ago, where I recorded all of my videos. I might do it in the future though :-)

@oussamalarbi6637 6 жыл бұрын

Crazy Danish Hacker don't stop making that amazing videos bro

@AcheronLupus1 6 жыл бұрын

Could you theoretically recompile and upload a replacement for the bootloader and get a shell when the user logs in?

@AcheronLupus1 6 жыл бұрын

Or do they sign their bootloader, and that prevents such a thing?

@CrazyDanishHacker 6 жыл бұрын

Theoretically it is (currently) almost always possible, but in practice, it looks like you would have to do a bit of hacking first. I googled very briefly and saw a post on the XDA forums where someone else tried to flash a custom binary which was blocked by Samsung Secure Boot. In this demo, you probably noticed that I did not enter the password for the encryption. I also haven't tested what happens if you plug in this cable, while the phone is e.g. locked but fully booted up.

@Nunya58294 4 ай бұрын

Nope. Signature verification must be disabled.

@Nunya58294 4 ай бұрын

Nope.