I copied the wallpaper file in /sbin and opened it in a hex editor, and looked for anything referring to morningcall and sure enough, in offset 0002C660 to 0002C790 it says:

Code (Text):

1.  
2. -d.-ap. nonsecure image./system/bin/morningcall.rb.
3. Morningcall is empty.png.errorlogo.
4. Morningcall is empty..
5. Cannot read morningcall.
6. Cannot read morningcall..
7. Morningcall cannot be verified.
8. Morningcall cannot be verified..
9. -crypto.-------------------------------------------------------------------------------.
10. CRYPTO LIBRARY TEST UNSUCESSFUL
11.  

So, I pulled up /system/bin/morningcall and it was just a bunch of random nonsense. So, I was thinking, if we could just read what is in the morningcall file, we may gain some weapons in the arsenal against the bootloader?

Also, in the wallpaper file, there is this:

Spoiler

.-framework. Welcome Security Framework!! . 01. Error Dispaly Test . 02. Application Certificate Test . 03. Crypto Library Test . 04. TrustZone QFPROM Test . 05. TrustZone SFS Test . 06. TrustZone H/W Crypto Engine Test . exit -To exit this test application.Please enter Test number? .%s.exit.Security Framework Bye Bye!!.1.Please input mode? [png or text]: .Please input data? : .Error Display Test Successful. Success !!! Error Display Test .2. Application certificate verification unsucessful . Application certificate verification successful .3.Please Crypto Method (ex: MD5, SHA1, SHA2, ENC(AES), DEC(AES)) : .Please input file? : .Please enter out file name? : . Crypto Library Test Unsuccessful . Crypto Library Test Successful.4.Please Select? [read or write] : . TrustZone QFPROM Test Unsuccessful. TrustZone QFPROM Test Successful.5.Please enter make directory name? [no or make directory name] : .Please enter make file name? [no or make file name] : .Please enter data? : .Please enter test delete file option? [yes or no] : . TrustZone SFS Test Unsuccessful. TrustZone SFS Test Successful.6.. hash .. encrypt .. decrypt .. prng .. exit -To exit this test .Please enter Test name? .TrustZone H/W Crypto Engine Test Bye Bye!!. TrustZone H/W Crypto Engine Test Unsuccessful. TrustZone H/W Crypto Engine Test Successful.No such test command available!.WRITE.write.Please Write QFPROM Address [HEX] : 0x.Please enter Write value LSB ? [HEX] : 0x.Please enter Write value MSB ? [HEX] : 0x./sys/devices/platform/lge-msm8960-qfprom/addr.wt. Cannot open QFPROM address Driver ./sys/devices/platform/lge-msm8960-qfprom/lsb. Cannot open QFPROM lsb Driver./sys/devices/platform/lge-msm8960-qfprom/msb. Cannot open QFPROM msb Driver ./sys/devices/platform/lge-msm8960-qfprom/enable. Cannot open QFPROM read Driver ./sys/devices/platform/lge-msm8960-qfprom/write. Cannot open QFPROM enable Driver . Cannot open QFPROM address Driver./sys/devices/platform/lge-msm8960-qfprom/read. Cannot open QFPROM lsb Driver .%x. Write QFPROM Address : 0x%X .. Write QFPROM Value [LSB] [MSB] : 0x%X 0x%X..READ.read.Please Read QFPROM Address [HEX] : 0x. Read QFPROM Address : 0x%X .. Read QFPROM Value [LSB] [MSB] : 0x%X 0x%X.. Security_interface_tool_crypto_library_test is NULL.. Cannot open Image . Cannot read Image .MD5.md5.SHA1.sha1.SHA2.sha2.DEC.dec.ENC.enc. No such method is available! . Security_interface_command = %d ..w+b. Cannot open Output Image . Cannot write Output Image .[WALLPAPER] : Application certification is NULL..[WALLPAPER] : Cannot read Application certificate ..". Module : %s ..[WALLPAPER] : Length of application string is at Max..[WALLPAPER] : Number of applications in the list has reached Max..%s%s.[WALLPAPER] : Cannot open %s ..[WALLPAPER] : Verify Check Module : %s size : %d..[WALLPAPER] : Cannot read %s file ..[WALLPAPER] : Hash calculate unsuccessful %s file ..[WALLPAPER] : Verify check module hash : 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X.[WALLPAPER] : Application hash verification unsucessful! ..[WALLPAPER] : Application authentication unsuccessful! ../proc/cmdline.[WALLPAPER] : Cmdline: %s.Cmdline: %s ..[WALLPAPER] : Cann't open cmdline..Cann't open cmdline. .lge.signed_image=false.[WALLPAPER] : lge.signed_image=false.lge.signed_image=false .lge.signed_image.false.lge.signed_image=true.[WALLPAPER] : lge.signed_image=true.true.lge.signed_image=true .[WALLPAPER] : lge.signed_image unknown.------------------------------------------.

There are several references to a "Cypto Library". Maybe if we find it, it will help us somehow?

I don't know. I'm just a noob, and I maybe throwing darts out into the darkness, but I think if we find these things, we may find other things that may help out efforts in unlocking the bootloader If you wanna check out the full wallpaper file, then check out this pastebin HERE.

 

I was also thinking, if we could figure out how to enter the Security Framework, maybe we could use the Cypto Library to sign a unlocked bootloader with LG's magic private key? Just a thought......

 

Well, the SGSIII does have a S4 Processor.... *Hopefully waits for Shabby to chime in*

I Think we need to dig a bit more into files like these... They may show some tell tale clues into bypassing wallpaper/morningcall/the bootloader...

bossis, you have a hex editor on your computer?

 

That is the LTE2. We are using its cwm.


I think we all need to take a crack at this. Its not too hard, just download a hex editor, copy and paste stuff from /sbin, /system/bin, and other places them open it up in the hex editor, read it, and post your findings here.

If a brave soul is willing, we can try to look at wallpaper files from other LG phones. We need to really get our hands dirty... WHO IS WITH ME?!

 

What if we build a kernel from source that wouldn't have the wallpaper file. No wallpaper = no morningcall? No morningcall = able to pass the bootloader??????

 

I'm betting on this "Security Framework" will show something... We just need to find it.....

 

Because the kernel IS the security... Or at least one of the main ones...

 

.-. lol wut.......