1. Are you ready for the Galaxy S20? Here is everything we know so far!

Don't know if this matters, but... (Regarding Morningcall)

Discussion in 'Android Devices' started by twogbsd, Dec 28, 2012.

  1. twogbsd

    twogbsd Android Expert
    Thread Starter

    I copied the wallpaper file in /sbin and opened it in a hex editor, and looked for anything referring to morningcall and sure enough, in offset 0002C660 to 0002C790 it says:

    Code (Text):
    1.  
    2. -d.-ap. nonsecure image./system/bin/morningcall.rb.
    3. Morningcall is empty.png.errorlogo.
    4. Morningcall is empty..
    5. Cannot read morningcall.
    6. Cannot read morningcall..
    7. Morningcall cannot be verified.
    8. Morningcall cannot be verified..
    9. -crypto.-------------------------------------------------------------------------------.
    10. CRYPTO LIBRARY TEST UNSUCESSFUL
    11.  
    So, I pulled up /system/bin/morningcall and it was just a bunch of random nonsense. So, I was thinking, if we could just read what is in the morningcall file, we may gain some weapons in the arsenal against the bootloader?

    Also, in the wallpaper file, there is this:

    .-framework. Welcome Security Framework!! . 01. Error Dispaly Test . 02. Application Certificate Test . 03. Crypto Library Test . 04. TrustZone QFPROM Test . 05. TrustZone SFS Test . 06. TrustZone H/W Crypto Engine Test . exit -To exit this test application.Please enter Test number? .%s.exit.Security Framework Bye Bye!!.1.Please input mode? [png or text]: .Please input data? : .Error Display Test Successful. Success !!! Error Display Test .2. Application certificate verification unsucessful . Application certificate verification successful .3.Please Crypto Method (ex: MD5, SHA1, SHA2, ENC(AES), DEC(AES)) : .Please input file? : .Please enter out file name? : . Crypto Library Test Unsuccessful . Crypto Library Test Successful.4.Please Select? [read or write] : . TrustZone QFPROM Test Unsuccessful. TrustZone QFPROM Test Successful.5.Please enter make directory name? [no or make directory name] : .Please enter make file name? [no or make file name] : .Please enter data? : .Please enter test delete file option? [yes or no] : . TrustZone SFS Test Unsuccessful. TrustZone SFS Test Successful.6.. hash .. encrypt .. decrypt .. prng .. exit -To exit this test .Please enter Test name? .TrustZone H/W Crypto Engine Test Bye Bye!!. TrustZone H/W Crypto Engine Test Unsuccessful. TrustZone H/W Crypto Engine Test Successful.No such test command available!.WRITE.write.Please Write QFPROM Address [HEX] : 0x.Please enter Write value LSB ? [HEX] : 0x.Please enter Write value MSB ? [HEX] : 0x./sys/devices/platform/lge-msm8960-qfprom/addr.wt. Cannot open QFPROM address Driver ./sys/devices/platform/lge-msm8960-qfprom/lsb. Cannot open QFPROM lsb Driver./sys/devices/platform/lge-msm8960-qfprom/msb. Cannot open QFPROM msb Driver ./sys/devices/platform/lge-msm8960-qfprom/enable. Cannot open QFPROM read Driver ./sys/devices/platform/lge-msm8960-qfprom/write. Cannot open QFPROM enable Driver . Cannot open QFPROM address Driver./sys/devices/platform/lge-msm8960-qfprom/read. Cannot open QFPROM lsb Driver .%x. Write QFPROM Address : 0x%X .. Write QFPROM Value [LSB] [MSB] : 0x%X 0x%X..READ.read.Please Read QFPROM Address [HEX] : 0x. Read QFPROM Address : 0x%X .. Read QFPROM Value [LSB] [MSB] : 0x%X 0x%X.. Security_interface_tool_crypto_library_test is NULL.. Cannot open Image . Cannot read Image .MD5.md5.SHA1.sha1.SHA2.sha2.DEC.dec.ENC.enc. No such method is available! . Security_interface_command = %d ..w+b. Cannot open Output Image . Cannot write Output Image .[WALLPAPER] : Application certification is NULL..[WALLPAPER] : Cannot read Application certificate ..". Module : %s ..[WALLPAPER] : Length of application string is at Max..[WALLPAPER] : Number of applications in the list has reached Max..%s%s.[WALLPAPER] : Cannot open %s ..[WALLPAPER] : Verify Check Module : %s size : %d..[WALLPAPER] : Cannot read %s file ..[WALLPAPER] : Hash calculate unsuccessful %s file ..[WALLPAPER] : Verify check module hash : 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X.[WALLPAPER] : Application hash verification unsucessful! ..[WALLPAPER] : Application authentication unsuccessful! ../proc/cmdline.[WALLPAPER] : Cmdline: %s.Cmdline: %s ..[WALLPAPER] : Cann't open cmdline..Cann't open cmdline. .lge.signed_image=false.[WALLPAPER] : lge.signed_image=false.lge.signed_image=false .lge.signed_image.false.lge.signed_image=true.[WALLPAPER] : lge.signed_image=true.true.lge.signed_image=true .[WALLPAPER] : lge.signed_image unknown.------------------------------------------.

    There are several references to a "Cypto Library". Maybe if we find it, it will help us somehow?

    I don't know. I'm just a noob, and I maybe throwing darts out into the darkness, but I think if we find these things, we may find other things that may help out efforts in unlocking the bootloader :D If you wanna check out the full wallpaper file, then check out this pastebin HERE.
     



    1. Download the Forums for Android™ app!


      Download

       
  2. twogbsd

    twogbsd Android Expert
    Thread Starter

    I was also thinking, if we could figure out how to enter the Security Framework, maybe we could use the Cypto Library to sign a unlocked bootloader with LG's magic private key? Just a thought......
     
    Sepero likes this.
  3. omgbossis21

    omgbossis21 Android Enthusiast

    It appears there is a way to disable it but I have no idea how. Seems to be just making sure drivers are in the right place. That's a fairly easy workaround for a rom if needed. How close is the s3 to our phone, could we try that aboot file?
     
  4. twogbsd

    twogbsd Android Expert
    Thread Starter

    Well, the SGSIII does have a S4 Processor.... *Hopefully waits for Shabby to chime in*

    I Think we need to dig a bit more into files like these... They may show some tell tale clues into bypassing wallpaper/morningcall/the bootloader...

    bossis, you have a hex editor on your computer?
     
  5. could it be toms diner or marionnete?
     
  6. TheAmazingDave

    TheAmazingDave Android Expert

    I see beautiful things possibly starting in this thread.


    Those are just live wallpapers.
     
  7. snake557

    snake557 Well-Known Member

    those two have been history since day 1. there is a txt list of apks in everyones system/app dir.
    thats odd why would you need it??
     
  8. theisonews

    theisonews Android Enthusiast

    Worth mentioning.

    While the phone is plugged in via usb to pc and then boot into cwm. Pc will ask you to install drivers for lgf160L.
     
    twogbsd likes this.
  9. twogbsd

    twogbsd Android Expert
    Thread Starter

    That is the LTE2. We are using its cwm.


    I think we all need to take a crack at this. Its not too hard, just download a hex editor, copy and paste stuff from /sbin, /system/bin, and other places them open it up in the hex editor, read it, and post your findings here.

    If a brave soul is willing, we can try to look at wallpaper files from other LG phones. We need to really get our hands dirty... WHO IS WITH ME?! ;)
     
    Scorpion7867 likes this.
  10. theisonews

    theisonews Android Enthusiast

    The fact that the pc prompts for drivers while the phone has not fully booted. Is worth looking into..

    I believe this similir to what adam discovered with the note 2.

    He.discovered that the kernel was loaded while the phone is charging. Thru this he found an exploit.
     
  11. TheAmazingDave

    TheAmazingDave Android Expert

    I believe that to be the case with our phone, too. I've observed my phone charging several times. It seems to start booting, then goes into a charge mode as opposed to booting into the GUI; seems the kernel would be loaded in this state.

    I haven't done any tests or logging to confirm this though.
     
  12. twogbsd

    twogbsd Android Expert
    Thread Starter

    What if we build a kernel from source that wouldn't have the wallpaper file. No wallpaper = no morningcall? No morningcall = able to pass the bootloader??????
     
  13. TheAmazingDave

    TheAmazingDave Android Expert

    I think we need to confirm that plugging the phone in to charge while it is cold-off activates the kernel. Once we know that, we should have someone with a Morningcall error plug their phone in to see how far the phone is actually booting.

    If the kernel does load for charge mode, and if a phone stuck with a Morningcall boots up enough to charge without the error, there may be something there, I think. It seems that would indicate that the kernel loaded without security.
     
  14. mussio

    mussio Well-Known Member

    How can we confirm the kernel is being activated ?iv accidentally put my phone in morning call mode by deleting the wrong apps I'm down to test just need some direction
     
  15. TheAmazingDave

    TheAmazingDave Android Expert

    I don't know. I'm a nerd, not a dev. :)

    Trying to learn, though. This gets me blood pumping.

    We need a way to see behind the splash screen, or some way to log the system console as it starts/boots.
     
  16. twogbsd

    twogbsd Android Expert
    Thread Starter

    I'm betting on this "Security Framework" will show something... We just need to find it.....
     
  17. theisonews

    theisonews Android Enthusiast

    Adam had two wires soldered to the battery and the other end of the wire connected to the pc. He had a cmd prompt open logging that the kernel is running.
     
  18. twogbsd

    twogbsd Android Expert
    Thread Starter

    Because the kernel IS the security... Or at least one of the main ones...
     
  19. twogbsd

    twogbsd Android Expert
    Thread Starter

    .-. lol wut.......
     
  20. TheAmazingDave

    TheAmazingDave Android Expert

    For sure, I thought about that as I was posting. BUT, when charging, it may be in a mode where the initial security is satisfied, and perhaps we can find a way to pass code to the kernel to make it do something it shouldn't... :thinking:



    edit: on a side note, do we have anyone that can pull the bootloaders from the device and reverse-engineer them, so to speak? Perhaps then, we can build a ground-up bootloader without security altogether?

    Compaq did it in the 80's, we can do it too. :D
     
  21. theisonews

    theisonews Android Enthusiast

    twogbsd likes this.
  22. theisonews

    theisonews Android Enthusiast

    Well im gonna install the spectrum 2 drivers and boot into.cwm and then try adb stuff
     
  23. theisonews

    theisonews Android Enthusiast

    Download link for lgf160L drivers please.
     
  24. TheAmazingDave

    TheAmazingDave Android Expert

    Looking...

    But now,.. I wonder if this thing is unlocked...
    LGF160L LG?? ???? 3533????
     
  25. TheAmazingDave

    TheAmazingDave Android Expert

    Does anyone read Chinese?
    LG

    I'll see if I can find the drivers by clicking some links here, but flying blind.
     

LG Motion 4G Forum

The LG Motion 4G release date was August 2012. Features and Specs include a 3.5" inch screen, 5MP camera, 1GB RAM, Snapdragon S4 Plus processor, and 1700mAh battery.

August 2012
Release Date
0
Reviews
Loading...
Similar Threads - Don't matters Regarding
  1. Biffos
    Replies:
    9
    Views:
    531
  2. Gioele
    Replies:
    3
    Views:
    554
  3. kayakkielbasa
    Replies:
    8
    Views:
    1,212
  4. Thomas Boyd
    Replies:
    6
    Views:
    1,487
  5. kite
    Replies:
    0
    Views:
    1,278
  6. AdiA
    Replies:
    0
    Views:
    386
  7. Rgarner
    Replies:
    2
    Views:
    1,179
  8. Phillip Daniel Sr
    Replies:
    1
    Views:
    751
  9. Jimbo84
    Replies:
    8
    Views:
    4,838
  10. behrprofl
    Replies:
    5
    Views:
    1,803

Share This Page

Loading...