Samsung UART - DEMO - Hardware Hacking Series #9
HTML-код
- Опубликовано: 19 сен 2024
- In this video I double check that I haven't shorted out the custom USB cable, before connecting it to the computer and Samsung phone. After that I do a basic test of the Samsung UART cable to see if it's working, and give a few pointers on how to access the S-BOOT menu.
Special Thanks:
- Josh (First elite supporter!)
Warranty Disclaimer: Accessing the UART console on your Samsung device may void the warranty and in some cases even brick your device (i.e. make it unusable).
Stay tuned and subscribe for more upcoming videos showing actual hacks!
Twitter: @CrazyDaneHacker
Facebook: / crazydanishhacker
Patreon: / crazydanishhacker
Website: www.crazydanis...
Thank you for making this video series! I have seen them all. I also absorbed the blog post like a sponge. If you have read any of my previous comments then you know by now that I have completed this circuit. I call it a circuit instead of cable, since I used a breadboard instead of a prototype board, with much less permanency (and bad connections as a result). I tried to avoid soldering as much as possible.
This has been very helpful in diagnosing my "dead" Galaxy S7. Dead? It started talking when I hooked it up to this circuit. Who said that the dead can't talk? You just need the right equipment to listen in. Unfortunately, I was not able to extract any data. Sadly, it appears that the UFS controller has failed. But I learned a lot in the process and it was fun. I also tested two other Galaxy S7 phones in working condition, but I was not successful in getting the S-BOOT prompt. Presumably because they run on patched up software versions.
So I am grateful for your videos. I know it's wishful thinking, as I imagine you're probably too occupied with work, but I really hope to see more of you and your videos in the future. Best wishes on your future hacking adventures! Keep the shades on. 😎
Thanks for the feedback and your story about your Galaxy S7 device. If you want to extract data from it, the first step if you can't boot even with that type of cable, is to buy a chip reader and desolder it (with a heat gun I think they use). Louis Rossman sometimes shows how he removes and replaces chips on Macbooks and iPhones. The concept is similar, use too much heat you and risk destroying the chip though. Also after you have the chip, chip reader, and patience, you will need some sort of software. Now that I have no clue about what exists and how much of it is freely available, but it is a starting point if you're very keen on extracting data from the device. I guess the "other solution", is to desolder the flash (i.e. memory file storage) chip and solder it on another used S7 device. (I dont think the flash chips are "locked" to the devices, but if it's encrypted, then it might not work without a second "TPM" chip as well maybe. It depends on how the file content is encrypted.)
finely u r back ,best videos ever
A revolution without dancing is a revolution not worth having.
Sickest outro ever seen!
can you access or use any of the phones hardware? camera, wifi, upload custom firmware? Turn it into like a super pi
With root access to an Android phone you kind of can, but it is much easier to do with a normal USB cable and ADB shell. If you go this route, I would recommend getting a phone where the entire operating system is open source. To access just the camera and wifi and some other network functionality you can probably just develop a mobile app with the right permissions to the file system, camera, etc.
I'm trying to do a similar thing, since pi's are practically impossible to buy nowadays, I wanted to install PostmarketOS on my old Honor7x. I was successful in unlocking the bootloader, but unable to root even using twrp or magisk. Also tried searching for the firmware version, no luck. XDA-community, no response. So can I pull the boot image through this method and then, will it be possible to root my device?!
That's a very good question! Just what can you do with this S-BOOT console? I have not seen anyone explore these commands in depth. The original author (Nitay Artenstein) had this to say on the first blog post: "As you can see, the console already exposes some pretty interesting commands. But we're keeping the real fun for our next post." But as far as I can tell, post number two was never released. The main objective appears to have been to access the S-BOOT console, and the story ended there. I was successful in building this interface. I tested it with two different S7 phones. I even got my dead S7 to start talking. But I was not able to get to the S-BOOT prompt on any one of them. Presumably because the software version they're on has already been patched.
can u make a video showing us u r studio and tools
That's going to be a bit hard as I moved out of my main office sometime ago, where I recorded all of my videos. I might do it in the future though :-)
Crazy Danish Hacker don't stop making that amazing videos bro
Crazy Video 👏👏👏👏💯
Awesome video 👌 learned something new waiting for more
Thanks, I got more videos coming up soon
Crazy Danish Hacker which series are u gonna start after this ?
I just love ur glasses 🤭
I would like to move over to another topic for a while, where I use the computer more. I haven't fully decided yet, but the next series will likely be about how to create a Multi-RTL. (If you make one that works, then it could potentially be used for things like passive radar.)
The sunglasses are Oakley Fuel Cell with Ice Iridium lenses I believe. I bought them around 5 years ago and they still look pretty good. (The lenses have a few tiny scratches which I could replace, but they're not scratched so much that it's worth buying new yet.)
Hi there, did you know what is the command to do a Battery Accumulated Usage Initialization on a Galaxy S7? I recently change the battery with an original one from samsungparts.com and its not performing as when the phone was new, so I download the service manual of my model and it says that when you change battery you need to reset this counter and them do it with the samsung anyway jig, any idea if I can do that with this method? Thanks!
Based on your question, I am pretty sure this is the type of cable you need to create. If you google this: "Battery Accumulated Usage Initialization", there will be one single result on Google with a PDF that indicates it may contain the answer you seek. Before opening this PDF, run it through an anti-virus scanner and also open it in Google Chrome as that should be more safe than most native PDF readers. (PDFs can contain malware, so please be careful.)
If you already have that service manual, then you don't need to download that PDF which apparently costs money to access if you don't have a scribd account.
Hello brother, I've only just found you. Excellent work. I've spent the last day making the cable and it's tested and all good to go. But I can't get putty to work to test this cable on an S7 G930F. I'm using windows 7. I've downloaded putty and entered the settings per recommendation but it just says unable to open com port. I've never ventured into this particular area at all. Despite spending a few hours online trying to solve this I'm not getting anywhere. Could you recommend a tutorial please, one of your own preferred if you've made a clip covering this topic. Thankyou
It should work with a Samsung S7, but I haven't tried this method with that model though. Have look at this guide:
forum.xda-developers.com/showthread.php?t=1901376
Try and recreate the cable using a breadboard for example, maybe get a used S6 that has a cracked screen or some other defect, where the owner will sell it super cheap. (Like 20$ to 50$)
For a specific project not in relation to this channel I bought a few older iPhones and they cost me like 50$ each from an actual store.
I would've answered your question earlier, but for some reason I'm only getting very few notifications about new comments.
Have you entered the correct COM port? Have you installed the drivers for the USB RS232 to TTL device? I have made this cable, or circuit rather, using a breadboard, jumper wires, 1 MOhm resistor set to 619 kOhm, a 20 cm microUSB to microUSB OTG cable, and a USB RS232 to TTL device. The circuit works, since the phone does provide a boot log over the wires. But I was not successful in getting the S-BOOT prompt. Probably because the phones that I tested have already been patched. I tested with two Galaxy S7 phones. So yes, the cable does work with S7. Even my dead S7 started talking. So I have tested with three S7 phones, one of which is dead. I can't tell you if you can get to the S-BOOT prompt since I have not been there myself. But if you downgrade your software version, you might find out. So there is that also. You need to have a vulnerable version of the software. Let's not forget. Never upgrade a phone you intend to hack, if you want to be able to use the available exploit.
can i used for turn off FRP Lock? or enable factory settings?
Don't steal devices idiot 😂
Could you theoretically recompile and upload a replacement for the bootloader and get a shell when the user logs in?
Or do they sign their bootloader, and that prevents such a thing?
Theoretically it is (currently) almost always possible, but in practice, it looks like you would have to do a bit of hacking first. I googled very briefly and saw a post on the XDA forums where someone else tried to flash a custom binary which was blocked by Samsung Secure Boot.
In this demo, you probably noticed that I did not enter the password for the encryption.
I also haven't tested what happens if you plug in this cable, while the phone is e.g. locked but fully booted up.
Nope. Signature verification must be disabled.
Nope.
Any special reason for wearing sunglasses inside house...
Yes
I don't get it, you can get a breakout board for 99p