Samsung meets MediaTek: The story of a small bug chain [pdf]

userbinator 10/25/2024|

The MTK platform was widely popular in certain Android modding communities as it was easy to completely rewrite all nonvolatile storage except for the boot ROM, making them effectively "unbrickable". There was no need to use any exploits specifically to root, as you could just go into BootROM mode by holding down a button while powering on and connect SPFlashTool to modify the system however you want. Now that they've gotten increasingly user-hostile too, these are the bugs that lead to freedom.

Related interesting article: https://tinyhack.com/2021/01/31/dissecting-a-mediatek-bootro...

hgoho 10/25/2024|

You could still brick these if you set certain efuses that the BootROM checks.

Also that's how some vendors mitigated the bug discussed in that article you linked, by disabling USB access to BootROM entirely through setting that efuse in a firmware update.

sipofwater 10/23/2024||

Source: https://blog.quarkslab.com/attacking-the-samsung-galaxy-a-bo... (blog.quarkslab.com/attacking-the-samsung-galaxy-a-boot-chain.html)

rajnathani 10/25/2024||

Lol, I remember when our Linux consultant engineer cleaned up the RockChip RV1109/1126 vendor kernel for our custom Linux board, that the only part that he said that he couldn’t get rid off was the RockChip logo on boot.

SushiHippie 10/25/2024|

Previous discussion:

https://news.ycombinator.com/item?id=41919386