Triangle Away vs Samsung
Posted by Chainfire on 04-06-2012 at 19:00:00 - Comments: 602 - Views: 434133
Project: TriangleAway - Tags: Android Bad news
Project: TriangleAway - Tags: Android Bad news
The Samsung Galaxy Note and Samsung Galaxy S III update for Triangle Away I have just released, may be one of the last - if not the last - iteration of Triangle Away.
History
These past few years, Samsung has been very kind to us power users. We have been able to modify most of our Galaxy series devices as much as we wanted, without silly roadblocks as locked bootloaders and such.
With the Galaxy S II, Samsung introduced a custom kernel flash counter and custom kernel warning triangle. This is where Triangle Away came in - it reset the flash counter and removed the warning triangle.
On the Galaxy Note, Samsung tried hiding the data once more, so Triangle Away would not work.
On the Galaxy S III (among other new devices), Samsung has gone a step further, and has introduced a background service that runs on your device and checks for things such as a modified /system, apps running with root access, etc.
For the moment, this service does not do anything malicious, but who knows what the future will bring ? Tracking of IMEI's that have ever ran root, disabling of services, etc ?
Custom ROMs, root, bricks, and warranty
I am not sure what the reason is Samsung wants to track all this. My reason for wanting to "break" their tracking is one thing: warranty.
Being able to run the software I want on devices I own without losing hardware warranty should be a right by law. As for as I can see, there's only two ways you can really break your device with root access:
(1) overclocking to the point where hardware is damaged
(2) flashing nonsense to your bootloader partitions
I'm not sure how to handle (1). I personally never overclock - and I don't think it's strange to deny overclockers warranty. Surely this must be preventable in the hardware. Case number (2) however is wholly Samsung's fault. Adam Outler has shown time and again that these devices are perfectly able to be made unbrickable - so any bootloader brick is IMHO Samsung's fault. If Adam Outler can prevent the situation with a soldering iron, the original design is broken.
Regardless, hardware should be under warranty - if I have my device rooted or not. Leaked service center documents show that devices should be checked for root, and if present, deny warranty. (This is not just Samsung, all the major OEMs do this.)
That is simply unacceptable. Any OEM following that policy is a bad OEM - in some countries this may even be an unlawful practise (though good luck winning in court). HTC has once refused to replace a defective digitizer on my HTC Diamond (a common hardware issue with this device) due to HSPL being present. They claimed HSPL had irreversibly damaged the mainboard, and the entire innards of the device would have to be replaced. Riiiiight.
Root by itself is not a crime, nor a pointer that a device is broken in any way that should not fall under warranty. But in the eyes of the OEMs it seems we are criminals.
If the purpose of the tracking is related to corporate security and such, I can see why Samsung would want to lock down further. I can certainly understand that, though I don't necessarily agree.
The future
I'm not necessarily against (on-device only) flash tracking, but it would have to come with a guarantee from Samsung that hardware issues will not be denied warranty just because a device is running custom software.
If we had that, we would not have to break these counters and trackers, and corporate security and such would not be broken.
However, every iteration Samsung is making the breaking a little more difficult. Even if Samsung doesn't come up with such a guarantee as mentioned above, it is the question if it is wise to keep breaking these "mild" protections.
I've seen a lot of people (users, commenters, posters, non-techs?) claim Samsung's security is currently weak, and that us hackers are so much better. Let me put one thing straight before going further: Samsung engineers aren't stupid. The reason we currently break these protections so easily is because they want it to be breakable easily. Once that changes, and they start employing full encryption and whatnot, we - the powerusers - will be royally screwed.
The question then becomes, do we play this game of incremental security until we end up with locked devices, or do we choose to live without warranty in exchange for our devices being dead easy to modify ?
And thus we come full circle - if Samsung goes another step further in protecting their custom flash data, will I even attempt to bypass it ? Should I ? A big part of me thinks not.
There's always hope Samsung will do the right thing and provide hardware warranty even with modified software, but somehow I doubt this will happen any time soon.
There's also the possibility that Samsung will not make the next iteration better protected. After all, how many people really use Triangle Away anyway ? I would estimate there are about 50 000 unique Triangle Away users - on 50 million or so possibly supported Galaxy devices, its effect is relatively little.
History
These past few years, Samsung has been very kind to us power users. We have been able to modify most of our Galaxy series devices as much as we wanted, without silly roadblocks as locked bootloaders and such.
With the Galaxy S II, Samsung introduced a custom kernel flash counter and custom kernel warning triangle. This is where Triangle Away came in - it reset the flash counter and removed the warning triangle.
On the Galaxy Note, Samsung tried hiding the data once more, so Triangle Away would not work.
On the Galaxy S III (among other new devices), Samsung has gone a step further, and has introduced a background service that runs on your device and checks for things such as a modified /system, apps running with root access, etc.
For the moment, this service does not do anything malicious, but who knows what the future will bring ? Tracking of IMEI's that have ever ran root, disabling of services, etc ?
Custom ROMs, root, bricks, and warranty
I am not sure what the reason is Samsung wants to track all this. My reason for wanting to "break" their tracking is one thing: warranty.
Being able to run the software I want on devices I own without losing hardware warranty should be a right by law. As for as I can see, there's only two ways you can really break your device with root access:
(1) overclocking to the point where hardware is damaged
(2) flashing nonsense to your bootloader partitions
I'm not sure how to handle (1). I personally never overclock - and I don't think it's strange to deny overclockers warranty. Surely this must be preventable in the hardware. Case number (2) however is wholly Samsung's fault. Adam Outler has shown time and again that these devices are perfectly able to be made unbrickable - so any bootloader brick is IMHO Samsung's fault. If Adam Outler can prevent the situation with a soldering iron, the original design is broken.
Regardless, hardware should be under warranty - if I have my device rooted or not. Leaked service center documents show that devices should be checked for root, and if present, deny warranty. (This is not just Samsung, all the major OEMs do this.)
That is simply unacceptable. Any OEM following that policy is a bad OEM - in some countries this may even be an unlawful practise (though good luck winning in court). HTC has once refused to replace a defective digitizer on my HTC Diamond (a common hardware issue with this device) due to HSPL being present. They claimed HSPL had irreversibly damaged the mainboard, and the entire innards of the device would have to be replaced. Riiiiight.
Root by itself is not a crime, nor a pointer that a device is broken in any way that should not fall under warranty. But in the eyes of the OEMs it seems we are criminals.
If the purpose of the tracking is related to corporate security and such, I can see why Samsung would want to lock down further. I can certainly understand that, though I don't necessarily agree.
The future
I'm not necessarily against (on-device only) flash tracking, but it would have to come with a guarantee from Samsung that hardware issues will not be denied warranty just because a device is running custom software.
If we had that, we would not have to break these counters and trackers, and corporate security and such would not be broken.
However, every iteration Samsung is making the breaking a little more difficult. Even if Samsung doesn't come up with such a guarantee as mentioned above, it is the question if it is wise to keep breaking these "mild" protections.
I've seen a lot of people (users, commenters, posters, non-techs?) claim Samsung's security is currently weak, and that us hackers are so much better. Let me put one thing straight before going further: Samsung engineers aren't stupid. The reason we currently break these protections so easily is because they want it to be breakable easily. Once that changes, and they start employing full encryption and whatnot, we - the powerusers - will be royally screwed.
The question then becomes, do we play this game of incremental security until we end up with locked devices, or do we choose to live without warranty in exchange for our devices being dead easy to modify ?
And thus we come full circle - if Samsung goes another step further in protecting their custom flash data, will I even attempt to bypass it ? Should I ? A big part of me thinks not.
There's always hope Samsung will do the right thing and provide hardware warranty even with modified software, but somehow I doubt this will happen any time soon.
There's also the possibility that Samsung will not make the next iteration better protected. After all, how many people really use Triangle Away anyway ? I would estimate there are about 50 000 unique Triangle Away users - on 50 million or so possibly supported Galaxy devices, its effect is relatively little.