The locked bootloader troubles the devs were/are facing and the sideloading of apps and eventually roms, is this unique to the nook family as far as it only occuring with the tablet? Did the color have these same barriers in the beginning? And, are any of the colors groundbreakers onboard with the tablet now?
Sent from my PG06100 using xda premium
The nook color doesn't have a locked bootloader.
i think some color devs are? but having the bootloader unlocked =
I wasn't sure. I know the purpose of the locked bootloader, and that numerous devices have had this. In the case of these other devices, have the bootloaders been unlocked, bypassed, replaced, or rewritten?
Sent from my PG06100 using xda premium
jsp254 said:
I wasn't sure. I know the purpose of the locked bootloader, and that numerous devices have had this. In the case of these other devices, have the bootloaders been unlocked, bypassed, replaced, or rewritten?
Sent from my PG06100 using xda premium
Click to expand...
Click to collapse
The nook tablet is a fairly unique situation. Plenty of bootloaders are locked but the nt is locked and signed or something to that effect. From my understanding, the devs were able to find a security flaw that allowed them to bypass the security check entirely and then make necessary modifications to allow for custom roms. I believe a similar method wasbused on a samsung device and this is where the idea was derived from.
As for other devices, my xoom was locked but Motorola made it so you cannot unlock it in fastboot. My photon needed to be hacked, but doing so breaks 4g. I think the droid x still has a locked bootloader but they managed to find a way to flash roms. The new transformer prime is locked down pretty hard; 128 bit encryption. Luckily asus has promised to deliver a method to unlock it. Well see if they deliver.
So yeah, kinda a case by case thing. The nt was probably one of the harder ones though.
and this is why i come here! LOL. in the space of 3 short paragraphs, i have a better understanding of bootloaders and how it applies to us and the NT. thanks guys!
For further reading, reddit has a nice write up on bootloaders. Also the r/android subreddit is awesome, very active and very helpful.
The r/nook subreddit is decent, I try to help as much as I can there
The signed bootloader is now irrelevant because several flaws were found in the chain of commands when checking for a secure boot. Many manufacturers are trying to make the software unhackable because they want to control where you purchase additional software from.
Apple products are exclusive, and if you want to compete with them but are incapable of developing your own software like palm or blackberry, you have to turn to google and their android package. The problem with this is that Android is open source and they are required to release their software to the public. All android devices are programmed with the same language and can be stripped down and reinstalled to basic android software. This means that any hardware, released with android, can be hacked and unlocked to use the basic android market. "Resistance is futile."- borg
Albert-
I've been reading through several of the dev threads having to do with 'Cracked bootloader' and am a little confused...ok, a lot confused. There seems to be 2 different methods of attack to bypass the signed bootloader. I believe AdamOutler's method involves installing a modchip in the NT (I would think most nt users would not be willing to do that) and it sounds like you are saying there is another way/simpler way to sneak around the signed bootloader without hardwiring a chip. Am I wrong? Will we really have to install a 'modchip'?
nb1201 said:
Albert-
I've been reading through several of the dev threads having to do with 'Cracked bootloader' and am a little confused...ok, a lot confused. There seems to be 2 different methods of attack to bypass the signed bootloader. I believe AdamOutler's method involves installing a modchip in the NT (I would think most nt users would not be willing to do that) and it sounds like you are saying there is another way/simpler way to sneak around the signed bootloader without hardwiring a chip. Am I wrong? Will we really have to install a 'modchip'?
Click to expand...
Click to collapse
From my understanding, the two methods were conceived very close together time wise. The hardware mod way was first, but shortly after they found some security flaws that allowed them to bypass the bootloader security check and make modifications to it from there.
Related
With the release of the Fascinate we will finally know who is responsible for the encrypted bootloaders on the Droid X/2...Motorola or Verizon
I certainly hope it is not encrypted but I wouldn't put it past Verizon as being the one responsible.
Sent from my DROIDX using XDA App
FSRBIKER said:
With the release of the Fascinate we will finally know who is responsible for the encrypted bootloaders on the Droid X/2...Motorola or Verizon
I certainly hope it is not encrypted but I wouldn't put it past Verizon as being the one responsible.
Sent from my DROIDX using XDA App
Click to expand...
Click to collapse
Well, do a little reading and you will see that motorola locked down the milestone, which came out overseas as the droid 1's cousin, and motorola has come out saying that they will not produce open android handsets like the droid 1 ever again. I dont think the BL will be locked down on the fascinate more so than the other galaxy s phones
Did plenty of reading/flashing/modding over the year+ about Android, it's phones, Rom's, etc so I am no rookie despite my post count at XDA. We all know Motorola's stance and their comments but the Fascinate is the only way we will really know Verizon's stance on bootloaders since the other three US variants have all been unlocked easily.
So WELL if you know the FACTS not speculation then let us hear your all worldly knowledge please.
If you've done enough reading you'll know that Verizon had nothing to do with the lockdown of the bootloader if they did then the Incredible would have been locked down as well as the ally both of which have achieved root. Not to mention Verizon doesn't have a factory where they say "Hey guys we developed this fancy eFuse and tricky bootloader that works in EVERY PHONE" because that would totally make sense a bootloader that's compatible with every chipset and every handset if that was the case someone would have developed an unlocked bootloader that works on every device. Listen to what you're saying, there is no possible way that Verizon distributes an eFuse and a custom encrypted bootloader to every manufacturer. Not trying to be rude or anything it's just common sense.
Achieving Root and Unlocking a Bootloader are two different things, try reading up on that first ok?
No one ever said Verizon is manufacturing phones, but they absolutely can tell the phone manufacturers to lock the bootloaders or Verizon will not offer the phone for sale. Also read up the bootloaders for the Incredible was locked but not digitally encrypted. Since this is the first phone Verizon is offering since the Motorola DroidX/2 which have digitally encrypted bootloaders we will know if Verizon had a hand in changing anything on the Fascinate if it is different at all from the other three US Galaxy phones. That was the only point to my post, why is this a pissing match on who searches, researches, etc more?
If you have Facts/Proof on the Fascinate and its bootloader post it, this other stuff is just crap and not getting anyone anywhere.
DigitalDementia said:
If you've done enough reading you'll know that Verizon had nothing to do with the lockdown of the bootloader if they did then the Incredible would have been locked down as well as the ally both of which have achieved root. Not to mention Verizon doesn't have a factory where they say "Hey guys we developed this fancy eFuse and tricky bootloader that works in EVERY PHONE" because that would totally make sense a bootloader that's compatible with every chipset and every handset if that was the case someone would have developed an unlocked bootloader that works on every device. Listen to what you're saying, there is no possible way that Verizon distributes an eFuse and a custom encrypted bootloader to every manufacturer. Not trying to be rude or anything it's just common sense.
Click to expand...
Click to collapse
"not to be rude or anything", but your post displays little "common sense". The Incredible was released before the latest droids, so obviously the Inc's bootloader is irrelevant in this situation. And who said (or inferred) anything about a verizon factory making a bootloader (and nobody even mentioned efuse)? Verizon didn't develop Bing, but they clearly have a hand in it being the only search offered on this Android phone. So it is not unreasonable to wonder if Verizon would try to exert its influence in other ways. While, I agree that it is unlikely that the Fascinate will have an encrypted bootloader, the OP asked a valid question. Not sure some people are so quick to hate. After all we are only dealing with smartphones.
There are quite people intruded interested in knowing the truth, lets keep the thread on topic PLEASE.
Sent from my DROIDX using XDA App
I have a fascinate on hand to check if someone can let me know what they need done...
Deleted: I was wrong and no need to spread bad info.
edit: deleted, nevermind, should read the newer posts when I've got a tab open for a long time.
sic4672 said:
I believe the bootloader is locked because the same root process for the captivate and vibrant don't work for the fascinate.
Click to expand...
Click to collapse
This is no indication that it is locked or not.
It is not locked.
Sent from my SCH-I500 using XDA App
ksizzle9 said:
It is not locked.
Sent from my SCH-I500 using XDA App
Click to expand...
Click to collapse
Thank you... Short sweet answer.
Ksizzle can you link a thread where it shows its not locked, thanks in advance.
Sent from my DROIDX
i actually cannot. however we can make changes to the kernel or will be able to which actually may not mean that it isnt locked but it is definetly not encrypted like the droid x. i dont have any proof but have no other galaxy s of the six different variants have a locked bootloader and if it were locked you would have read about it somewhere already or heard peopole trashing samsung and verizon. i dont have any proof but im pretty sure its not locked becasue if it were we would have to make all these workarounds for rooting and making changes to the kernel or loading roms. a guy has already made a ROM in the development section and we dont need a BOOTSTRAPP app or anything special. trust me its not locked or we wouldnt already have a custom ROM available.
ksizzle9 said:
i actually cannot. however we can make changes to the kernel or will be able to which actually may not mean that it isnt locked but it is definetly not encrypted like the droid x. i dont have any proof but have no other galaxy s of the six different variants have a locked bootloader and if it were locked you would have read about it somewhere already or heard peopole trashing samsung and verizon. i dont have any proof but im pretty sure its not locked becasue if it were we would have to make all these workarounds for rooting and making changes to the kernel or loading roms. a guy has already made a ROM in the development section and we dont need a BOOTSTRAPP app or anything special. trust me its not locked or we wouldnt already have a custom ROM available.
Click to expand...
Click to collapse
Lack of a locked bootloader is why I chose this phone over the X. Well, that and the better processor. The post indicating that it is not locked can be found HERE.
so why is there such a convoluted method for rooting? On the Galaxy S I900, Vibrant, and Captivate you just throw an update.zip on the phones internal memory, reboot into recovery, and hit apply update. theres your root, no adb required, no shell commands. If its not locked then why is it this bad over here.
I believe because they have different types of internal memory. Cud b wrong. But the bootloader is why I chose this phone as well.
Sent from my SCH-I500 using XDA App
chaoscentral said:
so why is there such a convoluted method for rooting? On the Galaxy S I900, Vibrant, and Captivate you just throw an update.zip on the phones internal memory, reboot into recovery, and hit apply update. theres your root, no adb required, no shell commands. If its not locked then why is it this bad over here.
Click to expand...
Click to collapse
The same method would work if someone compiled it for our hardware.
Hop to it someone.
chaoscentral said:
so why is there such a convoluted method for rooting? On the Galaxy S I900, Vibrant, and Captivate you just throw an update.zip on the phones internal memory, reboot into recovery, and hit apply update. theres your root, no adb required, no shell commands. If its not locked then why is it this bad over here.
Click to expand...
Click to collapse
i dont have many posts here but i do a bunch of help at other sites. iv rooted the d1. the devour, the inc, the d2 and now the gal s....everytime the adb way comes first. it does not mean in anyway that the bootloader is locked. sammy gave us the codes and ina few days we will see clockwork and then a few weeks after that the real fun starts. the boot loader is not locked.
What's up guys
I'm considering getting an Atrix when it eventually hits Europe, but people always talk about Motorola's locked bootloader. What does that actually mean? Does it mean custom ROMs are impossible? I love the look of this phone but I'd like to be able to modify it if I can't live with the supposedly-awful Motoblur.
Thanks for reading,
jennan
jennan88 said:
What's up guys
I'm considering getting an Atrix when it eventually hits Europe, but people always talk about Motorola's locked bootloader. What does that actually mean? Does it mean custom ROMs are impossible? I love the look of this phone but I'd like to be able to modify it if I can't live with the supposedly-awful Motoblur.
Thanks for reading,
jennan
Click to expand...
Click to collapse
please search forums before starting new topics
this question and discussion is in almost every topic under atrix in all categories and is cluttering up badly
http://forum.xda-developers.com/showthread.php?t=957461
But this thread is straight forward and good for noobs.
Sent from my MSM using XDA App
IN SHORT.
It pretty much means you can't change the KERNEL .. which means you're limited to customization to the phone. (e.g. No cyanogenmod, No MIUI, no community upgrades to gingerbread or honeycomb etc., no custom ditbits that only a kernel can provide).
/end.
darkamikaze said:
IN SHORT.
It pretty much means you can't change the KERNEL .. which means you're limited to customization to the phone. (e.g. No cyanogenmod, No MIUI, no community upgrades to gingerbread or honeycomb etc., no custom ditbits that only a kernel can provide).
/end.
Click to expand...
Click to collapse
Locked you can, encrypted you can't. All phones come locked bootloader. So we are praying that its locked and not encryped although it will likely be encrypted
Sent from my MSM using XDA App
Why would they do this?
Surely they know most users will want this feature... Once they save sold it, what it is to them..?
Maybe I'm missing something here?
EDIT: Posted this on the wrong thread. Please delete.
BoogWeed said:
Why would they do this?
Surely they know most users will want this feature... Once they save sold it, what it is to them..?
Maybe I'm missing something here?
Click to expand...
Click to collapse
Wrong. Few users even know about locked/encrypted bootloaders. We are a very small minority who cares about this issue.
One thing you'll note if you look around the forums are people still using older model phones like the 8525 which have lost support from the manufacturer a long time ago. Keeping legacy hardware current is costly to manufacturers due to development costs and from competitors releasing newer model phones. Look at what happened to Motorola when they clung to the Razr. They have to keep up with the others. Every sale lost is a potential profit gain for the competition. So they always have a "newer/better model" right around the corner. Keeping their boot loaders encrypted is an attempt at forcing the user to upgrade by limiting the amount of development required to keep the phone current. Even though we are a minority, we are still viewed as lost profit if we are still staying attached to our old phones when newer models are released.
I really have no idea how hard it is to get around a locked boot loader, so what is the likely hood of seeing custom ROMs on this thing?
Thanks,
Sent from my rooted Nook Tablet.
skyward01 said:
I really have no idea how hard it is to get around a locked boot loader, so what is the likely hood of seeing custom ROMs on this thing?
Thanks,
Sent from my rooted Nook Tablet.
Click to expand...
Click to collapse
ask a submarine captain how deep his boat can go.
answer is, no one really knows, which is why they're still working on it.
Dozens of people have asked this question repeatedly in these forums, also
Watch the bootloader threads for more info. The bootloader is starting to be questionable if it really is locked.
Adam has brought up some good points and should be getting an NT soon. Once he has one in hand we should see some hopeful updates.
I'm crossing my fingers and hoping we don't have to do a unbrickable mod to this gem.
Personally, i'm happy with what we got now as long as we can block B&N's OTA.
For the lazy - this is the thread I suggest reading:
http://forum.xda-developers.com/showthread.php?t=1378886
AdamOutler will be working with the hardware directly to see if he can essentially do an unbrickable mod allowing the devs to bypass the bootloader and/or extract information from it. Seems the most promising approach to date. It's a good read if you are in to that kind of thing.
Greetings XDA Forum,
This is a general question that should be in everyone's mind who might want to root a phone or tablet or any Android or other mobile OS device:
Is this root exploit or bootloader going to be spyware and collect any and all data of mine (login credentials, keylog my every character, account/bank numbers, identity information, use your evil imagination)?
So, I searched this forum for key words like "trust root" "secure root" "security" and found nothing related to this topic.
So, how am I to trust ANY of the root exploits or bootloaders created and posted to this forum for ANY device?
Have any of the developers developed an audit process using firewall rules to ensure that a posted root exploit or bootloader does not attempt to keylog, report captured information to some obscure IP address (thief/hacker's machine of course)?
Do any of these root exploits or bootloaders or custom unofficial builds of entire android (like Cyanogenmod and the 3rd party variants) get Security Audited?
How am I to believe that the whole lot of you making the root exploits and bootloaders are not a big community of identity thieves and financial fraudsters?
Am I just supposed to trust you?
Answer me that, folks
Aknor
I've never seen any root exploit that did as you say, if your concerned pick apart the code and look for this, I've never seen anything of the like
As for bootloaders, there are very few devs that actually make or tweak bootloaders as a misstep will nearly for certain result in a brick. Almost every bootloader you will find is made by the OEM, if its not, again feel free to pull apart the code and look for an issue, but I doubt it as this is far more advanced than most will ever become
As for custom ROMs, well this is the most possible out of all your worries, but again most ROM chefs here are not capable of inserting malicious code, and if its an official build of a major team (cm, aokp, slim, etc) you are damn near 100% certain there is no issue, as for random ports made in the former USSR by KGB spies, well just don't flash their ROM and you'll be fine
But of course no one is forcing you to root your phone, flash their bootloader, or download their ROM, so if youre the paranoid type just get an iPhone, at least they're upfront about most of their evil ways
Sent from my Nexus 4 using xda premium
demkantor said:
I've never seen any root exploit that did as you say, if your concerned pick apart the code and look for this, I've never seen anything of the like
As for bootloaders, there are very few devs that actually make or tweak bootloaders as a misstep will nearly for certain result in a brick. Almost every bootloader you will find is made by the OEM, if its not, again feel free to pull apart the code and look for an issue, but I doubt it as this is far more advanced than most will ever become
As for custom ROMs, well this is the most possible out of all your worries, but again most ROM chefs here are not capable of inserting malicious code, and if its an official build of a major team (cm, aokp, slim, etc) you are damn near 100% certain there is no issue, as for random ports made in the former USSR by KGB spies, well just don't flash their ROM and you'll be fine
But of course no one is forcing you to root your phone, flash their bootloader, or download their ROM, so if youre the paranoid type just get an iPhone, at least they're upfront about most of their evil ways
Sent from my Nexus 4 using xda premium
Click to expand...
Click to collapse
Okay, I can see that on the boot loaders, but more than just a few make the root exploits and custom builds of cyanogen or android for many, many devices. So, how am I to pick apart the code of these projects when they do not provide the source code for the builds? How would I even trust those builds after they are built? They could slip some malicious code in that they intentionally do not show in the public repository for the code and no one would ever know.
Sure this sounds very paranoid, but no one has really answered how or if at all any of these builds of unofficial android or cyanogenmod or the root exploits or the bootloaders can/would be tested for malicious code.
Think of it, something as small and innocuous as a keylogger with a simple, non threatening name, and all the while, it logs your every username and password, credit card number, 3-digit security code, bank account numbers, anything. How bad would that be, eh?
Any you're not concerned these builds/exploits are not somehow security audited and we're all just supposed to trust them like blind sheep?
As more and more of these get built, it's only a matter of time before someone slips something like this into their build to take advantage of all those people who want to root their phone/tablet, or put an unofficial build of android on their device. Shame on that person who does it, of course, but to think somehow we could have audited the software and found out as a matter of course?
-- Aknor
Well there aren't that many root exploits and depending on the device you will be changing most if not all firmware and software directly after exploiting, but again just look at the code before you use it
As for keyloging etc from flashing a ROM, you would be surprised how many OEMs actually have somethings that many would consider malicious and or a brief of privacy.
As for a worry about flashing a custom ROM with bad code just stick to official builds or mod your own ROMs, no one is forcing you to flash anything in particular. But there are apps that are meant to look for malicious code. Feel free to use these to help protect you
I have flashed oh so many ROMs over the past 4 years or so and have never seen anything malicious, but I flash a lot of my own source built ROMs and mostly use ROMs on the higher end which tend to be from trusted sources such as recognized developers and people I work with. Also I'm not a paranoid person so I don't look into this sort of thing much, this means unfortunately I can't really give you much more than this
But best of luck to you and happy flashing!
Sent from my Nexus 4 using xda premium
Hi everyone
I have an LG Optimus Vu device and due to LG's tremendous support for this phone, the operating system is still ICS and the kernel version is 2.6.39 (even the I/O scheduler for this phone is set to noop, and there aren't any alternatives :| ). It could be all good and well if there aren't hundreds of crashes appearing every day about different applications, which is driving me crazy. I've searched and searched and it seems that there are no custom ROMs for this phone, nor is there any custom recovery application. I could barely find an application to root this phone.
To get to the point; I'm considering to make a custom ROM for this phone, but I am a noob in these kind of stuff.
I have the kernel source and the original ROM zip file. Since the original OS version is 4.0.4, is it possible to bring the required proprietary drivers from the original and use it in a newer Android version like 4.4.x?
Can I use Google's recent Tegra 3 kernel (3.10) and port those LG specific drivers from the older kernel?
Am I even starting this process in the correct way?
Any help is appreciated.
set-0 said:
Hi everyone
I have an LG Optimus Vu device and due to LG's tremendous support for this phone, the operating system is still ICS and the kernel version is 2.6.39 (even the I/O scheduler for this phone is set to noop, and there aren't any alternatives :| ). It could be all good and well if there aren't hundreds of crashes appearing every day about different applications, which is driving me crazy. I've searched and searched and it seems that there are no custom ROMs for this phone, nor is there any custom recovery application. I could barely find an application to root this phone.
To get to the point; I'm considering to make a custom ROM for this phone, but I am a noob in these kind of stuff.
I have the kernel source and the original ROM zip file. Since the original OS version is 4.0.4, is it possible to bring the required proprietary drivers from the original and use it in a newer Android version like 4.4.x?
Can I use Google's recent Tegra 3 kernel (3.10) and port those LG specific drivers from the older kernel?
Am I even starting this process in the correct way?
Any help is appreciated.
Click to expand...
Click to collapse
Hate to be the bearer of bad news, but you're pretty much stuck. LG has locked the bootloader on it and has said they have no plans on unlocking it. Since the phone is around a year and a half old or older, I'd imagine they aren't going to change their minds all of a sudden for the relatively small amount of people still using the phone.
http://forum.xda-developers.com/showthread.php?t=2055272 - discussion about your phone here
FYI
What is a bootloader?
The bootloader is the first thing that starts up when a phone is turned on. At its most basic level, a bootloader is the low-level software on your phone that keeps you from breaking it. It is used to check and verify the software running on your phone before it loads. Think of it like a security guard scanning all the code to make sure everything is in order. If you were to try to load software onto the phone that was not properly signed by the device vendor, the bootloader would detect that and refuse to install it on the device.
When we speak about locked bootloaders, the context is often used to give meaning to the term “locked.” Almost all phones ship from the factory with locked bootloaders, but some are encrypted as well. It is this encryption that most reports are referring to when using the term “locked.” If a bootloader is encrypted, users can’t unlock it to load custom software of any sort. The device will be restricted to running software ROMs provided by the manufacturer.
Now, there are ways to unlock or circumvent bootloaders in special situations, but with ones that have no dev support like yours, it's pretty much a lost cause and most likely way beyond your capabilities to figure out without spending 100s of hours of learning about Android stuff. This is not a knock on you or anything of the sort, but it is what it is. It is a very difficult thing to figure out encrypted bootloaders even for the most experienced android developers and hackers and depending on how they are encrypted, there just might not be a way (ask the older Moto phones, especially from VZW).
es0tericcha0s said:
Hate to be the bearer of bad news, but you're pretty much stuck. LG has locked the bootloader on it and has said they have no plans on unlocking it. Since the phone is around a year and a half old or older, I'd imagine they aren't going to change their minds all of a sudden for the relatively small amount of people still using the phone.
...
Now, there are ways to unlock or circumvent bootloaders in special situations, but with ones that have no dev support like yours, it's pretty much a lost cause and most likely way beyond your capabilities to figure out without spending 100s of hours of learning about Android stuff. This is not a knock on you or anything of the sort, but it is what it is. It is a very difficult thing to figure out encrypted bootloaders even for the most experienced android developers and hackers and depending on how they are encrypted, there just might not be a way (ask the older Moto phones, especially from VZW).
Click to expand...
Click to collapse
Two thumbs up for the detailed reply.
Shame really. The phone was released in November 2012 but there wasn't a single OS update...
I guess I would have to give up on that, but I'm interested in system level developments for both Android and desktop systems. Any idea where to start?
set-0 said:
Two thumbs up for the detailed reply.
Shame really. The phone was released in November 2012 but there wasn't a single OS update...
I guess I would have to give up on that, but I'm interested in system level developments for both Android and desktop systems. Any idea where to start?
Click to expand...
Click to collapse
Yea, it does suck. That's one of the downfalls to making 8 million different phones. You have no incentive ($$$), no interest, and no manpower to be able to update them all in a reasonable fashion. But it's not like LG is alone. All of the manufacturers have had decent phones just...disappear in regards to updates or anything of the sort.
As far as getting started, there is a ton of info right here on XDA:
http://xda-university.com/
Modify hashes?
Hi!
Sorry for digging out a dead thread, but for the p895 probably all threads are more or less dead...
I wonder if it is really necessary to decrypt the bootloader. Since it must be able to boot different versions of the stock roms, it would probably only calculate a hash value of some files and compare that to a value stored elsewhere.
By comparing different versions of stock roms it might be possible to get some information about what files are hashed. If it is a standard hash algorithm and the comparison value the bootloader uses is stored in plain text (hope....!) there might be an atack vector in
comparing several known plain texts.
I also noticed, that the p895 has a "software integrity check" in the hidden menu that shows has values for some (a lot) of files. these hash values are likely already calculated when entering that menu option (i am pretty certain because they show immediately), so they might belong to the files checked at boot time and also hint to the hash algorith used.
The idea is to calculate a hash value for the custom rom and put it in the appropriate place so the bootloader thinks of the rom as an update.
These are just vage ideas, but i have no intention whatsoever to buy a new phone anytime soon and I guess I could as well spend "some" time tinkering and learning the tech details...
thank you!