yawning pig

Many Android devices currently support fastboot. Fastboot is a mechanism that allows to communicate between your computer and the bootloader installed on your Android device. It's basically the protocol that enables this communication.

The bootloader on your devices therefore has to contain an implementation of this protocol.

The tool that usually needs to be installed on your computer that allows this communication is as well called fastboot.

The Bugjaeger app also contains an implementation of the fastboot protocol and allows communication with bootloader directly from your Android device. So there's no need to have a computer. You only need a simple USB OTG adapter and you're ready to go.

Currently Bugjaeger supports retrieving of information from bootloader (and some other fastboot commands). In this post I would like to show how to get this information. Recently I also extended the fastboot related features in Bugjaeger, so it should be possible to execute also other fastboot commands.

Rebooting to Bootloader Menu

Before you'll be able to communicate with bootloader through fastboot protocol, you need to reboot your Android device and start the bootloader menu.

There are multiple ways how to achieve this. On Pixel devices it should be possible to reboot to bootloader by pressing and holding the volume down button, and then pressing and holding the power button.

Another way to reboot to bootloader menu is to do it directly with the The Bugjaeger app. But before issuing any commands, you first need to perform some initial steps for device connection.

To make instructions easier to follow, I'll call the devices that has Bugjaeger installed the host. The device that we want to control will be the target.

To create a connection between host(Bugjaeger) and target, do the following

  1. Enable Developer options AND USB debugging on target device. Check out the official docs, if you're not sure how to do this

  2. Start Bugjaeger app on host device

  3. Connect host and target through USB OTG cable

  4. Allow Bugjaeger to handle USB ADB devices (a system dialog should pop up on host asking you for USB permission; you may want to tick the default handling checkbox)

  5. Authorize ADB connection on target device (again you might want to tick the checkbox, so that you don't need to handle this dialog after each connection)

Once connection is established

  1. Switch to Fastboot section in Bugjaeger on host device
  2. Tap on REBOOT BOOTLOADER

Your target device should now reboot to bootloader and the target should now appear in Bugjaeger device list with a changed icon (as a fastboot device).

fb_dev_connnected.png

Bootloader Variables

Once you rebooted your target device to bootloader and you established a connection with Bugjaeger, you can try to get various information stored in your bootloader.

Here's what I got when I tapped on Show Bootloader Variables.

fb_getvar.png

The command above is equivalent to executing fastboot getvar all. The results are from my Nokia devices and may vary depending on your target device. You can see that this way you can get information about your bootloader version, battery voltage, and even partition filesystem types.

Another interesting variable is off-mode-charge. Changing this variable allows you to start a device just by pugging in the charger cable, which might be useful especially in cars. Some devices allow to change this variable. The effect however seems to additionally depend on the chipset, so changing it on some devices might have no effect.

Another fastboot command that you can execute through Bugjaeger is fastboot oem device-info

fb_devinfo.png

This command shows the state of the device. You can see that the bootloader is locked on this device, so it's necessary to unlock it, before you'll be able to flash any ROM to the device. Unlocking usually causes that the data partition gets wiped out. I also assume that on some devices this might cause the Device tampered flag to be flipped to true permanently. Charger screen enabled set to false should mean that there'll be an animation shown when you put your device to charging.

Executing Other Fastboot Commands With Bugjaeger

Bugjaeger now also allows to start a shell where you can type in you custom fastboot commands. I didn't yet have time to test this feature thoroughly on real hardware (my Pixel is currently broken), but it should be possible to execute some additional basic fastboot commands.

To start the fastboot shell, you first need to select a fastboot device in the top spinner (Obviously, the device first needs to be connection through USB OTG). After selecting a fastboot device, a button should appear in bottom right corner. The button allows you to start the fastboot shell

fb_devinfo.png

Conclusion

Bugjaeger can be a powerful tool in your Android app arsenal, if you learn how to use it . It offers functionality from 2 well known development, debugging, and flashing tools - ADB and Fastboot.

One of the things that it can do is controlling Android devices remotely when they're connected to the same WiFi network. Download Bugjaeger from the following link

https://play.google.com/store/apps/details?id=eu.sisik.hackendebug

If you're not sure how to get the package name for an app, or you'd like to extract Dalvik bytecode from apps, I also recommend to check out my Power APK app

https://play.google.com/store/apps/details?id=eu.sisik.apktools

Next Post Previous Post

Add a comment