My name is Thomas Huntington (alias/nick is elliwigy) and currently reside in Phoenix Arizona. I was raised with technology. My father worked for Intel and Microsoft etc. before there were personal computers in homes everywhere in the 80’s/90’s so I would watch him build computers out of “trash” the companies would throw out and code in MS Dos and occassionally I could play a game of Lemmings.
I always loved electronics and mainly started out with hardware mods and software hacking game systems. Years ago I also started in Android development. I spent most my time reverse engineering Android firmware and writing my own code/customizing and/or theming firmware (custom ROMS.) This really gelped me learn the ins and outs of the Android framework and file systems. Quickly, I moved into bypassing basic security measures such as Samsungs reactivation locks and Android/Googles FRP.
This quickly escalated when USA carriers started locking bootloaders on my favorite branded devices (Samsung Galaxy devices, Google Pixel 2 XL on VZW etc etc) removing my ability to (at the least) have root for some customizations.
For years I posted everything publicly soon as I found it since sharing is caring right? Only recently did I submit a bug to Samsungs bounty program as I would like to be compensated when possible to support my habits
Some work I have done recently is I was the worlds first to find a root exploit for the Samsung Galaxy S8/S8+ USA variants not long after their release. As this wasmy first crack at exploiting it took a while. It involved flashing an ENG system.img using a modified ODIN software with hash checks disabled, using a binary (most seasoned devs did not understand how this binary allowed a root shell) to gain an unstable root shell at which we used a years old uevent exploit to execute our root script in kernel context.
Later my buddies found another exploit in the S8/S8+/Note 8 and the ODIN software. With Samsungs combo firmware the boot.img has dmverity disabled and is permissive but without root you cannot mount and write to system. However, due to theODIN protocol and the system img being so large, flashing a modified system in ODIN will actually write the image entirely before throwing a fail message. Paired with combo boot, you would be able to bypass secure boot and boot up the rooted system.
Recently I found another exploit in Sammy devices with chipset msm8996 but it is not ready to be posted publicly
I am also familiar with Qualcomms EDL and have saved my devices from dusaster many times as well as other peoples devices. I currently have my hands on signed programmers for the G965U rev2 device and am currently looking for a way into EDL mode without actually bricking the device because if I can find a way into EDL it’ll be game over!
If there are any Android developers/researchers that may want to collaborate or just throw ideas at eachother that would be cool! None of my family or friends do what I do and it always seems like I’m a lone wolf and no one else is trying to find exploits.