Hi everyone,

I'm exploring the possibility and implications of completely removing the bootloader from an Android phone. Specifically:

  1. Is it possible to completely remove the bootloader from an Android phone? I understand that the bootloader plays a crucial role in starting and managing the phone's partitions, but I'm curious if it is technically feasible to delete or permanently disable it.

  2. What impact would this have on forensic tools like Cellebrite UFED and XRY? These tools often rely on the bootloader to access the phone’s partitions and extract data. Would removing or disabling the bootloader render these tools unable to connect to the phone and perform their analysis?

I’m trying to understand if this action would effectively protect the phone's data from these analysis tools, while being aware of the potential risks and complications associated with such a modification.

Thank you in advance for your insights and advice!

    Climako

    Sorry, but this is complete nonsense. If you don't have a bootloader, your phone won't boot.

      gravity-reprint
      Thanks for reply
      In this case, you can prevent the bootloader from opening Or modificat him ?

        Climako On a an up-to-date modern Pixel, any time the bootloader is running, the OS data partitions are at rest (encrypted). If a strong passphrase is used, somebody who extracts the encrypted data shouldn't be able to decrypt it (source: GrapheneOS statement).

        itsjpb I would like to modify the source code of the end fastboot So that it deletes all the data from the phone once we enter dedant Because I saw that the data extraction software (xry xelebrite ufed) enters the fastboot menu to be able to extract the data I agree that the doneee are encrypted but it's even better if there is none

        Would it be possible to get the passphrase by phishing , I mean if you get physical access to the phone and then change the bootloader to fake a normal standby or boot screen to get the user to enter the correct password? I mean just like these fake addons for atms physical or maybe even software based.

        There is a duress password feature already.

        I think OP wants to have a duress bootloader so whenever someone attempts to load fastboot the device would be wiped.

        Which is an interesting idea as normally a user never enters fastboot again after installation unless there is a failure somewhere experiencing

        Booting into fastboot mode zeroes all the memory since the April 2024 release for Pixels due to GrapheneOS reporting this attack vector and our proposing this solution in January 2024. This attack vector is closed for this purpose.

        Climako

        These tools often rely on the bootloader to access the phone’s partitions and extract data.

        Not really, and the attack vector is closed on Pixels. It's one of our hardware requirements:

        https://grapheneos.org/faq#future-devices

        We don't plan to support any device not closing this attack vector via our proposed mitigation which was shipped for Pixel firmware. Other Android devices being vulnerable to these attacks is not our problem.

        Do you think it would be possible to modify the bootloader ourselves? To add a hard function or can it be performed only by the manufacturer?