Bootloader Unlocking for Samsung Galaxy S10 and S20 Devices

Some said it was impossible. Others dared to try. I dared to spend $100 and download a sketchy USB Redirector software to have someone else run their custom tool remotely to unlock my device. I had the resolve. I dared to swipe my credit card.

SamPWND Bootloader Unlocking for SM-G970U AT&T Model

It's no secret that Samsung devices have shipped with permanently locked bootloaders on most US carriers for many years now. I recently purchased a used S10e SM-G970U ATT and was unfortunately reminded of this. Somehow I had forgotten what a pain it was to unlock these things before my purchase. After some research when I found the OEM unlocking feature in Developer Options was missing in Android. Some more research later I learned that unlocking is in fact possible. Possible if you have the means. A functional exploit for S10, S20, and Fold/Flip devices does in fact exist to unlock the bootloader but it is private and proprietary. I purchased an unlock for $100 flat from https://www.sampwnd.com/ and it worked great. Hopefully this exploit is released to the public in the future but this is out best shot currently.

More information on requirements and supported devices and be found in elliwigy XDA developers post: https://forum.xda-developers.com/t/sampwnd-usa-model-bl-unlock-info-u-u1-w.4201689/

So I provided my DID adb shell getprop ro.boot.em.did and paid my hundred bones. Then I waited for a Discord message. They can either contact you with Telegram or Discord it's up to you. After getting a message to download some software called usbredirector-customer-module.exe I connected to their session with my device in Download Mode and within 10 seconds my device rebooted with an unlocked bootloader.

Was it worth it? I think yes.

OP.GG For Tecent/WeGame and Chinese SuperServer

Alternative Frontend for WeGame Match History and Account Lookups.

Download: https://github.com/downthecrop/wegame-tencent-china-opgg

Provides account lookups, match history, profile multi-search, statistics and more. Like OP.GG or Blitz.gg for the Chinese (CN) League of Legends Servers. Available for all area ID's including the Super Server (Dopa/Apdo plays here) which is Area ID 31.

Pregame lobby Multisearch, Game Details and Profile Statistics from WeGame/Tencent League of Legends LoL API

Instructions

Download the Chrome Extension Here
Signin on https://www.wegame.com.cn/
Select Cropsearch

Features:

Match History
Match Details
Multisearch
Profile Navigation
Profile Statistics
Open Source (MIT License)

Support

I will not respond to errors or problems on Twitter but you should still follow me. Report problems here on Github

Twitter at @downthecrop
YouTube at @downthecrop

License

MIT License LICENSE
Copyright 2020 © downthecrop.

How To: Reverse Engineer Any Private API (iOS/Android and Desktop)

Have you ever wanted to access data from an application that doesn't provide a Public API? Well I've got great news. That application is getting its data from somewhere. You just need to find out how to plug into it! This process is called Reverse Engineering (Or hacking if you want to pretend you're really smart) a Private API. I will document some tips and useful tools that will help you reverse any Private API from any application on any platform.

Reverse Engineer any Private API - Watch the YouTube video here! https://youtu.be/RchCi6E2hVs

Tools

There are a handful of tools that can be used to complete this task. Windows 10 was my platform of choice for working with the data so I'll be sharing what I used on here.

Fiddler: Fiddler is an HTTP/HTTPS Proxy that can be used to intercept and decrypt SSL/HTTPS traffic. This application is also useful for replaying requests, creating custom request, and exporting a request as cURL to be converted into Python 3. Fiddler is free to use, just sign in with your Google Account! Make sure you install the certificate and enable HTTPS mode so you don't miss any requests. https://www.telerik.com/fiddler

MitM Proxy: Man in the Middle Proxy is a great way to read data from Smart Phone Applications. This is what I used to get all the data I needed for my API reversal. Simply download the executable from https://mitmproxy.org/ to start up a server (disable your firewall or open port 8080) and then enter your PC's IP address into the Proxy Server settings of your Phones WiFi settings. After that navigate to http://mitm.it/ on your Phone and install the provided certificate. Follow the provided instructions on http://mitm.it/ and start sniffing!

Tips

Create a text document to save all your finding and especially any useful URL endpoints you find. Having your information organized will help to ensure that you don't waste time on the same thing twice or need to proxy your device over and over again to find what a request should look like.

For more information and an example of the API reversed you can watch my YouTube tutorial here.

Chrome Improvement Project

Chrome. It's the best browser. But it also has some quirks I personally find annoying and by the power vested in me I shall right these wrongs.

Quirk One - New Tab Google Doodles

I don't mind the design of the new tab page in Chrome. In fact I think it's pretty nice. HOWEVER I really don't like the design language of the new tab page being compromised for the Google Doodle. Due to security limitations in the permissions Chrome can grant Extensions we are not able to intercept or modify requests on chrome://newtab. Instead a near perfect recreation of the new tab page was built from scratch to provide all the same functionality with a local mirror.

Disable Google Chrome Google Doodle - Default new tab (left) vs Recreation (right)

As a result, no doodles. If you really want you can change the search box's color back to white but I think it look nice this way. The signin and voice search are purely cosmetic.

Free and Open Source (MIT License)

Download for Chrome: https://chrome.google.com/webstore/detail/minimal-new-tab/afnmoecpnepccekbinlapeolhgdgjclm

https://github.com/downthecrop/minimal-new-tab

Quirk Two - Themed Scroll Bars

This is less of a problem with Chrome itself and more of a problem with Windows 10 and their ugly scrollbars. Using Webkit CSS we are able to override these system defaults. When creating this extension I wanted to keep the permission model as light as possible. This extension requires the all_urls permission to keep a unified theme across all pages and as such is a big security risk. Because of this I am utilizing pure CSS and content_scripts. This extension is completely static and thus cannot read and page content or browsing data.

Chrome minimal scrollbar - Default Windows 10 (left) vs Custom CSS only content_script extension (right)

Free and Open Source (MIT License)

Download for Chrome: https://chrome.google.com/webstore/detail/chrome-minimal-scrollbar/bcbbhmacggoijgmopaeaaclkemaagdio

https://github.com/downthecrop/minimal-scrollbar

WebP in Photoshop CS2

Modern WebP format images opening in Photoshop CS2 (2005)

The abandonware Photoshop CS2 still does everything any aspiring content creator could ask for. It even works great on Windows 10. Quality software created by quality people. However in todays modern internet we have a few new formats that were far after CS2's time. The main problem I run into is opening WebP format files. I'll go to grab an asset I assume to be a .PNG off Google Images, try to open it up in CS2 and I'm met with the error "Could not complete your request because it is not the right kind of document." but luckily for us the competent developers of CS2 thought ahead. They allow for plugins to extend the support file types in the program!

WebPShop, the plug-in for opening and saving WebP images directly from Adobe Photoshop
https://developers.google.com/speed/webp/docs/webpshop

available under the Apache-2 License this open source WebPShop plugin works just fine for our legacy version of Photoshop. Unfortunately they aren't distributing x86 binaries of the latest version but the Apha 0.2.1 version seems to have everything we need anyway. You can download the binary from the 0.2.1 release page. You want WebPShop_0_2_1_Win_x86.8bi. Once that's downloaded place the 8bi file into C:\Program Files (x86)\Adobe\Adobe Photoshop CS2\Plug-Ins\File Formats or wherever you have CS2 installed. Then fire up Photoshop and open any WebP file you like!

Export Options

The plugin also allows you to save .webp files with a quality slider! Just use File > Save As... > WebP and the WebPShop compression Window will open. Enable the preview and compress to your liking.