path: root/markdown/2020_04_what-could-go-wrong-with-devices-that-have-non-replaceable-batteries.md

tags: Replicant news, GNUtoo
licenses: CC-BY-3.0 OR CC-BY-4.0
date: 2020-04-01T01:00:00+00:00
title: What could go wrong with devices that have non replaceable batteries ?
authors: GNUtoo
---
Edit1: Added forgotten link for rooting devices

Edit 2: Fixed wrong link location for rooting devices

Edit 3: Added Epilogue

In the summer 2019, in the Replicant contributors conference in Paris, the
people present were all in favor of not supporting devices with battery that
can’t easily be replaced, because it would make the use and development of
Replicant for these devices too complicated.

In subsequent conference like the FOSDEM 2020, and in discussions with other
Replicant users and/or contributors, people didn’t have objections to the
decision.

Even if we don’t want to support such devices in Replicant, we are still open
to collaborate with people wanting to add support for such devices in other
projects. For instance we still support the Galaxy S and the Nexus S in
libsamsung-ipc while the devices are not supported anymore in Replicant, and
we also do accept patches for devices we don’t want to support in Repliant.

So in practice, some tablets like the Galaxy Tab 2 have battery that are not
removable in the usual sense as you cannot remove the battery, without any
tools, while walking, but the battery can still be replaced with the help of
basic tools like tweezers and screwdrivers. In addition people don’t
necessarily expect tablets to last one full day. So we still intend to support
such devices.

However some smartphones, which are typically used during a full day without
necessarily having the ability to recharge, cannot be opened with regular
tools. For such smartphones you need a heat gun, and using that also damage
the device along  
the way. When the battery is glued with very strong glue, it makes it even
more complicated and even more dangerous to change the battery as you need to
use very dangerous chemicals to remove the glue. So we decided to not support
devices like that.

Given the impact of the decision (most newer phones don’t have non removable
batteries), even if that decision seem sound in theory, we also wanted to test
it in practice, to be really sure it was the right decision.

To do that we decided to do a very quick experiment and see what would happen
when adding support for a smartphone that has a non replaceable battery.

We also wanted to measure how much time was needed to add support for a device
as fast as possible, because if we supported devices without a replaceable
battery, we would need to rush to add support for the device while it’s still
being sold new in order to maximize the lifetime of the device under
Replicant. Otherwise, people would need to buy the device second hand, where
the battery would potentially not last a full day anymore.

## Choosing a device

We didn’t want to spend too much time on that experiment, so we didn’t do much
research and choose the first phone that would match what we were looking for.

We wanted the most recent device device with:

* A non replaceable battery

* An Exynos system on a chip

* Android 6

* A stylus and a big display

* A lot of RAM

The device also had to be very similar to the ones we already support to spend
the least amount of time possible on that experiment, so we also wanted the
device to be made by Samsung, and to have a similar bootloader that is
compatible with Heimdall.

So we choose a Samsung SM-N930F which meets all the requirements above. It
also has an Exynos 8890, 4GiB of RAM, a stylus and runs Android 6. We wanted
to have a stylus and a lot of RAM because as we didn’t really intend to add
official support for it in Replicant, we still wanted the work to also be
potentially useful for GNU/Linux distributions that might be interested in
supporting this device or similar devices:

* The amount of RAM and the stylus makes it more easy to run GNU/Linux  
on the device:

  * As the stylus is more precise than big fingers, you can more easily use software that is less well adapted to the very small display, the very high pixel density, and big fingers.
  * Having 4GB of RAM should be good enough to run many common applications and desktops. It also means that the phone could be supported for a longer time if there weren’t other factors like the non-removable battery that would prevent that.

As for Replicant, the software support for this device is very similar to the
Galaxy S7 which is supported by LineageOS.

Unfortunately, the device we chose has shared memory between the modem and the
system on a chip[1] but as this was just for a quick experiment and that we
didn’t intend to add support for it in libsamsung-ipc, we just ignored that
issue in order to spend the last amount of time possible.

## References:

[1]https://github.com/RegaliaEzz/Hexa-N930F/blob/master/arch/arm64/configs/exynos8890-gracelte_defconfig

# Getting the device

The first problem we had was finding the device. We started looking locally,
including in second hand websites, but we didn’t manage to find any. So after
that we started looking in international second hand websites, and we found
one.

The strange thing is that, while the device is very hard to find, there were
many many offers for accessories for that device. At this stage we suspected
that this was somewhat related to the non-replaceable battery, though some
Galaxy S7 could still be found.

However for some reasons, even if the device was shipped, as we have proof
that it was sent to the post office, we didn’t receive it. We are still
investigating why, but we didn’t manage to get a conclusive answer yet from
the shipping company as we were redirected from service to service and no one
seem to know why the device didn’t reach its destination. The issue is also
unrelated to COVID-19 as it was shipped by the person many months before it
was declared a pandemic.

So we started again to look for a device and finally found a second device.
The offer was really strange. It tell that they disguised the device to look
like another one to make shipping work.

This didn’t surprise us, as some customs are already actively fighting against
the right to repair devices[1]. So at the time we though it was because they
decided to fight against the second hand market as well.

In that offer, the person giving the device away also had a strange request:
she would not charge for the phone but she wanted us to get the data out of
the phone. The person explained to us that she didn’t trust nor Google nor
Samsung with her data, which included private pictures but didn’t manage to
get her data out of the device. As the request seemed legitimate we agreed to
try but as we are not expert in rooting that it might have failed. The data
was not encrypted so it also would have made things easier.

## References:

[1]https://boingboing.net/2018/10/20/louis-rossman.html

## Working on the device

Working with that device was not easy. The first issue we got was that the
battery would not charge at all, and the battery indication was at 0%.

This explained why the person wasn’t able to extract her data from the device.

We found on XDA that it was possible to get the battery charge again if we
managed to downgrade the phone OS. This looked very strange. We also learned
that the phone was fusing the OS versions somewhere. This was probably in the
RPMB (Replay Protected Memory Block) partition of the eMMC.

As the device was on fuse version 1, we managed to downgrade it. All that was
very strange. The 0% battery charging problem seemed to be a well known issue
that is supposed to only affect the the devices fused with the version 2.
Maybe it was because the battery was already very discharged that it did that,
and that the bootloader and OS refused to charge it.

As we didn’t have a lot of time to spent on all that, we didn’t want to
investigate more and proceeded to download OS images for older versions of the
devices. We are also not sure if this was legal or not as the images weren’t
hosted by Samsung, and so we don’t know  
if the website we downloaded them from had some arrangement with Samsung or
not.

As official repair shops need to have the images, we assumed that there might
be a way for websites to get the images through legal means, especially in
countries that have laws that are meant to guarantee the right to repair in
practice.

## Extracting the data

Before downgrading the images we still wanted to try to extract the data for
the person that sent us the device. So as we were unsure if installing a
recovery would erase the user data, we tried to find free software root
exploits for the device.

We have summarized our attempts in the RootingDevices[1] page of the Replicant
wiki. We still need to update it to add information about our attempts with
the SM-N930F.

As we didn’t find any rooting application in F-Droid, and that we didn’t want
to use nonfree applications to root the device, we instead started looking at
vulnerabilities that enabled us to get root. For each vulnerability we looked
if the kernel version of the device was affected, and if so we looked for free
software versions of the exploits, that were often published without any
license.

At the end we failed to find something that worked quickly so we resorted to
just flashing a recovery and hoping that it would not erase the user data.
According to the find command, the user files seemed to have been intact.

We then sent the ex-owner all the data, strongly encrypted with GPG, and when
we got the confirmation that everything was fine we proceeded to erase all the
data.

## References:

[1]https://redmine.replicant.us/projects/replicant/wiki/RootingDevices

## Working on Replicant

At this point, we found that the battery was just very old, this is why it was
reporting a 0% capacity.

Each time we wanted to flash an image with Heimdall, we had to wait for hours
for the device to charge a tiny bit.

The stress of the developer working on the device increased a lot because the
device was potentially always on, and we didn’t know when it had the ability
to record conversations or not, as we didn’t do a review of its freedom,
privacy and security issues.

The developer’s passwords could be revealed as well, by recording the noise of
his keyboard, and even GPG keys can be reconstructed through noise if they are
used intensively.

In order to preserve the developer’s sanity and the security of the Replicant
project, the device was kept in the fridge most of the time.

This was very weird for the people visiting that developer as he had to put
the device in the fridge each time people came by.

Sometimes he forgot to put the device in the fridge and started to have
political and/or intimate conversation and at some point he remembered the
device and had to go put it in the fridge in the middle of the conversations.
That was very weird. Especially the “Can you wait a second? I’ve to put the
phone in the fridge.” part.

In addition to all these issues, we also had the device crash during
development, however we couldn’t wait until the battery was fully depleted as
the battery didn’t charge. We had to hope that the device wound not go in some
mode where we were stuck. However it didn’t happen, and we always managed to
recover.

Then one day, around when the COVID-19 confinement started, when he was away
doing some sports outside, the neighbors heard an explosion. Apparently,
besides the table where it was charging and and the wall around it, nothing
was damaged.

As some of the neighbors called the police, that developer was then arrested
and all his equipment was seized.

He was charged with:

* the possession of an explosive device

* reverse engineering

* theft

* counterfeiting

* violation of trade secrets

* refusing to give encryption key of his hard disks

* refusing to hand over his account details

* refusing to give his fingerprint and his DNA

* resisting arrest and insulting police officers

* destroying evidence

He plead innocent for all of the charges, and most of the charges were
dismissed:

* The “explosive device” was in fact the Samsung SM-N930F, which is best
  known as Galaxy Note 7. As many other people also had one at some point,
  the court dismissed that charge, especially because this wasn’t done on
  purpose. The judge also said that they couldn’t condemn people for being
  stupid, not remembering about the issue, and relying on the outdated
  offline version of Wikipedia through Kiwix to do research on hardware.

* The reverse engineering charges were also dismissed as it was done for
  interoperability, and that the developer never agreed to any user license
  agreement that prevented that.

* Theft was quickly dismissed as it did not apply to the violation of
  copyright.

* The violation of trade secrets was also dismissed, even if printed
  schematics were found on the developer’s table. As the schematics were
  published online in many forums like XDA, they were also considered as
  fair use. Various leaked documents like the Snowden documents, or
  Wikileaks revelations were also used during the case to prove that some
  leaked documents could be considered as fair use. The fact that the
  documents had “proprietary” markings was also not sufficient as many
  public documents also still bear markings that were just not removed.

* Counterfeiting was also dismissed because no proof of violation of
  copyright could ever be found, and that the use of leaked schematics was
  considered as fair use.

* Refusing to give encryption key of his hard disks: with a lot of pressure
  from many associations, this was dismissed as it was merely an excuse to
  get access to the developer’s data and it was not relevant to the case.
  The same applied with his refusal of handling any of this account data
  (which also includes the passwords giving access to the Replicant
  infrastructure).

* Destroying evidence by erasing the data of most of his computers was also
  dismissed. First only the boot partitions were erased and it was again not
  relevant to the case.

* Resisting arrest and insulting police officers: there were no proofs that
  this ever occurred, and rambling against non-removable battery was not
  deemed strong enough to constitute resisting arrest and/or insulting
  police officers.

## Sentences

However he was still charged with the following:

* Refusing to give his fingerprints.

* Refusing to give his DNA: the police still got his DNA even if he refused.

Subpoena and other declarations:

* The court also gave him a subpoena “Be more careful next time and work on
  more constructive things like adding support for phones with a removable
  battery only.” to which the developer agreed.

* He also declared that rushing to add support for a phone wasn’t a good
  idea either, as because of that, he didn’t realize that the device was a
  Galaxy Note 7.

He got a suspended sentence of 3 months for all that.

## Getting the equipment back

As the court was very friendly he also got all his equipment back which
usually never happens. Getting it back was still very challenging but it also
turned out to be very fun.

As the developer had to sign a document with all the hardware on it, to get it
back, the following conversations occurred when filling the list of hardware:

* Employee: What’s this thing?

* Developer: It’s a UART adapter for smartphone, you know behind the USB
  connector there is [very long technical explanations].

* Employee: Let’s write “UART adapter for smartphone”.

* Developer: It also probably works on tablets you know, and it can also do
  many other things other than UART, like power on the phone and switch
  modes [very long technical explanations].

* Employee: Let’s write “complicated computer hardware”.

Or:

* Employee: What’s this thing?

* Developer: It’s a hardware to trace the protocol between the SIM card and
  the phone modem, there is a standard called terminal profile which has
  many privacy implications like [very long explanations].

* Employee: Let’s write “SIM card tracker”.

* Developer: It can’t track SIM cards at all, but it can trace the protocol
  [very long explanation again].

* Employee: Sigh, let’s write “complicated computer hardware” again.

Or:

* Employee: What’s this laptop? It’s a laptop, right?

* Developer: It’s a Thinkpad X200, which is a computer capable of running
  Libreboot, this has many freedom implications like [very long
  explanations].

* Employee: Let’s write “vintage computer”.

* Developer: But I use that computer you know [very long explanations].

* Employee: Sigh, let’s write “complicated computer hardware” again.

Or:

* Employee: What’s that? Is it a very complicated smartphone?

* Developer: It’s just a usual Galaxy S II (GT-I9100G).

* Employee: Let’s write “Galaxy S II”.

* Developer: I’ve also a Galaxy S II (GT-I9100) which has a very different
  system on a chip [very long explanations].

* Employee: Sigh, let’s write “complicated computer hardware” again.

Or even:

* Employee: What’s that?

* Developer: I don’t know

* Employee: You don’t know? Is it yours?

* Developer: Yes, but I don’t know how to describe what it is, you can think
  of it like an Arduino running GNU/Linux, back in the days before any of
  the single board computer had systems to automatically detect hardware
  [very long explanations].

* Employee: What’s an Arduino [interrupting the developer]?

* Developer: [very long explanations starting].

* Employee: Sorry [interrupting the developer], bad idea, forget about my
  question, let’s again write “complicated computer hardware”.

At the end the developer got it all back, and the staff said it was the
strangest set of seized equipment they ever seen.

He then was unavailable during a full week, as he was reflashing all the
“complicated computer hardware” for security reasons. That meant that in
practice he had to reinstall Libreboot[1] or other fully free versions of
Coreboot that he used, Parabola[2] on all the desktops, laptops, servers,
single board computers and smartphones that weren’t fully encrypted,
reinstalling Replicant on some other smartphones and tablets, reinstalling
LibreCMC[3] on various devices like WiFi access points, reinstalling various
microcontroller projects like frser-duino[4] on his flasher, ralim/ts100[5] on
his soldering iron, PedRom[6] on his calculator, Simrtace 1.0[6] on his SIM
card tracer 1.0[7], etc

At least he could still trust his hardware and continue to use it after
reinstalling everything. If the hardware had to run nonfree software, it would
have been a different story.

Besides about 1 month of Apache logs, and the phone number of his contacts,  
not much was exposed. We also hope that Android “Factory erase” worked fine on
the SM-N930F but we can’t know as we didn’t try to recover any data.

The only device he didn’t got back was the Samsung SM-N930F, as it was
probably kept or disposed by the Justice Department.

About the lost of the device, the developer commented: “I lost weeks [of work]
because of that shitty phone”, “I don’t want that phone anywhere near me.”.

It turned out that, in addition to his allergy to nonfree software, freedom
and privacy violations, that developer now became allergic to non-replaceable
batteries as well. “Deciding to make devices with non-repleacable batteries is
completely insane, it would be very important to ask ourselves how we got
there.” that developer commented.

## References:

[1]https://libreboot.org  
[2]https://parabola.nu/  
[3]https://librecmc.org/  
[4]https://github.com/urjaman/frser-duino  
[5]https://github.com/Ralim/ts100  
[6]https://git.osmocom.org/simtrace/  
[7]https://osmocom.org/projects/simtrace/wiki/SIMtrace

## Epilogue

This blog post is a fictional political satire written by a Replicant
developer for the [first of April 2020][1]. It may or may not represent the
positions of the Replicant project. The story has been very strongly inspired
by several real events.

* It contains several logic flaws that might have been spotted by attentive
  readers or people used to the [zététique][2] techniques. For instance the
  device was chosen to enable sharing work with GNU/Linux, yet, support for
  Replicant 6 is added in a way that doesn’t benefit at all code sharing
  with GNU/Linux at all as no support for that device is added in
  libsamsung-ipc. The fact that it was not clearly marked as a fiction was
  intended to help people test their critical thinking.

* It’s meant to criticize the systemic causes that resulted in the issue
  with the Samsung Galaxy Note 7 smartphone. The Wikipedia article on the
  [Samsung Galaxy Note 7][3] has very interesting information on the impacts
  of the issue.

* It’s interesting to see how Samsung used the control it had on such
  devices, to remotely disable them. That control could be abused. This
  could also be an issue if people have important private data in it, that
  they weren’t willing to share with companies with huge track record of
  users abuse. So instead of having to adapt to every design choice of the
  smartphone industry, like non-replaceable battery, it’s sometimes better
  to start from limiting as much as possible the damage to users freedom and
  the environment, and try to adapt that to various uses cases instead.
  Here, having user removable batteries would be way more efficient than
  control over users devices for avoiding such issues or dealing with
  batteries that explodes or catch fire. Many manufacturers [had to recall
  batteries][4] over the years, and the impact weren’t as bad as with the
  Galaxy Note 7.

* As far as we know, that event didn’t make smartphone manufacturers switch
  back to user removable batteries. Samsung didn’t even add back non-
  removable batteries to the [Galaxy Note 8][5] , which is the next model in
  the Galaxy Note series. If software or hardware that was threatening some
  economic or political power was the cause of issues that big, the reaction
  would most probably have been very different.

* In general, giving too much power to the manufacturers over the users is a
  very bad idea. For instance in the [Volkswagen emissions scandal][6], if
  users had more control over their cars, an issue of that scale could have
  been avoided. In contrast, if users had total control over their cars,
  more users would probably do various modifications, including polluting
  more to gain more performance or tune their cars to pollute even less. It
  would have preserved users freedom and probably have a positive impact
  than with such scandal. The same reasoning apply to [the radio lockdown
  directive, which Replicant took position against][7].

## Copyrights

* [CC-BY-SA 4.0][8]

 [1]: <https://en.wikipedia.org/wiki/April_Fools%27_Day>

 [2]: <https://en.wikipedia.org/wiki/Z%C3%A9t%C3%A9tique>

 [3]: <https://en.wikipedia.org/wiki/Samsung_Galaxy_Note_7>

 [4]: <https://en.wikipedia.org/wiki/Product_recall>

 [5]: <https://en.wikipedia.org/wiki/Samsung_Galaxy_Note_8>

 [6]: <https://en.wikipedia.org/wiki/Volkswagen_emissions_scandal>

 [7]: <https://fsfe.org/activities/radiodirective/statement.en.html>

 [8]: <https://creativecommons.org/licenses/by-sa/4.0/legalcode.txt>