|
Welcome to the GSM-Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. Only registered members may post questions, contact other members or search our database of over 8 million posts. Registration is fast, simple and absolutely free so please - Click to REGISTER! If you have any problems with the registration process or your account login, please contact contact us . |
|
Register | FAQ | Donate | Forum Rules | Root any Device | ★iPhone Unlock★ | ★ Direct Codes ★ | Direct Unlock Source | Mark Forums Read |
GSM Programming & Reverse Engineering Here you can post all Kind of GSM Programming and Reverse Engineering tools and Secrets. |
| LinkBack | Thread Tools | Display Modes |
04-15-2024, 02:10 | #31 (permalink) |
No Life Poster Join Date: Dec 2006 Location: yes
Posts: 800
Member: 420658 Status: Offline Thanks Meter: 218 | I have still not managed the AT Cmd part... nor AES DE nor ENcryption of steady.bin... or whatever is inside this base64 crap... Code: em_crypto_aes_256_ctr_encrypt em_crypto_aes_256_ctr_decrypt em_crypto_aes_256_gcm_encrypt em_crypto_aes_256_gcm_decrypt Maybe somebody could help me please. Thanx in advance. And 1 more problem... I can not fix ESI problem on my SM-G965F... So I can not write EM Token via Odin... Best Regards |
04-19-2024, 10:02 | #32 (permalink) |
Junior Member Join Date: Jul 2012
Posts: 36
Member: 1787241 Status: Offline Thanks Meter: 3 | i wish i could help but i think youre way above my level, i am reading with interest though. i know the DAESUL files were about in around 2017 as i had them from a sie that looked like most of the mobile file servers do but was just called "samsungengneering" or something like that, they had all the daesul files, i grabbed a load as i found an old anyway jig and thought i could do something with it (i couldnt, or rather i never had the time and resources to) but im sure if they were out there then they have to still be floating about somewhere. all i can do is wish you the best of luck, keep us updated |
The Following User Says Thank You to emba4 For This Useful Post: |
04-21-2024, 20:01 | #33 (permalink) |
No Life Poster Join Date: Dec 2006 Location: yes
Posts: 800
Member: 420658 Status: Offline Thanks Meter: 218 | Code: [541] MAGIC : [541] ENGRES0001 [541] DID : [541] 123456789abc```````````````````` [541] IMEI : [541] fffffffffffffff````````````````` [541] MODEL : [541] SM-A202F```````````````````````` [541] SINGLE : [541] DASEUL`````````````````````````````````` [541] MODE : 0x0 [541] VALIDITY: 0xffff Interesting... Seems we have 40 Bytes reserved... for funny text visible in Download/Odin Mode... So more then DASEUL can be written... Only short tested with "v1" steady.bin Only as info... Best Regards |
06-16-2024, 01:22 | #34 (permalink) |
No Life Poster Join Date: Dec 2006 Location: yes
Posts: 800
Member: 420658 Status: Offline Thanks Meter: 218 | Any idea how many AES Modes supported from openssl? Code: openssl enc -aes-256-ctr openssl enc -aes-256-cbc openssl enc -aes-256-gcm Thanx in advance. Best Regards |
06-22-2024, 07:08 | #35 (permalink) |
No Life Poster Join Date: Dec 2006 Location: yes
Posts: 800
Member: 420658 Status: Offline Thanks Meter: 218 | Still unsolved the AES DEcrypt nor ENcrypt part... I have copy and paste from DASEUL Log... SM-N970U1 Tiny part of Log... Code: 06-22 07:22:08.543 741 2159 E SMD : Message:AT+ENGMODES=0,1,01:DASEUL_EMR:1:0|1|10|12|13|17|26|28:20191209:20191111:DASEUL:9999:995:308203DF308202C7A003020102020111300D06092A864886F70D01010B05003059310B3009060355040613024B523113301106035504070C0A5375776F6E206369747931173015060355040B0C0E53616D73756E67204D6F62696C65311C301A06035504030C1353616D73756E6720636F72706F726174696F6E301E170D3138313131323037333531315A170D3238313130393037333531315A3081B0310B300906035504061302564E311430120603550408130B54484149204E475559454E31243022060355040A131B53616D73756E6720456C656374726F6E69637320436F2E2C4C7464311E301C060355040B13154D6F62696C6520436F6D6D756E69636174696F6E73311830160603550403130F456E67696E656572696E674D6F6465312B3029060A0992268993F22C640101131B5356522D503A32303138313130353A31303A30342D3030313A454D30820122300D06092A864886F70D01010105000382010F003082010A0282010100D3933A1A092AEE5BCABCA03B316A6DCFE3A09F1C9B539BBD5B96599B1CC26CB4C72C90E9CA0B8E3DDC34F66A2610231740CF35CF2919DEF2355F88415B9DB84AA4741415FFAEE5FA9DA135996E05BC022FF4C128047E803246603CF04FD0DAAEC54 06-22 07:22:08.544 1023 1170 I EngineeringModeESS: ESS Protocol Version is v.01 06-22 07:22:08.544 1023 1170 I EngineeringModeESS: Command Type : 1 06-22 07:22:08.544 1023 1170 I EngineeringModeESS: Command : 01:DASEUL_EMR:1:0|1|10|12|13|17|26|28:20191209:20191111:DASEUL:9999:995:308203DF308202C7A003020102020111300D06092A864886F70D01010B05003059310B3009060355040613024B523113301106035504070C0A5375776F6E206369747931173015060355040B0C0E53616D73756E67204D6F62696C65311C301A06035504030C1353616D73756E6720636F72706F726174696F6E301E170D3138313131323037333531315A170D3238313130393037333531315A3081B0310B300906035504061302564E311430120603550408130B54484149204E475559454E31243022060355040A131B53616D73756E6720456C656374726F6E69637320436F2E2C4C7464311E301C060355040B13154D6F62696C6520436F6D6D756E69636174696F6E73311830160603550403130F456E67696E656572696E674D6F6465312B3029060A0992268993F22C640101131B5356522D503A32303138313130353A31303A30342D3030313A454D30820122300D06092A864886F70D01010105000382010F003082010A0282010100D3933A1A092AEE5BCABCA03B316A6DCFE3A09F1C9B539BBD5B96599B1CC26CB4C72C90E9CA0B8E3DDC34F66A2610231740CF35CF2919DEF2355F88415B9DB84AA4741415FFAEE5FA9DA135996E05BC022FF4C128047E803246603CF04FD0DAAEC546DBAC5A84AB47C9FE50AFC33E613FB9076892AE67D9EC4BF7702AE360F96C2099B8D7E17CE83483048A652B9FCBF7BF5A2E5DEEEBBD1A2673CB34EEF174797A1C834A3AAB23267CD003E5FC106EAF66942DCFBF090383E693F9F3375406AD3A5322068F5C6E06593C67EF1BC7F0A1E20951157772CF080EBCED65F68E8A9EFB6C1945A7CCB5F576C6314BCD4BF6FB738BDAAB090BB160F99E8BE1272922F10203010001A35A305830090603551D1304023000300B0603551D0F0404030206C0301D0603551D0E041604143B9EA63F5B2A3A383AA59B5EF537231B4C660435301F0603551D230418301680141A3849592E3221820C77260DCA11ADDD9CCA437D300D06092A864886F70D01010B05000382010100B17ABDE9E26A6C2506224B766934DD3020431902CA0293B76DDF8EB8A8ED298C080CBB907A25A0503291DF7B11525195EF49E7E482A0F26D5CE11A2BE5E94B14C9A53563380ABEFEC4B5BC7E82ACCCF050A81BE1535E5706BFDBCBB308FD6ADFCD64E95B804A278EDA6B1572A075FE3B0DA067D57BAA8743D66A1383EB54B32041C96D2B83205D0CACF1E74040BC9F18BD80EC05D82121512FEDB340491D30C4D36CE53C8DFA0C11B104B690A7D4BD5518ACB85BAFFD2671BAF0113690A723CF0BB0FEE8D7579C2D58BF24D32830463643EF39A839B127F40B304B1365A220E49AB23C4984A746FEE77C311647826404131727172BBBF8C5436487702BE478EB:F81E44112368257F5E3C3D229388548D8FE28DE696C2D5A0FF026A23245C38E6: 06-22 07:22:08.545 1023 1170 I EngineeringModeESS: bodyMsg : 01:DASEUL_EMR:1:0|1|10|12|13|17|26|28:20191209:20191111:DASEUL:9999:995:308203DF308202C7A003020102020111300D06092A864886F70D01010B05003059310B3009060355040613024B523113301106035504070C0A5375776F6E206369747931173015060355040B0C0E53616D73756E67204D6F62696C65311C301A06035504030C1353616D73756E6720636F72706F726174696F6E301E170D3138313131323037333531315A170D3238313130393037333531315A3081B0310B300906035504061302564E311430120603550408130B54484149204E475559454E31243022060355040A131B53616D73756E6720456C656374726F6E69637320436F2E2C4C7464311E301C060355040B13154D6F62696C6520436F6D6D756E69636174696F6E73311830160603550403130F456E67696E656572696E674D6F6465312B3029060A0992268993F22C640101131B5356522D503A32303138313130353A31303A30342D3030313A454D30820122300D06092A864886F70D01010105000382010F003082010A0282010100D3933A1A092AEE5BCABCA03B316A6DCFE3A09F1C9B539BBD5B96599B1CC26CB4C72C90E9CA0B8E3DDC34F66A2610231740CF35CF2919DEF2355F88415B9DB84AA4741415FFAEE5FA9DA135996E05BC022FF4C128047E803246603CF04FD0DAAEC546DBAC5A84AB47C9FE50AFC33E613FB9076892AE67D9EC4BF7702AE360F96C2099B8D7E17CE83483048A652B9FCBF7BF5A2E5DEEEBBD1A2673CB34EEF174797A1C834A3AAB23267CD003E5FC106EAF66942DCFBF090383E693F9F3375406AD3A5322068F5C6E06593C67EF1BC7F0A1E20951157772CF080EBCED65F68E8A9EFB6C1945A7CCB5F576C6314BCD4BF6FB738BDAAB090BB160F99E8BE1272922F10203010001A35A305830090603551D1304023000300B0603551D0F0404030206C0301D0603551D0E041604143B9EA63F5B2A3A383AA59B5EF537231B4C660435301F0603551D230418301680141A3849592E3221820C77260DCA11ADDD9CCA437D300D06092A864886F70D01010B05000382010100B17ABDE9E26A6C2506224B766934DD3020431902CA0293B76DDF8EB8A8ED298C080CBB907A25A0503291DF7B11525195EF49E7E482A0F26D5CE11A2BE5E94B14C9A53563380ABEFEC4B5BC7E82ACCCF050A81BE1535E5706BFDBCBB308FD6ADFCD64E95B804A278EDA6B1572A075FE3B0DA067D57BAA8743D66A1383EB54B32041C96D2B83205D0CACF1E74040BC9F18BD80EC05D82121512FEDB340491D30C4D36CE53C8DFA0C11B104B690A7D4BD5518ACB85BAFFD2671BAF0113690A723CF0BB0FEE8D7579C2D58BF24D32830463643EF39A839B127F40B304B1365A220E49AB23C4984A746FEE77C311647826404131727172BBBF8C5436487702BE478EB: 06-22 07:22:08.549 747 800 D DataRouter: Before the usb select Tried with adb logcat and RDX... But perfect Log for my tiny brain is missing... Tried with these "v2" devices: Code: SM-G965F SM-A505FN I get after first Command response... SM-A202F for instance not receive response as it seems... Not tested with EM3 devices... From DASEUL Log I can pull the Response... need some time... Best Regards |
07-02-2024, 20:36 | #36 (permalink) |
No Life Poster Join Date: Dec 2006 Location: yes
Posts: 800
Member: 420658 Status: Offline Thanks Meter: 218 | Tiny summary about my "AES_AT_EM_Adventure"... If somebody has S8 or Note 8 and is willing to help... Feel free to contact me... At the moment I have only Infos from friendly SM-N950F User.... My devices are only Android 9 as oldest... No idea if Android 7.1 Logging spit out more usefull infos... Thanx in advance. Best Regards |
07-09-2024, 03:57 | #37 (permalink) |
No Life Poster Join Date: Dec 2006 Location: yes
Posts: 800
Member: 420658 Status: Offline Thanks Meter: 218 | Code: Failed to make m-message Failed to make d-message Failed to decrypt e-token Failed to install token via ESS_V1 Failed to write iin Failed to get iin Failed to read iin Failed to get sk Failed to get si Failed to encrypt message Failed to get wb iv Failed to encrypt(wb) SS data Failed to make esk Failed to make digest of esk_erm I hang somewhere here... Only as tiny info... Best Regards |
07-09-2024, 04:04 | #38 (permalink) |
No Life Poster Join Date: Dec 2006 Location: yes
Posts: 800
Member: 420658 Status: Offline Thanks Meter: 218 | Code: Failed to make m-message Failed to make d-message Failed to decrypt e-token Failed to install token via ESS_V1 Failed to write iin Failed to get iin Failed to read iin Failed to get sk Failed to get si Failed to encrypt message Failed to get wb iv Failed to encrypt(wb) SS data Failed to make esk Failed to make digest of esk_erm Only as info... Best Regards |
07-23-2024, 01:32 | #39 (permalink) |
No Life Poster Join Date: Dec 2006 Location: yes
Posts: 800
Member: 420658 Status: Offline Thanks Meter: 218 | My SM-G965F is UH/SH aka bit 17... My Firmware is FUJ2... so after March 2021... so v3... No idea why... I can use both libs from 1 year older firmware: Code: AP_G965FXXU9ETF5_CL18847185_QB31836602_REV01_user_low_ship_meta_OS10.tar.md5 U9 instead SH/UH 1 easy change is to rename all: Failed to to Fail64 to In both libs... here I use from lib64 folder... Code: lib64_U9_2_ETF9_FAKE5 Fake 5 is still working for AT cmd 1 and receive Response... Soon I will go back to SM-A202F xperiments... as here: Code: /dev/urandom Has visible effect to nonce... Best Regards |
07-31-2024, 06:12 | #40 (permalink) |
No Life Poster Join Date: Dec 2006 Location: yes
Posts: 800
Member: 420658 Status: Offline Thanks Meter: 218 | Code: [ 68.612833][1: SATServiceData] 07-31 03:55:33.759 1045 1198 I EngineeringModeESSbodyMsg : 01:DASEUL_EMR:DASEUL:9999:995:308203DF308202C7A003020102020111300D06092A864886F70D01010B05003059310B3009060355040613024B523113301106035504070C0A5375776F6E206369747931173015060355040B0C0E53616D73756E67204D6F62696C65311C301A06035504030C1353616D73756E6720636F72706F726174696F6E301E170D3138313131323037333531315A170D3238313130393037333531315A3081B0310B300906035504061302564E311430120603550408130B54484149204E475559454E31243022060355040A131B53616D73756E6720456C656374726F6E69637320436F2E2C4C7464311E301C060355040B13154D6F62696C6520436F6D6D756E69636174696F6E73311830160603550403130F456E67696E656572696E674D6F6465312B3029060A0992268993F22C640101131B5356522D503A32303138313130353A31303A30342D3030313A454D30820122300D06092A864886F70D01010105000382010F003082010A0282010100D3933A1A092AEE5BCABCA03B316A6DCFE3A09F1C9B539BBD5B96599B1CC26CB4C72C90E9CA0B8E3DDC34F66A2610231740CF35CF2919DEF2355F88415B9DB84AA4741415FFAEE5FA9DA135996E05BC022FF4C128047E803246603CF04FD0DAAEC546DBAC5A84AB47C9FE50AFC33E613FB9076892AE67D9EC4BF7702AE360F96C2099B8D7E17CE83483048A652B9FCBF7BF5A2E5DEEEBBD1A2673CB34EEF174797A1C834A3AAB23267CD003E5FC106EAF66942DCFBF090383E693F9F3375406AD3A5322068F5C6E06593C67EF1BC7F0A1E20951157772CF080EBCED65F68E8A9EFB6C1945A7CCB5F576C6314BCD4BF6FB738BDAAB090BB160F99E8BE1272922F10203010001A35A305830090603551D1304023000300B0603551D0F0404030206C0301D0603551D0E041604143B9EA63F5B2A3A383AA59B5EF537231B4C660435301F0603551D230418301680141A3849592E3221820C77260DCA11ADDD9CCA437D300D06092A864886F70D01010B05000382010100B17ABDE9E26A6C2506224B766934DD3020431902CA0293B76DDF8EB8A8ED298C080CBB907A25A0503291DF7B11525195EF49E7E482A0F26D5CE11A2BE5E94B14C9A53563380ABEFEC4B5BC7E82ACCCF050A81BE1535E5706BFDBCBB308FD6ADFCD64E95B804A278EDA6B1572A075FE3B0DA067D57BAA8743D66A1383EB54B32041C96D2B83205D0CACF1E74040BC9F18BD80EC05D82121512FEDB340491D30C4D36CE53C8DFA0C11B104B690A7D4BD5518ACB85BAFFD2671BAF0113690A723CF0BB0FEE8D7579C2D58BF24D32830463643EF39A839B127F40B304B1365A220E49AB23C4984A746FEE77C311647826404131727172BBBF8C5436487702BE478EB: [ 68.615856][2: system_server] 07-31 03:55:33.762 1045 1045 I EngineeringModeServicewakelock is acquired!! [ 68.623078][0: SATServiceData] 07-31 03:55:33.769 1045 1198 I ENGMODE2em_init: Send INIT CMD to TA [ 68.626258][2: SATServiceData] 07-31 03:55:33.772 1045 1198 I ENGMODE2em_jni_print_command : EM Version 0002, INTERNAL Version : 20, MODULE Version : 21.02.0 [ 68.626305][2: SATServiceData] 07-31 03:55:33.772 1045 1198 I ENGMODE2em_jni_print_command : [CMD] : [EM_CMD_INIT_EMAS] [ 68.626436][2: SATServiceData] 07-31 03:55:33.772 1045 1198 I TeeSysClientdriver version: v6.3 [hardware/samsung_slsi/exynos9810/mobicore/ClientLib/src/driver.cpp:104] [ 68.626464][2: SATServiceData] 07-31 03:55:33.773 1045 1198 I TeeSysClientdriver open [hardware/samsung_slsi/exynos9810/mobicore/ClientLib/src/driver.cpp:109] [ 68.626493][2: SATServiceData] 07-31 03:55:33.773 1045 1198 I ENGMODE2Opening MobiCore device is done.. [ 68.627207][6: McDaemon.SWd] 07-31 03:55:33.773 412 416 W TeeMcDaemonCannot open trustlet /data/vendor/mcRegistry/ffffffff000000000000000000000070.tlbin (No such file or directory) [hardware/samsung_slsi/exynos9810/mobicore/Daemon/src/SecureWorld.cpp:195] [ 68.628762][2: SATServiceData] 07-31 03:55:33.775 1045 1198 E TeeSysClientmcOpenSession returned INVALID_DEVICE_FILE (rc 0x10) [hardware/samsung_slsi/exynos9810/mobicore/ClientLib/src/native_interface.cpp:573] [ 68.628834][2: SATServiceData] 07-31 03:55:33.775 1045 1198 E ENGMODE2Opening the session is failed : 0x00000010 [ 68.628886][2: SATServiceData] 07-31 03:55:33.775 1045 1198 E TeeSysClientmcCloseSession returned UNKNOWN_SESSION (rc 0x8) [hardware/samsung_slsi/exynos9810/mobicore/ClientLib/src/native_interface.cpp:620] [ 68.628918][2: SATServiceData] 07-31 03:55:33.775 1045 1198 E ENGMODE2Closing the session is failed : 0x00000008 [ 68.628944][2: SATServiceData] 07-31 03:55:33.775 1045 1198 I ENGMODE2Closing session is done(session id : 0, device id : 0) [ 68.629036][2: SATServiceData] 07-31 03:55:33.775 1045 1198 I TeeSysClientdriver closed [hardware/samsung_slsi/exynos9810/mobicore/ClientLib/src/driver.cpp:120] [ 68.629068][2: SATServiceData] 07-31 03:55:33.775 1045 1198 I ENGMODE2Closing MobiCore device is done.. [ 68.629096][2: SATServiceData] 07-31 03:55:33.775 1045 1198 I ENGMODE2setProperty flags = 0000000000000000 [ 68.629123][2: SATServiceData] 07-31 03:55:33.775 1045 1198 E ENGMODE2em_init: Fail64 em tlc send(0xf0000001) [ 68.629284][2: SATServiceData] 07-31 03:55:33.775 1045 1198 I ENGMODE2em_jni_print_command : EM Version 0002, INTERNAL Version : 20, MODULE Version : 21.02.0 [ 68.629314][2: SATServiceData] 07-31 03:55:33.775 1045 1198 I ENGMODE2em_jni_print_command : [CMD] : [EM_CMD_REQ_RECOVERY_ITL_ESSDEV_V1] On my SM-G965F I was able to identify 1 Trustlet involved in this AT cmd/EM adventure... Still hang in AES adventure... Only as info. Best Regards |
The Following User Says Thank You to adfree For This Useful Post: |
08-07-2024, 13:48 | #41 (permalink) |
No Life Poster Join Date: Dec 2006 Location: yes
Posts: 800
Member: 420658 Status: Offline Thanks Meter: 218 | Tiny progress in AES adventure... By baby trick to change text string... in lib1... Code: /dev/urandom Into this for instance: Code: /dev/zero You can "skip" the random/nonce stuff... as result... Response deliver same data for msg... In other words... I can now confirm it is AES 256 and CTR... No idea why AES accept such stupid data: AES 256 Key... 32 Byte lengths...HEX: Code: 0000000000000000000000000000000000000000000000000000000000000000 IV 16 Byte...HEX Code: 00000000000000000000000000000000 "Bad"... This is only in old v1 like SM-A202F working... S8 not confirmed yet... But nice user helped me... He modified Kernel to get static Key and IV... I am trying to find urandom in SM-G965F... EM2... Hope easier to proceed... As EM2 support CMD 0,3... Less data to send... less data received... Maybe then more clear how exact this work... Only as info. Best Regards |
The Following User Says Thank You to adfree For This Useful Post: |
08-11-2024, 13:43 | #42 (permalink) |
No Life Poster Join Date: Dec 2006 Location: yes
Posts: 800
Member: 420658 Status: Offline Thanks Meter: 218 | First success to write steady.bin via AT cmd... Successfully tested with my SM-A202F. So old v1... But far far away from perfect solution. A For now Root mandatory... to replace library *.so B Need very old Firmware... Android 9 before March 2021... C With my SM-A202F U3 I have luck that /dev/zero trick work... So AES 256 Key and IV is ever 0... So random is "disabled" D And I have only luck to bypass the verify process with S8 libs... --------------------------------- I can only find AES random Keys in old FW... RDX dump Still not managed to get the Key(s) from Response... I guess the 256 Sign contain the answer... Maybe something like this is used... https://developers.google.com/tink/s...treaming?hl=en For now this exceeds my skills... Only as info. Best Regards |
The Following User Says Thank You to adfree For This Useful Post: |
08-19-2024, 20:42 | #44 (permalink) |
No Life Poster Join Date: Dec 2006 Location: yes
Posts: 800
Member: 420658 Status: Offline Thanks Meter: 218 | Tiny progress. The 256 Byte Sign (RSA 2048) inside Response contain 64 Bytes... These 64 Bytes contain IV and IMHO the AES 256 Key for next AT cmd... To encrypt steady.bin... I tried on my SM-G965F manually... First attempt I forgot to add the IV to cmd 2... Second attempt ... 4 minutes + before I got the cmd 2 ... I still not found any similar way to nuke urandom like on my SM-A202F... Meanwhile I was able to downgrade from bit 17 FUJ2... To working bit G965FXXS6CSH5... It seems to me. AT cmd is introduced since Android 9... Not in Android 8 So no use to downgrade to Android 8 nor to find bit 17 Combination Firmware, because also Android 8... Seems I found how to check Version of Trustlets... the TEE time ehm part... Code: vendor.img Da ist glaube das EM Zeugs... ffffffff000000000000000000000070.tlbin 70 anders G965FXXS6CSH5 die hab ich drauf EngineeringMode TA Here 20.21.4 G965FXXU2CSC8 G965FXXU2CRLI hier EngineeringMode TA Here 20.20.1 Trustlet seems to control which Cert you can use in AT Adventure... not the libs... I will go back to SM-A202F ... and check if can use instead /dev/zero... Something like this. Code: star2lte:/ $ su star2lte:/ # cd /dev star2lte:/dev # touch /dev/urando2 star2lte:/dev # echo "IVAES256IVAESAESKEYKEYAESKEYAESKEYAES256KEYAESFU" > /dev/urando2 star2lte:/dev # ls -a1l urandom crw-rw-rw- 1 root root 1, 9 2024-08-12 22:41 urandom star2lte:/dev # ls -a1l urando2 -rw-r--r-- 1 root root 49 2024-08-12 22:56 urando2 star2lte:/dev # cat /dev/urando2 IVAES256IVAESAESKEYKEYAESKEYAESKEYAES256KEYAESFU star2lte:/dev # cd /system/lib64 star2lte:/system/lib64 # ls -a1l libcrypto.so -rw-r--r-- 1 root root 1372848 2008-12-31 16:00 libcrypto.so star2lte:/system/lib64 # ls -a1l libcrypto.so My Zero trick seems not very helpfull to identify the complete Crypto... 0 x 0 is 0 But also FF x 0 = 0 So two base64 encoded "32 Bytes" looks like this: Code: AAAAAAAAAAAA... Only as info. Best Regards |
08-22-2024, 01:02 | #45 (permalink) |
No Life Poster Join Date: Dec 2006 Location: yes
Posts: 800
Member: 420658 Status: Offline Thanks Meter: 218 | Code: star2lte:/ $ su star2lte:/ # cd /dev star2lte:/dev # ls -a1l urandom crw-rw-rw- 1 root root 1, 9 2024-08-20 23:18 urandom star2lte:/dev # rm urandom star2lte:/dev # ls -a1l urandom ls: urandom: No such file or directory 1|star2lte:/dev # mknod -m 0666 /dev/urandom c 1 5 star2lte:/dev # ls -a1l urandom crw-rw-rw- 1 root root 1, 5 2024-08-20 23:30 urandom This looks better... But it is gone after Reboot... And it seems Reboot is mandatory to accept the changes... Puhhhh... Maybe Kernel Patch or complete Compiling could help me in my SM-G965F Adventure... Code: static const struct memdev { const char *name; mode_t mode; const struct file_operations *fops; struct backing_dev_info *dev_info; } devlist[] = { ... [8] = { "random", 0666, &random_fops, NULL }, [9] = { "urandom", 0666, &urandom_fops, NULL }, 5 is ZERO 7 is NULL I have NO idea if this is good for whole OS... Code: SM-A202F ASL4 a20e:/dev # cat /proc/version Linux version 4.4.111-17594784 (dpi@SWDH4607) (gcc version 4.9.x 20150123 (prerelease) (GCC) ) #1 SMP PREEMPT Thu Jan 2 13:17:07 KST 2020 ----------------------------------------------------------- SM-G965F Linux version 4.9.59-16553818 (dpi@21HHAE17) (gcc version 4.9.x 20150123 (prerelease) (GCC) ) #1 SMP PREEMPT Thu Aug 29 11:15:27 KST 2019 My SM-A202F have older Linux Version... so maybe this is 1 reason why luck with baby trick in lib1... I have not tested any EM3 device... I will try again to write steady.bin via AT cmd 0,2... To confirm 64 Bytes from Sign contain IV and AES 256 Key and 16 Byte "unknown" data... for cmd 2... I need around 4 minutes to create "cmd 2" Code: AT+ENGMODES=0,2,01:24: At the moment I have only 1 DRK Cert with FULL Private Key... to decrypt with openssl the 256 Byte Sign from Response... Limitation... only before March 2021 Security crap... so generally not for EM3 usefull... I still have no EM Cert with text string: EngineeringMode Not Original nor Fake signed... Only as info about "progress"... Best Regards |
The Following User Says Thank You to adfree For This Useful Post: |
Bookmarks |
Thread Tools | |
Display Modes | |
| |
|