|
|
 |
|
Welcome to the GSM-Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. Only registered members may post questions, contact other members or search our database of over 8 million posts. Registration is fast, simple and absolutely free so please - Click to REGISTER! If you have any problems with the registration process or your account login, please contact contact us . |
| |||||||
| Register | FAQ | Donate | Forum Rules | Root any Device | ★iPhone Unlock★ | ★ Direct Codes ★ | Direct Unlock Source | Search | Today's Posts | Mark Forums Read |
| GSM Programming & Reverse Engineering Here you can post all Kind of GSM Programming and Reverse Engineering tools and Secrets. |
 |
| | LinkBack | Thread Tools | Display Modes |
12-03-2024, 05:06
| #61 (permalink) |
| No Life Poster  Join Date: Dec 2006 Location: yes
Posts: 817
Member: 420658 Status: Offline Thanks Meter: 249 | Tried with my old selfmade UART cable and no luck with SM-G800F and SM-G920F... So I tested few older devices... to test my UART cable... Interesting... Code: GT-I9301I Android 4.4.2 I93001IXXUANF2 Code: [23:43:48] AT+DEVROOTK=1,1,0 [23:43:48] A [23:43:48] T+DEVROOTK= [23:43:48] 1,1,0 [23:43:48] [23:43:48] ¡% [23:43:48] T”• [23:43:48] õ [23:43:48] =Q-é [23:43:48] 1,PHN-P:2014...:01:01:00...:ROOT [23:43:48] OK Only as info. Best Regards |
 |
| The Following User Says Thank You to adfree For This Useful Post: |
|
12-14-2024, 01:12
| #62 (permalink) |
| No Life Poster Join Date: Dec 2006 Location: yes
Posts: 817
Member: 420658 Status: Offline Thanks Meter: 249 | My selfmade UART cable is really far far away from perfect soldered... But now I was able to write DRK PHN-P Cert via UART in SM-G920F... Android 5... Before I managed this easily with USB cable and ddexe patch... in Android 6 and higher... But the UART way and Android 5 or lower is very tough for me... Now I realized missing strace Log... so it seems I need other PID for UART...   I am still hunting for E0C2... and noob way into TEE.  Meanwhile I have 2 Certs with Full Private Key... 1 is from SmartThings... zip Maybe now some keybuster exercices possible with RSA 2048... instead RSA 4096... Best Regards |
| |
|
12-23-2024, 05:27
| #63 (permalink) |
| No Life Poster Join Date: Dec 2006 Location: yes
Posts: 817
Member: 420658 Status: Offline Thanks Meter: 249 | Code: root@s3ve3g:/system/bin # keymaster_test Running main() from gtest_main.cc [==========] Running 40 tests from 4 test cases. [----------] Global test environment set-up. [----------] 27 tests from KeymasterTest Using keymaster module: Keymaster OpenSSL HAL [ RUN ] KeymasterTest.GenerateKeyPair_UnknownType_Failure [ OK ] KeymasterTest.GenerateKeyPair_UnknownType_Failure (1 ms) [ RUN ] KeymasterTest.ImportKeyPair_RSA_Success [ OK ] KeymasterTest.ImportKeyPair_RSA_Success (1 ms) [ RUN ] KeymasterTest.ImportKeyPair_EC_Success [ OK ] KeymasterTest.ImportKeyPair_EC_Success (2 ms) [ RUN ] KeymasterTest.ImportKeyPair_BogusKey_Failure [ OK ] KeymasterTest.ImportKeyPair_BogusKey_Failure (1 ms) [ RUN ] KeymasterTest.ImportKeyPair_NullKey_Failure [ OK ] KeymasterTest.ImportKeyPair_NullKey_Failure (1 ms) [ RUN ] KeymasterTest.GetKeypairPublic_RSA_Success [ OK ] KeymasterTest.GetKeypairPublic_RSA_Success (1 ms) [ RUN ] KeymasterTest.GetKeypairPublic_EC_Success [ OK ] KeymasterTest.GetKeypairPublic_EC_Success (1 ms) [ RUN ] KeymasterTest.GetKeypairPublic_NullKey_Failure [ OK ] KeymasterTest.GetKeypairPublic_NullKey_Failure (0 ms) [ RUN ] KeymasterTest.GetKeypairPublic_RSA_NullDestination_Failure [ OK ] KeymasterTest.GetKeypairPublic_RSA_NullDestination_Failure (2 ms) [ RUN ] KeymasterTest.GetKeypairPublic_EC_NullDestination_Failure [ OK ] KeymasterTest.GetKeypairPublic_EC_NullDestination_Failure (1 ms) [ RUN ] KeymasterTest.DeleteKeyPair_RSA_Success [ OK ] KeymasterTest.DeleteKeyPair_RSA_Success (1 ms) [ RUN ] KeymasterTest.DeleteKeyPair_RSA_DoubleDelete_Failure [ OK ] KeymasterTest.DeleteKeyPair_RSA_DoubleDelete_Failure (0 ms) [ RUN ] KeymasterTest.DeleteKeyPair_RSA_NullKey_Failure [ OK ] KeymasterTest.DeleteKeyPair_RSA_NullKey_Failure (0 ms) [ RUN ] KeymasterTest.SignData_RSA_Raw_Success [ OK ] KeymasterTest.SignData_RSA_Raw_Success (5 ms) [ RUN ] KeymasterTest.SignData_EC_Success [ OK ] KeymasterTest.SignData_EC_Success (14 ms) [ RUN ] KeymasterTest.SignData_RSA_Raw_InvalidSizeInput_Failure [ OK ] KeymasterTest.SignData_RSA_Raw_InvalidSizeInput_Failure (1 ms) [ RUN ] KeymasterTest.SignData_RSA_Raw_NullKey_Failure [ OK ] KeymasterTest.SignData_RSA_Raw_NullKey_Failure (1 ms) [ RUN ] KeymasterTest.SignData_RSA_Raw_NullInput_Failure [ OK ] KeymasterTest.SignData_RSA_Raw_NullInput_Failure (1 ms) [ RUN ] KeymasterTest.SignData_RSA_Raw_NullOutput_Failure [ OK ] KeymasterTest.SignData_RSA_Raw_NullOutput_Failure (1 ms) [ RUN ] KeymasterTest.VerifyData_RSA_Raw_Success [ OK ] KeymasterTest.VerifyData_RSA_Raw_Success (2 ms) [ RUN ] KeymasterTest.VerifyData_EC_Raw_Success [ OK ] KeymasterTest.VerifyData_EC_Raw_Success (11 ms) [ RUN ] KeymasterTest.VerifyData_RSA_Raw_BadSignature_Failure [ OK ] KeymasterTest.VerifyData_RSA_Raw_BadSignature_Failure (1 ms) [ RUN ] KeymasterTest.VerifyData_EC_Raw_BadSignature_Failure [ OK ] KeymasterTest.VerifyData_EC_Raw_BadSignature_Failure (1 ms) [ RUN ] KeymasterTest.VerifyData_RSA_Raw_NullKey_Failure [ OK ] KeymasterTest.VerifyData_RSA_Raw_NullKey_Failure (2 ms) [ RUN ] KeymasterTest.VerifyData_RSA_NullInput_Failure [ OK ] KeymasterTest.VerifyData_RSA_NullInput_Failure (1 ms) [ RUN ] KeymasterTest.VerifyData_RSA_NullSignature_Failure [ OK ] KeymasterTest.VerifyData_RSA_NullSignature_Failure (1 ms) [ RUN ] KeymasterTest.EraseAll_Success [ OK ] KeymasterTest.EraseAll_Success (0 ms) [----------] 27 tests from KeymasterTest (101 ms total) [----------] 5 tests from RSA/KeymasterGenerateRSATest Using keymaster module: Keymaster OpenSSL HAL [ RUN ] RSA/KeymasterGenerateRSATest.GenerateKeyPair_RSA_Success/0 [ OK ] RSA/KeymasterGenerateRSATest.GenerateKeyPair_RSA_Success/0 (114 ms) [ RUN ] RSA/KeymasterGenerateRSATest.GenerateKeyPair_RSA_Success/1 [ OK ] RSA/KeymasterGenerateRSATest.GenerateKeyPair_RSA_Success/1 (344 ms) [ RUN ] RSA/KeymasterGenerateRSATest.GenerateKeyPair_RSA_Success/2 [ OK ] RSA/KeymasterGenerateRSATest.GenerateKeyPair_RSA_Success/2 (4331 ms) [ RUN ] RSA/KeymasterGenerateRSATest.GenerateKeyPair_RSA_Success/3 [ OK ] RSA/KeymasterGenerateRSATest.GenerateKeyPair_RSA_Success/3 (18938 ms) [ RUN ] RSA/KeymasterGenerateRSATest.GenerateKeyPair_RSA_Success/4 [ OK ] RSA/KeymasterGenerateRSATest.GenerateKeyPair_RSA_Success/4 (20071 ms) [----------] 5 tests from RSA/KeymasterGenerateRSATest (43802 ms total) [----------] 5 tests from EC/KeymasterGenerateECTest Using keymaster module: Keymaster OpenSSL HAL [ RUN ] EC/KeymasterGenerateECTest.GenerateKeyPair_EC_Success/0 [ OK ] EC/KeymasterGenerateECTest.GenerateKeyPair_EC_Success/0 (9 ms) [ RUN ] EC/KeymasterGenerateECTest.GenerateKeyPair_EC_Success/1 [ OK ] EC/KeymasterGenerateECTest.GenerateKeyPair_EC_Success/1 (12 ms) [ RUN ] EC/KeymasterGenerateECTest.GenerateKeyPair_EC_Success/2 [ OK ] EC/KeymasterGenerateECTest.GenerateKeyPair_EC_Success/2 (16 ms) [ RUN ] EC/KeymasterGenerateECTest.GenerateKeyPair_EC_Success/3 [ OK ] EC/KeymasterGenerateECTest.GenerateKeyPair_EC_Success/3 (37 ms) [ RUN ] EC/KeymasterGenerateECTest.GenerateKeyPair_EC_Success/4 [ OK ] EC/KeymasterGenerateECTest.GenerateKeyPair_EC_Success/4 (83 ms) [----------] 5 tests from EC/KeymasterGenerateECTest (158 ms total) [----------] 3 tests from Types/KeymasterAllTypesTest Using keymaster module: Keymaster OpenSSL HAL [ RUN ] Types/KeymasterAllTypesTest.GenerateKeyPair_NullParams_Failure/0 [ OK ] Types/KeymasterAllTypesTest.GenerateKeyPair_NullParams_Failure/0 (1 ms) [ RUN ] Types/KeymasterAllTypesTest.GenerateKeyPair_NullParams_Failure/1 [ OK ] Types/KeymasterAllTypesTest.GenerateKeyPair_NullParams_Failure/1 (0 ms) [ RUN ] Types/KeymasterAllTypesTest.GenerateKeyPair_NullParams_Failure/2 [ OK ] Types/KeymasterAllTypesTest.GenerateKeyPair_NullParams_Failure/2 (0 ms) [----------] 3 tests from Types/KeymasterAllTypesTest (1 ms total) [----------] Global test environment tear-down [==========] 40 tests from 4 test cases ran. (44099 ms total) [ PASSED ] 40 tests. Found in GT-I9301I Neo Combination Firmware... IMHO more then ccm_gen_cert things exists... In S3 Neo FAC also 2 APKs ... but not working... I will try to check what it is... Best Regards Edit 1. Seems i found the filenames... its Qualcomm stuff... QSSEPKCS11OtpGen.apk QSSEP11EncryptorDecryptor.apk |
| |
|
12-31-2024, 09:37
| #64 (permalink) |
| No Life Poster Join Date: Dec 2006 Location: yes
Posts: 817
Member: 420658 Status: Offline Thanks Meter: 249 | Code: EngineeringMode mnfr ROOT Found by mistake the Root CA Cert of v4 EM adventure... No Panic. Only the Public Cert with Public Key aka Modulus. But IMHO helpfull to identify the chain... Best Regards |
| |
| The Following User Says Thank You to adfree For This Useful Post: |
|
01-14-2025, 02:53
| #65 (permalink) |
| No Life Poster Join Date: Dec 2006 Location: yes
Posts: 817
Member: 420658 Status: Offline Thanks Meter: 249 | v4 Root CA Full Cert can be found in Qualcomm devices... BL_S918BXXS7CXK6_S918BXXS7CXK6_MQB89170536_REV00_u ser_low_ship_MULTI_CERT.tar.md5 Inside: Code: XblRamdump.elf We can use this text string or Modulus... for search: Code: EngineeringMode mnfr ROOT In Exynos FW I found only Modulus inside sboot.bin... Not the Full Root CA Cert... Will post example... Best Regards |
| |
|
01-14-2025, 03:08
| #66 (permalink) |
| No Life Poster Join Date: Dec 2006 Location: yes
Posts: 817
Member: 420658 Status: Offline Thanks Meter: 249 | BL_S921BXXS5AXKA_S921BXXS5AXKA_MQB89011005_REV00_u ser_low_ship_MULTI_CERT.tar.md5 sboot.bin pubkey/Modulus only from v4 Root CA... Only as info. Best Regards |
| |
|
02-17-2025, 14:19
| #67 (permalink) |
| No Life Poster Join Date: Dec 2006 Location: yes
Posts: 817
Member: 420658 Status: Offline Thanks Meter: 249 | Because I killed my SM-G965F since few weekS... I can not more flash custom boot.img So I can not Root... I am not able to fix this sh i t...  So I made few tests with SM-A505FN... bit 1... So only Android 9 for now... But is also EM 2 device... I started with this: Code: USED token Please issue a new token 0xf0000016 bl_install_token error Few fails later i looked into my older steady partition dump... and realized the Counter is stored near ESI... Seems 16 Byte... no idea why 2 times stored... After ESI/Core problem with my SM-G965F unsolved... I will not do something manually... But in steady.bin I made the +1 Trick and can write steady.bin... For me it would be very cool "we" have full steady dump... and also way to nuke steady complete.... Also in non rooted devices... Will later check if we can "easily" find ESI dump in RDX/Upload Mode... To know what we need to do the + 1 trick... Best Regards |
| |
|
03-30-2025, 22:49
| #68 (permalink) |
| No Life Poster Join Date: Dec 2006 Location: yes
Posts: 817
Member: 420658 Status: Offline Thanks Meter: 249 | Code: [Usage] : wrapprov [e/d] [in] [out] Interesting. Seems ENcrypt or DEcrypt Trustlets... For instance: Code: ffffffff00000000000000000000000c.tlbin Code: 00000000-0000-0000-0000-505256544545 Now I can see plaintext again... Code: in : 00000000-0000-0000-0000-505256544545 out : DEcrypted_r875f.bin payload size = 302584 write size = 32768 write size = 32768 write size = 32768 write size = 32768 write size = 32768 write size = 32768 write size = 32768 write size = 32768 write size = 32768 write size = 7672 unwrap done... dec s Only as info. Best Regards |
| |
|
04-10-2025, 17:17
| #69 (permalink) |
| No Life Poster Join Date: Dec 2006 Location: yes
Posts: 817
Member: 420658 Status: Offline Thanks Meter: 249 | Code: 1 Mode(s) in steady.bin / EM2... EM3... 4D4F44450400000001000000 2 Modes 4D4F44450800000002000000 3 Modes 4D4F44450C00000003000000 4 Modes 4D4F44451000000004000000 5 Modes 4D4F44451400000005000000 6 Modes 4D4F44451800000006000000 7 Modes 4D4F44451C00000007000000 8 Modes 4D4F44452000000008000000 9 Modes 4D4F44452400000009000000 10 Modes 4D4F4445280000000A000000 11 Modes 4D4F44452C0000000B000000 12 Modes 4D4F4445300000000C000000 13 Modes 4D4F4445340000000D000000 14 Modes 4D4F4445380000000E000000 15 Modes 4D4F44453C0000000F000000 In theory we could use 15 Modes IMHO... I have for now "only" 12 Modes EM 3 example/template... Because some additional bytes need to be correct. Best Regards |
| |
|
| Bookmarks |
| Thread Tools | |
| Display Modes | |
| |
|
|
Linear Mode
