GSM Shop  
GSM Shop GSM Shop
GSM-Forum  

Welcome to the GSM-Forum forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features.
Only registered members may post questions, contact other members or search our database of over 8 million posts.

Registration is fast, simple and absolutely free so please - Click to REGISTER!

If you have any problems with the registration process or your account login, please contact contact us .

Go Back   GSM-Forum > Other Gsm/Mobile Related Forums > GSM Programming & Reverse Engineering


GSM Programming & Reverse Engineering Here you can post all Kind of GSM Programming and Reverse Engineering tools and Secrets.

Reply
 
LinkBack Thread Tools Display Modes
Old 12-03-2024, 05:06   #61 (permalink)
No Life Poster
 
Join Date: Dec 2006
Location: yes
Posts: 808
Member: 420658
Status: Online
Thanks Meter: 233

By mistake...


Tried with my old selfmade UART cable and no luck with SM-G800F and SM-G920F...


So I tested few older devices... to test my UART cable...


Interesting...
Code:
GT-I9301I  Android 4.4.2  I93001IXXUANF2
This S3 Neowith Qualcomm...Can answer to DEVROOTK AT cmds like this:
Code:
[23:43:48] AT+DEVROOTK=1,1,0 [23:43:48] A [23:43:48] T+DEVROOTK= [23:43:48] 1,1,0  [23:43:48] [23:43:48] ¡% [23:43:48] T”• [23:43:48] õ [23:43:48] =Q-é [23:43:48] 1,PHN-P:2014...:01:01:00...:ROOT  [23:43:48]  OK
Need to optimize few things... but it seems Range of devices increased for Modulus E0C2...

Only as info.

Best Regards
  Reply With Quote
The Following User Says Thank You to adfree For This Useful Post:
Old 12-14-2024, 01:12   #62 (permalink)
No Life Poster
 
Join Date: Dec 2006
Location: yes
Posts: 808
Member: 420658
Status: Online
Thanks Meter: 233
My selfmade UART cable is really far far away from perfect soldered...


But now I was able to write DRK PHN-P Cert via UART in SM-G920F...
Android 5...


Before I managed this easily with USB cable and ddexe patch... in Android 6 and higher...


But the UART way and Android 5 or lower is very tough for me...


Now I realized missing strace Log... so it seems I need other PID for UART...



I am still hunting for E0C2... and noob way into TEE.


Meanwhile I have 2 Certs with Full Private Key...


1 is from SmartThings... zip


Maybe now some keybuster exercices possible with RSA 2048... instead RSA 4096...


Best Regards
Attached Images
File Type: png hardWay_v1.png (29.7 KB, 24 views)
File Type: jpg hardWay_v2.jpg (157 Bytes, 116 views)
  Reply With Quote
Old 12-23-2024, 05:27   #63 (permalink)
No Life Poster
 
Join Date: Dec 2006
Location: yes
Posts: 808
Member: 420658
Status: Online
Thanks Meter: 233
Code:
root@s3ve3g:/system/bin # keymaster_test
Running main() from gtest_main.cc
[==========] Running 40 tests from 4 test cases.
[----------] Global test environment set-up.
[----------] 27 tests from KeymasterTest
Using keymaster module: Keymaster OpenSSL HAL
[ RUN      ] KeymasterTest.GenerateKeyPair_UnknownType_Failure
[       OK ] KeymasterTest.GenerateKeyPair_UnknownType_Failure (1 ms)
[ RUN      ] KeymasterTest.ImportKeyPair_RSA_Success
[       OK ] KeymasterTest.ImportKeyPair_RSA_Success (1 ms)
[ RUN      ] KeymasterTest.ImportKeyPair_EC_Success
[       OK ] KeymasterTest.ImportKeyPair_EC_Success (2 ms)
[ RUN      ] KeymasterTest.ImportKeyPair_BogusKey_Failure
[       OK ] KeymasterTest.ImportKeyPair_BogusKey_Failure (1 ms)
[ RUN      ] KeymasterTest.ImportKeyPair_NullKey_Failure
[       OK ] KeymasterTest.ImportKeyPair_NullKey_Failure (1 ms)
[ RUN      ] KeymasterTest.GetKeypairPublic_RSA_Success
[       OK ] KeymasterTest.GetKeypairPublic_RSA_Success (1 ms)
[ RUN      ] KeymasterTest.GetKeypairPublic_EC_Success
[       OK ] KeymasterTest.GetKeypairPublic_EC_Success (1 ms)
[ RUN      ] KeymasterTest.GetKeypairPublic_NullKey_Failure
[       OK ] KeymasterTest.GetKeypairPublic_NullKey_Failure (0 ms)
[ RUN      ] KeymasterTest.GetKeypairPublic_RSA_NullDestination_Failure
[       OK ] KeymasterTest.GetKeypairPublic_RSA_NullDestination_Failure (2 ms)
[ RUN      ] KeymasterTest.GetKeypairPublic_EC_NullDestination_Failure
[       OK ] KeymasterTest.GetKeypairPublic_EC_NullDestination_Failure (1 ms)
[ RUN      ] KeymasterTest.DeleteKeyPair_RSA_Success
[       OK ] KeymasterTest.DeleteKeyPair_RSA_Success (1 ms)
[ RUN      ] KeymasterTest.DeleteKeyPair_RSA_DoubleDelete_Failure
[       OK ] KeymasterTest.DeleteKeyPair_RSA_DoubleDelete_Failure (0 ms)
[ RUN      ] KeymasterTest.DeleteKeyPair_RSA_NullKey_Failure
[       OK ] KeymasterTest.DeleteKeyPair_RSA_NullKey_Failure (0 ms)
[ RUN      ] KeymasterTest.SignData_RSA_Raw_Success
[       OK ] KeymasterTest.SignData_RSA_Raw_Success (5 ms)
[ RUN      ] KeymasterTest.SignData_EC_Success
[       OK ] KeymasterTest.SignData_EC_Success (14 ms)
[ RUN      ] KeymasterTest.SignData_RSA_Raw_InvalidSizeInput_Failure
[       OK ] KeymasterTest.SignData_RSA_Raw_InvalidSizeInput_Failure (1 ms)
[ RUN      ] KeymasterTest.SignData_RSA_Raw_NullKey_Failure
[       OK ] KeymasterTest.SignData_RSA_Raw_NullKey_Failure (1 ms)
[ RUN      ] KeymasterTest.SignData_RSA_Raw_NullInput_Failure
[       OK ] KeymasterTest.SignData_RSA_Raw_NullInput_Failure (1 ms)
[ RUN      ] KeymasterTest.SignData_RSA_Raw_NullOutput_Failure
[       OK ] KeymasterTest.SignData_RSA_Raw_NullOutput_Failure (1 ms)
[ RUN      ] KeymasterTest.VerifyData_RSA_Raw_Success
[       OK ] KeymasterTest.VerifyData_RSA_Raw_Success (2 ms)
[ RUN      ] KeymasterTest.VerifyData_EC_Raw_Success
[       OK ] KeymasterTest.VerifyData_EC_Raw_Success (11 ms)
[ RUN      ] KeymasterTest.VerifyData_RSA_Raw_BadSignature_Failure
[       OK ] KeymasterTest.VerifyData_RSA_Raw_BadSignature_Failure (1 ms)
[ RUN      ] KeymasterTest.VerifyData_EC_Raw_BadSignature_Failure
[       OK ] KeymasterTest.VerifyData_EC_Raw_BadSignature_Failure (1 ms)
[ RUN      ] KeymasterTest.VerifyData_RSA_Raw_NullKey_Failure
[       OK ] KeymasterTest.VerifyData_RSA_Raw_NullKey_Failure (2 ms)
[ RUN      ] KeymasterTest.VerifyData_RSA_NullInput_Failure
[       OK ] KeymasterTest.VerifyData_RSA_NullInput_Failure (1 ms)
[ RUN      ] KeymasterTest.VerifyData_RSA_NullSignature_Failure
[       OK ] KeymasterTest.VerifyData_RSA_NullSignature_Failure (1 ms)
[ RUN      ] KeymasterTest.EraseAll_Success
[       OK ] KeymasterTest.EraseAll_Success (0 ms)
[----------] 27 tests from KeymasterTest (101 ms total)

[----------] 5 tests from RSA/KeymasterGenerateRSATest
Using keymaster module: Keymaster OpenSSL HAL
[ RUN      ] RSA/KeymasterGenerateRSATest.GenerateKeyPair_RSA_Success/0
[       OK ] RSA/KeymasterGenerateRSATest.GenerateKeyPair_RSA_Success/0 (114 ms)
[ RUN      ] RSA/KeymasterGenerateRSATest.GenerateKeyPair_RSA_Success/1
[       OK ] RSA/KeymasterGenerateRSATest.GenerateKeyPair_RSA_Success/1 (344 ms)
[ RUN      ] RSA/KeymasterGenerateRSATest.GenerateKeyPair_RSA_Success/2
[       OK ] RSA/KeymasterGenerateRSATest.GenerateKeyPair_RSA_Success/2 (4331 ms)
[ RUN      ] RSA/KeymasterGenerateRSATest.GenerateKeyPair_RSA_Success/3
[       OK ] RSA/KeymasterGenerateRSATest.GenerateKeyPair_RSA_Success/3 (18938 ms)
[ RUN      ] RSA/KeymasterGenerateRSATest.GenerateKeyPair_RSA_Success/4
[       OK ] RSA/KeymasterGenerateRSATest.GenerateKeyPair_RSA_Success/4 (20071 ms)
[----------] 5 tests from RSA/KeymasterGenerateRSATest (43802 ms total)

[----------] 5 tests from EC/KeymasterGenerateECTest
Using keymaster module: Keymaster OpenSSL HAL
[ RUN      ] EC/KeymasterGenerateECTest.GenerateKeyPair_EC_Success/0
[       OK ] EC/KeymasterGenerateECTest.GenerateKeyPair_EC_Success/0 (9 ms)
[ RUN      ] EC/KeymasterGenerateECTest.GenerateKeyPair_EC_Success/1
[       OK ] EC/KeymasterGenerateECTest.GenerateKeyPair_EC_Success/1 (12 ms)
[ RUN      ] EC/KeymasterGenerateECTest.GenerateKeyPair_EC_Success/2
[       OK ] EC/KeymasterGenerateECTest.GenerateKeyPair_EC_Success/2 (16 ms)
[ RUN      ] EC/KeymasterGenerateECTest.GenerateKeyPair_EC_Success/3
[       OK ] EC/KeymasterGenerateECTest.GenerateKeyPair_EC_Success/3 (37 ms)
[ RUN      ] EC/KeymasterGenerateECTest.GenerateKeyPair_EC_Success/4
[       OK ] EC/KeymasterGenerateECTest.GenerateKeyPair_EC_Success/4 (83 ms)
[----------] 5 tests from EC/KeymasterGenerateECTest (158 ms total)

[----------] 3 tests from Types/KeymasterAllTypesTest
Using keymaster module: Keymaster OpenSSL HAL
[ RUN      ] Types/KeymasterAllTypesTest.GenerateKeyPair_NullParams_Failure/0
[       OK ] Types/KeymasterAllTypesTest.GenerateKeyPair_NullParams_Failure/0 (1 ms)
[ RUN      ] Types/KeymasterAllTypesTest.GenerateKeyPair_NullParams_Failure/1
[       OK ] Types/KeymasterAllTypesTest.GenerateKeyPair_NullParams_Failure/1 (0 ms)
[ RUN      ] Types/KeymasterAllTypesTest.GenerateKeyPair_NullParams_Failure/2
[       OK ] Types/KeymasterAllTypesTest.GenerateKeyPair_NullParams_Failure/2 (0 ms)
[----------] 3 tests from Types/KeymasterAllTypesTest (1 ms total)

[----------] Global test environment tear-down
[==========] 40 tests from 4 test cases ran. (44099 ms total)
[  PASSED  ] 40 tests.

Found in GT-I9301I Neo Combination Firmware...


IMHO more then ccm_gen_cert things exists...


In S3 Neo FAC also 2 APKs ... but not working...


I will try to check what it is...


Best Regards

Edit 1.

Seems i found the filenames... its Qualcomm stuff...
QSSEPKCS11OtpGen.apk
QSSEP11EncryptorDecryptor.apk
  Reply With Quote
Old 12-31-2024, 09:37   #64 (permalink)
No Life Poster
 
Join Date: Dec 2006
Location: yes
Posts: 808
Member: 420658
Status: Online
Thanks Meter: 233
Code:
EngineeringMode mnfr ROOT

Found by mistake the Root CA Cert of v4 EM adventure...


No Panic. Only the Public Cert with Public Key aka Modulus.


But IMHO helpfull to identify the chain...


Best Regards
  Reply With Quote
The Following User Says Thank You to adfree For This Useful Post:
Old 01-14-2025, 02:53   #65 (permalink)
No Life Poster
 
Join Date: Dec 2006
Location: yes
Posts: 808
Member: 420658
Status: Online
Thanks Meter: 233
v4 Root CA Full Cert can be found in Qualcomm devices...

BL_S918BXXS7CXK6_S918BXXS7CXK6_MQB89170536_REV00_u ser_low_ship_MULTI_CERT.tar.md5
Inside:
Code:
XblRamdump.elf

We can use this text string or Modulus... for search:
Code:
EngineeringMode mnfr ROOT

In Exynos FW I found only Modulus inside sboot.bin...
Not the Full Root CA Cert...


Will post example...


Best Regards
  Reply With Quote
Old 01-14-2025, 03:08   #66 (permalink)
No Life Poster
 
Join Date: Dec 2006
Location: yes
Posts: 808
Member: 420658
Status: Online
Thanks Meter: 233
BL_S921BXXS5AXKA_S921BXXS5AXKA_MQB89011005_REV00_u ser_low_ship_MULTI_CERT.tar.md5

sboot.bin

pubkey/Modulus only from v4 Root CA...


Only as info.


Best Regards
  Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


 



All times are GMT +1. The time now is 21:01.



Powered by Searchlight © 2025 Axivo Inc.
vBulletin Optimisation provided by vB Optimise (Pro) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
- GSM Hosting Ltd. - 1999-2023 -
Page generated in 0.09402 seconds with 9 queries

SEO by vBSEO