Originally Posted by hutchinsane_
Problem is, even if you manage to repack the different modules, (You could Use Andys Tool for that, I got into Bios modding some time ago ) the phone will detect it and since the signature has been broken it won't flash. But I am quite interested in the volume dump since I have a HTC 8S motherboard stuck in recovery mode because I tried to flash the 8X rom on it, with the 8S signature ('t was an accident) You could try to get the offset you need to change with UIFR by Donovan http://donovan6000.blogspot.de/2014/...extractor.html
ok here is what i have so far. Ideas are still out there.
I need to find a tool that can extract a perfect capsule. from the uefi. even though the uegi binary partition is write protected. the capsule may be writeable. no need to worry about signatures and keys as long as the capsule is back to its origiinal size and expands as normal after being flashed to the device. also no alteratiin can been done to Security module within the capsule. thats ok because all the modules are contained within there own class and to do not require signature verification. this has worked with Intel and Amtel Uefi bios. From what i can tell Htc8x has an embedded amtel at24c128bn eeprom security chip present and if there eeprom is as easy as there tpm (trusted platform module) being used for security validation in uefi bios boot process used on pc motherboards we should in some theory be the case here too.
My overal plan is not to only expand the new development into custom roms. the plan is to fully defy microsofts most secure mobile retail device by handing them a fully customizeable device without loosing the featured security.
To my knowledge every htc 8x has the built in feature to change usb connection mode when pluged in to a pc. the only reason we cannot use this feature the same feature offered in pre android 4.3 devices is because the value in the registry is set to disableDialogmenu and the value is set to (1). i think if we can change this to (0) wen will have a popup menu present when plugging in to a pc. i found this key earlier today while searching my phones registry. i will post up this key later.
Another is Andrid. HTC One S Ville U has identical hardware. believe this the hboot for ville U is built just like the uefi for the 8x. so close in fact like you can cee the ebl module refrences the ville u. ok so heres more. when i tore apart ruu ville u i found the exact same files that exist withing the ruu accord. the files im refering to are the platform info files that check for firmware cimpatibility. the only alteration needed would be to replace the secure boot binaries in the ville u rom.zip and inject my certificates i have been holding onto.
i have 2 platform verification keys (pvk) i have found from encrypted jtag nand dumps. probably useless. itsva good refrence start on a possible challenge with DPP partition.
self signing certs is not a problem. i have everything to work around the issue of kek db dbx ovk and pvk keys and certificates. found a dev who put together a wpdeveloper pack that creats all needed certificates for wp soc oem ihv developemt and also remotly sets up all the needed requirements and resources to build and flash a signed ffu. i can assure hyc 8x ffu exist. but the only way to get a qualcomm accord u full flash uodate is to build it. you do not have to be an oem to build a ffu. there is a process to doing this. all you need is to create an empty zip archive labeled corrextly likr how nokia ffus look. add a specific xml soap scripts. similar to.the ones for cab update checks. mainly the cabs that are labeled emptypackage.
ive came across a few but not enough. i think a workaround would he microsoft cabinet sdk. to rebuild. whats missing. the cab that contaijes all the xml provision licenses is needed for the ffu build. as well. now the documentation on the wpoem site says you need the phone image design tool to build a ffu........o darn dead end.... nope the is another way. some confedientel ihv documents demonstrate like rhe above mentoned empty zip file correctly labeled with correct xml scemas layed out then added to the zip. you must setup your pc environment with microsoft client connextion to redmond. they validate you contoso build zip is accurate and if doen correctly you will returned with a fully built full flash update package. theres lots i didnt not mention. i should not.
so any ways. back to the topic. once i can find all the correct libraries to correctly rebuild this uefi all options will be on the table. moke like endless opportunities in customizations and features. well almost.
litsvofbwork needs done. anybody else has gots guts to conqueror with me head over to mydigitallife and sure uobthere endless threads on uedi bios hacking.
i completely sandboxied hck adk win sdk win kits wpsdk ack and vs2013. zi
ffutool.exe & ffuresources.dll
sent from the moon