Or Continue to Thread: [Q] <Q> How to root Shar…
Find Your Device:
6th September 2011, 10:49 PM   |  #150  
dbaf14's Avatar
Senior Member
Thanks Meter: 194
282 posts
Join Date:Joined: May 2010
Hoihoi guys ,

thought about what is needed for rooting the SH-12C , so could it be possible to take a look into the present firmware from the major update?

i searched for the downloadet contents of the update tool and hosted the files here

(found after downloading in "C:\Users\your username\AppData\Roaming\SHARP\Android Major Update Tool\ImagesGet")

Filename: SHARP.rar
size: 395.42 MB

after opening the folder "ImagesGet" just u can see ".ENC" and ".SIG" files , dont know much abt coding and so on and tried several unpacking methods already,,with no luck -.- ! maybe someone give it a try and can extract the whole Firmware out of this files ! ;)
also i think the key of this can be found in the main directory of the update tool in one of the .dll's.


found something that also could help to dump the firmware while updating


this is from a game!!!


Things needed
Ollydbg: http://www.ollydbg.de

pmdump.exe: http://www.ntsecurity.nu/toolbox/pmdump

Textpad (or anything capable of handling large files) : http://www.textpad.com/download/index.html

First start your task manager by right-clicking the clock on the windows explorer bar at the bottom of your screen and select "Task Manager". Click View->Select columns and tick "PID (Process identifier)" as you will need this if using pmdump to dump the memory.

Dumping memory using pmdump is simple. Use "pmdump <pid> <filename>". If my task manager shows cabalmain.exe with a PID of 3226 and i want memory dumped to c:\cabaldump.dmp i would use the "pmdump.exe 3226 c:\cabaldump.dmp" command from command prompt.

The method
Start olly. Do File->Open and point to cabalmain and also put an argument of "breaklee".
After a few seconds olly will pause (look at bottom right). Right-click in the "CPU - main thread" window, select Goto->Expression and enter "00406F75" to go to the address. Press F2 to create a breakpoint (check in your breakpoints window).
Now click the Play button on the toolbar and it will pause again. Dump the memory.
There isn't anything useful in here yet but if you scroll right to the bottom of the dump you will see cabal.enc's name. From this point on the name of the next file to be decoded should be at the bottom of the dump. Hit play again and dump the memory when it pauses.
Open the dump in textpad and search for "<cabal_server>". You should be taken to cabal.enc's decoded data. Copy and save.
Look at the bottom of the dump, you should see cont.enc's name is there so it decodes next. Hit play and dump the memory again.
Make sure you have a copy of saur0n's enc files so you can check what should be in the file when searching for the decoded one in the memory dump.

files you need for this are attached

Attached Files
File Type: zip odbg110.zip - [Click for QR Code] (1.27 MB, 72 views)
File Type: zip pmdump.zip - [Click for QR Code] (17.5 KB, 40 views)
File Type: zip txpeng542.zip - [Click for QR Code] (2.51 MB, 57 views)
Last edited by dbaf14; 7th September 2011 at 07:46 AM.