5,603,591 Members 35,781 Now Online
XDA Developers Android and Mobile Development Forum

DEV ONLY - NAND access + Full Unlock for Lumia 710 & 800

Tip us?
 
tjramage
Old
#671  
Senior Member
Thanks Meter 25
Posts: 152
Join Date: Dec 2011
Quote:
Originally Posted by mousey_ View Post
These are the files for the 12120 euro1 update:

http://xdafil.es/Lumia800/Dev/12120
That's 12070, not 12120...
The Following User Says Thank You to tjramage For This Useful Post: [ Click to Expand ]
 
donpromillo
Old
#672  
donpromillo's Avatar
Member
Thanks Meter 15
Posts: 66
Join Date: Nov 2011
Quote:
Originally Posted by biktor_gj View Post
but you can try to disassemble it with osbuilder's Dump Tool and see if you can find your files in there...
Unfortunatly, OsBuilder latest failed to dump. I'll try with imgfstools.

DonPromillo
The Following User Says Thank You to donpromillo For This Useful Post: [ Click to Expand ]
 
_Madmatt
Old
#673  
Senior Member
Thanks Meter 114
Posts: 800
Join Date: Jul 2009

 
DONATE TO ME
Quote:
Originally Posted by donpromillo View Post
In the very first part of data.0.dat, you can find that Microsoft Primitive Provider with AES and SHA1 is used to create a CBC-Stream, which is stored by zune in the data.x.dat files. That means to me, either there is a static key used to crypt the CBC-Stream or a certificate. If a static key is used, it should be possible to find it, if a cert is used, the private key for this cert must be stored on phone, cause I do not need network to achieve a privatekey stored at MS-Sites to create a backup.
True, my guess is that it should be a static key, because you should be able to restore your phone with the backup. If the cert is on the phone and you made your phone in a unusable state the cert may be deleted as well and the backup is useless. Just some thoughts though.

Quote:
Originally Posted by donpromillo View Post
My first thought was, that the cert "zune-tuner://windowsphone/UUID... "in my private certstore on my PC is used, but my attempts to decrypt the backup-files weren't successful. But the explicit reference in the C:\Users\Myname\AppData\Local\Microsoft\Windows Phone Update\xxxxxxx - xxxxxxxx - xxxxxxxx - xxxxxxxxx\Properties\properties.xml onto this cert must have a cause.
I think this is just some sort of identifier for the device. If you look at the name of the node in the XML document it is called DeviceUrlId.

I found that the backup consists of blocks of 4194328 bytes (every .dat file has this size, except the last one). So it would be very difficult to change contents of the ROM, because it is just split into pieces and every piece has a hash (Data.x.dat.hash). If you'd want to change contents, you would have to be careful with the splitted data, and you would have to generate a new hash for each piece.

Then there is also the C:\Users\MyName\AppData\Local\Microsoft\Windows Phone Update\xxxxxxxx - xxxxxxxx - xxxxxxxx - xxxxxxxx\RestorePoint\XXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX\Data\Manifest.xml file which contains data about every Data.x.dat file. It contains the size, and the index in the ROM (every DAT has an index, as they are splitted into pieces). There is also an DibrVersion key for every Data.x.dat file, but I have no clue on what this could be...
Windows Phone proves that you can make an original and innovative OS without copying Apple. Something Google didn't manage to do.

NOKIA Lumia 920 | OS: WP8 Apollo (8.0.9903.10)
NOKIA Lumia 800 | OS: WP7.5 Mango (7.10.8773.98)
HTC 7 Mozart
HTC HD Mini (sold)
The Following 2 Users Say Thank You to _Madmatt For This Useful Post: [ Click to Expand ]
 
Briefcase
Old
#674  
Senior Member
Thanks Meter 42
Posts: 184
Join Date: Nov 2009
Quote:
Originally Posted by donpromillo View Post
Yes, I think too thats there is a sort of signature. In the very first part of data.0.dat, you can find that Microsoft Primitive Provider with AES and SHA1 is used to create a CBC-Stream, which is stored by zune in the data.x.dat files. That means to me, either there is a static key used to crypt the CBC-Stream or a certificate. If a static key is used, it should be possible to find it, if a cert is used, the private key for this cert must be stored on phone, cause I do not need network to achieve a privatekey stored at MS-Sites to create a backup.

My first thought was, that the cert "zune-tuner://windowsphone/UUID... "in my private certstore on my PC is used, but my attempts to decrypt the backup-files weren't successful. But the explicit reference in the C:\Users\Myname\AppData\Local\Microsoft\Windows Phone Update\xxxxxxx - xxxxxxxx - xxxxxxxx - xxxxxxxxx\Properties\properties.xml onto this cert must have a cause.

So if I'm able to identify the mechanism, either cert or static secret, and able to export either private key or used secret, I should be able to create a valid signature for edited files too.

Regards
Good thought!! As phone backups are unique to the phone that made it (you cannot restore a backup made on phone #1 and restore it to phone #2, even if both are, for example, Lumia 800's), i think there is no static certificate. Each phone stores it's own unique certificate to encrypt the data. It is true that zune only handles the encrypted stream of data, the phone does the encryption, i read that over here some while ago . Best of luck!
 
Heathcliff74
Old
#675  
Heathcliff74's Avatar
Recognized Developer
Thanks Meter 2054
Posts: 1,439
Join Date: Dec 2010

 
DONATE TO ME
Quote:
Originally Posted by donpromillo View Post
Yes, I think too thats there is a sort of signature. In the very first part of data.0.dat, you can find that Microsoft Primitive Provider with AES and SHA1 is used to create a CBC-Stream, which is stored by zune in the data.x.dat files. That means to me, either there is a static key used to crypt the CBC-Stream or a certificate. If a static key is used, it should be possible to find it, if a cert is used, the private key for this cert must be stored on phone, cause I do not need network to achieve a privatekey stored at MS-Sites to create a backup.

My first thought was, that the cert "zune-tuner://windowsphone/UUID... "in my private certstore on my PC is used, but my attempts to decrypt the backup-files weren't successful. But the explicit reference in the C:\Users\Myname\AppData\Local\Microsoft\Windows Phone Update\xxxxxxx - xxxxxxxx - xxxxxxxx - xxxxxxxxx\Properties\properties.xml onto this cert must have a cause.

So if I'm able to identify the mechanism, either cert or static secret, and able to export either private key or used secret, I should be able to create a valid signature for edited files too.

Regards
The device unique certs are stored in the MY-store on the WP7-device. They are refreshed about once a month (when they expire). There is a total of 4 certs in the MY-store. They are for different device-unique purposes. One of them is a zune-tuner cert.

Ciao,
Heathcliff74

www.wp7roottools.com

Developer of "WP7 Root Tools"
Pioneer of "Interop Unlock"
Pioneer in Native Code Development on WP7


Also look at some of my other work:
Collection of all official WP7 updates, language packs and OEM updates
Guide for deploying files to your WP7 device


If you have questions about unlocking, please read this before you start mailing me, because my mailboxes are full

The Following User Says Thank You to Heathcliff74 For This Useful Post: [ Click to Expand ]
 
donpromillo
Old
#676  
donpromillo's Avatar
Member
Thanks Meter 15
Posts: 66
Join Date: Nov 2011
Quote:
Originally Posted by _Madmatt View Post
I think this is just some sort of identifier for the device. If you look at the name of the node in the XML document it is called DeviceUrlId.
No, this is a certificate with a private key that could be used to encrypt something. Normaly the private key of that cert is not marked as exportable, so you can use this cert only on one computer, cause you cannot move the private key. I found a tool to export the private key as a first step. Now I'm on a search of information about the structure of the imgfs (which seems to be used in the backupfile and in the dump of sdx9 and how to extract that containers into a usable structure like direktories and files.
My attempts using OSBuilder and IMGFSTOOLS 2.1rc failed - any hints here?
The Following User Says Thank You to donpromillo For This Useful Post: [ Click to Expand ]
 
meLIanTQ
Old
#677  
Senior Member
Thanks Meter 4
Posts: 274
Join Date: Mar 2010
Location: Seine Maritime
Quote:
Originally Posted by donpromillo View Post
No, this is a certificate with a private key that could be used to encrypt something. Normaly the private key of that cert is not marked as exportable, so you can use this cert only on one computer, cause you cannot move the private key. I found a tool to export the private key as a first step. Now I'm on a search of information about the structure of the imgfs (which seems to be used in the backupfile and in the dump of sdx9 and how to extract that containers into a usable structure like direktories and files.
My attempts using OSBuilder and IMGFSTOOLS 2.1rc failed - any hints here?
http://forum.xda-developers.com/show...79&postcount=1
http://forum.xda-developers.com/show...82&postcount=1

Im put the 'cecompr_nt.dll' of FFUParttool_v.1.3.1 on the bin folder of xidump_v1.0_beta and the dump of the RM801_12w07_prod_euro1_FlashClean.ffu work see a lot file ... don't know if help you
[Unsupported Now] My AOSP rom for HTC Desire
The Following User Says Thank You to meLIanTQ For This Useful Post: [ Click to Expand ]
 
donpromillo
Old
#678  
donpromillo's Avatar
Member
Thanks Meter 15
Posts: 66
Join Date: Nov 2011
Quote:
Originally Posted by meLIanTQ View Post
http://forum.xda-developers.com/show...79&postcount=1
http://forum.xda-developers.com/show...82&postcount=1

Im put the 'cecompr_nt.dll' of FFUParttool_v.1.3.1 on the bin folder of xidump_v1.0_beta and the dump of the RM801_12w07_prod_euro1_FlashClean.ffu work see a lot file ... don't know if help you
Thanks, I tried this, but xidump crashes on my w7_x64. all other tools I tried weren't able to extract the imgfs-part from a dump of partition 9. I do not know, if its really neccessary to extract the dump, but thought, it would be easier to unterstand the file and folder organization on the phone and so being better prepared to discover the zune backup files.

Regards

---------- Post added at 04:56 PM ---------- Previous post was at 04:44 PM ----------

Quote:
Originally Posted by Heathcliff74 View Post
The device unique certs are stored in the MY-store on the WP7-device. They are refreshed about once a month (when they expire). There is a total of 4 certs in the MY-store. They are for different device-unique purposes. One of them is a zune-tuner cert.

Ciao,
Heathcliff74
Hi Heathcliff74,

are the certs on the phone refreshed every month with a new private key or refreshed using the same private key. If the latter is correct, then there is a chance that a cert is part of the backup encryption. If the private key changes, then it would impact, thats this is not a part of backup encryption, cause every backup older than the actual certificate becomes undecryptable, when the private key changes and no "master key" exists.
Regards

DonPromillo
The Following User Says Thank You to donpromillo For This Useful Post: [ Click to Expand ]
 
das_boot
Old
#679  
Junior Member
Thanks Meter 0
Posts: 12
Join Date: Jan 2007
Location: Vilnius
Quote:
Originally Posted by mousey_ View Post
Does it mean that FullUnlock-os-new.nb does the trick and wipes SIM LOCK too?
My sister has its Lumia 800 SIMLOCKED to Orange T-Mobile UK and asks me to help with that problem.

Sorry to disturb you, you can answer me with PM. Thanks!
 
voluptuary
Old
#680  
voluptuary's Avatar
Senior Member
Thanks Meter 731
Posts: 939
Join Date: Dec 2010
Location: Mukwonago

 
DONATE TO ME
Quote:
Originally Posted by das_boot View Post
Does it mean that FullUnlock-os-new.nb does the trick and wipes SIM LOCK too?
My sister has its Lumia 800 SIMLOCKED to Orange T-Mobile UK and asks me to help with that problem.

Sorry to disturb you, you can answer me with PM. Thanks!
No
My contributions:
Clean ROM for Samsung Focus v1.3, Nokia Lumia 800, and HTC HD2
Samsung Interop Unlock & Internet Sharing All-In-One for Windows Phone
Samsung Custom Theme & Accent Colors for Windows Phone
List of Windows Phone Unlocks by Type/OEM

Allstars that donated: RonV42, dark.angel

CURRENT DEVICES: HTC HD2, Nokia Lumia 800, Nokia N9, Apple iPhone 4, Nokia Lumia 920

Get a FREE 2GB Dropbox account plus we'll get a bonus 500MB!

Tags
android, bootloader, full unlock, interopunlock, nand
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes