Welcome to XDA

Search to go directly to your device's forum

Register an account

Unlock full posting privileges

Ask a question

No registration required
Post Reply

Goal: S-off HOX (TEGRA3)

OP Lloir

25th January 2013, 08:27 AM   |  #141  
TripNRaVeR's Avatar
Senior Member
Flag Stevensweert
Thanks Meter: 12,585
 
2,379 posts
Join Date:Joined: Jun 2010
Donate to Me
More
Quote:
Originally Posted by eppeP

I guess some of you have started to figure this out, but just to be clear as there seems to be some confusion.

The SBK is chosen by the manufacturer.

Acer have choosen to (for some of their models) base the SBK on the UID. This does not neccessarilly mean that this is the way it is for any for any devices by any other manufacturer, or even for other models from Acer. It could be that they have chosen to do it the same way, but it is highly unlikely.

Using nvflash on a Asus tf201 makes you get the SBK the same way based on UID. Toshiba SBK also the same way.
The Following 6 Users Say Thank You to TripNRaVeR For This Useful Post: [ View ]
25th January 2013, 02:37 PM   |  #142  
Senior Member
Thanks Meter: 257
 
278 posts
Join Date:Joined: Jan 2011
Quote:
Originally Posted by TripNRaVeR

Code:
hal-get-property --udi "$(hal-find-by-property --key 'info.product' --string 'HTC One X')" --key 'usb_device.serial'
download bct here:
http://www.datafilehost.com/download-b7a1e658.html

this gets you the same as

Code:
cat /sys/devices/platform/android_usb/usb_serial_number
or
Code:
adb devices
which device is the bct from?

either way, we don't have access to the bct/ebt partitions as they are somehow masked, even to the kernel; or you could dump them from the raw block device mmcblk0
The Following 4 Users Say Thank You to blubbers For This Useful Post: [ View ]
25th January 2013, 04:53 PM   |  #143  
backfromthestorm's Avatar
Senior Member
Flag 47000 places at once.
Thanks Meter: 268
 
739 posts
Join Date:Joined: Jul 2011
More
That's not the correct ID then if its the same as the device ID is it?
Hence it's under dummy_usb_serial_number in /platform/android_usb/
25th January 2013, 04:55 PM   |  #144  
MrT69's Avatar
Senior Member
Flag Odelzhausen
Thanks Meter: 335
 
305 posts
Join Date:Joined: May 2006
More
Re: Goal: S-off HOX+ and maybe the HOX (TEGRA3)
I don't know if this might be important but JB devices seems currently have no chance to managed with NVFLASH.
Every other Tegra3 device i.e. A500 can be flashed but all discussion ends with "...if you have JB installed no chance"


Sent from my EndeavorU using xda app-developers app
25th January 2013, 05:24 PM   |  #145  
backfromthestorm's Avatar
Senior Member
Flag 47000 places at once.
Thanks Meter: 268
 
739 posts
Join Date:Joined: Jul 2011
More
androidboot.sf=1 androidboot.skunum=0 androidboot.cid=HTC__001 androidboot.mid=PJ4610000 androidboot.serialno=HT242W104819 androidboot.mb_serialno=419G223L11977 androidboot.bootloader=1.39.0000 last_off_event=pmu_poweroff start_on_event=none hw_rst_reason=0x0 sw_rst_reason=0x0 project_phase=A radioflag=0x0 ats=0 hlog.ofs=296 un.ofs=0 HBootTemp=0 androidboot.engid=0x0


In proc/cmdline there lists two serial numbers, one is the device id from adb devices, the other isn't, or is that the motherboard id?
25th January 2013, 06:28 PM   |  #146  
Senior Member
Thanks Meter: 63
 
121 posts
Join Date:Joined: Nov 2011
Quote:
Originally Posted by TripNRaVeR

Using nvflash on a Asus tf201 makes you get the SBK the same way based on UID. Toshiba SBK also the same way.

At the risk of going slightly of topic, would you care to share some sources for this statement?
I can't seem to find anything but failed attemts for Toshiba (except those models without SBK). For the tf201 the only method I can find seems to rely on using a patched bootloader to, I presume, generate pre-signed RCM messages while the SBK is still available. Which would seem to be a quite convoluted way of doing things if the SBK (or the algorithm to generate it) is known.
25th January 2013, 06:33 PM   |  #147  
TripNRaVeR's Avatar
Senior Member
Flag Stevensweert
Thanks Meter: 12,585
 
2,379 posts
Join Date:Joined: Jun 2010
Donate to Me
More
Quote:
Originally Posted by blubbers

this gets you the same as

Code:
cat /sys/devices/platform/android_usb/usb_serial_number
or
Code:
adb devices
which device is the bct from?

either way, we don't have access to the bct/ebt partitions as they are somehow masked, even to the kernel; or you could dump them from the raw block device mmcblk0

The bct file is from the HTC One X... only encrypted.
The Following 6 Users Say Thank You to TripNRaVeR For This Useful Post: [ View ]
26th January 2013, 07:23 PM   |  #148  
ExoticMe's Avatar
Senior Member
Flag Riyadh
Thanks Meter: 1,103
 
1,095 posts
Join Date:Joined: Aug 2012
More
Quote:
Originally Posted by TripNRaVeR

The bct file is from the HTC One X... only encrypted.


can it be decrypted ?
26th January 2013, 09:15 PM   |  #149  
Senior Member
Thanks Meter: 257
 
278 posts
Join Date:Joined: Jan 2011
Re: Goal: S-off HOX+ and maybe the HOX (TEGRA3)
Quote:
Originally Posted by TripNRaVeR

The bct file is from the HTC One X... only encrypted.

No, it is not encrypted, the data is not random and can be decoded using some bct decoder

Sent from my HTC One X using xda app-developers app
The Following 2 Users Say Thank You to blubbers For This Useful Post: [ View ]
26th January 2013, 10:24 PM   |  #150  
The_Genius's Avatar
Member
Flag LONDON
Thanks Meter: 58
 
76 posts
Join Date:Joined: Feb 2012
Thumbs up
Quote:
Originally Posted by The5alodi

can it be decrypted ?

If some one will give me an output of first 32-128 bit how the file header may look like, I will decrypt the rest.

The Following 19 Users Say Thank You to The_Genius For This Useful Post: [ View ]
Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes