FORUMS

OnePlus 2 Announced: Specs, Price and Details

The OnePlus 2 has just had its Virtual Reality Launch event, and at the XDA Office we all … more

A Helpful Guide to Music Streaming Services

With the launch of Apple Music, music streaming services have recently gained a lot of … more

An Inside Look at the Redesign of Business Calendar

The much-acclaimed calendar app, Business Calendar, underwent a major design … more

New Android One Device Dead On Arrival

Today, Google announced the second generation of Android One devices, with the new Lava Pixel … more

Goal: S-off HOX (TEGRA3)

5,884 posts
Thanks Meter: 7,732
 
By Lloir, Recognized Contributor / Recognized Developer on 20th December 2012, 12:46 PM
Post Reply Subscribe to Thread Email Thread
25th January 2013, 07:27 AM |#141  
TripNRaVeR's Avatar
Senior Member
Flag Stevensweert
Thanks Meter: 12,585
 
Donate to Me
More
Quote:
Originally Posted by eppeP

I guess some of you have started to figure this out, but just to be clear as there seems to be some confusion.

The SBK is chosen by the manufacturer.

Acer have choosen to (for some of their models) base the SBK on the UID. This does not neccessarilly mean that this is the way it is for any for any devices by any other manufacturer, or even for other models from Acer. It could be that they have chosen to do it the same way, but it is highly unlikely.

Using nvflash on a Asus tf201 makes you get the SBK the same way based on UID. Toshiba SBK also the same way.
The Following 6 Users Say Thank You to TripNRaVeR For This Useful Post: [ View ]
 
 
25th January 2013, 01:37 PM |#142  
Senior Member
Thanks Meter: 265
 
More
Quote:
Originally Posted by TripNRaVeR

Code:
hal-get-property --udi "$(hal-find-by-property --key 'info.product' --string 'HTC One X')" --key 'usb_device.serial'
download bct here:
http://www.datafilehost.com/download-b7a1e658.html

this gets you the same as

Code:
cat /sys/devices/platform/android_usb/usb_serial_number
or
Code:
adb devices
which device is the bct from?

either way, we don't have access to the bct/ebt partitions as they are somehow masked, even to the kernel; or you could dump them from the raw block device mmcblk0
The Following 4 Users Say Thank You to blubbers For This Useful Post: [ View ]
25th January 2013, 03:53 PM |#143  
backfromthestorm's Avatar
Senior Member
Flag 47000 places at once.
Thanks Meter: 269
 
More
That's not the correct ID then if its the same as the device ID is it?
Hence it's under dummy_usb_serial_number in /platform/android_usb/
25th January 2013, 03:55 PM |#144  
MrT69's Avatar
Senior Member
Flag Odelzhausen
Thanks Meter: 338
 
More
Re: Goal: S-off HOX+ and maybe the HOX (TEGRA3)
I don't know if this might be important but JB devices seems currently have no chance to managed with NVFLASH.
Every other Tegra3 device i.e. A500 can be flashed but all discussion ends with "...if you have JB installed no chance"


Sent from my EndeavorU using xda app-developers app
25th January 2013, 04:24 PM |#145  
backfromthestorm's Avatar
Senior Member
Flag 47000 places at once.
Thanks Meter: 269
 
More
androidboot.sf=1 androidboot.skunum=0 androidboot.cid=HTC__001 androidboot.mid=PJ4610000 androidboot.serialno=HT242W104819 androidboot.mb_serialno=419G223L11977 androidboot.bootloader=1.39.0000 last_off_event=pmu_poweroff start_on_event=none hw_rst_reason=0x0 sw_rst_reason=0x0 project_phase=A radioflag=0x0 ats=0 hlog.ofs=296 un.ofs=0 HBootTemp=0 androidboot.engid=0x0


In proc/cmdline there lists two serial numbers, one is the device id from adb devices, the other isn't, or is that the motherboard id?
25th January 2013, 05:28 PM |#146  
Senior Member
Thanks Meter: 67
 
More
Quote:
Originally Posted by TripNRaVeR

Using nvflash on a Asus tf201 makes you get the SBK the same way based on UID. Toshiba SBK also the same way.

At the risk of going slightly of topic, would you care to share some sources for this statement?
I can't seem to find anything but failed attemts for Toshiba (except those models without SBK). For the tf201 the only method I can find seems to rely on using a patched bootloader to, I presume, generate pre-signed RCM messages while the SBK is still available. Which would seem to be a quite convoluted way of doing things if the SBK (or the algorithm to generate it) is known.
25th January 2013, 05:33 PM |#147  
TripNRaVeR's Avatar
Senior Member
Flag Stevensweert
Thanks Meter: 12,585
 
Donate to Me
More
Quote:
Originally Posted by blubbers

this gets you the same as

Code:
cat /sys/devices/platform/android_usb/usb_serial_number
or
Code:
adb devices
which device is the bct from?

either way, we don't have access to the bct/ebt partitions as they are somehow masked, even to the kernel; or you could dump them from the raw block device mmcblk0

The bct file is from the HTC One X... only encrypted.
The Following 6 Users Say Thank You to TripNRaVeR For This Useful Post: [ View ]
26th January 2013, 06:23 PM |#148  
ExoticMe's Avatar
Senior Member
Flag Riyadh
Thanks Meter: 1,104
 
More
Quote:
Originally Posted by TripNRaVeR

The bct file is from the HTC One X... only encrypted.


can it be decrypted ?
26th January 2013, 08:15 PM |#149  
Senior Member
Thanks Meter: 265
 
More
Re: Goal: S-off HOX+ and maybe the HOX (TEGRA3)
Quote:
Originally Posted by TripNRaVeR

The bct file is from the HTC One X... only encrypted.

No, it is not encrypted, the data is not random and can be decoded using some bct decoder

Sent from my HTC One X using xda app-developers app
The Following 2 Users Say Thank You to blubbers For This Useful Post: [ View ]
26th January 2013, 09:24 PM |#150  
The_Genius's Avatar
Member
Flag LONDON
Thanks Meter: 59
 
More
Thumbs up
Quote:
Originally Posted by The5alodi

can it be decrypted ?

If some one will give me an output of first 32-128 bit how the file header may look like, I will decrypt the rest.
The Following 19 Users Say Thank You to The_Genius For This Useful Post: [ View ]
27th January 2013, 12:59 AM |#151  
Senior Member
Thanks Meter: 67
 
More
Quote:
Originally Posted by The_Genius

If some one will give me an output of first 32-128 bit how the file header may look like, I will decrypt the rest.

There is nothing to decrypt, as have already been stated the file is not encrypted.
The first 16 bytes is the signature (an AES128 CMAC built using the SBK or, as in this case where no SBK is set, an all zero key).
The signature matches the following 6112 bytes of unencrypted data.
The Following User Says Thank You to eppeP For This Useful Post: [ View ]

Read More
Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes