22nd February 2012, 04:29 PM
(Last edited by 1wayjonny; 22nd February 2012 at 04:32 PM .)
Senior Member -
OP
Thanks Meter
759
Posts: 400
Join Date: Jan 2007
[Decompiled] Asus - UnLock_Device_App_V6
Decompiled the APK using Brut.alll APK tool and just thought I would share for anyone wants to shift through the codes and commands.
They basically flag the system and kick into recovery to start the unlock process but have a look yourself.
Brut.alll APK Tool: http://code.google.com/p/android-apktool/
Not sure if this will be useful for the original Transformer as Asus stated that this works with ICS only, being the original transformer does not have ICS the bootloader may not be able to handle the steps should someone figure it out.
.: HTC One - 4.2.2
.: Nexus 10
.: Download Android Universal Naked Driver for your ADB,Fastboot & APX needs (Now supporting HTC)
_________________________________
1)
Test Subject
2)
Results
The Following 4 Users Say Thank You to 1wayjonny For This Useful Post: [ Click to Expand ]
22nd February 2012, 05:40 PM
Recognized Contributor
Thanks Meter
767
Posts: 426
Join Date: Dec 2011
DONATE TO ME
For anyone who would prefer to look at the code as java, here is a .jar created from the .dex with .class files. This would be in place of the .smali files.
The Following 2 Users Say Thank You to sparkym3 For This Useful Post: [ Click to Expand ]
22nd February 2012, 06:01 PM
Senior Member
Thanks Meter
303
Posts: 1,567
Join Date: Jan 2011
Is it worth waiting for something to come of this? Like could this be reverse engineered to exclude the communication to asus about your serials?
22nd February 2012, 06:07 PM
Member
Thanks Meter
8
Posts: 77
Join Date: Nov 2009
What is different with this app and the asus app ???
22nd February 2012, 06:13 PM
Senior Member
Thanks Meter
12
Posts: 115
Join Date: Nov 2009
Nothing is different, it's just the apk reverse engineered so it is "viewable" (read modifiable) by our devs. Hopefully the devs can come up with something to unlock the bootloader and prevent your warranty from being voided (or come up with a way to relock the bootloader should warranty issues come up).
22nd February 2012, 06:16 PM
(Last edited by Hawkysoft; 22nd February 2012 at 06:19 PM .)
Senior Member
Thanks Meter
155
Posts: 699
Join Date: Jul 2010
Location: Rotterdam
DONATE TO ME
thanks, but no need to post this... people who needed this allready done that...
Signature(string Device) {... if(Device = ("Xperia Z" ) {...... if(Firmware = Stock ) {......... AndroidOS = 4.1.2;......... Status = BL-unlocked+ROOT;...... }... }... if(Device = ("ASUS Transformer Prime" ) {...... AndroidOS = 4.0.4 AOKP;...... Status = BL-unlocked+ROOT;... }... return MySignature;return "unknown " ; }
22nd February 2012, 06:25 PM
Senior Member -
OP
Thanks Meter
759
Posts: 400
Join Date: Jan 2007
Quote:
Originally Posted by
sparkym3
For anyone who would prefer to look at the code as java, here is a .jar created from the .dex with .class files. This would be in place of the .smali files.
Perfect thanks saved me an extra step, I was going to do this anyhow.
.: HTC One - 4.2.2
.: Nexus 10
.: Download Android Universal Naked Driver for your ADB,Fastboot & APX needs (Now supporting HTC)
_________________________________
1)
Test Subject
2)
Results
22nd February 2012, 06:33 PM
(Last edited by 1wayjonny; 22nd February 2012 at 07:42 PM .)
Senior Member -
OP
Thanks Meter
759
Posts: 400
Join Date: Jan 2007
Quote:
Originally Posted by
Hawkysoft
also this should not be under development.
Sorry about the wrong section and if anyone needs this moved please do so. I understand the process is more then just the flag but I haven't been able to read through all of the code yet (damn work) but it is good practice.
But if you have any great information to share from your end please do so, it always great to spread knowledge (even is some of the info is repeatable info more advanced users) because it help inspire other great minds.
But i understand where your coming from as well. Cheers!
**Update**
It think I see the area you are talking about now, looks like your tablet goes through a registration process with Asus before the flag is kicked on. Still looking if they hand off a code but they probably flag your device in their system as unlocked for warranty reasons as well.
.: HTC One - 4.2.2
.: Nexus 10
.: Download Android Universal Naked Driver for your ADB,Fastboot & APX needs (Now supporting HTC)
_________________________________
1)
Test Subject
2)
Results
22nd February 2012, 07:21 PM
Senior Member
Thanks Meter
2264
Posts: 3,599
Join Date: Jun 2010
DONATE TO ME
The magic happens in: UnLockFlagAndReboot.smali
Code:
.class public Lcom/asus/unlock/UnLockFlagAndReboot;
.super Ljava/lang/Object;
.source "UnLockFlagAndReboot.java"
# static fields
.field private static final MISC_PATH:Ljava/lang/String; = "/dev/block/mmcblk0p3"
.field private static final TAG:Ljava/lang/String; = "UnLockFlagAndReboot"
.field private static final USB_PATH:Ljava/lang/String; = "/dev/block/mmcblk0p4"
# instance fields
.field private mBufferReaderSize:I
.field private mContentStr:Ljava/lang/String;
.field private mContext:Landroid/content/Context;
# direct methods
.method public constructor <init>(Landroid/content/Context;)V
.locals 1
.parameter "context"
.prologue
.line 25
invoke-direct {p0}, Ljava/lang/Object;-><init>()V
.line 20
const/16 v0, 0x1f4
iput v0, p0, Lcom/asus/unlock/UnLockFlagAndReboot;->mBufferReaderSize:I
.line 21
const-string v0, ""
iput-object v0, p0, Lcom/asus/unlock/UnLockFlagAndReboot;->mContentStr:Ljava/lang/String;
.line 26
iput-object p1, p0, Lcom/asus/unlock/UnLockFlagAndReboot;->mContext:Landroid/content/Context;
.line 27
return-void
.end method
.method public static fromHexString(Ljava/lang/String;)[B
.locals 2
.parameter "in"
.prologue
.line 81
new-instance v0, Ljava/math/BigInteger;
const/16 v1, 0x10
invoke-direct {v0, p0, v1}, Ljava/math/BigInteger;-><init>(Ljava/lang/String;I)V
.line 82
.local v0, temp:Ljava/math/BigInteger;
invoke-virtual {v0}, Ljava/math/BigInteger;->toByteArray()[B
move-result-object v1
return-object v1
.end method
.method private writeRecoveryCmd(Ljava/lang/String;)V
.locals 10
.parameter "encodeCpuId"
.annotation system Ldalvik/annotation/Throws;
value = {
Ljava/io/IOException;
}
.end annotation
.prologue
.line 43
const/16 v8, 0x440
new-array v0, v8, [B
.line 44
.local v0, bary:[B
invoke-static {p1}, Lcom/asus/unlock/UnLockFlagAndReboot;->fromHexString(Ljava/lang/String;)[B
move-result-object v1
.line 46
.local v1, bary2:[B
const/16 v8, 0xb
new-array v2, v8, [B
fill-array-data v2, :array_0
.line 47
.local v2, cmd1:[B
const/16 v8, 0x9
new-array v3, v8, [B
fill-array-data v3, :array_1
.line 49
.local v3, cmd2:[B
const/4 v7, 0x0
.local v7, idx:I
:goto_0
array-length v8, v2
if-ge v7, v8, :cond_0
.line 50
const/4 v8, 0x0
aput-byte v8, v0, v7
.line 49
add-int/lit8 v7, v7, 0x1
goto :goto_0
.line 52
:cond_0
const/4 v7, 0x0
:goto_1
array-length v8, v2
if-ge v7, v8, :cond_1
.line 53
add-int/lit8 v8, v7, 0x0
aget-byte v9, v2, v7
aput-byte v9, v0, v8
.line 52
add-int/lit8 v7, v7, 0x1
goto :goto_1
.line 55
:cond_1
const/4 v7, 0x0
:goto_2
array-length v8, v3
if-ge v7, v8, :cond_2
.line 56
add-int/lit8 v8, v7, 0x40
aget-byte v9, v3, v7
aput-byte v9, v0, v8
.line 55
add-int/lit8 v7, v7, 0x1
goto :goto_2
.line 59
:cond_2
const/4 v5, 0x0
.line 61
.local v5, fos:Ljava/io/FileOutputStream;
:try_start_0
new-instance v6, Ljava/io/FileOutputStream;
const-string v8, "/dev/block/mmcblk0p3"
invoke-direct {v6, v8}, Ljava/io/FileOutputStream;-><init>(Ljava/lang/String;)V
:try_end_0
.catchall {:try_start_0 .. :try_end_0} :catchall_0
.catch Ljava/io/FileNotFoundException; {:try_start_0 .. :try_end_0} :catch_0
.catch Ljava/io/IOException; {:try_start_0 .. :try_end_0} :catch_1
.line 62
.end local v5 #fos:Ljava/io/FileOutputStream;
.local v6, fos:Ljava/io/FileOutputStream;
:try_start_1
invoke-virtual {v6, v0}, Ljava/io/FileOutputStream;->write([B)V
.line 66
new-instance v5, Ljava/io/FileOutputStream;
const-string v8, "/dev/block/mmcblk0p4"
invoke-direct {v5, v8}, Ljava/io/FileOutputStream;-><init>(Ljava/lang/String;)V
:try_end_1
.catchall {:try_start_1 .. :try_end_1} :catchall_1
.catch Ljava/io/FileNotFoundException; {:try_start_1 .. :try_end_1} :catch_3
.catch Ljava/io/IOException; {:try_start_1 .. :try_end_1} :catch_2
.line 67
.end local v6 #fos:Ljava/io/FileOutputStream;
.restart local v5 #fos:Ljava/io/FileOutputStream;
:try_start_2
invoke-virtual {v5, v1}, Ljava/io/FileOutputStream;->write([B)V
.line 68
const-string v8, "UnLockFlagAndReboot"
const-string v9, "============= writeRecoveryCmd success ======================="
invoke-static {v8, v9}, Landroid/util/Log;->d(Ljava/lang/String;Ljava/lang/String;)I
:try_end_2
.catchall {:try_start_2 .. :try_end_2} :catchall_0
.catch Ljava/io/FileNotFoundException; {:try_start_2 .. :try_end_2} :catch_0
.catch Ljava/io/IOException; {:try_start_2 .. :try_end_2} :catch_1
.line 74
if-eqz v5, :cond_3
.line 75
invoke-virtual {v5}, Ljava/io/FileOutputStream;->close()V
.line 78
:cond_3
:goto_3
return-void
.line 69
:catch_0
move-exception v4
.line 70
.local v4, e:Ljava/io/FileNotFoundException;
:goto_4
:try_start_3
invoke-virtual {v4}, Ljava/io/FileNotFoundException;->printStackTrace()V
:try_end_3
.catchall {:try_start_3 .. :try_end_3} :catchall_0
.line 74
if-eqz v5, :cond_3
.line 75
invoke-virtual {v5}, Ljava/io/FileOutputStream;->close()V
goto :goto_3
.line 71
.end local v4 #e:Ljava/io/FileNotFoundException;
:catch_1
move-exception v4
.line 72
.local v4, e:Ljava/io/IOException;
:goto_5
:try_start_4
invoke-virtual {v4}, Ljava/io/IOException;->printStackTrace()V
:try_end_4
.catchall {:try_start_4 .. :try_end_4} :catchall_0
.line 74
if-eqz v5, :cond_3
.line 75
invoke-virtual {v5}, Ljava/io/FileOutputStream;->close()V
goto :goto_3
.line 74
.end local v4 #e:Ljava/io/IOException;
:catchall_0
move-exception v8
:goto_6
if-eqz v5, :cond_4
.line 75
invoke-virtual {v5}, Ljava/io/FileOutputStream;->close()V
:cond_4
throw v8
.line 74
.end local v5 #fos:Ljava/io/FileOutputStream;
.restart local v6 #fos:Ljava/io/FileOutputStream;
:catchall_1
move-exception v8
move-object v5, v6
.end local v6 #fos:Ljava/io/FileOutputStream;
.restart local v5 #fos:Ljava/io/FileOutputStream;
goto :goto_6
.line 71
.end local v5 #fos:Ljava/io/FileOutputStream;
.restart local v6 #fos:Ljava/io/FileOutputStream;
:catch_2
move-exception v4
move-object v5, v6
.end local v6 #fos:Ljava/io/FileOutputStream;
.restart local v5 #fos:Ljava/io/FileOutputStream;
goto :goto_5
.line 69
.end local v5 #fos:Ljava/io/FileOutputStream;
.restart local v6 #fos:Ljava/io/FileOutputStream;
:catch_3
move-exception v4
move-object v5, v6
.end local v6 #fos:Ljava/io/FileOutputStream;
.restart local v5 #fos:Ljava/io/FileOutputStream;
goto :goto_4
.line 46
:array_0
.array-data 0x1
0x62t
0x6ft
0x6ft
0x74t
0x2dt
0x75t
0x6et
0x6ct
0x6ft
0x63t
0x6bt
.end array-data
.line 47
:array_1
.array-data 0x1
0x72t
0x65t
0x63t
0x6ft
0x76t
0x65t
0x72t
0x79t
0xat
.end array-data
.end method
# virtual methods
.method public readFileContent()V
.locals 8
.prologue
.line 86
const/4 v1, 0x0
.line 88
.local v1, fr:Ljava/io/FileReader;
:try_start_0
new-instance v2, Ljava/io/FileReader;
const-string v5, "/dev/block/mmcblk0p3"
invoke-direct {v2, v5}, Ljava/io/FileReader;-><init>(Ljava/lang/String;)V
:try_end_0
.catchall {:try_start_0 .. :try_end_0} :catchall_0
.catch Ljava/io/FileNotFoundException; {:try_start_0 .. :try_end_0} :catch_7
.catch Ljava/io/IOException; {:try_start_0 .. :try_end_0} :catch_3
.line 89
.end local v1 #fr:Ljava/io/FileReader;
.local v2, fr:Ljava/io/FileReader;
:try_start_1
new-instance v3, Ljava/io/BufferedReader;
iget v5, p0, Lcom/asus/unlock/UnLockFlagAndReboot;->mBufferReaderSize:I
invoke-direct {v3, v2, v5}, Ljava/io/BufferedReader;-><init>(Ljava/io/Reader;I)V
.line 90
.local v3, in:Ljava/io/BufferedReader;
const-string v4, ""
.line 91
.local v4, line:Ljava/lang/String;
:goto_0
invoke-virtual {v3}, Ljava/io/BufferedReader;->readLine()Ljava/lang/String;
move-result-object v4
if-eqz v4, :cond_1
.line 92
new-instance v5, Ljava/lang/StringBuilder;
invoke-direct {v5}, Ljava/lang/StringBuilder;-><init>()V
iget-object v6, p0, Lcom/asus/unlock/UnLockFlagAndReboot;->mContentStr:Ljava/lang/String;
invoke-virtual {v5, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v5
invoke-virtual {v5, v4}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v5
invoke-virtual {v5}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v5
iput-object v5, p0, Lcom/asus/unlock/UnLockFlagAndReboot;->mContentStr:Ljava/lang/String;
:try_end_1
.catchall {:try_start_1 .. :try_end_1} :catchall_1
.catch Ljava/io/FileNotFoundException; {:try_start_1 .. :try_end_1} :catch_0
.catch Ljava/io/IOException; {:try_start_1 .. :try_end_1} :catch_6
goto :goto_0
.line 95
.end local v3 #in:Ljava/io/BufferedReader;
.end local v4 #line:Ljava/lang/String;
:catch_0
move-exception v0
move-object v1, v2
.line 96
.end local v2 #fr:Ljava/io/FileReader;
.local v0, e:Ljava/io/FileNotFoundException;
.restart local v1 #fr:Ljava/io/FileReader;
:goto_1
:try_start_2
invoke-virtual {v0}, Ljava/io/FileNotFoundException;->printStackTrace()V
:try_end_2
.catchall {:try_start_2 .. :try_end_2} :catchall_0
.line 101
if-eqz v1, :cond_0
.line 103
:try_start_3
invoke-virtual {v1}, Ljava/io/FileReader;->close()V
:try_end_3
.catch Ljava/io/IOException; {:try_start_3 .. :try_end_3} :catch_2
.line 110
.end local v0 #e:Ljava/io/FileNotFoundException;
:cond_0
:goto_2
return-void
.line 94
.end local v1 #fr:Ljava/io/FileReader;
.restart local v2 #fr:Ljava/io/FileReader;
.restart local v3 #in:Ljava/io/BufferedReader;
.restart local v4 #line:Ljava/lang/String;
:cond_1
:try_start_4
const-string v5, "UnLockFlagAndReboot"
new-instance v6, Ljava/lang/StringBuilder;
invoke-direct {v6}, Ljava/lang/StringBuilder;-><init>()V
const-string v7, "content of Unlock Flag: "
invoke-virtual {v6, v7}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v6
iget-object v7, p0, Lcom/asus/unlock/UnLockFlagAndReboot;->mContentStr:Ljava/lang/String;
invoke-virtual {v6, v7}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v6
invoke-virtual {v6}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v6
invoke-static {v5, v6}, Landroid/util/Log;->i(Ljava/lang/String;Ljava/lang/String;)I
:try_end_4
.catchall {:try_start_4 .. :try_end_4} :catchall_1
.catch Ljava/io/FileNotFoundException; {:try_start_4 .. :try_end_4} :catch_0
.catch Ljava/io/IOException; {:try_start_4 .. :try_end_4} :catch_6
.line 101
if-eqz v2, :cond_3
.line 103
:try_start_5
invoke-virtual {v2}, Ljava/io/FileReader;->close()V
:try_end_5
.catch Ljava/io/IOException; {:try_start_5 .. :try_end_5} :catch_1
move-object v1, v2
.line 107
.end local v2 #fr:Ljava/io/FileReader;
.restart local v1 #fr:Ljava/io/FileReader;
goto :goto_2
.line 104
.end local v1 #fr:Ljava/io/FileReader;
.restart local v2 #fr:Ljava/io/FileReader;
:catch_1
move-exception v0
.line 106
.local v0, e:Ljava/io/IOException;
invoke-virtual {v0}, Ljava/io/IOException;->printStackTrace()V
move-object v1, v2
.line 107
.end local v2 #fr:Ljava/io/FileReader;
.restart local v1 #fr:Ljava/io/FileReader;
goto :goto_2
.line 104
.end local v3 #in:Ljava/io/BufferedReader;
.end local v4 #line:Ljava/lang/String;
.local v0, e:Ljava/io/FileNotFoundException;
:catch_2
move-exception v0
.line 106
.local v0, e:Ljava/io/IOException;
invoke-virtual {v0}, Ljava/io/IOException;->printStackTrace()V
goto :goto_2
.line 97
.end local v0 #e:Ljava/io/IOException;
:catch_3
move-exception v0
.line 99
.restart local v0 #e:Ljava/io/IOException;
:goto_3
:try_start_6
invoke-virtual {v0}, Ljava/io/IOException;->printStackTrace()V
:try_end_6
.catchall {:try_start_6 .. :try_end_6} :catchall_0
.line 101
if-eqz v1, :cond_0
.line 103
:try_start_7
invoke-virtual {v1}, Ljava/io/FileReader;->close()V
:try_end_7
.catch Ljava/io/IOException; {:try_start_7 .. :try_end_7} :catch_4
goto :goto_2
.line 104
:catch_4
move-exception v0
.line 106
invoke-virtual {v0}, Ljava/io/IOException;->printStackTrace()V
goto :goto_2
.line 101
.end local v0 #e:Ljava/io/IOException;
:catchall_0
move-exception v5
:goto_4
if-eqz v1, :cond_2
.line 103
:try_start_8
invoke-virtual {v1}, Ljava/io/FileReader;->close()V
:try_end_8
.catch Ljava/io/IOException; {:try_start_8 .. :try_end_8} :catch_5
.line 107
:cond_2
:goto_5
throw v5
.line 104
:catch_5
move-exception v0
.line 106
.restart local v0 #e:Ljava/io/IOException;
invoke-virtual {v0}, Ljava/io/IOException;->printStackTrace()V
goto :goto_5
.line 101
.end local v0 #e:Ljava/io/IOException;
.end local v1 #fr:Ljava/io/FileReader;
.restart local v2 #fr:Ljava/io/FileReader;
:catchall_1
move-exception v5
move-object v1, v2
.end local v2 #fr:Ljava/io/FileReader;
.restart local v1 #fr:Ljava/io/FileReader;
goto :goto_4
.line 97
.end local v1 #fr:Ljava/io/FileReader;
.restart local v2 #fr:Ljava/io/FileReader;
:catch_6
move-exception v0
move-object v1, v2
.end local v2 #fr:Ljava/io/FileReader;
.restart local v1 #fr:Ljava/io/FileReader;
goto :goto_3
.line 95
:catch_7
move-exception v0
goto :goto_1
.end local v1 #fr:Ljava/io/FileReader;
.restart local v2 #fr:Ljava/io/FileReader;
.restart local v3 #in:Ljava/io/BufferedReader;
.restart local v4 #line:Ljava/lang/String;
:cond_3
move-object v1, v2
.end local v2 #fr:Ljava/io/FileReader;
.restart local v1 #fr:Ljava/io/FileReader;
goto :goto_2
.end method
.method public reboot()V
.locals 3
.prologue
.line 38
iget-object v1, p0, Lcom/asus/unlock/UnLockFlagAndReboot;->mContext:Landroid/content/Context;
const-string v2, "power"
invoke-virtual {v1, v2}, Landroid/content/Context;->getSystemService(Ljava/lang/String;)Ljava/lang/Object;
move-result-object v0
check-cast v0, Landroid/os/PowerManager;
.line 39
.local v0, pm:Landroid/os/PowerManager;
const/4 v1, 0x0
invoke-virtual {v0, v1}, Landroid/os/PowerManager;->reboot(Ljava/lang/String;)V
.line 40
return-void
.end method
.method public writeUnlockFlag(Ljava/lang/String;)V
.locals 1
.parameter "encodeCpuId"
.prologue
.line 31
:try_start_0
invoke-direct {p0, p1}, Lcom/asus/unlock/UnLockFlagAndReboot;->writeRecoveryCmd(Ljava/lang/String;)V
:try_end_0
.catch Ljava/io/IOException; {:try_start_0 .. :try_end_0} :catch_0
.line 35
:goto_0
return-void
.line 32
:catch_0
move-exception v0
.line 33
.local v0, e:Ljava/io/IOException;
invoke-virtual {v0}, Ljava/io/IOException;->printStackTrace()V
goto :goto_0
.end method
You can find me @jdlogan151
The Following User Says Thank You to jermaine151 For This Useful Post: [ Click to Expand ]
22nd February 2012, 09:31 PM
(Last edited by Noxious Ninja; 22nd February 2012 at 09:40 PM .)
Senior Member
Thanks Meter
424
Posts: 628
Join Date: Jul 2010
Location: San Antonio, TX
DONATE TO ME
I think the real magic comes in where the argument to writeUnlockFlag is obtained. That class looks pretty simple.
Thread Tools
Search this Thread
Display Modes
Linear Mode
Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
Go to top of page...
Most Thanked In This Thread
4 SHIt like this really
angers me.. … 2 (quote)
What GPS?
Sorry had to do … 2 (quote) I'm working on
this now, … 2 For anyone who would
prefer to look at … 1 (quote)
uh no, it is a
tool by asus, …
Introducing XDA:DevCon – A Conference For Developers By Developers
>
[Decompiled] Asus - UnLock_Device_App_V6
Print
Email
[Decompiled] Asus - UnLock_Device_App_V6
View Profile
View Forum Posts
.gif "Netherlands - Vodafone (Libertel)")
Follow on Twitter
Linear Mode
