Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,810,055 Members 48,040 Now Online
XDA Developers Android and Mobile Development Forum

Asus tf700t bootloader unlock app source

Tip us?
 
ostar2
Old
(Last edited by ostar2; 22nd November 2012 at 11:55 PM.) Reason: Changed attachment name to be more accurate
#1  
ostar2's Avatar
Senior Member - OP
Thanks Meter 23
Posts: 142
Join Date: Nov 2012
Tablet Asus tf700t bootloader unlock app source

I have fully decompiled and deobfsucated the bootloader unlock tool provided by Asus for the tf700t. I was wondering if someone here would be able to modify it so it would not submit data to Asus and void the warranty. I believe that this would be a great help to any one who owns the Asus Transformer Pad infinity.
Attached Files
File Type: 7z UnLock_Device_App_V7_decompiled.7z - [Click for QR Code] (8.2 KB, 522 views)
The Following 2 Users Say Thank You to ostar2 For This Useful Post: [ Click to Expand ]
 
SteveG12543
Old
#2  
SteveG12543's Avatar
Recognized Contributor
Thanks Meter 370
Posts: 2,116
Join Date: Aug 2010
Location: Dover, DE

 
DONATE TO ME
This has been tried before with the Prime. In order for it to unlock the device needs to communicate with the Asus servers to get the unlock token that's specific to each device.

Sent from my ADR6425LVW using XDA Premium.



The Following User Says Thank You to SteveG12543 For This Useful Post: [ Click to Expand ]
 
ostar2
Old
#3  
ostar2's Avatar
Senior Member - OP
Thanks Meter 23
Posts: 142
Join Date: Nov 2012
Lightbulb Cracking the bootloader key

Thanks. Would it be possible to crack the device bootloaders key or alter the eep rom allowing you to overwrite the bootloader?
 
ostar2
Old
(Last edited by ostar2; 23rd November 2012 at 02:00 AM.) Reason: Added keystore
#4  
ostar2's Avatar
Senior Member - OP
Thanks Meter 23
Posts: 142
Join Date: Nov 2012
Also, I have the keystore from the apk file. So is there a possibility that it may not be device specific? I also looked through the code and none of even hints connecting to Asus's servers. It only connects to Google and the Google play login server. So, if "keystore.bks" contains the bootloader key, then wouldn't be possible to crack the keystore password and gain access to the keys?
Attached Files
File Type: 7z keystore.7z - [Click for QR Code] (739 Bytes, 84 views)
 
_that
Old
#5  
Recognized Contributor
Thanks Meter 2,425
Posts: 3,428
Join Date: Oct 2012
Quote:
Originally Posted by ostar2 View Post
I also looked through the code and none of even hints connecting to Asus's servers.
https://mdm.asus.com looks like an Asus server to me.
 
W3ber
Old
#6  
Junior Member
Thanks Meter 0
Posts: 19
Join Date: Feb 2010
glad to see further develop,maybe nvflash come our .30 device.
 
amoamare
Old
#7  
Senior Member
Thanks Meter 305
Posts: 398
Join Date: Jul 2006

 
DONATE TO ME
I have nothing to do with this, was just reading but I do like how you click that site and it says
"It works !"

And oddly enough asus did not secure it. To cheap to buy another certificate I guess.

---------- Post added at 10:13 PM ---------- Previous post was at 09:58 PM ----------

Just a quick look at it. Looks like your looking at the wrong apk anyway.


///This shows that it obtains information from class_19.java that function is below
//Once that information is grabbed it then creates a broadcast intent. for application package com.asus.dm.c2dm.C2DMRecevier
// And sends that notification to that package.

private void method_31() {
this.field_25 = "0";
field_23 = false;
Intent var1 = new Intent();
var1.setClassName("com.asus.dm", "com.asus.dm.c2dm.C2DMReceiver");
var1.setAction("com.asus.unlock.intent.REGISTRATIO N");
var1.putExtra("registration_cpu_id", class_19.method_55());
this.mContext.sendBroadcast(var1);
Log.d("NotifyDMServer", "Notify DM Client Successfully");
}

///This function is from class_19.java, looks to grab some identifier information from the device. Returns it back to function above.
// $FF: renamed from: <clinit> () void
static void method_53() {
String[] var0 = new String[]{"/system/bin/cat", "/proc/cpuinfo"};
field_36 = var0;
field_38 = "/system/bin/";
field_37 = 500;
}



/// I put this here because this is a receiver for a intent. From the looks of it, it receives information from most likely the package above.
/// The received information is to notify this application that the unlock code or information was received or generated or what ever.
public void onReceive(Context var1, Intent var2) {
class_16.method_30(this.field_42, var2.getStringExtra("unlock_info"));
String[] var4 = class_16.method_29(this.field_42).split(";;");
class_16.method_33(this.field_42, var4[0]);
class_16.method_34(this.field_42, var4[1]);
Log.d("NotifyDMServer", "unlock recieve successfully, ready to unlock");
class_16.method_32(true);
class_16.method_27(this.field_42).unregisterReceiv er(class_16.method_28());
}


I didn't spend hardly anytime looking in it, I just figured i'd throw out some input that I saw. It looks as if there is two parts that handle the unlock. My other concern is why it wants/uses your google login information (Gmail Username/ Password) ?

---------- Post added at 10:16 PM ---------- Previous post was at 10:13 PM ----------

Only reason why I looked in this thread, my friend has the asus prime. Sorry to say it but ASUS sucks at programming. The fact that there unlock utility works <15% is sad. Servers can not be that overloaded all the time. It took over a week to finally get the program to work and unlock his device.

---------- Post added at 10:22 PM ---------- Previous post was at 10:16 PM ----------

Looking at it a little more, I'm pretty sure this just collects information and sends to asus. Gets key sends and intent and another apk handle's the actual unlock.
Edited: Ill hold off on saying anything about that.

I dont even know why im in this thread lol
 
ostar2
Old
#8  
ostar2's Avatar
Senior Member - OP
Thanks Meter 23
Posts: 142
Join Date: Nov 2012
Quote:
Originally Posted by amoamare View Post
I have nothing to do with this, was just reading but I do like how you click that site and it says
"It works !"

And oddly enough asus did not secure it. To cheap to buy another certificate I guess.

---------- Post added at 10:13 PM ---------- Previous post was at 09:58 PM ----------

Just a quick look at it. Looks like your looking at the wrong apk anyway.


///This shows that it obtains information from class_19.java that function is below
//Once that information is grabbed it then creates a broadcast intent. for application package com.asus.dm.c2dm.C2DMRecevier
// And sends that notification to that package.

private void method_31() {
this.field_25 = "0";
field_23 = false;
Intent var1 = new Intent();
var1.setClassName("com.asus.dm", "com.asus.dm.c2dm.C2DMReceiver");
var1.setAction("com.asus.unlock.intent.REGISTRATIO N");
var1.putExtra("registration_cpu_id", class_19.method_55());
this.mContext.sendBroadcast(var1);
Log.d("NotifyDMServer", "Notify DM Client Successfully");
}

///This function is from class_19.java, looks to grab some identifier information from the device. Returns it back to function above.
// $FF: renamed from: <clinit> () void
static void method_53() {
String[] var0 = new String[]{"/system/bin/cat", "/proc/cpuinfo"};
field_36 = var0;
field_38 = "/system/bin/";
field_37 = 500;
}



/// I put this here because this is a receiver for a intent. From the looks of it, it receives information from most likely the package above.
/// The received information is to notify this application that the unlock code or information was received or generated or what ever.
public void onReceive(Context var1, Intent var2) {
class_16.method_30(this.field_42, var2.getStringExtra("unlock_info"));
String[] var4 = class_16.method_29(this.field_42).split(";;");
class_16.method_33(this.field_42, var4[0]);
class_16.method_34(this.field_42, var4[1]);
Log.d("NotifyDMServer", "unlock recieve successfully, ready to unlock");
class_16.method_32(true);
class_16.method_27(this.field_42).unregisterReceiv er(class_16.method_28());
}


I didn't spend hardly anytime looking in it, I just figured i'd throw out some input that I saw. It looks as if there is two parts that handle the unlock. My other concern is why it wants/uses your google login information (Gmail Username/ Password) ?

---------- Post added at 10:16 PM ---------- Previous post was at 10:13 PM ----------

Only reason why I looked in this thread, my friend has the asus prime. Sorry to say it but ASUS sucks at programming. The fact that there unlock utility works <15% is sad. Servers can not be that overloaded all the time. It took over a week to finally get the program to work and unlock his device.

---------- Post added at 10:22 PM ---------- Previous post was at 10:16 PM ----------

Looking at it a little more, I'm pretty sure this just collects information and sends to asus. Gets key sends and intent and another apk handle's the actual unlock.
Edited: Ill hold off on saying anything about that.

I dont even know why im in this thread lol
Thanks, Do you think it actually needs the Google login credentials or could that be bypassed? Or would cause problems to bypass it considering I think that you just have make it return the value for success even if the wrong credentials are entered.
 
Thats OK
Old
#9  
Thats OK's Avatar
Senior Member
Thanks Meter 277
Posts: 3,091
Join Date: Jul 2012
http://www.xda-developers.com/androi...d-for-modding/
This thread made it to the front page!
 
amoamare
Old
(Last edited by amoamare; 2nd December 2012 at 02:53 AM.)
#10  
Senior Member
Thanks Meter 305
Posts: 398
Join Date: Jul 2006

 
DONATE TO ME
Truthfully i dont know why they even need your google login. This seems more like a privacy invasion then anything. They clearly collect your username and password within the software. If its sent anywhere I dont know didn't look much further then what I did. I dont have this device so sorry. The other thing is if they were to cheap to buy a SSL certificate for that domain, and for what ever reasons they do collect username and password. IT could mean your username and password is being sent in raw text string. Which mean's a man in the middle could easily obtain your gmail username and password. Sense i didnt see any level of encryption in the software just a straight up box asking for your password if your not signed in.

Thread Tools
Display Modes