Welcome to XDA

Search to go directly to your device's forum

Register an account

Unlock full posting privileges

Ask a question

No registration required
Post Reply

Asus tf700t bootloader unlock app source

OP ostar2

23rd November 2012, 12:50 AM   |  #1  
ostar2's Avatar
OP Senior Member
Thanks Meter: 24
 
142 posts
Join Date:Joined: Nov 2012
More
I have fully decompiled and deobfsucated the bootloader unlock tool provided by Asus for the tf700t. I was wondering if someone here would be able to modify it so it would not submit data to Asus and void the warranty. I believe that this would be a great help to any one who owns the Asus Transformer Pad infinity.
Attached Files
File Type: 7z UnLock_Device_App_V7_decompiled.7z - [Click for QR Code] (8.2 KB, 544 views)
Last edited by ostar2; 23rd November 2012 at 12:55 AM. Reason: Changed attachment name to be more accurate
The Following 2 Users Say Thank You to ostar2 For This Useful Post: [ View ]
23rd November 2012, 01:37 AM   |  #2  
SteveG12543's Avatar
Recognized Contributor
Flag Dover, DE
Thanks Meter: 373
 
2,131 posts
Join Date:Joined: Aug 2010
Donate to Me
More
This has been tried before with the Prime. In order for it to unlock the device needs to communicate with the Asus servers to get the unlock token that's specific to each device.

Sent from my ADR6425LVW using XDA Premium.
The Following User Says Thank You to SteveG12543 For This Useful Post: [ View ]
23rd November 2012, 01:49 AM   |  #3  
ostar2's Avatar
OP Senior Member
Thanks Meter: 24
 
142 posts
Join Date:Joined: Nov 2012
More
Lightbulb Cracking the bootloader key
Thanks. Would it be possible to crack the device bootloaders key or alter the eep rom allowing you to overwrite the bootloader?
23rd November 2012, 02:56 AM   |  #4  
ostar2's Avatar
OP Senior Member
Thanks Meter: 24
 
142 posts
Join Date:Joined: Nov 2012
More
Also, I have the keystore from the apk file. So is there a possibility that it may not be device specific? I also looked through the code and none of even hints connecting to Asus's servers. It only connects to Google and the Google play login server. So, if "keystore.bks" contains the bootloader key, then wouldn't be possible to crack the keystore password and gain access to the keys?
Attached Files
File Type: 7z keystore.7z - [Click for QR Code] (739 Bytes, 90 views)
Last edited by ostar2; 23rd November 2012 at 03:00 AM. Reason: Added keystore
23rd November 2012, 09:41 AM   |  #5  
Recognized Contributor
Thanks Meter: 2,513
 
3,545 posts
Join Date:Joined: Oct 2012
More
Quote:
Originally Posted by ostar2

I also looked through the code and none of even hints connecting to Asus's servers.

https://mdm.asus.com looks like an Asus server to me.
1st December 2012, 04:29 PM   |  #6  
Junior Member
Thanks Meter: 0
 
20 posts
Join Date:Joined: Feb 2010
More
glad to see further develop,maybe nvflash come our .30 device.
1st December 2012, 11:22 PM   |  #7  
Senior Member
Thanks Meter: 305
 
398 posts
Join Date:Joined: Jul 2006
Donate to Me
I have nothing to do with this, was just reading but I do like how you click that site and it says
"It works !"

And oddly enough asus did not secure it. To cheap to buy another certificate I guess.

---------- Post added at 10:13 PM ---------- Previous post was at 09:58 PM ----------

Just a quick look at it. Looks like your looking at the wrong apk anyway.


///This shows that it obtains information from class_19.java that function is below
//Once that information is grabbed it then creates a broadcast intent. for application package com.asus.dm.c2dm.C2DMRecevier
// And sends that notification to that package.

private void method_31() {
this.field_25 = "0";
field_23 = false;
Intent var1 = new Intent();
var1.setClassName("com.asus.dm", "com.asus.dm.c2dm.C2DMReceiver");
var1.setAction("com.asus.unlock.intent.REGISTRATIO N");
var1.putExtra("registration_cpu_id", class_19.method_55());
this.mContext.sendBroadcast(var1);
Log.d("NotifyDMServer", "Notify DM Client Successfully");
}

///This function is from class_19.java, looks to grab some identifier information from the device. Returns it back to function above.
// $FF: renamed from: <clinit> () void
static void method_53() {
String[] var0 = new String[]{"/system/bin/cat", "/proc/cpuinfo"};
field_36 = var0;
field_38 = "/system/bin/";
field_37 = 500;
}



/// I put this here because this is a receiver for a intent. From the looks of it, it receives information from most likely the package above.
/// The received information is to notify this application that the unlock code or information was received or generated or what ever.
public void onReceive(Context var1, Intent var2) {
class_16.method_30(this.field_42, var2.getStringExtra("unlock_info"));
String[] var4 = class_16.method_29(this.field_42).split(";;");
class_16.method_33(this.field_42, var4[0]);
class_16.method_34(this.field_42, var4[1]);
Log.d("NotifyDMServer", "unlock recieve successfully, ready to unlock");
class_16.method_32(true);
class_16.method_27(this.field_42).unregisterReceiv er(class_16.method_28());
}


I didn't spend hardly anytime looking in it, I just figured i'd throw out some input that I saw. It looks as if there is two parts that handle the unlock. My other concern is why it wants/uses your google login information (Gmail Username/ Password) ?

---------- Post added at 10:16 PM ---------- Previous post was at 10:13 PM ----------

Only reason why I looked in this thread, my friend has the asus prime. Sorry to say it but ASUS sucks at programming. The fact that there unlock utility works <15% is sad. Servers can not be that overloaded all the time. It took over a week to finally get the program to work and unlock his device.

---------- Post added at 10:22 PM ---------- Previous post was at 10:16 PM ----------

Looking at it a little more, I'm pretty sure this just collects information and sends to asus. Gets key sends and intent and another apk handle's the actual unlock.
Edited: Ill hold off on saying anything about that.

I dont even know why im in this thread lol
2nd December 2012, 03:41 AM   |  #8  
ostar2's Avatar
OP Senior Member
Thanks Meter: 24
 
142 posts
Join Date:Joined: Nov 2012
More
Question
Quote:
Originally Posted by amoamare

I have nothing to do with this, was just reading but I do like how you click that site and it says
"It works !"

And oddly enough asus did not secure it. To cheap to buy another certificate I guess.

---------- Post added at 10:13 PM ---------- Previous post was at 09:58 PM ----------

Just a quick look at it. Looks like your looking at the wrong apk anyway.


///This shows that it obtains information from class_19.java that function is below
//Once that information is grabbed it then creates a broadcast intent. for application package com.asus.dm.c2dm.C2DMRecevier
// And sends that notification to that package.

private void method_31() {
this.field_25 = "0";
field_23 = false;
Intent var1 = new Intent();
var1.setClassName("com.asus.dm", "com.asus.dm.c2dm.C2DMReceiver");
var1.setAction("com.asus.unlock.intent.REGISTRATIO N");
var1.putExtra("registration_cpu_id", class_19.method_55());
this.mContext.sendBroadcast(var1);
Log.d("NotifyDMServer", "Notify DM Client Successfully");
}

///This function is from class_19.java, looks to grab some identifier information from the device. Returns it back to function above.
// $FF: renamed from: <clinit> () void
static void method_53() {
String[] var0 = new String[]{"/system/bin/cat", "/proc/cpuinfo"};
field_36 = var0;
field_38 = "/system/bin/";
field_37 = 500;
}



/// I put this here because this is a receiver for a intent. From the looks of it, it receives information from most likely the package above.
/// The received information is to notify this application that the unlock code or information was received or generated or what ever.
public void onReceive(Context var1, Intent var2) {
class_16.method_30(this.field_42, var2.getStringExtra("unlock_info"));
String[] var4 = class_16.method_29(this.field_42).split(";;");
class_16.method_33(this.field_42, var4[0]);
class_16.method_34(this.field_42, var4[1]);
Log.d("NotifyDMServer", "unlock recieve successfully, ready to unlock");
class_16.method_32(true);
class_16.method_27(this.field_42).unregisterReceiv er(class_16.method_28());
}


I didn't spend hardly anytime looking in it, I just figured i'd throw out some input that I saw. It looks as if there is two parts that handle the unlock. My other concern is why it wants/uses your google login information (Gmail Username/ Password) ?

---------- Post added at 10:16 PM ---------- Previous post was at 10:13 PM ----------

Only reason why I looked in this thread, my friend has the asus prime. Sorry to say it but ASUS sucks at programming. The fact that there unlock utility works <15% is sad. Servers can not be that overloaded all the time. It took over a week to finally get the program to work and unlock his device.

---------- Post added at 10:22 PM ---------- Previous post was at 10:16 PM ----------

Looking at it a little more, I'm pretty sure this just collects information and sends to asus. Gets key sends and intent and another apk handle's the actual unlock.
Edited: Ill hold off on saying anything about that.

I dont even know why im in this thread lol

Thanks, Do you think it actually needs the Google login credentials or could that be bypassed? Or would cause problems to bypass it considering I think that you just have make it return the value for success even if the wrong credentials are entered.
2nd December 2012, 03:48 AM   |  #9  
Thats OK's Avatar
Senior Member
Thanks Meter: 277
 
3,091 posts
Join Date:Joined: Jul 2012
http://www.xda-developers.com/androi...d-for-modding/
This thread made it to the front page!
2nd December 2012, 03:50 AM   |  #10  
Senior Member
Thanks Meter: 305
 
398 posts
Join Date:Joined: Jul 2006
Donate to Me
Truthfully i dont know why they even need your google login. This seems more like a privacy invasion then anything. They clearly collect your username and password within the software. If its sent anywhere I dont know didn't look much further then what I did. I dont have this device so sorry. The other thing is if they were to cheap to buy a SSL certificate for that domain, and for what ever reasons they do collect username and password. IT could mean your username and password is being sent in raw text string. Which mean's a man in the middle could easily obtain your gmail username and password. Sense i didnt see any level of encryption in the software just a straight up box asking for your password if your not signed in.
Last edited by amoamare; 2nd December 2012 at 03:53 AM.

Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes