Recent content by vortox

  1. V

    Post [Thor][Apollo] Unlocking bootloader with any firmware

    ONYXis Good discovery, great job :good:
  2. V

    Post [DISCONTINUED][27 NOV 2017] LineageOS-13.0

    Great to see an official CM rom!
  3. V

    Post XBOX One Slim Controller Bluetooth

    What's the problem?
  4. V

    Post XBOX One Slim Controller Bluetooth

    If your controller is updated and you have root, you could try to use a new keymap for the controller. My keymap: http://www14.zippyshare.com/v/anLAfS7e/file.html Download that file and copy it to /system/usr/keylayout/ Then set the permissions to 644. This should work.
  5. V

    Post A pure C implementation of 'cuber' using OpenSSL's BigNum library

    Nice job! Originally I wanted to use OpenSSL BigNum too, but I hadn't enough time and Python was easier to use :D
  6. V

    Post [DEV] Bootloader Signature Bypass

    It's fixed in .3.2.4, so it's (probably) fixed in every higher version. I wondered too. Those devices use MediaTek SoCs and the bug was in the Qualcomm bootloader. The bug was fixed on the HDX even before those tablets were announced, yet they are still vulnurable.
  7. V

    Post Rooted NK2 AT&T t337a w/ Tutorial

    That's right. I just wasn't sure if I overlooked a case. If you do by hand numbers will just be very big ;)
  8. V

    Post [Tool] Signing tool for pre 3.2.4 booloaders

    To determine vulnurability it's necessary to analyse the bootloader. There is a chance it is exploitable, but I can't guarantee anything.
  9. V

    Post [Tool] Signing tool for pre 3.2.4 booloaders

    I don't have any key used to sign the images. The only thing I've got is just the certificate, which I extracted directly from the binary aboot.img. The certificate is to verify the the generated File. From the certificate I got the modulus. On the Topic Samsung I'm gonna quote myself from...
  10. V

    Post [Tool] Signing tool for pre 3.2.4 booloaders

    I said I'm no an expert at cryptography. ;) Ok, thank you. It's not hardcoded in the C++ part because I wanted to reassemble the LK signature check as closely as possible :) Thank you for finding that mistake of mine. The tool worked, so I didn't look into that closer... I'll look into the...
  11. V

    Post Rooted NK2 AT&T t337a w/ Tutorial

    No. As I said it's necessary to understand the format of the signature. In the reference implementation the signature is is simply 256 bytes long and PKCS#1 v1.5 padded. On this device however it's this way: First some 32 byte magic number SEANDROIDENFORCE then 256 bytes, maybe the encrypted...
  12. V

    Post Rooted NK2 AT&T t337a w/ Tutorial

    The modulus shouldn't matter in most cases. It's just an upper bound for the generated sigature. To use my tool for the exploit it's more important to understand the format of the signature. The samsung ones i've seen are different for the reference implementation. That's the reason I'm no...
  13. V

    Post [Tool] Signing tool for pre 3.2.4 booloaders

    In the images for the Tab 4 I have seen, that Samsung uses a different format for their signatures. Maybe I could find something in the files, but I have more important things to do at the moment.
  14. V

    Post [Tool] Signing tool for pre 3.2.4 booloaders

    The hash is calculated from the beginning of the image to the last page of the device tree. from bootimg.h: +-----------------+ | boot header | 1 page +-----------------+ | kernel | n pages +-----------------+ | ramdisk | m pages +-----------------+ | second stage...