Search results

  1. V

    Post [Thor][Apollo] Unlocking bootloader with any firmware

    ONYXis Good discovery, great job :good:
  2. V

    Post [DISCONTINUED][27 NOV 2017] LineageOS-13.0

    Great to see an official CM rom!
  3. V

    Post XBOX One Slim Controller Bluetooth

    What's the problem?
  4. V

    Post XBOX One Slim Controller Bluetooth

    If your controller is updated and you have root, you could try to use a new keymap for the controller. My keymap: http://www14.zippyshare.com/v/anLAfS7e/file.html Download that file and copy it to /system/usr/keylayout/ Then set the permissions to 644. This should work.
  5. V

    Post A pure C implementation of 'cuber' using OpenSSL's BigNum library

    Nice job! Originally I wanted to use OpenSSL BigNum too, but I hadn't enough time and Python was easier to use :D
  6. V

    Post [DEV] Bootloader Signature Bypass

    It's fixed in .3.2.4, so it's (probably) fixed in every higher version. I wondered too. Those devices use MediaTek SoCs and the bug was in the Qualcomm bootloader. The bug was fixed on the HDX even before those tablets were announced, yet they are still vulnurable.
  7. V

    Post Rooted NK2 AT&T t337a w/ Tutorial

    That's right. I just wasn't sure if I overlooked a case. If you do by hand numbers will just be very big ;)
  8. V

    Post [Tool] Signing tool for pre 3.2.4 booloaders

    To determine vulnurability it's necessary to analyse the bootloader. There is a chance it is exploitable, but I can't guarantee anything.
  9. V

    Post [Tool] Signing tool for pre 3.2.4 booloaders

    I don't have any key used to sign the images. The only thing I've got is just the certificate, which I extracted directly from the binary aboot.img. The certificate is to verify the the generated File. From the certificate I got the modulus. On the Topic Samsung I'm gonna quote myself from...
  10. V

    Post [Tool] Signing tool for pre 3.2.4 booloaders

    I said I'm no an expert at cryptography. ;) Ok, thank you. It's not hardcoded in the C++ part because I wanted to reassemble the LK signature check as closely as possible :) Thank you for finding that mistake of mine. The tool worked, so I didn't look into that closer... I'll look into the...
  11. V

    Post Rooted NK2 AT&T t337a w/ Tutorial

    No. As I said it's necessary to understand the format of the signature. In the reference implementation the signature is is simply 256 bytes long and PKCS#1 v1.5 padded. On this device however it's this way: First some 32 byte magic number SEANDROIDENFORCE then 256 bytes, maybe the encrypted...
  12. V

    Post Rooted NK2 AT&T t337a w/ Tutorial

    The modulus shouldn't matter in most cases. It's just an upper bound for the generated sigature. To use my tool for the exploit it's more important to understand the format of the signature. The samsung ones i've seen are different for the reference implementation. That's the reason I'm no...
  13. V

    Post [Tool] Signing tool for pre 3.2.4 booloaders

    In the images for the Tab 4 I have seen, that Samsung uses a different format for their signatures. Maybe I could find something in the files, but I have more important things to do at the moment.
  14. V

    Post [Tool] Signing tool for pre 3.2.4 booloaders

    The hash is calculated from the beginning of the image to the last page of the device tree. from bootimg.h: +-----------------+ | boot header | 1 page +-----------------+ | kernel | n pages +-----------------+ | ramdisk | m pages +-----------------+ | second stage...
  15. V

    Post [Tool] Signing tool for pre 3.2.4 booloaders

    I will try my best to answer them. This doesn't work as the the signature contains the encrypted hash of the image which is then encrypted and compared to the calculated hash of the image. Copying the signature will result in a signature mismatch and therefore an invalid image. I'm not sure...
  16. V

    Post [ROM] cm-11-20150226-UNOFFICIAL-thor

    Cpasjuste would it be possible to enable double tap to wake for the device?
  17. V

    Post [Tool] Signing tool for pre 3.2.4 booloaders

    It should work with other chipsets, as long as they use Qualcomm's Little Kernel bootloader.
  18. V

    Post [Tool] Signing tool for pre 3.2.4 booloaders

    Yes you can sign an image. You just need a vulnurable bootloader. The exploit was publicly fixed on 13 June and the first patched bootloader for the hdx tablets ( .3.2.4) was compiled on 20 June.
  19. V

    Post [DEV] Bootloader Signature Bypass

    I've been looking at the .3.1.0 and the .3.2.4 bootloader and I have never seen an "oem unlock" command. There are 3 oem commands "oem device-info", "oem relock" and "oem idme". But to use "oem idme" you have to be unlocked. Whereas "flash unlock code.img" works. This command checks the provided...
  20. V

    Thread [Tool] Signing tool for pre 3.2.4 booloaders

    I am proud to present you my image signing tool called Cuber. The name is an abbreviation of Cube Root finder. This is basically what the tool does. About This is a tool that checks and signs recovery/boot images for Little Kernel bootloaders missing the patch for for CVE-2014-0973. Who is...
  21. V

    Post [DEV] Bootloader Signature Bypass

    The unlock command should be "fastboot flash unlock code.img" and check of the code.img should be vulnurable, too. I will release more details in the near future. I'm busier than anticipated at the moment.
  22. V

    Post [RECOVERY] TWRP Recovery 2.8.7.0 - Apollo/Thor

    I gave Cpasjuste and ggow an earlier access to my tool, because I could't write my guide as fast as thought.
  23. V

    Post [RECOVERY] TWRP Recovery 2.8.5.0 - Thor

    Thank you for testing. This means it will work on any version lower than 3.2.4
  24. V

    Post [RECOVERY] TWRP Recovery 2.8.5.0 - Thor

    It's not working on 3.2.4, but works atleast at 3.1.0. I didn't test other versions.
  25. V

    Post [DEV] Bootloader Signature Bypass

    Thank you for the offer, but the coding is done and I'm starting to write the guide for the tool :)
  26. V

    Post [DEV] Bootloader Signature Bypass

    dd works fine on the boot partition in the recovery :D
  27. V

    Post [DEV] Bootloader Signature Bypass

    I didn't try that,I will later today. It is a command line utility, so some one could integrate it in the build process.
  28. V

    Post [DEV] Bootloader Signature Bypass

    Just some small update: I'm almost done writing the signing application and I will probably release it before the new year.
  29. V

    Post [DEV] Bootloader Signature Bypass

    I don't know, I got my FireTV with an unrootable firmware. But it's possible. I haven't tried the other exploits. The checking of the unlock code could be vulnerable to this exploit, too. But I could't figure out what the decrypted signature is being compared to.
  30. V

    Post [DEV] Bootloader Signature Bypass

    Nope, the exploit has been patched somewhere between .3.1.0 and .3.2.4. But it's possible to downgrade to 3.1.0.
  31. V

    Post [DEV] Bootloader Signature Bypass

    Merry Christmas! This is not an unlock I have been able to boot a custom TWRP . Using this exploit I crafted a signature that passes the check in the x.3.1.0 bootloader. I'm planning to release a tool the sign custom recoveries/boot images.
  32. V

    Post [DEV] Bootloader Signature Bypass

    I will try my best to obtain the cerificate. Thanks for the link. I will take a look at that. Edit: D0ubl3_X Here the certificate used for checking the unlock code. http://www45.zippyshare.com/v/82885181/file.html Edit2 : The post in the blog does not match the CVE. This is the right one...
  33. V

    Post [DEV] Bootloader Signature Bypass

    Nope. It's just to load those files into IDA PRO and helps reverse engineering them.
  34. V

    Post [DEV] Bootloader Signature Bypass

    I've been using this loader for IDA. I see a lot of strings and they have been very useful . Further I've found the certificate in the aboot partition. This means my 2. suggestion probably wouldn't work. This leaves me with 2 two possible options: Brute force the image (unlikely) Looking at the...
  35. V

    Post [DEV] Bootloader Signature Bypass

    I have examined aboot for some time now and I can think of 3 methods to unlock the bootloader: Provide the unlock code. The code seems to be a 512 byte image, that is flashed by "fastboot flash unlock code.img". The code is somehow verified using a X509 certificate. Writing an arbitrary code...
  36. V

    Post [Q] Bluetooth Keyboard/Mouse Support?

    Everything works including mouse? Does it work with Firefox?
  37. V

    Post [ROM][4.4] CyanogenMod 11.0 Experimental

    Great to see a new version of CM for our Find 5. One question before flashing how many CM-features are added or is it almost plain AOSP?
  38. V

    Post [ROM][GT-I9100][JB][4.2.2] CyanogenMod 10.1 official nightlies // discussion thread

    Depends on the user. My brother has an N4 16GB and has almost no space left. My s2 would be full without sdcard. I've seen that by my brothers N4 too, but he uses it more often than i use my s2. So he has to charge it more often :D I dont like the battery life on both devices. Its not bad...
  39. V

    Post [INFO] codeworkx will no longer make CM for the S4.

    I wouldn't be sure of that. The most experienced devs for Exynos are sick of it and won't support S4. Maybe new will come, but will they as good as them? CM is a community-project so devs are not forced to develop for a device even if it's popular if they want they do. I think S4 will be far...
  40. V

    Post [Q&A][CM 10.1] Do you have problems with CyanogenMod 10.1? Read this first!

    This is a S2 thread not S3. You're wrong here.
  41. V

    Post Bugs/Suggestions of Samsung official Jellybean [XXLSJ]

    This would be great. The zoom in/out is sometimes annoying as hell...
  42. V

    Post [I9100][ROM 4.1.2] Stock 4.1.2 JB - real deal

    no! csc in csc modem in phone code in pda
  43. V

    Post [ROM][GT-I9100][4.0.4] CyanogenMod 9 nightly builds | DISCUSSION THREAD

    I have a problem with Google Maps. I can't install it neither by using the Playstore nor installing the apk. When i use the store I alwas get this error. I didn't find anything helpfull on the internet.
  44. V

    Post [ROM][GT-I9100][4.0.4] CyanogenMod 9 nightly builds | DISCUSSION THREAD

    CM9 battery life is very good. 37h on battery and still >30% left, wlan on, 3G half of the time. I'll test the official ICS if it can beat this ;)
  45. V

    Post [ROM][GT-I9100][4.0.4] CyanogenMod 9 nightly builds | DISCUSSION THREAD

    MTP is broken and USB Mass Storage is not build-in in Android Honeyomb or ICS.
  46. V

    Post [ROM][GT-I9100][4.0.4] CyanogenMod 9 nightly builds | DISCUSSION THREAD

    The companies distinguish from each other. I every phone had the same interface there would be just hardware differences. Somewhere i've read the carriers want that too. I didnt like the Android UI until they showed ICS and the Holo UI.
  47. V

    Post [ROM][GT-I9100][4.0.4] CyanogenMod 9 nightly builds | DISCUSSION THREAD

    Not only keyboard, many apps like browser or games feel laggy.
  48. V

    Post [ROM][GT-I9100][4.0.4] CyanogenMod 9 nightly builds | DISCUSSION THREAD

    My voice search etc. is away after flashing a never rom. How to get it back?