Search results

Thank you for posting this, it actually worked. I got a little trigger happy and hit "Unlock Bootloader" instead of "Read Bootloader Code", result is the same I just can't re-lock and unlock again, but I'm happy :good:

Can someone post/upload their vendor partition from WW 3.39B SP02 January 2019 (B2N-339F-0-00WW-B01-339D-0-00WW-B01-update.zip), I'm running the China Version of the device and I can't do the OTA's I'm currently at WW 3.39B November 2018 (B2N-339B-0-00WW-B03-222R-0-00WW-B01-update.zip) Full ROM...

100% - The Titan M Chip is in charge of Secure Boot and doing TIMA like Integrity Checking. At least from what I've seen

Debatable, SELinux is a must have for any daily driver, it's literally what will stop other applications from doing things they shouldn't be able to.

The developers haven't open sourced it, so you're at the mercy of that specific developer. If it were open, people could update it.

Does anyone know where the sources are for this? You're building on Linux Lunch menu... pick a combo: 1. nitrogen_oneplus3-userdebug 2. nitrogen_oneplus3-eng

Also why did you disable FBE? It's enabled by default on phh's build? There's literally no encryption by default on this build.

Also, I can't seem to compile this? Anyone know where the makefiles are for the 4X? [email protected]:~/android$ lunch aosp_santoni-user build/core/product_config.mk:237: *** Can not locate config makefile for product "aosp_santoni". Stop. Device santoni not found. Attempting to...

Is there a reason SELinux is permissive?

Yeah I've confirmed it's GREEN and RED only. It's annoying because AVB 2.0 has some really neat functionality.

Does anyone know if SDM845 forces avbtool to be used for signing boot images?

No, I've tried multiple times, it goes directly into RED mode, looking at UART Logs, it looks like they've elected not to use Verified Boot 2.0, I think they're using the old VB1 signing process.

Hey Guys, Has anyone managed to build a user target GSI? Meaning not a userdebug system build?

Thank you, Jesus it's a rigamarole unlocking this thing...

Hello. Is it possible to "re-lock" the bootloader with a different boot image loaded? Typically this results in "YELLOW" mode where the bootloader _is_ locked, and will display a fingerprint of the boot.img I'm terrified re-locking will result in having to unlock again, we all know unlocking...

I don't think there's a Firehose image for this device out yet, even if you find the pads, you won't be able to do anything.

I can't seem to interrupt uboot when booting, do you know if Xaomi changed the uboot interrupt key?

Woot! Nice work! So you've managed to boot into a Debian build? Damn nice work! Do you know if its possible to do that without having access to Android in the first place? Like from UBOOT?

I haven't looked at that yet, I don't really have any expirence playing with AMLogic SoCs, you can boot via USB? This would actually work if you can as I have boot.img and system...

It turns out JTAG is enabled according to the Android dmesg log, this could mean a neat little BootROM dump...

You can hook the TX and RX lines into the 3.5mm headphone jack for easy UART use. See attached

Hey Guys, I've been tinkering with my MI Box as I've been having packet loss issues with it, long story short its bricked, here is the bootlog + UART Pins if anyone is interested: Boot Log: TE: 98645 BL2 Built : 18:13:36, Jun 17 2016. gxl g176ecdb - [email protected] rn5t567_power_init...

I'd assume someone's gotten their hands on an engineering hammerhead device.

Hey Guys, I recently discovered how to network unlock this device by editing files in /persist Check it out here: https://blog.onedefence.com/unlock-telstras-huawei-y5-y560#pk_campaign=xda Cheers!

It was my understanding Mifare would have some protections aginst this sort of attack, if the Proxmark guys couldn't figure it out yet, I doubt this would work For reference: http://www.proxmark.org/forum/viewforum.php?id=31

I get the same result on vbox, I think they've introduced anti virtualization or something, try install Windows 7 on native hardware.

Oh nice, thanks :D

Could I ask where you obtained the unbrick package from? Was it OPPO?

[please delete]

Yeah that's not the file. Would you be able to disclose how you were able to obtain the elf?

I agree, physical access on a device all bets are off, you're getting into the device. After you tear the entire device down, physically extract the flash risking physically breaking it, firehose gives anyone the ease and speediness of backdooring or extracting data. This requires skill, time...

You know you've done a good job with Security when the only way is decapping the SoC, its about making it hard, making it so Governments can't setup a laptop at an Airport and swap out your kernel in less than 5 seconds. The other methods you've described here would require you to physical open...

Great Questions! The risk is someone can load malicious firmware onto the device, and hand it back to you, perhaps at an Airport or if you lost your device. I'm not entirely sure if this device has Full Disk Encryption enabled by default, I don't think it does, meaning someone can pull the...

If anyone else can see the same concerns I have, I've written up a quick post about it I think more discussion around this is needed.

I can't see how this isn't 'on topic'.

Unfortunately that's not the way it works. These certs can't be revoked.

So, what. Cripple the Security built around every Axon 7? The implication trumps the 'ease of restoration' Literally any Government, any Private Company can now replace your recovery with TWRP and extract all of your data. If you're got an issue with the device, I'm sure you can post it back...

Once again, that's what Customer Support is for, there's no need for anyone to have this signed software.

I was able to extract it out, see http://forum.xda-developers.com/showpost.php?p=68340674&postcount=197 How did he get the signed firehose? It should't be released OTA. How do OEMs allow people to have a signed firehose? It circumvents bootloader protections such as wiping on oem unlock, thus...

Hey Guys, I managed to get root, then tried to dd twrp to the recovery partition, no go, shes now a brick, I was able to grab a few things from the kernel image however: default.prop fstab:

No worries I was able to extract the mbn out from the app, though you should release the source, keep software open. How did you get a hold of the signed firehose image? It shouldn't be released OTA? The Cert checks out SW_ID = 0x3h being a fiirehose image.

-- Removed Massive Annoying Quote -- Can you please release the firehose mbn?

Is there anymore to this? Its signed by ZTE so it should work on any phone, we should be able to copy the OTA to the sdcard, then use their recovery to apply the update, WITHOUT providing your details.

Has anyone captured the new ABOOT OTA allowing unlocking? If so please share it so we can check if its voiding any warranty. It looks like they've added in the ability to unlock and signed an ABOOT image then OTA'ed it.

SBL1 Cert Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: C=CN, ST=CA, L=ShangHai, OU=SMP, O=ZTE, CN=ZTE Signing CA Validity Not Before: Oct 9 19:04:36 2015 GMT Not...

Ah yeah, this is Android's new ABOOT, allowing the user to sign their own boot.img kernels? I think they did this to disable Android Pay if you've unlocked the bootloader? Yeah it depends on ZTE, they could have just chosen with a vanilla LK/ABOOT

This is a bit of a cop out, procedures do exist where if you unlock the device, it will 'blow' a fuse thus permanently voiding the warranty, all OEMs should be providing this option, the worst vendor I've ever experienced is Motorola.

Yeah, first time in the states! Pretty excited about it, I'm a Researcher, hopefully talking next year! Cheers!

It depends on how well they've written their software, I'm seeing 'Secret key is invalid, please update the bootloader with secret key' in ABOOT, so it looks like they may have the same get up as Motorola where you request a key and unlock it with that, I haven't been able to match this string...

Sometimes vendors have secret fastboot commands, or their recovery dosen't check what you've provided to it, I have a massive flight to BlackHat coming up so I know what I'll be doing on the flight