[dev]ota rom decrypt tool is READY![1/6 update][open source]

Search This thread
By:
Advanced…
R

<robin>

Senior Member
Jun 12, 2012
124
92
Update 1/6:New version,faster and smaller
Download win32 exe:View attachment desklunvr.7z
Download source codeView attachment XOR.7z


------------------------------------------
since sill not find key to decrypt rom,
i'am try to port that code to c++,so it can be run on windows

1,de-compile code to asm code by ida pro
get code like this
Code: 
.text:000224F6                 SUB             SP, SP, #0x5C
.text:000224F8                 LDR             R4, loc_228DC
.text:000224FA                 ADD             R4, PC
.text:000224FC                 STR             R0, [SP,#0xC]
.text:000224FE                 STR             R1, [SP,#8]
.text:00022500                 STR             R2, [SP,#4]

2,change asm code to c++ code
Code: 
/*224F6*/                  SUB             (SP, SP, 0x5C);
/*224F8*/                  LDRx            (R4, 0x228DC);
/*224FA*/                  ADD             (R4, 0x224FA+8+DLL);//PC,
/*224FC*/                  STR             (R0, SP,0xC);
/*224FE*/                  STR             (R1, SP,8);
/*22500*/                  STR             (R2, SP,4);
and define
Code: 
void SUB		(u32 &a,u32 b,u32 c) {a=b-c;}
void LDRx		(u32 &a,u32 b) {a=b;}
void ADD		(u32 &a,u32 b) {a+=b;}
void STR		(u32 a,u32 b,u32 c) {pu32 p=(pu32)(b+c);*p=a;}

3,run c++ code on windows


by now,step 2 is finish,and can run by vc 6,
but some thing wrong in code convert,the result not right
still study asm syntax....
 
Last edited:
  • Like
Reactions: mirhl, alaszlo, NerdiX and 13 others
R

<robin>

Senior Member
Jun 12, 2012
124
92
here is is newer version.the code goes well,

automagic run same as in tablet(the begain 16 loop)
descramble not got error.

but function ok is only half.i don't know the param for it
so no right input,no right output...

is it possable to trace in recovery mode?
 
Last edited:
  • Like
Reactions: mstfyounis and stifilz
R

<robin>

Senior Member
Jun 12, 2012
124
92
:fingers-crossed::fingers-crossed::fingers-crossed::fingers-crossed:
after condi great help,my code success decode the first 4 byte of stock rom!
2.JPG
will fix code to final publish
good night!:cowboy:
 
  • Like
Reactions: tmkhoa, alaszlo, kidmoneys and 4 others
R

<robin>

Senior Member
Jun 12, 2012
124
92
Finish!
the decrypt tool is READY!
decrypt rom in windows,no need link to tablet!

USE:
just unzip the file to any dir,
drag ota rom to the exe icon
output will same dir as rom file,name append "_desklunvr"

can set output name by cmd line,no param for help

build win32 exe
2.jpg
1.JPG
source code(vc6)
 
Last edited:
  • Like
Reactions: tmkhoa, alaszlo, devSlashDude and 8 others
stifilz

stifilz

Senior Member
Jan 9, 2012
1,836
1,175
NZ
  • Like
Reactions: kidmoneys
stifilz

stifilz

Senior Member
Jan 9, 2012
1,836
1,175
NZ
condi said:
oh yeah.... BRILLIANT WORK!!! CONGRATULATIONS!
im happy to have you here :) :)
Click to expand...
Click to collapse

Guys any way to reverse the effect? i.e. encryption? Like custom rom but fully SONY signed?

That would be sick....

We could pre-root non rootable devices?

Or am I dreaming

Stifilz
 
C

condi

Senior Member
Feb 13, 2007
744
989
Ostrów Wielkopolski
condiecu.pl
stifilz said:
Guys any way to reverse the effect? i.e. encryption? Like custom rom but fully SONY signed?

That would be sick....

We could pre-root non rootable devices?

Or am I dreaming

Stifilz
Click to expand...
Click to collapse

decrypting/encrypting zip is one thing, another thing is signing modified zip.
So unfortunatelly - no, not just yet ;)

But its a BIG THING, GREAT TOOL, which will help us,
when Jelly Bean will be released.
Even if we all gonna have locked recovery (no decrypt via AiO),
then we will be able to decrypt zip updates,
and I will be able to make prerooted fws for FLASHER :)

Today is a good day :cool:
 
Last edited:
  • Like
Reactions: kulen
M

mithudas

Member
Nov 10, 2012
11
1
Very noob of me but does this mean we would see some custom roms as the otas could be decrypt ed
 
S

sciux

Senior Member
Jul 25, 2011
81
57
Samsung Galaxy S21 Ultra
Well done good job!!
I know the community of Sony tablets is pretty small so these sort of improvements are always extremely welcome!

Sent from my GT-N7100 using xda premium
 
stifilz

stifilz

Senior Member
Jan 9, 2012
1,836
1,175
NZ
<robin> said:
Update 1/6:New version,faster and smaller
Download win32 exe:View attachment 1620856
Download source codeView attachment 1620865


------------------------------------------
since sill not find key to decrypt rom,
i'am try to port that code to c++,so it can be run on windows

1,de-compile code to asm code by ida pro
get code like this
Code: 
.text:000224F6                 SUB             SP, SP, #0x5C
.text:000224F8                 LDR             R4, loc_228DC
.text:000224FA                 ADD             R4, PC
.text:000224FC                 STR             R0, [SP,#0xC]
.text:000224FE                 STR             R1, [SP,#8]
.text:00022500                 STR             R2, [SP,#4]

2,change asm code to c++ code
Code: 
/*224F6*/                  SUB             (SP, SP, 0x5C);
/*224F8*/                  LDRx            (R4, 0x228DC);
/*224FA*/                  ADD             (R4, 0x224FA+8+DLL);//PC,
/*224FC*/                  STR             (R0, SP,0xC);
/*224FE*/                  STR             (R1, SP,8);
/*22500*/                  STR             (R2, SP,4);
and define
Code: 
void SUB		(u32 &a,u32 b,u32 c) {a=b-c;}
void LDRx		(u32 &a,u32 b) {a=b;}
void ADD		(u32 &a,u32 b) {a+=b;}
void STR		(u32 a,u32 b,u32 c) {pu32 p=(pu32)(b+c);*p=a;}


3,run c++ code on windows


by now,step 2 is finish,and can run by vc 6,
but some thing wrong in code convert,the result not right
still study asm syntax....
Click to expand...
Click to collapse

I have been playing around with the new recovery <3e> and I tried to use a non Sony zip (it was a @condi old skewl signed update zip) and instead of it saying can not verify whole signature etc, it says ".zip is not sklunvred" so is is possible to reverse this process and try to flash a zip? @<robin> It may not need to be fully Sony signed anymore and may just need to be sklunvred!
Just an Idea :D

Stifilz
 
You must log in or register to reply here.

Similar threads

C
S.onyTablet.S v6.5 [ALLinONE] - new: Update OEM Apps! automatic ICS ROOT!, JB ROOT!
Replies
2K
Views
822K
T
tomvh1
bubby323
[DEV] Sony Tablet S Rooting and Hacking Progress // Lets do this.
Replies
268
Views
133K
sankedcw
sankedcw
D
How to Root the Sony Tablet S
Replies
222
Views
240K
Dansen48
Dansen48
stifilz
Jelly Bean Update Links XTS and Tablet S/P R5A :D
Replies
455
Views
225K
S
skiller1213
xperiax10.awesome
ICS Updates Zip Added, Countries/Region where ICS is available for Sony Tablet S
Replies
316
Views
92K
gavster26
gavster26

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 16
    R
    <robin>
    Update 1/6:New version,faster and smaller
    Download win32 exe:View attachment desklunvr.7z
    Download source codeView attachment XOR.7z


    ------------------------------------------
    since sill not find key to decrypt rom,
    i'am try to port that code to c++,so it can be run on windows

    1,de-compile code to asm code by ida pro
    get code like this
    Code: 
    .text:000224F6                 SUB             SP, SP, #0x5C
.text:000224F8                 LDR             R4, loc_228DC
.text:000224FA                 ADD             R4, PC
.text:000224FC                 STR             R0, [SP,#0xC]
.text:000224FE                 STR             R1, [SP,#8]
.text:00022500                 STR             R2, [SP,#4]

    2,change asm code to c++ code
    Code: 
    /*224F6*/                  SUB             (SP, SP, 0x5C);
/*224F8*/                  LDRx            (R4, 0x228DC);
/*224FA*/                  ADD             (R4, 0x224FA+8+DLL);//PC,
/*224FC*/                  STR             (R0, SP,0xC);
/*224FE*/                  STR             (R1, SP,8);
/*22500*/                  STR             (R2, SP,4);
    and define
    Code: 
    void SUB		(u32 &a,u32 b,u32 c) {a=b-c;}
void LDRx		(u32 &a,u32 b) {a=b;}
void ADD		(u32 &a,u32 b) {a+=b;}
void STR		(u32 a,u32 b,u32 c) {pu32 p=(pu32)(b+c);*p=a;}

    3,run c++ code on windows


    by now,step 2 is finish,and can run by vc 6,
    but some thing wrong in code convert,the result not right
    still study asm syntax....
    View
    11
    R
    <robin>
    Finish!
    the decrypt tool is READY!
    decrypt rom in windows,no need link to tablet!

    USE:
    just unzip the file to any dir,
    drag ota rom to the exe icon
    output will same dir as rom file,name append "_desklunvr"

    can set output name by cmd line,no param for help

    build win32 exe
    2.jpg
    1.JPG
    source code(vc6)
    View
    7
    R
    <robin>
    :fingers-crossed::fingers-crossed::fingers-crossed::fingers-crossed:
    after condi great help,my code success decode the first 4 byte of stock rom!
    2.JPG
    will fix code to final publish
    good night!:cowboy:
    View
    2
    R
    <robin>
    here is is newer version.the code goes well,

    automagic run same as in tablet(the begain 16 loop)
    descramble not got error.

    but function ok is only half.i don't know the param for it
    so no right input,no right output...

    is it possable to trace in recovery mode?
    View
    1
    stifilz
    stifilz
    <robin> said:
    Finish!
    the decrypt tool is READY!
    decrypt rom in windows,no need link to tablet!

    USE:
    just unzip the file to any dir,
    drag ota rom to the exe icon
    output will same dir as rom file,name append "_desklunvr"

    can set output name by cmd line,no param for help

    build win32 exe
    View attachment 1618294

    View attachment 1618298

    View attachment 1618299
    source code(vc6)
    Click to expand...
    Click to collapse

    OMG AMAZING WORK :D

    WORKS A TREAT NZ R5a :D

    Stifilz
    View

New posts