• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!
  • Fill out your device list and let everyone know which phones you have!    Edit Your Device Inventory

A pure C implementation of 'cuber' using OpenSSL's BigNum library

Search This thread

draxie

Senior Member
Apr 20, 2014
497
605
In case anybody cares, here's a pure C reimplementation of 'cuber.py'
(my own earlier reimplementation of @vortox's signature.py).
This is what I'm using in my '1-Click' bootloader unlock VM...
See 'grep ^gcc' for "build instructions". ;)

Hack, you can probably build this for ARM and run it right on your very HDX tablet... (-;

UPDATE (JanuaryFebruary 2017):
OK; so, @zivimo had built this for ARM, but people still haven't noticed.

I repacked his binary from a .tar.gz to a .zip archive and decided to spell out the instructions for use.
Perhaps, this helps... With the right bootloader in place, and adb/fastboot installed (and working),
the unlock is as easy as follows...
  1. Download and extract unlock.zip (SHA256: e40e3010f8eccfa9cbd1e73eecac30cf799099d183de23b2d256fc3407f143f6e5db0b8d82c8fd2a25a22b0a598014d22a2ec33cef27a8d4b65a36acde08f27a)
    to the same directory that holds the adb and fastboot executables (unless you have added them to your PATH)
  2. Click on get_code.bat in the extracted folder
  3. -- optional (but commonly required) step(s) --
    fix root (roll back, if you need to), flash vulnerable bootloader
    [you'll definitely need to perform at least some of these if the last step fails]
  4. Click on unlock.bat in the extracted folder

The archive also includes .sh variants of the .bat files for convenience.
You could also just click to show the hidden section and cut&paste... (-;

Code:
[STRIKE]unzip cuber.zip[/STRIKE]
adb push cuber /data/local/tmp/
adb shell chmod 0755 /data/local/tmp/cuber
adb shell 'id=$(cat /sys/class/block/mmcblk0/device/{manfid,serial}); echo "$id"; echo 0x${id:6:2}${id:11:8} | /data/local/tmp/cuber > /sdcard/unlock.code'
adb pull /sdcard/unlock.code
adb shell rm /sdcard/unlock.code /data/local/tmp/cuber
adb reboot-bootloader
fastboot -i 0x1949 flash unlock unlock.code
NOTE: download and extract the attached 'cuberunlock.zip' and run the above commands
in the directory where 'cuber' got extracted to.
 

Attachments

  • cuber.c
    2.6 KB · Views: 663
  • unlock.zip
    282.3 KB · Views: 13,844
Last edited:

zivimo

Member
Nov 24, 2008
12
3
hey,

made a static compile with an arm debian (jessie). seemed the easiest solution to me. compile command:
Code:
# gcc -fPIE -static cuber.c -o cuber -lssl -lcrypto
# strip cuber
# ldd cuber
        not a dynamic executable
# ./cuber
Usage: cuber [RSA-bytes] < data > sig

seems to work. arm(!) binary attached.
 

Attachments

  • cuber.tar.gz
    281.1 KB · Views: 227
  • Like
Reactions: draxie

chin_bone

Member
Feb 9, 2016
29
12
Michigan, USA
ok draxie, you pointed me here but something seems to be missing. i downloaded unlock.zip, put the files in my adb directory. when i run get_code.bat, it pushes cuber to the kindle in the right directory, changes permissions (dont see any errors there) but then stops saying the system can't find the specified path. Whats funny is i used es file explorer to check the paths in the script, and they are there so not sure where the hang up is.
 

draxie

Senior Member
Apr 20, 2014
497
605
ok draxie, you pointed me here but something seems to be missing. i downloaded unlock.zip, put the files in my adb directory. when i run get_code.bat, it pushes cuber to the kindle in the right directory, changes permissions (dont see any errors there) but then stops saying the system can't find the specified path. Whats funny is i used es file explorer to check the paths in the script, and they are there so not sure where the hang up is.

Did you check all three paths?

  • /data/local/tmp
  • /sdcard
  • /sys/class/block/mmcblk0

The 2nd one _may_ be problematic if you're on SafeStrap.
I don't know why. I'm yet to install that on one of my test
devices to investigate. (Or, was that the 1st... ;))

The 0 in the 3rd one may actually be a 1 on some systems.
I have a few extra lines in my VM script to work around
that, I can easily add that here as well, if that turns out
to be the issue.

BUT, to try and troubleshoot: how far does the script get?
If it didn't complain with the permissions, the 1st path is probably OK.

Does it print your manfid/serial?
If so, mmcblkX would be right as well.

Any chance that you're on SafeStrap?
Can you push/pull to/from /sdcard?

- - - - -
On a second thought: I've only ever tested this on Linux.
String quoting on Windows may work differently, and could *royally* mess up how that more complex command is interpreted.
I'll test tomorrow; it's like 20 past 1am here. I need to get some sleep.
In the meantime, as a workaround, you could just hard-code your manfid/serial, and replace this line:
Code:
adb shell 'id=$(cat /sys/class/block/mmcblk0/device/{manfid,serial}); echo "$id"; echo 0x${id:6:2}${id:11:8} | /data/local/tmp/cuber > /sdcard/unlock.code'
by the decidedly much simpler:
Code:
adb shell 'echo 0xmmssssssss | /data/local/tmp/cuber > /sdcard/unlock.code'
 
Last edited:
  • Like
Reactions: DB126 and chin_bone

chin_bone

Member
Feb 9, 2016
29
12
Michigan, USA
Did you check all three paths?

  • /data/local/tmp
  • /sdcard
  • /sys/class/block/mmcblk0

The 2nd one _may_ be problematic if you're on SafeStrap.
I don't know why. I'm yet to install that on one of my test
devices to investigate. (Or, was that the 1st... ;))

The 0 in the 3rd one may actually be a 1 on some systems.
I have a few extra lines in my VM script to work around
that, I can easily add that here as well, if that turns out
to be the issue.

BUT, to try and troubleshoot: how far does the script get?
If it didn't complain with the permissions, the 1st path is probably OK.

Does it print your manfid/serial?
If so, mmcblkX would be right as well.

Any chance that you're on SafeStrap?
Can you push/pull to/from /sdcard?

- - - - -
On a second thought: I've only ever tested this on Linux.
String quoting on Windows may work differently, and could *royally* mess up how that more complex command is interpreted.
I'll test tomorrow; it's like 20 past 1am here. I need to get some sleep.

It's all good draxie, i figured out what i was doing wrong with the other procedure, that damn STEP 2, once i did it, everything fell into place. Bootloader unlocked and now just trying to figure out which rom to try first. Thanks again, you guys are great and i know how valuable everyones time is. :good:
 
I keep hitting road blocks, I am rooted and on Fire OS 4.5.5.2 I click get code a screen flashes up then I click Unlock and my Kindle boots to the Grey Kindle screen with Fastboot underneath and nothing else happens. Same happens when I copy and past the code into ADB. What step am I failing at? Thanks for the help!
 

DB126

Senior Member
Oct 15, 2013
15,263
10,043
I keep hitting road blocks, I am rooted and on Fire OS 4.5.5.2 I click get code a screen flashes up then I click Unlock and my Kindle boots to the Grey Kindle screen with Fastboot underneath and nothing else happens. Same happens when I copy and past the code into ADB. What step am I failing at? Thanks for the help!
@draxie - I have no experience with this tool; python/gmpy2 works reliably for me. Sorry to pull you in ...
 

draxie

Senior Member
Apr 20, 2014
497
605
I am up and running now, unlocked and running kk-fire-nexus-rom-thor-20161017. Play store is also up and running.

Did you end up using some other method, or did these scripts work for you in the end?
Either way, others may find useful if you could share whatever worked for you. (-;
Unfortunately, I still haven't had a chance to test these scripts in Windows;
so, I couldn't answer your first call for help in a good way. If there's something
wrong and there's enough interest, I'll be happy to fix it as soon as I can.
 
Did you end up using some other method, or did these scripts work for you in the end?
Either way, others may find useful if you could share whatever worked for you. (-;
Unfortunately, I still haven't had a chance to test these scripts in Windows;
so, I couldn't answer your first call for help in a good way. If there's something
wrong and there's enough interest, I'll be happy to fix it as soon as I can.

@stangri did my unlock file and I used this thread to unlock https://forum.xda-developers.com/kindle-fire-hdx/general/thor-unlocking-bootloader-firmware-t3463982
I had trouble making the Unlock file, once that was done and some help from other users I am now up and running!
 
  • Like
Reactions: draxie

Top Liked Posts

  • There are no posts matching your filters.
  • 5
    In case anybody cares, here's a pure C reimplementation of 'cuber.py'
    (my own earlier reimplementation of @vortox's signature.py).
    This is what I'm using in my '1-Click' bootloader unlock VM...
    See 'grep ^gcc' for "build instructions". ;)

    Hack, you can probably build this for ARM and run it right on your very HDX tablet... (-;

    UPDATE (JanuaryFebruary 2017):
    OK; so, @zivimo had built this for ARM, but people still haven't noticed.

    I repacked his binary from a .tar.gz to a .zip archive and decided to spell out the instructions for use.
    Perhaps, this helps... With the right bootloader in place, and adb/fastboot installed (and working),
    the unlock is as easy as follows...
    1. Download and extract unlock.zip (SHA256: e40e3010f8eccfa9cbd1e73eecac30cf799099d183de23b2d256fc3407f143f6e5db0b8d82c8fd2a25a22b0a598014d22a2ec33cef27a8d4b65a36acde08f27a)
      to the same directory that holds the adb and fastboot executables (unless you have added them to your PATH)
    2. Click on get_code.bat in the extracted folder
    3. -- optional (but commonly required) step(s) --
      fix root (roll back, if you need to), flash vulnerable bootloader
      [you'll definitely need to perform at least some of these if the last step fails]
    4. Click on unlock.bat in the extracted folder

    The archive also includes .sh variants of the .bat files for convenience.
    You could also just click to show the hidden section and cut&paste... (-;

    Code:
    [STRIKE]unzip cuber.zip[/STRIKE]
    adb push cuber /data/local/tmp/
    adb shell chmod 0755 /data/local/tmp/cuber
    adb shell 'id=$(cat /sys/class/block/mmcblk0/device/{manfid,serial}); echo "$id"; echo 0x${id:6:2}${id:11:8} | /data/local/tmp/cuber > /sdcard/unlock.code'
    adb pull /sdcard/unlock.code
    adb shell rm /sdcard/unlock.code /data/local/tmp/cuber
    adb reboot-bootloader
    fastboot -i 0x1949 flash unlock unlock.code
    NOTE: download and extract the attached 'cuberunlock.zip' and run the above commands
    in the directory where 'cuber' got extracted to.
    2
    ok draxie, you pointed me here but something seems to be missing. i downloaded unlock.zip, put the files in my adb directory. when i run get_code.bat, it pushes cuber to the kindle in the right directory, changes permissions (dont see any errors there) but then stops saying the system can't find the specified path. Whats funny is i used es file explorer to check the paths in the script, and they are there so not sure where the hang up is.

    Did you check all three paths?

    • /data/local/tmp
    • /sdcard
    • /sys/class/block/mmcblk0

    The 2nd one _may_ be problematic if you're on SafeStrap.
    I don't know why. I'm yet to install that on one of my test
    devices to investigate. (Or, was that the 1st... ;))

    The 0 in the 3rd one may actually be a 1 on some systems.
    I have a few extra lines in my VM script to work around
    that, I can easily add that here as well, if that turns out
    to be the issue.

    BUT, to try and troubleshoot: how far does the script get?
    If it didn't complain with the permissions, the 1st path is probably OK.

    Does it print your manfid/serial?
    If so, mmcblkX would be right as well.

    Any chance that you're on SafeStrap?
    Can you push/pull to/from /sdcard?

    - - - - -
    On a second thought: I've only ever tested this on Linux.
    String quoting on Windows may work differently, and could *royally* mess up how that more complex command is interpreted.
    I'll test tomorrow; it's like 20 past 1am here. I need to get some sleep.
    In the meantime, as a workaround, you could just hard-code your manfid/serial, and replace this line:
    Code:
    adb shell 'id=$(cat /sys/class/block/mmcblk0/device/{manfid,serial}); echo "$id"; echo 0x${id:6:2}${id:11:8} | /data/local/tmp/cuber > /sdcard/unlock.code'
    by the decidedly much simpler:
    Code:
    adb shell 'echo 0xmmssssssss | /data/local/tmp/cuber > /sdcard/unlock.code'
    2
    I keep hitting road blocks, I am rooted and on Fire OS 4.5.5.2 I click get code a screen flashes up then I click Unlock and my Kindle boots to the Grey Kindle screen with Fastboot underneath and nothing else happens. Same happens when I copy and past the code into ADB. What step am I failing at? Thanks for the help!
    @draxie - I have no experience with this tool; python/gmpy2 works reliably for me. Sorry to pull you in ...
    1
    hey,

    made a static compile with an arm debian (jessie). seemed the easiest solution to me. compile command:
    Code:
    # gcc -fPIE -static cuber.c -o cuber -lssl -lcrypto
    # strip cuber
    # ldd cuber
            not a dynamic executable
    # ./cuber
    Usage: cuber [RSA-bytes] < data > sig

    seems to work. arm(!) binary attached.
    1
    @draxie - I have no experience with this tool; python/gmpy2 works reliably for me. Sorry to pull you in ...
    I am up and running now, unlocked and running kk-fire-nexus-rom-thor-20161017. Play store is also up and running.