please remove this thread

Status
Not open for further replies.
Search This thread

jerpelea

Senior Recognized Developer
Nov 7, 2006
7,455
40,145
263
Lund
sites.google.com
Progrss Sumary

1.dumped system.sin - ok
2.dumped root.sin - ok
3.dumped recovery.sin - ok
4.analise loader.sin - ok
5.created custom rom - ok (just recontructed dumped se rom)
6.flash tools for signed files - ok (now you can unbrick your device)
7.investigate recovery.sin - ok (is almost same as boot.sin)
8.developer loader.sin - searching (esential for unsigned files)
9.flash unsigned files - no (esential for root and custom roms)





Tested
1.all key combinations at boot
-left key during boot - safe mode
-right key during boot - 5 seconds into flash mode
2.service menu - in lock screen Menu, Back, Back, Menu, Back, Menu, Menu, Back
3.flashed boot.sin as recovery.sin - phone boots normaly and in safe mode
4.flashed broken recovery.sin - phone does not boot(! appears in yellow triangle)
 
Last edited:

jerpelea

Senior Recognized Developer
Nov 7, 2006
7,455
40,145
263
Lund
sites.google.com
tutorials & scripts

rip_loader_cert.sh
dd if=loader.sin bs=1 skip=54 count=446 > S1_Loader_Root_f851.cer
dd if=loader.sin bs=1 skip=503 count=128 > loader.hashRSA
dd if=loader.sin bs=1 skip=631 > loader.bin

extract-ramdisk.sh
dd if=boot.sin bs=1 skip=4916769>ramdisk.gz
mkdir boot.sin-ramdisk
cd boot.sin-ramdisk
gzip -d -c ../ramdisk.gz | cpio -i


rip_boot_cert.sh
dd if=boot.sin bs=1 skip=1272 count=438 > S1_SW_Root_ac120.cer
dd if=boot.sin bs=1 skip=1713 count=128 > boot.hashRSA
openssl asn1parse -in S1_SW_Root_ac120.cer -inform der
openssl x509 -in S1_SW_Root_ac120.cer -inform der -text
openssl x509 -in S1_SW_Root_ac120.cer -inform der -pubkey -noout > S1_SW_Root_ac120.pub
openssl rsautl -in boot.hashRSA -out boot.hash -inkey S1_SW_Root_ac120.pub -verify -pubin
openssl asn1parse -in boot.hash -inform der

rip_boot_cert2.sh
dd if=boot.sin bs=1 skip=2088 count=438 > S1_SW_Root_ac120b.cer
openssl asn1parse -in S1_SW_Root_ac120b.cer -inform der
openssl x509 -in S1_SW_Root_ac120b.cer -inform der -text
openssl x509 -in S1_SW_Root_ac120b.cer -inform der -pubkey -noout > S1_SW_Root_ac120b.pub
 
Last edited:

funfobia

Senior Member
Dec 4, 2006
50
0
0
So flashing one of these roms with setool should work and therefore give us root access if so i will do it now.

no krazyd007 those are original from decrypt from SEUS

Will wait for your next release jerpelea keep your work on.
I will try flash your mod until my X10 root!

Cheer!
 

mobilezonerm

Senior Member
Dec 5, 2007
53
13
0
no krazyd007 those are original from decrypt from SEUS

Will wait for your next release jerpelea keep your work on.
I will try flash your mod until my X10 root!

Cheer!

i will also wait for a working boot.sin :)
(i think that the problem is in internals flash file signature ex; security hash,crc control or a bit mismatch, if u know the engine of setool it flash the firmware,original and decrypted, whit online signature, but i hope that also every single file on firmware has his "signature")
 

instigator008

Senior Member
Jan 23, 2010
719
40
0
Mississauga
Re: DECRYPTED X10 ROMS and TUTORIALS - DEVELOPPMENT ONLY

What I take away from all this is that nothing has actually been successfully rooted. Please correct me if I am wrong. Twitter and blogs are going nuts with "x10 rooted" stories but it looks to me that that claim is premature at best. No disrespect meant just trying to clarify.
 

lifeflayer

Senior Member
Aug 19, 2009
166
3
0
Hmm so it ended up being 1024bit RSA instead of 2048bit RSA. Will it do the bruteforce attack when you flash like the old old SE-TOOLS with k790a era phones?
 

jossgray

Member
Mar 28, 2009
30
0
0
Hmm so it ended up being 1024bit RSA instead of 2048bit RSA. Will it do the bruteforce attack when you flash like the old old SE-TOOLS with k790a era phones?

i dont think so, the only known method to crack 1024bit RSA is to have access to the system with the private key, and a big computer cluster.
 

biktor_gj

Senior Member
Jan 25, 2008
1,408
7,003
0
It would take ages to bruteforce the signing...
I was wondering on another approach...

1) How does this things get the flash over the air? It can do software updates from the phone itself. Anyone, who hasn't debranded their phone (so it still updates through SEUS) could check where it goes and what does it get?
2) We still have the install server, drm inter process communication server, and some kernel modules running as root interacting with the userland (touchscreen, keyboard)... maybe there's a hole there and we haven't seen it? If we can get root access we can rip the entire flash chip to a file then find where to patch the bootloader so it doesn't need signing... anyone knows ARM asm?
 

jerpelea

Senior Recognized Developer
Nov 7, 2006
7,455
40,145
263
Lund
sites.google.com
It would take ages to bruteforce the signing...
I was wondering on another approach...

1) How does this things get the flash over the air? It can do software updates from the phone itself. Anyone, who hasn't debranded their phone (so it still updates through SEUS) could check where it goes and what does it get?
2) We still have the install server, drm inter process communication server, and some kernel modules running as root interacting with the userland (touchscreen, keyboard)... maybe there's a hole there and we haven't seen it? If we can get root access we can rip the entire flash chip to a file then find where to patch the bootloader so it doesn't need signing... anyone knows ARM asm?

can be done after we find jtag pins and we need 1000+ usd hardware
 
Status
Not open for further replies.

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    Hi All,

    I am having some issues with the X10a files.
    I have downloaded and have tried to extract:
    X10a_2_0_A_0_504_GLOBAL
    WWE_R1FA014
    WWE_R1FB001

    When I try and unpack the files they all have errors or come up as being corrupt.

    Is it just me or am I missing something??
    Firstly download the files again and make sure the download completed fully. Secondly, if you are using Winrar to extract the files try using 7-Zip to instead. I have had errors when using winrar before but then tried 7-zip and they extracted fine.
    1
    The mediafire link is not working...

    you have those files on first post
    1
    Hi,

    Wanted to rebrand my X10 with the stock ATT1.6 due to having to bring back the phone to ATT for service. Could anybody pls help me with instruction on how I could go about doing that. Thanks. I was able to find a decrypted ATT 1.6, but that did not look anything like what the 2.1 looks like. Please help. Thanks

    stony
    You need X10Flash_ATT_Unbrick.
    It has the correct flash tool and firmware. Search is down and do not have link saved.
    1
    Sorry, this has been answered I'm sure but the search doesn't find me the info I'm looking for.

    What's the difference between the X10a_2_0_A_0_504_GLOBAL and the X10a_2_0_2_A_0_24_GLOBAL.

    Which one for Rogers?

    Thanks

    They are both compatible on the Rogers network. Version X10a_2_0_2_A_0_24 is newer. Use that one.
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone